Finding entry points Branch analysis from position: 0 2 jumps found. (Code = 43) Position 1 = 15, Position 2 = 133 Branch analysis from position: 15 1 jumps found. (Code = 42) Position 1 = 143 Branch analysis from position: 143 1 jumps found. (Code = 62) Position 1 = -2 Branch analysis from position: 133 1 jumps found. (Code = 62) Position 1 = -2 filename: /in/5GEd3 function name: (null) number of ops: 144 compiled vars: !0 = $ntlmpacket, !1 = $B, !2 = $dLen, !3 = $dOff, !4 = $uLen, !5 = $wLen, !6 = $start, !7 = $end line #* E I O op fetch ext return operands ------------------------------------------------------------------------------------- 2 0 E > INIT_FCALL 'mb_convert_encoding' 1 INIT_FCALL 'base64_decode' 2 SEND_VAL 'TlRMTVNTUAACAAAADgAOADgAAAAVgoniFvduRcv1%2Fb4AAAAAAAAAAJYAlgBGAAAABgGxHQAAAA9IAE8AUwBUAEkATgBHAAIADgBIAE8AUwBUAEkATgBHAAEAEABIAC0AQQBQAFAANAAyADMABAAWAGgAbwBzAHQAaQBuAGcALgBzAGMAYQADACgAaAAtAGEAcABwADQAMgAzAC4AaABvAHMAdABpAG4AZwAuAHMAYwBhAAUAFgBoAG8AcwB0AGkAbgBnAC4AcwBjAGEABwAIAHdK4ofuN9EBAAAAAA%3D%3D' 3 DO_ICALL $8 4 SEND_VAR $8 5 DO_ICALL $9 6 ASSIGN !0, $9 4 7 INIT_FCALL 'substr' 8 SEND_VAR !0 9 SEND_VAL 8 10 SEND_VAL 8 11 DO_ICALL $11 12 CAST 4 ~12 $11 13 IS_EQUAL ~12, 3 14 > JMPZ ~13, ->133 6 15 > INIT_FCALL 'substr' 16 SEND_VAR !0 17 SEND_VAL 28 18 SEND_VAL 51 19 DO_ICALL $14 20 ASSIGN !1, $14 8 21 INIT_FCALL 'substr' 22 SEND_VAR !1 23 SEND_VAL 0 24 SEND_VAL 0 25 DO_ICALL $16 26 CAST 4 ~17 $16 10 27 INIT_FCALL 'substr' 28 SEND_VAR !1 29 SEND_VAL 1 30 SEND_VAL 1 31 DO_ICALL $18 32 CAST 4 ~19 $18 33 MUL ~20 ~19, 256 34 ADD ~21 ~17, ~20 8 35 ASSIGN !2, ~21 12 36 INIT_FCALL 'substr' 37 SEND_VAR !1 38 SEND_VAL 4 39 SEND_VAL 4 40 DO_ICALL $23 41 CAST 4 ~24 $23 14 42 INIT_FCALL 'substr' 43 SEND_VAR !1 44 SEND_VAL 5 45 SEND_VAL 5 46 DO_ICALL $25 47 CAST 4 ~26 $25 48 MUL ~27 ~26, 256 49 ADD ~28 ~24, ~27 16 50 INIT_FCALL 'substr' 51 SEND_VAR !1 52 SEND_VAL 6 53 SEND_VAL 6 54 DO_ICALL $29 55 CAST 4 ~30 $29 56 MUL ~31 ~30, 65536 57 ADD ~32 ~28, ~31 18 58 INIT_FCALL 'substr' 59 SEND_VAR !1 60 SEND_VAL 7 61 SEND_VAL 7 62 DO_ICALL $33 63 CAST 4 ~34 $33 64 MUL ~35 ~34, 16777216 65 ADD ~36 ~32, ~35 12 66 ASSIGN !3, ~36 20 67 INIT_FCALL 'substr' 68 SEND_VAR !1 69 SEND_VAL 8 70 SEND_VAL 8 71 DO_ICALL $38 72 CAST 4 ~39 $38 22 73 INIT_FCALL 'substr' 74 SEND_VAR !1 75 SEND_VAL 9 76 SEND_VAL 9 77 DO_ICALL $40 78 CAST 4 ~41 $40 79 MUL ~42 ~41, 256 80 ADD ~43 ~39, ~42 20 81 ASSIGN !4, ~43 24 82 INIT_FCALL 'substr' 83 SEND_VAR !1 84 SEND_VAL 16 85 SEND_VAL 16 86 DO_ICALL $45 87 CAST 4 ~46 $45 26 88 INIT_FCALL 'substr' 89 SEND_VAR !1 90 SEND_VAL 17 91 SEND_VAL 17 92 DO_ICALL $47 93 CAST 4 ~48 $47 94 MUL ~49 ~48, 256 95 ADD ~50 ~46, ~49 24 96 ASSIGN !5, ~50 28 97 INIT_FCALL 'substr' 98 SEND_VAR !0 99 SEND_VAR !3 100 ADD ~52 !3, !2 101 SUB ~53 ~52, 1 102 SEND_VAL ~53 103 DO_ICALL $54 104 ADD ~55 'NTLM_Domain', $54 105 ECHO ~55 29 106 INIT_FCALL 'substr' 107 SEND_VAR !0 108 ADD ~56 !3, !2 109 SEND_VAL ~56 110 ADD ~57 !3, !2 111 ADD ~58 ~57, !4 112 SUB ~59 ~58, 1 113 SEND_VAL ~59 114 DO_ICALL $60 115 ADD ~61 'NTLM_User', $60 116 ECHO ~61 30 117 ADD ~62 !3, !2 118 ADD ~63 ~62, !4 119 ASSIGN !6, ~63 31 120 ADD ~65 !3, !2 121 ADD ~66 ~65, !4 122 ADD ~67 ~66, !5 123 SUB ~68 ~67, 1 124 ASSIGN !7, ~68 32 125 INIT_FCALL 'substr' 126 SEND_VAR !0 127 SEND_VAR !6 128 SEND_VAR !7 129 DO_ICALL $70 130 ADD ~71 'NTLM_Workstation', $70 131 ECHO ~71 132 > JMP ->143 35 133 > ECHO '%3A%28' 36 134 INIT_FCALL_BY_NAME 'dump' 135 INIT_FCALL 'substr' 136 SEND_VAR !0 137 SEND_VAL 8 138 SEND_VAL 8 139 DO_ICALL $72 140 SEND_VAR_NO_REF_EX $72 141 DO_FCALL 0 $73 142 ECHO $73 37 143 > > RETURN 1
Generated using Vulcan Logic Dumper, using php 8.0.0